Enterprise Decision Maker
By Roy Illsley 21 Nov 2019
The data center has been the epicenter of the IT delivery environment for organizations for the past 30 years, but with the rise of cloud computing this is now changing.
Kata Containers is an open source project that is designed to address the security concerns associated with containers, namely the shared kernel technology, and how different workloads or environments can be isolated. Kata Containers combines technology from Intel Clear Containers and Hyper runV. The code is hosted on GitHub under the Apache 2 license and the project is managed by the OpenStack Foundation. Ovum believes that interest in Kata Containers will accelerate as the ability to isolate container workloads successfully to the same degree that virtual machines (VMs) can be isolated will become an issue for some market segments.
Kata Containers consists of six components: Agent, Runtime, Proxy, Shim, Kernel, and QEMU.
Agent: The Agent interfaces with the Runtime, and runs inside the VM, where it supports the spawning of processes and containers.
Runtime: Runtime is the command-line interface access to Kata Containers and manages the host environment. The runtime is OCI-compatible, allowing it to work seamlessly with both Docker and Kubernetes.
Proxy: A Kata Proxy instance is launched for each VM to handle multiplexing and de-multiplexing commands and streams.
Shim: The Shim manages the communications between the container and the Agent. It uses Google's Remote Protocol Call (gRPC) to make direct calls on the application, and does this on different machines, while still making it look like a local object. The Shim is needed because it is not possible to monitor the container process directly from the host operating system, so the Shim acts as the container process, and the container process reaper then monitors this.
Kernel: The lightweight VM created by Kata Containers requires a guest operating system and a guest kernel to create and boot the container inside the guest operating system.
QEMU: QEMU is a full virtualization open source solution for Linux.
The concept behind Kata Containers is to build an OCI-compliant, lightweight VM that operates and behaves like a container. Using this approach, Kata Containers can offer a higher level of workload isolation beyond using namespaces that current OCI-compliant containers use. Kata Containers provides this isolation at different levels depending on the technology being used. For example, for Docker environments the VM isolation is at the container level. However, for Kubernetes the VM isolation is provided at the pod level.
Roy Illsley, Principal Analyst, Infrastructure Solutions
Enterprise Decision Maker, Enterprise Technology IT
By Richard Palmer 21 Nov 2019
It is essential to be digitally fit in the current marketplace. DigitalFit provides a straightforward means of assessing the main dimensions of digital fitness across strategy, customer engagement, processes, organization, and technology platforms.
Enterprise Verticals, Enterprise Technology IT, Enterprise D...
By Daniel Mayo 21 Nov 2019
While hindsight can always make mistakes seem obvious, there are a number of important lessons from the TSB review for enterprises considering large-scale legacy modernization projects.
Europe, Middle East & Africa team: +44 7771 980316
Asia-Pacific team: +61 (0)3 960 16700
US team: +1 212-652-5335
Already an Ovum client? Login to the Knowledge Center now