Container applications

- [Instructor] So let's talk about what we do with containers or container applications. First, let's talk about what's important. You need to understand the limitations and the advantages of using containers. First and foremost, they're not applicable everywhere. They shouldn't be used each and every time you build a net new application or each and every time you migrate an application to the cloud or to containers. Then pick the best use cases for the container technology. What's important within your enterprise? What's a good fit for what containers do well in terms of isolation of the technology, portability.

Performance. Learn from what's real versus what's a myth. Let's talk about some myths about containers. Myth one, just throw everything in a container and move it to the cloud. It's much more complicated than that. Different target storage technologies. Different network technologies. How we move the data. How we achieve security parity. How does Ops change. So, this is not about just throwing an application in a cloud.

How does patching occur? How do we do an audit? All of these sorts of things need to be thought out ahead of time. Typically containers, while important, are not going to be the best target platform for moving into the cloud. Myth two, containers are not secure. Maybe true 18 months ago, two years ago, but not now. Large ecosystems of security vendors are filling the gaps. Smaller attack surfaces. Short life. Less time exposed.

Key management, image certification, limited ports. All those things are built to containers. The vulnerabilities have been deleted, diminished, or removed entirely. Minimized amount of commands available. So, Docker has taken the right steps to ensuring that containers aren't as vulnerable as we think. Myth three, to secure containers you must run in a VM. Maybe true 18 months ago, but not now. Worth doing if it makes sense, if you feel more secure, but it's really unnecessary.

You don't need to run containers within a virtual machine. May actually be more secure than VMs now. Can inherit strong security features from the cloud provider. In other words, like you're running on Amazon AWS. Then you can leverage their identity access management, their encryption services within their container services. Short lived and small attack surface. Myth four, containers simplify deployments. Partly true. If architected correctly, as I mentioned earlier in the course, it can drastically simplify the code push.

You still need to address people and process changes. Containers by itself is not enough. Application design is required as well.