Container World 2016 – Questions and Answers

Robin Zimmerman

John Fallows, Kaazing Co-Founder, President and CTO, participating on the Keynote Panel on Day 2 of ContainerWorld 2016.

THE HYBRID CLOUD AND NETWORKS

[John Fallows]  Containers are designed to isolate a workplace, right?

And you know when we talk about hybrid cloud, it could be that we are talking about the ability to migrate workloads from on premise to cloud or whether we are talking about cloud to cloud migration. It could be that we are talking about hybrid networks that expands those different environments where the things are still running where they are supposed to run but we’re talking about how to connect them together. And they may not even have containers on all sides of them, right?

[Panel Chair] Back to networking.

[John Fallows] Pardon?

[Panel Chair] Back to networking.

[John Fallows] So you know for hybrid clouds I think containers are a very good use case for being able to migrate workloads, doing it seamlessly of course is very challenging technically especially if there is state involved.

You know you’ve got to do that reliably at speed and that any time the networks are far apart, latency plays a part. When we were thinking back to the early days of Kaazing , you know we were extending the reach using WebSocket to extend the reach of message-driven architectures, event-driven architectures beyond the boundaries of the data center firewall so it could reach down to let the mobile devices and browsers be first class participants. We’re extending the reach of the protocols that are usually running over TCP over WebSocket instead. So when you do that, you kind of invalidate all the assumptions about the protocols that are used to running inside the data center like, “What’s the latency expectation? What are the round trip times? What is the security environment?…” and so on. So you know containers are very good new space for hybrid clouds, yes. And there are still some challenges to overcome.

 

FULLY CONTAINERIZED IN A FIVE YEAR TIMEFRAME

[John Fallows]  You said the five-year time frame; I think it is certainly reasonable to say that containers could become mainstream in that time frame.

Some of the pressures that will help to accelerate towards that perhaps even more aggressively is the fact that all of it is virtually driving forward. We’re seeing an evolution in architecture. I mentioned earlier about event-driven architecture. We’ve heard it described in a number of different ways like micro services based architecture. We’ve seen it around, having the smaller pieces of the overall architecture – things that we did for isolation, for security, for scale-out, for lots of different and very good reasons, a to finer-grained then would typically be viable at the same cost point as you can get from VMs, right?

So you know, just by virtue of the economics, I think that people would be looking to try for to get isolation from the development side and on the operation side would be a cost prohibitive effect as well.

And then those are the economics pressures they will cause it to march forward and if the economics are right, I still think that there is a play for VMs in there because there’s too much of the investment that’s already there. So, it does not make sense to try to undo that, it doesn’t happen every night. And then shouldn’t necessarily be strived for. But where these things makes sense to fit together, I think we can get some economic benefit as well as technology, tech influence . And then we can see how much shorter… could be 3-5 years.

WORKING INSIDE A FULLY CONTAINERIZED ARCHITECTURE

[John Fallows] Yes so we were talking here about working inside a fully containerized architecture, there might be describing multiple tiers or multiple zones… trust zones in the architecture.

There’s also the aspect of trying to tie these different worlds together or bridging beyond the boundary of your containerized world so that to be able to interface to the big legacy systems that they are still running. So, there are different aspects to the networking beyond what’s just inside Docker or containers in general.

It is also the ability to bridge outside as well. And even in cases where we might need to be able to, reach to a system or another data center that doesn’t want to open its firewall. It needs to dial home node to establish a trusted route and maybe doesn’t want to set up an entire VPN for that.

Because sometimes we hear stories in the news about VPNs having too broad access and opening up routes to systems that we didn’t intend. So in the spirit of isolation, Kaazing’s KWIC solution delivers application to application integration, which is much narrower. And therefore much more isolated than the use case that its intended for.

ANOTHER WAY OF LOOKING AT IT – PREVIEW BEFORE YOU RUN

[John Fallows] Just to add to that… I think that another way of looking at it is to say that if we look at these containers, as being the definition of the runtime that occurs in ops as well as dev.

then another way of looking at it is that the developer gets a preview of how this step is going to run in operation. So they get to see in advance of the deployment, the kind of environment, and because they get help to define it and perhaps there’s some rigor where there’s some feedback from the opposite saying ‘no, this is the way that we need you to help us shape these things to be more effective for me’. But being able to see it upfront and have that contract of being a behavioral contract.

The size of these things, we talk about them, right, so you know VMs are a little larger generally speaking because they bring the OS with them. The container is usually much smaller and best practices single process, right, shrink-wrapping that. And having this idea that you’ve really got a secure, isolated environment executed. So it’s really a change in the mindset of instead of trying to make it as perfect as possible, and then deploy it and then have the ops guys make sure it’s absolutely perfect.

There’s much more about, you know we realize that there are zero-day attacks and other kinds of problems that we are going to encounter. And we need the ability to update quickly. It’s much more about you know, recover, define the run time on the edges, have a binary contract from the outside how these things interoperate with the other pieces. And define that… and not necessarily need to specify so much about what’s happening inside so long as the external contract it believes it has. which only helps foster innovation in the dev cycles and the agility that they are looking for.