Should your agency use containers for multicloud management?
- By Bob Burwell
- Jun 02, 2020
Government agencies increasingly recognize that a successful approach to leveraging multiple cloud environments must allow for applications and components to interoperate across boundaries (public/hybrid/private cloud and on‐premises), between cloud instances and even between architectures.
Multicloud management has taken on heightened relevance in the coronavirus-driven telework environment. Agencies require the flexibility to rapidly adapt to changing requirements, which can be enabled if applications and services are containerized and built to run in a cloud-based infrastructure. As digital transformation moves us to think “cloud first” or “cloud right,” we must take this opportunity to further improve application availability, application portability, cost savings and ease of management.
Historically, agencies turned to virtualization. Unfortunately, with so many different and incompatible virtualization technologies in play both on-premises and in the public cloud, application portability efficiencies are seldom a focus. And while these virtual server platforms may be the best way to operate workloads with divergent software requirements, they are expensive, inefficient and the scenario itself is suboptimal. Virtual machines (VMs) consist of an application, an operating system and, if not carefully crafted, the additional bloat of included but unused applications. Containers, however, are lightweight, application specific and quickly deployed.
In an ideal world, a properly designed group of application workloads would focus on the application itself and associated data. It would run on top of a single operating system and be dependent on the smallest possible set of supporting software components. This is called application containerization, or more simply, containers.
Containers are a highly efficient way to separate independent workloads on a single host. This separation makes containers similar to VMs, but containers can provide greater server efficiency. It is not unreasonable to experience 10x (some have experienced over 250x) the density when moving to containers from VMs. In other words, if an agency was running 100 VMs on a server, it could run 10x that, or 1,000 containers, on that same platform.
Consider agencies that were hit with a surge of laid-off workers filing for unemployment benefits during the coronavirus pandemic. A traditional VM environment would be challenged to scale quickly to address needs. Containers, on the other hand, can help an agency pivot quickly by moving some workloads to the cloud or rapidly scaling either in the cloud or on-premises. During the COVID crisis, one agency was able to pivot to the cloud and reduce the citizen login time to a claims management system from two minutes to a few seconds.
Is your agency ready for containers?
We are already seeing tangible and extensive container use cases across public-sector customers. U.S. Citizenship and Immigration Services Cyber Division Branch Chief Adrian Monza recently estimated that USCIS is running 550 services and over 1,000 containers in its nonproduction environment and 270 services and just under 500 containers in its production environment.
Before moving forward with containers, agencies’ should have a good understanding of their application portfolio. Larger applications with a complex series of fluid components, as well as those with accelerated scaling and deployment characteristics, are a good fit for containers. Less so are legacy applications that might, at least initially, have more intensive and custom requirements. Cross-agency interdependency requirements may also be a short-term challenge to move to containers.
Using Kubernetes to address container challenges
The lack of a cohesive management framework in containerization systems typically results in a chaotic sprawl of containers randomly distributed across a group of physical servers. To address these limitations, container orchestration systems have been developed to provide a management framework that simplifies and automates both organizing and deploying containers. One of the most popular is a system called Kubernetes.
Kubernetes organizes containers into logical groupings that also provide load balancing as well as some measure of data sharing and management. Its features include:
- “Pods,” which are a group of containers of related functionality that run on the same server so they can directly interact and share resources.
- “Volumes” allow containers in pods to share data by creating a filesystem that can be simultaneously used by all containers in the pod.
- “Services” are a load balanced group of pods distributed across servers to provide redundancy and high availability.
- To enhance security, services can be either exposed to user activity or only visible to containers.
Benefits of application containerization
By either initially developing or later refactoring applications to use containers, container orchestration, and a highly available shared storage system, agencies can ensure their applications are highly portable – including data rich or stateful applications. Therefore, it will be possible to automatically deploy and upgrade them from a library of container templates in any environment that includes any combination of containerization and storage systems.
Moreover, these capabilities and benefits are not limited to physical implementations in on-premises or colocation data centers. Many container, container orchestration and shared storage systems are available and operate in the public cloud.
With emerging storage and data services platforms, agencies can now deploy and maintain data-rich applications with Kubernetes, along with the flexibility to tap leading public clouds and/or on-premises data centers. Agencies can also leverage these platforms to backup and restore data or migrate applications from one Kubernetes cluster to another in a multicloud environment.
Containers promise, among other things, freedom from vendor lock-in. While containerization technologies like Docker will continue to have relevance, moving forward, the de-facto standard for multi-cloud application development will be Kubernetes. Equally critical is that new container-based cloud orchestration technologies will enable true hybrid cloud application development, which means new development will produce applications for both public and on-premises use cases. This means no more transporting applications back and forth. Instead, it is now easier to move workloads to where data is being generated rather than what has traditionally been the other way around.
Bob Burwell is the CTO of state and local government and education with NetApp.