Docker advances container isolation and workloads with acquisition of Nestybox

Hi everyone, this is Cesar & Rodny, co-founders of Nestybox. We are humbled and excited to announce that Nestybox is now officially part of Docker, Inc! Docker is an excellent home for Nestybox’s technology, and this acquisition will prove beneficial to the millions of Docker developers as well as the hundreds of Nestybox’s early adopters. 

Founded in 2019, Nestybox is a Silicon Valley startup with a mission to solve a simple-to-describe but hard-to-fix problem: enabling containers to run any type of workload, seamlessly and securely.

Prior to founding Nestybox, we noticed that app developers and DevOps teams can benefit from enhancements to the container runtime isolation, as well as by enabling containers to run more complex workloads (such as Docker itself), without resorting to insecure privileged containers and tricky configurations / limitations. This gives users a powerful tool to provision not just microservices in containers, but all sorts of compute environments in them (e.g., full development environments, full CI environments, system-level applications, etc.) 

The result of this work was Sysbox, an open-source next-generation container runtime based on the venerable OCI runc (the default runtime in Docker and Kubernetes environments). Sysbox took the OCI runc and added significant changes on top, including enhanced isolation via the Linux user-namespace, selective system-call interception, filesystem User-ID remapping, and the ability to emulate portions of the container’s filesystem to make the container more closely resemble a virtual machine (in essence bridging the gap between containers and VMs, but without using hardware virtualization). 

As enterprises  adopted Sysbox and validated our vision, we realized that Sysbox, being a powerful but very low-level technology, benefits from being part of a larger whole. This is why we are excited to join Docker, further integrating Sysbox with Docker’s compelling technology and tapping into its amazing community. 

We think the synergy between Docker and Nestybox will bring several benefits for app developers and DevOps teams, such as: 

  • Enhancing container runtime isolation
  • Expanding the use cases for containers 
  • Reducing the need for insecure privileged containers
  • Leveraging Docker’s resources to accelerate development of Sysbox.

We are thrilled to join Docker to push the limits of container technology and help developers build, share, and run apps in more powerful and secure ways.

A huge THANK YOU to all of Nestybox’s investors and early adopters for your trust, support, and amazing feedback. We would not be here without you, and we look forward to accelerating development of Docker and Sysbox in the near future!


0 thoughts on "Docker advances container isolation and workloads with acquisition of Nestybox"