, a clever (and profitable!) use of Docker

Docker is a containerization technology that gained in popularity lately. It allows developers to ship their software with all its dependencies in a VM-like environment with a controlled configuration.

The main difference with VMs is that Docker uses the host machine kernel, instead of emulating one for each VM. It allows to instantiate multiple Docker images in containers on the same host without requiring gigantic amounts of resources.

Let’s see how Docker simplifies the development of on-demand services.

Wrap it up!

Docker allows to wrap almost anything, from OSes to databases system. One of these possibilities is to containerize an OpenVPN server.

The container is running a single process: the OpenVPN server. It’s important to keep in mind that the processes in the container are totally isolated from the host processes and from other containers as well (apart that they use the same kernel, but that’s all they share).
Still, the OpenVPN server is exposed through a port in its container, and this port is routed to another port to the host machine that is exposed to external network. By default, Docker automatically uses host ports contained in ephemeral ports range (32768 to 65535), but you can link any port to any container by doing it explicitly, to expose a web server on the port 80 for example.

Docker Architecture

As you can see on the diagram, all the containers are literally clones, with exactly the same configuration. It is the host machine that is performing the linking between ports.

This way, you can have as many containers running OpenVPN server instances as you like, all on the same server (assuming the server doesn’t start burning; even if Docker is resource-efficient, there’s still no magic!). : from the standard Docker use case to the monetizable service

That’s basically the whole picture of what’s powering architecture, a website that allows to get your own VPN for 24 hours by paying $1 (there is a free trial for 30 minutes).

The VPN server is literally created in a matter of a few seconds and then you’re good to go. – on-demand VPN

The main difference with the diagram above is that, instead of exposing containers through its ports, the BackRoad host is exposing them through subdomains (eg: )

If you check out the GitHub repository of the base image on which BackRoad container are based, you’ll see how easy it is to configure it. The guys basically wrapped a payment system around a Docker OpenVPN image, and that’s it! The idea is simple and carried out efficiently.

Let’s scale!

Note: I do not work for BackRoad, thus I have no precise idea of the architecture they are using. The following paragraphs are about my personal experience.

What if we wanted to scale this service? I guess using Marathon is a good start. Marathon is framework built on top a Mesos, a distributed system kernel. It provides an abstraction of all the resources of a datacenter (CPU, RAM…).

If you want to have a process running, you just ask for the resources you want, let’s say 2 CPU and 3 gig of RAM. Marathon will take care of everything else for you, finding a machine able to host your process.

And, good news, Marathon is natively compatible with Docker! Which mean that, as long as we can purchase more servers resources to have our app running on them, we will be able to scale horizontally as much as we want!

My money, take it all!

By using resources efficiently and packaging a working environment, Docker allows new kind of services to be created and managed easily. Combined with resources abstraction solutions like Mesos and Marathon, it allows services to scale almost infinitely, while still being manageable.

I had the luck to be able to use Docker during my internship at GreenCom Networks. I have to say that it’s really an impressive piece of technology. I’m sure it will open a few new doors in the upcoming years, in the market of on-demand services.

Please share any thoughts of yours if you’ve been using Docker at work or for personal projects!, a clever (and profitable!) use of Docker was last modified: September 4th, 2015 by Tom Guillermin

Leave a Reply