IoT
IoT
Cloud // Infrastructure as a Service
News
2/20/2015
01:06 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%
RELATED EVENTS
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Rocket Containers: How CoreOS Plans To Challenge Docker

As containers rise in importance for data center innovation, the Rocket project has attracted 50 contributors in its bid against today's de facto option, Docker.

10 Hot Cities For IT Pros In 2015
10 Hot Cities For IT Pros In 2015
(Click image for larger view and slideshow.)

Containers are a hot trend in data center innovation, so we should expect some tough competition among companies looking to cash in on that trend. That competition was on display this week as CoreOS co-founders used the Linux Collaboration Summit as a chance to tout their Rocket open source code project as an alternative to the fast-growing Docker container approach.

CoreOS has attracted 50 developers to the Rocket project since its launch Dec. 1. The project took some flak as proponents of the well-established Docker project criticized the way its organizers made the launch.

The contributions include people from IBM and Google, and developers associated with the Mesos, Cloud Foundry, and Kubernetes projects, said Alex Polvi, co-founder and CEO of CoreOS, in an interview.

CoreOS supplies a lightweight version of Linux for running containers on a host server. Containers let IT launch and run many applications on a single server box, generally doing so more quickly and simply than they can with virtual machines. Red Hat is working on its own container Linux distribution, Atomic Server, due to be announced shortly.

Polvi appeared on a panel about containers on Wednesday, the first day of the Linux Collaboration Summit in Santa Rosa, Calif. Thursday, CoreOS's CTO and co-founder, Brandon Philips, gave a talk, "Rocket and the App Container Specification," giving Rocket a higher profile at the event than Docker, which starred in no sessions.

Yet Docker is by far the leader today. Many Linux developers, kernel process representatives, and container users attending the conference acknowledged that Docker Inc. has established a near de facto standard for Linux containers in less than two years.

[Want to learn more about how a rivalry between Docker and Rocket might play out? See Rocket Vs. Docker Will Come Down To DevOps.]

Rocket's founders contend they can differentiate from Docker on factors such as being more secure, modular, and lightweight. Polvi said CoreOS, as sponsor of the project, is committed to producing a more secure container runtime than Docker and offering a way to build containers that are "composable," meaning they can serve as a component embedded in other systems.

Rocket Will Be Modular, But Not Easier to Use

When Rocket backers announced the project, they said the Docker container formatting system, while highly successful, had branched out to become more of a workflow- and deployment-process-driven project. Docker has many useful tools, but Rocket creators contend developers want something more modular and thus lighter weight.

"Rocket's internals are more modular," said Philips during his summit session. "Its execution will be divided into stages," he said, drawing on a rocket launch metaphor.

Core OS CTO Brandon Philips, at the summit

(Image: Charles Babcock)

Core OS CTO Brandon Philips, at the summit

(Image: Charles Babcock)

In our interview, Polvi said, "We're trying to follow the Unix philosophy. The goal is for a tool to do one job and do it well, so that it's reusable by other tools."

Polvi acknowledged Rocket will not be as easy to use as Docker, which has made building a container a smooth process for most developers through its graphical user interface. Rocket remains a command line tool and will stay that way, Polvi said.

In terms of security, "it’s programming 101 stuff," said Polvi. Rocket developers think the contents of a container should be verified as coming from the expected source and as remaining untampered with, before the package is considered ready to ship. That means "cryptographically verifying the content before adding it to the container." In other words, downloaded code accompanied by a private key should be checked against the registered holder of the key to verify the code came from the party that is assumed to be the source.

Containers share many resources at the heart of a server, including memory, CPU, and storage. The Docker container daemon, which controls background Docker processes without the knowledge of the user, runs with root or administrator status on a server. That means if malicious code is able to get into the container, it sits in a prime place to cause problems.

Polvi claims Philips and other CoreOS developers raised the issue early in the Docker project, but it did not get either accepted or rejected at the time. "We tried to bring it to their attention for a year and half," before launching their own project, Polvi said.

"It's all about prioritization. Ease of use is good for adoption," he said, and security is sometimes a barrier to ease of use.

Philips added his own footnote to the security discussion. With open source and other frequently downloaded code going into containers to help an application do what it needs to do, developers are frequently turning to GitHub and online libraries to retrieve their code.

"We're downloading things over the Internet. Turns out, you can't trust everyone on the Internet," Philips said.

Want to discuss data center innovation with peers? Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/20/2015 | 6:44:53 PM
Google willing to inspect Rocket for future use
Google decided to standardize on Docker containers and has geared Kubernetes to work with Docker containers. So what does Google's Craig McLuckie, Compute Engine product lead, say about CoreOS' Rocket? At the Linux Collaboration Summit, he said: "Everything we do is based on Docker. When the Rocket guys bring out Rocket 1.0, we'll take a look at that." The Rocket project, which started Dec. 1 with release .1, is on release .3 now and moving rapidly toward a 1.0 release. CoreOS Alex Polvi hazarded a guess: 1.0 will be ready late in the first half or early second half. Then he added, there'll be a 1.0 release "when it's ready."
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.