Published in Network

Intel wants data containers alone again

by on21 May 2015


Chipzilla is coming with a new method for container security to let CPUs share their resources among virtual machines while also walling off VMs from one another.

Dubbed "Clear containers" the tech relies on the VT-x extensions within the chip.

The downside is that it does not work well with Linux containers as underlying kernel still can be attacked from within the container and all containers on the same host can be compromised.

Intel thinks that by improving isolation by delivering "one container per VM wrapped with a specially-optimized copy of the Linux OS it can make the containers secure.

You need Intel's Clear Linux and VT-x and you are sorted.

This idea is opposite to the idea of things like CoreOS because it involves using at OS for each container. One of the reasons people liked the idea of containerisation was that you could run isolated apps on one OS and reduce the numbers of virtual machines.

Intel says its way works because Clear Linux is very efficient and can spawn a Clear Linux VM and a container inside it in the same time required to spawn a container alone on other stacks.

Last modified on 21 May 2015
Rate this item
(4 votes)