By Florian Froschermeier, Product Manager, Insys
Linux containers (LXC) are an operating system (OS) level virtualisation method that allows for multiple isolated Linux systems to run on a control host’s single Linux kernel, meaning that programs isolated in individual user spaces can operate at the OS level. These containers are self-contained and lightweight, holding very few components, making them a powerful tool for adding applications to a system without worrying about dependency errors.
The Linux kernel provides the cgroups functionality that allows limitation and prioritisation of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and also namespace isolation functionality that allows complete isolation of an application’s view of the operating environment, including process trees, networking, user IDs and mounted file systems.
LXC combines the kernel’s cgroups and support for isolated namespaces to provide an isolated environment for applications.
But what exactly are containers? The short answer is that containers decouple software applications from the operating system, giving users a clean and minimal Linux environment whilst running everything else in one or more isolated “containers”. The purpose of a container is to launch a limited set of applications or services (often referred to as microservices) and have them run within a self-contained sandboxed environment. This isolation prevents processes running within a given container from monitoring or affecting processes running in another container. Also, these ring-fenced services do not influence or disturb the host machine. The idea is that there’s consolidation of many services scattered across multiple physical servers into one is one of the many reasons data centres have chosen to adopt the technology.
Developers can use containers to package an application with the libraries, dependencies and other files it needs to run, without the host needing to install extra libraries. In this way, containers can be installed and work on any Linux system that supports container functionality regardless of configuration.
Containers provide a way of bypassing issues, since their self-contained nature allows them to be ported to different container-supported environments, regardless of configuration, because the container will contain libraries that will configure it to the local environment. This allows developers to continue working, anyplace, anytime.
Similar to a virtual machine
Linux containers work similarly to a virtual machine. A computer runs a virtual process that replicates the functions of a computer inside itself or, more specifically, in a way that is abstracted from the actual hardware. Virtualisation is a useful tool because it can allow developers to run applications meant for a different operating system without having to switch computers, for example.
Another key use for virtualisation, and subsequently Linux containers, is the segmentation of large computing systems into smaller parts. Splitting applications into specialised parts means that each can be fine-tuned, and processing power can be better distributed toward each resource depending on what’s needed. Segmentation also allows for isolation, meaning that each virtual environment runs independently from one another resulting in problems being isolated and security increased.
LXCs are also similar to virtual machines in structure, however, unlike virtual machines that replicate an entire computer in a virtual environment, LXCs only virtualise a single process. As a result, an LXC is typically only programmed to carry out a single program — however, because they have to virtualise less, this means they can be lighter.
LXCs also don’t need a hypervisor — a system that virtualises hardware — to run but instead can run natively on the operating system. LXCs present a less resource-intensive method of adding extra functionality to a system that can be easily ported and swapped in and out depending on requirements.
How can containers be used?
Linux containers are flexible, making their uses wide-ranging. Containers can be implemented in a system, or an application can be created from a group of containers working together. In this way, containers can aid existing tools or become the new tool, all while having the option to be easily upgraded and fine-tuned to cater to specific user needs.
For example, Magnetic Resonance Imaging (MRI) machines have used containers to increase the speed at which scans are read, whilst aircraft production lines have implemented container-based applications to allow for remote access to industrial data that has improved production agility. Financial institutions are also using LXCs to carry out batch jobs on excess data capacity in data banks — all demonstrating that there is little limit to where containers can be of use and bring value.
In the industrial sector LXCs can be used by, for instance, a provider of mobile heating systems for construction site drying. If the provider wants to engage in a pay per use model it will need a method of tracking usage and providing proof of service. An LXC could be programmed to extract operation data from the system PLC and filter relevant information that can be sent to clients as proof of service.
Connectivity is clearly a key factor that is becoming vital across a variety of sectors and is being aided by the use of container technology. Manufacturers are constantly implementing new applications that have different protocols and control requirements, and information that cannot be interpreted and properly directed can be problematic because it can lead to sensitive data being sent to the wrong stakeholder or control parameters not being met.
To this extent a new range of connecting devices are reaching the market to ensure that manufacturers can implement new technologies without the fear of not being able to properly integrate them. Universal converters, in the form of Internet of Things (IoT) smart gateways, can communicate on 2G/3G/4G, Wi-Fi and cellular signals. Fundamentally they use container technologies to aid in the interpretation of new protocols and add new functionality.
IoT smart gateways
IoT smart gateways can use containers to ensure that they are constantly up to date and secure. At Insys, a key feature for its industrial routers and gateways is a stripped back and hardened Linux-based OS that comes pre-installed with its own virtualisation environment called the icom Smartbox, enabling the use of LXCs.
Plant managers, for example, can use the virtualisation environment to enable LXCs and develop their own application, or choose from an array of off-the-shelf applications. In manufacturing environments, these containers have been used to connect legacy machinery, including legacy software designed to run on Raspberry Pi’s. Other uses have seen LXCs used to enhance system security with deep packet analysis for intrusion detection.
One key application that manufacturers are implementing is using LXCs on gateways to install protocols that split information and ensure that different stakeholders only receive the information that is necessary for their remit. This streamlines industrial communications because the stakeholders don’t have to sift through data to find what they need. LXCs allow gateways to send Supervisory Control and Data Acquisition (SCADA) industrial data in the form of .CSV files, a format that can be processed by almost all existing applications.
Some customers have already used gateways and containers to add edge computing to their network, as well as reap the benefits from data analysis and reporting functions. For example, if a gateway with a monitoring LXC identifies an issue in an application, the container can signal the gateway to send a message via email or SMS immediately to maintenance teams.
Additional container benefits
Another benefit of containers is that they increase the security of the system in which they are installed. As containers are isolated from the system and each other, if one is compromised by a malicious attack, the system as a whole can maintain its integrity. In the current climate of increased cyber-attacks on industrial facilities, the isolation capabilities of containers are becoming increasingly desirable.
Containers also greatly increase the value that end-users can extract from industrial hardware. In some cases, the LXCs can completely redefine the function of a piece of hardware, giving it a new lease of life for use on the network. This reduces the cost to the user because old hardware doesn’t need to be replaced, it can simply be repurposed.
All these benefits are leading to the continuous use of containers in application development. In fact, many applications in day-to-day activities use container technology due to the rapid speed at which they can be updated.
Ensuring that manufacturers are able to use this technology to drive innovation is key to them to remain agile in the current industrial landscape.
Containers such as LXCs are proving to be an incredibly strong and versatile tool for developers and end-users in a variety of industries and sectors. They have the potential to redefine functions, extend the life of hardware and give old pieces of technology new functions. Their use is a gateway to continuous development.