Apcera formally announces its enterprise container management platform

Apcera is now emphatically branding its platform as an enterprise-grade container management platform, believing that the container market has matured to the point where the platform’s purpose and assets will now be clear.


Mark Thiele, Apcera’s Chief Strategy Officer

San Francisco-based Apcera’s platform has been around for a while, but its specific focus on container management was not stressed when that market was nascent. Now, Apcera is strongly emphasizing its platform’s ability to handle enterprise container management, particularly around security. They are also announcing some new enhancements and integrations in the platform’s 2.4 release.

Apcera is a startup, but has been around since 2012. It was previously branded as a Platform-as-a-Service provider, but container management has always been what they were about.

“It has been the whole story from the beginning, but it wasn’t messaged that way until now,” said Mark Thiele, Apcera’s Chief Strategy Officer. “What we are trying to do now is get across the notion of it being a container management platform, which is what it has been from the beginning. It’s just that when we started, it was simply too early for container management as a concept. A big part of this announcement is framing more effectively for the modern market who we are and what we do.”

Thiele said that that one of their customers didn’t even know how to spell ‘container’ when they were first introduced.

“Before, when you had that kind of customer, you would just move on — but not today,” he stated. “Now, customers with no background in containers at all see our platform as a way to pull a year ahead rather than simply stitch things together, and leapfrog ahead from where they are today.”

Thiele said that the Apcera platform is secure by default – which is critical because containers by default are not secure.


Josh Ellithorpe, Apcera’s Lead Architect

“Enterprise requirements for security are much more stringent than they are for dev/ops,” said Josh Ellithorpe, Apcera’s Lead Architect. “We have no shared file systems with the underlying host, so by default they are far more secure. A lot of products also use a call-out policy system, in which calls are made to components that don’t understand policies. If a system is compromised, with a call-out based model, then it’s wide open. In contrast, our policies are locally evaluated, and the local components understand the policy dynamics of the culture. This means that components like load balancers and routers cannot be forced to do things the policy does not permit – which is not the case in a lot of platforms today.”

Apcera’s platform is also legacy and cloud native, to allow for easy modernization of applications.

“Our premise is that containers are not going to be just something that developers play with, or is just used for one or two apps,” Thiele said. “So our assumption is that more and more of the environment will be moving to containers over time, and we needed to facilitate that.”

The Apcera platform also provides for network nano-segmentation to deliver container-level application of policy.

“Tools today support networking at a VM level – and that level of security,” Thiele said. “This means that containers have to have the same rules at the VM level, rather than the container level. Our nano-segmentation allows this at the container level.”

Thiele also stressed that Apcera facilitates true hybrid mobility across on-premises, cloud or hybrid environments without breaking dependencies or governance.

“We can provide a true hybrid environment, where you can run an app on-prem or on any of the major clouds, and move them without refactoring the apps,” he said.

Thiele also noted that the platform was fully integrated, with storage, login and monitoring, to position it as truly enterprise grade. It is also a true turnkey platform.

“You can have it up and running and your team trained in a week or two,” he said.

Thiele said that Apcera isn’t just for large enterprises.

“We see it as mid-market up – companies with $100 million in revenues up,” he said. “Those kinds of companies like the fact that we are turnkey and fully integrated.”

While the channel is a part of Apcera’s go-to-market model, it has been minor to date.

“The channel is really nascent at this point,” Thiele said. “We have a few smaller partners who are very focused niche players in this space. We are also working with a couple bigger and well known ones. But our go-to-market has been primarily word of mouth and internal sales.

Enhancements in version 2.4 of the platform include full support for the Amazon ECS container service and the Keycloak open source identity and access management solution, as well as improved integrations around the Windows space, including Microsoft Azure.

Additional support for multi-resource job manifests allow users to streamline the process of creating Docker images or mapping existing packages to job links, service bindings and resource specifications as well as the creation of virtual networks.

App Tokens and Authentication now let jobs obtain an access token to make API calls or run APC commands without having to authenticate against an external identity system, such as LDAP or Google.

Finally, the Event System API now allows users to consume information and events directly from any Apcera cluster about resource usage, network ingress/egress bandwidths, external services usage, and other changes applied to the system.