In-Depth
Vendors Address Emerging Container Technology at KubeCon 2017 + CloudNativeCon 2017
During the first week of December, I was fortunate to have attended KubeCon + CloudNativeCon 2017 in Austin, Texas. Overall, the event was well done, and I found the keynotes and sessions informative, and even sometimes entertaining. One of the highlights of the conference for me, however, was being able to spend time talking with vendors after the keynotes and in between sessions. Here's a quick overview of my main takeaways from these discussions.
I had a chance to visit with a few different vendors whose focus was container security. In general, one of the sure signs that a technology is maturing and making inroads to the enterprise is that security becomes a top issue. Moreover, due to the dynamic nature of containers and their ability to scale, they present unique security challenges and, predictably, various companies have emerged to address these challenges.
Twistlock was one of the first companies to offer a container security solution; its product provides image and runtime protection for containers. Twistlock has an impressive solution, and an equally impressive list of reference customers who are using it to keep containers running in production secure.
Microsegmentation, a solution in which security policies follow a container regardless of where it's run, seems to be getting plenty of traction, and companies have emerged that provide microsegmentation for containers running on Kubernetes. Both Kublr and Tigera have products that each company claims provide microsegmentation to large enterprise customers. If you're serious about containers, and especially running containers in a production environment, you should first research how you can provide security to them.
Another interesting play that I think will be gaining traction over the next year is container-converged hardware appliances. I had a chance to visit with Diamanti, a company that offers a container appliance. Diamanti claims that by using its enterprise-grade container appliance you can have a Kubernetes solution running within 15 minutes after plugging it in. Diamanti appliances are 1U enterprise-grade servers powered by two Intel CPUs and use four NVMe drives for storage. Its software stack consists of Kubernetes and Docker running on CentOS. Along the same vein, I had a chance to talk with Ubuntu about its soon-to-be-released Kubernetes Cloud Native Platform that provides an Ubuntu-, Kubernetes- and Rancher-based bare-metal install software stack. I believe that some of the server vendors will probably end up using this container stack to offer their own container appliances.
One of the big surprises of the day was when I got to spend some time chatting with Oracle about containers. I was surprised to discover how committed to containers and Kubernetes Oracle seems to be. To give a few examples, the company joined the Cloud Native Computing Foundation (CNCF) as a Platinum Member, it was one of the first companies to pass the CNCF Certified Kubernetes Conformance Program, and it also has many offerings in its portfolio that provide or use Kubernetes. Interestingly enough, Oracle is one of the few large IT companies that offers a true single-company solution (hardware and software) in which you can run Kubernetes both on-premises and in the cloud. Most other IT companies have chosen to farm out their public cloud infrastructure to others, but Oracle runs its own. I'm not necessarily saying that this is good or bad, but it is interesting to me.
As a side note and as a final word, I, like most people, am new to Kubernetes and the container world; most of the day I felt like I was drinking from a firehose. Despite this, I found everyone at KubeCon to be understanding and willing to freely share information and insights with me. I would like to thank everyone that I talked to KubeCon for their patience and help in understanding this exciting technology.
About the Author
Tom Fenton has a wealth of hands-on IT experience gained over the past 30 years in a variety of technologies, with the past 20 years focusing on virtualization and storage. He previously worked as a Technical Marketing Manager for ControlUp. He also previously worked at VMware in Staff and Senior level positions. He has also worked as a Senior Validation Engineer with The Taneja Group, where he headed the Validation Service Lab and was instrumental in starting up its vSphere Virtual Volumes practice. He's on X @vDoppler.