Docker on a Spending Spree to Strengthen Security and Orchestration

by Paul Rubens

What began as a "simple" application, containerization is evolving to incorporate management, orchestration, networking, clouds and then... who knows?

Software container company Docker has pulled out its checkbook yet again to feed its acquisition habit, and this time it's come away with SocketPlane, a software-defined networking (SDN) startup that's only been in existence for a very few short months. Virtually Speaking

The move follows Docker's acquisition of London-based Orchard Laboratories, the company behind the Fig container orchestration service, and Koality, a quality and testing tool maker.

What these acquisitions all have in common is that they are just as much about acquiring the software engineering talent of those employed by these companies as they are about the firms' technologies.

In the case of SocketPlane, Docker will be adding six new employees to its headcount, and all are highly experienced in networking at companies like Cisco, Red Hat and HP. They are also experienced in software-defined networking, having previously been associated with the likes of OpenStack, Open vSwitch and Open Virtual Network.

SocketPlane's aim was to deliver Docker-native networking, and it had been actively working on Docker's open networking API. As part of Docker, the team will complete a set of networking APIs, according to Solomon Hykes, Docker's CTO

"Networking is a critical part of the stack for distributed applications and has become an increasing area of focus within the Docker partner ecosystem due to the rapid growth in multi-container, multi-host applications," Hykes says. "To sustain the velocity of community advancements in open, modular and secure Docker networking, we felt we needed to support those efforts with a dedicated team."

Orchestration Key to Recent Docker Acquisitions

Now if you take a look at Docker's marketing literature these days you'll see the company describes itself as "…an open platform for developers and system administrators to build, ship, run and orchestrate distributed applications." And it's the orchestration bit that is key.

That's because Docker would like containerization technology to be used in building huge, multi-data center applications that can be moved around from one data center or cloud to another. Buying Orchard was a big step towards being able to manage and orchestrate large-scale applications, and in December the company announced its platform services for orchestrating multi-container distributed applications.

These, the company explained in a startlingly long sentence, are "designed to empower developers and sysadmins to create and manage a new generation of portable distributed applications that are rapidly composed of discrete interoperable Docker containers, have a dynamic lifecycle, and can scale to run in concert anywhere from the developer's laptop to hundreds of hosts in the cloud."

OK, so back to SocketPlane. If it's really Docker's vision to be able to orchestrate gazillions of containers all over the place, then it needs to make it easy for all those containers to talk to each other using its own API.

SDN is important for Docker, the company says, "to provide infrastructure freedom of choice where admins can select which networking "batteries" are right for an application-specific use case. In this manner, all aspects of networking can be software-defined with complete portability that ensures a distributed application is not bound to a specific vendor or cloud provider."

We're not sure about the batteries analogy, but the idea is that a Docker-based application will be able to work with any underlying networking gear — Cisco's, Juniper's or anyone else's, hopefully — in any data center or public or private cloud.

Docker Starting to Sort Out Its Security Strategy?

Before it goes too far with its large-scale strategy one thing the company needs to do is sort out its security strategy, which has been criticized by the likes of Gartner and container rival CoreOS's Alex Polvi.

The company has taken initial steps to address this issue with the announcement on March 3 that two Square programmers — Nathan McCauley and Diogo Monica — are joining Docker to lead the security team. "We've built, managed and secured distributed systems at scale, and now with Docker we can take what we've learned and build security directly into the distributed application platform," says Monica.

Containerization is similar (but not the same) in concept to server virtualization technologies, and what's striking about all this is that Docker is traveling along a very similar trajectory to VMware. Docker started later, and is therefore following a few years behind.

VMware started with server virtualization and has since moved into network and storage virtualization technologies, software-defined data centers, hybrid clouds and even mobile device management.

Thanks to a $40 million funding round completed in September, Docker has (or had) cash to spend on new technology and new faces. And what started as "simple" application containerization is developing to incorporate management, orchestration, networking, clouds and then… who knows?

Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.

Follow ServerWatch on Twitter and on Facebook

This article was originally published on Monday Apr 6th 2015
Mobile Site | Full Site