Container Technology – Interview with Markus Eisele

The cloud report conducted five short interviews with five people from the cloud and container technology environment and asked five questions. The third interview was with Markus Eisele, Developer Adoption Program Lead EMEA, Red Hat 

 

Why use container technology? 

A large number of companies are modernizing their applications these days, mostly to keep up with the ever-growing demand and to be able to serve new business needs. With more and more people and devices being connected to the internet and people using them to communicate with their favorite companies online, the traditional three-tier application architecture can’t keep up anymore. Container and orchestration are an integral part of microservices-based architectures and a perfect fit for cloud-native applications. From an operations perspective, an enterprise cloud platform gives companies the ability to use their resources more efficiently and orchestrate and distribute them according to their needs. 

Cloud-native application development helps build and run applications that take full advantage of the cloud computing model based upon four key tenets: a service-based architecture, API-based communication, DevOps processes, and last but not least a container-based infrastructure. The container is the key factor. Cloud-native applications rely on containers for a common operational model across technology environments and true application portability across different environments and infrastructure, including public, private, and hybrid. Container technology uses operating system virtualization capabilities to divide available compute resources among multiple applications while ensuring applications are secure and isolated from each other. The low overhead and high density of containers, allowing many of them to be hosted inside the same virtual machine or physical server, makes them ideal for delivering cloud-native applications.  

 

What is the best invention of the last 12 months? 

A major step towards more fledged and secure containers was done with Buildah and Podman. Those two projects allow the creation and running of containers without heavyweight and probably unsecure daemon processes. This goes along with the standardization of the container definition through the Open Container Initiative (OCI) which provides standards and the ability to prevent lock in to specific vendors. Buildah makes it possible to create containers without using Docker, which means that users can implement Docker and OCI-compliant container images with Buildah without the need for executing a container runtime daemon. In addition to building and operating containers, Buildah offers one more key advantage: It is a command line tool. This means that developers can integrate it into existing pipelines for application creation with much greater ease. 

 

What is your security approach? 

Container security is the protection of the integrity of containers. This includes everything from the applications they hold to the infrastructure they rely on. Container security needs to be integrated and continuous. In general, continuous container security for the enterprise is about: securing the container pipeline and the application; securing the container deployment environments and infrastructure; integrating with enterprise security tools and meeting or enhancing existing security policies. 

In principle, container security is a complex issue, so here are a few specific points which should be considered. Regarding the host system, it must be ensured that no unauthorized access is possible between the resources used. In addition to container runtime and orchestration, a solid Linux is especially important. It must also be guaranteed that container images are only provided from trustworthy sources. On the application or container side, security measures must be taken, for example for the base images, the build process or the deployment. Red Hat OpenShift delivers a modern, scalable approach to securing the entire application platform stack, from operating system to container to application. 

 

What is your favorite product in regards of container technology? 

Red Hat OpenShift offers a consistent hybrid cloud foundation for building and scaling containerized applications. Therefore, users can benefit from streamlined platform installation and upgrades. Red Hat OpenShift comes with a nine year enterprise support lifecycle from one of the leading Kubernetes contributors. But it does not stop there. It goes all the way to developer-friendly workflows including built-in CI/CD pipelines and our source-to-image capability that enables users to go straight from application code to container. And Red Hat OpenShift also extends to new technologies – including serverless applications with Knative, cloud services through the Red Hat OpenShift cloud service broker, and streamlined service communications with Istio and service mesh. 

 

CaaS vs. PaaS: which solution are you using/providing and why? 

Red Hat OpenShift can be both, depending on the business focus of a company. The best Dev experience is secured by all the integrated parts which take care of the software development processes and make up a successful Platform as a Service (PaaS) offering, and the best Ops experience for containers is an integrated Container as a Service (CaaS) platform. The term CaaS describes not much more than the deployment of a container execution environment in a public cloud. Red Hat offers OpenShift on Azure together with Microsoft, and OpenShift Dedicated is available on AWS – both as a fully Red Hat managed solution. The advantage for users is that they no longer need to worry about administration or operations. 

 

Markus Eisele 

Is Java Champion, author, speaker at national and international conferences, co-founder of JavaLand and well-known personality in the Enterprise Java community. He leads the Developer Adoption for Red Hat in EMEA.