Imad Sousou

This year at DockerCon 17, April 17-20 in Austin, Texas, we will demonstrate how Intel® Clear Containers continue to deliver all the agility and benefits of traditional containers with the security associated with VMs. Rather than choosing between speed and security, Intel Clear Containers provide the industry with the best of both worlds.

Conference attendees will learn how Clear Containers integrate into the larger container ecosystem and will hear more about the support of the Open Container Initiative (OCI) runtime specification, which helps container portability. Support for the OCI standard is now available in Clear Containers 2.1. The Clear Containers session at DockerCon is at 2:25pm, Wednesday April 19th in Ballroom C.

Intel collaborates closely across the container ecosystem, and we are excited about our expanded work with both Docker* and Microsoft*.

The Intel Clear Containers project typically uses a Clear Linux* OS as the VM kernel and mini OS. Clear Containers now support the ability to use a custom kernel and mini OS. This capability will be showcased at the conference with the use of the new Docker LinuxKit* as the VM kernel, which provides additional security. Clear containers will also support a custom minimal user-space and immutable mini OS based on the LinuxKit in the near future.

Intel is also collaborating closely with Microsoft around containers. During their DockerCon 2017 keynote, Microsoft demonstrated support for Linux containers running natively on Windows* Server through Hyper-V isolation technology. We are excited to be part of this announcement with the Clear Linux* OS as an option for users. The Clear Linux OS is a highly optimized OS for running containers as well as other workloads, tuned for performance on IA. We are happy to support Microsoft’s commitment to customer choice in selecting the best distribution for their Linux containers.

In addition to seeing the examples above, visitors to our booth (EXPO HALL 4 Booth #G23) can also see how Intel Clear Containers add additional security benefits. This demo features a nine-year-old exploit, Dirty COW, which allows a containerized application to get full root privileges on a host machine. The Intel Clear Containers technology prevents Dirty COW and other similar kernel exploits from affecting a production environment.

We look forward to seeing you in our booth and to a great DockerCon 17. If you aren’t at the show, this summary whitepaper, Intel Clear Containers: Building a virtualization continuum, provides an excellent overview of Intel Clear Containers.

*Other names and brands may be claimed as the property of others.