The seven characteristics of container-native infrastructure

March 11, 2015 - by Casey Bisson

Container-native infrastructure elevates containers as first-class citizens, while other infrastructures relegate containers to second-class status or worse. The cost of that second-class status is the loss of many of the benefits of containerization. While it's certainly possible to run Docker as a second-class layer on the infrastructure, we do so with increased management complexity, lower performance, and at higher cost.

Some say that containers aren't mature enough for production, but we say otherwise: It's the infrastructure that wasn't ready, until now.

Joyent's container-native infrastructure and next-generation Docker container service do for containers what airports, air traffic control, and jet engines did for air travel: made it faster, safer, and less expensive than ever before. Only, we're doing it without the cramped legroom, second-run movies, and bad food.

These are the seven characteristics of container-native infrastructure that will revolutionize Docker deployments:

  1. The basic unit of compute is a container.
  2. As a customer, you provision containers, not hardware virtual machines or even bare metal servers.
  3. Those containers run on bare metal, not inside a VM.
  4. Each container is an equal peer on the network to which it is attached, with its own IP stack independent of its particular compute host; containers must not be ghettoized in the host's network.
  5. The container hypervisor has resource management that ensures the performance of each container; CPU or memory hungry container must not slow the performance of other containers.
  6. The container hypervisor has tested and trusted security isolation for containers; malicious or broken code in one container must not be able to break other containers.
  7. As a public cloud customer, you pay by the container, not for the bare metal and certainly not for a cluster of VMs they might run on.

You can spot services that aren't container-native—those that treat containers as second-class citizens—by watching the marketing language and documentation. Look for the word "cluster," and note how the service is invoiced. Pre-provisioning and paying for VMs or bare metal before you can deploy containers is a clear sign the infrastructure isn't container-native and you'll suffer the added cost and complexity that entails.

Most of these characteristics depend on the host OS in which the container runs. Some operating systems lack thorough in-kernel support for containers and have known security vulnerabilities that prevent running containers from multiple customers on the same host. Further, many network stacks lack the features necessary to virtualize full network interfaces for each container, requiring bridging through the host, port mapping, and additional complexity when networking between containers that may, or may not be on different hosts. These frustrations and more are multiplied when containers are deployed on VMs, with the added cost of reduced performance.

Joyent's container-native infrastructure is just one of the advantages and innovations Docker containers enjoy in our public cloud or in private clouds running Triton Elastic Container Infrastructure (formerly SmartDataCenter + a number of newly developed components). Straightforward Docker API access to the entire data center, networking without added confusion, better performance, trusted security, and visibility and introspection across every container are all core features of our platform, not bolt-ons to last-generation infrastructure.

Early access users can see all these benefits for themselves. Be sure to sign up if you haven't yet and watch for an upcoming bake-off that demonstrates these differences.