Want to learn more about the innovative world of cloud computing? If you do, click here to find out about some cool cloud computing facts.
Over the past few years, tools such as Docker and Kubernetes have enabled IT teams to be more agile and nimble, develop applications faster, implement DevOps principles and scale their applications. Individually contributing developers may have convinced you to allow them to download and use the open-source Docker Community Edition (CE) as the base platform to install your next greenfield applications.
These applications typically start off as small-scale experiments and proof-of-concepts running on open-source components in development environments. If you decided to go with this approach to foster and encourage innovation, you are not alone.
Many IT decision makers have decided to use Docker in their development environments, and they have found resounding success in their capacity to bring applications to market, which aligns with a recent Forester New Wave™ report on enterprise containers.
Unfortunately, however, organizations that use Docker CE are now trying to figure out how to scale their Docker environment to meet the security and compliance requirements necessary for enterprise production environments.
Here are a few items of concern to address:
- Will a production instance of the app work at scale?
- How do we ensure regulatory compliance for access controls?
- How can we make sure we are not installing dangerous code from untrusted public repositories?
- Can we demonstrate to internal and external auditors that our code is secure and compliant?
CHALLENGES YOUR ORGANIZATION IS FACING
If your organization has been successful with Docker, you will have to decide how to comply quickly with production requirements around support, monitoring, backups, and Service Level Agreements[LA1] , while also keeping the agility and freedom of choice that your IT teams currently have (and probably love) with Docker.
Docker CE is a great product for the needs of small teams and “one-person projects”, but you likely need assurance that your organization has a reliable and dependable IT solution that can scale as you grow. For example, a rock-star developer may have done a great job setting up Docker to run a marketing campaign site, but you must ask two key questions:
- Is the solution stable, scalable and secure enough to run more apps and services?
- What happens if that rock-star developer moves on from the role or company?
It comes down to establishing priorities, the three most important ones being:
With these priorities in mind, here are three reasons Docker Enterprise Edition is a natural upgrade path from CE:
1. FREEDOM OF CHOICE
Docker Enterprise Edition (EE) enables you to retain the freedom of choice you currently have with Docker CE. With Kubernetes or Swarm, you can deploy legacy or cloud-native applications with one of several Linux distributions or Windows Servers running on premises or across multiple clouds. This ability to run in multiple clouds can help safeguard organizations against vendor lock-in, a growing concern for IT leaders.
With Docker, your teams will be able to develop their applications on their platform of choice: Windows, Mac or Linux. This enables them to continue developing with the tools they know best on Docker EE, using all the intellectual property they have already developed.
2. INTEGRATED SECURITY
One of the biggest concerns about Docker CE and Docker content in general is the origin of the source code. There is a perception among IT decision-makers that Docker represents the Wild West, and that development teams are pulling software from public repositories of questionable repute. While it is possible to do this — and more than likely, your developers are still using best source code practice with Docker CE — you still need the assurance that your system is protected.
One of the main features of Docker EE is its capacity to create a secure supply chain for the entire lifecycle of an application. Docker Content Trust provides image scanning with policy-based image promotions that enable organizations to build governance over the container environment without impeding the speed of development.
The Docker Trusted Registry (DTR) allows organizations to host application images in a secure way, as it uses digital signatures to sign and verify the provenance of images. Additionally, the automation and security scanning features built into DTR allow your security and compliance teams to define automated CI/CD pipelines to prevent unsafe (or corrupted) images from running in production environments. All of this can be done without interfering in developers’ daily activities. In short, if the content is not approved, it will not run, and you will be notified.
As an added security benefit, Docker EE adds Single Sign-On and FIPS 140–2 compliance, which is great if your organization follows HIPAA, FISMA or HITECH standards.
3. AGILE OPERATIONS
Your developer teams are likely managing authorization and access control to your current Docker CE implementation via the command line. Again, the basic Docker CE identity and access management (IAM) controls assume that only one or a few developers are managing a project. This approach may be too loose, and it does not comply with IT Service Management (ITSM) and IT Infrastructure Library (ITIL) best practices around Day 2 operations.
Here are a few considerations:
- Who has control over what?
- How do we know that everyone with access has the right level of access?
- Do we shut down access when a staff member leaves?
Other decision-makers may have the same concerns, and there is good reason to have these concerns when Docker CE outgrows an individual contributor’s desktop.
Docker EE includes a complete toolkit in the Universal Control Plane (UCP) to help streamline Day 2 operations. UCP provides all the features IT decision-makers need to make sure they are satisfying all requirements around IAM in a simple and intuitive graphical user interface. With easy-to-read dashboards, IAM visibility, simple backup procedures, integrated monitoring, and visibility to known vulnerabilities at run time, UCP is more than ideal for Day-2 management.
Historically, the path from Docker CE to EE has required developers to start from scratch and reinstall everything. Fortunately, this is no longer the case in the current release of Docker. Developers can now upgrade a CE installation to EE, which saves time and eliminates the long drawn-out process of procuring new infrastructure. Once upgraded, the new Docker EE environment has all the enterprise-ready tools installed, just waiting to be configured.