alex_aldo - Fotolia
Cisco recently introduced a new open source project called Contiv that's designed to automate operational policies for containerized applications in the cloud. How does Contiv accomplish this, and is this something that security managers should look at to help with deploying security policies for a container platform?
Containers are lightweight virtual machines that use operating system-level controls to isolate processes and allocate subsets of available resources, such as CPUs and RAM. Containers run natively on an operating system; for now, Linux is the most frequently used container host OS.
Docker is the most popular container platform, combining tools for building container images and for running them. The Docker build command, for example, uses scripts known as Dockerfiles to build images with specified components. This is a powerfully flexible way to deploy consistent images and share them within and across organizations. This, in turn, enables well-established DevOps practices, such as continuous integration and testing.
Docker also enables the use of scalable microservices. As demand for a service increases or decreases, additional Docker images can be deployed or shutdown, to add or remove servers running the microservice.
This kind of flexibility can lead to management chaos if not properly coordinated. Contiv is an open source tool designed to help DevOps professionals manage a large number of containers in a dynamic environment. Contiv lets administrators define network, compute and storage policies related to containers. This streamlines the process of keeping deployed containers compliant with infrastructure policies.
Some of the most important policies relate to security controls, network services such as firewalls and load balancers, resource allocation such as bandwidth utilization and latencies, storage policies and of course, access to compute resources.
Two specialized projects are currently underway: Contiv Network, which addresses network services, and Contiv Volume, for storage services. Contiv could be used to implement a declarative infrastructure, sometimes called infrastructure as software. This is especially important from a security perspective because it is a well-defined and configured policy that, if executed, can reduce the chances of misconfiguration.
Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)
Find the right container platform for your organization
Read more about the leaders in cloud container services
Learn about the Open Container Project and what it means for container security
Dig Deeper on Cloud Computing Software as a Service (SaaS) Security
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading
AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users. Continue Reading