This week on the HIPAA Vault Podcast, we explore the benefits of application containerization. We discuss the basics of containerization, popular tools like Docker and Kubernetes, best practices, and a real-world example of a company that benefited from containerization.

Want to learn more? Check out our blog post on Containerization in Healthcare!

Transcript:


Adam
Hello, and welcome to The HIPAA Vault Show, where we discuss all things HIPAA compliance and the cloud. My name is Adam Zeineddine, and I’m joined today by CTO and founder of HIPAA Vault, Gil Vidals. Hi, Gil. 


Gil
Hey, Adam. Looking forward to this podcast? 


Adam
Absolutely. So last week we talked a little bit about website tracking and analytics, and this week we’re going to talk about containerization. We’re going to go through what containerization is, some of the tools and platforms that are used for containerization, maybe make some comments about the security surrounding containerization and provide some real world examples of projects that have benefited from containerization. So set containerization there four or five times already. Gil, maybe to get us started, could you give us an idea of what containerization is, what containers are, other than just being big metal boxes that get loaded with goods and stuffed on a big ship? 


Gil
Yeah. This technology world is hard to keep up with, even for us. In it. There’s so much technology coming out, it seems it’s increasing at a faster rate. So for our audience that isn’t technical, I’m sure at some point it kind of goes over their head. So I like to explain it to our audience in this way. So when you go back 20 years ago and you talked about applications on a computer, we literally were talking about a computer that was located in a data center. So there’s we call them pizza boxes. At that time. They’re slender computers. You slide them into a rack, but they were a real computer. Okay, so that was 2030 years ago. Then the invention came along of virtualizing the server itself. 


Gil
So instead of having one application for every pizza box computer on a rack, you could take one beefier computer and then split that up into say, like 30 or 40 or 50 applications. So they all took a little piece of the action, a little bit of CPU and Ram. And that virtualization meant that you had a virtual machine. So that was the next level above physical. Then you had virtual machines, and then containers came along. So what containers did is they took the virtual machine. And the virtual machine was really a mirror of the physical machine one to one property. So if the physical machine had a USB port, the virtual machine has a USB port. If you have a directory for an application, you’d have the same thing in the other one. So it’s very much one to one. 


Gil
So the virtual machine, other than the fact that it was virtual, was kind of a heavy object because it had everything the physical one had. So a container stripped off all the unnecessary things that weren’t needed to support a specific application. They stripped it all down. So it’s still like a virtual machine, but it’s very light. Very light. Takes a lot less resources. The other idea behind a container is that it’s more portable. You can easily port it to different environments. And it’s scalable, meaning that you could launch many of these containers if you needed to scale your application. So it was just a natural evolution from hardware to virtual machine to container. And the containers are used in environments like Kubernetes and Docker, swarm and different environments. But it really is the next iteration that we’re currently seeing today. 


Adam
That’s actually the best explanation I’ve heard of it. And I’ve been researching this for a couple of weeks. So thanks for that. You mentioned Kubernetes and Docker there. The next thing that we’re going touch on is the tools that are used for containerization. So could you maybe touch a little bit on Docker and then Kubernetes and how popular they are and what they’re used for when it comes to containerization? 


Gil
Sure. So the containers are standalone. So you have a container. And let’s think of a specific example. Let’s say you want a container that’s running WordPress. So it’s a very streamlined, very thin container. All it knows how to do is run WordPress, which is a web service. So that’s good for that container. It serves its purpose. It’s a light object. But then let’s say you want to manage say you’re a company that wants to manage not just one of these containers, but 1000 of them or even 10,000. So at some point that becomes complicated because how are you going to manage all these? So there is an invention called Kubernetes which did exactly that. It’s a way to manage a cluster of containers. And at a high level, that means you can destroy a container. You can create a new one. 


Gil
You could launch 20 of them. You could put them to sleep and suspend them. You could migrate them from one zone from the East Coast to the West Coast. So Kubernetes, just think about that as cluster management, managing big groups of these containers. Now, for our specific audience, you might say, well, that’s not very interesting. If you’re a medical practitioner or you’re a small hospital, you may not need all of this clustering. So clustering, when would you need that? Well, you could need it for a couple of reasons. One is, if you have very sensitive information, has to be up all the time, you may want to split your resources. So you have some of your containers on the East Coast, some on the west. 


Gil
So something happens, there’s a flood or big problem, you can say, well, those containers went bye, but these are still good and everything still operates. So it’s good for business continuity. They call it BCDR business Continuity and Disaster recovery. So that’s one way to think about. The other way to think about is if you had an application, let’s say you’re a healthcare app developer and you’ve developed an app that’s really going crazy. It’s becoming so popular. So at first, just having a couple of containers is good. But now you’re getting traffic. Even on a Saturday night, you’re getting traffic. So you would want to have these containers that can be created automatically. It’s called auto scaling. 


Gil
So that you can have this cluster management launch an extra ten or 20, and then at night, when the traffic slows down, it will destroy some of these containers to save money so that you’re not paying for all these resources that you don’t need in the evening. So that’s the other way. So containers can be used that way. And then Docker has a management system, and that’s the container system. The container engine is called Docker, and you can use that more on a Simplistic, where you only have maybe a few containers. I think those are the environments there’s. 


Adam
Something to do with like a Docker file, right? That’s a script that allows you to load that container with whatever good stuff, application wise. 


Gil
Yeah. And these containers, by the way, in the end they sound very fancy, but in the end, it’s a file. I mean, literally, it’s a file. It’s a file that you could take and copy around and stuff. Now, once the file is put in the right environment, it becomes alive and it can do a lot of good work for you. 


Adam
Would it be right to say a container is like a running process? Like a process that’s actually running as opposed to just an image? 


Gil
Yeah, it’s a running process that consumes a portion of the underlying machine CPU and Ram. You allocate a certain amount of Ram CPU, disk space, and then within that apportionment, you’re able to run your services. There your application, whether it could be a database service, could be a Web service. I think the other thing that they’re worthwhile mentioning, Adam, is that containers are specialty items. So in the world of computers that I mentioned, those two phases, we used to have computers and then virtual machines. Those are very generalized systems. You could put anything on a computer, right? You could put a database web server. Containers aren’t like that. They’re usually specialized. 


Gil
You say, I want this container to only serve WordPress, or I want this container to only run this database called MySQL or Maria, and I want this container to only be a firewall. I don’t want it to anything else. So they’re like specialty systems, and that’s part of why they’re lightweight, because you strip off all the other junk you don’t need that consumes resources. So by the nature of them being specialty and focused, they become more narrow, more skinny, and more lean. 


Adam
Okay. And on the list of benefits I’ve got here, one of them is that containers are backwards compatible, often. What does that mean exactly, when it comes to containers? 


Gil
Well, I think when we talk about compatibility, containers are very flexible. They can run on many different platforms. So they can run on, say, a Google platform. You can take it and transfer it to Amazon and they’ll run on Amazon. Or you could take them and run them on Microsoft Azure. You could run them on your desktop computer, you could run them on your laptop if you have the right docker. So that’s what we mean by being cross platform compatible. And I think that’s really what you’re talking about. Backwards compatibility is a different thing to do with compatibility means that you’re trying to run the same container on maybe an older platform. 


Adam
Now, that may be the case, but it might not necessarily be great for the security aspects of running your application. So that leads me on a little bit to talk about the benefits when it comes to security. I’ve got here noted that containers allow for greater isolation, which can be a benefit for security control invisibility and then portability, which you already mentioned. So maybe you could flesh out a little bit more on the ability to isolate and then the control that you get when using containers. 


Gil
Yeah, there is a security benefit in the container. So one of those is that you can take a container and you set the permissions so that it can only be accessed by certain processes and certain individuals. The other advantage the container has is containers are static. What do I mean by static? Well, the container is running, but you could destroy the container and recreate the container and it’ll show up again running the way it was before. So if there’s an attack or an attacker that did some damage, they came in and somehow they got into the container. Let’s say worst case scenario, well, you could simply destroy the container and then recreate it. So that has certain advantages to being able to do that. Of course, the best scenario is not to allow anyone into the container. 


Gil
The container can also be you can have these hashes where you can say this is what the container looks like when we know nobody’s gotten into it. It’s a new container, it’s running well, you can take these hashes and then calculate later if somebody does change something that you’re not aware of, like somebody did something, you could be notified and the container can automatically redeploy and get rid of that change and go back to its previous state in which everything was operating well. So you can go back and recreate containers very easily, which you can’t do with obviously physical hardware. You can’t do that. And even with virtual machines that’s not so easy to do. So containers have that advantage of being able to die and revive very quickly. 


Adam
Okay, I think a question that comes up a lot, certainly when application owners or developers are looking into this is virtualization or containerization and what applications containerization would play better role in versus virtualization. I know at this section were going to come on to a real world example of containerization. So maybe a use case would help clarify that for our listeners and viewers. So without mentioning any names, could you run us through a little bit? Maybe one of our customers that came to us with a problem and was able to solve it with containerization? 


Gil
Yeah, let’s go through an example. That’s a good way to think about that. I did want to mention one thing that came up or that I didn’t mention when you talked about security when it comes to containers. Is that because the containers are a stripped down focus application, what’s called the attack surface is smaller. So you don’t have all this unnecessary baggage that the bad guys could take advantage of and hack into a system. If you eliminate lots of the complexity of a system, then there’s a lot less area for them to try to penetrate an attack. So one example that we have is we have a customer that has a medical application that has sensitive data and things were going well for them. They had their customers, their end users using their application and they grew over time. 


Gil
And they got to the point where they needed to add more resources the old style way. We had more Ram and more CPU and it grows. But then they got to a point where they said, look, this is working okay? But they had a project that would require growth of 100 x. So not ten times, but 100 times more traffic. And we discussed it as a team and we came to the realization that just throwing more and more Ram and CPU of course, is not going to solve everything. You have to break this project into smaller pieces. So essentially what that means is we asked the development team to containerize their application. 


Gil
And so now, instead of having a single virtual machine or a couple of beefy virtual machines, now we have these containers that are lightweight that run their application, and then we can put those into a cluster of containers and we can auto scale them. So when the traffic starts to go way up in the morning, these containers are launched and it’s able to handle the traffic. When the traffic slows down at lunchtime, the containers are destroyed. And then when it builds up after lunch, the containers build, and then at night they go down. And so it’s a very flexible system. On top of that, they wanted something called CI CD, continuous integration, continuous development, which is a whole nother topic, but containers are very good for that environment, for doing CI CD as well. 


Adam
But in the end, you mentioned development team there. So that automatically in my brain, I’m thinking, well, that’s a team. So that’s a lot of people, a lot of moving parts that are constantly updating and improving the application. 


Gil
That’s right. So that was a good story, right? How they took their application, that was one or two systems and then containerized it. And I think that is something that we’re going to see more and more of as we move forward because the development teams are getting more and more comfortable with containers and they are seeing the benefits of using them. 


Adam
And then finally, if we go back slightly to the original part of the beginning of the episode where we said, other than being a container that goes on a ship, if we do imagine the container that goes on. A ship in the containerization became a thing in shipping, and it saved a heck of a lot of time in terms of loading, getting the goods onto the ship. And getting the goods off the ship. I think it used to take on average, to load one of the equivalents of one of those big containers. It used to take eight days to get the goods on the ship and eight days to get it off versus obviously just a crane loading the container on and off, which is what happens now. So are there kind of equivalents ten x’s, 100 x’s improvements in efficiency with containers? 


Adam
In an application sense, yes. 


Gil
I don’t know the efficiency or how many times better it is now, but it’s noticeably better. There’s a term in the technical world called orchestration engineering, and that’s what the orchestration engineer does. You picture an orchestra playing the director of an orchestra, and so the orchestration, what it does is it’s the architecture of having these containers and being able to design the architecture. So certain containers that have certain functionality are going to come alive and scale up at certain times and they have to integrate and work together. So orchestration is something that containers are good at because again, they’re so lightweight, they’re much more scalable. So I don’t know the efficiency change, but it’s noticeably improved. 


Adam
Fantastic. I’d like to invite the listeners and viewers to let us know if they have experienced containerizing, their application or if they’re considering it, what are some of the things that they’re contemplating in the considerations. Please let us know in the comments or reach out to us at podcast@hippovalt.com and we’ll be happy to answer any questions you might have. Gil, was there anything else you wanted. 


Gil
To you know, our podcast is devoted to things that are related to HIPAA and technology. So I do want to say that in the environments where you’re running containers, which are typically AWS or Microsoft Azure, Google Cloud, that there are different ways of configuring the security around the containers. So if you want to go down that route and you have the expertise and you have to be conscientious about enabling the different features within the environment you’re in to make sure that your environment will be HIPAA compliant. So it’s a long way around of saying just because you’re in a big company’s cloud doesn’t automagically mean that it’s HIPAA compliant. You have to have a compliance manager that can run scans, you have to know which configuration settings to enable and get everything running so that it is HIPAA compliant. 


Gil
We help customers do that as well. So if you find yourself in that kind of situation, you can always reach out to us. 


Adam
Absolutely. And you can check us out at hipaavault.com. There’s a bunch of really interesting blogs, articles, and information sources there, so please do that. So that’s it for this episode. If you have any questions, let us know. You can reach out to us by email at podcast@hipaavault.com or on Twitter at @hipaahosting. Make sure to also subscribe and leave us a review. If you enjoyed this episode, thanks for stopping by.