At this year’s Oracle OpenWorld people from Larry Ellison on down were talking about Docker containers. I do not remember the subject coming up in the Oracle community in previous years. Before I start to get into why Oracle talking about Docker containers is important I should probably talk about what Docker containers are and what they are good for (and bad for). You probably have some experience with the concept of virtual machines, which are simulated computers running inside your physical computer. You can get Virtual Machine management software (like VMWare or Virtual Box from Oracle) and use it to create virtual computers on top of you the operating system that manages your computer. You can then run a different (or the same) operating system inside the virtual machine.
screenshot of Linux VM running in Oracle’s Virtual Box on a Windows 10 PC.
Containers are like Virtual Machines but a somewhat different. You define a container to include all of the services and applications you need to perform a specific task. A simple example might be a web server. You would start by creating an operating system container, then add the library (httpd on Linux) that responds to http requests. Then you package that as a container. Once packaged, you can copy that container to the machines, activate it, and use it to respond to http requests. The nice thing about it is that it is self contained, and you only need to install and configure the required software once. For a complex web application or database, that means that containers are a boon to quickly deploying copies of the application or database.
I said that containers are different from Virtual Machines. They are different in that while they are execution environments and include only the software libraries needed to run your application, the underlying machine’s operating system provides the actual execution environment for your application. So the container does not contain a full operating system, just what is needed to run your application.
Containers have been around for a few years, and all the big boys in the online world have now adopted them – Facebook, Google, Amazon, Microsoft and now Oracle. The leading container technology is Docker, to the point where Docker is to containers what Kleenex is to facial tissues. By the way, the inclusion of Microsoft on that list is interesting, because containers are basically a Linux capability. Microsoft perceived the power of containers for cloud based “DevOps”, and added the ability to create containers to Windows server. DevOps is where software development and IT infrastructure management comes together to automate software delivery, and containers are the vehicle it uses for accomplishing that automation.
As the container movement has spread, folks in the Docker community have created an online repository of images that run popular open source web servers, databases, and applications. So rather than downloading software and installing it on your operating system, you can simply download a container image and run that. This is better for a lot of reasons. For one you don’t have to worry about conflicts between the libraries on your system and libraries that the software might install. For another, if you want to test some software you want a deployment model that allows you to easily remove it completely. For many of us, that meant creating new Virtual Machines in Virtual Box and then installing the software in the new VM. As many of you know, installing complex software in Linux is not trivial. Downloading and running containers on Linux is.
The problem with containers has mainly been security. This is not the place to enumerate all the risks (you could look it up, as they say, and we may come back with another post on that). However, the things I saw at OpenWorld take us down a path that leads to a reasonable level of security for containers running in Oracle Virtual Machine. Also, over the past six months we have seen products and practices come into play that address a lot of these issues.
So now Oracle is touting the benefits of an enterprise Docker registry. The Oracle Cloud now offers an Application Container Cloud Service, where you can set up to develop a type of application and it provisions a container for you. Also they sanction downloads of Oracle Linux and MySQL containers from the Docker Hub. In their DevOps ampitheater they spent quite a bit of time touting the benefits of Docker containers in conjunction with Oracle Linux. The last day of OpenWorld, I went to a hands on lab where we learned to use Docker on the Solaris operating system (which was Sun’s Unix based operating system). Solaris has this concept of “Zones” which is the strategy it uses to provide “some” virtualization. We actually had a lot of experience using zones with one of our long term clients. Anyway, it turns out that when you create a Docker Container on Solaris, it is creating a Zone under the covers and dedicating zone resources to it. Without getting into it deeply, that would appear to be a very cost-effective way to use Oracle’s Sun servers to manage a variety of workloads, and to do it in a secure manner. That said, security on today’s Sun servers is about as good as it gets and a topic for another post. So… that’s it for now!