“We needed something that could give us the hardware virtualisation-based security boundaries of virtual machines, while maintaining the smaller package size and agility of containers and functions.”
UPDATED 23.54 GMT with comment from CloudBees CEO Sacha Labourey, Sumo Logic VP Jabari Norton
AWS has added 160+ new container-based products to its Amazon Marketplace software catalogue, including from a wide range of independent software vendors, as it launched a “container competency” programme this week and rolled out a raft of new tools including a micro-VM manager dubbed Firecracker.
Speaking at the cloud giant’s Re:Invent conference in Las Vegas on Tuesday morning, AWS’s Terry Wise said: “Customers love the portability and flexibility of containers – it’s been one of the hottest topics over the last 18 months. Containers are becoming the de facto standard, certainly for new applications being deployed but also applications that are being refactored to run in a cloud environment.”
The use of containers has surged as both developers and IT seek the ability to build, manage and secure applications without the fear of technology or infrastructure lock-in. (A container is a unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another).
CloudBees CEO Sacha Labourery told Computer Business Review: “In 2018, not having a strong public cloud and container strategy has clearly become a career-limiting move for any CIO. It’s becoming increasingly harder to hide behind one’s finger.”
He added: “As for Firecracker, it is very exciting to see the level of innovation that’s ongoing in the container world. While the first wave of container innovation has focused on reducing speed and memory overhead, security was sometimes a concern to enterprises, especially in shared environments. As such, it is great to see ongoing innovation happen on the security/isolation front as this will even further accelerate the adoption of containers and Kubernetes in organizations.”
AWS Containers Competency Programme Launched
Like other third party software purchased in the AWS Marketplace, customers can deploy the containers offering of choice, then get the service charges as part of their monthly AWS bill, the company said. (A private marketplace meanwhile, launched today, allows IT admins to create a customised catalogue of product offerings from third-party vendors that align with an organisation’s approved vendor and product policies, making life a little easier for those with compliance concerns.)
The programme, which spans 38 categories ranging from DevOps to Big Data across a range of industry verticals (including financial services and industrial software), identifies partners that are “qualified to help customers manage container cluster workloads, build, test, and deploy applications… across specific workloads, industries, or solutions.”
Launch partners include Canonical, CloudBees, Docker, RancherOS, Redhat, Shippable, SUSE, Tigera and Trend Micro among others.
Sumo Logic’s Jabari Norton, VP Global Partner Sales and Alliances, told Computer Business Review: “AWS adding a Container Competency to its existing APN competencies program shows how the market is moving to more microservices-based applications and technology stacks. A certification like this helps grow the number of companies and individuals capable of delivering these projects successfully, ensuring technical proficiency around using containers within AWS.”
He added: “Across the industry, there is more education needed to help users deploy and use containers at scale, strengthen container security efforts and avoid potential mishaps across the software supply chain due to poor image management. We see more companies wanting to make use of containers on public cloud, as they help companies be more agile in their deployments; this initiative will continue to support this development.”
Micro-VMs for containers in 125 ms, open-sourced, based on KVM.
— Abby Fuller @ AWS #reInvent (@abbyfuller) November 27, 2018
The dominant public cloud provider meanwhile also rolled out a secure micro-virtual machine manager (VMM) dubbed Firecracker, that launches microVMs in just 125 milliseconds. It consumes about 5 MiB of memory per microVM and can run thousands of secure VMs with widely varying vCPU and memory configurations on the same instance, AWS said.
Firecracker, written in Rust, has been launched as an active open source project and is being used by AWS Lambda, the company’s serverless computing platform, as the foundation for provisioning and running customer code sandboxes, the company said.
Its AWS Fargate compute engine meanwhile now executes tasks on Firecracker MicroVMS, rather than on one or more Docker containers running inside a dedicated EC2 VM to ensure isolation across Tasks.
“This allows us to provision the Fargate runtime layer faster and more efficiently on EC2 bare metal instances, and improve density without compromising kernel-level isolation of Tasks,” AWS’s Arun Gupta and Linda Lian said in a blog.
Firecracker currently runs on Intel processors.
Support for AMD and ARM is coming in 2019, AWS said.