Docker Adds New Management, Security Capabilities
The company announces a new "Universal Control Plane."
Docker is, by far, the most popular platform for creating and managing containers. But it's still growing as a technology, and has recently added new functionality that improve its interoperability and security, among other upgrades.
Docker this week introduced the latest part of its commercial stack that it claims will provide the software to enable the sharing of distributed applications across cloud, operating systems and virtual machine environments without requiring developers to reprogram their code.
The Docker Universal Control Plane, launched at DockerCon Europe this week in Barcelona, runs on-premises on Windows and Linux physical or virtual servers or behind a firewall in a public cloud instance. Its purpose is to manage "Dockerized" distributed apps that are in production on any type of infrastructure. It's targeted at DevOps organizations looking for an operational system to deploy and manage distributed applications in production while creating limited tasks for developers.
"If you were moving your distributed application into a specific cloud, you had to build an operational skill set and tooling aligned with one specific cloud -- sometimes even changing the code to align with the cloud providers that containers are running in," explained David Messina, Docker's VP of marketing. "The benefit of the Universal Control Plane is that it cuts across all of that, it allows you to pick and choose your cloud."
The other benefit, he noted, is it provides a self-service portal for the development team. With the infrastructure that already has been provisioned by the ops team, they can deploy and manage the distributed applications wherever they want. "The benefit of that is you have control baked in for IT operations," Messina said. "It comes back to the core tenants of Docker, which is that you want to have things run on any infrastructure, you want freedom of choice, and you want the developers to remain agile through and through."
Messina said a number of large Fortune 500 companies have partaken in private beta tests of the Docker Universal Control Plane and now the company is offering to a larger group of testers for those who sign up. Docker hasn't determined general availability or its pricing yet, though Messina said the company is hoping to release it in the first quarter of next year.
The Docker Control Plane is designed to run symbiotically with the Docker Trusted Registry, according to Messina. "The registry is where the content is, the control plane is the thing that manages the infrastructure and helps with the deployment of the content," he said. Asked if the two will be offered as a bundle, Messina said that's under consideration.
Also at the DockerCon conference this week, the company announced new capabilities aimed to make its container platform more secure. Docker announced what it claims is the first hardware signing of container images to its builds on Docker Content Trust, a framework it released in August, addressing a key shortcoming: that there was no way to validate content.
The hardware signing comes via a partnership with YubiKey4, a provider of USB-based hardware encryption devices that don't allow access to machine without its use and an end-user's second form of authentication.
"This provides the ability to do hardware signing for container content," Messina explained. "It validates the publisher and being sure that content comes from that publisher. We've also set up a model where the publisher themselves can't be compromised by any malicious or nefarious attack. Their root key, which is the most important key in the process of signing content, is always protected."
Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.