Securely Deploy Containers to Production: An Overview of Apcera Containers
To create and secure containers, Apcera leverages a combination of Linux kernel namespaces and cgroups for process controls (CPU, memory, user isolation), mount namespace and chroot-ing process for file system isolation, user namespaces for hardware isolation, and a combination of network namespace and iptables rules (on the host side) for controlling network ingress/egress to the container.
Apcera offers a platform that takes on this challenge cross-public and private infrastructures. Not only does it handle a diverse set of workloads hosted on and off-prem in private and public clouds, but it does so with a policy engine at its core. This lets a network operations group set policies to control the network access to, from and within the system while still allowing the users to configure the connectivity they need without any manual intervention.
Download the paper to learn how you can securely deploy containers to production with Apcera.