How agencies can use containers for IT (not just shipping)

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Sanjeev Pulapaka and Munish Satia
 

Connecting state and local government leaders

By Sanjeev Pulapaka and Munish Satia

|

Despite its relative novelty, containerization is rapidly changing the technology landscape, and agencies should consider taking advantage of the benefits it offers.

The government is often unable to mirror the private sector’s efficient use of technology resources. One key reason is the government’s tendency to operate in silos, with different teams for IT development, infrastructure and operations. This problem is more prominent in government because public agencies separate responsibilities to avoid risk. Perhaps that same risk aversion causes agencies to avoid adopting newer, leaner processes for fear of compromising security, traceability and accountability.

That risk aversion and those silos can be resolved using a technological innovation called a container. Containers make it possible for agencies to invest in automated, efficient DevOps processes without sacrificing traceability, accountability or security. Perhaps even more important, containerization and a microservices architecture can be used together to permit efficient upgrades and the addition or substitution of features, potentially avoiding the need for expensive replacement of an entire system when a federal agency is assigned a new or changed mission.

There are some challenges, however, to adopting containerization. We have identified the four most significant challenges and have suggested best practices to help agencies overcome each.

What is containerization and what are its benefits?

Containerization is an approach that bundles applications as well as their dependencies into a software package called a container image. This image is executed as a container process (or, more simply, a container) running on a special software engine that interfaces between the container and the operating system. Containers can be moved easily between environments and operating systems/platforms, but once a container image is created, it cannot be changed. New containers can be added to an existing system or used to replace an outdated container. The figure below illustrates an executing container.

container stack

A software developer can create an image of tested software that can be moved easily without having to install and configure the dependencies specifically for each environment. This makes it efficient to migrate applications from one environment to another, from development to quality assurance to production or from in-house to the cloud, while ensuring traceability via the immutable nature of the container.

Containers have four distinct advantages that, taken together, provide significantly increased efficiency. They:

  • Reduce the need for duplicate operating system code.
  • Provide faster spin-up/launch of applications (seconds versus minutes).
  • Consume orders-of-magnitude less capacity (megabytes versus gigabytes).
  • Can be executed on shared virtual machines or stand-alone, physical “bare metal” servers.

Challenges to overcome

Containerization works particularly well in a multivendor environment because it provides increased portability and traceability. However, the technology introduces fresh challenges for government organizations, including:

Monolithic architecture and legacy technology. Many older technologies (Oracle Forms, Microsoft .NET) are not effectively compatible with containerization. The designs and architecture of some of these applications are monolithic and do not allow easy separation of the application into independent modules suitable for containerization. Furthermore, containerization could increase production problems because of the limited flexibility and scalability of the application.

Infrastructure constraints. Implementation of a containerized ecosystem for a large program could call for hundreds of thousands of containers. The sheer number and resulting complexity could increase risks that a security attack might succeed. It also increases the amount of network traffic, potentially degrading performance. Troubleshooting applications and diagnosing a problem among the vast number of containers can be a challenge.

Lack of streamlined processes. In government organizations, development and operations teams often work separately and use separate environments. Although many development teams in government use an agile approach, most operations teams do not. Thus, their processes don’t support continuous container-based handoffs and deployments. Consequently, resolving conflicts and quality issues can be delayed, offsetting the efficiency gains from containerization.

Organizational culture and knowledge. One of the biggest challenges in working with containers is a lack of staff knowledge about the technology. Other challenges are the culture and structure of teams. With containerization, developers deploy software while infrastructure teams mainly set up and maintain environments. Traditionally organized IT teams might not transition effectively to these new roles.

Getting started

Before adopting containerization, agencies should first determine the results they are seeking and understand the changes the technology will bring. An initial effort should study the existing environment, present technology options to stakeholders, define a strategy and implementation plan, and test the selected technology. To inform that strategy and implementation plan, we’ve identified four best practices to overcome the challenges identified above:

Migrate to a microservices architecture. Government agencies should adopt a microservices architecture for migrating from any monolithic system structure to a modularized application architecture with modern technology. A microservices architecture approach to application development breaks an application into simple, well-defined modules that are not dependent on one another. The mutually independent nature of each microservice provides an excellent set of building blocks for containerization.

Set up the infrastructure required for container operations. The type of container and associated developer tools are among the first decisions that need to be made. The table below shows types of technologies and specific example tools. Agencies can select tools individually or adopt them as a cloud-based group called a containers-as-a-service platform. Common CaaS platforms include Amazon ECS, Red Hat OpenShift, Apcera and Google Compute Engine.

Types of container technologies and sample tools

container types

Change development and operations processes. Containerization allows development teams to package all their code and necessary dependencies in one container and then automatically deploy that container across multiple environments (e.g., development, quality control and production), either on-premises or in the cloud. Consequently, the time spent installing and configuring dependencies is eliminated, dramatically reducing deployment time and increasing efficiency. (For more information, see “DevOps in the Federal Sector.”) Containerization also requires a new deployment process, depicted below.

Process for deploying applications using containers

container deployment

Manage organizational impacts. Agencies should understand that adopting microservices and containerization is a journey that requires careful nurturing and support. Teams should be ready to think and operate differently by adopting an agile and continuous deployment mindset.

Despite its relative novelty, containerization is rapidly changing the technology landscape, and government agencies should seriously examine the technology sooner rather than later to take advantage of the benefits it offers. These benefits primarily include:

  • Faster deployment of new applications.
  • The ability to change or add one feature to an application without redesigning or replacing the whole application (when containerization is combined with a well-designed microservices architecture).
  • Lower costs and risks associated with multiple computing environments.

Those benefits are particularly important to government agencies because laws and policies tend to change frequently, one facet at a time, while the government’s monolithic technology tends to be much less flexible and more expensive  to change. Careful planning and investment, aligned with the best practices discussed in this article, will position agencies to use containerization in their mission to efficiently and effectively serve the American public.

NEXT STORY: Deep learning quickly finds structures affected by lava

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.