Banjot Chanana

Docker Datacenter adds enterprise orchestration, security policy and refreshed UI

Banjot Chanana

Today we are excited to introduce new additions to Docker Datacenter, our Container as a Service (CaaS) platform for enterprise IT and application teams. Docker Datacenter provides an integrated platform for developers and IT operations teams to collaborate securely on the application lifecycle. Built on the foundation of Docker Engine, Docker Datacenter (DDC) also provides integrated orchestration, management and security around managing resources like access, images, applications, networks and more across the cluster.

This latest release of Docker Datacenter includes a number of new features and improvements focused in the following areas:

  • Enterprise orchestration and operations to make running and operating multi container applications simple, secure and scalable
  • Integrated end to end security to cover all of the components and people that interact with the application pipeline
  • User experience and performance improvements ensure that even the most complex operations are handled efficiently

Let’s dig into some of the new features.

Enterprise orchestration with backward compatibility

This release of Docker Datacenter not only integrates the built in orchestration capabilities of Docker Engine 1.12 utilizing swarm mode and services, but also provides backwards compatibility for standalone containers using the docker run commands. To help enterprise application teams migrate, it is important for us to provide this continuity and time for applications to be updated to services while still supporting environments that may contain both new Docker services and individual Docker containers. We do this by simultaneously enabling swarm mode and running warm containers across the same cluster of nodes. This is completely transparent to the user; it’s all handled as part of the DDC installation and there is nothing for the admin to configure.  The applications built with Docker Compose (version 2) files on Docker Engine 1.10 and 1.11 will continue to operate when deployed to the 1.12 cluster running DDC.

Docker Services, Load Balancing and Service Discovery

We’ve talked about Docker Services before with 1.12, where every Docker Service can easily scale out to add additional instances by declaring a desired start. This enables you to create a replicated, distributed, load balanced process on a swarm, which includes a virtual IP (VIP) and internal load balancing using IPVS. This can all be addressed through Docker Datacenter as well through both the CLI and new refreshed GUI that walks through the process of creating and managing services, especially if you’re new to the concept. You can also optionally add HTTP hostname-based routing using an experimental feature called HTTP Routing Mesh.




Integrated Image Signing and Policy Enforcement

To enable a secure software supply chain requires building security directly into the platform and making it a natural part of any admin tasks. In this release of Docker Datacenter we advance content security with an integration to Docker Content Trust in both a  seamless installation experience and also the ability to enforce deployment policy in the cluster based on the  image signatures. Stay tuned as our security team has a detailed blog on this later this week.


Refreshed User Interface and New Features

Providing an intuitive UI that is robust and easy to use is paramount to operating applications at scale, especially applications that can be comprised of tens or even hundreds of different containers that are rapidly changing. With this release we took the opportunity to refresh the GUI as we added more resources to manage and configuration screens.


Integrating orchestration into Docker Datacenter also means exposing many of these new capabilities directly in the GUI.  One example is the ability to deploy services directly from the DDC UI. You can simply type all of the parameters like service name, image name, the number of replicas and permissions for this service.


In addition to deploying services, new capabilities have been added to the web UI like:

  • Node Management: The ability to add, remove, pause nodes and drain containers from the node.You can also manage labels and SAN (Subject Alternative Name) for certificates assigned to each node.
  • Tag Metadata: Within the image repository, DDC now displays additional metadata for each tag that’s pushed to the repository, to provide greater visibility to what’s happening and who’s pushing changes with each image.
  • Container Health Checks: Introduced in Docker Engine 1.12 command line is available in the Docker Datacenter UI as part of the container details page.
  • Access Control for Networks: Now networks can be assigned labels for granular levels of access control, just like services and containers.
  • DTR Installer: The commands to deploy the Trusted Registry are now available from inside the UI so it’s easier than ever to get working as quickly as possible.
  • Expanded Storage Support for images: we’ve added and enhanced support for image storage including new support for Google Cloud Storage, S3 Compatible Object Storage (e.g. IBM Cleversafe) and enhanced configuration for NFS.

This is a jam packed release of big and small features – all designed to bring more agility and control to the enterprise application pipeline. Our goal is to make it easy for application teams to build and operate dockerized workloads in the infrastructure they already have. Don’t miss the demo webinar on Wednesday to check out the new features in real time.

Learn More


7 thoughts on “Docker Datacenter adds enterprise orchestration, security policy and refreshed UI

  1. I have a couple of questions for you. I followed your link and launched a DDC into the AWS. After logging into the UCP I see "New updates are available for UCP: 2.0.0. For instructions visit".

    Do I need to do this upgrade (on each node btw) to get the latest DDC? I might have expected it to be a ready-to-go experience with the latest of everything.

    The other question is on the FQDN to use. I am assuming that that has to be an existing hosted zone in Route53 but should I have filled it in as or or something else? An example of a filled in value would be helpful.

    • Yes, you do need to upgrade to the latest DDC on each node. My apologies, we are still getting our AWS template upgraded with the latest bits from GA! For the FQDN, it does have to be a hosted zone but it can be any name that will be resolvable by the client who pull/push from DDC as well as those who log into the GUI.

  2. Just a follow up that I tried using the AWS quickstart (linked to from the email that I got with the subject "Getting Started with Your Docker Datacenter Trial") which had a template link to

    After waiting for that to startup the UCP console advised me that an upgrade to 2.0.0 was available. I followed the steps for upgrading the 3 controllers and 3 nodes and then the UCP console showed no nodes available.
    I am guessing that the AWS quickstart was the wrong thing to do.

    • you definitely did the workflow properly. Can you DM me and we can help figure out what went wrong with your deployment? i'm banjot-at- docker-dot-com.

  3. will you be integrating this into Azure container services?

  4. Seems to work fine on Azure with full topology automated at

  5. Dear Dan, how are you?

    My name is Alex Lattaro, I'm a Community Manager and content leader at iMasters. IMasters is one of the largest portals in Brazil, aimed at developers.

    I just read your article and we would like to translate it into Portuguese and display to our portal. Can you authorize us?

    We would like to make it clear that all of the article's rights are yours and it will be published on your name.

    Thank you,

Leave a Reply