The Docker and Container Ecosystem

Download as pdf or txt
Download as pdf or txt
You are on page 1of 131

1

vol.

THE

DOCKER &
CONTAINER
ECOSYSTEM
EDITED & CURATED BY ALEX WILLIAMS

The New Stack:


The Docker and Container Ecosystem eBook Series
Alex Williams, Founder & Editor-in-Chief
Benjamin Ball, Technical Editor & Producer
Hoang Dinh, Creative Director
Sam Charrington, Editor, Founder & Principal Analyst of CloudPulse
Strategies
Contributors:
Atul Jha, Research
Brett Heckman, eBook Technical Consultant
Joab Jackson, Editor
Judy Williams, Copy Editor
Klint Finley, Editor
Lawrence Hecht, Data Research Director
Patricia Dugan, Director of Community Marketing & Development

TABLE OF CONTENTS
Introduction ..................................................................................................................................4
Sponsors ........................................................................................................................................7
THE DOCKER & CONTAINER ECOSYSTEM

Crossing the Ocean with Containers ........................................................................................8


The World is Programmable with Containers ......................................................................15
....................24
Cisco: Networking the Hybrid Cloud ......................................................................................31
How the Go Programming Language Helps Docker and the Container Ecosystem.....36
Managing Containers Across Distributed Resources ..........................................................42
Docker as the Developer-Facing Toolbox for the Internet-as-Open-Platform ...............52
The Continuum: From Containers to Serverless Architectures and Unikernels ............57
.........................64
IBM Wants You to Use a Cloud Platform Optimized for the Full Application Lifecycle 82
Docker Fuels Rethinking of the Operating System ..............................................................87
Adopting Containers in Enterprise..........................................................................................98
CONTAINER ECOSYSTEM DIRECTORY

Developer Tools, Application Development/Deployment and Image Creation ........ 107


Runtimes, Platforms and Hosts............................................................................................ 113
Orchestration and Management .......................................................................................... 118
Infrastructure Services ........................................................................................................... 124
Image Registry and Security ................................................................................................. 126
Consulting and Misc. .............................................................................................................. 129
Disclosures................................................................................................................................ 130

THE DOCKER & CONTAINER ECOSYSTEM

INTRODUCTION
We never thought that our last six months at The New Stack would be
ecosystem. It was supposed to be one ebook that wed do in six weeks or
so, but then we started putting it together. It had quite a scope that easily
would have made just one ebook more than 100 pages.
justice to the subject matter? The answer was no. It made far more sense
to make it a series, and take the time to explore how containers apply to
the entire stack, as individual units that have quickly come to be
associated with orchestration.
Its a new time that is really not about IT. Its now about application
development and management at scale. These are the days that will help
a technologist might have dreamed in the enterprise heyday. Today, we
are talking about applications far more than the machines they run on.
The machines are now a resource not a server farm, a grid or even a
cloud. This resource is as real as any physical resource we know of.
But how do we connect the resources? How do these resources become
deeper, wider and more powerful in what they provide? How do we make
them simple enough so that we dont need to invent something new every

In many respects, its simply a matter of economics that we see in the

THE DOCKER & CONTAINER ECOSYSTEM

INTRODUCTION

credence as a way to build apps directly from the developers laptop with
much of the process automated and packaged. They have impacts on the
cost of managing resources.
These economic considerations and impacts on behavior speak to why
Docker is having such a lasting symbolic impact on changing technologies
and models.
Its this change to more container-based workloads that will drive the
substance of our ebook series. We have a lot of subject matter to cover.
Well run the series into the spring of 2016, and even at that point the
landscape will have changed further. At that time, we may even have a
technology age feel so timeless.
I am so lucky to be part of such a great community. Our goal is to analyze
how application development and management at scale is changing as
the new stack evolves. Every day I get to explore the workings of this world
and its dimensions. I get to talk to the smartest technologists in the world.
We also have the honor and the privilege of working with fantastic
sponsors. In particular, I want to thank our series sponsors: Cisco, Docker
and IBM. We could not be here without them.
Finally, there is the team who is working to build The New Stack who I get
to talk to every day. I love this group of people. They are the heart and
soul of what we do every day at The New Stack. They are my colleagues
New Stack and bring with them the excellence we always strive to
maintain. I would not be here without them.
THE DOCKER & CONTAINER ECOSYSTEM

INTRODUCTION

Thank you so much for your interest in our ebook series. Please reach out
any time. I am always happy to meet and talk with people who care
enough to introduce themselves.

Thanks, Alex.
Alex Williams
Founder and Editor-in-Chief
The New Stack

THE DOCKER & CONTAINER ECOSYSTEM

SPONSORS
We are grateful for the support of the following series sponsors:

THE DOCKER & CONTAINER ECOSYSTEM

CROSSING THE OCEAN


WITH CONTAINERS
by JEFF SUSSNA

viewed it as a cost-reduction convenience. Soon, though,


many organizations began to recognize its power to trans-

dynamic, adaptable resource that IT could use to power 21st-century business imperatives for agility and responsiveness. Terms such as cloud-native and cattle not pets expressed the understanding that cloud-based

change.

Docker has captured the industrys


imagination with breathtaking speed.
Containers are taking this transformation to the next level. Docker has
captured the industrys imagination with breathtaking speed. It began in
THE DOCKER & CONTAINER ECOSYSTEM

CROSSING THE OCEAN WITH CONTAINERS

similar fashion to cloud, seeming to provide a more convenient solution to


existing packaging and deployment problems. In reality, though,
than cloud.
While cloud computing changed how we manage machines, it didnt
change the basic things we managed. Containers, on the other hand,
promise a world that transcends our attachment to traditional servers
applications and application components. One might claim that
represent the fruition of the object-oriented, component-based vision for
application architecture.
In a testament to the rapidity of Dockers ascent, the conversation has
chronicling experiences running Docker in production duel with others
detailing the ways in which its not yet viable. This binary argument misses

THE DOCKER & CONTAINER ECOSYSTEM

CROSSING THE OCEAN WITH CONTAINERS

ocean with it. Just as was the case with cloud computing, containers pose
as many questions as they answer. These questions arise on multiple
levels: architectural, operational, organizational, and conceptual.
Containers make many things possible, without necessarily accomplishing
recognizing the power of containers, one begins the more laborious
issues include questions such as:
How do containers communicate across operating system and
network boundaries?

How do you monitor them?


How do you actually compose them into larger systems, and how do
you manage those composite systems?
Various answers to these questions have begun to emerge. Packaging
infrastructure. Cluster management systems such as Kubernetes layer
replication, health maintenance, and network management on top of raw

models.
These higher-order systems answer some of the initial questions that arise
while trying to deploy containers. They also, though, raise new questions
THE DOCKER & CONTAINER ECOSYSTEM

10

%CROSSING
Of Organizations
Planning To Address Needs in the Next 2 Years
THE OCEAN WITH CONTAINERS
(excludes partnerships)

60%

11%

71%

App Development / Deployment

60%

11%

71%

28%

71%

Growth Potential

Scheduler / Orchestration / Mgnt / Monitoring

43%

Security

23%

40%
30%

23%

28%

23%

Container/OS
21%

Hosting/Service Providers

13%
26%

Database/Big Data

21%

10%

20%

4%

53%
51%

38%

36%

Image Registry

63%

34%

30%

27%

6%

30%

by improving existing product

40%

50%

60%

70%

by developing new product (internally or via M&A)

FIG 1:

of their own. Now, instead of asking how to manage and compose


containers, one has to ask how to manage and compose the container
management, deployment, and operations toolchain.
This process is a recursive one. At the moment, we cant know where it will
end. What does it mean, for example, to run Kubernetes on top of Mesos?
Contemplating that question involves understanding and interrelating no
less than three unfamiliar technologies and operating models.
More importantly, though, organizations are just beginning to contemplate
how to integrate the container model into their enterprise architectures,
organizations, and conceptual frameworks. This process will be a journey
THE DOCKER & CONTAINER ECOSYSTEM

11

CROSSING THE OCEAN WITH CONTAINERS

of its own. It will consist of a combination of adaptation and


transformation. The precise path and destination of that journey are both
unknown, and will depend to a large degree on each organizations
individual history, capabilities, and style.
Deep technical change is a complex process. It cant be predicted or
linearly planned. Implementing it requires the same lean and agile
techniques we use for product development. The question, is Docker
ready for the enterprise? is the wrong question. A better question would
be, how are containers likely to perturb our organization and our ways of
doing things? Answering that question requires conducting experiments
and learning from feedback. It also goes far beyond purely technical
concerns.

Deep technical change is a


complex process. It cant be predicted
or linearly planned.
Adopting a transformative technology such as cloud or containers
impacts every aspect of IT. When computing resources pop into and out
of existence by the minute instead of the year, and in the hundreds of
thousands instead of the hundreds, traditional management methods no

need to learn new ways of thinking about what systems are and how to
solve problems with them. Making Docker enterprise-ready involves not
THE DOCKER & CONTAINER ECOSYSTEM

12

CROSSING THE OCEAN WITH CONTAINERS

rather the ability to hire people who can comprehend the implications of
that technology, and who can operate it based on that understanding.

We need to apply everything weve


learned about navigating change
and uncertainty, and step beyond
the binary success/failure conceptual
model of adoption.
Ultimately, the impact of containers will reach even beyond IT, and play a
part in transforming the entire nature of the enterprise. The value of
microservices and containers lies in how they enable smaller, faster, more
frequent change. In order to take full advantage of this capability, IT
organizations will need to restructure themselves socially as well as
architecturally. This cascading transformation process will in turn apply to
the enterprise as a whole, as it strives to take advantage of its new
capabilities for responsive digital service.
Just as container management systems present new sets of questions, so
too do new organizational structures. If a company decides to adopt
Holacracy as part of its mission to improve agility, it will have to navigate
and structural change happens through experimentation, failure, and
adaptation.
THE DOCKER & CONTAINER ECOSYSTEM

13

CROSSING THE OCEAN WITH CONTAINERS

In thinking about enterprise adoption of Docker or any other container


technology, we need to understand it for what it is: a trigger for a much
larger, more complex, and long-lasting process. We need to cast our gaze
beyond containers themselves, towards the socio-technical systems they
are just beginning to perturb. We need to apply everything weve learned
about navigating change and uncertainty, and step beyond the binary
success/failure conceptual model of adoption. In this way, containers are
transformation.

THE DOCKER & CONTAINER ECOSYSTEM

14

THE WORLD IS
PROGRAMMABLE WITH
CONTAINERS
by ALEX WILLIAMS

ocker and container technologies symbolize a new economic


reality that puts the developer at the center of the transformation

heavyweight to lightweight technologies, and from human to automated


systems, is apparent in the ecosystem in a number of ways:
The Internet is being programmed, and it needs plumbing to work.
Application development is faster than ever.
Open source communities are proliferating and becoming more
commercial.

The need is coming for automated infrastructure and scaled-out


distributed resources.
It will increasingly be more about performance than compatability.
THE DOCKER & CONTAINER ECOSYSTEM

15

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

Container technologies have a long history. Docker is simply a new


iteration that makes it easier and more convenient to design, deploy and
manage applications. Containers are processes, parts of systems that are
platforms, open source projects, orchestration systems, service discovery

platforms and orchestration services can manage new, lighter workloads.


This indicates a change from virtualized infrastructures to containercentric, distributed resources that abstract away the complexities that
have historically come with developing apps on cloud services and hosted
environments.
Docker operates on top of the infrastructure and syncs with the
way to ship, build, run and deploy applications. Its an open platform for
distributed apps. It works wherever Linux does, which is essentially

Docker is the work of Solomon Hykes, who founded dotCloud, a platform


as a service (PaaS) company. Hykes built Docker as an API that isolates
processes. It uses isolation technologies, such as cgroups and
namespaces, that allow the containers to run independently on the Linux
kernel without the overhead of starting up a virtual machine. It allows
Docker containers to run independently, making it easy to move code.
Virtualization technology from companies like VMware sits below the
operating system and virtualizes the server, not the application. Wherever
the virtual machine goes, the operating system has to go with it. It has to
THE DOCKER & CONTAINER ECOSYSTEM

16

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

database and the rest of the stack that it depends on.


Virtualization is not independent of container technology. VMware, for
example, has developed a platform that uses virtual machines to insulate
containers. Photon OS, as its now called, will serve as the agent that gives
VMwares vSphere management system visibility into the operations inside
containers.
from containers that dont include it. It is an alternative platform to
vSphere. This new Photon Platform, as VMware has dubbed it, is intended
for cloud-native containers only for data centers intending to deliver
intends to be established.

and services that make the world run.


Its this sophisticated infrastructure that makes it possible for startups to
build services faster and cheaper. Thats what makes the new stack

and high IT overhead.


have historically built technologies that were designed for desktops and
data centers.

THE DOCKER & CONTAINER ECOSYSTEM

17

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

Market Reality: There are billions of people in the world and almost
everyone has had some contact with the Internet, even if they may not
realize it. There are millions of developers who are building the new
foundations for how we live and work. In the meantime, their operations
counterparts are doing the plumbing to make the Internet more
programmable.
The Result:
convenience and performance over compatability.
presented at DockerCon in June 2015 and made the argument that
millions of programmers means new innovations. It is these innovations

Internet is, in essence, the argument Docker makes. Its technology is a

programmable nodes. According to this view, anything can be a node.


Almost anything can become a digital object that can be programmed.
Is it far-fetched to think that containers will be the layer that makes the
world programmable? Its more realistic to think of containers as part of a
continuum, which is evident by the development of the current market.
Serverless architectures are gaining favor as a way to abstract the
THE DOCKER & CONTAINER ECOSYSTEM

18

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

complexities of distributed systems. Unikernels are gaining favor for being


far more lightweight than container technologies.
Other companies in the container ecosystem are declaring their own ways
position with a new registry platform that integrates with its EC2
Container Service. This platform is joining a strong lineup of registry and
runtime services including IBM Containers on Bluemix, CoreOS Enterprise
Registry, JFrogs Artifactory, Google Container Registry, Quay.io and, of
course, Docker Trusted Registry.
Despite tremendous demand from people using container technologies,
infrastructure has not been transformed. Security policies, load balancing,
FIG 1:

The Programmable Internet

Programmers
App

App

App

App

App

App

App

App

App

App

App

App

App

Internet Software (Containers) Layer


Internet Hardware Layer
Servers Desktops Phones Cars
Houses
Public
THE DOCKER & CONTAINER ECOSYSTEM Transit

http://www.slideshare.net/chanezon/docker-platform-and-ecosystem

TVs

Industrial
Facilities

Scientific
Financial
Instruments System
19
thenewstack.io

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

storage management, service discovery, service management, resource


management and native container support are largely missing or still
inadequate for production workloads.
Virtual machine bloat, large attack surfaces, legacy executables and
base-OS fragmentation are a common problem, as pointed out by Darren
Rush in a look at a post-container world.
The need is for immutable infrastructure. That means creating something
and then leaving it unchanged. Dont update it, just create something new.
Once the image is working, only a working image is deployed. The old
version of the image can be kept in a container if, for example, there needs
to be a rollback of the environment. An entire infrastructure can be
timestamped, making it far easier to scale-out horizontally not just from
a faster deployment, but by actually adding more machines to make
processing faster.

managing servers need to have logins and accounts. They have to manage
technologies that have various states of repair or disrepair. Setting up
is, removes many of these types of issues. It removes the burden of
manual updates. Let the machines take control.
argues
that DevOps is the outcome of this sort of transformation, and that
essentially means a reorganization for most companies. But with a
microservices approach, an immutable infrastructure can allow for steep
THE DOCKER & CONTAINER ECOSYSTEM

20

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

cost reductions and a high rate of change. Developers can build and
deploy services in seconds: Docker packages them and the microservices
environment runs them in what amounts to fast tooling that supports
continuous delivery of many tiny changes.
These new microservices environments are not easy to manage. Think of
the speed involved, the scale needed across continents, regions and

patterns need to be understood across zones.

The Container Combo


wrote on the topic for
The New Stack.

that is created and tested on a developers laptop using any language or


bare metal server.
more robust and is generalized to build anything once, run anywhere.
Then there is speed. A Docker container can be launched in a second, as
opposed to a virtual machine which may take tens of seconds or even
becomes a new version, or in other words, a new container.

THE DOCKER & CONTAINER ECOSYSTEM

21

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

Its this speed that is most transforming. Speed means a lower barrier for
taking risks with trying new ways to speed up app development and
management. However, we have barely come to understand what the
outer dimensions of this new capability means to us all.
You are going to see a new order of magnitude in terms of swarming of
compute running for shorter time periods, said John Willis in a story from
The New Stack earlier this year. Now it is a matter of nanocomposite. It
could go from 1,000 to one billion instances starting and stopping in a week.
The startup time for a container is around a second. Public cloud virtual
machines (VMs) take from tens of seconds to several minutes, because
they boot a full operating system every time, and booting a VM on a
laptop can take minutes.

Docker containers are shared in a public registry at Docker Hub. This is


organized similarly to GitHub, and already contains tens of thousands of
containers. Because containers are very portable, this provides a very
useful cross platform for applications and component microservices that
can be assembled into applications. Other attempts to build app stores
Charms) or tool (e.g., the Chef Supermarket), and it seems likely that
components and monetization opportunities.
THE DOCKER & CONTAINER ECOSYSTEM

22

The Evolution of Deployment Speed

THE WORLD IS PROGRAMMABLE WITH CONTAINERS

Speed enables and encourages new microservice architectures

Datacenters

Virtualization

Containers

Serverless

Months to deploy,
live for years

Minutes to deploy,
live for weeks

Seconds to deploy,
live for minutes/hours

Milliseconds to deploy,
live for seconds

Source: http://www.slideshare.net/adriancockcroft/dockercon-state-of-the-art-in-microservices

thenewstack.io

FIG 2:

Summary
In all, an application-centric approach has deep roots in the Linux
ecosystem. There is a rich history of tooling that has allowed for a market
of compatibility. Linux runs everywhere and everything runs on it. But
of complexity in the system, including permission checks on the operating
system that stem back from a time when massive monolithic systems
were built into single machines.
Today, performance is becoming a key-value driver for containers, but
they still have an associated complexity. And thats why there is such a
diverse ecosystem: its needed for users to build architectures that can
take containers from the laptop and into distributed environments
environments that can manage any number of microservices that are fast,

THE DOCKER & CONTAINER ECOSYSTEM

23

OPEN SOURCE
COMMUNITIES DEFINE
THE DOCKER AND
CONTAINER ECOSYSTEM
by LAWRENCE HECHT

he economics of proprietary technologies are less viable with


increasingly complex systems that require constant adaptation,

systems are less robust than their open source equivalents. The Docker
and container ecosystem is representative of this new market reality.
As many of the container-related projects move into enterprise production
vendors such as IBM, Intel and Google, as well as by large customers such
as Goldman Sachs, that are creating new open source foundations. These
communities, lead by professional organizations such as the Linux
Foundation, which now runs the Open Container Initiative, the Cloud
Native Computing Foundation and the Cloud Foundry Foundation.
Created in June 2015, the Open Container Initiative (OCI) is an open

THE DOCKER & CONTAINER ECOSYSTEM

24

OPEN SOURCE COMMUNITIES DEFINE THE DOCKER AND CONTAINER...

of the providers and a context for looking at the past and future of an
application-centric infrastructure.
The roots of OCI can be traced back to Docker and the development of
its libcontainer technology. The libcontainer format enabled Docker to

single host share the kernel of the running Linux OS. It undocked itself
was designed, systemd was responsible for launching and maintaining
container processes in a manner that the operating system could
manage.
As part of OCI, Docker donated libcontainer to the initiative. The overall
goal is to ensure compatibility between systems and the code that utilizes
containers, thus freeing the next generation of engineers to focus on
innovating higher up the value chain.

Foundation (CNCF). The CNCF is the newest open source project, initiated
by Google and joined by Cisco, Docker, IBM, Mesosphere, Joyent and a
host of other companies in the ecosystem that are trying to standardize
scheduling and orchestration capabilities.
activity and industry cooperation within the tight-knit group creating the

THE DOCKER & CONTAINER ECOSYSTEM

25

OPEN SOURCE COMMUNITIES DEFINE THE DOCKER AND CONTAINER...

migrated from libcontainer, there has been robust participation from both
independent developers and companies.
developed by CoreOS for its Rocket runtime system. At CoreOSFest this
past spring, the company announced App Container (appc), its own open
source project based upon the rkt technology. Google, VMware, Red Hat,
Hybrid Cloud OS maker Apcera and a gathering coalition of industry
partners backed appc.
CoreOs has funding from Google Ventures. Furthermore, the CoreOS
technology integrates deeply with Kubernetes, Googles open source
container management platform. Google, for its part, is focusing on the
recently announced Cloud Native Computing Foundation, which has an
emphasis on container management.
Docker, without a doubt, competes with both CoreOS and Google. They
changing world of application development and management at scale, as
there is really no one universal solution.

Project
OCIs initial technical leadership included representatives from Docker,
Red Hat, CoreOS, Google, and an independent developer with a company
called
. Now that the project has been operating for a few months,
we can see who is actually involved with the development of
that there have been 24 contributors to the opencontainers/specs
THE DOCKER & CONTAINER ECOSYSTEM

26

OPEN SOURCE COMMUNITIES DEFINE THE DOCKER AND CONTAINER...

repository, with the most involvement from Huawei, Docker, Red Hat, IBM,
Fujitsu and CoreOS.
It is noteworthy that the previous top three contributors to appcs spec
CoreOSs Jonathan Boulle and Brandon Philips and Red Hats Vincent
Batts are actively contributing to OCIs specs. Without the support of
these leaders, activity in the appc project has slowed down tremendously
since OCIs announcement.
important their development is to keeping some companies involved. For
example, CoreOS released an updated version of rkt based on appc, yet in
the future plans on releasing the same runtime based on the OCI spec.

# of Contributors per Company

FIG 1:

Independent
Developers
Students
THE DOCKER & CONTAINER ECOSYSTEM
Source: Data collected in early-October from github.com/opencontainers/specs. 24 contributors and 106 contributions

27
thenewstack.io

OPEN SOURCE COMMUNITIES DEFINE THE DOCKER AND CONTAINER...

If OCI is to be successful, it will at a minimum need companies like CoreOS


to use agreed upon standards that will allow it to continue developing its
own runtime while at the same time ensuring interoperability with
Interestingly, CoreOS is still hedging their bets on OCIs success. While
contribution to the runc repository.

Involvement With runC


libcontainer is the actual meat of what developers are currently using. The
level of GitHub activity for runC has actually picked up as compared to the
work done in libcontainer, with 24 percent of the contributions in the
repository happening since libcontainer migrated to runC.
There has also been an uptick in new contributors since OCI was
FIG 2:

Contribution to the OCIs runC

24%

New Contributions

76%

Contributions Migrated
from libcontainer

THE DOCKER & CONTAINER ECOSYSTEM


Source: Data collected in early-October 2015 from github.com/opencontainers/runc and
github.com/docker/libcontainer. Contributions = 1657.

28
thenewstack.io

OPEN SOURCE COMMUNITIES DEFINE THE DOCKER AND CONTAINER...

announced, with 29 of the 127 contributors joining in the last two months.
However, it is noteworthy that most of the contributions have come from
Docker and Red Hat employees. Absent from the list of contributing
companies is CoreOS. It is also notable that Google accounted for only
two contributions (0.5 percent of the total), as opposed to the 18 percent
it accounted for in the original libcontainer repository.

the membership roster of the OCI. We found that half of OCIs member
companies still do not have an employee contributing to the project.

FIG 3:

Contributions by Company Since runC Was Created


Docker
Red Hat
Huawei
IBM
GE Healthcare
Fujitsu, Prima.it
Unknown
Odin
SK Telecom
Pivotal
EMC, Microsoft, Independent Developers
Google, Heroku (Salesforce.com),
Mantika, Student

0
5%
10%
THE DOCKER & CONTAINER ECOSYSTEM

Source: Data collected in mid-October 2015 from github.com/opencontainers/runc and


github.com/docker/libcontainer. Contributions Since Runc Was Created n = 393.

15%

20%

25%

30%

35%

29

40%

thenewstack.io

OPEN SOURCE COMMUNITIES DEFINE THE DOCKER AND CONTAINER...

What does a lack of participation mean? Of course, a company can adopt


or support standards without actually contributing to an open source
project. If that is the case, then OCI will have accomplished at least part of
its mission by creating a standard that everyone can build upon.
But it does speak to what becomes of open source projects that become
larger organizations with participation from commercial technology
providers. The gap widens. Large companies make up most of the
contributions and the smaller providers represent a tiny percentage of
the total.

THE DOCKER & CONTAINER ECOSYSTEM

30

CISCO: NETWORKING THE HYBRID CLOUD

CISCO: NETWORKING
THE HYBRID CLOUD
by MARK BOYD

ith its expansive history in IT network hardware, Cisco


Systems has been acting as much of the pipes of the
Internet, responsible for routing a large chunk of the worlds

growth and disruption cycles play out amongst the companies that are
building the data nodes and the companies that are creating the digital
products that travel within the networked systems.
They have also seen the boom and bust of the dot-com cycles, having at
one point been valued at a nose-bleeding $500 billion, but now with a
current estimated market cap of around $134.83 billion. Perhaps because
of having lived through these sorts of these hyperbolic heights and more
business as networking, not necessarily hardware networking.
Ken Owens, CTO
of Cloud Services at Cisco Systems. Owens believes that enterprises and
THE DOCKER & CONTAINER ECOSYSTEM

31

CISCO: NETWORKING THE HYBRID CLOUD

whole industries risk losing market share and relevance if they do not
understand this basic tenet of digitization.
Amazon, the birth of a new digital generation of social media, Uber and
To avoid facing the same disruption in their own hardware networking
business, they needed to develop competencies and products suited to
Now, as hybrid clouds become increasingly acceptable to enterprises
looking to make the best use of data and computational storage across a
global network of distributed application architectures, Cisco still wants to
be the company that others turn to for networking it all together.

The open source project Mantl is


at the core of their SDN product suite
Owens says that while recognizing the threat of disruption at an industry
level, Cisco Systems also saw within the new SDN approach that more and
infrastructure that enabled their applications to function.
In a hybrid cloud environment, containers may be running in Docker, be
orchestrated with Kubernetes or Mesos, rely on Consul or etcd for service

components. In true hybrid fashion, this may mean some systems of


THE DOCKER & CONTAINER ECOSYSTEM

32

CISCO: NETWORKING THE HYBRID CLOUD

record were stored in on-premise data centers, while more temporary,


real-time data was stored in the cloud on Amazon Web Services or
through OpenStack for immediate processing.
You can get infrastructure very quickly now, but youre leaving all the
components together how theyre going to test it, how theyre going to

developers to accomplish what they need to accomplish and maintain


their code over time.
can be used as a data center and cloud-agnostic microservices platform.
Using a range of open source components, Mantl enables DevOps to focus
on how their application is running, without having to link together varying
infrastructure components (and resolve the integration challenges that
come with working across a hybrid cloud environment). Owens describes
the typical experience for a developer using Mantl:

monitoring the applications in production.


THE DOCKER & CONTAINER ECOSYSTEM

33

CISCO: NETWORKING THE HYBRID CLOUD

THE NEW STACK SUMMARY

Traditionally known for their network infrastructure, Cisco sees containers


as a key technology for enabling customers' digital transformation.

KEY PROJECTS

https://github.com/CiscoCloud

A member of the Cloud Native Computing


Foundation and Open Container Initiative.

MANTL - Integrates Kubernetes, Mesos, Consul and other open source


projects to deliver container-based application deployment for large-scale
hybrid cloud environments.

KEY PARTNERS

Google, Hashicorp, Mesosphere

KEY ACQUISITIONS

Piston CloudOS

thenewstack.io

It is part of a new approach that Owens is calling Hybrid DevOps. Along


with Mantl aimed at solving developers pain points is a new suite of
hybrid cloud products that includes the InterCloud Fabric aimed at
THE NEW STACK SUMMARY
enterprises deploying applications
across
Standing on the
shouldershybrid-cloud
of giants, namely thearchitectures
Linux kernel, Docker and
createdwho
a set ofwant
tools thattheir
is intiating
a sea-change in
at cloud providers themselves
customers
todeveloper
easilyexperience
access
https://github.com/docker

and enterprise computing.

KEY PROJECTS

- The Docker platform


for building,security,
deploying, shipping,
and runenterprise to manage theirDocker
hybrid-cloud
workloads:
compliance
ning container-based applications is available on Github as open source.
and governance can all beDocker,
managed
regardless
of whether
Inc. donated
its container format
and runtimethe
to theenterprise
newly-formed
Openbare
Container
Initiative.
is running its architecture on
metal,
on an OpenStack cloud, on
KEY ACQUISITIONS
VMware-based clouds or KEYasPARTNERS
is increasingly the case
a mix of all.
A member of the Cloud Native Computing
Foundation and Open Container Initiative.

Amazon, Microsoft, IBM, Red Hat

Socketplane (networking),
Orchard Labs (orchestration)

Being able to develop your application, to separate that development


thenewstack.io
from the deployment scenario, and to enable that deployment to work
across the InterCloud, meant that you could truly develop your app once,
deploy it into whichever infrastructure you want (or whatever
infrastructure your company
has selected to deploy into), including the
THE NEW STACK SUMMARY
The company
perhaps
most associated
with enterprise
systems is playing
public domain. Then you can
run and
manage
it from
that location
says
a huge role in driving a variety of cloud and container innovations and
Owens.
helping to shape the communities around them.
www.ibm.com/cloud

KEY PROJECTS

Without a move into hybrid-cloud


networking,
could
potentially
be
IBM is a contributor
to many of theCisco
container
ecosystem's
most important
open source projects, including Docker, Cloud Foundry, Linux, Kubernetes.
at greater risk of facing disruption
themselves, as they have seen across
A member of the Cloud Native Computing
Foundation and Open Container Initiative.

KEY PARTNERS

Docker, Pivotal, Google


THE DOCKER & CONTAINER ECOSYSTEM

KEY ACQUISITIONS

N/A

34
thenewstack.io

CISCO: NETWORKING THE HYBRID CLOUD

industries that have traditionally used their cable and WiFi networks. Like
we did with the Internet, Owen says, were trying to do the same thing
with clouds, because we feel like theres a very close analogy to what
happened with the Internet back in the 90s, and whats happening with
cloud today.
Listen to The New Stack Makers podcast
with Ken Owens on:
Soundcloud or YouTube

THE DOCKER & CONTAINER ECOSYSTEM

35

HOW THE
GO PROGRAMMING
LANGUAGE HELPS
DOCKER AND THE
CONTAINER ECOSYSTEM
by JOAB JACKSON

o build Docker, developers made the somewhat novel choice of


using Googles relatively new Go programming language. Given
that Dockers virtualization technology would need to be responsive, a more traditional choice might have been a low-level language
such as C.

Going with Go turned out to be a wise decision. Go gave the Docker team
a simple and powerful language for working with their initial operating
system of choice, Linux.
More importantly, it also provides users with an easy path to incorporate
to enable fast development on distributed systems. It allows developers
and system administrators to quickly build programs and system tools for
cloud computing environments without worrying too much about issues
such as dependency management or concurrent programming.

THE DOCKER & CONTAINER ECOSYSTEM

36

HOW THE GO PROGRAMMING LANGUAGE HELPS DOCKER AND THE...

For the developer, Go makes it easy to package pieces of code


functionality, and then build applications by assembling these packages.
The packages can then be easily reused for other applications as well.
And just as Go helps in development, it also makes life easier during
deployment. A Go program can be simple to implement because, once it
is compiled, it typically does not require external libraries. A large standard
core library provides all the functionality a programmer may need, in most
cases.
This means an administrator can develop a Go program, copy it over to
any remote server with an installed version of Go, and not worry if the
program will require additional libraries that the server may not have.
The whole process is made even easier with Docker. There is a special
version of the language, available in the Docker Hub, that can package an
application within a Docker image during the compilation process, so that
it can be immediately deployed. Developers can even build their
applications from within the container itself. They dont even need to have
Go on their own computers.
Just as it is easy to install and run Go programs within Docker, its very
easy to manage Docker containers with Go. Docker provides an API library
for interacting with Docker containers using Go.

Customer Adoption
Go was launched in 2009, and was ready for production use by 2012. Since
then, it has been embraced by developers worldwide, particularly in
China, where it is most heavily used (though there is discussion about if

THE DOCKER & CONTAINER ECOSYSTEM

37

HOW THE GO PROGRAMMING LANGUAGE HELPS DOCKER AND THE...

In fact, a surprising number of large enterprises, not the quickest of


adopters, have already adopted Go, including Chevron, Verizon, Disney,
to build a security library for the Internet of Things, as well as for network
Many web-scale companies have adopted Go as well. Not only Google, but
Facebook and Amazon have gone with Go.
Of course, Google itself provides a hosted Go runtime, as part of its
Google App Engine collection of platform services, though other cloud
providers, such as Amazon Web Services, support the language as well.
As of latest count, GitHub hosts over
and those are only the open source public projects. No doubt, many

matter of what companies have used Go many developers report they


are planning to use Go in the near future.
developers said they were planning to use Go in the future, representing a
predicted increase from the 10 percent currently using Go. As a whole,
eight percent of developers plan to use Go in the next year.
developed in Go, including the Kubernetes container management
It is pretty easy to see that Go will be the core language for the container
ecosystem for many years to come. There is a synergy at work here

THE DOCKER & CONTAINER ECOSYSTEM

38

Plans to Use Go in the Future

HOW THE GO PROGRAMMING LANGUAGE HELPS DOCKER AND THE...

19%

DevOps
11%

Back-end Web Developer


Full-stack Web Developer

10%

Enterprise-level Services Developer

10%

19% of DevOps are


planning to use Go in
the future, up from
the 10% that are
currently using Go.

7%

Mobile Developer
6%

Embedded Application Developer


Desktop Developer

5%

Data Scientist

5%

Front-end Web Developer

5%
0

5%

10%

15%

20%
thenewstack.io

FIG 1:

league of Go programmers worldwide.

Gos appeal comes in part from how it combines the best practices from
old-school statically-typed programming languages and the newer,
Go was created by what could only be called a supergroup of veteran
programmers: Robert Griesemer, who worked on the V8 JavaScript engine

THE DOCKER & CONTAINER ECOSYSTEM

39

HOW THE GO PROGRAMMING LANGUAGE HELPS DOCKER AND THE...

three had worked at Google, and all were frustrated with the limitations of
existing languages. The languages of the day just werent well-suited for
directly.
rigorous controls over data types, which make them safer and faster. Their
As a result, many web-facing startups over the past decade have
gravitated towards a new breed of dynamically-typed languages, such as
Ruby or JavaScript, which do not enforce the strong typing of data.
While this dynamic typing can simplify work for the programmer,
additional costs sneak out during the runtime in the form of increased
cost for testing and debugging. Debugging becomes a lot more of a
headache, especially with large programs, if the data types arent enforced
from the outset. Programs written with dynamic languages also tend be
slower than their statically-typed counterparts, especially when scaled up
to large workloads.
The beauty of Go is that the language combines the ease of development
statically-typed languages.
As a result, Go programs run more quickly than those written in dynamic
languages, which translates directly into lower monthly usage bills for
those companies running their web applications in the cloud.
One company that learned this was consultant Iron.io, which built a
messaging system for its clients that it later released as a product, called
THE DOCKER & CONTAINER ECOSYSTEM

40

HOW THE GO PROGRAMMING LANGUAGE HELPS DOCKER AND THE...

Iron.io was able to cut the number of virtual servers they needed to run
IronWorker from 30 to two.
In addition, Go is geared for distributed computing. It has many built-in
features to support concurrency, or the ability to run a program across
multiple processors. It can execute many low-level system calls, giving it
the ability to work directly with the operating system, which speeds up
process time.
The language is also friendly to the programmer. Go was built so that the
developer can call up the documentation through a single command line.
Testing can be executed through a single command as well.
In short, Docker couldnt have found a better partner than it did in Go.

THE DOCKER & CONTAINER ECOSYSTEM

41

MANAGING CONTAINERS
ACROSS DISTRIBUTED
RESOURCES
by ALEX WILLIAMS

ontainer Solutions is a consulting group out of Amsterdam. They


frame the current discussions about programmable infrastructure
in terms of machines.

Virtual machines can require large amounts of resources, especially when


developing on older machines. Running hypervisors can lead to stress on
a system if resources are not allocated correctly, or without a user
specifying that a certain amount should be used to compile logs or
complete other tasks as demanded by the project in question.
one outcome of high intensity workloads that do not scale appropriately.
traditional solutions to the problem. This might mean adding more
storage and networking boxes, which do not have the elasticity that more

THE DOCKER & CONTAINER ECOSYSTEM

42

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

Phil Winder for Container Solutions writes that scaling in distributed


systems depends on the service that is getting scaled. A stateless app can

horizontally. Winder writes that the application must decide what has

There are a host of other factors that come into building out distributed
architectures. And not surprisingly, there are all sorts of orchestration
environments to consider.
Orchestration aids in running apps across multiple containers, instead of
just one. In The New Stacks survey of container-related vendors, we asked
about orchestration, including it in a category with scheduling,
management and monitoring tools. In this context, we found that almost

future, several indicated they were working on revising their product or


developing a partnership. Later in the survey, companies also told us how
they are managing containers internally. There was no dominant tool, with
no product being cited by more than four percent of respondents. The
New Stack Container Directory has 55 products and projects associated
with orchestration management, with half of those representing an open

In 2006, Amazon launched Amazon Web Services (AWS), establishing itself

THE DOCKER & CONTAINER ECOSYSTEM

43

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

availability of almost unending compute ability, and customers were billed


only for the resources they used. Almost overnight, apps could be
deployed without the worry of getting a data bill with a comma. It was
relatively simple and the costs were less two core factors that led to
AWS made a powerful argument for moving away from the traditional
most well-managed IT shop would be hard-pressed to match.
The next evolution involved some new thinking about how to get the most
of unlimited resources in a self-serve manner, fully automated with
resources more oriented for developers and their application
requirements.
This concept of programmable infrastructure is part of a much bigger
trend that Google calls warehouse-scale computing, a term that came
from a Google paper in 2009, which is at the core of why Google is so
interested in containers.
computing, as described by CoreOS CEO Alex Polvi in an interview:
Commodity hardware and underlying compute resources.
Commodity switching and networking fabric.
Application packaging (containers).
Resource scheduling and orchestration.
Linux for running orchestration and packaging on commodity
hardware.
THE DOCKER & CONTAINER ECOSYSTEM

44

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

for, Polvi said. It means more compute resources can be added to get
more capacity in applications. It means any individual server is
meaningless. We will think about everything in terms of applications, not
individual servers.
native computing as Googles Craig McLuckie described it on The New
Stack.
The line-of-business manager should be able to run an application on
some on-demand infrastructure without the help of the system
administrator. The manager shouldnt have to worry about servers or any
other physical infrastructure. Instead, they should think about deployment
only in terms of logical computing resources.There is a sea of compute
available where any job can be scheduled to run.

THE DOCKER & CONTAINER ECOSYSTEM

45

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

requisition a server that may show up six weeks later. It also makes the
enterprise much more agile by lending it the ability to quickly spin up new
applications, move resources to optimal usage and stay ahead of
competitors.
servers? This is where tools like Google Kubernetes and open source
Apache Mesos data center operating system come in. Also of note is
Dockers platform, using its Machine, Swarm and Compose tools.

Google developed Kubernetes for managing large numbers of containers.


Instead of assigning each container to a host machine, Kubernetes groups
containers into pods. For instance, a multi-tier application, with a
database in one container and the application logic in another container,
can be grouped into a single pod. The administrator only needs to move a
single pod from one compute resource to another, rather than worrying
about dozens of individual containers.
Google itself has made the process even easier on its own Google Cloud
Google Container Engine.

THE DOCKER & CONTAINER ECOSYSTEM

46

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

interact with clusters:


Pods are small groups of Docker containers, able to be maintained
within Kubernetes. They are easily deployable, resulting in less
downtime when testing a build or QA debugging.
Labels are exactly as they sound, used to organize groups of objects
determined by their key-value pairs.
Services are used for load balancing, providing a centralized name and
address for a set of pods.
Clusters on Kubernetes eliminate the need for developers to worry
own right, each capable of handling tasks which require scalability.

Apache Mesos
Apache Mesos is a cluster manager that can help the administrator
schedule workloads on a cluster of servers. Mesos excels at handling very
large workloads, such as an implementation of the Spark or Hadoop data
processing platforms.
Mesos had its own container image format and runtime built similarly to

and contain an application. Applications were packaged in this format to


be able to be run by Mesos.
Datacenter Operating System (DCOS). As the name implies, DCOS
THE DOCKER & CONTAINER ECOSYSTEM

47

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

promises the ability to pool resources and then dynamically schedule jobs
against them, as if all the servers worked together as a single entity.
California at Berkeley. It sits between the application layer and the
operating system and makes it easier to deploy and manage applications
in large-scale clustered environments. It can run many applications on a
dynamically shared pool of nodes. Prominent users of Mesos include
The distributed systems kernel was born out of UC Berkeleys AMPLab

Mesosphere. He is one of the original creators of the Apache Mesos


project.
For years, an IT executive would build out the hardware and then run the

more like cattle than anything else. This pets-versus-cattle comparison is


treated in todays application-centric and data-intensive world. The
The data center is a virtual corral. Resources are pooled and apps are
launched in much the same way as operating systems work on
computers. Mesos has the capability to scale the number and size of apps
as well as the compute, storage and other resources that are needed for
main functions, such as allocating resources to apps.
THE DOCKER & CONTAINER ECOSYSTEM

48

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

Docker
Docker Machine, Docker Swarm and Docker Compose are designed to
work as an orchestration system. Docker also works closely with the
Mesos community.

Docker Machine
According to Docker, Docker Machine enables one-command automation
to provision a host infrastructure and install Docker Engine. Before Docker
Machine, a developer would need to log into the host and follow
OS. With Docker Machine, whether provisioning the Docker daemon on a
new laptop, on virtual machines in the data center or on a public cloud
instance, you only need a single command.
The pluggable backend of Docker Machine allows users to take full
advantage of ecosystem partners providing Docker-ready infrastructure,
while still accessing everything through the same interface. This driver API
works for provisioning Docker on a local machine, on a virtual machine in
the data center, or on a public cloud instance.
In its current alpha release, Docker Machine ships with drivers for
provisioning Docker locally with Virtualbox, as well as remotely on
VMware and other infrastructures.

Docker Swarm
Docker Swarm is a clustering and scheduling tool that automatically
optimizes a distributed applications infrastructure based on the
applications lifecycle stage, container usage and performance needs.
THE DOCKER & CONTAINER ECOSYSTEM

49

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

Swarm has multiple models for determining scheduling, including


requirements. Working with a scheduling algorithm, Swarm determines
which engine and host it should be running on. The core aspect of Swarm
is that as you go to multi-host, distributed applications, the developer
wants to maintain the experience and portability. For example, it needs
working with. This would ensure cluster capabilities are portable all the
way from the laptop to the production environment.
The Swarm API is for ecosystem partners to create alternative or
additional orchestration tools that override Dockers Swarm optimization
algorithm for something more nuanced to particular use cases.
This is what Docker has been calling their batteries-included-butswappable approach. Some users may be comfortable with using Docker
Swarm to identify optimized clustering of a multi-container, distributed
applications architecture. Others will want to use the clustering and
scheduling part of Swarm to set their own parameters, while still others
will look to an ecosystem partners alternative orchestration optimization
product to recommend the best cluster mix.
Multi-container applications running on Swarm can also be built using
Dockers Compose tool
between them. Compose-built distributed applications can then be
dynamically updated without impacting other services in the
orchestration chain.

THE DOCKER & CONTAINER ECOSYSTEM

50

MANAGING CONTAINERS ACROSS DISTRIBUTED RESOURCES

Docker Compose
Docker Compose enables orchestration across multiple containers.
Database, web and load balance containers, for example, can all be
assembled into a distributed application across multiple hosts. The
orchestration is composed by expressing container dependencies in a

Summary
Orchestration is still a topic that few people know little about, but it will be
crucial for companies building microservices environments. There are
questions to consider about virtualized infrastructure and how to deal
with issues, such as stateless and stateful services. There are the
schedulers, the service discovery engines and other components that
make up these new kinds of management systems. What these
later in the ebook series.

THE DOCKER & CONTAINER ECOSYSTEM

51

DOCKER AS THE
DEVELOPER-FACING
FOR THE
INTERNET-AS-OPENPLATFORM
by MARK BOYD

hile Dockers core mission remains the same, its process of


incremental innovation now means that todays Docker

was seen even a year ago.


We are seeing the beginning of tools coming out of the Docker
community that can be used outside of the Docker platform, says CTO
and Founder Solomon Hykes. We are going to see a hundred times more
Internet. And on top of that plumbing, there is a separate developer
Hykes says that developers are rethinking how they build everything, with
a lot of developers realizing that Docker is providing the developer-facing
toolbox that makes use of containers, virtual machines or other
distributed architectures to help scale applications. Its not just
containers, says Hykes.
THE DOCKER & CONTAINER ECOSYSTEM

52

DOCKER AS THE DEVELOPER-FACING TOOLBOX FOR THE INTERNET...

SVP of Marketing at Docker, David Messina, explains that this new toolbox
companys mission statement:

We are about building tools of


mass innovation, and building a
programmable layer for the Internet.
Now we have use cases that are anything from the largest government
institutions like the U.S. GSA [General Services Administration] to the
smallest, most innovative startups. We have use cases from genomic
sciences to IoT devices, says Messina. Throughout this, he says, the focus
is on providing a platform that is looking at the whole lifecycle of an
application: At the heart of it, our focus is on taking developers and
operations from the very start all the way through production.
How Docker has metamorphosed this year and how its leader Hykes
innovation that has been central from the emergence of containers in
systems.
Hykes describes how 2002 to 2010 represented a time of experimentation,
when two projects in particular moved the needle on containers in Linux.
VServer. Hykes describes VServer as a means to patch the
Linux kernel in order to split things up into virtual servers, an early version
of what today we would call containers. The second project was OpenVZ,
which Hykes says transformed the Linux kernel so that you could run
containers in production. They were very successful at that. Despite its
THE DOCKER & CONTAINER ECOSYSTEM

53

DOCKER AS THE DEVELOPER-FACING TOOLBOX FOR THE INTERNET...

success, OpenVZ never managed to get the technology merged into the
Linux kernel and always required a patch to make it possible.
this time, cgroups and namespaces were introduced, making containers a
functionality available within the Linux kernel. It became possible to use
something that looked like a container without patching your kernel. And
At the time, Hykes was leading dotCloud, an infrastructure platform as a
THE NEW STACK SUMMARY
service (PaaS) that was committed
to applying standards in the
Traditionally known for their network infrastructure, Cisco sees containers
a key technology forfor
enabling
customers' digital
transformation.
deployment of distributed asarchitecture
applications.
We
spent three
KEY PROJECTS

MANTL - Integrates Kubernetes, Mesos, Consul and other open source


https://github.com/CiscoCloud
operational experience. Weprojects
learned
that
tool wasapplication
not practical,
solarge-scale
we
to deliver
container-based
deployment for
hybrid cloud environments.

wrote a tool that was more stable. And thus Docker was born.
A member of the Cloud Native Computing
Foundation and Open Container Initiative.

KEY PARTNERS

KEY ACQUISITIONS

Google,Docker
Hashicorp,then
Mesosphere
Piston
CloudOS
Messina says that this is when
began its
own
process of
thenewstack.io
integrating innovation into its platform, identifying each challenge along
the way and addressing them one by one. At Docker, every step along the
way has involved incremental innovation, he says. It started with how do

THE NEW STACK SUMMARY

https://github.com/docker

Standing on the shoulders of giants, namely the Linux kernel, Docker


created a set of tools that is intiating a sea-change in developer experience
and enterprise computing.

KEY PROJECTS

Docker - The Docker platform for building, deploying, shipping, and running container-based applications is available on Github as open source.
Docker, Inc. donated its container format and runtime to the newly-formed
Open Container Initiative.

KEY PARTNERS
A member of the Cloud Native Computing
Foundation and Open Container Initiative.

Amazon, Microsoft, IBM, Red Hat

KEY ACQUISITIONS

Socketplane (networking),
Orchard Labs (orchestration)
thenewstack.io

THE DOCKER & CONTAINER ECOSYSTEM

54

DOCKER AS THE DEVELOPER-FACING TOOLBOX FOR THE INTERNET...

we build a model that separates the application concerns from the


infrastructure concerns. Then it became a distribution problem, and as
you move forward, then the bigger problem of orchestration and
networking becomes the challenge.
Messina points to Docker Machine, Swarm, Compose and, most recently,
Notary as examples of how this incremental innovation has played out.
Hykes, meanwhile, is already looking at the next frontier. We started
pulling the thread with Notary. The Notary announcement is the
beginning: how do you do large scale, secure distribution of content
across the Internet without relying on a closed platform like iOS or
Android? Hykes sees one of the next tasks as enabling the open platform
that is the Internet to let DevOps safely and at super-large scale get
content distributed across any machine to any application.
He believes that the tech to make this possible will require peer-to-peer
technologies, cryptography advances and more experimental solutions.

Messina agrees, seeing Dockers future roadmap centered on supporting


developers and operations to utilize the Docker toolbox that enables
control of the application lifecycle all the way from initial development on
a single laptop to global distribution in production.
THE DOCKER & CONTAINER ECOSYSTEM

55

DOCKER AS THE DEVELOPER-FACING TOOLBOX FOR THE INTERNET...

continuing to enable a platform that is looking at the whole lifecycle of an


job is to simplify and accelerate that journey of the application lifecycle for
organizations.

THE DOCKER & CONTAINER ECOSYSTEM

56

THE CONTINUUM:
FROM CONTAINERS
TO SERVERLESS
ARCHITECTURES AND
UNIKERNELS
by ALEX WILLIAMS

he complexities of managing Docker and containers in production


is one of the greater challenges that comes with its adoption. For
millions of programmers and plumbers the issue is about
simplicity. Its evident that containers represent a major progression from
virtual machines.

From a more universal perspective, this progression represents a


continuum that will lead to serverless architectures and other more
Containers represent a new continuum, but the architecture is quite
complex, which raises questions about what technologies will follow.

used at the Strange Loop conference to discuss the complexities of


microservices architectures, containerized architectures and unikernels.
THE DOCKER & CONTAINER ECOSYSTEM

57

THE CONTINUUM: FROM CONTAINERS TO SERVERLESS ARCHITECTURES...

along with etcd for service discovery. There are object stores, memory
stores and relational stores. The services are tied together with

they are quite complex.


According to Bajor, the Rally application stack is built on hardware and
drivers. It has a virtual hardware infrastructure with a hypervisor that
serves as a partitioning system for dividing the hardware. On top of the
hypervisor are operating systems, such as CentOS. On top of that is the
Docker runtime with the the shared libraries and language runtime. We

predict. There are many upgrade cadences to match. A large portion of it


is redundant. Isolation occurs at the hypervisor layer, in the user processes
and in the container. This is all for a single app on a single server, or a
single user.

There are lots of layers that the developer knows about implicitly, but
does not have an explicit understanding of how they all work. Systems are
historically heterogeneous and largely over-generalized. In new
architectures, hardware is largely commoditized, with virtual machines
working on hypervisors and virtual device drivers.

THE DOCKER & CONTAINER ECOSYSTEM

58

THE CONTINUUM: FROM CONTAINERS TO SERVERLESS ARCHITECTURES...

Bajor makes the point that the Linux kernel and users are natural enemies,
as considerable complexities are built into Linux to keep apps safe from
users, users safe from other users, and apps safe from other apps. That
means a lot of code and complexity in the system. There are also lots of
permission checks on the operating system. These checks have roots in
an era when time sharing was necessary on larger systems. There were
lots of apps and users, all working on the same hardware, all interacting
and working together.
drivers on the system, but there may also be hard drives and even tape.
The Linux kernel has a large attack surface, making it easier to get into the
system. Security patching is done, by an operations team, which creates
incompatibility issues with the developer teams who are writing the code.

outages.

How Did We Get Here?


There is a long progression of technology that has its roots in mainframes,
the client/server era and now distributed systems. The integration of
compatibility. For example, the hypervisor has to work with the hardware
and operating system. The container has to run on the virtualized
infrastructure or on bare metal. It requires a lot of code and complex
balancers and a host of other technologies have all contributed to this rich
THE DOCKER & CONTAINER ECOSYSTEM

59

THE CONTINUUM: FROM CONTAINERS TO SERVERLESS ARCHITECTURES...

and varied ecosystem. For example, microservices platforms require


multiple services to work together. Schedulers, service discovery engines,
data store environments and all the associated APIs have to be
compatible in order for the microservices environment to work.

in an interview that selling VMwares virtualization technology in its heyday


became a matter of helping a customer not buy another server. In those
days, it was an easy sale, as customers needed ways to reduce, not
increase, the number of machines running in their data centers.
simpler. Compatibility is hard to do, but it is now easier to do because of
rich tool ecosystems, which increasingly have their roots in open source.
Microservices are easier to build. Containers are easier to deploy. Now the
market is ready for the next phase, and thats built on the premise of

Needs
Bajor points out that performance is a key-value driver for containers, but
they do have an associated complexity. For even higher performance
gains, there is a growing interest in technologies such as unikernels which,
proponents say, simplify the technology stack.
Unikernels are uniquely specialized virtual machines, similar to an
application stack they have application binaries and virtual hardware
underneath, Bajor pointed out. In the middle is a library operating system
THE DOCKER & CONTAINER ECOSYSTEM

60

THE CONTINUUM: FROM CONTAINERS TO SERVERLESS ARCHITECTURES...

that has its own network stack. Unikernels are self-contained and have far
fewer layers compared to a container stack.
The unikernel has minimal code, but still operates on the same hardware.
There are no permissions, nor is there isolation, Bajor said. Unikernels
implement the bare minimum of traditional operating system functions.
They do just enough to enable the application it powers.
By removing the traditional operating system layer, unikernels remove the
unneeded bulk of standard operating system environments, along with
their associated attack service. Unikernels are extremely light, allowing
higher density on commodity hardware. They can run their own services
that are born when the need appears, and die as soon as the need
disappears. Some of these transient microservices may have lifespans
measured in seconds, or even fractions of a second. They are just-in-time
computing services, which exist only when there is work to do, allowing
you to maximize the use of your computing infrastructure.
Unikernels have a corollary to the new serverless architectures gaining
popularity. We see this with services such as AWS Lambda, which Amazon
is investing in deeply as is evident in The New Stacks coverage from the
2015 AWS re:Invent conference.
Lambda was devised to run user-generated functions in the cloud,
without the need for the user to worry about any of the supporting stack
running said functions. Its not so much a Platform-as-a-Service as a
Function-as-a-Service. Lambda is a stateless computer service, meaning it
works on the data and delivers the output to another service.
The code has to be triggered by an external event, such as an incoming
THE DOCKER & CONTAINER ECOSYSTEM

61

THE CONTINUUM: FROM CONTAINERS TO SERVERLESS ARCHITECTURES...

call from a mobile app, web service, or by another AWS service. A change
in an Amazon S3 bucket or DynamoDB table can also trigger a function
call.
Lambda is novel in that it strips away all need to worry about any
supporting infrastructure. No more maintaining EC2 instances just to run a
single function. Infrastructure issues, such as scaling or maintenance, are
whisked away in abstraction. Typical Lambda jobs include image

Amazon touts Lambda as a way to coordinate operations of so-called


Internet of Things systems. It can do both data ingestion and commandand-control by sending those requests and commands down to the end
device.
A Lambda job, for instance, could be used for inbound rule processing.
Spam detection could be a Lambda function, one that gets evoked for

Summary
In summary, what does this say about the continuum that we see as the
world develops new technology stacks? There is a new set of application
patterns and deployments. We have achieved a degree of compatibility,
Containers and unikernels are similar technologies, with unikernels
described as a Docker container on a diet. By bringing unikernels to
Docker, it could allow for greater familiarity with the technology.

THE DOCKER & CONTAINER ECOSYSTEM

62

THE CONTINUUM: FROM CONTAINERS TO SERVERLESS ARCHITECTURES...

If one is building mission-critical systems, unikernels give developers


explicit control over core security areas of their application. Developers
can choose the output result while working with unikernels. In
comparison, Docker containers have everything they need to run enabled
more initial setup and choices for a project team. According to unikernel
proponents, once these choices have been made, the result is resilient
new stacks that are secure, while also being customizable to the needs of
the project.
What does that mean for containers? In an interview, Docker CTO Solomon

Our focus is about continuing to


enable a platform that is looking at
the whole lifecycle of an application
... our job is to simplify and accelerate
that journey of the application
lifecycle for organizations.
But in the meantime, the real win will come to the organizations that can
will require a new thinking about how to transition from monoliths to
microservices and all that goes with it, as we move along the continuum
to an ever more programmable world.

THE DOCKER & CONTAINER ECOSYSTEM

63

SURVEY: HOW THE I.T.


LANDSCAPE WILL SHIFT
TO ACCOMMODATE
CONTAINERS
by LAWRENCE HECHT

rom a standing start, an ecosystem has quickly grown to support

continuing VC investment, new company formation and a slew of


new products and technology initiatives. To better understand the
dynamics of this ecosystem, The New Stack initiated a survey of
companies that provide or plan to provide services associated with
containers. We found that vendors are adjusting their portfolio of services
to meet the demands of both application developers and IT operations.
Executives at these companies tell us their products have an impact on
The survey also gave us the opportunity to learn how these vendors,
leading adopters of container technologies themselves, have adapted
their own technology stack.
The container ecosystem consists of a wide variety of companies that
support the use of containers with their own products. Some of these
THE DOCKER & CONTAINER ECOSYSTEM

64

Participating Companies

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

Source: The New Stack Container Survey, completed May 2015

thenewstack.io

FIG 1:

relevant in a containerized future.


In April and May of 2015, The New Stack invited 106 vendors associated
with Docker and containers to participate in an ecosystem survey. About
45 percent of these companies responded. The companies surveyed
represent a broad cross-section, as can be seen by comparing the 48
responding companies listed above with a broader view provided by our
Container Ecosystem Directory.

THE DOCKER & CONTAINER ECOSYSTEM

65

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

Key Takeaways
Management and orchestration are top priorities for Docker and
container ecosystem companies.
Companies plan to invest in developer tools, networking and security
functionality.

AWS and Heroku.

deploy containerized applications.

increased market demand.

Labs face disruption.


Ecosystem vendors are targeting enterprise/ISV practitioners of
DevOps.

categories of products reported by surveyed companies indicate that


early players are taking broad, platform-oriented approaches to the
market, tackling areas such as application development and deployment
platforms, schedulers and orchestration (Figure 2). The categories that
these products are being marketed under varies. Companies in this space
market tools targeting similar pain points as compared to PaaS platforms,
THE DOCKER & CONTAINER ECOSYSTEM

66

Vendors Focused on Deployment Platforms,


SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...
Orchestration, Developer Tools
66%
64%
55%
47%

Containers / OS
36%
Security

34%

Hosting / Service Providers

34%
30%

Networking
26%

Database / Big Data


Other

23%

Image Registry

23%
0

10%

20%

30%

40%

50%

60%

70%

Q: In what categories of the container ecosystem do you CURRENTLY have products or services? n=47.
Source: The New Stack Container Survey, completed May 2015

thenewstack.io

FIG 2:

cluster management systems, data center operating systems, CI/CD tools


and hosting environments.
Many companies in the container ecosystem sell products and services
to manage infrastructure and vice versa (Figure 3).
The perception that application development and orchestration are
interconnected is a strong theme. Half of the companies surveyed
companies that are currently in one of the two main categories, over 80
percent expect to have products in both spaces within two years.
THE DOCKER & CONTAINER ECOSYSTEM

67

Current Capabilities: Industry Veterans vs. Startups

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...


Application Development / Deployment Platforms
Developer Tools
Containers / OS

50%
16%
46%

Security

11%

security, networking,
capabilities.

43%

Networking

11%

Hosting / Service Providers


Database / Big Data
Image Registry
0

10%

20%

30%

40%

Industry Veterans (founded before 2013)

50%

60%

70%

Starups (founded 2013 - 2015)

Q: In what categories of the container ecosystem do you CURRENTLY have products or services? Veterans = 28. Startups = 19.
Source: The New Stack Container Survey, completed May 2015

thenewstack.io

FIG 3:

A companys current product portfolio is the result of its journey over the
last few years. Many of the younger companies in the survey seem to be
building solutions based on broad visions of how customers should be
using container technologies.
We expect that as the market matures and clear leaders in the platform

vendors have started to add Docker support to their existing products. It


THE DOCKER & CONTAINER ECOSYSTEM

68

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

is also likely that many of the larger companies were describing a security
or networking tool they sell that may or may not actually be purpose-built
to deal with containers. We also asked the surveyed companies where

points (Figure 4).


functionality with support for Docker and containers all rank high on
vendor roadmaps. Nearly one-third of companies are planning to invest in
developer-focused tools, either via internal development or acquisition.
FIG 4:

Ecosystem Firms to Invest in Tools, Networking, Security


28%
23%
23%

Security

23%
13%

Image Registry
Scheduler / Orchestration / Management / Monitoring

11%

Application Development / Deployment Platforms

11%
6%

Database / Big Data


4%

Hosting / Service Providers


2%

Containers / OS
0

5%

10%

15%

20%

25%

28%

THE DOCKER & CONTAINER ECOSYSTEM


% of vendors with plans to develop new functionality/products internally or via69
M&A
Q: In 2 years, how do you plan to primarily address the functionality and needs within each category of the container ecosystem? n=47.
Source: The New Stack Container Survey, completed May 2015

thenewstack.io

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

Every company that is planning to develop either new developer tools or


application development/deployment platforms. As these platforms

is also recognition that they cannot do everything themselves (Figure 5).


We found companies most likely to seek a partner for hosting services.

to any cloud or on-premise infrastructure.


FIG 5:

Ecosystem to Partner to Deliver Hosting, Data Capabilities


45%
38%
30%
9 of the 12 companies

26%
26%

functionality were
founded in 2013 or later.

21%
17%
15%
Developer Tools

9%

Application Development / Deployment Platforms

9%
0

10%

20%

30%

% of vendors with plans to provide functionality via partnerships


THE DOCKER & CONTAINER ECOSYSTEM
Q: In 2 years, how do you plan to primarily address the functionality and needs within each category of the container ecosystem? n=47.
Source: The New Stack Container Survey, completed May 2015

40%

50%

70
thenewstack.io

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

(GCE) to provide a more complete solution for customers, while remaining


Similarly, while companies recognize the importance of databases and big
data capabilities, most choose to leave those capabilities to specialists.
For networking functionality, almost half of the younger companies in the

Most vendors see themselves as automating traditional application


When we asked about what types of end users they are targeting, about
three-quarters said either IT Operations & Admin or Application
Development. However, an unusually large number of participants opted
to write-in answers that mentioned DevOps or a combination of IT
operations and application development. One respondent wrote: We
consider DevOps ops people who code or developers who have to think
about running an application as our target customer. The New Stack

approximately equal numbers (Figure 6). This indicates an attempt at


THE DOCKER & CONTAINER ECOSYSTEM

71

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

balancing the pursuit of early-adopter technology companies with a desire


to tap into the large budgets of traditional big enterprise.
As use of containers expands, vendors are learning the types of
functionality this target market wants. As a whole, executives believe that
new orchestration and deployment features.
Some participant quotes about technical issues driving user demand:

FIG 6:

Companies Targeting Large Enterprises and ISV/SaaS Vendors


24%
22%
11%

Other

11%
11%

Data Center and Service Providers


9%

Small Businesses

9%
2%

Don't Know
0

5%

THE DOCKER & CONTAINER ECOSYSTEM


Q: What type of enterprise are you primarily targeting? n=46.
Source: The New Stack Container Survey, completed May 2015

10%

15%

20%

25%
72
thenewstack.io

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

IT Ecosystem Impact
Without a doubt, the rise of Docker and container technologies is making
waves in IT. The New Stack asked a series of questions about how vendors
answers point to those vendors and technologies most impacted by the
industrys adoption of container technologies.
Only 15 percent of companies say their products are being used for

THE DOCKER & CONTAINER ECOSYSTEM

73

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

PaaS is the category that surveyed companies expect to be most


impacted by the introduction of their new container-related products
(Figure 7), with almost three-quarters of survey respondents indicating
this choice.
This might seem like a high number in light of various studies indicating
cloud services. The New Stack believes, however, that a primary cause of

the tightly integrated stacks that it traditionally referred to.


FIG 7:

73%
68%
66%
54%
39%
37%
34%
0%

10%

20%

30%

THE DOCKER & CONTAINER ECOSYSTEM


Q: What are you automating, replacing or supplementing in your customers' technology stack? n=41.
Source: The New Stack Container Survey, completed May 2015

40%

50%

60%

70%

80%
74
thenewstack.io

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

In this context, containers are not eliminating the need for PaaS, but are
rather the catalyst for a new generation of IT professionals reevaluation of
how applications are developed and delivered. The companies targeting
application development teams sure believe so all but one said their

It is not surprising that AWS was the leading IaaS cited. The situation that

FIG 8:

OpenStack

HP

Docker

Clustered Apps Inside Containers

2x

Ansible

4x

BMC BladeLogic

6x

Scripted Deployments

8x

Puppet

Chef

10 x

0
THE DOCKER & CONTAINER ECOSYSTEM

75

Q: For the areas selected above, what 1 or 2 technologies or vendors are most often being automated, replaced or supplemented in your customers technology? n=17.
Source: The New Stack Container Survey, completed May 2015
thenewstack.io

Ecosystem Names IBM, AWS as Top Competition

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

AWS

5x

Vendors Cited Once

IBM

6x

Red Hat

Puppet Labs

Google

Docker

VMware

Tutum

Cloud Foundry

1x

Pivotal

2x

Chef

3x

Ansible

Salesforce.com (Heroku)

4x

Apigee
Brocade (Vyatta)
CA Technologies (Layer 7)
CircleCI
CloudBees
Cohesive Networks
Datapipe
DigitalOcean
ElasticBox
Electric Cloud
Joyent
Mesosphere
MongoDB
Oracle
Prime Directive, Inc. (Flynn)
Soha Systems
StackEngine
Travis CI

Q: What orchestration / management / monitoring tools do you use? If you are a provider of these tools, its OK to indicate that you use your own tools. n=42.
Source: The New Stack Container Survey, completed May 2015

thenewstack.io

FIG 9:

These results indicate two things: these companies are synonymous with
the space itself and they are being threatened with disruption caused by
container technology.

challenges to Puppet Labs and Chef.


The New Stack found that the surveyed companies are generally aligned
with Docker, with 42 out of 43 respondents either currently partnering with
Docker (60 percent) or planning to partner with the company in the future
(37 percent).

THE DOCKER & CONTAINER ECOSYSTEM

76

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

Only one company didnt expect a Docker partnership in the future.


Although Docker has good relations with these companies, there is a split
about how important Dockers technology plans are to their own strategic
direction. While we believe Docker must execute very carefully to secure
its position in the container market, it faces limited threat from surveyed
vendors. Only two of the 31 companies willing to name their primary
competitors cited Docker (Figure 9). Instead, companies are more
concerned about PaaS providers, like IBM, with its Cloud Foundry-based
in part because of its EC2 Container Service (ECS).
It is notable that Tutum, a provider of specialized Docker container hosting
services, was mentioned by several startups as their main competitor.
These responses suggest that the providers surveyed fear being locked
out of participating in end-to-end hosted solutions more than they fear
competing with individual point products or projects.
VMware was also named as a competitor by several companies in the
it is more likely that container vendors are positioning themselves as an
alternative to existing infrastructure that relies on hypervisors.
In fact, among companies seeing an impact on their customers
hypervisor or container environment, 80 percent say VMware is the vendor
impacted most. As use of containers continues to progress, the threat to
VMware is that new workloads will not rely on hypervisors, and that VMs

THE DOCKER & CONTAINER ECOSYSTEM

77

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

to be successful. Along these lines, we can learn a lot from looking at what
the vendors we surveyed are using to support the development of their
own projects (Figure 10).
Being able to operate across multiple cloud platforms is one of the main
supporting the use of more than one infrastructure to deploy their
FIG 10:

Container-Based Solutions Deployed on Variety of Infrastructures


81%

Amazon Web Services (e.g., EC2)


73%

Linux
56%

Bare Metal
OpenStack (any vendor)

48%

Google (e.g., GCE)

48%
46%

Microsoft Azure

42%

VMware

38%

Other Open Source Platform

33%

Windows

31%

Other Virtualized Environment


Other

17%

0
20%
THE DOCKER & CONTAINER ECOSYSTEM
Q. What infrastructure is your solution deployed on? Check all that apply. n=48.
Source: The New Stack Container Survey, completed May 2015

40%

60%

80%

90%
78
thenewstack.io

Ecosystem Firms Use Variety of Orchestration/Management Tools

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

Tools Cited Once

Ansible

Puppet

Homegrown

3x

Docker

CoreOS

Chef

4x

SaltStack

New Relic

Mesos / Mesosphere

1x

Kubernetes

Cloud Foundry

2x

Apprenda
AWS
CloudBees
cloudControl
ClusterUP
ContainerShip
Giant Swarm
Graphite
Heroku
Icinga
Jelastic
Joyent
Juju
Kyup
MaestroNG

Nirmata
Odin
Packer
Pertino
Red Hat
StackEngine
Swarm
Terraform
Tutum
Wercker
Zabbix
Zenoss
ZooKeeper

Q: What orchestration / management / monitoring tools do you use? If you are a provider of these tools, its OK to indicate that you use your own tools. n=42.
Source: The New Stack Container Survey, completed May 2015

thenewstack.io

FIG 11:

services. While its also no surprise that AWS leads the lineup of supported
infrastructures, most companies are supporting it in combination with
other platforms. In fact, nearly a third of vendors products are used on
strategy to be platform independent.

Participating companies eat their own dog food that is, theyre following
their own advice about using container technologies. 92 percent of survey
respondents use containers in their internal operations and 96 percent
THE DOCKER & CONTAINER ECOSYSTEM

79

Go, Ruby Use Common in Ecosystem

Go

9x

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

Languages/Skills Cited Once


Ruby

8x

Application
Development

PHP

REST
API

2x

Linux

Docker

Node.js

4x

None

Python

Java

6x

Angular
Bash
Basic Linux
System Admin
Skills
C#
Chef
Command-line
Interface
DevOps
General Security
Practioner
IaaS Admin
JavaScript
JSON

Kubernetes
Linux
Lua
Middleware
Operations
Monitoring/
Alerting
Puppet DSL
Queuing
SQL
System
Administration
YAML

Q: What programming languages and/or skills are needed to use your product/service? n=36.
Source: The New Stack Container Survey, completed May 2015

thenewstack.io

FIG 12:

rely on at least one open source project. Yet its surprising that only half
of the companies say their technology relies on Docker.
Even if many companies say they do not rely on Docker, they are still
employees contributing to a project. In addition, almost 50 percent of
companies say they are using a NoSQL database internally.
In terms of how surveyed companies are managing their own containerbased environments, responses were all over the map, with no single
response garnering more than four percent of total responses, and some
30 tools mentioned just once (Figure 11). This suggests a very high degree
of fragmentation and an impending shakeout.
THE DOCKER & CONTAINER ECOSYSTEM

80

SURVEY: HOW THE I.T. LANDSCAPE WILL SHIFT TO ACCOMMODATE...

Perhaps surprising to those not following closely is the degree to which


the Go language is used by container companies (Figure 12). While it is no
surprise that the relatively mature Ruby and Java are being heavily used,
25 percent of companies said that Go is needed to use their product or
service. We expect Go is even more popular among these companies for
internal applications where developers dont need to worry about
whether a customer knows the language or not.

THE DOCKER & CONTAINER ECOSYSTEM

81

IBM WANTS YOU TO USE


A CLOUD PLATFORM
OPTIMIZED FOR THE
FULL APPLICATION
LIFECYCLE
by MARK BOYD

or decades, IBM has been a leading provider of middleware which


enterprises of all sizes have relied upon to run their business
systems. Today, IBM has become a leading cloud platform,
enabling the next generation of business transformation by providing a
rich platform of cloud services and tools.

When building applications, businesses want to spend the majority of


deliver. IBM Cloud, through initiatives like Bluemix, has created a cloud
platform infrastructure that lets these teams draw on cloud services, so
they can remain focused on delivering their business applications.
In part, IBM has done that by building a new catalog of cloud services,
including containers, logging, monitoring and delivery tools. IBM envisions
a hybrid cloud platform, which provides runtime functionalities alongside
a constellation of services that DevOps can leverage to allow a more
rapid composition, deployment and management of applications. APIs are
THE DOCKER & CONTAINER ECOSYSTEM

82

IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...

then used to integrate the various components and deliver the platform in
[IBM] is trying to look at that broader space: containers combined with
resource managers, orchestration, microservices and service discovery.
How do we really form a new platform on which applications can get built,
do all of these things start to come together in more interesting ways?
says Jason McGee, IBM Fellow, VP and CTO, Cloud Foundation Services at
IBM.
The piece parts are not as important as how the whole thing comes
together. The value is going to be how we build that integrated platform.
How do we have oversight over an application throughout its entire
lifecycle? How do we leverage that so it is easy to build and deploy
applications?
IBMs agenda to make all of this possible has a three-pronged approach.
First is the work of building the hybrid cloud platform that has the
capabilities to leverage containers and allow access to the cloud service
this sort of product. The platform is the easier part: they can build that
with their engineering team, drawing on the culmination of their
experience in virtualization, workload management technology and their
experience in building systems that control isolation and resource
management.
As a public cloud provider, we need to be able to run a lot of applications

THE DOCKER & CONTAINER ECOSYSTEM

83

IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...

users can share resources, and were doing that in ways that can exploit
underlying infrastructure, like running on bare metal.
The second prong of the approach is to rally the industry toward a
the second half of this strategy as requiring an active conversation within
the industry and amongst the developer communities, encouraging
debate and discussion to identify common solutions to hybrid cloud
integration challenges.
IBM is hoping they can use their market position, industry reputation,
background in helping move Linux to a container-based operating system
and support of open source tooling to foster developer communities
coming together to solve the next wave of application platform
challenges.
The work were doing with the Open Container Initiative, with the Cloud
Native Computing Foundation the work weve been doing in
partnership with Docker and Google and others is all about how to
drive us toward some common, open solutions for these problems, so
in how these problems are solved.
The third prong of the approach is providing a bridge to enable people to
connect their existing investments to this new platform. Building a bridge
means providing our existing middleware, such as application servers,
mobile and analytics, in a form that enables existing applications to
leverage the new cloud platforms, say McGee. For example,
pre-packaging middleware into containers that can be run in the cloud.
THE DOCKER & CONTAINER ECOSYSTEM

84

thenewstack.io

IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...

THE NEW STACK SUMMARY

The company perhaps most associated with enterprise systems is playing


a huge role in driving a variety of cloud and container innovations and
helping to shape the communities around them.

www.ibm.com/cloud

A member of the Cloud Native Computing


Foundation and Open Container Initiative.

KEY PROJECTS

IBM is a contributor to many of the container ecosystem's most important


open source projects, including Docker, Cloud Foundry, Linux, Kubernetes.

KEY PARTNERS

Docker, Pivotal, Google

KEY ACQUISITIONS

N/A

thenewstack.io

McGee points out that enabling middleware via containers means


reimagining how middleware is built and delivered. Instead of giving
people installers, you can give people pre-built Docker images, so as a

be delivered as components in a larger application architecture:

McGee says that the architectural style of microservices is wellimplemented with a lightweight, rapid mechanism like containers. By
packaging middleware in containers, it leads DevOps to rethink what that
middleware needs to be and how it could be further decomposed and
decoupled.

containerize the various components. When you have something with a


THE DOCKER & CONTAINER ECOSYSTEM

85

IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...

more monolithic structure to it, you dont necessarily understand all the
dependencies within it, explains McGee, who says many of these
dependencies are only revealed once the work of decomposing a
monolith begins.
with all of the services the cloud platform provides.
If you view containers as an element in a broader cloud platform, some of
the services the platform is providing are horizontal concerns, like logging
and authentication. In a monolithic architecture, you may have solved all
services in the cloud, and just keep the application. So how do you extract
out all of those horizontal functions?
This integration with the cloud platform services enables these existing
applications to take advantage of the power and unique capabilities only
provided within the cloud.
Listen to The New Stack Makers podcast
with Jason McGee on:
Soundcloud or YouTube

THE DOCKER & CONTAINER ECOSYSTEM

86

DOCKER FUELS
RETHINKING OF THE
OPERATING SYSTEM
by SUSAN HALL

SAM CHARRINGTON

ince the launch of Docker, theres been an explosion of new


container-centric operating systems, including CoreOS, Ubuntu
Snappy, RancherOS, Red Hats Atomic Host, VMwares recently
announced Photon
Nano Server.

and most other major operating systems now have some sort of
comparable technology. But what sets these new container-centric
operating systems apart is that they are much lighter weight than a
traditional Linux distribution.
These traditional Linux distros have just gobs and gobs of packages, said
Kit Colbert, VMwares VP and CTO of Cloud-Native Apps. Theyve got 4, 6
app, youve got to have a JRE inside the container for that app to run. It
doesnt need anything outside the container to run. So why do you have 4

THE DOCKER & CONTAINER ECOSYSTEM

87

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

At the same time, the containers have to run somewhere, and that host
runs on an operating system as well. Hence the rise of these new
container-centric micro OSes.
The idea of a minimalist operating system isnt new. Stripped-down
operating systems have long been embedded in electronic systems,

systems were typically designed to run only a single node.

Todays micro OSes are designed


for a world in which, thanks to
containers, the entire data center
is treated as one giant operating
system that spans hundreds or even
thousands of nodes.
This is leading to new thinking about operating systems. In this chapter we
take a look at the major players and their vision for the future of the
operating system.

CoreOS
Rivals give props to CoreOS for pioneering the micro OS even before
Docker came on the scene. The company recently added $12 million to its

THE DOCKER & CONTAINER ECOSYSTEM

88

For Micro Operating Systems, Size Matters

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

700
600

Micro OSes are designed to be small, but some are more successful than others at achieving this goal.

636 MB
Traditional OS

576 MB

500
400

410 MB

Micro OS

395 MB

300

317 MB

200

215 MB
150 MB

100

20MB

CentOS 7

Ubuntu
14.10 Server

Microsoft
Nano Server

Red Hat
Atomic Host

VMware
Photon

Ubuntu
Snappy

CoreOS

RancherOS

Source: The New Stack

thenewstack.io

FIG 1:

called Tectonic, combining its CoreOS portfolio and Kubernetes


Googles open source project for managing containerized applications.
The container OS is about building the ideal environment for running your
application when its OK to change things, said CoreOS CEO Alex Polvi. In
the traditional Linux server environment, its hard to change things
because applications are just so fragile.
With CoreOS, the operating system is treated more like a web browser,
such as Chrome, that is automatically updated as new components are
released. Cryptographic signatures help ensure the validity of updates and
the integrity of the system as a whole.

THE DOCKER & CONTAINER ECOSYSTEM

89

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

supports numerous deployment options, and many more communitysupported options are available.

CoreOS for production-ready environments and it feels like all these other

RancherOS
RancherOS, consisting of just the kernel and Docker itself, is one of the
smallest micro OSes, weighing in at around 22 MB, co-founder and CEO
Sheng Liang said, compared to about 300 MB for VMwares Photon.
While RancherOS also grew out of frustrations similar to those
developing its operating system, said Liang. To develop its Dockeroptimized micro OS, the company sought to build the minimal technology
required to run the Docker daemon on a Linux kernel. To achieve this, it
into most Linux distros, and rather use Docker itself to boot the system.

them, but winds up only killing the client while the container keeps
camps behind the two technologies for a long time, but is no longer sure
theres any way to solve the problem.
THE DOCKER & CONTAINER ECOSYSTEM

90

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

The way the industrys going right now, both the systemd and Docker
communities are on a bit of a collision course, Liang said. Both see
themselves as the ever-expanding center of the universe, and its hard [for
either] to listen to another master.

Ubuntu Snappy
Canonical boasts that Ubuntu is the most popular Linux distro for
containers, with over seven times more Docker containers running on
Ubuntu than any other OS.
Snappy is a very tiny, thin operating system, said Dustin Kirkland,
Ubuntu Cloud Solutions product manager and strategist at Canonical.
Snappy Ubuntu Core is the result of applying lessons that Canonical
mobile devices. To support carriers and users needs for reliable system
and application updates, the company developed the Snappy technology,
which uses transactional, image-based delta updates for the system and
ensure that upgrades can always be rolled back.
To enhance the security of mobile devices, Canonical created a
containment mechanism that isolates each application running on the
isolation beyond that available using Docker alone, but few details are
available.
In addition to Snappy, Canonical has unveiled a second element of its
vision for a containerized world in
based on

THE DOCKER & CONTAINER ECOSYSTEM

91

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

intends to replace Docker with the technology.


technologies. He adds that Canonical continues to recommend Docker for
packaging and running applications. But outsiders arent necessarily
convinced.
Canonicals real motivation is control of the entire stack, said Janakiram
MSV, principal analyst at Janakiram & Associates. Snappy will be their
Then they have more VM-like containers. They also have Juju Charms with
its own orchestration and provisioning story for the lifecycle of containers.

VMware Photon
The meteoric rise of Docker, itself essentially a virtualization technology,
has caused many to anticipate the VMware response, even, if not
announced a partnership back in
announcement of its lightweight OS Photon.
The changing relationship between applications and infrastructure is of
key importance to VMware, said Colbert. When you look at that split,

infrastructure portion of the Linux OS. Thats why we want to build that

THE DOCKER & CONTAINER ECOSYSTEM

92

Comparing Container Operating Systems

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

Project

CoreOS

RancherOS

Ubuntu Snappy

VMware Photon

Red Hat Atomic


Host

Microsoft Nano
Server

The New Stack


Summary

Automatic updates
ensure always
up-to-date, like
Chrome browser.
Cryptographically
signed components
enhance security.
Broad platform
and community
support.

Minimal system
required to get
Docker daemon
running on a
Linux kernel. Tight
alignment with
Docker and Docker
ecosystem tools.

Grew out of

Tighly integrated
with and optimized
for the vSphere
ecosystem.
Somewhat larger
than the smallest
micro OSes, but
broadest support
for container

Uses Red Hats


RPM package
manager and built
from upstream
RPM binaries.
Available in RHEL,
Fedora and CentOS

A Microsoft
ecosystem play.
Still very early
little information
available beyond
a handful of
Microsoft blog
posts.

Platform
Support

Amazon EC2,
Azure,
DigitalOcean,
Google Compute
Engine (GCE),
OpenStack,
Rackspace Cloud,
Vagrant,
bare metal,
plus a variety
of communitysupported
platforms

Amazon EC2,
Docker Machine,
GCE
(Experimental),
KVM,
Vagrant,
VirtualBox,
VMware,
bare metal

Amazon EC2,
Azure,
GCE,
OVA,
Vagrant

Atlas,
Vagrant,
vSphere,
vCloud Air

Amazon EC2,
KVM,
Vagrant

Hyper-V

Container
Support

Docker,
rkt

Docker

Generic

Docker,
rkt,
Pivotal Garden

Docker

Windows Server
Containers,
Hyper-V Containers

Cluster
Management/
Service
Discovery

Fleet,
etcd

Rancher

Juju

vSphere

Kubernetes

Chef

Source

github.com/coreos

github.com/
rancherio/os

launchpad.net/
snappy

github.com/
vmware/photon

github.com/
projectatomic

License

Apache 2.0

Apache 2.0

GPL v3

VMware Tech
Preview

GPL v2

Size

150 MB

20 MB

215 MB

317 MB

395 MB

to adapt Ubuntu
for mobile,
resulting in update
and security
features similar to
those of CoreOS.
ARM support
unique among
micro OSes.

yum-compatible
package manager.

isolation.

410 MB

Source: The New Stack

FIG 2:

THE DOCKER & CONTAINER ECOSYSTEM

93

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

CoreOS will support Photon. Photon is really targeted to the VMware


product line, according to CoreOSs Polvi. To run a container in a server
environment, you need Linux, which means VMware now needs to
manage above the hypervisor, actually into a Linux OS, he said. This
does not mean that VMware does not allow you to run CoreOS or Red Hat
or any other operating system. It means they need a specialized one to
add containers to VMwares product. They needed an extension of their
hypervisor into an operating system.
Janakiram sees VMware as being forced to bring out its own OS out of fear
business.

VMware also knows theres more


money to be made in the
management layer of containers.
They want to repeat the magic of the
v-family of products with containers.
Red Hat Atomic Host
Red Hat launched RHEL 7 Atomic Host in March. It has fewer than 200
binaries, compared to the 6,500 in the full RHEL 7 release.
Mark Coggin, senior director of product marketing for Red Hat Enterprise
Linux, called it a happy medium in the world of lean OSes: lighter than a
traditional OS, but not as small as some of its competitors. He cautions
against more extreme approaches, such as that of RancherOS, saying
THE DOCKER & CONTAINER ECOSYSTEM

94

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

that it could lead to more complexity, because it requires running


additional system containers in addition to the application container.
Weve said, We think these are the core system services that need to be
in the host platform that will address 80 to 90 percent of use cases for
container applications, he said. If a customer needs something beyond
that like system activity data collection, sys logging, identity we have
containerized versions of those as well, but we put much of what we think
is necessary in the host platform.
He said Atomic Host brings to the table a base derived from an enterprisegrade operating system tested by Red Hats engineering team. According
to Red Hat, this is important because there are cross-dependencies that
might not be readily apparent, say between the version of the Dynamic
(SSH) that you need inside your container, and the kernel.
Weve already gone through the work of ensuring that the version of SSH
or DHCP that youre using is going to work with the version inside RHEL
Atomic Host, Coggin said.
certify that the containers they build are based on images that are known,
tested and safe.

targets two use cases, according


cloud infrastructure, such as clustered hypervisors and clustered storage.
The second focuses on supporting cloud-native applications. In this latter
THE DOCKER & CONTAINER ECOSYSTEM

95

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

role, Nano Server will be suited to a new class of apps that get developed
and deployed on Azure within a new Azure-based development
environment outside of the conventional client-based Visual Studio.
Its these new apps which will serve as Windows developers entryway to
the world of containers.
Developers writing for Nano Server will be guaranteed compatibility with
pre-existing Windows Server installations, because Nano Server is
adjustment period, however, until developers become accustomed to the
concept of microservices. Windows developers are used to having large
libraries of pre-existing functionality available to their code in a global
scope. Apps written to Nano Server run on a physical host, a virtual host
or in a container. Two types of containers work on both Windows Server
and Nano Server: the same Docker containers developed for Linux, and a
Hyper-V Containers.
These provide additional isolation,
distinguished engineer and lead architect, in The New Stack. Theyre
really used for things like multi-tenant services, or multi-tenant platformas-a-service, where youre going to be running code that might be
malicious that you dont trust.
The concept draws inspiration from Drawbridge, a containerization
isolation and sandboxing untrusted apps that could crash the system.

THE DOCKER & CONTAINER ECOSYSTEM

96

DOCKER FUELS RETHINKING OF THE OPERATING SYSTEM

Its not surprising to see so many vendors jockeying for position. Two
camps are forming, Janakiram said: Red Hat, Docker and their allies on
Red Hat goes closer to Docker, VMware will go farther.
Google, he said, is on the fence. Google is smiling because they know
how to do containers very well, he said.
Kubernetes will work with rkt and theyre working to make it work with
they want to run containers on the Google cloud. But they dont mind
giving away some of their innovation on orchestration.
it as it works to overcome incompatibilities between Windows and Linux.
In 24 months the dust will settle, and well get to see whos the winner,
Janakiram said. Whos still relevant in the market.

THE DOCKER & CONTAINER ECOSYSTEM

97

ADOPTING CONTAINERS
IN ENTERPRISE
by VIVEK JUNEJA

tive adoption process in large enterprises. The process typically


begins with elaborate presentations and discussions, followed by
various proofs-of-concept. When adoption does occur, it typically occurs
development and test workloads. By the time the technology reaches
Containers, and the notion of containerizing enterprise workloads, are
going through this process right now, in a great many enterprises, fueled
plague developer productivity and application delivery in the enterprise.

Enterprise Motivations
By providing abstraction around the workload, and making it portable,
containers become the foundation for supporting a variety of more
THE DOCKER & CONTAINER ECOSYSTEM

98

ADOPTING CONTAINERS IN ENTERPRISE

Docker and containers a means of addressing:


1.

enterprises are exploring containers as a way to standardize the


2.

Legacy applications and systems are


commonplace in the enterprise. These systems create constant

FIG 1:

Motivations to Consider Docker

Q: For VMware users considering Docker, whats motivating you? (check all that apply)
Hybrid Cloud
(cloud interoperability, private/public)

45%
44%

VMware Cost

42%

Pressure From Test


36%

VMware Independence
23%
23%

Pressure From Development


12%
0
10%
THE DOCKER & CONTAINER ECOSYSTEM
h t t p : // s t a c k e n g i n e . c o m /d o c k e r- v m w a r e - s u r v e y /

20%

30%

40%

99

50%

thenewstack.io

ADOPTING CONTAINERS IN ENTERPRISE

operational and maintenance issues. Project teams struggle to


allocate resources to operate on-demand test infrastructure, and as a
result frequently forgo testing in favor of releasing new functionality on
time. Teams working on legacy applications are attracted to
3. Collaboration: Development teams working on large projects have to
Teams working on continuously maintained and developed legacy
applications, for example, appreciate the ability of containers to help
A development approach based on container images also helps
encourage closer interaction between the development and
operations teams, thereby encouraging DevOps.
4. Dev/prod parity: Production, development and test environments
runs-on-my-machine issues. Containers help ensure a consistent
runtime environment across various infrastructures, a feature
5. VM sprawl:

Because the overhead associated with containers is so much lower


than that of VMs, many enterprises are excited about containers as a
way to mitigate sprawl.
THE DOCKER & CONTAINER ECOSYSTEM

100

ADOPTING CONTAINERS IN ENTERPRISE

6. Cloud-native applications: Microservices and other cloud-native


is traditionally assumed. In containers, enterprise development teams
see an opportunity to more easily build cloud-native applications and
take advantage of emerging trends.

When virtual machines started getting popular inside the enterprise, a


major selling point to the IT department was the opportunity to
consolidate underutilized infrastructure to reduce its operational footprint
and cost. Adoption of containers and the ecosystem surrounding them,
however, is being driven by agility, not cost reduction.
There are a handful of strategies that enterprises commonly take when
evaluating and adopting container technologies:
1.

When development teams have to


struggle to get test environments provisioned and operational, they
lose a lot of time, and frustration mounts. Solving infrastructure
for making the leap to containers.
For projects that dont require dedicated instances, reusing IT
infrastructure for test environments deployed as linked containers is a
great way to get started, and can provide important operational
knowledge of the technology.

2. Update build and deploy processes: Build and deployment


advantage of modern infrastructure. To deploy to public and private
THE DOCKER & CONTAINER ECOSYSTEM

101

PaaS Most Likely to be Automated by Container-Related Vendors

ADOPTING CONTAINERS IN ENTERPRISE

Q: What are you automating, replacing or supplementing in your customers' technology stack?

32%

Platform as a Service
29%

Infrastructure as a Service

29%

Management Tool
17%

Hypervisors & Containers


12%

Cloud Operating System


10%
10%

Storage
0%

5%

10%

15%

20%

25%

30%

35%

Parts of Technology Stack Being Automated by Company's Product/Service


Source: The New Stack Container Survey, completed May 2015

thenewstack.io

FIG 2:

clouds, some enterprises deploy the end application as a set of


machine images, reducing the time required to set up newly
provisioned on-demand infrastructure. The same practice can be
extended to container images.
In a container-based deployment model, the build step can generate
the new container image using a pre-existing base image for the
environment. The deployment step can take this image and run it on
any infrastructure supporting the chosen container technology.
3.
projects is another common way to drive adoption. This means that all
THE DOCKER & CONTAINER ECOSYSTEM

102

ADOPTING CONTAINERS IN ENTERPRISE

element of their application topology and spurs the development of


container-native applications. In addition, ramping up new
development teams with pre-containerized project environments is far
easier than with traditional approaches. This helps get teams started
quickly, without the complexity of transitioning existing project
processes.
4.

Its important for operations teams to


formalize and release standard container images that all projects can
use. These customized base images can be hosted on a private
registry used by development teams when building projects. Changes
to the standardized base images could mean new releases on the
registry, which can then be transparently used in the development
process. Enterprises are accustomed to hosting private repositories for
adoption step for them.

Key Issues Faced


Enterprises face two key challenges when incorporating containers into
their overall IT strategy: security and a lack of mature tools.
While web-scale companies like Google and Twitter have been using
containers in production for years, its still early days for both open source
and proprietary products. The issue of tool maturity is largely one of time
and experience. With more adoption and demand, the tools will inevitably
stabilize and improve.
THE DOCKER & CONTAINER ECOSYSTEM

103

ADOPTING CONTAINERS IN ENTERPRISE

Enterprise IT organizations are


looking to containers to help them
achieve more modern application
architectures and development
processes, in the process allowing
them to innovate more quickly.
Security, on the other hand, has been a dominant focus among early
an even greater worry for companies using containers with production
workloads in multi-tenant environments. The issue at hand is one of
container isolation. To date, containers dont exhibit the strong and tested
ability to isolate disparate workloads that has become assumed of the
various virtual machine hypervisors.
Last year, Canonical introduced
, which implements ideas around
stronger container security and makes them available via Ubuntu and
OpenStack integration. New Projects like Hyper are also emerging as
interesting alternatives to containers alone. And VMware has been
promoting traditional virtualization as a complement to containers for this
very reason.

Containers in Practice
As organizations continue to drive agility and innovation, they naturally
bottlenecks. At the same time, they are turning to modern application
THE DOCKER & CONTAINER ECOSYSTEM

104

ADOPTING CONTAINERS IN ENTERPRISE

architecture styles like microservices, and development processes like


continuous delivery, which together allow developers to iterate much
more quickly.
Last year, the chief archhitect of ING spoke at Dockercon Europe about
how they are using Docker to enable continuous delivery. BBC News also
highlighted how it architected its continuous integration solution around
Docker, and shared the caveats and compromises that they had to deal
with in doing so. The presentations by these two large companies is a sign
of how quickly the enterprise is getting serious about container
technologies.
By taking one or more of the approaches outlined in this article,
path of enlightenment, knowing that theyre following a trail that has been
trod many times before.

THE DOCKER & CONTAINER ECOSYSTEM

105

CHAPTER #: CHAPTER TITLE GOES HERE, IF TOO LONG THEN...

CONTAINER ECOSYSTEM
DIRECTORY

THE DOCKER & CONTAINER ECOSYSTEM

106

DEVELOPER TOOLS,
APPLICATION DEVELOPMENT/
DEPLOYMENT AND IMAGE
CREATION
Product/Project (Company or Supporting Org.)

Also categorized under:

Artifactory (JFrog)
JFrog provides software developers with a binary repository management solution that integrates into CI/CD
pipelines.
Atlas (Hashicorp)
Atlas unites Hashicorp development and infrastructure management tools to create a version control system
for infrastructure.
Bitnami (Bitnami)
Bitnami is a library of server applications and development environments that can be installed with one
click. Bitnami is beta testing functionality that will allow users to create container images.
Open Source

Brooklyn (Apache Foundation)

Orchestration and Management

Apache Brooklyn is a library and control plane for deploying and managing distributed applications.
Open Source

Centurion (New Relic)


of hosts.

Open Source

Chronos (Apache Foundation)

Orchestration and Management

Chronos is a distributed and fault-tolerant scheduler that runs on top of Mesos that can be used for job
orchestration. Chronos is natively able to schedule jobs that run inside Docker containers.
Open Source

Cloud Foundry Lattice (Cloud Foundry Foundation)


Lattice is an open source project for running containerized workloads on a cluster. Lattice bundles up HTTP
load balancing, a cluster scheduler, log aggregation and streaming and health management into an easy-todeploy and easy-to-use package.
CloudBees Jenkins Platform (CloudBees)
CloudBees Jenkins Platform is a PaaS that supports continuous integration and delivery of mobile and web
applications. It is an enterprise version of Jenkins that has multiple plugins to support Docker.

THE DOCKER & CONTAINER ECOSYSTEM

107

CONTD: DEVELOPER TOOLS, APPLICATION DEVELOPMENT/DEPLOYMENT...

Product/Project (Company or Supporting Org.)


Open Source

Also categorized under:

Cloudbreak (Hortonworks)
Cloudbreak helps users launch on-demand Hadoop clusters in the cloud or to any environment that
supports Docker containers.

Open Source

CloudSlang (Hewlett-Packard)

Open Source

Codefresh (Codefresh)
Codefresh combines Docker tools with a web IDE based on Eclipses Orion. The result is what they call a

Open Source

Codenvy (Codenvy)

Codeship (Codeship)
Codeship provides a hosted continuous delivery platform for web applications. It can be used to test Docker
ContainerShip (ContainerShip)

Runtimes, Platforms and Hosts

ContainerShip is a self-hosted container management platform, capable of running on any cloud, used to
manage containers from development to production.
DCHQ (DCHQ)

Orchestration and Management

The solution provides self-service access to Docker-based applications using an agent-based architecture for
orchestration.
Open Source

Decking.io (Full Fat Finch)


and orchestration of containers. It originally was an alternative to Fig, now Docker Compose.

Open Source

Docker Compose (Docker)


Compose is a tool

Open Source

running multi-container applications with Docker.

Docker Hub (Docker)


Docker Hub is a cloud-based registry service for building and shipping application or service containers. It
provides a centralized resource for container image discovery, distribution and change management.

THE DOCKER & CONTAINER ECOSYSTEM

108

CONTD: DEVELOPER TOOLS, APPLICATION DEVELOPMENT/DEPLOYMENT...

Product/Project (Company or Supporting Org.)

Also categorized under:

Docker Image Build Service (IBM)


A cloud-hosted build service
are published to a private Docker registry on Bluemix.
Open Source

Images

Docker Machine (Docker)


Docker Machine lets you create Docker hosts on your computer.

Open Source

dockersh (Yelp)
Dockersh is a login shell for machines with multiple users; it gives access to multiple users but allows for
isolation between them.
Drone (Drone)
Drone is a continuous integration system built on top of Docker. Drone uses Docker containers to provision
isolated testing environments.

Open Source

Dusty (GameChanger Media)


Dusty is a development environment that provides OS X support for containers. Their documentation
compares the tool to Vagrant and says it uses Docker Compose to orchestrate containers.

Open Source

Fabric8 (Red Hat)


Fabric8 is an open source DevOps and integration platform that is built as a set of microservices that run on
top of Kubernetes and OpenShift V3.

Open Source

Ferry (N/A)
AWS, OpenStack and your local machine using Docker.
Flockport Apps (Flockport)

Image Registry and Security

Flockport is a Linux container-sharing website. It also provides tools that make it easier to install and use LXC
containers.
Harbormaster (Crane Software)
Cranes main product is Harbormaster, which is a Docker Release Management platform. It focuses on
helping DevOps teams build, deploy and manage containers in production.
Hortonworks Data Platform (Hortonworks)
Hortonworks acquired Cloudbreaks ability to launch on-demand Hadoop clusters in the cloud or to any
environment that supports Docker containers.

THE DOCKER & CONTAINER ECOSYSTEM

109

CONTD: DEVELOPER TOOLS, APPLICATION DEVELOPMENT/DEPLOYMENT...

Product/Project (Company or Supporting Org.)


Open Source

Also categorized under:

Lorry (CenturyLink)
Lorry is a CenturyLink Cloud utility and open source project that provides a graphical user interface for
Docker Compose YAML validation and composition.

Open Source

Mantl (Cisco)
Mantl is an open source platform for rapidly deploying globally distributed services. It works with tools such
as Marathon, Mesos, Docker and Consul.

Open Source

Micro (MYODC)
Micro is a microservices toolchain consisting of a suite of libraries and tools to write and run microservices.

Open Source

Packer (Hashicorp)
Packer is a tool for creating machine and container images for multiple platforms from a single source

Open Source

Panamax (CenturyLink)
Panamax is a containerized app creator with an open source app marketplace hosted on GitHub. Panamax
provides an interface for users of Docker, Fleet and CoreOS.

Open Source

Powerstrip (ClusterHQ)
Powerstrip is a tool for prototyping Docker extensions.

Open Source

runC (Linux Foundation)

Runtimes, Platforms and Hosts

runC is a CLI tool for creating and running containers according to the Open Container Initiatives
Runnable (Runnable)
Runnable works with GitHub and other tools to automatically deploy commits and launch containers in your
sandbox when branches are created.
Shippable CI/CD (Shippable)
Shippable is a continuous integration platform built natively on Docker and using Docker Hub to deploy.
Shippable for OpenShift (Shippable)
Shippables continuous integration platform is now available natively on OpenShift in beta.
Open Source

Shutit (N/A)
Shutit is a tool for managing the Docker image building process; it expands on some of the capabilities of

THE DOCKER & CONTAINER ECOSYSTEM

110

CONTD: DEVELOPER TOOLS, APPLICATION DEVELOPMENT/DEPLOYMENT...

Product/Project (Company or Supporting Org.)

Also categorized under:

Spoon (Spoon)
Spoon is a platform for building, testing, deploying Windows applications & services in isolated containers.
StackDock (Copper.io)

Infrastructure Services

Copper.io is a full stack developer toolset. They produce StackDock, which helps deploy containers. In
addition, it is developing storage and backup functionality for StackDock.
StackEngine (StackEngine)

Orchestration and Management

StackEngine is an end-to-end container application management system that provides a way for dev and
enterprise IT teams to deploy Docker applications.
Open Source

Terraform (Hashicorp)
Terraform is a tool to build and launch infrastructure, including containers.

Open Source

Totem (N/A)
Totem is a continuous delivery pipeline tool designed for microservices.
Travis CI (Travis CI)
Travis CI is an open source continuous deployment platform; it is able to run on Docker-based
infrastructures.
UrbanCode Build (IBM)
UrbanCode Build is a continuous integration and build management server optimized for the enterprise.
It is designed to make it easy to scale
and
seamlessly plug into development, testing and release tooling. Supports Docker build and integration with
Docker registries.

Open Source

Vessel (N/A)
Vessel automates the setup and use of dockerized development environments. It is requires both OS X and
Vagrant to work properly.
Virtuozzo (Odin)
Odins Virtuozzo is a container virtualization platform sold to providers of cloud services.
Weave Run (Weaveworks)
Weave Run provides routing and control for containers, implemented as microservices.
Wercker (Wercker)
Wercker is a platform for automating the creation and deployment of applications and microservices.

THE DOCKER & CONTAINER ECOSYSTEM

111

CONTD: DEVELOPER TOOLS, APPLICATION DEVELOPMENT/DEPLOYMENT...

Product/Project (Company or Supporting Org.)

Also categorized under:

xDock (Xervmon)

Orchestration and Management

Xervmon is a cloud management platform. Its xDock lets users deploy, manage and monitor Docker images
in the cloud.
Open Source

Zodiac (CenturyLink)
Zodiac is a lightweight tool, built on top of Docker Compose, for easy deployment and rollback of
Dockerized applications.

THE DOCKER & CONTAINER ECOSYSTEM

112

RUNTIMES, PLATFORMS
AND HOSTS
Product/Project (Company or Supporting Org.)

Also categorized under:

Apcera Hybrid Cloud OS (Apcera)

Orchestration and Management

Hybrid Cloud OS (HCOS) manages access to compute resources across a cluster of servers. By focusing on
managing policies across multiple environments, it aims to secure workloads and containers in enterprise
production environments.
Apprenda (Apprenda)
Apprenda provides a PaaS for enterprises that supports the hosting of containers.
Azure Container Service (Microsoft)

Orchestration and Management

this cluster includes Docker and Docker Swarm for code portability and Marathon, Chronos and Apache
Mesos to ensure scalability.
Bluemix (IBM)
Bluemix is a PaaS for creating, deploying and managing applications in the cloud. As part of Bluemix, IBM
Containers allows you to run Docker containers in a hosted cloud environment.
Open Source

Boot2Docker (N/A)
be used with Docker Machine.

Open Source

Cloud Foundry Diego (Cloud Foundry Foundation)


Diego is Cloud Foundrys next generation runtime. It is made up of a variety of small components, each with
its own repository. It supports the scheduling and monitoring of Docker workloads.
cloudControl (cloudControl GmbH)
acquired dotCloud from Docker in 2014.

THE DOCKER & CONTAINER ECOSYSTEM

113

CONTD: RUNTIMES, PLATFORMS AND HOSTS

Product/Project (Company or Supporting Org.)

Also categorized under:

ContainerShip (ContainerShip)

Developer Tools, App Development...

ContainerShip is a self-hosted container management platform, capable of running on any cloud, used to
manage containers from development to production.
CoreOS (CoreOS)
CoreOS is a lightweight OS based on the Linux kernel and designed for providing infrastructure to clustered
deployments, while focusing on automation, ease of applications deployment to containers, security,
reliability and scalability.
DaoCloud (DaoCloud)
DaoCloud is a China-based cloud computing company focusing on providing Docker services.
Open Source

Deis (Engine Yard)


Deis is a lightweight, open source PaaS, built on Docker and CoreOS, that makes it easy to deploy and
manage applications on your own servers.
DigitalOcean (DigitalOcean)
DigitalOcean is an IaaS provider that targets developers. It provides one-click installs to deploy Docker.

Open Source

Docker (Engine) (Docker)


Docker Engine is a lightweight runtime and tooling that builds and runs your Docker containers.
Docker Subscription (Docker)

Image Registry and Security

Dockers subscription model includes commercially supported Docker engines for the servers running your
application and a commercial registry service (Docker Trusted Registory or Docker Hub) of your choice.
Open Source

Dokku (Engine Yard)

EC2 Container Service (Amazon Web Services)


Amazon EC2 Container Service helps companies manage clusters of containers on AWS infrastructure.
Open Source

Flynn (Prime Directive, Inc.)


Flynn is a micro-PaaS built on Docker containers and optimized for service-oriented applications.
Giant Swarm (Giant Swarm)

Image Registry and Security

Giant Swarm is a hosted container solution to build, deploy and manage containerized services.
Google Container Engine (Google)
Google Container Engine is cluster management and orchestration system that lets users run containers on
the Google Cloud Platform.
THE DOCKER & CONTAINER ECOSYSTEM

114

CONTD: RUNTIMES, PLATFORMS AND HOSTS

Product/Project (Company or Supporting Org.)

Also categorized under:

Helion (Hewlett-Packard)

Heroku Buildpacks (Salesforce)


The Heroku PaaS provides buildpacks for compiling applications. Customers can pay for managed
containers that Heroku calls Dynos.
Hyper (HyperHQ)
Hyper is a hypervisor-agnostic Docker runtime engine. Its goal is to make VMs run like containers by
eliminating the need for a guest OS.
IBM Containers on Bluemix (IBM)
Use IBM Containers to run Docker containers in a hosted cloud environment on IBM Bluemix. IBM
Containers provides full hosting and lifecycle management of Docker containers, along with automatic and
integrated log analytics and monitoring, elastic scaling with auto-recovery, reliability tools, load balancing
and routing, persistent storage and security services. IBM Containers also provides a private image registry,
Docker Hub.
Jelastic (Jelastic)

Orchestration and Management

Jelastic provides a PaaS and container-based IaaS on a singular platform that includes container
orchestration.
Joyent Triton Elastic Container (Joyent)
Triton Elastic Container Service allows you to securely deploy and operate containers with bare metal speed
on container-native infrastructure; Joyent provides the Triton Elastic Container service as part of its larger
Kyup Cloud Hosting (Kyup)
Kyup provides cloud-based container hosting.
Open Source

LXD (Canonical)
LXD is a hypervisor for Linux containers, composed of three components: a system-wide daemon, a

Open Source

OpenShift Origin (Red Hat)


OpenShift Origin is the upstream open source version of OpenShift and is meant to allow for development
of cloud-native applications. OpenShift is a PaaS built on Docker containers that orchestrates with
Kubernetes. It also has Atomic and Red Hat Linux components.

THE DOCKER & CONTAINER ECOSYSTEM

115

CONTD: RUNTIMES, PLATFORMS AND HOSTS

Product/Project (Company or Supporting Org.)

Also categorized under:

Packet (Packet Host)


Packet is a bare metal PaaS that supports Docker, CoreOS, Deis, Mesosphere and Rancher.
Pivotal Cloud Foundry (Pivotal Software)
building applications as deployable containers.
Open Source

Project Photon (VMware)


Photon is a Linux container host created by VMware as an open source project; it is focused on running
containerized applications in a virtualized environment.

Open Source

Project Atomic (Red Hat)


Project Atomic hosts run applications in Docker containers with components based on RHEL, Fedora and
the use of existing containers as building blocks for new applications.
PureApplication (IBM)
that use automated patterns to rapidly deploy
applications, reduce cost and complexity, and ease management. Docker containers can be included in
patterns along with non-container components to take advantage of the PureApplication enterprise-grade
lifecycle management. Support includes a private Docker registry pattern deployable as a shared service.
Quay.io (CoreOS)

Rancher (Rancher)
Rancher is a complete infrastructure platform for running containers in production.
Open Source

RancherOS (Rancher)
RancherOS is a 20MB Linux distro that runs the entire OS as Docker containers.

Open Source

runC (Linux Foundation)

Developer Tools, App Development...

runC is a CLI tool for creating and running containers according to the Open Container Initiatives
Scalingo (Scalingo)
Scalingo is a PaaS for containers; users push their code to Scalingo and it creates an image and allocates
resources to run the application in its cloud.

THE DOCKER & CONTAINER ECOSYSTEM

116

CONTD: RUNTIMES, PLATFORMS AND HOSTS

Product/Project (Company or Supporting Org.)

Also categorized under:

Snappy Ubuntu Core (Canonical)


Snappy Ubuntu Core is a new version of Ubuntu with a minimal server image and the same libraries, but
applications are provided through a simpler mechanism.
Tutum (Tutum)

Image Registry and Security

As of October 2015, Tutum is still in beta. Tutum automates the build, test, deployment and management of
containerized applications. It also has a free private registry to store Docker images.
WaveMaker (WaveMaker)
WaveMaker provides a PaaS for development and management of custom enterprise apps on private
infrastructure. It supports the running of Docker applications.
Windows Server Container (Microsoft)
Microsoft is working with Docker to ensure that Windows applications can be run on Docker containers.

THE DOCKER & CONTAINER ECOSYSTEM

117

ORCHESTRATION
AND MANAGEMENT
Product/Project (Company or Supporting Org.)

Also categorized under:

Ansible Tower (Ansible)


addition, it lets users create container images.
Apcera Hybrid Cloud OS (Apcera)

Runtimes, Platforms and Hosts

Hybrid Cloud OS (HCOS) manages access to compute resources across a cluster of servers. By focusing on
managing policies across multiple environments, it aims to secure workloads and containers in enterprise
production environments.
Azure Container Service (Microsoft)

Runtimes, Platforms and Hosts

this cluster includes Docker and Docker Swarm for code portability and Marathon, Chronos and Apache
Mesos to ensure scalability.
BanyanOps (BanyanOps)
BanyanOps launched in 2015 and does not yet have a product. It is focused on analyzing images and wants
to accelerate IT operations with containers.
Open Source

BOSH (Cloud Foundry Foundation)


BOSH is an open source toolchain for orchestration of large-scale distributed services that can be used with
Docker containers. BOSH installs and updates software packages on large numbers of VMs over many IaaS
providers.

Open Source

Brooklyn (Apache Foundation)

Developer Tools, App Development...

Apache Brooklyn is a library and control plane for deploying and managing distributed applications.
Open Source

cAdvisor (Google)
cAdvisor (Container Advisor) is a Google-support project that analyzes resource usage and performance
characteristics of running containers.

THE DOCKER & CONTAINER ECOSYSTEM

118

CONTD: ORCHESTRATION AND MANAGEMENT

Product/Project (Company or Supporting Org.)

Also categorized under:

Chef (Chef)
provision Docker containers.
Open Source

Chronos (Apache Foundation)

Developer Tools, App Development...

Chronos is a distributed and fault-tolerant scheduler that runs on top of Mesos that can be used for job
orchestration. Chronos is natively able to schedule jobs that run inside Docker containers.
Cloud 66 (Cloud 66)
Cloud 66 is an application provisioning and management service that allows you to build Docker stacks from
scratch on any public or private cloud vendor or your own infrastructure.
Open Source

Cloud Foundry Containers Service Broker (Cloud Foundry Foundation)


This is a container services broker for the Cloud Foundry v2 services API. It allows for the provisioning of
services and binding of applications to a container backend.

Open Source

Cloud Foundry Lattice (Cloud Foundry Foundation)

Developer Tools, App Development...

Lattice is an open source project for running containerized workloads on a cluster. Lattice bundles up HTTP
load balancing, a cluster scheduler, log aggregation and streaming and health management into an easy-todeploy and easy-to-use package.
Open Source

CloudSlang (Hewlett-Packard)

Developer Tools, App Development...

Cloudsoft Application Management Platform (Cloudsoft)


Cloudsofts application management platform, based on the open source Apache Brooklyn project,
orchestrates services, platforms and infrastructure, including deployment to containers.
ClusterUP (ClusterUP)
ClusterUp is providing a GUI to monitor and manage the lifecycle of Docker services.
Open Source

Consul (Hashicorp)

Open Source

Crane (N/A)
Crane is a lightweight wrapper around the Docker CLI that is used to orchestrate Docker containers.
Datadog (Datadog)
Datadog is a monitoring and analytics service for IT operations and development teams. It has containerized
agents that can monitor container environments.

THE DOCKER & CONTAINER ECOSYSTEM

119

CONTD: ORCHESTRATION AND MANAGEMENT

Product/Project (Company or Supporting Org.)

Also categorized under:

DCHQ (DCHQ)

Developer Tools, App Development...

The solution provides self-service access to Docker-based applications using an agent-based architecture for
orchestration.
DCOS (Mesosphere)
Mesospheres DCOS is a commercial version of the Mesos OS for managing data centers. It supports both
Kubernetes and Docker.
Open Source

Docker Swarm (Docker)


for Docker by turning multiple Docker hosts into a single, virtual host.

Open Source

Dray (CenturyLink)
provides a RESTful API for managing jobs and is most commonly used for containers hosting long-running
services.
Elasticsearch (Elastic)
Elasticsearch is a search and analytics engine based on Lucene.
Engine Yard (Engine Yard)
Engine Yard is a cloud orchestration PaaS for deploying, monitoring and scaling applications.

Open Source

etcd (CoreOS)

Open Source

Fleet (CoreOS)
Fleet is a distributed init system used to support cluster management and orchestration of containers.

Open Source

Flocker (ClusterHQ)
Flocker is a data volume manager for Dockerized applications.
Found (Elastic)
Elastics founder created Elasticsearch and they provide it as a service called Found. It can be used by the
Docker community for search and discovery.

Open Source

ImageLayers (CenturyLink)
ImageLayers.io allows Docker users to easily discover best practices for image construction, and aids in

THE DOCKER & CONTAINER ECOSYSTEM

120

CONTD: ORCHESTRATION AND MANAGEMENT

Product/Project (Company or Supporting Org.)

Also categorized under:

IronMQ (Iron.io)

Infrastructure Services

IronWorker (Iron.io)
IronWorker is a platform that isolates the code and dependencies of individual tasks to be processed on
demand in a containerized environment.
Jelastic (Jelastic)

Runtimes, Platforms and Hosts

Jelastic provides a PaaS and container-based IaaS on a singular platform that includes container orchestration.
Open Source

Kitematic (Docker)
Kitematic is a graphic interface to manage Docker. The sponsoring company was bought by Docker, but the
actual software is now part of Dockers toolkit.

Open Source

Kong (Mashape)

Open Source

Kontena (Kontena)
Kontena is a container orchestration tool. It abstracts containers into application services and establishes an
internal network between linked services, making it easy to deploy and scale applications across multiple
hosts.

Open Source

Kubernetes (Google)
Kubernetes is an open source Docker orchestration tool. Google initially developed Kubernetes to help
manage its own LXC containers.
Logentries (Rapid7)
Logentries provides analytics tools to monitor Docker environments.

Open Source

MaestroNG (SignalFx)

Open Source

Magnum (Open Stack Foundation)

Open Source

Marathon (Apache Foundation)


Marathon is an Apache Mesos framework for long-running applications. Marathon provides a REST API for
starting, stopping and scaling applications. It lets users deploy, run and scale Docker containers.

THE DOCKER & CONTAINER ECOSYSTEM

121

CONTD: ORCHESTRATION AND MANAGEMENT

Product/Project (Company or Supporting Org.)


Open Source

Also categorized under:

Mesos (Apache Foundation)


applications, or frameworks.
Nirmata (Nirmata)

Open Source

Percheron (N/A)
Percheron is used to manage images and containers.

Open Source

Prometheus (Robust Perception)


Prometheus is an open-source service monitoring system and time series database.
Puppet Enterprise (Puppet Labs)

SaltStack Enterprise (SaltStack)


SaltStack is an orchestration and automation tool that can be used to manage Docker containers.
Scout (Scout)
Scout provides application and server monitoring; it has plugins to monitor both Docker and LXC containers.
Shippable Formations (Shippable)
Shippable Formations is an orchestration tool for dev and test environments.
Open Source

Shipyard (N/A)
Shipyard enables multi-host, Docker cluster management, and is fully compatible with the Docker Remote API.
StackEngine (StackEngine)

Developer Tools, App Development...

StackEngine is an end-to-end container application management system that provides a way for dev and
enterprise IT teams to deploy Docker applications.
Sysdig Cloud (Sysdig Cloud)
Based on open source Sysdig technology, Sysdig Cloud monitors containerized environments.
Tectonic (CoreOS)
Tectonic, which is currently being previewed, will be an enterprise version of Kubernetes.

THE DOCKER & CONTAINER ECOSYSTEM

122

CONTD: ORCHESTRATION AND MANAGEMENT

Product/Project (Company or Supporting Org.)

Also categorized under:

UrbanCode Deploy (IBM)


UrbanCode Deploy orchestrates the deployment of applications across environments, coordinating the
deployment of many individual components with inventory tracking. This includes support for Docker
Containers, Docker Registries, and IBM Container Service on Bluemix via a community plugin.
Weave Scope (Weaveworks)

xDock (Xervmon)

Developer Tools, App Development...

Xervmon is a cloud management platform. Its xDock lets users deploy, manage and monitor Docker images
in the cloud.
Open Source

Zenoss Control Center (Zenoss)


Zenoss Control Center is an application management and orchestration system. It works with the Zenoss
platform and other Docker applications. Serviced is a popular repository in this project that provides a PaaS
runtime.

THE DOCKER & CONTAINER ECOSYSTEM

123

INFRASTRUCTURE SERVICES
Product/Project (Company or Supporting Org.)
Open Source

Also categorized under:

Clocker (Apache Foundation)


Clocker creates and manages a Docker cloud infrastructure. It is a part of the Apache Brooklyn projects, and
has plugins for Project Calico and Weave.

Open Source

Crate (Crate.io)

EMC Elastic Cloud Storage (EMC)


EMCs Elastic Cloud Storage (ECS) is available as a Docker container. In addition, the storage giant is working
bare metal.
Open Source

Flannel (CoreOS)
Flannel is a virtual network for hosting containers.
IronMQ (Iron.io)

Orchestration and Management

components.
Open Source

libnetwork (Docker)
Libnetwork provides a native Go implementation for connecting containers.

Open Source

Pachyderm (Pachyderm)
Pachyderm enables storage and analysis of data using containers.
Pertino (Pertino)
Pertino lets developers build container-level virtual private cloud networks.
Portworx PWX (Portworx)
Portworx PWX provides elastic scale-out block storage natively to Docker containers.

THE DOCKER & CONTAINER ECOSYSTEM

124

CONTD: INFRASTRUCTURE SERVICES

Open Source

Product/Project (Company or Supporting Org.)

Also categorized under:

Project Calico (Metaswitch Networks)

Image Registry and Security

Project Calico provides networking for OpenStack VMs as well as containers in a Docker environment. Each
container gets its own IP and security policy. Users of Clocker can use Calico with it.
SoftLayer (IBM)
SoftLayer provides infrastructure as a service (IaaS) including bare metal and virtual servers, networking,
turnkey big data solutions, and private cloud solutions. SoftLayer is supported as a provider behind Docker
Machine for quickly standing up a cloud-hosted Docker host.
StackDock (Copper)

Developer Tools, App Development...

Copper.io is a full stack developer toolset. They produce StackDock, which helps deploy containers. In
addition, it is developing storage and backup functionality for StackDock.
VNS3:net (Cohesive Networks)

Image Registry and Security

control and security for containers.


Open Source

Weave (Weaveworks)

Weave Net (Weaveworks)

THE DOCKER & CONTAINER ECOSYSTEM

125

IMAGE REGISTRY AND


SECURITY
Product/Project (Company or Supporting Org.)

Also categorized under:

CloudPassage (CloudPassage)

Open Source

Docker Bench for Security (Docker)


The Docker Bench for Security is a script that checks for dozens of common best practices around deploying
Docker containers in production.
Docker Subscription (Docker)

Runtimes, Platforms and Hosts

Dockers subscription model includes commercially supported Docker engines for the servers running your
application and a commercial registry service (Docker Trusted Registory or Docker Hub) of your choice.
Docker Trusted Registry (Docker)
Docker Trusted Registry allows users to store and manage Docker images on premise or in a virtual private cloud.
Enterprise Registry (CoreOS)
Enterprise Registry provides a secure registry on an enterprises own infrastructure.
Flockport Apps (Flockport)

Developer Tools, App Development...

Flockport is a Linux container-sharing website. It also provides tools that make it easier to install and use LXC
containers.
Giant Swarm (Giant Swarm)

Runtimes, Platforms and Hosts

Giant Swarm is a hosted container solution to build, deploy and manage containerized services.
Google Container Registry (Google)
Google Container Registry provides secure, private Docker image storage on Google Cloud Platform.
Open Source

Notary (Docker)
for running and interacting with trusted collections.
using highly secure keys.

THE DOCKER & CONTAINER ECOSYSTEM

126

CONTD: IMAGE REGISTRY AND SECURITY

Product/Project (Company or Supporting Org.)

Also categorized under:

Polyverse (Polyverse)
Polyverse uses millions of individually protected containers to help prevent large-scale data breaches.
Open Source

Portus (SUSE)
Portus acts both as an authoritzation server and as a user interface for Docker registry (v2).
Private Image Registry Service (IBM)
IBM Containers on Bluemix provides a private Docker image registry service for hosting private images. The
private registry supports group access policies to allow teams to share private images.

Open Source

Project Calico (Metaswitch Networks)

Infrastructure Services

Project Calico provides networking for OpenStack VMs as well as containers in a Docker environment. Each
container gets its own IP and security policy. Users of Clocker can use Calico with it.
Reesd Images (Reesd)
Reesd is a private Docker repository and storage service.
Open Source

Registrator (Glider Labs)


Registrator automatically registers and deregisters services for any Docker container. It supports pluggable
service registries like Consul and etcd.
ScriptRock (ScriptRock)

Shipway (Shipway)
automatically publishes new Docker images when you push your repository.
Tutum (Tutum)

Runtimes, Platforms and Hosts

As of October 2015, Tutum is still in beta. Tutum automates the build, test, deployment and management of
containerized applications. It also has a free private registry to store Docker images.
Twistlock (Twistlock)
Twistlock provides a security framework for developers, allowing them to do security checks before pushing
security rules across multiple container clusters.

THE DOCKER & CONTAINER ECOSYSTEM

127

CONTD: IMAGE REGISTRY AND SECURITY

Product/Project (Company or Supporting Org.)

Also categorized under:

VNS3:net (Cohesive Networks)

Infrastructure Services

control and security for containers.


Vulnerability Advisory (IBM)
Vulnerability Advisory is a capability of IBM Containers on Bluemix. It gives container developers a view
into their image security properties and as well as guidance on how images should be improved to meet
Using Vulnerability Advisor, developers

THE DOCKER & CONTAINER ECOSYSTEM

128

CONSULTING AND MISC.


Product/Project (Company or Supporting Org.)

Also categorized under:

Container Solutions (Container Solutions)


Container Solutions is a consulting group that specializes in helping customers to shorten the time it takes to
deploy.
DaoClou2d (DaoCloud)
DaoCloud is a China-based cloud computing company focusing on providing Docker services.
IBM Resale of Docker Subscription (IBM)
IBM resells Docker Subscription which includes the Docker Engine and Docker Trusted Registry as well as
level 1 and level 2 support
Jetstack Container Services (Jetstack)
Jetstack is a consulting company focused on helping companies build a container management
infrastructure.
Kismatic (Kismatic)
Kismatic provides enterprise support and production platform tooling for Kubernetes and Docker.

THE DOCKER & CONTAINER ECOSYSTEM

129

DISCLOSURES
The following companies mentioned in this ebook are sponsors of The
Datadog, DigitalOcean, Hewlett-Packard, Intel, Joyent, New Relic, Pivotal,

Brigg the desired peace of Trondheim crashes during storm, 1798 by


the Municipal Archives of Trondheim is licensed under CC BY 2.0 and has
been cropped from its original version.

THE DOCKER & CONTAINER ECOSYSTEM

130

thenewstack.io

You might also like