How containers are changing the OS as we know it

Contrary to some commentators, the operating system becomes even more important in the new containers world

The following is a contributed article by Lars Herrmann, general manager of the Integrated Solutions Business Unit at Red Hat


Container technology is helping organizations of all sizes meet demand for increasingly complicated applications – applications that must be delivered faster than ever before based on growing consumer expectations and demand. But containers are not just changing the way in which companies create and deploy applications; they are fundamentally changing the way we think about the operating system (OS) itself.

In a containerized world, operating systems serve two key roles in the enterprise software stack:

  • the underlying infrastructure to run all of the Linux containers on a given host
  • the runtimes and binaries that live and function inside a given container enabling the application

Despite the two-pronged importance of the operating system to container deployments, some industry watchers and vendors point to containers as minimizing the OS to the point of irrelevancy. The truth could not be more different, as containers, especially at scale, make the OS even more important than it is in traditional computing environments. In large-scale deployments, hundreds, if not thousands, of containers will share a single Linux kernel, making the reliability, stability and security of the underlying operating system paramount. At the same time, containerization leads the way to the future of the OS, enabling multi-tasking and multi-tenancy for diverse applications in a distributed OS spanning clusters of hosts.

That said, traditional, single-instance OSes were not built to meet the demands of massive container infrastructure; in their place, a new breed of operating systems, designed for running the next generation of enterprise applications, is now emerging to answer this call.


Enter the Container OS

Linux containers package apps with the libraries and other binaries on which they depend. What containers don’t contain is an operating system kernel. This makes containers lighter in weight than virtual machines, but it also means that all containers on a host must use the same kernel. Linux containers can use any Linux distribution, but traditional distros can simply be too “big” to effectively manage in a containerized environment. Just as you wouldn’t run Mac OS X on an iPhone, it doesn’t make sense for containers to access a full Linux distribution targeting a very broad range of use cases.

Enter container OSes – a subset of the operating system technology category with a growing number of entrants. In fact, the number of these OSes is rising in direct proportion to the popularity of Linux containers in the enterprise, effectively making every container vendor a custom Linux distributor and maintainer.

This presents a kind of good news/bad news situation. The good news is that companies have a great deal of choice when it comes to container OSes. The bad news is that it can be confusing to determine which container OS will enable your organization to best meet customer demand while also satisfying security, compliance, privacy and other enterprise needs.

Here are five things to look for in a container OS to strike that critical balance:

  1. Automatic updating and rollback: This capability will become especially important as the number of containers in use at your organization grows and management becomes more challenging. Look for an OS that provides easy updating and rollback through an image-like update mechanism, retaining the previous version for rollback, if necessary.
  2. Support for open container standards: The Open Container Initiative (OCI) drives the open standards around container format and runtime. The Docker project has become the most popular OCI-compatible packaging format and runtime for containers, so it’s a no-brainer to say that any container OS you choose should support the OCI format.
  3. Certification: Certification capabilities are still lacking in the current container environment. Companies must go beyond ensuring that a container comes from a trusted source (although this is incredibly important); they should also look for a container OS that verifies containers on given hosts. Make sure the OS offers an ecosystem of certification, as well as support. That way, if something goes wrong with a container on a critical system, it will be clear who is responsible and what course of action to take.
  4. Container orchestration at scale: Look for the ability to create large-scale business applications from discrete services deployed in containers via orchestration tools. One such tool is Kubernetes, an open-source platform for automating deployment, scale and operation of application containers across clusters of hosts and a rapidly emerging standard in this space. This will enable organizations to quickly and efficiently respond to internal and external customer demand.
  5. Security: The container model, by its nature, opens up security concerns: Multiple containers are accessing a single OS kernel, so a problem in one container can potentially reverberate across the host. Look for a hardened container OS – one that can effectively isolate each container in a multi-container environment using military-grade security technologies such as SELinux.

While containers are the new “it” technology, they are following a predictable pattern:

  • Innovative open-source platform emerges
  • The enterprise is intrigued but understandably wary
  • Knowledgeable vendors productize upstream innovation for enterprises to take advantage of cutting-edge open source in a more secure and effectively managed way
  • Enterprises do what they do faster and better

Ultimately, organizations should look for an OS that delivers on the container promise with an enterprise-hardened container platform, providing the best of both worlds when it comes to innovation and enterprise-grade technology.