If you’ve been anywhere near the IT industry over the last five years, you’ve very likely heard of the container platform Docker. Docker and containers are a new way of running software that is revolutionizing software development and delivery.
What is Docker?
Docker is a new technology that allows development teams to build, manage, and secure apps anywhere.
It’s not possible to explain what Docker is without explaining what containers are, so let’s look at a quick explanation of containers and how they work.
A container is a special type of process that is isolated from other processes. Containers are assigned resources that no other process can access, and they cannot access any resources not explicitly assigned to them.
So what’s the big deal?
Processes that are not “containerized” can ask the operating system for access to any file on disk or any network socket.
Until containers became widely available, there was no reliable, guaranteed way to isolate a process to its own set of resources. A properly functioning container has absolutely no way to reach outside its resource “sandbox” to touch resources that were not explicitly assigned to it.
For example, two containers running on the same computer might as well be on two completely different computers, miles away from each other. They are entirely and effectively isolated from each other.
This isolation has several advantages:
- Two containerized processes can run side-by-side on the same computer, but they can’t interfere with each other.
- They can’t access each other’s data unless explicitly configured to do so.
- Two different applications can run containers on the same hardware with confidence that their processes and data are secure.
- Shared hardware means less hardware. Gone are the days when a company needs thousands of servers to run applications. That hardware can be shared between different business units or entirely different enterprise clients. The result is massive new economies of scale for private and public centers alike.
#docker #devops
