Red Hat blog
Container technology, while not new, has certainly taken on new life in the last year and a half. At Red Hat, we’ve long preached that modern IT is all about the apps, and enabling consistency, interoperability and portability across physical, virtual, public and private clouds. This is why you’ve seen us, over the last 12+ months, talking extensively about our container strategy and unveiling innovations to help accelerate and streamline application development across the open hybrid cloud. In fact, one year ago last week, we were in San Francisco unveiling Red Hat Enterprise Linux Atomic Host and Project Atomic at Red Hat Summit 2014.
Much has happened since then. We announced key industry collaborations focused on advancing container technology, debuted Red Hat Enterprise Linux Atomic Host, and introduced the industry’s first certified container ecosystem program to help connect the vast ISV ecosystem to containers and make them consumable for customers.
Since the very beginning, we’ve said that true portability only comes if you can trust the platform, which is why we’re deeply invested in two areas you rarely see others in the container space talk about: container content and security (“What’s inside my containers?”; “How can I know where this container originated?”; How do I know it is free from security and other issues?”), and container lifecycle (“Who will support and provide updates (including security) for my container years from now? “Who will ensure that container-to-host OS compatibility is maintained?”). These are the concerns that we hear great angst about from customers, and we cannot stress enough how critical both of these are for true enterprise adoption.
We know from experience that it takes significant commitment and resources to bring open source projects to the point of commercial readiness, and have spent the last 20+ years diligently working to codify technology ecosystems, from Linux and virtualization to the cloud. Now, that work extends to containers, where we are applying what we’ve learned during this time period to create an enterprise-class, secure container-specific host, bring innovative container capabilities to the world’s leading enterprise Linux platform, integrate our industry-leading platform products powering the applications inside the containers and create a robust certification program for containerized applications, along with an extensive ecosystem of support and services. As we said at the launch of Red Hat Enterprise Linux Atomic Host:
An application architecture based on Linux containers requires not only the tools to build and run containers, but also an underlying foundation that is secure, reliable, and enterprise-grade, with an established lifecycle designed to meet the ongoing requirements of the enterprise over the long term. These requirements include mitigation of security concerns, ongoing product enhancements, proactive diagnostics, and access to support. Red Hat is committed to offering enterprises a complete and integrated container-based infrastructure solution, combining container-based application packaging with robust, optimized infrastructure that will enable easy movement of Red Hat Enterprise Linux-certified applications across bare metal systems, virtual machines and private and public clouds - all of this with the product and security lifecycle that enterprise customers require.
Today, it seems like there is a new entrant into the container space every time we turn around as containers quickly move into the mainstream. Unfortunately, answering questions about security and lifecycle support are not questions every vendor is prepared or equipped to answer as they jump to take advantage of consumer hype.
Yesterday, VMware made an announcement that helps to reinforce the market reality of the platform as it relates to Linux containers: if you want to be a container contender, you need to have a Linux distribution. From plain container support in the Linux kernel to Docker simplifying the user experience, Linux containers have taken the market by storm, building upon the strengths of the Linux operating system as it evolved over many years. Given the tight coupling, however, between software running inside containers and the operating system underneath, delivering Linux containers successfully to customers requires both a Linux OS for the host and application runtimes inside containers optimized for the host OS. This is a space that Red Hat is well-versed in, having led the market for more than a decade with Red Hat Enterprise Linux and with the recent launch of our container-optimized version in Red Hat Enterprise Linux Atomic Host.
We want to take this opportunity to break down the capabilities that make a successful operating system for containers.
There are two key components to successfully running containers : the core runtime environment and an ecosystem of certified content and supporting partners. Red Hat Enterprise Linux Atomic Host, CoreOS and VMware’s Photon project are primarily focused on providing a lightweight runtime environment and, in these solutions, security, flexibility and performance are paramount.
Given that this core runtime environment forms the foundation of a container-based deployment, rock-solid, trusted security for mission critical workloads is essential. Optimized, smaller distributions are an important component for secure container deployments, delivering a minimal threat surface, which all of the above distributions achieve. Red Hat Enterprise Linux Atomic Host, the Project Atomic community, and CoreOS are also driving next-generation update models as well, improving the way that updates can be delivered to hosts with more consistency and efficiency.
In the enterprise, however, the security of containerized applications is primarily defined by the software running inside containers- and this is where Red Hat Enterprise Linux Atomic Host really shines by providing the application runtimes alongside the operational tools to detect, find and patch security vulnerabilities before they can disrupt operations. Security is always evolving, so without the ability to respond and resolve security issues efficiently, the system as a whole can be exposed beyond the single container or host being vulnerable. Red Hat’s security capabilities provide an industry-leading solution, refined over the course of 20+ years and covering enterprise-grade lifecycles for more than 100 different products built from thousands of open source projects, from Red Hat Enterprise Linux and OpenStack to Docker, Red Hat Software Collections, OpenShift and JBoss Middleware.
The next key capability in the core runtime environment flexibility is the ability to launch and operate your container clusters on any infrastructure you choose. Whereas Photon is optimized towards vSphere and running on a traditional, virtualized infrastructure, Red Hat Enterprise Linux Atomic Host extends that to running directly on hardware as well as virtualized infrastructure whether public or private. At Red Hat, we have a world-class hardware certification program committed to supporting our products and taking advantage of the latest hardware available. We also optimize towards next-generation Infrastructure-as-a-Service (IaaS) environments encompassed by OpenStack and the entire Red Hat Certified Cloud Provider program.
The last capability often goes unnoticed until it’s a problem - performance. This is where flexibility is constrained by depth of expertise or the lack thereof. If you are building your container infrastructure with the goal of running mission critical workloads on whatever infrastructure meets your needs, you need to know that the core runtime environment will perform at scale. We live and breathe performance at Red Hat and it’s shown by our extensive list of outstanding industry-standard benchmark results.
When customers say “performance,” what they often mean is “bare-metal” performance, a need typically at loggerheads with the constant demand for flexibility. And bare metal performance requires exactly that - installation on the bare metal, without the overhead or burden of a hypervisor. Red Hat Enterprise Linux Atomic Host delivers the flexibility to deploy where needed while retaining the capacity for bare-metal performance when needed.
While all of the performance tuning and benchmark work accrues to Red Hat Enterprise Linux Atomic Host, we are also constantly pushing the boundaries of container performance testing from low latency networking use cases to optimizing running on KVM. We want Red Hat Enterprise Linux and its Atomic Host variant to set the standard for performance for the use cases you have today as well as the ones you haven’t even thought of yet.
All of the above goes back to our belief that it is all about the apps, and that today’s enterprise customer wants consistency, interoperability, and portability across physical, virtual, public and private clouds. As Paul Cormier, Red Hat’s president of Products and Technologies, recently said:
Linux containers, both augment and depend upon the consistency of the operating system. That consistency will be critical from a standalone container host (i.e. Red Hat Enterprise Linux Atomic Host), to an IaaS (i.e. OpenStack), to a PaaS (i.e. OpenShift), all the way out to the public cloud. Thanks to the portability of Red Hat Enterprise Linux containers, developers can easily move applications from one of the four footprints to another, while still maintaining the application consistency that app developers and ISVs require. This helps further bridge the gap that exists between public clouds and VMs, for example.
But, containers are not all the same, what's inside counts; you still need a solid platform upon which Linux containers can run. The flexibility of Linux containers, in that the consistency Linux containers give to the application, are even more relevant in platforms such as OpenShift and OpenStack. Containers in and of themselves are a piece of the solution, but not necessarily the entire solution.
Today’s announcement from VMware reinforces our belief that the operating system is a critical piece of the container equation, and that true Linux container contenders will have a Linux operating system. But, an operating system is only the beginning. These contenders will step forward and not only speak to the importance of container security and lifecycle support, they will provide both to customers, along with the flexibility and performance described above. They will have certification programs that offer consumers both choice and confidence. In short, they will help containers move from hype to true enterprise adoption. Red Hat is proud of the work we’ve done on this front to date, and look forward continuing our work to lead the enterprise container revolution.