The Container Service offers many features beyond the inherent benefits of containerization:
Features
Access to Campus Resources
While the Container Service resides in the cloud, certain campus resources (the Data Warehouse, MiServer and MiDatabase clusters, Enterprise Service Bus, and Shibboleth) are all available to service users.
High Availability
The hosting cluster spans multiple Amazon availability zones. Applications that require high availability can be configured to run instances in multiple zones, increasing the app's tolerance to unexpected hardware or systems failure.
Autoscaling
Applications can be designed to automatically adjust capacity (autoscale) to meet demand. Autoscaling eliminates overpaying for infrastructure capacity set for peak demand that may occur only a few times a year. You will be charged only for what you use, since the Container Service's charges are based on hourly rates.
Sensitive Data
Our service is currently permitted for use with sensitive university data classified as Moderate or Low. Even so, if you store or share sensitive data using this service, it is still your responsibility to protect the sensitive data.
DNS Service
We can implement custom domain names that you have coordinated with the Hostmaster group.
Security Scanning
Our team provides regular image scanning within the service container registry. (Note: This is scanning of images rather than running containers. Applications created from images outside of our registry will not be scanned.)
Optional Fully-Managed Databases
For a nominal monthly fee, Container Service applications can have full access to AWS RDS databases that are backed up and fully managed by the ITS MiDatabase team.
Optional Persistent File Storage
For a nominal monthly fee, applications can use persistent storage volumes powered by Amazon's Elastic File System. The Container Service provides regular backups of EFS for the purpose of disaster recovery.
Service Setup
When you sign up for the service, you'll choose the following:
- Initial container size
- Optional MySQL database
- Optional persistent file storage
Any of these may be modified at a later time.
You will provide a container image or recipe (Dockerfile) for creating a valid container image. Current application architectures such as microservices lend themselves to running as containers. You can use an image provided to you by another party or you can create your own image.
Your container runs on top of the host Linux OS, freeing you from that setup and maintenance. You can install apps, bins, and libraries into the container, managing container details via our OpenShift interface, and handling versioning via git.
Responsibilities
Ours
- 99.9% service uptime
- Upgrade and security patching for service software
- Regular backups of databases (done by ITS MiDatabase team)
- Coordination on any vendor-related issues
- Provide service approved to maintain and store sensitive data classified as Moderate or Low
Yours
- Adherence to university data management and security policies, particularly with sensitive data
- Maintain membership in your development project
- Management of application authorization and data access
- Maintenance and patching of your application
- Maintenance and patching of language frameworks
- Establishment and maintenance of application monitoring
- Filesystem backups