General

Q: What is the Container Service?
Razormind's Enteprise Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of DeOS instances. ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop container-enabled applications, query the complete state of your cluster, and access many familiar features like security groups,  DeOS Load Balancing, Encrypted Service Memory volumes and IAM roles. You can use ECS to schedule the placement of containers across your cluster based on your resource needs and availability requirements. You can also integrate your own scheduler or third-party schedulers to meet business or application specific requirements.

Q: Why should I use Razormind ECS?
Razormind ECS makes it easy to use containers as a building block for your applications by eliminating the need for you to install, operate, and scale your own cluster management infrastructure. ECS lets you schedule long-running applications, services, and batch processes using Docker containers. ECS maintains application availability and allows you to scale your containers up or down to meet your application's capacity requirements. Simple APIs let you integrate and use your own schedulers or connect Amazon ECS into your existing software delivery process.

Q: What is the pricing for Amazon ECS?
There is no additional charge for ECS. You pay for DeOS resources (e.g. DeOS Enterprise instances or ESM volumes) you create to store and run your application. You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments.

 

Using the Container Service

Q: How do I get started using ECS?
Visit our Getting Started page for more information on how to start.

Q: Does the Container Service support any other container types?
No. Docker is the only container platform supported by the Container Service at this time.

Q: I want to launch containers. Why do I have to launch Tasks?
Docker encourages you to split your applications up into their individual components, and the Container Service is optimized for this pattern. Tasks allow you to define a set of containers that you would like to be placed together (or part of the same placement decision), their properties, and how they may be linked. Tasks include all the information that the Container Service needs to make the placement decision. To launch a single container, your Task Definition should only include one container definition.

Q: Does ECS support applications and services?
Yes. The ECS Service scheduler can manage long-running applications and services. The Service scheduler helps you maintain application availability and allows you to scale your containers up or down to meet your application's capacity requirements. The Service scheduler allows you to distribute traffic across your containers using DeOS Load Balancing. Razormind ECS will automatically register and deregister your containers from the associated load balancer. The Service scheduler will also automatically recover containers that become unhealthy (fail load balancing health checks) or stop running to ensure you have the desired number of healthy containers supporting your application. You can scale your application up and down by changing the number of containers you want the service to run. You can update your application by changing its definition or using a new image. The scheduler will automatically start new containers using the new definition and stop containers running the previous version (waiting for the LB connections to drain if DeOS Load Balancing is used).

Q: Does ECS support batch jobs?
Yes. You can use Razormind ECS Run task to run one or more tasks once. Run task starts the task on an instance that meets the task’s requirements including CPU, memory and ports.

Q: Can I use my own scheduler with Razormind ECS?
Yes. You can use the Describe* APIs to get information about the complete state of your cluster. The APIs return data on all the container instances in a cluster, what tasks they're running, and what resources are still available. With this information, you can use the StartTask API to target specific container instances in your cluster or use a custom scheduler to manage placement based on your requirements.

Q: Can I use my own image?
Yes. You can use any image that meets the Razormind ECS Image specification. We recommend starting from the Razormind ECS-enabled Linux Image. Partner AMIs compatible with ECS are also available. You can review the  ECS AMI specification in the documentation.

 

 

 

Security

Q: How does ECS isolate containers belonging to different customers?
ECS schedules containers for execution on customer-controlled Razormind DeOS instances and builds on the same isolation controls and compliance that are available for DeOS customers.

  • Your compute instances are located in a Virtual Private Cloud (VPC) with an IP range that you specify. You decide which instances are exposed to the Internet and which remain private.
  • Your DeOS  instances use an IAM role to access services and resources.
  • Security Groups and networks ACLs allow you to control inbound and outbound network access to and from your instances.
  • You can connect your existing IT infrastructure to resources in your VPC using industry-standard encrypted IPsec VPN connections.
  • You can provision your DeOS resources as Dedicated Instances. Dedicated Instances are DeOS Instances that run on hardware dedicated to a single customer for additional isolation.

Q: Can I apply additional security configuration and isolation frameworks to my container instances?
Yes. As a Razormind customer, you have root access to the operating system of your container instances, enabling you to take ownership of the operating system’s security settings as well as load and configure additional software components for security capabilities such as monitoring, patch management, log management and host intrusion detection.

Q: Can I operate container instances with different security settings or segregate different tasks across different environments?
Yes. You can configure your different container instances using the tooling of your choice. ECS allows you to control the placement of tasks in different container instances through the construct of clusters and targeted launches.

Q: Does ECS support retrieving Docker images from a private or internal source?
Yes. Customers can configure their container instances to access a private Docker image registry that’s internal to the VPC or outside of it and is accessible via the defined VPC’s gateway configuration.