When it comes to the IoT, containerized software has the capacity to provide easier development and better security.
At the recent DockerCon in Austin, Texas, Docker announced two new projects that should help bring more security and interchangeability to IoT deployments via containerized software. The two projects—the Moby Project and LinuxKit—are each directed at closing a gap in the current container ecosystem.
Containers, and containerized software, are currently changing the way that IT is deployed on essentially all platforms, whether it’s in the datacenter or in IoT. The idea behind containers is to collect all the tools and libraries necessary to run a specific piece of software, and then isolating that software from the rest of the system. Because containers are not full-on virtual machines, they’re efficient, and Docker is a leader in making containers easy to work with and share with others.
When it comes to IoT, containerized software has the capacity to provide easier development and better security. Because one can package all of the dependencies to run a piece of IoT software into a container, it’s easier to deploy them to a variety of IoT hardware devices.
The container also helps with IoT security. The software necessary to collect data from a thermometer, for example, is kept inside a container and isolated from the core operating system, and even other pieces of software for additional sensors. A security breach within the thermometer software shouldn’t affect the core OS—at least in theory. That could help mitigate the issues we’ve seen in the past when IoT devices are hijacked into nodes that contribute to illegal distributed denial-of-service (DDoS) attacks on critical internet infrastructure.
How do Moby Project and LinuxKit contribute to these ongoing issues?
Creating a stronger ecosystem with Moby Project
Moby bills itself as “an open framework to assemble specialized container systems without reinventing the wheel.” Basically, Moby provides a library of containerized components that will help run a container system, from the core OS and networking, to security and the container runtime. Users will be abl eto mix-and-match these components, and add their own, to create custom container systems for their own IoT deployments.
Some of the benefits include “secure defaults without compromising usability” and “well-tested common components.” There are already 80 components derived from Docker in the Moby Project library, and developers can easily practice “bring your own components” (BYOC) on top of that.
Solomon Hykes, the founder and CTO of Docker, said in a statement, “Docker will use Moby for its open source and will collaborate on everything from architecture to design to experimentation with bleeding edge features. Essentially anything that can be containerized can be a Moby component, providing a great opportunity for collaboration with other projects outside of Docker.”
Docker does warn that the Moby Project probably isn’t best for enterprise IT teams who need a supported container platform, but also recommends it for system engineers or integrators who want to build a container system.
‘Secure by default’ with LinuxKit
A key component of any container system is the OS itself, and that’s where LinuxKit comes in. This toolkit will help users create a custom OS that’s secure and portable, with a small footprint and built-in container support.
According to Docker, LinuxKit was developed in collaboration with HPE, Microsoft, and IBM, giving it real clout among some of the biggest IoT developers out there. It’s now open source under the guidance of the Linux Foundation.
Every process on a LinuxKit installation runs in a container, which means that developers can create an OS that contains only the services they need. That reduces both the attack surface and overall size, which is particularly relevant for IoT devices with small amounts of disk space. The LinuxKit distribution is a minimal 35MB by default, and can be reconfigured according to a developer’s particular needs. There’s even the ability to run LinuxKit with a read-only root filesystem, to prevent malware from harming the core operating system.
Because LinuxKit and Moby are both open source frameworks, anyone with an interest in containerized software can get started trying to see how this type of system could make their IoT deployments more secure and nimble than ever. With the LinuxKit partners, we’ll surely see accelerated growth of containers in enterprise-level IoT solutions, such as IBM’s Bluemix, which has been experimenting with containers and Kubernetes, an open source container orchestration platform built on top of Docker.
More than ever, it seems as though using containers to make IoT deployments more isolated and modular is the best way to truly unlock their potential. With more security and a lighter footprint, containerized IoT will become more accessible, and hopefully more impermeable to unwillingly joining the next DDoS attack.