USDA lassos its business with Rancher container management

Rancher container management rode into town for the U.S. Department of Agriculture in 2016, and the government department hasn't looked back since.

The U.S. Department of Agriculture plans to wrangle its Docker container environment with Rancher Labs in support of a relaunch of its public website in early 2017.

Rancher container management software beat out other contenders in an evaluation by the U.S. Department of Agriculture (USDA) about nine months ago. Vendors evaluated included SaltStack, Kubernetes, Red Hat and Docker itself.

At first, the USDA planned to manage both its Docker containers and its underlying OpenStack virtual machines with the Salt configuration management offering, SaltStack. However, it soon found SaltStack couldn't keep up as closely with Docker's rapid release cycles as the department wanted, said Ron Williams, DevOps systems architect for the federal government agency based in Washington, D.C.

"Even having Salt run a Docker container would end up being problematic," Williams said. "There would be an error between versions of Salt and Docker, even though the command was almost exactly the same -- the way that it was leveraging the API was a consistent pain point."

This meant Williams and his staff spent a lot of time to maintain management links between Salt and Docker, rather than expand or enhance the container environment. The USDA tried to block certain versions, which was reliable, but the department might get stuck on a version for up to two years, Williams said.

Now, the USDA uses the Salt Cloud VM provisioning interface to set up OpenStack infrastructure and Rancher itself, giving Rancher container management tasks.

"Being able to let Salt do what it does well, like the initial setup of the systems and ongoing maintenance of some of the systems, works really well," Williams said. "And Rancher can focus on maintaining the links to Docker that it does really well."

Williams evaluated Rancher against another free and open source tool, Project Atomic, as well as a licensed enterprise container management system from Docker, the Universal Control Plane (UCP), which has since been folded into the broader Docker Datacenter offering.*

Project Atomic, which runs on Red Hat Enterprise Linux and other Linux distributions, favors its own secure container registry for greater user control over which Docker images are deployed, but Williams said he worried that might break cross-system portability. (Red Hat officials say that won't happen.) Google's Kubernetes was also eliminated as too complex for developers to learn quickly, while Rancher offers an easy-to-use interface.

Otherwise, to require that externally contracted development teams learn a system as complex as Kubernetes would be a tall order, Williams said.

The Rancher container management technology also automates common functions, such as setting up Docker networks, under the covers.

"We simply associate a container with another container, and the network is automatically set up and the communication link is automatically available," Williams said. Persistent storage is still not quite as easy in version 1.1.14, which the USDA started with, though version 1.2, released last month, includes Rancher NFS, and he said he's eager to explore the storage service.

That left Docker UCP and Rancher in the USDA's evaluation. The Docker enterprise container management suite and the free and open source tools, including Rancher, are somewhat like comparing apples to oranges. In particular, Docker Datacenter offers a number of features that Rancher doesn't, such as advanced container security tools. Other federal agencies, such as the General Services Administration, have purchased Docker Datacenter, rather than go the Rancher route.

However, Docker UCP was beyond the USDA's budget for its website project, and Rancher offered free software and support; in exchange, the USDA would contribute the connectors between Rancher and Salt. That free support won't be permanent, however, as the USDA plans to pay Rancher for support going forward, for about $25,000 per year.

"That's really streamlined our ability to adopt Rancher and have our developers begin to test the use of Rancher and make sure it works," Williams said. "The support level we've gotten from them just by contributing from an open source perspective has been top-notch."

The new version of is slated to go live in late January or early February 2017. Fifteen other public-facing websites, including, are already on the container platform, and each of those serves about 200 million requests a month.

*Editor's note: Docker UCP pricing is no longer available, but Docker Datacenter Business Day support costs $150 a month per instance or $1500 per year, per instance.

Any opinions expressed in this article are those of Ron Williams and do not necessarily represent the USDA.

Beth Pariseau is senior news writer for TechTarget's Data Center and Virtualization Media Group. Write to her at [email protected] or follow @PariseauTT on Twitter.

Next Steps

The broad causes and effects of containerization

Containers give dev simplicity and ops concern

Should there be only one way to do Docker?

Dig Deeper on Managing Virtual Containers