Docker Containers: a new way to deploy applications

Containers are a new way to deploy applications, that make more closer IT Pros and Developers for all companies where DevOps concept is present.

What is a Container?

Container is a sandbox where it’s possible to run services and processes in a protected environment. Each Container runs in a Container Host, which can be a Windows or Linux machine. The main benefits of containers, if compared with classic virtual machines, are the following: the deployment is much faster, the management is minimal, patching is not necessary, and the footprint is low.

Figure 1 – Container Schema

The other winning points are:

• Containers are fast and boot quickly as they use host operating system and share the relevant libraries
• Containers do not waste or block host resources unlike virtual machines
• Containers have isolated libraries and binaries specific to the application they are running
• Containers are handled by a Containerization engine

Why Containers?

Containers are not for all and the scenarios are not much, in details:

• Web Sites
• Services
• Processes
• Applications

As web server, can be used the most important engine, like IIS with .Net, Apache and Ngnix as well; as application, we can find SQL Server for Windows or Linux and the most important database engine. Redis Cache is available to save our data before saving; so, the approach must be correct to avoid issue.

Containers make developer more independent from IT and allows to build advanced scenarios without touch the security model or the main infrastructure. A company can develop a new application with new software without needs to buy new hardware; everything can be run inside Windows 10 machine. When the application will be ready for the prime-time, the build code will be ran inside the Container Host to create the compose.

Another great point for developers, is the possibility to create separate containers to achive the compatibility issues: for example, if we have two web sites with different Java engine requirements, it’s possible build different containers.

The logic behind the scenes makes simpler also the upgrade of container: it doesn’t matter is you need to upgrade the operating system or the application, this can be done in few clicks without IT department.

Docker

When we talk about containers, we can not avoid talking about Docker, perhaps the most known container platform. Docker is a tool that is designed to benefit both developers and system administrators, making it a part of many DevOps (developers + operations) toolchains. For developers, it means that they can focus on writing code without worrying about the system where it will ultimately be running on. It also allows them to get a head start by using one of thousands of programs already designed to run in a Docker container as a part of their application. For operations staff, Docker gives flexibility and potentially reduces the number of systems needed because of its small footprint and lower overhead.

Docker Enterprise vs Docker Community

Docker is available is two editions: Enterprise Edition and Community Edition. The only common point is the OS architecture: 64bit.

Docker Community Edition

The CE is perfect for developers and small teams looking to get started with Docker and experimenting with container-based apps. Is available for these operating systems:

• Windows 10
• MAC
• Fedora
• Debian
• Ubuntu
• CentOS

The platform is also available on cloud, inside Microsoft Azure and Amazon Web Services. The features present are:

• The latest version of Docker container engine optimized for available infrastructure
• Access to bleeding edge features with frequent release cadence
• Unlimited public and one free private repo as a service
• Automated builds as a service
• Image security scanning as a service

Two are the update channels:

• Edge: gives you new features every month
• Stable: gives you reliable updates every quarter

Support is provided via Docker Community Forum and bug fixes are provided only for current shipping version.

Docker Enterprise Edition

The EE is designed for enterprise development and IT teams who build, ship, and run business critical applications in production at scale. It is available for these operating systems:

• Windows Server 2016 and Server 2019
• Oracle Linux
• Red Hat Enterprise Linux
• Ubuntu
• CentOS
• SUSE Linux Enterprise Server

The platform is also available on cloud, inside Microsoft Azure and Amazon Web Services. The features present are:

• The latest version of Docker container engine on Certified Infrastructure (Enterprise OS and Cloud providers)
• Certified Containers from third-party ISV vendors
• Certified Plugins from networking and storage vendors
• Docker Datacenter for Integrated container management and security
• Intuitive and easy to use web user interface
• Secure multi-tenancy with granular Role Based Access Control (RBAC), node-based RBAC and LDAP/AD integration
• End-to-end security with secrets management, image signing and image scanning
• Image management with private registry, storage and caching
• Policy-based automation with image promotions

A new stable release is released every quarter and bug fixes are provided with a one-year maintenance plan

The EE is available in three tiers:

• Basic: Docker platform for certified infrastructure, with support from Docker Inc. and certified Containers and Plugins from Docker Store
• Standard: Adds advanced image and container management, LDAP/ADuser integration, and role-based access control (Docker Datacenter)
• Advanced: Adds Docker Security Scanning and continuous vulnerability monitoring

Support is available in two options:

• Business Day: monday to friday from 9AM to 6PM, with response in 2 business hours
• Business Critical: 24 x 7 x 365, with response in 2 hours

Price changes by Container Host operating system (Linux or Windows) and tier.

Lifecycle

This is an example of the differences between CE and EE lifecycle support. As we can see, the Enterprise Edition allows to run a version that can be one year older than the latest one. This means you can avoid the “upgrade pressure” and organize better your plans.

Windows vs Linux

Docker has the same engine in Linux and Windows as well but the idea to use Windows Server in production can be helped by these points:

• With Datacenter SKU it’s possible run infinity Windows Containers
• Starting from Windows Server 2019, it’s possible to run Linux containers as well
• Included native Basic support

In Windows Server there’s a possibility to make the security of each container stronger. This mode is called Hyper-V Container.

This mode isolates the OS processes between containers and container host, thanks to Nested-Virtualization. Startup is slower if compared with Windows Server Container, but the solution is perfect for mid-large companies where security is a must. The Hyper-V Container needs the following requirements:

• The Hyper-V role installed
• At least 4 GB RAM
• A processor with Intel VT-x (this feature is currently only available for Intel processors)
• The container host VM will also need at least 2 virtual processors

Run the First Container

After the role deployment, in Linux or Windows, to create your first container, use this syntax:

docker run -p 800:80 microsoft/iis

What I’ve done is to get the main image, with IIS already configured, and expose the container with the point 800. The reason why I cannot use the port 80 is because there’s only one 80 port for each Container Host, so the NAT is fundamental when we plan to use containers.

Open a browser, type the URL http://containerip:800 and check the result.

In Linux the syntax is the same. The only difference will be the image shown in the browser.

docker run -p 81:80 httpd

Commands

These are some useful commands to manage your Docker machine:

• Start Container – docker start idcontainer
• Stop Container – docker stop idcontainer
• Open a Session – docker exec -it idcontainer bash
• List Images – docker images
• List Containers – docker ps -a
• Delete Image – docker rmi idimmagine
• Delete Container – docker rm idcontainer
• Copy items from Host to Container – docker cp source idcontainer:pathdestination

Conclusion

What Docker can do for you? It can get more applications running on the same hardware, in a more efficient way if compared with other technologies; it makes it easy for developers to quickly create ready-to-run containered applications; and it makes managing and deploying applications much easier. Put it all together and I can see why Docker rode the hype cycle as fast as I can recall ever seeing an enterprise technology go.

You can find more detailed information in this official page: https://www.docker.com/resources/what-container

(French, Spanish, Portuguese (Brazil))