Vivek Saraswat

Docker Datacenter @ DockerCon 2016: Image security, Engine 1.12 and Burning Man…

Interested in learning more about our plans for Docker in the Enterprise and getting involved in an upcoming Docker Datacenter beta? Let’s take a deeper look. On the second day of DockerCon, the keynote used different situations to discuss enterprise use of Docker. Our CEO Ben Golub broke down several fallacies in IT, CTO Keith Fulton of ADP painted a delicious picture of microservices as chicken nuggets, and Lily and I… well, we averted a massive security disaster and got our costumes ready for Burning Man.

Aside from shiny sequined jackets (not my normal wardrobe, I promise) and Ben’s enthusiastic “business guy” cameo, we presented a prototype of a future version of Docker Datacenter, our commercial solution for running containers-as-a-service (CaaS) in an on-premises or public cloud enterprise environment. Docker Datacenter is an integrated CaaS platform to securely ship, orchestrate and manage Dockerized apps and system resources. The sneak peek during the keynote shows a prototype UI and features. Some of the things you saw may change as we progress but what’s important are the capabilities we are bringing to the enterprise platform.

In the keynote presentation we demonstrated these enterprise use cases:

  • Deploying applications, performing rolling updates, and using role-based access control with Universal Control Plane, running on Engine 1.12 Swarm Mode.
  • Identifying critical vulnerabilities using Docker Security Scanning for images stored in Docker Trusted Registry
  • Verifying a publisher’s identity via cryptographic signing of images with Docker Content Trust

Let’s take a closer look at some of these use cases and upcoming features.

 

Making Orchestration Easier with Universal Control Plane and Swarm Mode

Docker Engine 1.12 with swarm mode for built-in orchestration has a lot of exciting features including services deployment API, rolling updates, routing mesh, and more. As a part of Docker Datacenter, Universal Control Plane (UCP) will manage an Engine 1.12 cluster and provide all of these features. UCP provides intuitive, scalable, and secure workflows for running and managing your containerized applications in a test or production environment. UCP will extend the functionality of Engine 1.12 with features such as an intuitive graphical user interface, role-based access control, LDAP/AD integration, and drag-and-drop deployment of applications via Distributed Application Bundle (.dab) files.

You might be thinking, “Will my current “docker run” commands work on my shiny new Engine 1.12 cluster?” There is no need to worry if you’re using Docker Datacenter. The new version of UCP will have full backwards compatibility by automatically deploying and managing a Docker Swarm 1.x cluster side-by-side with the new Engine 1.12 swarm mode. This means you can still leverage your existing applications, scripts, workflows and integrations that make use of “docker run” commands, even as you start adopting the new “docker service” commands. This provides a way for your team to bridge between workflows.

 

Deepening Content Security with Image Scanning and Content Trust

Security is top of mind for enterprise organizations–in particular the question of “What is running inside my container?” Docker Security Scanning is a service currently available in Docker Cloud that provides image scanning, vulnerability detection and ongoing risk management. The service works by scanning all layers and packages at rest within the image, comparing them against leading CVE databases, and identifying known vulnerabilities within the image. Additionally Docker provides continuous vulnerability monitoring and notifies the administrator should new CVEs be reported against packages in their image repos. In the keynote presentation we showed how Security Scanning will in the future integrate with Docker Trusted Registry, allowing you to scan your private images for vulnerabilities in an on-premises environment.

Just as important as what’s in your images is knowing where these images come from. Docker Content Trust allows publishers to cryptographically sign the image and verify the signature when a user tries to use the image. In future versions of Docker Datacenter, admins will be able to set policies enforcing the use of signed images at time of deployment. The combination of Security Scanning and Content Trust gives IT organizations the tools to secure the source and path of the Docker images that are used and deployed in their environment.

 

Sign up for an upcoming Docker Datacenter on Engine 1.12 Beta Test!

If you like what you saw with the sneak peek, how about taking it for a test drive? Later this quarter we plan to deliver a beta of Docker Datacenter on Engine 1.12, and we want your feedback. If you are interested, sign up to be notified when it’s read and tell us a little more about your environment.

The Docker Datacenter beta program is completely separate from any existing licenses you may have of Docker Datacenter (trial or paid). So give the current Docker Datacenter a try…and sign up for the beta so you can see how the new features will add to the Docker Datacenter workflows!

Sign up for the beta mailing list here. We will notify you when it’s ready.

 

If you missed the keynote presentation, check out a demo of the Docker Datacenter prototype here:

Get started with Docker Datacenter


 

Learn More about Docker

, , , , , , ,

Vivek Saraswat

Docker Datacenter @ DockerCon 2016: Image security, Engine 1.12 and Burning Man…


Leave a Reply

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.