how to     CONTAINERS
Making the most
of containers
Containerization is rapidly changing the technology landscape, and agencies should consider taking advantage of its many benefits
BY SANJEEV PULAPAKA AND MUNISH SATIA
The government is often unable to mirror the private sector’s efficient use of technology re- sources. One key reason is the govern- ment’s tendency to operate in silos, with different teams for IT development, in- frastructure and operations. This prob- lem is more prominent in government because public agencies separate respon- sibilities to avoid risk. Perhaps that same risk aversion causes agencies to avoid adopting newer, leaner processes for fear of compromising security, traceability and accountability.
That risk aversion and those silos can be resolved using a technological in- novation called a container. Containers make it possible for agencies to invest in automated, efficient DevOps processes
without sacrificing traceability, account- ability or security. Perhaps even more important, containerization and a mi- croservices architecture can be used to- gether to permit efficient upgrades and the addition or substitution of features, potentially avoiding the need for expen- sive replacement of an entire system when a federal agency is assigned a new or changed mission.
There are some challenges, however, to adopting containerization. We have identified the four most significant chal- lenges and have suggested best practices to help agencies overcome each.
WHAT IS CONTAINERIZATION AND WHAT ARE ITS BENEFITS? Containerization is an approach that
bundles applications as well as their dependencies into a software package called a container image. This image is executed as a container process (or, more simply, a container) running on a special software engine that interfaces between the container and the operating system. Containers can be moved easily between environments and operating systems/platforms, but once a container image is created, it cannot be changed. New containers can be added to an ex- isting system or used to replace an out- dated container.
A software developer can create an image of tested software that can be moved easily without having to install and configure the dependencies specifi- cally for each environment. This makes
Types of container technologies and sample tools
  Technology
Benefit/Purpose
 Potential tools to use
Container
Registry Container security
Application or service, its dependencies and its configuration (abstracted as deployment manifest files) packaged together as container image
A service that provides access to collections of container images
Tools for policy enforcement, vulnerability scanning, patching, automatic audits and threat protection
Docker, Windows Server Containers, Hyper V containers
Docker Hub, Azure Container Registry, Docker Trusted Registry, Private Registry
TwistLock, AquaContainer, Stackrox, Sysdig
  Orchestrator
A tool that simplifies management of clusters and container hosts
 Mesosphere DC/OS, OpenShift, Kubernetes, Docker Swarm, Azure Service Fabric
 Development tools
Development tools for building, running and testing containers
 Compose, Docker EE, Visual Studio
 Container monitoring
Tools that manage and monitor hosts and containers and provide metrics for troubleshooting
 Marathon, Chronos, Applications Insights, Operations Management Suite
46 GCN AUGUST/SEPTEMBER 2018 • GCN.COM