Containers have completely changed the web development game. Ever since the release of Docker in March 2013, the concept of running services inside containers has exploded in popularity. Every time we talk with a developer in any tech sector, the topic of containers is just about guaranteed to come up.
But while containers do offer some distinct advantages over traditional VMs – for example, the ability to isolate CPU and network bandwidth from the rest of the operating system – containerized apps don’t provide a one-stop fix for all your provisioning frustrations.
Before you start moving your application onto a containerized infrastructure, you need to start by understanding how you’re going to use containers, which benefits you aim to obtain from them, and how you’ll measure and track your progress toward those goals. Here’s how to do that.
1. Identify key performance indicators (KPIs) for your containerized apps.
Start by figuring out exactly what your service needs to provide, in terms of memory, network speed, CPU bandwidth, and other key capacities. Analyze your daily, weekly and monthly usage patterns, so you’ve got a clear idea of how much traffic can be expected to spike, and when that’s likely to happen.
2. Assess security vulnerabilities and implement measures to prevent breaches.
Containerized apps present a number of significant security risks – including the possibility of unintentional privilege escalation, password encryption breaches, and attacks on the host itself. Patching a security hole costs far more after deployment, so take proactive steps to integrate third-party tools that will help you identify potential vulnerabilities in container images and packages.
3. Set up a system for scanning and monitoring containers and images.
The most effective way to prevent security vulnerabilities – as well as crashes due to poorly-configured containers – is to implement a system for tracking all container images and identifying container images that present potential risks. Many third-party developers provide image registries which will help you identify containers, pinpoint potential misconfiguration issues, and maintain clear views of the privileges with which each container is running.
4. Implement your scanning and monitoring system on a secure host.
Now that you’ve developed a plan for preventing security breaches, and for tracking and analyzing all container images you use, the next step is to choose a secure host operating system and software package. Once your secure host is up and running, you’re ready to install your containerized runtime environment.
5. Track every KPI and keep an eye out for meaningful patterns.
Here’s where all your careful prep work really demonstrates its value. Keep track of all the KPIs you identified in step one – and also keep a lookout or potential security or misconfiguration issues. By detecting these patterns before they grow into threats, you’ll be well-equipped to cut them off at the root and keep your service running smoothly and securely.
By following these five steps, you’ll be able to leverage the power and agility of containers, while keeping your users safe from security breaches and downtime issues.