Docker, Containers

There’s a lot to be excited about in November here in the happy land of containers. Even though the year is winding down and we’re all getting ready for the holidays, the container ecosystem continues to pick up steam with new features and functionality coming out from all of the major ecosystem players.

Today, we’ll focus on Docker’s new offerings in their Docker Datacenter (DDC) product, which represents Docker’s first foray into managing Containers-as-a-Service (CaaS) in both the datacenter and the Virtual Private Cloud (VPC).

With a renewed focus on cloud, microservices, and the adoption of DevOps by technology firms and now larger enterprises, we’re seeing a growing need for cluster management toolchains. Google’s Kubernetes continues to be a powerful player in this space, but it’s positioned towards a different type of ‘power user’ at this point. The DDC reflects the Docker ethos of providing a developer-focused toolchain that supports an end-to-end experience through the software delivery pipeline.

DDC is comprised of several Docker projects:

  • Commercially-supported Docker engine.
  • Universal Control Plane (UCP) with embedded Swarm for management and orchestration.
  • Trusted Registry (DTR) for image management.

With this focus on both development and IT operations, DDC aims to create an integrated platform for the enterprise software supply chain. Through analysis and reporting on security, policy and controls at the beginning of the application lifecycle, we’ve worked with our clients to enforce safety in speed, without sacrificing software delivery lifecycle (SDLC) agility or the ever-essential application portability.

DDC’s new features

Let’s take a look at the new features to see how the product is evolving. You can take a peek here to brush up on the current feature set, and here’s an overview of the DDC ecosystem:

DockerDatacentre_1.png

So, what’s new?

This latest release of Docker Datacenter includes a number of new features and improvements focused on the following areas:

  • Enterprise orchestration and operations: to make running and operating multi-container applications simple, secure and scalable.
  • Integrated end-to-end security: to cover all of the components and people that interact with the application pipeline.
  • User experience and performance improvements: to ensure that even the most complex operations are handled efficiently.

Let’s cover what these new features mean for the operator and organization.

Services, load balancing and service discovery

You’ve undoubtedly become familiar with services with the advent of 1.12, which enables operations teams to create replicated and distributed processes on a swarm, complete with a virtual IP and internal load balancing. DDC allows the operator to use both the GUI and CLI to manage the process of service creation and orchestration. I’d recommend also looking into the HTTP Routing Mesh, which provides the ability for your application to leverage hostname-based routing.

DockerDatacentre_2.png

Enterprise orchestration

Now that we have our hands on DDC, we get built-in orchestration capabilities thanks to the Docker Swarm integration present in Docker 1.12. Thankfully, legacy container management is also supported through the docker run command. Backwards compatibility should be a key enabler for DDC, as there’s always a spectrum of adoption within enterprise IT organizations. Docker accomplishes this backwards compatibility by running swarm mode and background containers across the whole DDC cluster, which is transparent to the operator.

This also means that if you’re using Docker Compose 2 to run your applications on the Docker Engineer 1.10/1.11, you’ll still be able to use the DDC cluster.

Integrated image signing and policy enforcement

In all networks, trust is a central concern for the operator. In order for the Docker ecosystem to function both within a protected LAN as well as untrusted WANs, such as the Internet, it’s critical to ensure the integrity and know the publisher of all data that resides on a given system for establishing provenance. DDC builds security directly into the platform with this latest release. In this case, via DDC integration with Docker Content Trust to enforce policy-based deployments in your cluster using image signatures.

GUI refresh

DockerDataCentre_3.png

Docker has added more resources panes to ease the management of Docker swarms and legacy containers. As these clusters move from tens to hundreds and thousands of nodes, it’s essential to surface the data around orchestration. Accordingly, a number of features around container orchestration have made their way into this release. Here’s a snippet from Docker's site as to the new features:

  • Node management: the ability to add, remove, pause nodes and drain containers from the node. You can also manage labels and SAN (Subject Alternative Name) for certificates assigned to each node.
  • Tag metadata: within the image repository, DDC now displays additional metadata for each tag that’s pushed to the repository, to provide greater visibility of what’s happening and who’s pushing changes with each image.
  • Container health checks: introduced in Docker Engine 1.12, command line is available in the Docker Datacenter UI as part of the container details page.
  • Access control for networks: now networks can be assigned labels for granular levels of access control, just like services and containers.
  • DTR installer: the commands to deploy the Trusted Registry are now available from inside the UI so it’s easier than ever to get working as quickly as possible.
  • Expanded storage support for images: we’ve added and enhanced support for image storage including new support for Google Cloud Storage, S3 Compatible Object Storage (e.g. IBM Cleversafe) and enhanced configuration for NFS.

As you can tell from this blog post, this release focuses on security, orchestration and a refresh of usability. Here at Contino, we’re seeing clients leverage DDC in particular to bring more agility and control to the enterprise IT supply chain. As Docker evolves the DDC product in response to both competitors and customer needs, we expect the suite to grow in functionality. DDC deserves a first (or second!) look for those folks who want to leverage the ease and speed of the Docker ecosystem:

  • Docker engine commercial support
  • Ease of deployment for medium-sized container fleets
  • User-friendly GUI
  • Familiarity with developers

If you’re interested in running through a demo of DDC, contact us here at Contino or give this lab a try. Either way is a great way to get started with enabling your diverse IT ecosystem to get started with containers, cloud, and DevOps practices.

Thanks for reading!

  • Jesse White

    Account Principal

    Jesse White is a Account Principal with more than 15 years of technology industry experience across financial services, healthcare, advertising, e-commerce, and IoT verticals. As a 10 year veteran of New York City’s vibrant “Silicon Alley”, he’s intimately familiar with delivering cloud solutions, effective team building, and Agile process adoption. As an early contributor to the Container ecosystem, he plays a foundational role in New York City’s open source community as founder of DockerNYC. Jesse has spent the last 5 years focusing on the intersection of automation, cloud computing, security and DevOps methodologies.

    More Articles by Jesse