Canonical Promises Easy, Secure Containerized Apps for Ubuntu with LXD
Turn on, tune in, drop out—without Docker! That—or, uh, something like it—is the container management experience Canonical hopes to deliver by bundling LXD, the open source containerized app framework, into the latest version of Ubuntu Linux, 15.10, which was released a few days ago.
Turn on, tune in, drop out—without Docker! That—or, uh, something like it—is the container management experience Canonical hopes to deliver by bundling LXD, the open source containerized app framework, into the latest version of Ubuntu Linux, 15.10, which was released a few days ago.
Well, OK. Canonical isn't actually using Timothy Leary's catchphrase to promote LXD, whose name is only coincidentally similar to LSD. (The two acronyms are pronounced differently, too; "LXD" only has two syllables.) But part of the pitch behind LXD, an open source container management platform that Canonical is promoting as an alternative to Docker, is that it makes it easier than ever to set containerized apps in motion and step away.
Security is another important part of the LXD pitch. Canonical promises "hardware‐guaranteed security" for apps running in containers through LXD.
That's important because security concerns have been a major barrier to container adoption in the enterprise. Whereas "real" virtual machines—meaning those that run on hypervisors that virtualize an entire operating system—can be easily separated from one another and the host platform to ensure security, containerized apps run in lightweight virtual environments and share resources. That makes segregation more difficult.
According to Canonical, LXD solves that issue by leveraging hardware-level resources to make LXD containers as secure and flexible as traditional, hypervisor-based virtual machines. "We’re working with silicon companies to ensure hardware‐assisted security and isolation for these containers, just like virtual machines today," the company said. "We'll ensure that the kernel security cross‐section for individual containers can be tightened up for each specific workload. We'll make sure you can live‐migrate these containers from machine to machine. And we’re adding the ability to bind storage and network interfaces to the containers, just like virtual machines."
Built-in LXD support is one of the new features in Ubuntu 15.10, which was officially released Oct. 22. Ubuntu still supports Docker, the other major open source containerization platform, if users install it on their own. But by baking LXD into Ubuntu, Canonical clearly hopes to steer Ubuntu users toward the latter.
Ubuntu 15.10 pairs LXD with Autopilot, an OpenStack management tool for building and controlling clouds. Put together, LXD and Autopilot—both of which are homegrown tools from Canonical itself—offer streamlined orchestration and management for people using Ubuntu as a hosting platform.
About the Author
You May Also Like