Resource Isolation using Dockers | HCL Whitepaper

DOWNLOAD THE WHITEPAPER

Any embedded product is designed with several software modules working together to meet a specific functionality. These software modules share the system resources mainly CPU, memory, Input/Output and network usage. In order to ensure high availability of the product, one of the necessary thing is to restrain all the software modules from excessive use of the system resources, which might slow down the system or in some cases, the complete system functionality might go down. Issues due to excessive usage of resources are more common in component based architectures and service oriented architectures. The need to track system resources in terms of CPU usage, memory usage, Input/Output usage, network usage and limiting them is essential to ensure high availability. Denial of service(DoS) is also one of the main attacks which disrupts the functionality of the system which in turn affects the system availability.

Docker is a containerization framework, which offers an easier solution that appropriately monitors and limits the system resource usage by various software modules. There is a dearth of artifacts available in public domain that explains about usage of Docker, its kernel features and data flow between containers from a host point of view. Even those available few information are vague and disorganized.

This paper aims to structure that information and explains them with examples. At the end of this paper, a case study is presented about the usage of Docker in a service oriented architecture to achieve resource isolation and to enhance security in the data flow between containers.