Mark Church

Sharing is Caring: Docker Enterprise Edition Access Control

Multi-tenancy has many benefits in organizations. Clearly it increases hardware utilization but it also allows IT roles to specialize more, and provides better separation of concerns. This leads to more manageable infrastructure. Multi-tenancy is a challenging practice though, as it requires strict security control over resources without becoming too cumbersome for application deployment. This blog post is about the Role-based Access Control (RBAC) enhancements introduced in Docker Enterprise Edition (Docker EE) 17.06. These enhancements allow for much more granular control and also flexible policy modeling that is one giant building block of a multitenant container infrastructure. This post will help you  address questions like: How do I prevent different teams from viewing or interacting with each other’s applications when using shared infrastructure? How can I enforce scheduling on certain nodes in the cluster? How can I manage all the access policies so Continue reading…

Mark Church

Understanding Docker Networking Drivers and their use cases

Applications requirements and networking environments are diverse and sometimes opposing forces. In between applications and the network sits Docker networking, affectionately called the Container Network Model or CNM. It’s CNM that brokers connectivity for your Docker containers and also what abstracts away the diversity and complexity so common in networking. The result is portability and it comes from CNM’s powerful network drivers. These are pluggable interfaces for the Docker Engine, Swarm, and UCP that provide special capabilities like multi-host networking, network layer encryption, and service discovery. Naturally, the next question is which network driver should I use? Each driver offers tradeoffs and has different advantages depending on the use case. There are built-in network drivers that come included with Docker Engine and there are also plug-in network drivers offered by networking vendors and the community. The most commonly used built-in network drivers Continue reading…