Using containers with Red Hat Enterprise Linux

Traditional application deployment models are complex and fragile. As applications move through the pipeline from development, into testing, and finally into production, maintaining a consistent runtime environment is difficult, time-consuming, and error-prone. It is even more difficult when multiple applications, each with unique dependencies, are hosted on the same systems. Packaging applications with Linux® containers helps eliminate this complexity and provides an easier and faster application development and deployment model.


Applications, whether developed in-house or provided by a third party, demand a specific runtime environment to ensure proper performance. Many third-party applications require a specific environment to ensure the provider can and will support them.

Promoting an application from development through testing to production requires implementing the correct runtime environment in all three stages. The runtime environment might require a specific deployment of the operating system, shared libraries, supporting programs or scripts, and resource configurations. Determining the exact runtime environment can be a challenge, requiring IT staff to spend time delving into the exact versions of all the various components. Manually configuring the required environment is time-consuming, error-prone, and must be done consistently across all three stages.

The inherent problems with traditional packaging and deployment are often managed with automation. However, even with automation improvements, the process is still fragile and does not always result in a consistent implementation. This can lead to subtle or hard-to-diagnose problems in production deployments.

Keeping environments consistent can be even more difficult when you need to deploy multiple applications or perform required runtime updates and maintenance. Applications often require different libraries, configurations, or supporting programs, which result in a larger set of items to consider, as shown in Figure 1. Updates aggravate this problem, as various components may require updates at different times while keeping stages in sync.

Figure 1. Achieving a consistent runtime environment across deployments can be difficult and time-consuming. Here, application A’s library version (Y.1) conflicts with application B’s version (Y.2) once they are moved into the same environment. Containers prevent this kind of conflict.

When applications demand different configurations or versions of the same resource, it can be very hard to avoid conflicts. These conflicts ultimately lead to applications that are isolated in separate deployments or a least-common-denominator approach to deployments. The former can lead to server or virtual machine sprawl, as each application requires its own isolated environment. The latter can constrain the development progress, forcing new applications to fit an existing runtime environment.


Containers can make application deployment easier, providing a consistent application runtime environment across all stages of development, testing, and production. Containers combine the application and its required runtime environment in a single package. This allows the application container to be created in development and then moved, unchanged, through testing and into production.

Determining the proper application runtime configuration is easier and faster when it is done by the administrator or engineer closest to the application. Additionally, because the application container includes the proper runtime components and configurations, no set up is required. This eliminates the additional effort per step and avoids errors from environmental differences that plague traditional approaches.

Containers also simplify multiple application scenarios by isolating each application. Each application container can have a unique runtime environment, allowing the application packagers to ignore component conflicts that exist between applications, as shown in Figure 2. This avoids the limitations of the least-common-denominator approach.

Figure 2. Containers remove complexity and increase portability. A container holds both the application and components required at runtime. Containers can then move across environments without risk of conflict, eliminating complex synchronization tasks.

Application developers using containers can choose the best runtime environment for their application. And maintenance of application containers is easier than maintaining applications grouped in an environment. Containers are managed as images, so an update means replacing the entire container with a new one—as opposed to updating individual components.

Finally, processes running in a container are isolated from other applications on the same system. This provides similar benefits to using virtualization or hosting applications on their own machine, but improves resource utilization.


Red Hat Enterprise Linux 7® and Red Hat Enterprise Linux Atomic Host include the necessary technologies to securely and reliably deploy applications in containers. Red Hat Enterprise Linux 7 includes technologies that provide strong resource control, container isolation, security for containers, and packaging.

  • Resource control is provided by the control groups (cgroups) feature. It ensures that a container may only use a defined amount of certain system resources, such as disk input/output (I/O), memory, or central processing unit (CPU).
  • Container isolation is the domain of kernel namespaces (namespaces). It means that each container has its own copy of critical system settings and cannot gain access to other processes or containers running on the same system.
  • Security is implemented using Security-Enhanced Linux (SELinux). SELinux prevents unauthorized access by a container to both the underlying system and the other containers.
  • Standardized packaging through the image format combines an application and its runtime dependencies into a package that is identical in every environment.
  • Enterprise-grade containers through the Red Hat Container Catalog provide a trusted source of secure, certified, and up-to-date container images based on Red Hat Enterprise Linux.

Technologies that ensure isolation of containers on Red Hat Enterprise Linux 7 also insulate the container runtime from the underlying operating system. This means that the containers may have a runtime environment different from Red Hat Enterprise Linux 7, but the application in the container will still execute in the proper fashion.

This functionality allows organizations to deploy a variety of Linux runtime environments, as dictated by their applications, on a common Red Hat Enterprise Linux 7 infrastructure, making it easy to adopt new technology that can benefit application developers.


For more detailed information on how to apply containers in your application infrastructure, see the product documentation:

Download and evaluate Red Hat Enterprise Linux 7 \or Red Hat Enterprise Linux Atomic Host:

Contact Red Hat Sales to learn more or to purchase a subscription.