Best Practices for Container Security on AWS
Containers have changed how we deploy software. Learn how to better protect your containerized applications from external threats.
The constant search for ways to improve efficiency and productivity drives continual change in the cloud landscape. Over the last decade, businesses moved away from setting up their own on-premise data centers in favor of cloud infrastructure. Now, the world of cloud computing is undergoing its own transformation with the burgeoning Internet of Things (IoT).
IoT is defined as a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. With IoT, small devices, from wearables to point-of-sale systems to beacons, have their own processing power, and create more and more data.
It’s often not efficient to send all of this data to the cloud for processing: that process, no matter how quick, can increase the latency of response at the device’s location. Not only that, it’s reliant on network availability and can pose challenges of security, data protection, and privacy.
This is why many businesses that have dispersed IoT operations at restaurants, retail outlets, etc, have begun allocating processing activities back to local, on-site systems. But they’re not building local data centers again. Rather, they’re leveraging the abilities of the IoT devices on-premises already — such as the restaurant’s cash registers, the store’s point-of-sale systems, and so on.
By adopting this “computing on the edge” approach, many types of businesses are better able to implement rapid innovation and ensure high availability for applications. Let’s take a closer look at how this works.
Pushing compute to the fringe devices on a network is generally called “edge computing” or “computing at the edge,” basically another term for distributed rather than centralized compute. The IoT is most effective when the compute takes place on site for the immediate needs of that location, but the cloud can be used to aggregate data from multiple locations for a larger enterprise. For example:
Some see the combination of IoT and edge computing as the next paradigm shift in networked systems. A report from Chetan Sharma Consulting titled Edge Internet Economy: The Multi-Trillion Dollar Ecosystem Opportunity predicts that “computing and communications will move from the core network and a centralized cloud architecture to the edge….The reasons are manifold but the basic premise is that in order to serve the data, computing, and communications demand of objects, sensors, and people, resources, compute, and intelligence have to move to the edge to not only do it in the most cost-effective way but also to enable new use cases that just can’t be supported by the traditional cloud architecture.”
This coming combination of edge computing and the Internet of Things relies on the ability to process some data on the small, lightweight hardware available on site (sensors, beacons, and cash registers, for example). That implementation is best done through containerization, the deployment of applications as small packages of code that contain all the necessary components to run—configuration files, libraries, dependencies, and so on. That way, they can share a lightweight OS and yet run independently, making them suitable for deployment to distributed locations. Containerization also means the application packages are not dependent on the hardware, since everything they need is all packaged together.
The open-source Kubernetes platform is a sort of master tool for managing containerized systems—deploying them across different machines, load balancing, and so on. With Kubernetes, a cluster of host machines can be managed by a “master” machine that coordinates among them.
Amazon Web Services provides an infrastructure for running the master machine in the form of Amazon Elastic Container Service for Kubernetes (EKS). All the applications managed through EKS are compatible with any standard Kubernetes environment, and it can leverage all the benefits of open source contributions. Within the framework, each Kubernetes cluster stands on its own but also communicates with an EKS cluster behind a load balancer in the cloud. The EKS clusters in the cloud can take the data from all of the local Kubernetes clusters, aggregate and process it, and store it in an Amazon Relational Database Service database for later retrieval and analysis.
Mission, an AWS Managed Service Provider and Premier Consulting Partner, has extensive experience helping customers transform their operations through the use of containerization, and container orchestration systems such as EKS. Visit our containers consulting page to learn more.
Deliver better service to customers, and keep pace in a competitive landscape.