The Technologies Flashing the Green Light at the Intersection of VM and Kubernetes

Charlotte Dunlap – Principal Analyst, Application Platforms

Summary Bullets:          

  • Key technologies promote management and isolation of untrusted containerized workloads on par with VM security
  • Watch for new operational management technology supporting advanced ALM capabilities

I’ve been moving outside my comfort zone and attending OpenStack conferences, including next week’s Open Infrastructure Summit in Denver, to gain insight into what enterprise operations teams are up against as they shift from a virtualized world into modern app development scenarios. The success around containerizing applications (by running them on an operating system’s kernel versus hardware) is finally prompting interest in microservices, a new app architecture which breaks cumbersome monolithic apps into smaller, composable services.

 

This intersection of virtualization and Kubernetes, where VMs and application containers are being managed together is not without its security concerns. Vendors have therefore realized a need for technologies which provide an extra level of management and isolation for those untrusted workloads running in containers in order to reduce risk levels. Some examples include Google’s gVisor, which provides secure isolation for containers, and Amazon’s Firecracker, micro-VM technology which leverages modified KVM and manages and secures serverless infrastructures such as Lambda.

Of particular interest to hyperscale providers is Kata Containers, an OpenStack Foundation project which standardizes lightweight VMs that perform like containers but support workload isolation and retain the security benefits of VMs.   Continue reading “The Technologies Flashing the Green Light at the Intersection of VM and Kubernetes”