Red Hat strips down for Docker
The Red Hat Enterprise Linux 7 Atomic Host strips away all the utilities residing in the stock distribution of Red Hat Enterprise Linux (RHEL) that aren't needed to run Docker containers.
Removing unneeded components saves on storage space, and reduces the time needed for updating and booting up. It also provides fewer potential entry points for attackers.
Containers are valuable for organizations in that they cleanly separate the application from the underlying infrastructure, explained Lars Herrmann, Red Hat senior director of product strategy.
Developers can focus just on the code itself, and not worry about fitting the programs to the supporting operating system and middleware. Organizations benefit from containers because their workloads can be moved around easily, from one cloud provider to another, or from an in-house deployment to a cloud deployment.
"The operations team can now optimize the infrastructure for reliability, performance, and cost," Herrmann said.
Since its debut in 2013, Docker has become popular with developers and organizations, and has been downloaded over 100 million times. The software provides a way to package an application along with its dependent libraries so it can be easily and quickly run on any Linux platform.
To help manage containers, the RHEL Atomic Host package includes Kubernetes, open source software from Google that provides a way to orchestrate the operation of large numbers of containers across multiple servers. Kubernetes provides a way to specify what each container needs, and what capabilities each run-time platform provides.
To speed updates, the distribution can be updated with new patches from Red Hat while it is still running. If there is an issue with the updated software, the distribution can be rolled back to the earlier state.
For security, each Docker container is isolated through a number of technologies, including SELinux (Security Enhanced Linux) security module, and the cgroups resource allotment tool.
Red Hat is one of a number of Linux distributors that have developed custom distributions for running Docker. Canonical has released a trimmed down version of Ubuntu, called Snappy, to address this use case. CoreOS's self-titled distribution was developed specifically for running in cloud environments, and features native Docker support.
Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com