This content is part of the Essential Guide: Containers-as-a-service providers take some pressure off IT

Unwrap containers-as-a-service challenges and best practices

Despite the benefits of containers as a service, integration and security issues can plague a deployment. Pick the right provider and follow best practices to ease those troubles.

Most enterprises today believe containers will drive value, and, in many cases, those organizations want to use containers through a cloud service -- a model known as containers as a service -- rather than on premises.

Here's a breakdown of containers as a service benefits, challenges and current options on the market.

Containers-as-a-service benefits

The reason enterprises want to use a cloud-based container service, rather than deploying containers on premises, is similar to why they want to use compute servers and storage systems in an infrastructure-as-a-service cloud. These reasons include:

  • More efficient sharing of resources;
  • Smaller or no hardware and software footprint on premises;
  • Huge cost advantage; and
  • Centralization of repositories for container image distribution.

With containers as a service, organizations can avoid the complexity and cost of setting up their own container development, deployment and runtime environment by renting a fully equipped environment from a cloud provider. Since it is a service, the cloud provider makes any updates to tools, images and repositories on their users' behalf. In addition, providers typically have an ecosystem built around their containers-as-a-service offering, allowing users to obtain databases, security, management and other services to support their container deployment.

Containers-as-a-service drawbacks and challenges

Containers as a service is not a perfect model; it comes with its own brand of challenges. For the most part, the biggest challenge when dealing with cloud providers is integration with external resources, meaning resources that reside on premises or on other cloud platforms. This integration doesn't come naturally for most containers-as-a-service offerings, since they typically require custom configurations or redevelopment to enable communication with these external resources.

Other issues include container-based security, such as encryption services, which can also be difficult to integrate, since users might need to build an API call from the containers to those services. There are third-party tools that can help with these container integration challenges, such as Aqua Security and Twistlock, but organizations should carefully map out their requirements before choosing one. 

Containers-as-a-service best practices

Before picking a containers-as-a-service offering, understand your core requirements, including those for performance, security, governance and management. When it comes to choosing a containers-as-a-service provider, enterprises sometimes get distracted by big brand names, such as Amazon Web Services (AWS), and ignore the core issues they are attempting to solve.

If you overlook compliance issues, for instance, they could toss a monkey wrench into your containers-as-a-service deployment, potentially forcing you to move back on premises or to evaluate another containers-as-a-service provider. Check if your containers-as-a-service provider has compliance features that can help you solve these problems.

Learn all you can before moving to a containers-as-a-service offering. This includes taking time to understand what you need, when you need it and creating a container vision for your enterprise.

Options in the market

So, which containers-as-a-service offerings can you choose from today? Azure, AWS and Google all have services that support Docker containers. These options are Azure Container Service, AWS Elastic Compute Cloud (EC2) Container Service (ECS) and Google Container Engine (GKE).

Azure Container Service, the newest of the three services, is based on Apache Mesos. This open source container orchestration system is often preferred by those who are moving from a Windows environment.

Mesos, which is used by companies such as Netflix and eBay, is considered one of the most scalable container orchestration services. Mesos competes with Kubernetes, Google's open source container management system, as well as Docker Swarm.

Last year, AWS ECS had a number of operational issues, such as the inability to monitor containers at a fine-grained level. AWS has since fixed that issue, as well as other issues around performance. Out of all the major vendors, AWS' containers-as-a-service offering seems to be the most improved compared to last year.

GKE remains a strong player, with tight integration for AWS CloudWatch, as well as Kubernetes. GKE also provides updates that align closely with the Kubernetes release cycle -- a helpful feature for enterprises, since Kubernetes clusters can be a challenge to deploy and upgrade.

Before choosing a provider, check your enterprise requirements and compare them closely to what each provider can offer. Also, consider your future requirements, and make sure the container service will continue to grow and meet those needs.

Next Steps

Examine five alternatives to Docker

Where do containers fit into cloud?

Choosing containers vs. VMs for cloud

Dig Deeper on Managed Kubernetes and container services