Diogo Mónica

Least Privilege Container Orchestration

The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator. Orchestrators are responsible for critical clustering and scheduling tasks, such as: Managing container scheduling and resource allocation. Support service discovery and hitless application deploys. Distribute the necessary resources that applications need to run. Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties. Motivation and threat model One of the primary objectives of Docker EE with swarm mode is to provide Continue reading…

Faster and Better Image Distribution with Registry 2.0 and Engine 1.6

There has been incredible growth in the usage of Docker Hub: we have now served over 300 million pulls to developers around the world, and will soon be serving 100 million per month. The current generation of the Registry has done a good job so far, but we know we need a better foundation to support this growth and keep your image pulls running fast and reliably. We’re pleased to announce a huge update to how images are distributed, which will make pulling images dramatically faster and more reliable. It’s the foundation that will support image distribution in years to come.  Docker Engine 1.6, the Docker Hub and the self-hosted Registry now support a new API which has been completely redesigned with this type of performance and scale in mind. It features: Faster image pulls: Downloading images with lots of Continue reading…

Diogo Mónica

Secured at Docker – Diogo Mónica and Nathan McCauley

I’m thrilled to officially announce that Nathan McCauley and I are joining Docker to lead the Security Team. Back in 2011, Nathan and I were fortunate enough to join Square just as it was picking up steam. Square disrupted traditional point-of-sale systems by allowing anyone to take credit-card payments on their phone. And with great, disruptive ideas came new and interesting security engineering challenges. During our time at Square we built a wide range of different systems, from an general purpose cryptography infrastructure, a fully-fledged mutual-TLS micro-service architecture and a small end-to-end encrypted credit-card reader. All of these systems allow Square to move hundreds of millions of dollars per day. We are incredibly proud of what we have achieved at Square but a new opportunity presented itself. 

Scaling Docker with Swarm

We are extremely excited to announce the first beta release of Swarm, a native clustering tool for Docker. For the past two years, Docker has made the lives of millions of developers easier by making building, shipping and running applications simpler through containers. However, things get complicated when dealing with more than one host for Docker containers in a distributed environment.  This is where Swarm comes in. Swarm pools together several Docker Engines and exposes them as a single virtual Docker Engine. It serves the standard Docker API, so any tool that already works with Docker can now transparently scale up to multiple hosts.

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.