Server-Side Containers vs. Client-Side Containers: Why you actually need both

The idea of software-defined containers on the server has gained significant ground recently with industry leaders such as Docker, Amazon, and Google expounding on their utility for application development and deployment. At the same time, End User Computing (EUC) vendors have been popularizing the use of client-side containers as a way to containerize enterprise data on desktops, laptops, smartphones, and tablets. With both server- and client-side communities using the term “container”, it can get a little confusing to differentiate between the two.

Server-side Containers (e.g., Docker)

Server-side containers enable you to package an application and all its dependencies without requiring the use of virtual machine technology or separate instances of a guest OS for each application. While still abstracted from the underlying OS (server-side containers are currently based on Linux), the container utilizes core OS services including resource isolation to abstract the application’s view of the host OS and of other containerized applications.

DevOps benefits greatly from this approach, as it enables portability of an application from one environment to another (dev to qa to production) without having to worry about application dependencies or potential misconfigurations between environments.

Additionally, server-side containers have the potential to significantly reduce data center management cost and administrative overhead as IT organizations no longer need to provision and manage a separate virtual machine and OS for each contained application. Instead, applications deployed within containers can share a single OS instance, which means increased server density, lower OS licensing costs, and decreased management overhead (fewer OS instances to patch).

Client-side Containers (e.g., Moka5)

Client-side containers serve a different (and complementary) purpose to server-side containers. Client-side containers enable enterprises to separate enterprise data from personal data on desktops, laptops, smartphones, and tablets. By containerizing just the corporate data, client-side containers enable users to access enterprise resources from any device and platform, whether they be managed or unmanaged, while enabling IT to apply security controls to only the enterprise data (as opposed to the entire device).

This enables a nice compromise between IT and end-users – users gain choice and privacy over personal data, while IT gains security policy control without having to impose full device management restrictions. Additionally, there can be significant cost benefits of moving to a containerized client model – not limited to only BYO endpoint savings, but also extending to endpoint support, management, and productivity savings.

Why an Enterprise Needs Both Types of Containers

Let’s use an enterprise web application as an example to highlight how server- and client-side containers are needed to manage and secure the full app lifecycle.

The server-side component of the enterprise web application can be developed and deployed using a Docker-style container. As mentioned earlier, this can significantly reduce data center management cost and administrative overhead as IT organizations no longer need to provision and manage a separate virtual machine and OS for each contained application.

For the client-side portion of the enterprise web app, IT needs to enable secure access to this behind-the-firewall app on a highly diverse set of platforms and devices, many of which are unmanaged. This is where a client-side container comes in. A client-side container delivers a secure, container-level connection back to the enterprise so that the user can access the app even while connecting over public networks. Additionally, the enterprise can apply data leakage controls to the container such that the container is encrypted and all data remains within it (no copy/paste into another app, for example).

By employing both server- and client-side containers, you combine application development and deployment efficiencies with significant improvements in end user computing management and security. So, as you begin thinking about containers for your IT infrastructure, don’t limit your thinking to only client-side or server-side as they complement each other quite nicely.

Moka5’s Project SkyNet is a Great Complement to Server-side Containers

At Moka5, we’ve been building client-side containers for almost a decade. In fact, our earliest patent is for a centrally managed, locally executing software container on PCs. Project SkyNet adds to our growing portfolio of client-side containers by delivering a next-generation container for the cloud- and web-driven world.

SkyNet is a native lightweight container for Windows and Mac hosts that enables secure usage of both company-hosted and 3rd-party SaaS services such as Salesforce.com, Office 365, Workday, and any such web-based enterprise service. These web-based enterprise services can be developed and deployed using a server-side container (such as Docker), and then consumed by the end-user via the centrally managed and secured SkyNet container. This ensures sensitive corporate data is contained even when accessed on unmanaged devices connecting in via public networks.

Client containers promise to be the next big advance in enterprise client computing and Moka5 will continue to lead the way in their development.

Want to discuss this post? Feel free to tweet to me at @JoeWhaley

Check out our Project SkyNet infographic titled: “Data Security and the Growing Need for Lightweight Client Containers” below, or view our “Deep Dive into Containerization”video page.

Comments are closed.