Jenny Fong

How Docker Enterprise Edition Helps Open Doors at Assa Abloy

ASSA ABLOY is the world’s largest lock manufacturer with 47,000 employees worldwide and well-known brands like Yale, Sargent and Assa in their portfolio. The vision for ASSA ABLOY is to become the most innovative provider of door opening solutions through growth of electro-mechanical and digital entry solutions. With increasingly global operations to deal with as well, ASSA ABLOY recognized the opportunity to leverage public cloud, microservices and containers to fuel this digital transformation. Jan Hedstrom, Cloud Infrastructure Architect in the Shared Technologies department at ASSA ABLOY, and Patrick Van Der Bleek, Solutions Engineer at Docker, presented at DockerCon Europe how ASSA ABLOY leveraged Docker Enterprise Edition (Docker EE)  as their central secure container management platform for their global hardware and software workflow .  You can watch their entire talk here:   Journey from Docker CE to Docker EE Some developers at Continue reading…

Diogo Mónica

Least Privilege Container Orchestration

The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator. Orchestrators are responsible for critical clustering and scheduling tasks, such as: Managing container scheduling and resource allocation. Support service discovery and hitless application deploys. Distribute the necessary resources that applications need to run. Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties. Motivation and threat model One of the primary objectives of Docker EE with swarm mode is to provide Continue reading…

Sophia Parafina

Securing the AtSea App with Docker Secrets

Passing application configuration information as environmental variables was once considered best practice in 12 factor applications. However, this practice can expose information in logs, can be difficult to track how and when information is exposed, third party applications can access this information. Instead of environmental variables, Docker implements secrets to manage configuration and confidential information. Secrets are a way to keep information such as passwords and credentials secure in a Docker CE or EE with swarm mode. Docker manages secrets and securely transmits it to only those nodes in the swarm that need access to it. Secrets are encrypted during transit and at rest in a Docker swarm. A secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running. The AtSea Shop is an example storefront application that can be deployed Continue reading…

Riyaz Faizullabhoy

Docker for AWS and Azure: Secure By Default Container Platform

Docker for AWS and Docker for Azure are much more than a simple way to setup Docker in the cloud. In fact they provision by default an infrastructure with security in mind to give you a secure platform to build, ship and run Docker apps in the cloud. Available for free in Community Edition and as a subscription with support and integrated management in Enterprise Edition, Docker for AWS and Docker for Azure allow you to leverage pre-configured security features for your apps today – without having to be a cloud infrastructure expert. You don’t have to take our word for it – in February 2017, we engaged NCC Group, an independent security firm, to conduct a security assessment of Docker for AWS and Docker for Azure. Included in this assessment is Docker for AWS and Docker for Azure Community Edition and Continue reading…

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.

David Lawrence

Docker Security at PyCon: Threat Modeling & State Machines

The Docker Security Team was out in force at PyCon 2017 in Portland, OR, giving two talks focussed on helping the Python Community to achieve better security. First up was David Lawrence and Ying Li with their “Introduction to Threat Modelling talk”. Threat Modelling is a structured process that aids an engineer in uncovering security vulnerabilities in an application design or implemented software. The great majority of software grows organically, gaining new features as some critical mass of users requests them. These features are often implemented without full consideration of how they may impact every facet of the system they are augmenting. Threat modelling aims to increase awareness of how a system operates, and in doing so, identify potential vulnerabilities. The process is broken up into three steps: data collection, analysis, and remediation. An effective way to run the process is Continue reading…

Betty Junod

Docker Federal Summit Recap and videos

On May 2nd, Docker returned to the Newseum to host the second annual Docker Federal Summit.  This one day event is designed to bring government agency developers, IT ops, program leaders and the ecosystem together to share and learn about the trends driving change in IT from containers, cloud and devops.  We expanded the agenda this year two tracks, with presentations from Docker, ecosystem partners, agency and community leaders to drive discussions, technology deep dives and hands on tutorials. View the general session replay here: General session table of content and slides 13:05 Iain Gray, SVP Customer Success discusses how Docker delivers a unique secure supply chain for all applications and infrastructure 33:35 Nathan McCauley, Director Security Engineering discusses the principles of least privilege design on which Docker is built 55:30 Modernize Traditional Apps to gain portability, security and efficiency without changing source Continue reading…

Jenny Fong

Docker Enterprise Edition Brings New Life Back to Legacy Apps at Northern Trust

Many organizations understand the value of building modern 12-factor applications with microservices. However, 90+% of applications running today are still traditional, monolithic apps. That is also the case for Northern Trust – a 128-year old financial services company headquartered in Chicago, Illinois. At DockerCon 2017, Rob Tanner, Division Manager for Enterprise Middleware at Northern Trust, shared how they are using Docker Enterprise Edition (EE) to modernize their traditional applications to make them faster, safer, and more performant. Bringing Agility and Security to Traditional Apps Founded in 1889, Northern Trust is a global leader in asset servicing, asset management, and banking for personal and institutional clients. Their clients expect best-of-breed services and experiences from Northern Trust and Rob’s team plays a large role in delivering that. While their development teams are focused on microservices apps for greenfield projects, Rob is responsible Continue reading…

Victor Coisne

DockerCon 2017: The Top Rated Sessions

After the general session videos from DockerCon Day 1 and Day 2 yesterday, we’re happy to share with you the video recordings of the top rated sessions by DockerCon attendees. All the slides will soon be published on our slideshare account and all the breakout session video recordings available on our DockerCon 2017 youtube playlist. Cilium: Network and Application Security with BPF and XDP by Thomas Graf Docker?!? But I am a Sysadmin by Mike Coleman Creating Effective Images by Abby Fuller Taking Docker from Local to Production at Intuit by JanJaap Lahpor and Harish Jayakumar Container Performance Analysis by Brendan Gregg Secure Substrate: Least Privilege Container Deployment by Diogo Mónica and Riyaz Faizullabhoy Escape from VMs with Image2Docker by Elton Stoneman and Jeff Nickoloff What Have Namespaces Done for You Lately? by Liz Rice Watch the top rated sessions from #dockercon cc @brendangregg @abbyfuller @lizrice @diogomonica   Click To Tweet