Linux company CoreOS launches an alternative to Docker as a lean building block for future cloud environments.
Cloud Storage: 8 Ways You're Wasting Money
(Click image for larger view and slideshow.)
Linux distributor CoreOS is challenging Docker as the preeminent container format for applications, with its new Rocket container runtime.
The emergence of this Docker alternative is a sign of how important containers have become for IT and cloud production environments. In the long run, both Docker and CoreOS's Rocket are likely to be around for a long time -- and play distinctive roles.
Docker has rapidly moved beyond a simple container formatting system into a platform that helps IT compose, deploy, and manage containers in various ways. To the disgruntlement of members of the Linux community, Docker Inc., sponsor of the Docker open-source project, has taken on a pan-operating system strategy, working with Microsoft toward the day when it will be able to build and launch Windows containers alongside Linux ones.
That means if CoreOS hadn't launched Rocket Monday, someone else certainly would have. CoreOS is a Linux-only company, producing a server distribution of Linux that is stripped down to the essentials needed to run as a container host. Rackspace, Amazon, and Google all offer CoreOS systems as a service.
VMware spinoff Pivotal is an early backer of Rocket, and it remains to be seen whether Red Hat will become one. Red Hat backed Docker when it emerged 21 months ago, but its level of commitment to a company that aspires to become a joint Windows/Linux application platform is uncertain. Red Hat may wait with Rocket, taking its cue from the degree of adoption of Rocket by independent developers.
CoreOS CEO Alex Polvi refused to rule out possible Red Hat support. It may take talks between the two to figure out how their strategic objectives mesh, and neither side has initiated those talks, he said in an interview.
The main difference between Rocket and Docker, he added, was that Docker is striving to be a many-faceted platform, while Rocket will strive to remain a building-block tool. Docker now requires its third-party adopters to accept all elements of a Docker platform, leaving the code unchanged. If the code is changed "even a tiny, little bit, you're won't be able to call it Docker," Polvi said.
In contrast, developers may implement Rocket and its companion App Container format as they see fit, as long as they match the specification. Rocket is the runtime environment; App Container is a specification for formatting a container that runs in Rocket. Pivotal helped formulate the App Container specification.
"Docker has become something different than what we signed up for. We still want that original thing. Rocket will look more like what we thought Docker was going to be," Polvi said.
CoreOS will put more emphasis on where it thinks it should go: Linux container security. With its ease-of-use approach, security remains the Achilles heel of Docker implementations. When Docker containers are run in groups, they need to be from the same owner or homogenous in makeup to ensure neither has active code seeking to spy on or interfere with the others.
Docker's formatting builds up a container in layers, with each service in an application and each application dependency potentially installed as a separate layer. In addition to layering, Rocket/App Container formatting calls for the container to be built in three stages, with container users who want to put more emphasis on security able to designate a higher security level in stage one, according to Rocket's readme documentation.
"Docker was designed for ease of use. Rocket, when it has a choice between ease of use and security, will choose security," claimed Polvi. For example, a Java application can be wrapped in a Java Virtual Machine as it's placed in an App Container. The move amounts to a lightweight virtual machine inside a container that runs more efficiently than a container placed inside a VMware or Microsoft virtual machine.
The JVM wrapper provides additional isolation from other containerized applications on the same host, but the container still starts and stops rapidly and requires less in the way of host resources than containers running inside full-bore virtual machines, using their own operating systems. With Rocket, "you can get the full benefit of both worlds," Polvi claimed. He would not say Rocket could run containers from competitors on the same Linux host, as in a multitenant environment. But Rocket and App Container are designed for production use by future, large-scale cloud providers.
Rocket and App Container can fit the needs of today's big container users on the web, such as Google and Facebook. They're designed to be a building block in a big Linux server production environment, not a portable developer environment in a mixed Linux/Windows enterprise data center, Polvi said.
Pivotal's Andrew Clay Shafer, senior director of technology, welcomed Rocket in a blog post Monday, saying, "Pivotal has put a lot of time and effort into managing Linux containers at scale with enterprise workloads running under Cloud Foundry. We have great interest in a composable, portable, open standard for Linux container image formats and runtime environments."
In launching Rocket, CoreOS tried to pick the moment when it has enough well-formed ideas to launch a container alternative -- but not so much that other parties won't be tempted to join in and help shape the project. "We tried to find that sweet spot," said Polvi.
Time will tell whether two Linux container formats can survive with broad adoption in the marketplace. Remnants of Sun Solaris and BSD Unix hang around and are used for specialized purposes, but Linux won the battle of the data center server. Has Docker also already won that battle, or will Rocket threaten to unseat the market leader?
Containers have a bright future in both the enterprise data center and cloud services. But to be used with the efficiencies that their strengths potentially enable, new containers and new container management systems need to be created that allow them to function more like multitenant cloud environments. On that score, Rocket may get to the cloud and large-scale deployments sooner than Docker, despite coming from behind.
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind. Get the Research: 2014 State Of The Data Center report today. (Free registration required.)
Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.