CMS architecture: What the heck is . . . containerization?

Ask a non-technical professional what the most challenging part of their job is and you’ll often hear, “Understanding what the heck our developers are talking about.” The “What the heck is . . .?” series explains common development terms in simple language. Today we’re letting you know what the heck your developers are talking about when they talk about a “container.”

Understanding containerization: Keeping computer processes separated

When developers talk about containers, they are talking about a method for keeping computer processes from communicating with each other. Just like the term implies, containers keep computer processes boxed up.

Normally, an operating system runs every program in a separate "process." Each process is a collection of code plus the memory space for its data. An operating system can handle hundreds or thousands of processes at the same time, quickly switching back and forth between them.

In addition to being able to communicate with the operating system, processes can communicate with other processes. But sometimes, you don't want them to. Any time a process can interact with another process, it has the potential to cause problems. Processes might communicate infected information to each other leading to security issues. They might also wrestle with each other over operating resources, like memory. So when you’re running several processes at the same time, you often want to keep them isolated from each other. That's where containers come in.

Containers work by using "namespaces" to lie to a process about its environment. There are different types of namespaces, each with its own brand of fibbing. For example, the process namespace groups processes into clusters and lies to those processes to say that no other processes exist. The mount namespace gives each group of processes a different, independent file system so they cannot reach each other's files. And so on.

“Contained” by this false information, processes run as if they are essentially on their own private computer. Multiple processes can now run safely at the same time without being a security risk to each other and competing for limited resources.

What are the benefits of containerization?

The isolating features of a container provide important benefits:

• Many applications can share one computer's resources without introducing security risks or resource bottlenecks.
• There is almost no overhead for running a process in a container vs not.
• A container's available resources can be scaled up or down dynamically without hardware changes.
• Programs can be moved from a container on one computer to a container on another.

Better container management with Platform.sh

Because containers are so flexible, controlling and configuring them can be overwhelming for users. (The market is exploding with tools that manage tools that manage tools that manage containers.)

Platform.sh uses a specially built container system that provides you with all the benefits of containers without any of the hassles. For instance, we automatically install every bug and security update, but give you complete control over installing feature upgrades. We also offer a wide variety of shrink-wrapped services that you can enable on a project with nearly no configuration required.

The process isolation offered by containers keeps your applications running securely and smoothly. The no-hassle Platform.sh container system will free you to run your enterprise the same way.

(For a more in-depth explanation of containers, please read “The container is a lie!”)