Assessment - AWS Prescriptive Guidance

Assessment

Assessment of applications for containerization helps uncover all the dependencies and risks. Assessment also helps sort applications into priority buckets for modernization and migration.

During the assessment phase, focus on the following key areas:

  • Operating system dependencies for containerization – Automated containerization tools such as AWS App2Container have some limitations on the application frameworks and operating systems for containerization. For more information about the supported applications, see the App2Container documentation.

  • Regulatory compliance – It’s efficient to ensure containerized applications are compliant with all the regulations before they are deployed on the target environment, instead of acting in a reactive way after deployment and mitigating then. Check for vulnerabilities in the images, unauthorized inter-container communication, access controls to containers and data, and automated scans to prevent malicious activity.

  • Disaster recovery (DR) solution – Each application has its own specific service level agreement (SLA) for downtime. Keep in mind the application’s recovery point objective (RPO) and recovery time objective (RTO) when planning the distribution of the container clusters. App2Container by default deploys the application to multiple Availability Zones.

  • Data storage – Containers are best used as stateless. For stateful containers, the data must be stored external to the container. If a container goes out of service, you can spin up a new one using the image and the external volume attached with no data loss.

  • Configuration and secrets management – The target environment’s parameter store or the secret store can be used to store and retrieve from configuration and secrets from the container. It’s vital to ensure that the secrets are accessible to the relevant container only. All operations on configuration and secrets should be logged. The communication channel between the container and the secret store must be secure.

  • Logs management – For auditing, the logs generated by each container will be shipped to a log management service that resides external to the container. Because an application consists of multiple services and processes, each residing in different containers, the logs from each container should have a unique ID.

  • Build and deployment process – Most enterprises have some sort of build and deployment process to release their applications and features. To take advantage of containerization, building and deploying the applications should be automated using a CI/CD pipeline. A pipeline brings advantages such as one-click infrastructure provisioning and decommissioning, faster and error-proof deployments, automation, and reduced time to release new features.

  • Upstream and downstream applications – It’s a good practice to containerize and migrate all dependent applications in batches. In scenarios where that is not feasible, communication channels from the containerized application to the upstream and downstream applications should be securely opened. Ensure that the bandwidth supported by this channel doesn’t disrupt the application functionality.

  • License dependencies – Multiple instances of an application run within containers, which can become costly. Check the contracts and eligibility to deploy software on containers. Understand what tools are used for metering the software consumed on containers.

  • Containerization possibility on application servers or worker machines – The containerization process consumes additional resources on the server, such as the disk space, computational power and memory. The application server must be analyzed to ensure that it is capable of supporting the containerization process. Otherwise, you can use a worker machine that has the required resources and can communicate with the application server.

  • Developer skills and production support on containers – The current application team should upskill themselves on the containerization technology. The team should be able to troubleshoot issues in the process, tweak the configurations if needed and be able to support the applications deployed on containers.

You can use App2Container to containerize Java applications running on Linux, such as standalone JBoss, Apache Tomcat, IBM WebSphere, Oracle WebLogic. You can also use App2Container to containerize generic Java applications such as Spring Boot. Application containerization works with microservices and distributed applications. Though all Java applications can be modernized using App2Container, the following criteria can help you choose the right applications to modernize for quicker migrations:

  • Applications that are packaged as a single binary are easier to containerize. Additionally, Java applications can be containerized with a Java Runtime Environment (JRE). Each container can use the specific JRE that it needs.

  • Stateless applications are a good choice for modernizing into containers. These applications store minimal information locally and store most of their data on a persistent data store.

  • Applications that are being released using a continuous integration and continuous deployment (CI/CD) pipeline are good candidates for containerization. Containerize each application and bring in a container orchestration platform such as Amazon ECS or Amazon EKS, which is taken care automatically by App2Container.

Most enterprise applications are integrated with various other services for authentication, persistent data store, caching, asynchronous communication, logging, and notifications. The containerized application should be tested on premises with all existing integration points to facilitate containerization success. When ready to migrate to AWS, all appropriate integration points and data storage must be migrated to AWS. Any necessary updates must be made to the configuration before the application container can be deployed on AWS.

Data stored in file systems can be migrated to AWS using various tools that cater to the use case. Data stored in a cache such as Redis can be migrated to Amazon ElastiCache. Data stored in databases can be migrated by using the database’s own native tools or by using AWS Database Migration Service (AWS DMS). AWS DMS also provides the change data capture (CDC) option to replicate ongoing changes from a source data store until cutover.

AWS provides its own monitoring and operational data logging and visualizing service called Amazon CloudWatch. A CloudWatch agent can be packed into the container along with the application to use this service.

For organizations where source code is not available or not maintainable, App2Container is a great fit for containerization because it operates on the application’s runtime environment and doesn’t require the source code.