Google revs up Container Engine to drive Docker in its cloud Google has gone public with its love for containers and Docker in recent months, and to help its cloud customers get in on the action, on Tuesday it announced a hosted version of its Kubernetes container orchestration software for use with Google Compute Engine (GCE). Speaking at the Google Cloud Platform Live event in San …
Who wants to use Containers which have rather poor levels of instance separation and only support Linux?
Azure is more performant by any measure and offers properly isolated VMs. Azure also supports Linux and, more importantly for major deployments, Windows.
Game over if you ask me. Expect Container to wither on the vine over the next few years.
Let me see, where to start? Loads of operating systems use containers. They've been around for many, many years in fact. Someone whose knowledge doesn't extend beyond a single vendor's products (Microsoft's) may have very limited experience, but there have even been recent Reg articles on this for those who have been paying attention.
Now given that it is very obvious that the AC has no clue about containers, why should we believe anything he has to say about other subjects such as Azure? Indeed, the prudent thing to do would be to assume the the complete opposite to what he said was true.
Let's go a bit further. Why would this AC post such obvious rubbish about containers? Why not post under his own name and ask someone to explain containers to him? Well, there's a PR tactic which says that if you don't have a reasonable counter argument, then start a flame war. The idea is to derail reasonable discussion, which short-circuits any positive news generated for your competitor.
This tactic can works well when dealing with buyers who don't know very much what they are researching. They see a generated "controversy", and think "where there's smoke, there must be fire, so I had better stay away from this".
When you are dealing with an educated and informed audience though, this tactic tends to backfire. People see rubbish and they *know* it's wrong. They then become suspicious about the quality of the products promoted by the AC. After all, if they did have something competitive to offer, why would they need to resort to such tactics?
So here's to our AC marketroid - your life must be pretty dire if all you have to look forward to each day is posting rubbish on forums around the Internet.
Okay, time for a quick lesson.
Containers run as part of the host kernel. If you want to connect to different networks, everything goes though the same stack (even if you have multiple physical cards). You can have user namespaces to give separation, but this is far from ideal.
Containers also used a crude black-list for seccomp, rather than a more robust, per application white-list. i.e. everything is allowed by default, rather than everything being blocked unless excepted (with sensible defaults).
As Containers are part of the host kernel you cannot run a, say, Linux Container on Windows. Heck, even Linux on Linux could be a problem is the implementing distros (live host and container origin) are different enough.
None of those (and others) are a problem with an actual hypervisor.
The hypervisor kernel is totally separate to the guest kernel. So network separation etc is less of an issue. You can now run any OS on top of any other OS as well. You will have a small overhead from the hypervisor but if you are using an efficient on (e.g. Hyper-V) this is a non-issue in production and more than off-set by the *MASSIVE* increase in security.
Containers are a fad. Perhaps OK for dev or testing, should not be used in production. Ever. Well, not unless you want a breach in on Container to expose your entire organisation.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
