Hewlett Packard Enterprise advanced its Kubernetes strategy Monday with the release of its Container Platform, software that allows enterprises to deploy and manage containerized applications, highlighting the platform’s capability to run Kubernetes, the open source container orchestrator, on bare-metal servers.
HPE’s new platform, initially announced in November, was designed to run cloud native and non-cloud native applications on both bare-metal and virtualized infrastructure within on-premises data centers, in public clouds, and in edge computing scenarios, said Tom Phelan, chief architect for HPE Container Platform.
Enterprises that want to modernize legacy applications and move them to the cloud, for example, can do so without the expense of refactoring code by simply putting them into containers, he said.
“That’s where the HPE Container Platform shines: the ability to run all types of applications, whether they are cloud-native or not, in a containerized solution on premise or in the public cloud. It’s a true hybrid cloud solution,” Phelan told Data Center Knowledge.
HPE built the platform by integrating open-source Kubernetes software with technology of BlueData, which it acquired in 2018, and MapR, acquired in 2019, he said.
The company optimized Container Platform to run containers directly on bare-metal servers but still provide the performance and security customers expect, he said. This not only reduces costs, because enterprises don’t have to license virtualization software, but also boosts performance and reduces consumption of CPU, memory, and storage resources, according to Phelan.
“We believe that we can reduce the total cost of ownership for customers if they run on bare metal,” he said.
In Container Platform HPE has a competitive offering against its two primary competitors – IBM’s Red Hat and VMware – as a growing number of enterprises want to deploy containers, said Gary Chen, IDC’s research director of software-defined compute.
Red Hat’s OpenShift Container Platform is the market leader. Meanwhile, VMware offers PKS but has been busy developing Project Pacific, its big initiative to make Kubernetes native to its virtualization platform vSphere, and Tanzu, a parallel initiative to build a portfolio of products and services to help enterprises use Kubernetes with or without vSphere. VMware announced vSphere 7, the first version with Kubernetes built in natively, and a full suite of Tanzu products and services Tuesday, the day after HPE's Container Platform announcement.
Chen said HPE was touting bare metal as a competitive position against VMware. The virtualization software giant is majority-owned by Dell Technologies, HPE’s biggest rival in the data center market.
HPE is also in “coopetition” with its cloud partners – Amazon Web Services, Microsoft Azure, and Google Cloud Platform – which offer their own cloud container services.
Last June, for example, HPE partnered with GCP to integrate its hardware with Google Anthos, an open platform that allows enterprises to run apps in the public cloud or in their own data centers in a Google Kubernetes Engine environment. As part of the partnership HPE said it would offer an Anthos-as-a-Service offering on Greenlake, HPE’s portfolio of on-prem solutions available on a subscription or pay-as-you-go basis.
HPE’s introduction of Container Platform is part of the company’s larger hybrid IT strategy and efforts to make it easier for customers to deploy and manage on-premises or hybrid cloud environments, Chen said.
“It will be important because containers are the platform for the next generation of modern applications. It also will play a key role in portability. As we move to multi-cloud and hybrid cloud, Kubernetes is one tool that helps with that,” he said.
Today, more than 50 percent of enterprises are developing container environments, and about one-third have containers in production, but it’s still a small footprint, representing about 3.5 percent of all enterprise compute, Chen said, predicting that in five years the number of container instances running will grow by 100 percent.
“We are still in the early-adopter stage, maybe moving into the early mainstream.”
Making Kubernetes Easier for the Enterprise
HPE has created reference designs for specific container use cases on a variety of its hardware: for machine learning and data analytics on HPE Apollo servers, for analytics and IoT at the edge on HPE Edgeline, and for DevOps on HPE Synergy.
Its consulting arm, Pointnext Services, will provide design, implementation, training, and support for Container Platform users.
Later this year, the company plans to make Container Platform available as a Greenlake service.
Handling Noisy Neighbors on Bare Metal
Both performance and security were major design goals behind Container Platform on bare metal, the company said.
To solve the common “noisy-neighbor” problem (where containers sharing a VM or a bare-metal host interfere with each other’s performance) HPE’s platform has quality-of-service functionality via Linux cgroup scheduling.
“Cgroups are software technology that Linux uses to control the resources that are given to an individual container,” Phelan explained. “So, by controlling that, the HPE Container Platform can control the impact of one application in one container from adversely impacting the performance of an application running on a different container.”
In virtualized environments, users typically solve this problem by running containers on individual VMs, he said. “Customers feel they need to run containers on VMware and other hypervisors to get the noisy-neighbor issue under control and for the extra security envelope.”
But virtualization platforms like VMware’s vSphere also abstract management of the low-level infrastructure in a way that many have found useful in the context of a Kubernetes deployment. Google for instance – the company that created Kubernetes – made vSphere a requirement for on-premises deployments of its Anthos hybrid-cloud platform for Kubernetes.
Whether running containers on bare metal offers better performance than running them in VMs is also controversial. In fact VMware has shown that the opposite is possible: greater container performance on VMs than on bare metal.
HPE’s approach to security on bare metal focuses on enforcing best practices, which is to run applications with the minimum number of privileges required, Phelan said. “We don’t give everyone all the permissions. We use a minimum number of privileges in order to run applications successfully.”
In future versions of the platform, the company plans to further improve security for containers on bare metal by integrating the silicon root-of-trust solution built into HPE servers today. The company installs special chips with security code built in. When the servers boot up, it ensures the hardware and firmware have not been tampered with after they left the factory, Phelan explained.
The company will extend the root-of-trust concept up to the software layer, including the Linux operating system, the Docker container runtime, and the container itself, so it can check the entire software stack and make sure it’s not corrupted or tampered with, he said.
HPE also plans to partner with security software providers to monitor containers and take remedial action if abnormal behavior is spotted.
“We believe this roadmap of functionality that we are taking with HPE Container Platform can provide better levels of noisy-neighbor avoidance and prevention of malicious software attacks within the containers,” Phelan said.