BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Buyers considering a container management system must look at six important decision points for container products, which come from a combination of needs and product capabilities. Since a container management system is often a multilayered one, buyers can begin the complex buying process by narrowing down what they need container management software to achieve for them and then exploring the available options from that starting point.
Basic container hosting
There are two container hosting software paths: one for users who have typical application security needs and one for those who need significantly more. For basic application security needs, Docker is a clear leader in the container market, so anyone looking at containers should plan for Docker unless they find a clear reason otherwise. Whether you have typical or exceptional security needs is the only real factor for selecting a basic container hosting product.
Where security requirements are exceptionally high, the best option is the second-most popular container hosting software package, CoreOS Rkt (pronounced rocket). Based on the Open Container Initiative standards but also able to run Docker containers, the Rkt container management system provides better isolation, as well as better and easier monitoring for the hosted applications. While some users may consider Rkt for this monitoring capability alone, the popularity of Docker and its widespread support make it a better choice if there aren't better reasons to look elsewhere.
There's a lot of market movement in this space. OpenStack launched its own container project, Kata Containers, that promises to merge container simplicity and VM security. This container project is not yet available for purchase but may be an option for the future.
Once you have a container hosting package identified, you can move on to the next step: the orchestration strategy. Most container users will either elect to deploy applications using Docker or Rkt tools alone for container management. Those that don't have their needs met by these platforms add a basic package for orchestration.
You should plan to use Docker alone as a container management system, with no external orchestration, if:
- You work for an SMB.
- There is limited technical support personnel available.
- You have little experience with open source software.
- The company will likely rely on third-party help to deploy containerized applications.
It's hard to set a statistical boundary on the Docker-only user, but if you have a single data center with fewer than about 50 servers, no more than a dozen applications and you rely more on third-party applications than on internal software development, you probably don't need to go beyond Docker. Plan your Docker deployment to use the swarm mode feature to manage pools of server resources. Eventually, most Docker users look to use resource pools, and you'll have an easier evolution to large-scale Docker use if you plan for that from the beginning.
Docker has basic tools to deploy containers on servers, but as the scale and complexity of that deployment -- and of redeployment -- increases, then you'll need something more feature-rich. There is no Rkt tool set to address resource pools and scale as there is for Docker, so if you pick Rkt, you will always need additional software for automation. It is a best practice to orchestrate high-security environments, because orchestration's automated actions create consistency and reduce errors.
There are two layers to container orchestration: one designed primarily to automate the assignment of containers to servers and one to manage container hosting resources in a generalized way.
Kubernetes is ideal for the first type of orchestration. Kubernetes is an open source software tool designed to add automation to the routine container application lifecycle processes. It offers special facilities to define pools of resources -- known as clusters -- which allows users to assign hosting resources by class. Clusters help Kubernetes simplify hybrid and multi-cloud application hosting as well. Kubernetes is available from diverse sources, including public cloud providers, so review all providers to see which one fits your plans best.
Docker and Kubernetes are the core of two popular open source product suites: Red Hat OpenShift and VMware Pivotal Container Service. Both these offerings bundle support with container software and orchestration, and the combination suits companies just starting with containers that fit the Docker or Docker-plus-Kubernetes profile for a container management system. VMware offers a Docker-only option with vSphere Integrated Containers, but unless the container deployment will remain static, a Docker and Kubernetes combination is the best option. Businesses that already use VMware or Red Hat would be best served by staying with their current vendors. For others, it's smart to pick the tool with the most favorable license terms.
Public cloud users
If you are in the "look first at public cloud tools" category, that means you expect to do most of your container deployment in the public cloud rather than in an owned data center. The first question to ask is whether you expect to be a multi-cloud user or to eventually add containers to your data center. If the answer is no to both of these, then you should plan to get all your container support from the cloud provider. If your answer is yes to both of these, then you should plan to do container orchestration via Kubernetes and use Docker for broad public cloud compatibility.
Amazon, Google and Microsoft all provide container hosting and Kubernetes-based orchestration. Amazon's Elastic Container Service has tight integration with other Amazon Web Services products, which makes it a popular choice for users who want access to all the special features that Amazon offers. The new product, Elastic Container Service for Kubernetes, has the same integration but uses Kubernetes orchestration versus Blox. Google Kubernetes Engine (renamed from Google Container Engine) is built around Kubernetes orchestration and might be better for those planning to use Rkt instead of Docker. Microsoft's Azure Container Service has also shifted emphasis toward Kubernetes and is ideal for public cloud users who have a Windows Server data center focus.
Resource abstraction and orchestration
Businesses with the most complex applications, workflows and resource requirements turn to a container management system that specializes in resource abstraction and orchestration. These products extend orchestration considerably -- first, by enabling the user to create abstract resources that can move between cloud providers and data centers, and second, by expanding the policy controls available to guide application containers to the best host.
Apache Mesos is the core product for resource abstraction and orchestration, one that everyone in this "most complex container use" category should consider using. Many users of Mesos add in Mesosphere DC/OS as an additional layer to improve scheduling of tasks, resource optimization and control, management and operations efficiency. This combination is ideal for both very large companies that are security-intensive and very highly security-intensive companies. It's also very valuable for managing multi-cloud and dynamic hybrid cloud applications that involve reconfiguration, reuse of components, cloud bursting or failover.
Kubernetes can provide orchestration functions for Mesos and DC/OS, but the Marathon framework offers greater flexibility in policy-based resource assignment in Mesos. You can set policies on container deployment and redeployment to administer complex rules on resource use, including optimizing multi-cloud to minimize costs and to maximize redundancy. While Marathon is a more complicated system than Kubernetes, for complex container deployments, it can save a considerable amount in cloud hosting and operations costs down the line.
This combination of Mesos, DC/OS and Marathon is the gold standard for massive, complex container deployments. All of these elements will require considerable technical skill in dealing with open source tools and containerized applications. Even large enterprises should assess whether they really expect to reach the maximum level of container complexity before they jump in to this final option.
Before you make any buying decisions, look for suppliers that integrate your selected container management tools into a single package. Like application middleware, container tools have version dependencies that you should address before you can use them in combination. Getting a single distribution with all your tools relieves you from the burden of doing that integration yourself.
These steps should give you the information you need to deploy containerized applications successfully. The next step will be to assess each of the tools individually.
With extensive research into container management software, TechTarget editors focused this series of articles on vendors that provided the following functionalities: orchestration, container networking and hybrid cloud portability. We are featuring vendors that either offer leading-edge unique technology or hold significant market share or interest from enterprises. Our research included Gartner and TechTarget surveys.