There are exciting shifts on the horizon with developments and announcements at the recent DockerCon19 in San Francisco: the world of containerization has come to embrace IoT.
Both the IoT and Cloud landscape has been fundamentally changed by developments in containers which means that there are new opportunities for how applications can be deployed in IoT and in the Cloud. Consider what these may all mean to the future of IoT.
Until now, the world has been looking for some sort of elusive unification theory that would somehow magically make it seem natural for our traditional understanding of what the Cloud “is”, and have it seamlessly assimilate--or help to fix or change--the otherwise anti-Cloud nature of IoT. Most experts see IoT as an on premises edge solution that picks up data in physical locations.
Before DockerCon19, a person would be forgiven for underestimating the enormous challenges getting the IoT and the Cloud worlds to co-exist. The seasoned IoT expert would give you a wry smile and condescending nod if asked about Cloud use cases. They might even start going into a complex explanation about the challenges, where soon we would all be more confused than when we started, and no closer to an answer.
Today, we are on the threshold of a new era. Container, IoT and Cloud technology will provide the solution to solving many problems. The ironic (but exciting) twist is that the key technologies have been around for years, some even for decades. This means the solution has existed in whole or in-part right in front of us for some time.
Much of container computing magic is in not really inventing anything new, but in looking at what exists in a new way, and in so doing, we have been able to see practical applications of these technologies to solve the issue of IoT on the Cloud.
The following are 3 interesting takeaways from DockerCon19 where Cloud, containers, and IoT converge to create new and very compelling solutions.
Securing Content for IoT Devices
One solution outlined in one of the sessions was devised by Exxon Mobile with support from Intel and Docker. The session “Securing Edge & IoT Devices with Docker Enterprise” discussed how Exxon developed an approach to IoT by first looking at securing its entire software supply chain. To achieve this, Exxon worked with Docker and Intel to craft an elegant integration with Docker Trusted Registry to encrypt, sign and restrict deployment of application workloads at the edge, by using TPM, which stands for Trusted Platform Module, a microcontroller that is designed onto hardware and is a secure cryptoprocessor. This is used to provide a really solid set of security capabilities including the ability to secure hardware through integrated cryptographic keys.
So why is this so interesting? The capabilities of TPM have been around for a long time, and it’s not new to have the ability at a hardware level to provide encryption, hashing and integrity management of IBB, ROM, Boot Loader and even OS, but they have integrated this into the Docker Engine and all the way up to Docker Trusted Registry and Docker Content Trust.
Following this deployment methodology outlined in the session, detailed guidance was shown how to provide true end-to-end encryption, unique to each piece of hardware supporting TPM in unified way.
Extending ARM Processing beyond Mobile Devices
There is enormous excitement around the announcement of the ARM builder and the ability to produce Multi-architecture Images for x86 and ARM in the image build process. This extends the ability of Docker Engine to push to nodes based on ARM architecture. Taken in context, although ARM has been around for decades, more ARM chips have been produced in the last year than have been produced in the previous years of the architecture’s existence.
Even AWS has minted their own ARM chips offering them through EC2. This elevates Docker in the IoT space and extends its dominance in the Cloud. This ushers in a whole new world of development opportunities for build testing in the Cloud and rolling out to the edge in a smooth CI/CD workflow.
Adopting CI/CD to Automate Complex Infrastructure
There is more than can be covered here but to close on a personal show highlight, there was a very impressive representation of CI/CD solutions developers with strong security stories. They all embrace not only the automation and management of software development in a CI/CD workflow, but also the management of the underlying security of the process of deploying applications, specifically the keys, certificates, crypto capabilities which are at the heart of Containerization and Orchestration, and are used system wide.
The power of automation in infrastructure deployment specifically allows the entire CI/CD workflow to drive security features of Docker and Kubernetes. One particularly exciting announcement was by CryptoMove and integration with CircleCI. CryptoMove has a unique approach to managing, versioning and sharing encrypted keys and secrets in a Cloud-hosted solution, that moves the locations of these keys using the Cloud coupled with game theory. In this solution, nothing sits in one place waiting for someone to hack it, but rather the locations of the keys move around the Cloud.
There is an exciting future for IoT using Containers and Orchestration, and the ability to deploy fully encrypted container payloads to fully encrypted hardware, on scale with a CI/CD build, test and production workflow. What makes it even more fascinating is the fact that all of this is made possible by leveraging technologies that are mature. The answer to solving all these deployment and security concerns is something so familiar. Now we just need to figure out a way to manage all these IoT devices.
About the Author
Gordon Saint Clair is a Docker and Kubernetes Architect at the Stone Door Group, a Cloud and DevOps consulting company and a team lead for their Docker Accelerator℠ solutions. Accelerator solutions take all the guesswork out of the DevOps journey with simple to understand and easy to quantify results. To learn more, drop us an email at email@example.com.
 Developed by the Trusted Computing Group which includes Intel, Microsoft, AMD, IBM and over 100 more members.