Docker in the enterprise
Yesterday I sat in some good talks on Docker internals, security, and the latest and greatest additions to Docker. I have to say, they were inspiring and I’m looking forward to getting deeper with Docker. Today is about Docker for the enterprise.
Docker promotes container as a service (CaaS). Docker Data Center rolls up deploying, monitoring, and remediation of containers as a service . Data Center gives you a CaaS that can run in the cloud, virtual hardware, or your on-premise physical hardware. The platform seems to be nudging other applications that compete for the same space. So it’s important to research the discriminators of each platform. The vendor space at DockerCon is packed with vendors that bring their own value to the ecosystem. It seems like a playing field filled with opportunity.
So back to Docker Data Center. We were given a demo of what it can do. One example during the day two keynote was security monitoring. This seems to dovetail with one of the security talks from the day before. Typically Docker containers are built from previous containers. For example, the NGINX container that you can inherit for your PHP app probably inherited from the stock/trusted Ubuntu image. In a way, establishing a chain of trust for images. If you inherit from trusted sources you can take advantage of the patches that are available in your chain.
The demo walked though the easy, peasy deployment process to push a container to production. Signing of containers and enforced verification is configurable. Once a container is deployed, a security process monitors docker containers for vulnerabilities. The container configuration is analyzed for vulnerabilities from the container library on Docker hub. Emphasis on the importance of building from trusted sources. Data center includes a security scanner that automatically monitors all deployed code. If a container is flagged with a vulnerability, the dashboard notifies an administrator and remediation begins. In this case, the Dockerfile was updated with the patched Ubuntu image version, recompiled and pushed to data center. Data center scans the package and gives it a green light. The package is deployed and the swarm turns green again. Yay, Docker.
Docker Data Center gives the enterprise tools to manage their Docker infrastructure. You can deploy quickly and securely. It provides a mechanism to scale up, load balance, and perform security scanning. Security sensitive organizations are using Docker to enforce policies and procedures in a completely repeatable way.
There was more good stuff today. Docker announced an App Store (whaaat?). Ok, everybody seems to have an app store. It makes sense. It will be interesting how vendors and the community embrace it. My last thought after the morning keynote is, is that environments are disappearing to the background. The monuments to enterprise software we spent years building, maintaining, and complaining about are fading into the background. If you can be modular, you don’t need to be a Microsoft solution shop or Linux shop. You can pull in the pieces that you need and concentrate on writing great code. Actually, that’s all we developers want to do anyway.