Same difference?

Containers for Servers vs. Containers for Clients

John Whaley
Containers image via Shutterstock

Ever wondered what the difference is between server-side and client-side containers? John Whiley, CTO of Moka5, explains their core functions and why you need both.

The idea of software-defined containers on the server has gained significant ground recently with industry leaders such as Docker, Amazon, and Google expounding on their utility for application development and deployment. At the same time, End User Computing (EUC) vendors have been popularizing the use of client-side containers as a way to containerize enterprise data on desktops, laptops, smartphones, and tablets. With both server- and client-side communities using the term “container”, it can get a little confusing to differentiate between the two.

Server-side containers (e.g. Docker)

Server-side containers enable you to package an application and all its dependencies without requiring the use of virtual machine technology or separate instances of a guest OS for each application. While still abstracted from the underlying OS (server-side containers are currently based on Linux), the container utilizes core OS services including resource isolation to abstract the application’s view of the host OS and of other containerized applications.

DevOps benefits greatly from this approach, as it enables portability of an application from one environment to another (dev to qa to production) without having to worry about application dependencies or potential misconfigurations between environments.

Additionally, server-side containers have the potential to significantly reduce data center management cost and administrative overhead as IT organizations no longer need to provision and manage a separate virtual machine and OS for each contained application. Instead, applications deployed within containers can share a single OS instance, which means increased server density, lower OS licensing costs, and decreased management overhead (fewer OS instances to patch).

Client-side containers

Client-side containers serve a different (and complementary) purpose to server-side containers. Client-side containers enable enterprises to separate enterprise data from personal data on desktops, laptops, smartphones and tablets. By containerizing just the corporate data, client-side containers enable users to access enterprise resources from any device and platform, whether they be managed or unmanaged, while enabling IT to apply security controls to only the enterprise data (as opposed to the entire device).

This enables a nice compromise between IT and end-users – users gain choice and privacy over personal data, while IT gains security policy control without having to impose full device management restrictions. Additionally, there can be significant cost benefits of moving to a containerized client model – not limited to only BYO endpoint savings, but also extending to endpoint support, management, and productivity savings.

Why enterprises need both kinds of containers

Let’s use an enterprise web application as an example to highlight how server- and client-side containers are needed to manage and secure the full app lifecycle.

The server-side component of the enterprise web application can be developed and deployed using a Docker-style container. As mentioned earlier, this can significantly reduce data center management cost and administrative overhead as IT organizations no longer need to provision and manage a separate virtual machine and OS for each contained application.

For the client-side portion of the enterprise web app, IT needs to enable secure access to this behind-the-firewall app on a highly diverse set of platforms and devices, many of which are unmanaged. This is where a client-side container comes in. A client-side container delivers a secure, container-level connection back to the enterprise so that the user can access the app even while connecting over public networks. Additionally, the enterprise can apply data leakage controls to the container such that the container is encrypted and all data remains within it (no copy/paste into another app, for example).

SEE ALSO: What you missed at the Dockercon 2014 in Amsterdam

By employing both server- and client-side containers, you combine application development and deployment efficiencies with significant improvements in end user computing management and security. So, as you begin thinking about containers for your IT infrastructure, don’t limit your thinking to only client-side or server-side as they complement each other quite nicely.

John Whaley
John Whaley is responsible for the technical vision of Moka5. He holds a doctorate in computer science from Stanford University, where he made key contributions to the fields of program analysis, compilers, and virtual machines. He is the winner of numerous awards including the Arthur L. Samuel Thesis Award for Best Thesis at Stanford, and has worked at IBM’s T.J. Watson Research Center and Tokyo Research Lab.

Inline Feedbacks
View all comments