We love Docker. This container technology makes it possible to run four-to-six times the number of server applications as you can with Virtual Machines (VM) on the same hardware. There are only two little problems: Security and management.
Those aren't small problems. Even though businesses are flocking to deploy Docker containers, if you can't nail down the security or management issues, you're playing with fire. That hasn't stopped anyone, but Docker knows darn well it's only a matter of time before its users get burned. So, Docker is addressing both problems.
First, to improve security, Docker's latest release Docker 1.10 uses a feature called user namespacing to enable containerized applications to run without having root permission. With user namespaces, the Docker daemon still runs as root but the containers are handled separately. With each container using its own user-level privileges, they no longer need root access to run.
It's not perfect. Nathan McCauley, Docker's director of security, explained that user namespaces are currently available only for Linux. "Windows has its own isolation features that we'll integrate with Docker," McCauley said. "On every platform we'll aim to support every isolation feature." That feature isn't available yet on Dockers on Windows.
For both Linux or Windows, another handy new feature is that Docker image IDs now represent what's really inside a container. Before, you had to take it on faith that a container was what it claimed to be. Until you actually ran a container, say a Ngnix web server, you couldn't be sure that's what was really inside it. You can now be certain that the application you're running is what you expect it to be by just specifying its ID.
For management, Docker has just released Docker Datacenter (DDC). This is an integrated, end-to-end agile application development and management platform.
With DDC, organizations are empowered to deploy a Containers as a Services (CaaS) either on-premises or in a private cloud. A CaaS provides an IT managed and secured application environment of content and infrastructure where developers can build and deploy applications in a self-service manner.
DDC is made up of Docker Universal Control Plane, Docker Trusted Registry, and embedded support for Docker Engine. Docker Datacenter addresses the requirements for organizations that want to manage the application life-cycle of Dockerized applications from development through production.
CaaS and DDC are already in use by Fortune 500 companies. According to Docker. "Some of the world's most security-conscious organizations, like ADP, have bought and deployed Docker Datacenter to deliver a CaaS solution that provides agility for development teams, control for operations teams and portability of applications across any infrastructure, from on-premises datacenters to public clouds, across a vast array of network and storage providers."
In a statement, Keith Fulton, ADP's Chief Technology Officer, said "Docker's CaaS approach will enable us to drive transformation across the entire application life-cycle from development to operations. A key feature for us is the end-to-end integration with Docker Content Trust to centrally administer and control our images so that only signed and validated content can be used or deployed into a production environment. With Docker, we will be able to ensure application portability, whether it is between dev and ops or between the datacenter and the cloud."
So does agile container management and better security sound good to you? If it does, the new Docker programs are ready to download and deploy today.
- Docker's Unikernel acquisition: The Microsoft angle
- Amazon adds Docker registry to fill in "core" gap in its cloud
- What is Docker and why is it so darn popular?