Ryan Kennedy

Federated Application Management in Docker Enterprise Edition

Today at DockerCon, we demonstrated new application management capabilities for Docker Enterprise Edition that will allow organizations to federate applications across Docker Enterprise Edition environments deployed on-premises and in the cloud as well as across cloud-hosted Kubernetes. This includes Azure Kubernetes Service (AKS), AWS Elastic Container Service for Kubernetes (EKS), and Google Kubernetes Engine (GKE).

A Single Control Plane for Multi-Cloud Deployments

Most enterprise organizations have a hybrid or multi-cloud strategy and the rise of containers has helped to make applications more portable. However, when organizations start to adopt containers as their default application format, they start to run into the challenges of managing multiple container environments, especially when each of them has a different set of access controls, governance policies, content repositories and operational models. For common hybrid and multi-cloud use cases like bursting applications to the cloud for additional capacity or migrating them from one site to another for availability or compliance reasons, organizations start to realize the need for a singular control plane for all containerized applications – no matter where it will be deployed.

Docker Enterprise Edition is the only enterprise-ready container platform that can deliver federated application management with a secure supply chain. Not only does Docker give you your choice of Linux distribution or Windows Server, the choice of running in a virtual machine or on bare metal, running traditional or microservices applications with either Swarm or Kubernetes orchestration, it also gives you the flexibility to choose the right cloud for your needs.

Onboarding Cloud-Hosted Kubernetes

Application teams are sometimes drawn to different public clouds because of the application services provided. For example, some teams may want to leverage GKE to get access to Google’s Machine Learning Engine or AKS for access to Azure IoT services. Operations teams want to empower their apps team with a fast way to integrate these environments into the enterprise. Rather than having to define all of the security, access control, and governance policies for each particular cloud, they can quickly onboard these clusters with Docker Enterprise Edition and bring the existing policies to these new projects.

Deploying, Migrating and Replicating Apps Across Clouds

Once the various clusters are integrated to Docker Enterprise Edition, users will have access to an aggregated view of all of the applications running in the various environments in a single view. From there, operations teams can control and make decisions about where applications are deployed.

Migrating Applications

Some organizations prefer to run their development and test environments in a public cloud, but run those workloads in their own private data centers for production. Or sometimes an organization runs an application in one location, but needs to migrate it to another location – for example if there is a hurricane headed in their direction. In both cases, the objective is to migrate a containerized application to a new location and re-route traffic to the destination.

With these new capabilities, these migrations can be executed from the Docker Enterprise Edition. Operations teams can view their application portfolio, select the app they wish to migrate and choose any other connected cluster as the destination. Docker Enterprise Edition takes care of the rest:

  • A clone of the application is deployed at the destination
  • The original application is shut down
  • DNS is automatically re-routed to the new application location

Replicating Applications

Another use case is when the same application needs to be replicated to one more locations. In this scenario, the key difference is that the original application is not shut down and the desire is to load balance across the distributed applications. In this case, the operations team can select the application and choose where it should be deployed. The application will be cloned to the destination and a load balancer can then distribute traffic across the copies of the application.

Secure, Federated Content Distribution

In all of the use cases described above, enterprise organizations want to know that the applications are secure and a key aspect of securing the application is knowing where it came from.

Docker Enterprise Edition includes a private registry solution that can be integrated with your existing software pipelines and CI workflows to create a secure software supply chain. By leveraging included security features like image signing and vulnerability scanning, organizations can verify the authenticity of the source of the images and fix any known vulnerability issues before deploying these applications. And by taking advantage of policy-based image promotions, these security checkpoints can be automated so that they don’t slow your organization down.

With the new federated application capabilities, organizations can extend Docker’s secure supply chain to AKS, EKS, and GKE. This helps to maintain the chain of custody from a centralized repository to all of the connected endpoints. Organizations can ensure security policies are in place and content is valid while controlling deployments.

Next Steps

To learn more about this Tech Preview, make sure to watch the demo in the DockerCon keynote. The replay will be posted shortly after the live event. If you’re interested in learning more about the beta, sign up at https://beta.docker.com

To learn more about Docker Enterprise Edition:

, , , ,

Ryan Kennedy

Federated Application Management in Docker Enterprise Edition


Leave a Reply

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.