As CSPs turn to containers to help roll out 5G services and pursue new use cases, engineers and architects at CSPs are trying to gauge the benefits of running containers on virtual machines or bare metal.
A container wraps a network function in a consistent, portable package that can be independently distributed and modified with little effort and few dependencies. Containers then run on a host operating system and share its kernel. The host operating system resides on either a virtual machine or a physical server.
If you’re part of 5G effort at a CSP, you’re probably considering the merits of running containers on virtual machines or bare metal. Containerized network functions (CNFs) help CSPs streamline the development and deployment of 5G services and functions so you can gain flexibility, speed, and agility to address 5G use cases while maintaining or exceeding your existing levels of security, performance, and reliability.
Embodied in the term cloud-native technologies, this containerization trend is advanced by using a microservices architecture and a container orchestration system—typically Kubernetes. Containers, in general, can ease the path to being able to independently deploy, modify, and maintain network functions. Kubernetes comes into the picture to automate the deployment and management of containerized functions and services at scale.
When it comes to containers, some people tend to cast the choice between virtual machines and bare metal as a binary one, but that’s not the case. Containers are a form of operating system virtualization; virtual machines are, of course, hardware virtualization, which was originally developed to eliminate the many pain points of working with physical hardware and to reduce costs.
As such, VMs solve infrastructure-related problems by better utilizing servers, improving infrastructure management, streamlining IT operations, and isolating resources for security. These are some of the reasons why the major public cloud providers use hypervisors and VMs to run containers. Containers solve application-related problems by, among other things, streamlining DevOps, fostering a microservices architecture, improving portability, and further improving resource utilization.
Containers complement the many benefits of hardware virtualization, and security is a case in point. Because containers alone are inadequate security boundaries, the strong isolation provided by VMs improves security for containerized functions and services, and the mature, proven ecosystem of virtualization technology enables you to build security into the infrastructure with such measures as micro-segmentation.
This passage from the NIST Application Container Security Guide (NIST Special Publication 800-190) sums up this synergy nicely:
“Although containers are sometimes thought of as the next phase of virtualization, surpassing hardware virtualization, the reality for most organizations is less about revolution than evolution. Containers and hardware virtualization not only can, but very frequently do, coexist well and actually enhance each other’s capabilities. VMs provide many benefits, such as strong isolation, OS automation, and a wide and deep ecosystem of solutions. Organizations do not need to make a choice between containers and VMs. Instead, organizations can continue to use VMs to deploy, partition, and manage their hardware, while using containers to package their apps and utilize each VM more efficiently.”
Because of this synergistic problem-solving relationship, running containers on virtual machines helps CSPs speed up the transition from 4G to 5G and ease the management of CNFs and 5G services. At the center of this combination is VMware Telco Cloud Platform, which uses a telco-grade Kubernetes distribution to orchestrate containers on virtual machines in a telco cloud.
Visit telco.vmware.com for more information on VMware’s Telco Cloud.