The Docker and Container Ecosystem
The Docker and Container Ecosystem
The Docker and Container Ecosystem
vol.
THE
DOCKER &
CONTAINER
ECOSYSTEM
EDITED & CURATED BY ALEX WILLIAMS
TABLE OF CONTENTS
Introduction ..................................................................................................................................4
Sponsors ........................................................................................................................................7
THE DOCKER & CONTAINER ECOSYSTEM
INTRODUCTION
We never thought that our last six months at The New Stack would be
ecosystem. It was supposed to be one ebook that wed do in six weeks or
so, but then we started putting it together. It had quite a scope that easily
would have made just one ebook more than 100 pages.
justice to the subject matter? The answer was no. It made far more sense
to make it a series, and take the time to explore how containers apply to
the entire stack, as individual units that have quickly come to be
associated with orchestration.
Its a new time that is really not about IT. Its now about application
development and management at scale. These are the days that will help
a technologist might have dreamed in the enterprise heyday. Today, we
are talking about applications far more than the machines they run on.
The machines are now a resource not a server farm, a grid or even a
cloud. This resource is as real as any physical resource we know of.
But how do we connect the resources? How do these resources become
deeper, wider and more powerful in what they provide? How do we make
them simple enough so that we dont need to invent something new every
INTRODUCTION
credence as a way to build apps directly from the developers laptop with
much of the process automated and packaged. They have impacts on the
cost of managing resources.
These economic considerations and impacts on behavior speak to why
Docker is having such a lasting symbolic impact on changing technologies
and models.
Its this change to more container-based workloads that will drive the
substance of our ebook series. We have a lot of subject matter to cover.
Well run the series into the spring of 2016, and even at that point the
landscape will have changed further. At that time, we may even have a
technology age feel so timeless.
I am so lucky to be part of such a great community. Our goal is to analyze
how application development and management at scale is changing as
the new stack evolves. Every day I get to explore the workings of this world
and its dimensions. I get to talk to the smartest technologists in the world.
We also have the honor and the privilege of working with fantastic
sponsors. In particular, I want to thank our series sponsors: Cisco, Docker
and IBM. We could not be here without them.
Finally, there is the team who is working to build The New Stack who I get
to talk to every day. I love this group of people. They are the heart and
soul of what we do every day at The New Stack. They are my colleagues
New Stack and bring with them the excellence we always strive to
maintain. I would not be here without them.
THE DOCKER & CONTAINER ECOSYSTEM
INTRODUCTION
Thank you so much for your interest in our ebook series. Please reach out
any time. I am always happy to meet and talk with people who care
enough to introduce themselves.
Thanks, Alex.
Alex Williams
Founder and Editor-in-Chief
The New Stack
SPONSORS
We are grateful for the support of the following series sponsors:
dynamic, adaptable resource that IT could use to power 21st-century business imperatives for agility and responsiveness. Terms such as cloud-native and cattle not pets expressed the understanding that cloud-based
change.
ocean with it. Just as was the case with cloud computing, containers pose
as many questions as they answer. These questions arise on multiple
levels: architectural, operational, organizational, and conceptual.
Containers make many things possible, without necessarily accomplishing
recognizing the power of containers, one begins the more laborious
issues include questions such as:
How do containers communicate across operating system and
network boundaries?
models.
These higher-order systems answer some of the initial questions that arise
while trying to deploy containers. They also, though, raise new questions
THE DOCKER & CONTAINER ECOSYSTEM
10
%CROSSING
Of Organizations
Planning To Address Needs in the Next 2 Years
THE OCEAN WITH CONTAINERS
(excludes partnerships)
60%
11%
71%
60%
11%
71%
28%
71%
Growth Potential
43%
Security
23%
40%
30%
23%
28%
23%
Container/OS
21%
Hosting/Service Providers
13%
26%
Database/Big Data
21%
10%
20%
4%
53%
51%
38%
36%
Image Registry
63%
34%
30%
27%
6%
30%
40%
50%
60%
70%
FIG 1:
11
need to learn new ways of thinking about what systems are and how to
solve problems with them. Making Docker enterprise-ready involves not
THE DOCKER & CONTAINER ECOSYSTEM
12
rather the ability to hire people who can comprehend the implications of
that technology, and who can operate it based on that understanding.
13
14
THE WORLD IS
PROGRAMMABLE WITH
CONTAINERS
by ALEX WILLIAMS
15
16
17
Market Reality: There are billions of people in the world and almost
everyone has had some contact with the Internet, even if they may not
realize it. There are millions of developers who are building the new
foundations for how we live and work. In the meantime, their operations
counterparts are doing the plumbing to make the Internet more
programmable.
The Result:
convenience and performance over compatability.
presented at DockerCon in June 2015 and made the argument that
millions of programmers means new innovations. It is these innovations
18
Programmers
App
App
App
App
App
App
App
App
App
App
App
App
App
http://www.slideshare.net/chanezon/docker-platform-and-ecosystem
TVs
Industrial
Facilities
Scientific
Financial
Instruments System
19
thenewstack.io
managing servers need to have logins and accounts. They have to manage
technologies that have various states of repair or disrepair. Setting up
is, removes many of these types of issues. It removes the burden of
manual updates. Let the machines take control.
argues
that DevOps is the outcome of this sort of transformation, and that
essentially means a reorganization for most companies. But with a
microservices approach, an immutable infrastructure can allow for steep
THE DOCKER & CONTAINER ECOSYSTEM
20
cost reductions and a high rate of change. Developers can build and
deploy services in seconds: Docker packages them and the microservices
environment runs them in what amounts to fast tooling that supports
continuous delivery of many tiny changes.
These new microservices environments are not easy to manage. Think of
the speed involved, the scale needed across continents, regions and
21
Its this speed that is most transforming. Speed means a lower barrier for
taking risks with trying new ways to speed up app development and
management. However, we have barely come to understand what the
outer dimensions of this new capability means to us all.
You are going to see a new order of magnitude in terms of swarming of
compute running for shorter time periods, said John Willis in a story from
The New Stack earlier this year. Now it is a matter of nanocomposite. It
could go from 1,000 to one billion instances starting and stopping in a week.
The startup time for a container is around a second. Public cloud virtual
machines (VMs) take from tens of seconds to several minutes, because
they boot a full operating system every time, and booting a VM on a
laptop can take minutes.
22
Datacenters
Virtualization
Containers
Serverless
Months to deploy,
live for years
Minutes to deploy,
live for weeks
Seconds to deploy,
live for minutes/hours
Milliseconds to deploy,
live for seconds
Source: http://www.slideshare.net/adriancockcroft/dockercon-state-of-the-art-in-microservices
thenewstack.io
FIG 2:
Summary
In all, an application-centric approach has deep roots in the Linux
ecosystem. There is a rich history of tooling that has allowed for a market
of compatibility. Linux runs everywhere and everything runs on it. But
of complexity in the system, including permission checks on the operating
system that stem back from a time when massive monolithic systems
were built into single machines.
Today, performance is becoming a key-value driver for containers, but
they still have an associated complexity. And thats why there is such a
diverse ecosystem: its needed for users to build architectures that can
take containers from the laptop and into distributed environments
environments that can manage any number of microservices that are fast,
23
OPEN SOURCE
COMMUNITIES DEFINE
THE DOCKER AND
CONTAINER ECOSYSTEM
by LAWRENCE HECHT
systems are less robust than their open source equivalents. The Docker
and container ecosystem is representative of this new market reality.
As many of the container-related projects move into enterprise production
vendors such as IBM, Intel and Google, as well as by large customers such
as Goldman Sachs, that are creating new open source foundations. These
communities, lead by professional organizations such as the Linux
Foundation, which now runs the Open Container Initiative, the Cloud
Native Computing Foundation and the Cloud Foundry Foundation.
Created in June 2015, the Open Container Initiative (OCI) is an open
24
of the providers and a context for looking at the past and future of an
application-centric infrastructure.
The roots of OCI can be traced back to Docker and the development of
its libcontainer technology. The libcontainer format enabled Docker to
single host share the kernel of the running Linux OS. It undocked itself
was designed, systemd was responsible for launching and maintaining
container processes in a manner that the operating system could
manage.
As part of OCI, Docker donated libcontainer to the initiative. The overall
goal is to ensure compatibility between systems and the code that utilizes
containers, thus freeing the next generation of engineers to focus on
innovating higher up the value chain.
Foundation (CNCF). The CNCF is the newest open source project, initiated
by Google and joined by Cisco, Docker, IBM, Mesosphere, Joyent and a
host of other companies in the ecosystem that are trying to standardize
scheduling and orchestration capabilities.
activity and industry cooperation within the tight-knit group creating the
25
migrated from libcontainer, there has been robust participation from both
independent developers and companies.
developed by CoreOS for its Rocket runtime system. At CoreOSFest this
past spring, the company announced App Container (appc), its own open
source project based upon the rkt technology. Google, VMware, Red Hat,
Hybrid Cloud OS maker Apcera and a gathering coalition of industry
partners backed appc.
CoreOs has funding from Google Ventures. Furthermore, the CoreOS
technology integrates deeply with Kubernetes, Googles open source
container management platform. Google, for its part, is focusing on the
recently announced Cloud Native Computing Foundation, which has an
emphasis on container management.
Docker, without a doubt, competes with both CoreOS and Google. They
changing world of application development and management at scale, as
there is really no one universal solution.
Project
OCIs initial technical leadership included representatives from Docker,
Red Hat, CoreOS, Google, and an independent developer with a company
called
. Now that the project has been operating for a few months,
we can see who is actually involved with the development of
that there have been 24 contributors to the opencontainers/specs
THE DOCKER & CONTAINER ECOSYSTEM
26
repository, with the most involvement from Huawei, Docker, Red Hat, IBM,
Fujitsu and CoreOS.
It is noteworthy that the previous top three contributors to appcs spec
CoreOSs Jonathan Boulle and Brandon Philips and Red Hats Vincent
Batts are actively contributing to OCIs specs. Without the support of
these leaders, activity in the appc project has slowed down tremendously
since OCIs announcement.
important their development is to keeping some companies involved. For
example, CoreOS released an updated version of rkt based on appc, yet in
the future plans on releasing the same runtime based on the OCI spec.
FIG 1:
Independent
Developers
Students
THE DOCKER & CONTAINER ECOSYSTEM
Source: Data collected in early-October from github.com/opencontainers/specs. 24 contributors and 106 contributions
27
thenewstack.io
24%
New Contributions
76%
Contributions Migrated
from libcontainer
28
thenewstack.io
announced, with 29 of the 127 contributors joining in the last two months.
However, it is noteworthy that most of the contributions have come from
Docker and Red Hat employees. Absent from the list of contributing
companies is CoreOS. It is also notable that Google accounted for only
two contributions (0.5 percent of the total), as opposed to the 18 percent
it accounted for in the original libcontainer repository.
the membership roster of the OCI. We found that half of OCIs member
companies still do not have an employee contributing to the project.
FIG 3:
0
5%
10%
THE DOCKER & CONTAINER ECOSYSTEM
15%
20%
25%
30%
35%
29
40%
thenewstack.io
30
CISCO: NETWORKING
THE HYBRID CLOUD
by MARK BOYD
growth and disruption cycles play out amongst the companies that are
building the data nodes and the companies that are creating the digital
products that travel within the networked systems.
They have also seen the boom and bust of the dot-com cycles, having at
one point been valued at a nose-bleeding $500 billion, but now with a
current estimated market cap of around $134.83 billion. Perhaps because
of having lived through these sorts of these hyperbolic heights and more
business as networking, not necessarily hardware networking.
Ken Owens, CTO
of Cloud Services at Cisco Systems. Owens believes that enterprises and
THE DOCKER & CONTAINER ECOSYSTEM
31
whole industries risk losing market share and relevance if they do not
understand this basic tenet of digitization.
Amazon, the birth of a new digital generation of social media, Uber and
To avoid facing the same disruption in their own hardware networking
business, they needed to develop competencies and products suited to
Now, as hybrid clouds become increasingly acceptable to enterprises
looking to make the best use of data and computational storage across a
global network of distributed application architectures, Cisco still wants to
be the company that others turn to for networking it all together.
32
33
KEY PROJECTS
https://github.com/CiscoCloud
KEY PARTNERS
KEY ACQUISITIONS
Piston CloudOS
thenewstack.io
KEY PROJECTS
Socketplane (networking),
Orchard Labs (orchestration)
KEY PROJECTS
KEY PARTNERS
KEY ACQUISITIONS
N/A
34
thenewstack.io
industries that have traditionally used their cable and WiFi networks. Like
we did with the Internet, Owen says, were trying to do the same thing
with clouds, because we feel like theres a very close analogy to what
happened with the Internet back in the 90s, and whats happening with
cloud today.
Listen to The New Stack Makers podcast
with Ken Owens on:
Soundcloud or YouTube
35
HOW THE
GO PROGRAMMING
LANGUAGE HELPS
DOCKER AND THE
CONTAINER ECOSYSTEM
by JOAB JACKSON
Going with Go turned out to be a wise decision. Go gave the Docker team
a simple and powerful language for working with their initial operating
system of choice, Linux.
More importantly, it also provides users with an easy path to incorporate
to enable fast development on distributed systems. It allows developers
and system administrators to quickly build programs and system tools for
cloud computing environments without worrying too much about issues
such as dependency management or concurrent programming.
36
Customer Adoption
Go was launched in 2009, and was ready for production use by 2012. Since
then, it has been embraced by developers worldwide, particularly in
China, where it is most heavily used (though there is discussion about if
37
38
19%
DevOps
11%
10%
10%
7%
Mobile Developer
6%
5%
Data Scientist
5%
5%
0
5%
10%
15%
20%
thenewstack.io
FIG 1:
Gos appeal comes in part from how it combines the best practices from
old-school statically-typed programming languages and the newer,
Go was created by what could only be called a supergroup of veteran
programmers: Robert Griesemer, who worked on the V8 JavaScript engine
39
three had worked at Google, and all were frustrated with the limitations of
existing languages. The languages of the day just werent well-suited for
directly.
rigorous controls over data types, which make them safer and faster. Their
As a result, many web-facing startups over the past decade have
gravitated towards a new breed of dynamically-typed languages, such as
Ruby or JavaScript, which do not enforce the strong typing of data.
While this dynamic typing can simplify work for the programmer,
additional costs sneak out during the runtime in the form of increased
cost for testing and debugging. Debugging becomes a lot more of a
headache, especially with large programs, if the data types arent enforced
from the outset. Programs written with dynamic languages also tend be
slower than their statically-typed counterparts, especially when scaled up
to large workloads.
The beauty of Go is that the language combines the ease of development
statically-typed languages.
As a result, Go programs run more quickly than those written in dynamic
languages, which translates directly into lower monthly usage bills for
those companies running their web applications in the cloud.
One company that learned this was consultant Iron.io, which built a
messaging system for its clients that it later released as a product, called
THE DOCKER & CONTAINER ECOSYSTEM
40
Iron.io was able to cut the number of virtual servers they needed to run
IronWorker from 30 to two.
In addition, Go is geared for distributed computing. It has many built-in
features to support concurrency, or the ability to run a program across
multiple processors. It can execute many low-level system calls, giving it
the ability to work directly with the operating system, which speeds up
process time.
The language is also friendly to the programmer. Go was built so that the
developer can call up the documentation through a single command line.
Testing can be executed through a single command as well.
In short, Docker couldnt have found a better partner than it did in Go.
41
MANAGING CONTAINERS
ACROSS DISTRIBUTED
RESOURCES
by ALEX WILLIAMS
42
horizontally. Winder writes that the application must decide what has
There are a host of other factors that come into building out distributed
architectures. And not surprisingly, there are all sorts of orchestration
environments to consider.
Orchestration aids in running apps across multiple containers, instead of
just one. In The New Stacks survey of container-related vendors, we asked
about orchestration, including it in a category with scheduling,
management and monitoring tools. In this context, we found that almost
43
44
for, Polvi said. It means more compute resources can be added to get
more capacity in applications. It means any individual server is
meaningless. We will think about everything in terms of applications, not
individual servers.
native computing as Googles Craig McLuckie described it on The New
Stack.
The line-of-business manager should be able to run an application on
some on-demand infrastructure without the help of the system
administrator. The manager shouldnt have to worry about servers or any
other physical infrastructure. Instead, they should think about deployment
only in terms of logical computing resources.There is a sea of compute
available where any job can be scheduled to run.
45
requisition a server that may show up six weeks later. It also makes the
enterprise much more agile by lending it the ability to quickly spin up new
applications, move resources to optimal usage and stay ahead of
competitors.
servers? This is where tools like Google Kubernetes and open source
Apache Mesos data center operating system come in. Also of note is
Dockers platform, using its Machine, Swarm and Compose tools.
46
Apache Mesos
Apache Mesos is a cluster manager that can help the administrator
schedule workloads on a cluster of servers. Mesos excels at handling very
large workloads, such as an implementation of the Spark or Hadoop data
processing platforms.
Mesos had its own container image format and runtime built similarly to
47
promises the ability to pool resources and then dynamically schedule jobs
against them, as if all the servers worked together as a single entity.
California at Berkeley. It sits between the application layer and the
operating system and makes it easier to deploy and manage applications
in large-scale clustered environments. It can run many applications on a
dynamically shared pool of nodes. Prominent users of Mesos include
The distributed systems kernel was born out of UC Berkeleys AMPLab
48
Docker
Docker Machine, Docker Swarm and Docker Compose are designed to
work as an orchestration system. Docker also works closely with the
Mesos community.
Docker Machine
According to Docker, Docker Machine enables one-command automation
to provision a host infrastructure and install Docker Engine. Before Docker
Machine, a developer would need to log into the host and follow
OS. With Docker Machine, whether provisioning the Docker daemon on a
new laptop, on virtual machines in the data center or on a public cloud
instance, you only need a single command.
The pluggable backend of Docker Machine allows users to take full
advantage of ecosystem partners providing Docker-ready infrastructure,
while still accessing everything through the same interface. This driver API
works for provisioning Docker on a local machine, on a virtual machine in
the data center, or on a public cloud instance.
In its current alpha release, Docker Machine ships with drivers for
provisioning Docker locally with Virtualbox, as well as remotely on
VMware and other infrastructures.
Docker Swarm
Docker Swarm is a clustering and scheduling tool that automatically
optimizes a distributed applications infrastructure based on the
applications lifecycle stage, container usage and performance needs.
THE DOCKER & CONTAINER ECOSYSTEM
49
50
Docker Compose
Docker Compose enables orchestration across multiple containers.
Database, web and load balance containers, for example, can all be
assembled into a distributed application across multiple hosts. The
orchestration is composed by expressing container dependencies in a
Summary
Orchestration is still a topic that few people know little about, but it will be
crucial for companies building microservices environments. There are
questions to consider about virtualized infrastructure and how to deal
with issues, such as stateless and stateful services. There are the
schedulers, the service discovery engines and other components that
make up these new kinds of management systems. What these
later in the ebook series.
51
DOCKER AS THE
DEVELOPER-FACING
FOR THE
INTERNET-AS-OPENPLATFORM
by MARK BOYD
52
SVP of Marketing at Docker, David Messina, explains that this new toolbox
companys mission statement:
53
success, OpenVZ never managed to get the technology merged into the
Linux kernel and always required a patch to make it possible.
this time, cgroups and namespaces were introduced, making containers a
functionality available within the Linux kernel. It became possible to use
something that looked like a container without patching your kernel. And
At the time, Hykes was leading dotCloud, an infrastructure platform as a
THE NEW STACK SUMMARY
service (PaaS) that was committed
to applying standards in the
Traditionally known for their network infrastructure, Cisco sees containers
a key technology forfor
enabling
customers' digital
transformation.
deployment of distributed asarchitecture
applications.
We
spent three
KEY PROJECTS
wrote a tool that was more stable. And thus Docker was born.
A member of the Cloud Native Computing
Foundation and Open Container Initiative.
KEY PARTNERS
KEY ACQUISITIONS
Google,Docker
Hashicorp,then
Mesosphere
Piston
CloudOS
Messina says that this is when
began its
own
process of
thenewstack.io
integrating innovation into its platform, identifying each challenge along
the way and addressing them one by one. At Docker, every step along the
way has involved incremental innovation, he says. It started with how do
https://github.com/docker
KEY PROJECTS
Docker - The Docker platform for building, deploying, shipping, and running container-based applications is available on Github as open source.
Docker, Inc. donated its container format and runtime to the newly-formed
Open Container Initiative.
KEY PARTNERS
A member of the Cloud Native Computing
Foundation and Open Container Initiative.
KEY ACQUISITIONS
Socketplane (networking),
Orchard Labs (orchestration)
thenewstack.io
54
55
56
THE CONTINUUM:
FROM CONTAINERS
TO SERVERLESS
ARCHITECTURES AND
UNIKERNELS
by ALEX WILLIAMS
57
along with etcd for service discovery. There are object stores, memory
stores and relational stores. The services are tied together with
There are lots of layers that the developer knows about implicitly, but
does not have an explicit understanding of how they all work. Systems are
historically heterogeneous and largely over-generalized. In new
architectures, hardware is largely commoditized, with virtual machines
working on hypervisors and virtual device drivers.
58
Bajor makes the point that the Linux kernel and users are natural enemies,
as considerable complexities are built into Linux to keep apps safe from
users, users safe from other users, and apps safe from other apps. That
means a lot of code and complexity in the system. There are also lots of
permission checks on the operating system. These checks have roots in
an era when time sharing was necessary on larger systems. There were
lots of apps and users, all working on the same hardware, all interacting
and working together.
drivers on the system, but there may also be hard drives and even tape.
The Linux kernel has a large attack surface, making it easier to get into the
system. Security patching is done, by an operations team, which creates
incompatibility issues with the developer teams who are writing the code.
outages.
59
Needs
Bajor points out that performance is a key-value driver for containers, but
they do have an associated complexity. For even higher performance
gains, there is a growing interest in technologies such as unikernels which,
proponents say, simplify the technology stack.
Unikernels are uniquely specialized virtual machines, similar to an
application stack they have application binaries and virtual hardware
underneath, Bajor pointed out. In the middle is a library operating system
THE DOCKER & CONTAINER ECOSYSTEM
60
that has its own network stack. Unikernels are self-contained and have far
fewer layers compared to a container stack.
The unikernel has minimal code, but still operates on the same hardware.
There are no permissions, nor is there isolation, Bajor said. Unikernels
implement the bare minimum of traditional operating system functions.
They do just enough to enable the application it powers.
By removing the traditional operating system layer, unikernels remove the
unneeded bulk of standard operating system environments, along with
their associated attack service. Unikernels are extremely light, allowing
higher density on commodity hardware. They can run their own services
that are born when the need appears, and die as soon as the need
disappears. Some of these transient microservices may have lifespans
measured in seconds, or even fractions of a second. They are just-in-time
computing services, which exist only when there is work to do, allowing
you to maximize the use of your computing infrastructure.
Unikernels have a corollary to the new serverless architectures gaining
popularity. We see this with services such as AWS Lambda, which Amazon
is investing in deeply as is evident in The New Stacks coverage from the
2015 AWS re:Invent conference.
Lambda was devised to run user-generated functions in the cloud,
without the need for the user to worry about any of the supporting stack
running said functions. Its not so much a Platform-as-a-Service as a
Function-as-a-Service. Lambda is a stateless computer service, meaning it
works on the data and delivers the output to another service.
The code has to be triggered by an external event, such as an incoming
THE DOCKER & CONTAINER ECOSYSTEM
61
call from a mobile app, web service, or by another AWS service. A change
in an Amazon S3 bucket or DynamoDB table can also trigger a function
call.
Lambda is novel in that it strips away all need to worry about any
supporting infrastructure. No more maintaining EC2 instances just to run a
single function. Infrastructure issues, such as scaling or maintenance, are
whisked away in abstraction. Typical Lambda jobs include image
Summary
In summary, what does this say about the continuum that we see as the
world develops new technology stacks? There is a new set of application
patterns and deployments. We have achieved a degree of compatibility,
Containers and unikernels are similar technologies, with unikernels
described as a Docker container on a diet. By bringing unikernels to
Docker, it could allow for greater familiarity with the technology.
62
63
64
Participating Companies
thenewstack.io
FIG 1:
65
Key Takeaways
Management and orchestration are top priorities for Docker and
container ecosystem companies.
Companies plan to invest in developer tools, networking and security
functionality.
66
Containers / OS
36%
Security
34%
34%
30%
Networking
26%
23%
Image Registry
23%
0
10%
20%
30%
40%
50%
60%
70%
Q: In what categories of the container ecosystem do you CURRENTLY have products or services? n=47.
Source: The New Stack Container Survey, completed May 2015
thenewstack.io
FIG 2:
67
50%
16%
46%
Security
11%
security, networking,
capabilities.
43%
Networking
11%
10%
20%
30%
40%
50%
60%
70%
Q: In what categories of the container ecosystem do you CURRENTLY have products or services? Veterans = 28. Startups = 19.
Source: The New Stack Container Survey, completed May 2015
thenewstack.io
FIG 3:
A companys current product portfolio is the result of its journey over the
last few years. Many of the younger companies in the survey seem to be
building solutions based on broad visions of how customers should be
using container technologies.
We expect that as the market matures and clear leaders in the platform
68
is also likely that many of the larger companies were describing a security
or networking tool they sell that may or may not actually be purpose-built
to deal with containers. We also asked the surveyed companies where
Security
23%
13%
Image Registry
Scheduler / Orchestration / Management / Monitoring
11%
11%
6%
Containers / OS
0
5%
10%
15%
20%
25%
28%
thenewstack.io
26%
26%
functionality were
founded in 2013 or later.
21%
17%
15%
Developer Tools
9%
9%
0
10%
20%
30%
40%
50%
70
thenewstack.io
71
FIG 6:
Other
11%
11%
Small Businesses
9%
2%
Don't Know
0
5%
10%
15%
20%
25%
72
thenewstack.io
IT Ecosystem Impact
Without a doubt, the rise of Docker and container technologies is making
waves in IT. The New Stack asked a series of questions about how vendors
answers point to those vendors and technologies most impacted by the
industrys adoption of container technologies.
Only 15 percent of companies say their products are being used for
73
73%
68%
66%
54%
39%
37%
34%
0%
10%
20%
30%
40%
50%
60%
70%
80%
74
thenewstack.io
In this context, containers are not eliminating the need for PaaS, but are
rather the catalyst for a new generation of IT professionals reevaluation of
how applications are developed and delivered. The companies targeting
application development teams sure believe so all but one said their
It is not surprising that AWS was the leading IaaS cited. The situation that
FIG 8:
OpenStack
HP
Docker
2x
Ansible
4x
BMC BladeLogic
6x
Scripted Deployments
8x
Puppet
Chef
10 x
0
THE DOCKER & CONTAINER ECOSYSTEM
75
Q: For the areas selected above, what 1 or 2 technologies or vendors are most often being automated, replaced or supplemented in your customers technology? n=17.
Source: The New Stack Container Survey, completed May 2015
thenewstack.io
AWS
5x
IBM
6x
Red Hat
Puppet Labs
Docker
VMware
Tutum
Cloud Foundry
1x
Pivotal
2x
Chef
3x
Ansible
Salesforce.com (Heroku)
4x
Apigee
Brocade (Vyatta)
CA Technologies (Layer 7)
CircleCI
CloudBees
Cohesive Networks
Datapipe
DigitalOcean
ElasticBox
Electric Cloud
Joyent
Mesosphere
MongoDB
Oracle
Prime Directive, Inc. (Flynn)
Soha Systems
StackEngine
Travis CI
Q: What orchestration / management / monitoring tools do you use? If you are a provider of these tools, its OK to indicate that you use your own tools. n=42.
Source: The New Stack Container Survey, completed May 2015
thenewstack.io
FIG 9:
These results indicate two things: these companies are synonymous with
the space itself and they are being threatened with disruption caused by
container technology.
76
77
to be successful. Along these lines, we can learn a lot from looking at what
the vendors we surveyed are using to support the development of their
own projects (Figure 10).
Being able to operate across multiple cloud platforms is one of the main
supporting the use of more than one infrastructure to deploy their
FIG 10:
Linux
56%
Bare Metal
OpenStack (any vendor)
48%
48%
46%
Microsoft Azure
42%
VMware
38%
33%
Windows
31%
17%
0
20%
THE DOCKER & CONTAINER ECOSYSTEM
Q. What infrastructure is your solution deployed on? Check all that apply. n=48.
Source: The New Stack Container Survey, completed May 2015
40%
60%
80%
90%
78
thenewstack.io
Ansible
Puppet
Homegrown
3x
Docker
CoreOS
Chef
4x
SaltStack
New Relic
Mesos / Mesosphere
1x
Kubernetes
Cloud Foundry
2x
Apprenda
AWS
CloudBees
cloudControl
ClusterUP
ContainerShip
Giant Swarm
Graphite
Heroku
Icinga
Jelastic
Joyent
Juju
Kyup
MaestroNG
Nirmata
Odin
Packer
Pertino
Red Hat
StackEngine
Swarm
Terraform
Tutum
Wercker
Zabbix
Zenoss
ZooKeeper
Q: What orchestration / management / monitoring tools do you use? If you are a provider of these tools, its OK to indicate that you use your own tools. n=42.
Source: The New Stack Container Survey, completed May 2015
thenewstack.io
FIG 11:
services. While its also no surprise that AWS leads the lineup of supported
infrastructures, most companies are supporting it in combination with
other platforms. In fact, nearly a third of vendors products are used on
strategy to be platform independent.
Participating companies eat their own dog food that is, theyre following
their own advice about using container technologies. 92 percent of survey
respondents use containers in their internal operations and 96 percent
THE DOCKER & CONTAINER ECOSYSTEM
79
Go
9x
8x
Application
Development
PHP
REST
API
2x
Linux
Docker
Node.js
4x
None
Python
Java
6x
Angular
Bash
Basic Linux
System Admin
Skills
C#
Chef
Command-line
Interface
DevOps
General Security
Practioner
IaaS Admin
JavaScript
JSON
Kubernetes
Linux
Lua
Middleware
Operations
Monitoring/
Alerting
Puppet DSL
Queuing
SQL
System
Administration
YAML
Q: What programming languages and/or skills are needed to use your product/service? n=36.
Source: The New Stack Container Survey, completed May 2015
thenewstack.io
FIG 12:
rely on at least one open source project. Yet its surprising that only half
of the companies say their technology relies on Docker.
Even if many companies say they do not rely on Docker, they are still
employees contributing to a project. In addition, almost 50 percent of
companies say they are using a NoSQL database internally.
In terms of how surveyed companies are managing their own containerbased environments, responses were all over the map, with no single
response garnering more than four percent of total responses, and some
30 tools mentioned just once (Figure 11). This suggests a very high degree
of fragmentation and an impending shakeout.
THE DOCKER & CONTAINER ECOSYSTEM
80
81
82
IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...
then used to integrate the various components and deliver the platform in
[IBM] is trying to look at that broader space: containers combined with
resource managers, orchestration, microservices and service discovery.
How do we really form a new platform on which applications can get built,
do all of these things start to come together in more interesting ways?
says Jason McGee, IBM Fellow, VP and CTO, Cloud Foundation Services at
IBM.
The piece parts are not as important as how the whole thing comes
together. The value is going to be how we build that integrated platform.
How do we have oversight over an application throughout its entire
lifecycle? How do we leverage that so it is easy to build and deploy
applications?
IBMs agenda to make all of this possible has a three-pronged approach.
First is the work of building the hybrid cloud platform that has the
capabilities to leverage containers and allow access to the cloud service
this sort of product. The platform is the easier part: they can build that
with their engineering team, drawing on the culmination of their
experience in virtualization, workload management technology and their
experience in building systems that control isolation and resource
management.
As a public cloud provider, we need to be able to run a lot of applications
83
IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...
users can share resources, and were doing that in ways that can exploit
underlying infrastructure, like running on bare metal.
The second prong of the approach is to rally the industry toward a
the second half of this strategy as requiring an active conversation within
the industry and amongst the developer communities, encouraging
debate and discussion to identify common solutions to hybrid cloud
integration challenges.
IBM is hoping they can use their market position, industry reputation,
background in helping move Linux to a container-based operating system
and support of open source tooling to foster developer communities
coming together to solve the next wave of application platform
challenges.
The work were doing with the Open Container Initiative, with the Cloud
Native Computing Foundation the work weve been doing in
partnership with Docker and Google and others is all about how to
drive us toward some common, open solutions for these problems, so
in how these problems are solved.
The third prong of the approach is providing a bridge to enable people to
connect their existing investments to this new platform. Building a bridge
means providing our existing middleware, such as application servers,
mobile and analytics, in a form that enables existing applications to
leverage the new cloud platforms, say McGee. For example,
pre-packaging middleware into containers that can be run in the cloud.
THE DOCKER & CONTAINER ECOSYSTEM
84
thenewstack.io
IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...
www.ibm.com/cloud
KEY PROJECTS
KEY PARTNERS
KEY ACQUISITIONS
N/A
thenewstack.io
McGee says that the architectural style of microservices is wellimplemented with a lightweight, rapid mechanism like containers. By
packaging middleware in containers, it leads DevOps to rethink what that
middleware needs to be and how it could be further decomposed and
decoupled.
85
IBM WANTS YOU TO USE A CLOUD PLATFORM OPTIMIZED FOR THE FULL...
more monolithic structure to it, you dont necessarily understand all the
dependencies within it, explains McGee, who says many of these
dependencies are only revealed once the work of decomposing a
monolith begins.
with all of the services the cloud platform provides.
If you view containers as an element in a broader cloud platform, some of
the services the platform is providing are horizontal concerns, like logging
and authentication. In a monolithic architecture, you may have solved all
services in the cloud, and just keep the application. So how do you extract
out all of those horizontal functions?
This integration with the cloud platform services enables these existing
applications to take advantage of the power and unique capabilities only
provided within the cloud.
Listen to The New Stack Makers podcast
with Jason McGee on:
Soundcloud or YouTube
86
DOCKER FUELS
RETHINKING OF THE
OPERATING SYSTEM
by SUSAN HALL
SAM CHARRINGTON
and most other major operating systems now have some sort of
comparable technology. But what sets these new container-centric
operating systems apart is that they are much lighter weight than a
traditional Linux distribution.
These traditional Linux distros have just gobs and gobs of packages, said
Kit Colbert, VMwares VP and CTO of Cloud-Native Apps. Theyve got 4, 6
app, youve got to have a JRE inside the container for that app to run. It
doesnt need anything outside the container to run. So why do you have 4
87
At the same time, the containers have to run somewhere, and that host
runs on an operating system as well. Hence the rise of these new
container-centric micro OSes.
The idea of a minimalist operating system isnt new. Stripped-down
operating systems have long been embedded in electronic systems,
CoreOS
Rivals give props to CoreOS for pioneering the micro OS even before
Docker came on the scene. The company recently added $12 million to its
88
700
600
Micro OSes are designed to be small, but some are more successful than others at achieving this goal.
636 MB
Traditional OS
576 MB
500
400
410 MB
Micro OS
395 MB
300
317 MB
200
215 MB
150 MB
100
20MB
CentOS 7
Ubuntu
14.10 Server
Microsoft
Nano Server
Red Hat
Atomic Host
VMware
Photon
Ubuntu
Snappy
CoreOS
RancherOS
thenewstack.io
FIG 1:
89
supports numerous deployment options, and many more communitysupported options are available.
CoreOS for production-ready environments and it feels like all these other
RancherOS
RancherOS, consisting of just the kernel and Docker itself, is one of the
smallest micro OSes, weighing in at around 22 MB, co-founder and CEO
Sheng Liang said, compared to about 300 MB for VMwares Photon.
While RancherOS also grew out of frustrations similar to those
developing its operating system, said Liang. To develop its Dockeroptimized micro OS, the company sought to build the minimal technology
required to run the Docker daemon on a Linux kernel. To achieve this, it
into most Linux distros, and rather use Docker itself to boot the system.
them, but winds up only killing the client while the container keeps
camps behind the two technologies for a long time, but is no longer sure
theres any way to solve the problem.
THE DOCKER & CONTAINER ECOSYSTEM
90
The way the industrys going right now, both the systemd and Docker
communities are on a bit of a collision course, Liang said. Both see
themselves as the ever-expanding center of the universe, and its hard [for
either] to listen to another master.
Ubuntu Snappy
Canonical boasts that Ubuntu is the most popular Linux distro for
containers, with over seven times more Docker containers running on
Ubuntu than any other OS.
Snappy is a very tiny, thin operating system, said Dustin Kirkland,
Ubuntu Cloud Solutions product manager and strategist at Canonical.
Snappy Ubuntu Core is the result of applying lessons that Canonical
mobile devices. To support carriers and users needs for reliable system
and application updates, the company developed the Snappy technology,
which uses transactional, image-based delta updates for the system and
ensure that upgrades can always be rolled back.
To enhance the security of mobile devices, Canonical created a
containment mechanism that isolates each application running on the
isolation beyond that available using Docker alone, but few details are
available.
In addition to Snappy, Canonical has unveiled a second element of its
vision for a containerized world in
based on
91
VMware Photon
The meteoric rise of Docker, itself essentially a virtualization technology,
has caused many to anticipate the VMware response, even, if not
announced a partnership back in
announcement of its lightweight OS Photon.
The changing relationship between applications and infrastructure is of
key importance to VMware, said Colbert. When you look at that split,
infrastructure portion of the Linux OS. Thats why we want to build that
92
Project
CoreOS
RancherOS
Ubuntu Snappy
VMware Photon
Microsoft Nano
Server
Automatic updates
ensure always
up-to-date, like
Chrome browser.
Cryptographically
signed components
enhance security.
Broad platform
and community
support.
Minimal system
required to get
Docker daemon
running on a
Linux kernel. Tight
alignment with
Docker and Docker
ecosystem tools.
Grew out of
Tighly integrated
with and optimized
for the vSphere
ecosystem.
Somewhat larger
than the smallest
micro OSes, but
broadest support
for container
A Microsoft
ecosystem play.
Still very early
little information
available beyond
a handful of
Microsoft blog
posts.
Platform
Support
Amazon EC2,
Azure,
DigitalOcean,
Google Compute
Engine (GCE),
OpenStack,
Rackspace Cloud,
Vagrant,
bare metal,
plus a variety
of communitysupported
platforms
Amazon EC2,
Docker Machine,
GCE
(Experimental),
KVM,
Vagrant,
VirtualBox,
VMware,
bare metal
Amazon EC2,
Azure,
GCE,
OVA,
Vagrant
Atlas,
Vagrant,
vSphere,
vCloud Air
Amazon EC2,
KVM,
Vagrant
Hyper-V
Container
Support
Docker,
rkt
Docker
Generic
Docker,
rkt,
Pivotal Garden
Docker
Windows Server
Containers,
Hyper-V Containers
Cluster
Management/
Service
Discovery
Fleet,
etcd
Rancher
Juju
vSphere
Kubernetes
Chef
Source
github.com/coreos
github.com/
rancherio/os
launchpad.net/
snappy
github.com/
vmware/photon
github.com/
projectatomic
License
Apache 2.0
Apache 2.0
GPL v3
VMware Tech
Preview
GPL v2
Size
150 MB
20 MB
215 MB
317 MB
395 MB
to adapt Ubuntu
for mobile,
resulting in update
and security
features similar to
those of CoreOS.
ARM support
unique among
micro OSes.
yum-compatible
package manager.
isolation.
410 MB
FIG 2:
93
94
95
role, Nano Server will be suited to a new class of apps that get developed
and deployed on Azure within a new Azure-based development
environment outside of the conventional client-based Visual Studio.
Its these new apps which will serve as Windows developers entryway to
the world of containers.
Developers writing for Nano Server will be guaranteed compatibility with
pre-existing Windows Server installations, because Nano Server is
adjustment period, however, until developers become accustomed to the
concept of microservices. Windows developers are used to having large
libraries of pre-existing functionality available to their code in a global
scope. Apps written to Nano Server run on a physical host, a virtual host
or in a container. Two types of containers work on both Windows Server
and Nano Server: the same Docker containers developed for Linux, and a
Hyper-V Containers.
These provide additional isolation,
distinguished engineer and lead architect, in The New Stack. Theyre
really used for things like multi-tenant services, or multi-tenant platformas-a-service, where youre going to be running code that might be
malicious that you dont trust.
The concept draws inspiration from Drawbridge, a containerization
isolation and sandboxing untrusted apps that could crash the system.
96
Its not surprising to see so many vendors jockeying for position. Two
camps are forming, Janakiram said: Red Hat, Docker and their allies on
Red Hat goes closer to Docker, VMware will go farther.
Google, he said, is on the fence. Google is smiling because they know
how to do containers very well, he said.
Kubernetes will work with rkt and theyre working to make it work with
they want to run containers on the Google cloud. But they dont mind
giving away some of their innovation on orchestration.
it as it works to overcome incompatibilities between Windows and Linux.
In 24 months the dust will settle, and well get to see whos the winner,
Janakiram said. Whos still relevant in the market.
97
ADOPTING CONTAINERS
IN ENTERPRISE
by VIVEK JUNEJA
Enterprise Motivations
By providing abstraction around the workload, and making it portable,
containers become the foundation for supporting a variety of more
THE DOCKER & CONTAINER ECOSYSTEM
98
FIG 1:
Q: For VMware users considering Docker, whats motivating you? (check all that apply)
Hybrid Cloud
(cloud interoperability, private/public)
45%
44%
VMware Cost
42%
VMware Independence
23%
23%
20%
30%
40%
99
50%
thenewstack.io
100
101
Q: What are you automating, replacing or supplementing in your customers' technology stack?
32%
Platform as a Service
29%
Infrastructure as a Service
29%
Management Tool
17%
Storage
0%
5%
10%
15%
20%
25%
30%
35%
thenewstack.io
FIG 2:
102
103
Containers in Practice
As organizations continue to drive agility and innovation, they naturally
bottlenecks. At the same time, they are turning to modern application
THE DOCKER & CONTAINER ECOSYSTEM
104
105
CONTAINER ECOSYSTEM
DIRECTORY
106
DEVELOPER TOOLS,
APPLICATION DEVELOPMENT/
DEPLOYMENT AND IMAGE
CREATION
Product/Project (Company or Supporting Org.)
Artifactory (JFrog)
JFrog provides software developers with a binary repository management solution that integrates into CI/CD
pipelines.
Atlas (Hashicorp)
Atlas unites Hashicorp development and infrastructure management tools to create a version control system
for infrastructure.
Bitnami (Bitnami)
Bitnami is a library of server applications and development environments that can be installed with one
click. Bitnami is beta testing functionality that will allow users to create container images.
Open Source
Apache Brooklyn is a library and control plane for deploying and managing distributed applications.
Open Source
Open Source
Chronos is a distributed and fault-tolerant scheduler that runs on top of Mesos that can be used for job
orchestration. Chronos is natively able to schedule jobs that run inside Docker containers.
Open Source
107
Cloudbreak (Hortonworks)
Cloudbreak helps users launch on-demand Hadoop clusters in the cloud or to any environment that
supports Docker containers.
Open Source
CloudSlang (Hewlett-Packard)
Open Source
Codefresh (Codefresh)
Codefresh combines Docker tools with a web IDE based on Eclipses Orion. The result is what they call a
Open Source
Codenvy (Codenvy)
Codeship (Codeship)
Codeship provides a hosted continuous delivery platform for web applications. It can be used to test Docker
ContainerShip (ContainerShip)
ContainerShip is a self-hosted container management platform, capable of running on any cloud, used to
manage containers from development to production.
DCHQ (DCHQ)
The solution provides self-service access to Docker-based applications using an agent-based architecture for
orchestration.
Open Source
Open Source
Open Source
108
Images
Open Source
dockersh (Yelp)
Dockersh is a login shell for machines with multiple users; it gives access to multiple users but allows for
isolation between them.
Drone (Drone)
Drone is a continuous integration system built on top of Docker. Drone uses Docker containers to provision
isolated testing environments.
Open Source
Open Source
Open Source
Ferry (N/A)
AWS, OpenStack and your local machine using Docker.
Flockport Apps (Flockport)
Flockport is a Linux container-sharing website. It also provides tools that make it easier to install and use LXC
containers.
Harbormaster (Crane Software)
Cranes main product is Harbormaster, which is a Docker Release Management platform. It focuses on
helping DevOps teams build, deploy and manage containers in production.
Hortonworks Data Platform (Hortonworks)
Hortonworks acquired Cloudbreaks ability to launch on-demand Hadoop clusters in the cloud or to any
environment that supports Docker containers.
109
Lorry (CenturyLink)
Lorry is a CenturyLink Cloud utility and open source project that provides a graphical user interface for
Docker Compose YAML validation and composition.
Open Source
Mantl (Cisco)
Mantl is an open source platform for rapidly deploying globally distributed services. It works with tools such
as Marathon, Mesos, Docker and Consul.
Open Source
Micro (MYODC)
Micro is a microservices toolchain consisting of a suite of libraries and tools to write and run microservices.
Open Source
Packer (Hashicorp)
Packer is a tool for creating machine and container images for multiple platforms from a single source
Open Source
Panamax (CenturyLink)
Panamax is a containerized app creator with an open source app marketplace hosted on GitHub. Panamax
provides an interface for users of Docker, Fleet and CoreOS.
Open Source
Powerstrip (ClusterHQ)
Powerstrip is a tool for prototyping Docker extensions.
Open Source
runC is a CLI tool for creating and running containers according to the Open Container Initiatives
Runnable (Runnable)
Runnable works with GitHub and other tools to automatically deploy commits and launch containers in your
sandbox when branches are created.
Shippable CI/CD (Shippable)
Shippable is a continuous integration platform built natively on Docker and using Docker Hub to deploy.
Shippable for OpenShift (Shippable)
Shippables continuous integration platform is now available natively on OpenShift in beta.
Open Source
Shutit (N/A)
Shutit is a tool for managing the Docker image building process; it expands on some of the capabilities of
110
Spoon (Spoon)
Spoon is a platform for building, testing, deploying Windows applications & services in isolated containers.
StackDock (Copper.io)
Infrastructure Services
Copper.io is a full stack developer toolset. They produce StackDock, which helps deploy containers. In
addition, it is developing storage and backup functionality for StackDock.
StackEngine (StackEngine)
StackEngine is an end-to-end container application management system that provides a way for dev and
enterprise IT teams to deploy Docker applications.
Open Source
Terraform (Hashicorp)
Terraform is a tool to build and launch infrastructure, including containers.
Open Source
Totem (N/A)
Totem is a continuous delivery pipeline tool designed for microservices.
Travis CI (Travis CI)
Travis CI is an open source continuous deployment platform; it is able to run on Docker-based
infrastructures.
UrbanCode Build (IBM)
UrbanCode Build is a continuous integration and build management server optimized for the enterprise.
It is designed to make it easy to scale
and
seamlessly plug into development, testing and release tooling. Supports Docker build and integration with
Docker registries.
Open Source
Vessel (N/A)
Vessel automates the setup and use of dockerized development environments. It is requires both OS X and
Vagrant to work properly.
Virtuozzo (Odin)
Odins Virtuozzo is a container virtualization platform sold to providers of cloud services.
Weave Run (Weaveworks)
Weave Run provides routing and control for containers, implemented as microservices.
Wercker (Wercker)
Wercker is a platform for automating the creation and deployment of applications and microservices.
111
xDock (Xervmon)
Xervmon is a cloud management platform. Its xDock lets users deploy, manage and monitor Docker images
in the cloud.
Open Source
Zodiac (CenturyLink)
Zodiac is a lightweight tool, built on top of Docker Compose, for easy deployment and rollback of
Dockerized applications.
112
RUNTIMES, PLATFORMS
AND HOSTS
Product/Project (Company or Supporting Org.)
Hybrid Cloud OS (HCOS) manages access to compute resources across a cluster of servers. By focusing on
managing policies across multiple environments, it aims to secure workloads and containers in enterprise
production environments.
Apprenda (Apprenda)
Apprenda provides a PaaS for enterprises that supports the hosting of containers.
Azure Container Service (Microsoft)
this cluster includes Docker and Docker Swarm for code portability and Marathon, Chronos and Apache
Mesos to ensure scalability.
Bluemix (IBM)
Bluemix is a PaaS for creating, deploying and managing applications in the cloud. As part of Bluemix, IBM
Containers allows you to run Docker containers in a hosted cloud environment.
Open Source
Boot2Docker (N/A)
be used with Docker Machine.
Open Source
113
ContainerShip (ContainerShip)
ContainerShip is a self-hosted container management platform, capable of running on any cloud, used to
manage containers from development to production.
CoreOS (CoreOS)
CoreOS is a lightweight OS based on the Linux kernel and designed for providing infrastructure to clustered
deployments, while focusing on automation, ease of applications deployment to containers, security,
reliability and scalability.
DaoCloud (DaoCloud)
DaoCloud is a China-based cloud computing company focusing on providing Docker services.
Open Source
Open Source
Dockers subscription model includes commercially supported Docker engines for the servers running your
application and a commercial registry service (Docker Trusted Registory or Docker Hub) of your choice.
Open Source
Giant Swarm is a hosted container solution to build, deploy and manage containerized services.
Google Container Engine (Google)
Google Container Engine is cluster management and orchestration system that lets users run containers on
the Google Cloud Platform.
THE DOCKER & CONTAINER ECOSYSTEM
114
Helion (Hewlett-Packard)
Jelastic provides a PaaS and container-based IaaS on a singular platform that includes container
orchestration.
Joyent Triton Elastic Container (Joyent)
Triton Elastic Container Service allows you to securely deploy and operate containers with bare metal speed
on container-native infrastructure; Joyent provides the Triton Elastic Container service as part of its larger
Kyup Cloud Hosting (Kyup)
Kyup provides cloud-based container hosting.
Open Source
LXD (Canonical)
LXD is a hypervisor for Linux containers, composed of three components: a system-wide daemon, a
Open Source
115
Open Source
Rancher (Rancher)
Rancher is a complete infrastructure platform for running containers in production.
Open Source
RancherOS (Rancher)
RancherOS is a 20MB Linux distro that runs the entire OS as Docker containers.
Open Source
runC is a CLI tool for creating and running containers according to the Open Container Initiatives
Scalingo (Scalingo)
Scalingo is a PaaS for containers; users push their code to Scalingo and it creates an image and allocates
resources to run the application in its cloud.
116
As of October 2015, Tutum is still in beta. Tutum automates the build, test, deployment and management of
containerized applications. It also has a free private registry to store Docker images.
WaveMaker (WaveMaker)
WaveMaker provides a PaaS for development and management of custom enterprise apps on private
infrastructure. It supports the running of Docker applications.
Windows Server Container (Microsoft)
Microsoft is working with Docker to ensure that Windows applications can be run on Docker containers.
117
ORCHESTRATION
AND MANAGEMENT
Product/Project (Company or Supporting Org.)
Hybrid Cloud OS (HCOS) manages access to compute resources across a cluster of servers. By focusing on
managing policies across multiple environments, it aims to secure workloads and containers in enterprise
production environments.
Azure Container Service (Microsoft)
this cluster includes Docker and Docker Swarm for code portability and Marathon, Chronos and Apache
Mesos to ensure scalability.
BanyanOps (BanyanOps)
BanyanOps launched in 2015 and does not yet have a product. It is focused on analyzing images and wants
to accelerate IT operations with containers.
Open Source
Open Source
Apache Brooklyn is a library and control plane for deploying and managing distributed applications.
Open Source
cAdvisor (Google)
cAdvisor (Container Advisor) is a Google-support project that analyzes resource usage and performance
characteristics of running containers.
118
Chef (Chef)
provision Docker containers.
Open Source
Chronos is a distributed and fault-tolerant scheduler that runs on top of Mesos that can be used for job
orchestration. Chronos is natively able to schedule jobs that run inside Docker containers.
Cloud 66 (Cloud 66)
Cloud 66 is an application provisioning and management service that allows you to build Docker stacks from
scratch on any public or private cloud vendor or your own infrastructure.
Open Source
Open Source
Lattice is an open source project for running containerized workloads on a cluster. Lattice bundles up HTTP
load balancing, a cluster scheduler, log aggregation and streaming and health management into an easy-todeploy and easy-to-use package.
Open Source
CloudSlang (Hewlett-Packard)
Consul (Hashicorp)
Open Source
Crane (N/A)
Crane is a lightweight wrapper around the Docker CLI that is used to orchestrate Docker containers.
Datadog (Datadog)
Datadog is a monitoring and analytics service for IT operations and development teams. It has containerized
agents that can monitor container environments.
119
DCHQ (DCHQ)
The solution provides self-service access to Docker-based applications using an agent-based architecture for
orchestration.
DCOS (Mesosphere)
Mesospheres DCOS is a commercial version of the Mesos OS for managing data centers. It supports both
Kubernetes and Docker.
Open Source
Open Source
Dray (CenturyLink)
provides a RESTful API for managing jobs and is most commonly used for containers hosting long-running
services.
Elasticsearch (Elastic)
Elasticsearch is a search and analytics engine based on Lucene.
Engine Yard (Engine Yard)
Engine Yard is a cloud orchestration PaaS for deploying, monitoring and scaling applications.
Open Source
etcd (CoreOS)
Open Source
Fleet (CoreOS)
Fleet is a distributed init system used to support cluster management and orchestration of containers.
Open Source
Flocker (ClusterHQ)
Flocker is a data volume manager for Dockerized applications.
Found (Elastic)
Elastics founder created Elasticsearch and they provide it as a service called Found. It can be used by the
Docker community for search and discovery.
Open Source
ImageLayers (CenturyLink)
ImageLayers.io allows Docker users to easily discover best practices for image construction, and aids in
120
IronMQ (Iron.io)
Infrastructure Services
IronWorker (Iron.io)
IronWorker is a platform that isolates the code and dependencies of individual tasks to be processed on
demand in a containerized environment.
Jelastic (Jelastic)
Jelastic provides a PaaS and container-based IaaS on a singular platform that includes container orchestration.
Open Source
Kitematic (Docker)
Kitematic is a graphic interface to manage Docker. The sponsoring company was bought by Docker, but the
actual software is now part of Dockers toolkit.
Open Source
Kong (Mashape)
Open Source
Kontena (Kontena)
Kontena is a container orchestration tool. It abstracts containers into application services and establishes an
internal network between linked services, making it easy to deploy and scale applications across multiple
hosts.
Open Source
Kubernetes (Google)
Kubernetes is an open source Docker orchestration tool. Google initially developed Kubernetes to help
manage its own LXC containers.
Logentries (Rapid7)
Logentries provides analytics tools to monitor Docker environments.
Open Source
MaestroNG (SignalFx)
Open Source
Open Source
121
Open Source
Percheron (N/A)
Percheron is used to manage images and containers.
Open Source
Shipyard (N/A)
Shipyard enables multi-host, Docker cluster management, and is fully compatible with the Docker Remote API.
StackEngine (StackEngine)
StackEngine is an end-to-end container application management system that provides a way for dev and
enterprise IT teams to deploy Docker applications.
Sysdig Cloud (Sysdig Cloud)
Based on open source Sysdig technology, Sysdig Cloud monitors containerized environments.
Tectonic (CoreOS)
Tectonic, which is currently being previewed, will be an enterprise version of Kubernetes.
122
xDock (Xervmon)
Xervmon is a cloud management platform. Its xDock lets users deploy, manage and monitor Docker images
in the cloud.
Open Source
123
INFRASTRUCTURE SERVICES
Product/Project (Company or Supporting Org.)
Open Source
Open Source
Crate (Crate.io)
Flannel (CoreOS)
Flannel is a virtual network for hosting containers.
IronMQ (Iron.io)
components.
Open Source
libnetwork (Docker)
Libnetwork provides a native Go implementation for connecting containers.
Open Source
Pachyderm (Pachyderm)
Pachyderm enables storage and analysis of data using containers.
Pertino (Pertino)
Pertino lets developers build container-level virtual private cloud networks.
Portworx PWX (Portworx)
Portworx PWX provides elastic scale-out block storage natively to Docker containers.
124
Open Source
Project Calico provides networking for OpenStack VMs as well as containers in a Docker environment. Each
container gets its own IP and security policy. Users of Clocker can use Calico with it.
SoftLayer (IBM)
SoftLayer provides infrastructure as a service (IaaS) including bare metal and virtual servers, networking,
turnkey big data solutions, and private cloud solutions. SoftLayer is supported as a provider behind Docker
Machine for quickly standing up a cloud-hosted Docker host.
StackDock (Copper)
Copper.io is a full stack developer toolset. They produce StackDock, which helps deploy containers. In
addition, it is developing storage and backup functionality for StackDock.
VNS3:net (Cohesive Networks)
Weave (Weaveworks)
125
CloudPassage (CloudPassage)
Open Source
Dockers subscription model includes commercially supported Docker engines for the servers running your
application and a commercial registry service (Docker Trusted Registory or Docker Hub) of your choice.
Docker Trusted Registry (Docker)
Docker Trusted Registry allows users to store and manage Docker images on premise or in a virtual private cloud.
Enterprise Registry (CoreOS)
Enterprise Registry provides a secure registry on an enterprises own infrastructure.
Flockport Apps (Flockport)
Flockport is a Linux container-sharing website. It also provides tools that make it easier to install and use LXC
containers.
Giant Swarm (Giant Swarm)
Giant Swarm is a hosted container solution to build, deploy and manage containerized services.
Google Container Registry (Google)
Google Container Registry provides secure, private Docker image storage on Google Cloud Platform.
Open Source
Notary (Docker)
for running and interacting with trusted collections.
using highly secure keys.
126
Polyverse (Polyverse)
Polyverse uses millions of individually protected containers to help prevent large-scale data breaches.
Open Source
Portus (SUSE)
Portus acts both as an authoritzation server and as a user interface for Docker registry (v2).
Private Image Registry Service (IBM)
IBM Containers on Bluemix provides a private Docker image registry service for hosting private images. The
private registry supports group access policies to allow teams to share private images.
Open Source
Infrastructure Services
Project Calico provides networking for OpenStack VMs as well as containers in a Docker environment. Each
container gets its own IP and security policy. Users of Clocker can use Calico with it.
Reesd Images (Reesd)
Reesd is a private Docker repository and storage service.
Open Source
Shipway (Shipway)
automatically publishes new Docker images when you push your repository.
Tutum (Tutum)
As of October 2015, Tutum is still in beta. Tutum automates the build, test, deployment and management of
containerized applications. It also has a free private registry to store Docker images.
Twistlock (Twistlock)
Twistlock provides a security framework for developers, allowing them to do security checks before pushing
security rules across multiple container clusters.
127
Infrastructure Services
128
129
DISCLOSURES
The following companies mentioned in this ebook are sponsors of The
Datadog, DigitalOcean, Hewlett-Packard, Intel, Joyent, New Relic, Pivotal,
130
thenewstack.io