DockerCon 2015: Game On
It has been a very long time since a young technology vendor — in this case, two years young — has convened a conference whose outcome has such sizable impact on the course of everyday business. The key product made by Docker Inc. aims to help data centers avoid the potentially catastrophic complexity of managing virtual machines on a cloud platform. In principle, container management is radically simpler. In practice, this has not always been the case.
Docker has a lot to prove, not only if it intends for DockerCon 2016 to be covered with this same magnitude. There is a huge barrier it must overcome, and it concerns attaining widespread adoption. Yes, there are indeed survey numbers that speak to the level of interest Docker has garnered. One survey released earlier this week, commissioned by container data management tools maker ClusterHQ and conducted by DevOps.com, revealed that while some 234 respondents of 254 surveyed have at least investigated Docker to some degree, only 103 have gone so far as to deploy containerization at a production level, and only 49 have deployed containerization outside of some other virtualized environment, such as vSphere.
What this survey shows is that while Docker technology may be evolving at a fast rate, and Docker press may be evolving at warp speed, its actual adoption rate by enterprises is surprisingly more normal. It also means Docker could be in trouble: If its technology strategy over-develops, and the Docker ideal distinguishes itself too greatly from common data center services architectures, Docker could end up never seriously penetrating more than one-fifth of data centers.
According to the DevOps.com survey, some 73 percent of respondents say they are running Docker in an environment that is itself virtualized — in other words, not the bare metal that’s supposed to be Docker’s home. This is a problem. And there will be vendors at DockerCon next week who would sell organizations in the VM environment to keep things that way.
I’ve boiled down the key proof points that Docker Inc. and its partners need to present at DockerCon in San Francisco on Monday, June 22 and Tuesday, June 23, into three main categories:
1. How will Docker reconcile its stateless architecture with the stateful demands of the everyday world? We’re seeing the progression of a split among the philosophies of containerization advocates. There is an emerging viewpoint that some statefulness will continue to be necessary indefinitely.
We saw an early glimpse of how this conversation may erupt at DockerCon with ClusterHQ’s introduction earlier this week of Flocker 1.0. That company’s CEO, Mark Davis, sounded a note of what might be construed by some as genuine dissent, saying, “There actually is no such thing as a stateless app.” His point was that databases need some persistent ties with containers, and that an application architecture where RESTful architectures cleanly separate containers from databases by way of APIs, is something of a pipe dream.
Then we heard from Shippable, which is renovating its continuous delivery platform once again, this time around the notion of persistent containers — virtualized components that are far less “ephemeral” than Docker may have dreamed.
This is not exactly the Docker community marching together in lockstep towards a common goal. Or, from another perspective, perhaps the common goal is widespread adoption at this point, and Docker Inc.’s path to that goal may not be the patch others are plotting. If Docker Inc. hopes to come away from DockerCon as the symbol of containerization leadership it has started out to be, it needs to demonstrate flexibility and open-mindedness towards the idea of reconsidering statelessness as the ultimate ideal state for containerized applications.
2. Will Docker present a secure virtual networking model for containers that’s strong enough to convince risk managers it’s worth the investment? One thing we can absolutely say about those Docker environments being spun up inside virtual machines: The containers therein are not being networked the way they should be, in a production environment. Thus, whoever is building Docker environments in those VMs is not building them for production purposes.
The bug that is being put in our ear is that enterprises are worried about security. Well, yeah, enterprises are always worried about security, but that’s not the point. While on the one hand, Docker does not present a conventional “attack surface” for the typical malicious user, it also does not present a conventional platform for the typical security vendor or security service.
All security now, whether containerized or virtualized or on Facebook’s bare metal servers, is no longer a matter of hardening endpoints, but rather of maintaining the desired state of connections in the network. At this moment, even after a few years of rapid development, we don’t really know what a containerized network will look like, once the architectural debates get settled.
When Docker Inc. acquired SocketPlane last March, the message it sent about the secured future of Docker networking was received by the Docker development community, and there was much rejoicing. What the world outside heard was, “We just hired a super-smart trio of developers who are really bright kids who can change the world,” which sounds like a line from one of those popular comic-book superhero movies that keep getting produced.
When Microsoft and Docker joined forces on-stage, the world took that partnership very seriously. Here were two brands on equal footing, and the other one is brand new. Docker needs to make similar partnership demonstrations (plural) Monday and Tuesday, to be taken seriously.
3. Does Docker Inc. plan to compete against other container models or “embrace and extend” them? CoreOS has been one of the key components of what has been called the “Docker family.” But now, it operates a competing registry, and it contributes to a competing container standard.
Characterizing appc as not really competing against Docker’s libcontainer but extending the market for containers, is like one of the 59 or so Republican candidates for president saying the other 58 aren’t really competitors but supporters with extra benefits. Uh-huh. While the other container specifications may, from a straight overhead perspective, be viewed as also-rans, the fact that there’s even a discussion (and that Google has an interest in supporting all sides in order to prolong the discussion) shows that Docker’s future is not yet set in bedrock.
Alex Williams, Sam Charrington, and I will be reporting from San Francisco next Monday and Tuesday. I’ll be returning to these three key questions throughout my contributions to our coverage, and I’ll summarize after the conference to see how well Docker Inc. emerged from the smoke. Stay with us throughout the week to see how well the stack holds up under its greatest pressure to date.
CoreOS, Docker and Shippable are sponsors of The New Stack.