Docker and Containers are taking the application development world by storm, but with all of their benefits there are some limitations and challenges. One key challenge is security between containers, especially when those containers are in different security zones. The early adopters of containers at scale (e.g. Google, Twitter, Apple) have fairly consistent security requirements across their applications. In areas like Financial Services and Medical Records, companies have widely different security requirements. Today there are no solutions within the Docker ecosystem to fulfill those security requirements while maintaining performance and scale.
At the OpenStack summit this week, we demonstrated a solution to this problem using OpenStack Heat Orchestration, Ironic Bare Metal integration, and Neutron Networking with Nuage Networks Virtualized Services Platform (VSP). See the full demonstration here.
This solution uses:
– A Neutron extension to provision ports on the Nuage VSG hardware gateway
– An Ironic extension to coordinate the port provisioning
– Heat templates to deploy the application
This allows deployment of secure, flexible, scalable bare-metal clusters that interwork with OpenStack VMs elsewhere in the Datacenter.
At the summit we are working with the OpenStack community to design common APIs for Neutron provisioning and Ironic orchestration.