Intel has become the latest vendor to throw its weight behind the push to solve the security woes of containers with the launch of a new technology that promises to address the risks currently standing in the way of widespread production use from the hardware level up. It’s the latest fruit of the internal Clear Linux Project.

The initiative represents the chip giant’s entry into the race to produce a lightweight operating system capable of meeting the ever-increasing efficiency requirements of multi-tenant cloud workloads, a cause that has also drawn the attention of other Linux distributors in addition to Microsoft. Clear Containers, as the new addition is aptly called, extends the effort to the realm of access controls.

Rather than running workloads directly on the operating system, t​he technology deploys every instance in a dedicated virtual machine that provides an additional layer of separation between the containerized application and the core kernel functions that manage the underlying server. That resolves one of the main security concerns standing in the way of the trend.

But fulfilling the workload isolation demands of the traditional enterprise isn’t quite as simple as that. Intel is not the first nor the second vendor to have gotten the idea of running containers under a hypervisor, with VMware claiming the credit for first introducing the concept all the way back last year and Joyent Inc. launching its own spin on the approach shortly thereafter. There’s a reason why there’s still a challenge for the chip maker to address.

The added overhead that comes with deploying containerized applications in virtual machines undermines the efficiency and portability that justify using the technology in the first place, which effectively replaces one problem for another. Intel says that its Clear Containers ease that trade-off somewhat with a low memory footprint that allows for more instances per server and reduces instantiation times to milliseconds in the process, bringing it much more up to bar with bare-metal installations.

The main highlight separating its approach from the pack, though, lies a few layers down the stack in the extra instruction set that Intel adds to its server processors to support virtual workloads. Clear Containers take advantage of that firmware to provide another layer of security around the Linux kernel and squeeze more computational capacity out of the silicon.

Since Intel is interested in fostering new container use cases that will drive CIOs to purchase more of its chips rather than competing with key partners such as VMware, chances are that the technology, which is available under an open-source license, will arrive to other solutions sometime in the future. That’s good news for the containerization movement all around
Photo Credit: Jeremy Brooks via Compfight cc