Summary Bullets:          

• Key technologies promote management and isolation of untrusted containerized workloads on par with VM security
• Watch for new operational management technology supporting advanced ALM capabilities

I’ve been moving outside my comfort zone and attending OpenStack conferences, including next week’s Open Infrastructure Summit in Denver, to gain insight into what enterprise operations teams are up against as they shift from a virtualized world into modern app development scenarios. The success around containerizing applications (by running them on an operating system’s kernel versus hardware) is finally prompting interest in microservices, a new app architecture which breaks cumbersome monolithic apps into smaller, composable services.

 

This intersection of virtualization and Kubernetes, where VMs and application containers are being managed together is not without its security concerns. Vendors have therefore realized a need for technologies which provide an extra level of management and isolation for those untrusted workloads running in containers in order to reduce risk levels. Some examples include Google’s gVisor, which provides secure isolation for containers, and Amazon’s Firecracker, micro-VM technology which leverages modified KVM and manages and secures serverless infrastructures such as Lambda.

Of particular interest to hyperscale providers is Kata Containers, an OpenStack Foundation project which standardizes lightweight VMs that perform like containers but support workload isolation and retain the security benefits of VMs.  

This DevOps convergence is evolving to address important application lifecycle management capabilities, from bringing virtualized apps into a Kubernetes environment, to eventually decomposing those traditional apps into microservices (e.g., through Red Hat KubeVirt technology). Further, operators will be able to not just install and manage apps in Kubernetes clusters but access advanced management features which react to failures by taking appropriate action without human intervention. Similarly, infrastructure and networking providers focused on multi-tenant environments could build on those investments by directing containerized app traffic across 5G and edge networks.

These are the types of technologies which will truly define DevOps. These are the technologies which will grab the attention of enterprises, which have been lacking the operational tools, framework, and security to properly move containerized and microservices-based apps into production. Application platforms providers agree this is a key year for enterprises for planning and building out their transformation strategies to support these efforts. At the same time OpenStack vendors which typically have a three to four year adoption phase for pushing products into the telco network are emphasizing and anticipating a shorter cycle time, particularly around 5G networks.

OpenStack infrastructure vendors are laying the groundwork for their newfound DevOps strategies. What began with conformance to Open Network Automation Platform (ONAP), is evolving to participation with newer OSS technologies such as Kata Containers, Istio, Airship, and others, as the industry continues to embrace containerization, Kubernetes, and microservices and move towards CICD capabilities.