Apcera Platform Primes Containers for Enterprise Deployment

Tuesday, November 1, 2016

Apcera today is launching what it claims is the first enterprise-grade container management platform.

The idea is to provide a turnkey package that includes all the functions necessary for running containers — functions such as orchestration and networking, along with aspects such as security.

It would be like turning “containers” and their environment into a single product, packaged nicely and wrapped up with a bow. Something parallel is happening in OpenStack and cloud management, where startups such as Platform9 and ZeroStack are finding ways to figuratively shrink-wrap the cloud into an all-inclusive offering.

Here’s the tradeoff. Apcera made things simpler for the enterprise by selecting pieces of the environment ahead of time — orchestration, for example. There’s still a lot of flexibility to choose things like software stacks, but “we answered all the dependency questions for you,” says Josh Ellithorpe, Apcera’s lead architect.

Enterprises got interested in containers and open source platforms during the past two years, then found it can be difficult recruiting and retaining the people to put all the pieces together. Integrated platforms like Apcera’s would be the next logical step, says Mark Thiele, the company’s chief strategy officer.

“While there are many products on the market that help a customer with some form of infrastructure management or cloud enablement for containers or anything in between, there really is no enterprise-grade container solution,” he says.

Legacy Apps & Monster Containers

For instance: One key omission, Apcera believes, is support for older applications. Another is the ability to run containers on literally any cloud.

Apcera provides a way to simply push legacy applications into containers, based on templates of an application’s file systems. “Everything is simulated so it doesn’t even know it’s running in a container,” Ellithorpe says.

That could result in a monstrous container, but that’s OK, he says. The idea here is to get the enterprise past that initial hurdle of moving an application into container form. After that, the enterprise can begin the possibly difficult work of splitting the application into microservices, which makes it more suitable for the ephemeral nature of cloud services.

Security & Networking

One of Apcera’s calling cards to date has been a consistent policy layer for the cloud, so naturally, it’s a key element of the Apcera container management platform.

It’s a completely white-listed environment. That is, the enterprise spells out which actions are permitted, and anything that isn’t on the list isn’t allowed to happen. All ingress and egress ports are closed by default (which would help avoid some common misconfiguration problems, Ellithorpe says).

A container’s networking policy follows it around the cloud, so that moving a container doesn’t change any of the rules involved.

The idea behind all this is to shut off some of the common ways of bypassing policies. For instance, it’s possible for Kubernetes to launch a container on an unauthorized copy of the Docker runtime; that would open up a possible way to bypass policies, Ellithorpe says.

Finally, Apcera claims to make all of this work consistently in multiple clouds’ container environments — specifically Amazon EC2 Container service, Google Compute Engine, and Microsoft Azure.

Interest in running services on multiple clouds hasn’t taken off with many customers, “but frankly, it’s a market thing,” Thiele says. “There was an assumption that it was too much of a hassle in making it a reality.” Read Full Article (sdxcentral.com)

Press & News