Red Hat Summit 2017: Inside the latest with open source tech
Reporting and analysis from IT events
Container cluster abstraction layers dangle a new infrastructure automation alternative between relatively unintelligent IaaS and traditionally highly opinionated PaaS -- but will enterprises take the bait?
Platform as a service (PaaS) offerings such as Heroku, Red Hat OpenShift and Cloud Foundry have long used containers -- or sub-OS workload segmentation -- as a unit of execution under the covers, since containers allow for fine-grained infrastructure sharing while keeping individual workloads separated.
As containers move toward production use outside of PaaSes in the cloud, they are increasingly being deployed in clusters of server infrastructure that are heavily orchestrated to automate the deployment of containers, as well as the deletion and recreation of containers that become unhealthy.
That's still the case with newer PaaS offerings as well, but the recent containerization craze is not so much about how containers segment workloads but how they are managed at scale. The need to manage massive numbers of tiny objects key to container orchestration has populated sophisticated cluster abstraction layers, such as CoreOS's Tectonic, Apache Mesos and Google's Kubernetes.
These cluster management tools bring new automation to IT infrastructure and free IT pros from manual, individual management of machines. This maintains one of the founding principles of PaaS, while allowing more direct control over the infrastructure than traditional highly abstracted PaaS offerings.
New PaaS for a new audience
But developers won't quit traditional PaaS anytime soon. Rather, this new sub-PaaS abstraction appeals to a new generation of IT ops pros tasked with operating infrastructures to support modern app architectures that require a level of automation not possible with traditional infrastructure as a service.
"The target group who actually start using these technologies is, to a certain extent, different from the target group we focus on with the level of abstraction that PaaS provides," said Marco Hochstrasser, head of cloud platform development at Swisscom, a PaaS provider based in Bern that has recently begun to support Docker.
"It makes no difference to me what the container technology is," Hochstrasser said. But "Docker has broad adoption … and having a standard relaxes the market and enables the market to drive additional value on top [of it]."
Nirmal Mehtasenior lead technologist for the strategic innovation group, Booz Allen Hamilton Inc.
At large enterprises, Hochstrasser said, they might talk about Docker briefly, but soon shift to questions like how to deploy an app to PaaS from a desktop or how to get metro connectivity going. When he speaks to a customer's CIO and sys admins, "they talk about, 'why can Cloud Foundry not do this? Why can I not run an HAProxy of my own, why can I not configure this?'" Hochstrasser said. "It's a different angle and point of view."
The rising Docker tide is lifting all boats in PaaS, as this new audience breathes new life into PaaS even as it changes them technically.
"It's all starting to merge together as the same concept," said Nirmal Mehta, senior lead technologist for the strategic innovation group at Booz Allen Hamilton Inc., a consulting firm based in McLean, Va., who works with government organizations to establish a DevOps culture.
"PaaS accelerated the adoption of containerization, which in turn will accelerate the adoption of PaaS," he said. "Right now we're at the beginning of the battle that's going to occur between all these competing platforms around container orchestration, and platform as a service is kind of the veneer that's wiped over all these other components that you need to orchestrate containers."
Old PaaS dogs learn new tricks
For IT ops new to supporting microservices, newer PaaS offerings, such as Apcera, offer a policy-based alternative to manage IT infrastructure thatdoesn't require IT to cede total control to a cloud service provider or developers within the organization.
Apcera's policy-based resource configuration was different than what one customer had seen with most other PaaSes, according to Juan Garcia, CTO of nextSource, a staffing service provider based in New York.
"Their ability to build semantic pipelines, and being able to configure access from our applications to our microservices to each other without having to understand the networking layers … is pretty neat and unique," Garcia said.
Most app developers don't care whether containers are running in the infrastructure beneath a PaaS layer--how the infrastructure is configured is not their concern. But for IT ops pros, container orchestration platforms offer a way to do the important work of converting legacy infrastructure supporting traditional apps to the new microservices-based world.
Red Hat's OpenShift, for example, has PaaS layers that offer app delivery and continuous integration services that container schedulers such as Kubernetes don't feature, but it has swapped out a 'cartridge'-based container orchestration system for a user-configurable Kubernetes substrate.
OpenShift offers the best of both the traditional IaaS and PaaS worlds, according to Dietmar Fauser, vice president of architecture, quality and governance for Amadeus IT Group SA, a travel technology company headquartered in Madrid.
"This gave us a path to stick to existing applications without changing them fundamentally or rewriting them in Java," Fauser said. "With a reasonable investment, we bridged the service registration environment that is Kubernetes with our own communications system."
The case for traditional PaaS
There are still arguments for highly opinionated PaaS offerings, of course, not the least of which is that container orchestration schedulers are very new and tougher to set up than entering a credit card number to spin up a traditional PaaS in the cloud.
"Large enterprises like standardization because of security and regulatory compliance," said Josh McKenty, field CTO for Cloud Foundry at Pivotal. "They like knowing that they only have one way to do logging, and they only have one way to do authentication, and they have a nice mix of SQL and NoSQL options, but not every option under the sun."
Startups, in the meantime, often have one novel problem to solve rather than hundreds of established apps, and "they like to reinvent everything in whatever the cool language of the moment is," McKenty said. "Enterprises are looking much more for the 80% opinionated platform rather than something that can be finely tooled to solve a single problem."
It's unclear which way enterprises will go, according to Mitchell Hashimoto, founder of HashiCorp, which makes the open source Nomad platform that is also aiming for a midpoint between traditional IaaS and PaaS.
"We're not seeing production enterprise usage of schedulers, though we are seeing interest," Hashimoto said. "Most of the shops with this in production are cutting edge tech companies, Silicon Valley Web 2.0 types -- traditional business is still trying it out and kicking the tires."
Enterprises, such as Amadeus, that have waded in with Kubernetes since version 1.0 have experienced some growing pains.
"There are a lot of code changes, so you're still in a phase where you have to accept and retrofit, sometimes API changes, which are disruptive," Amadeus's Fauser said. "It's something we usually don't see from a partner like Red Hat, who is usually highly focused on stability."
Finding a happy medium?
Still, McKenty acknowledges that Cloud Foundry has changed to offer more flexibility in recent releases. Cloud Foundry also has a Route Services API in its next version, which allows customers to plug in third-party API gateways.
"There's kind of a move in Cloud Foundry to come to the middle as well," McKenty said.
This is true of PaaS bellwether Heroku, according to COO Alex Gross, now SVP at Salesforce, which acquired Heroku in 2010. Last year, for example, Heroku announced Private Spaces, which offers customers a private PaaS based on Amazon Web Services' Virtual Private Cloud tech under the covers.
Heroku now supports Docker as well. "If you want to go a little bit lower level and be able to do things a little bit further down the stack, we can offer that too," Gross said.
This doesn't mean that Heroku is totally changing its stripes, however. Building and running a PaaS with the introduction of new container orchestration frameworks is more feasible than it used to be, but it isn't less complex, especially given the availability, performance and compliance requirements that organizations have to meet, according to Gross.
"If companies are building and running their own PaaSes, they are doing it wrong."
Is Red Hat OpenShift PaaS right for you?
Discover differences between OpenShift and Cloud Foundry PaaS
Evaluate open source PaaS for app development
Amazon and Google go neck and neck with containers
Pivotal Cloud Foundry welcomes Kubernetes container orchestration