SlideShare uma empresa Scribd logo

DCEU 18: Docker Enterprise Platform and Architecture

Docker, Inc.
Docker, Inc.

Jean Rouge - Sr. Software Engineer, Docker David Yu - Product Manager, Docker Docker Enterprise is an enterprise container platform for developers and IT admins building and managing container applications. The platform includes integrated orchestration (Swarm and Kubernetes), advanced private image registry, and centralized admin console to secure, troubleshoot, and manage containerized applications. This talk will focus on the Docker Enterprise platform's technical architecture, key features and use cases it is designed to support. Key areas covered in this session: -Latest features and enhancements -Security and Compliance - how to ensure oversight and validate applications for different compliance regulations -Operational Insight - how to identify and troubleshoot issues in your container environment -Integrated Technology - the technologies are supported and can be run with Docker Enterprise -Policy-based Automation - how to scale container environments through automated policies.

Tecnologia
1 de 35
Baixar para ler offline
Docker Enterprise Platform 2.1: Architectural Overview and Use Cases
Product Manager, Docker @yongshinyu David Yu Senior Software Engineer, Docker Jean Rouge
Agenda 1.Docker Enterprise Overview & Architecture 2.Docker Enterprise 2.1 - What’s New with Demos 3.Next Steps
Docker Enterprise Use Cases Cloud VM Edge Device Bare Metal Mainframe Docker Enterprise Microservices Big Data ML & AITraditional ServerlessISVEdge & IoT Blockchain
Docker Enterprise Container Platform Support and Certification AutomationGovernanceSecurity • Threat Scanning • Controlled Code Deployment • Encryption • Secrets Mgmt • Image Mgmt • Support for 3rd party security • Role-based access control (RBAC) • Policy Mgmt • App Config Mgmt • Forensic Image History • Controlled Code Deployment • Orchestration • Built-in app reliability/High Avail. • Policy-based automation • Auto healing • Enterprise-grade support • Certified Plug-ins and Infrastructure • Certified ISV apps • Certified professionals Server OS App Docker Engine
Docker Enterprise leads the pack The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester’s Assessment: Docker “leads the pack with a robust container platform well-suited for the enterprise.”
Operating Systems Docker Platform Architecture Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes PhysicalVirtualizationPublic Cloud Platform Security Developer Services Registry Services Access Policies App Lifecycle Management Automation & Extensibility Networking Orchestration Storage Container Engine ENTERPRISE PLATFORM
Secure Supply Chain Docker Enterprise adds end-to-end security features TEST STAGING • Signature verification • Native encryption Scanning SigningAutomated PoliciesDocker Desktop (Mac or Windows) PRODUCTION
Cluster Architecture Node Node Node Docker Enterprise Cluster Node Manager Worker Node Worker Worker Worker Node Manager Node Manager Management Plane
Kubernetes in Docker Enterprise UCP Manager/Linux UCP Linux worker calico cni pods kubedns kube-proxy kubelet kube- controller- manager kube-manager kube-scheduler calico cni pods kube-proxy kubelet
What’s New in Docker Enterprise 2.1 Extended Windows Server Support Expanded Kubernetes Support Improved Operational Insight Stronger Security and Compliance 21 3 4
Extended Windows Server Support
Windows Support ● Expanded Operating System Server Support ○ Windows Server 2016, 1709, 1803, and 2019* ○ Smaller image sizes ○ Ingress and VIP Networking for Docker Swarm *Swarm support for Win Server 2019 GA will be delivered in a patch release (due to the timing of Docker Enterprise 2.1 and Server 2019)
Windows Networking Demo
Expanded Kubernetes Support
Upgraded to Kubernetes 1.11 Generally Available features: ● Kubernetes pod autoscaling ● Kubernetes RBAC including support for cluster roles ● Storage protection ● CRI-tools for improved debugging ● API aggregation ● Webhook authorization ● DaemonSet, Deployment, ReplicaSet, and StatefulSet APIs FEATURE BENEFITS • Access the most recent developments from the Kubernetes community • Stay on top of latest stable Kubernetes enhancements • Get an enterprise-ready experience with the latest Kubernetes release
Native Kubernetes RBAC FEATURE BENEFITS • Add native Kubernetes roles defined in yaml file • Distinct view of kubernetes roles from swarm role • Define grants in UCP similar to swarm • Deploy Helm charts • Use native kubernetes RBAC primitives
Kubernetes Network Encryption Use Case ● Apply default encryption without intervention or awareness from users ● Protect internal application traffic on untrusted or shared infrastructure by default Usage ● Deploy encryption daemonset to encrypt all host-to- host traffic between all pods within the Kubernetes cluster ● Key management and rotation managed centrally by add-on encryption module ● IPSec encryption Host Pod app Host Pod app
Kubernetes Demo
Improved Operational Insight
Improved Operational Insights FEATURE BENEFITS • Easier access to node metrics: ○ View containers within node ○ Healthchecks • Events from the last hour within Kubernetes resources • Up to 24 hour data retention, and viewable within Overview Dashboard • Detailed metadata for Swarm and Kubernetes Resources • Quickly identify and root-cause problems occuring at various levels of the environment (service, node, cluster) • Track and prevent emerging issues
Troubleshoot Container Issues
New Options for Collecting Metrics Manager Node External Node GET https://ucp/metricsdiscovery UCP Controller External Prometheus Prometheus POST metrics Docker Enterprise UI FEATURE BENEFITS • Deploy Prometheus as Kubernetes Daemon Set • Allow additional Prometheus configurations: ○ Deploy Prometheus on worker nodes ○ Allow external Prometheus instances to scrape Docker Enterprise metrics • Remove CPU pressure on manager nodes • Gather more information about your environment and collect it locally
Image Management and Storage Optimization at Scale Docker Image File FEATURE BENEFITS • Online garbage collection • Policy-based image tag pruning • Preserve storage space by deleting unused image layers • Reduce clutter in your image registry using pre-defined policies, particularly when used in conjunction with CI/CD systems Image Layer Image Layer Image Layer Image Layer Image Layer
Operational Insights Demo
Stronger Security and Compliance
Integrate Identity Providers with SAML 2.0 FEATURE BENEFITS • Allow for SSO to Docker Enterprise through existing identity provider (IdP) ○ Support for Okta and ADFS, with more IdPs added in the future • Continue to use LDAP synch for client bundle access • Achieve 2FA through identity provider • Credentials stored in IdP only; no local hosting of passwords
FIPS 140-2 Compliance for Enterprise Engine FEATURE BENEFITS • Linux support included in 18.03 Engine, 18.09 now adds FIPS compliance for Windows • Automatically enable FIPS mode for Docker engine based upon host OS FIPS status • Use env variable to override O/S FIPS state • Meet regulatory requirements by deploying Docker Engines in a FIPS compliant mode • Prevent non-FIPS nodes from joining a FIPS compliant cluster DOCKER ENGINE containerd Docker API Networking Docker Build (BuildKit) Orchestration VolumesDistribution Docker CLI Plugins FIPS 140-2 Validated Encryption Module
Audit Logs for All Cluster-Wide Operations {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-fa6b-4ad6-901c- b587fab75277", "stage": "RequestReceived", "requestURI": "/api/v1/namespaces/default/pods", "verb": "list", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08- 07T22:10:35.428850Z"}} orchestrator audit events audit logs user request {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-94e7-4ad6-901c- b587fab31512", "stage": "RequestReceived", "requestURI": "/v1.30/configs/create", "verb": "post", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08- 07T22:10:35.428850Z"}} kubernetes pod listing swarm config create FEATURE • Configurable audit logs for both Swarm and Kubernetes • Logs API calls tracking request, time, user, and response • Persistent storage of audit log entries for historical recall BENEFITS • Track and investigate all security-relevant user activity in the cluster • Provide a full audit trail for more complete troubleshooting, adherence to compliance requirements
Access Detailed Audit Logs for the Registry FEATURE • Audit registry events (e.g. Push/Pull/Scan/etc.) to see what is happening inside of a repository BENEFITS • Track and investigate all security-relevant user activity in the registry • Provide a full audit trail for more complete troubleshooting, adherence to compliance requirements
Identify Vulnerabilities in Running Containers Docker Trusted Registry Scan Data FEATURE BENEFITS • Create policies to manage service deployments using image vulnerability data • Maintain compliant deployment of production services • View vulnerability data of images deployed through the control plane • Roll up views for services & pods
Security Demo
New Features for Docker Enterprise 2.1 Windows updates ● WS1709, WS1803, WS2019 support: ○ Smaller image sizes ○ Relaxed image compatibility requirements ○ Swarm-based routing mesh and VIP-based service discovery CHOICE: Updated Platform Support Kubernetes updates ● Kubernetes v1.11 support ● Native K8s RBAC support inc. cluster roles ● Kubernetes pod autoscaling ● Kubernetes network encryption ● Health status dashboards (service & platform metrics) ● Runtime visibility of known vulnerabilities ● Event activity streams AGILITY: Improved Operational Insight ● SAML 2.0 authentication ● FIPS compliance for Windows & Linux ● Audit logs & events SECURITY: Stronger Security & Compliance
Give Docker Enterprise a spin! trial.docker.com
Thank you!

Recomendados

DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
Docker, Inc.
 
DCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker ContainersDCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker Containers
Docker, Inc.
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker Engine
Docker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
Docker, Inc.
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker Containers
Docker, Inc.
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
DCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless World
Docker, Inc.
 
DCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and KubernetesDCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and Kubernetes
Docker, Inc.
 

Recomendados

DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
Docker, Inc.
 
DCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker ContainersDCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker Containers
Docker, Inc.
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker Engine
Docker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
Docker, Inc.
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker Containers
Docker, Inc.
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
DCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless World
Docker, Inc.
 
DCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and KubernetesDCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and Kubernetes
Docker, Inc.
 
Building Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBuilding Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech Stack
Bret Fisher
 
DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization Strategy
Docker, Inc.
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
Docker, Inc.
 
Kubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slidesKubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slides
Simone Morellato
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
Docker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application Packages
Docker, Inc.
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
Docker, Inc.
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
Docker, Inc.
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
Docker, Inc.
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMwarePhoton Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Docker, Inc.
 
Docker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker eeDocker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker ee
Docker, Inc.
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
Docker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker ee an architecture and operations overview
Docker ee an architecture and operations overview
Docker, Inc.
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
Docker, Inc.
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
Docker, Inc.
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Docker, Inc.
 
Global Operations with Docker Enterprise
Global Operations with Docker EnterpriseGlobal Operations with Docker Enterprise
Global Operations with Docker Enterprise
Nicola Kabar
 
Global Operations with Docker for the Enterprise - Nico Kabar, Docker
Global Operations with Docker for the Enterprise - Nico Kabar, DockerGlobal Operations with Docker for the Enterprise - Nico Kabar, Docker
Global Operations with Docker for the Enterprise - Nico Kabar, Docker
Docker, Inc.
 

Mais conteúdo relacionado

Mais procurados

DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization Strategy
Docker, Inc.
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
Docker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application Packages
Docker, Inc.
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
Docker, Inc.
 
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMwarePhoton Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Docker, Inc.
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
Docker, Inc.
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
Docker, Inc.
 

Mais procurados (20)

Building Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBuilding Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech Stack
 
DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization Strategy
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
 
Kubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slidesKubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slides
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
 
DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application Packages
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
 
Photon Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMwarePhoton Controller: An Open Source Container Infrastructure Platform from VMware
Photon Controller: An Open Source Container Infrastructure Platform from VMware
 
Docker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker eeDocker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker ee
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
 
Docker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker ee an architecture and operations overview
Docker ee an architecture and operations overview
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
 

Semelhante a DCEU 18: Docker Enterprise Platform and Architecture

Global Operations with Docker Enterprise
Global Operations with Docker EnterpriseGlobal Operations with Docker Enterprise
Global Operations with Docker Enterprise
Nicola Kabar
 
Global Operations with Docker for the Enterprise - Nico Kabar, Docker
Global Operations with Docker for the Enterprise - Nico Kabar, DockerGlobal Operations with Docker for the Enterprise - Nico Kabar, Docker
Global Operations with Docker for the Enterprise - Nico Kabar, Docker
Docker, Inc.
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Docker, Inc.
 
Microsoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and MicrosoftMicrosoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and Microsoft
Patrick Chanezon
 
Docker in Production: How RightScale Delivers Cloud Applications
Docker in Production: How RightScale Delivers Cloud ApplicationsDocker in Production: How RightScale Delivers Cloud Applications
Docker in Production: How RightScale Delivers Cloud Applications
RightScale
 

Semelhante a DCEU 18: Docker Enterprise Platform and Architecture (20)

Global Operations with Docker Enterprise
Global Operations with Docker EnterpriseGlobal Operations with Docker Enterprise
Global Operations with Docker Enterprise
 
Global Operations with Docker for the Enterprise - Nico Kabar, Docker
Global Operations with Docker for the Enterprise - Nico Kabar, DockerGlobal Operations with Docker for the Enterprise - Nico Kabar, Docker
Global Operations with Docker for the Enterprise - Nico Kabar, Docker
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 
NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300
 
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTR
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKE
 
Francisco Javier Ramirez Urea - Hopla - OSL19
Francisco Javier Ramirez Urea - Hopla - OSL19Francisco Javier Ramirez Urea - Hopla - OSL19
Francisco Javier Ramirez Urea - Hopla - OSL19
 
Docker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityDocker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & Agility
 
Microsoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and MicrosoftMicrosoft Techsummit Zurich Docker and Microsoft
Microsoft Techsummit Zurich Docker and Microsoft
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - Technical
 
Enhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo WorkflowsEnhancing Data Protection Workflows with Kanister And Argo Workflows
Enhancing Data Protection Workflows with Kanister And Argo Workflows
 
Operational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU SeminarOperational Visibiliy and Analytics - BU Seminar
Operational Visibiliy and Analytics - BU Seminar
 
Docker in Production: How RightScale Delivers Cloud Applications
Docker in Production: How RightScale Delivers Cloud ApplicationsDocker in Production: How RightScale Delivers Cloud Applications
Docker in Production: How RightScale Delivers Cloud Applications
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
Open shift and docker - october,2014
Open shift and docker - october,2014Open shift and docker - october,2014
Open shift and docker - october,2014
 
.NET Core Apps: Design & Development
.NET Core Apps: Design & Development.NET Core Apps: Design & Development
.NET Core Apps: Design & Development
 
DockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted RegistryDockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted Registry
 
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new FeaturesMigrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
Migrate to the Latest WSO2 Micro Integrator to Unlock All-new Features
 

Mais de Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 

Mais de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

DCEU 18: Docker Enterprise Platform and Architecture

  • 2. Product Manager, Docker @yongshinyu David Yu Senior Software Engineer, Docker Jean Rouge
  • 3. Agenda 1.Docker Enterprise Overview & Architecture 2.Docker Enterprise 2.1 - What’s New with Demos 3.Next Steps
  • 4. Docker Enterprise Use Cases Cloud VM Edge Device Bare Metal Mainframe Docker Enterprise Microservices Big Data ML & AITraditional ServerlessISVEdge & IoT Blockchain
  • 5. Docker Enterprise Container Platform Support and Certification AutomationGovernanceSecurity • Threat Scanning • Controlled Code Deployment • Encryption • Secrets Mgmt • Image Mgmt • Support for 3rd party security • Role-based access control (RBAC) • Policy Mgmt • App Config Mgmt • Forensic Image History • Controlled Code Deployment • Orchestration • Built-in app reliability/High Avail. • Policy-based automation • Auto healing • Enterprise-grade support • Certified Plug-ins and Infrastructure • Certified ISV apps • Certified professionals Server OS App Docker Engine
  • 6. Docker Enterprise leads the pack The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester’s Assessment: Docker “leads the pack with a robust container platform well-suited for the enterprise.”
  • 7. Operating Systems Docker Platform Architecture Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes PhysicalVirtualizationPublic Cloud Platform Security Developer Services Registry Services Access Policies App Lifecycle Management Automation & Extensibility Networking Orchestration Storage Container Engine ENTERPRISE PLATFORM
  • 8. Secure Supply Chain Docker Enterprise adds end-to-end security features TEST STAGING • Signature verification • Native encryption Scanning SigningAutomated PoliciesDocker Desktop (Mac or Windows) PRODUCTION
  • 9. Cluster Architecture Node Node Node Docker Enterprise Cluster Node Manager Worker Node Worker Worker Worker Node Manager Node Manager Management Plane
  • 10. Kubernetes in Docker Enterprise UCP Manager/Linux UCP Linux worker calico cni pods kubedns kube-proxy kubelet kube- controller- manager kube-manager kube-scheduler calico cni pods kube-proxy kubelet
  • 11. What’s New in Docker Enterprise 2.1 Extended Windows Server Support Expanded Kubernetes Support Improved Operational Insight Stronger Security and Compliance 21 3 4
  • 13. Windows Support ● Expanded Operating System Server Support ○ Windows Server 2016, 1709, 1803, and 2019* ○ Smaller image sizes ○ Ingress and VIP Networking for Docker Swarm *Swarm support for Win Server 2019 GA will be delivered in a patch release (due to the timing of Docker Enterprise 2.1 and Server 2019)
  • 16. Upgraded to Kubernetes 1.11 Generally Available features: ● Kubernetes pod autoscaling ● Kubernetes RBAC including support for cluster roles ● Storage protection ● CRI-tools for improved debugging ● API aggregation ● Webhook authorization ● DaemonSet, Deployment, ReplicaSet, and StatefulSet APIs FEATURE BENEFITS • Access the most recent developments from the Kubernetes community • Stay on top of latest stable Kubernetes enhancements • Get an enterprise-ready experience with the latest Kubernetes release
  • 17. Native Kubernetes RBAC FEATURE BENEFITS • Add native Kubernetes roles defined in yaml file • Distinct view of kubernetes roles from swarm role • Define grants in UCP similar to swarm • Deploy Helm charts • Use native kubernetes RBAC primitives
  • 18. Kubernetes Network Encryption Use Case ● Apply default encryption without intervention or awareness from users ● Protect internal application traffic on untrusted or shared infrastructure by default Usage ● Deploy encryption daemonset to encrypt all host-to- host traffic between all pods within the Kubernetes cluster ● Key management and rotation managed centrally by add-on encryption module ● IPSec encryption Host Pod app Host Pod app
  • 21. Improved Operational Insights FEATURE BENEFITS • Easier access to node metrics: ○ View containers within node ○ Healthchecks • Events from the last hour within Kubernetes resources • Up to 24 hour data retention, and viewable within Overview Dashboard • Detailed metadata for Swarm and Kubernetes Resources • Quickly identify and root-cause problems occuring at various levels of the environment (service, node, cluster) • Track and prevent emerging issues
  • 23. New Options for Collecting Metrics Manager Node External Node GET https://ucp/metricsdiscovery UCP Controller External Prometheus Prometheus POST metrics Docker Enterprise UI FEATURE BENEFITS • Deploy Prometheus as Kubernetes Daemon Set • Allow additional Prometheus configurations: ○ Deploy Prometheus on worker nodes ○ Allow external Prometheus instances to scrape Docker Enterprise metrics • Remove CPU pressure on manager nodes • Gather more information about your environment and collect it locally
  • 24. Image Management and Storage Optimization at Scale Docker Image File FEATURE BENEFITS • Online garbage collection • Policy-based image tag pruning • Preserve storage space by deleting unused image layers • Reduce clutter in your image registry using pre-defined policies, particularly when used in conjunction with CI/CD systems Image Layer Image Layer Image Layer Image Layer Image Layer
  • 27. Integrate Identity Providers with SAML 2.0 FEATURE BENEFITS • Allow for SSO to Docker Enterprise through existing identity provider (IdP) ○ Support for Okta and ADFS, with more IdPs added in the future • Continue to use LDAP synch for client bundle access • Achieve 2FA through identity provider • Credentials stored in IdP only; no local hosting of passwords
  • 28. FIPS 140-2 Compliance for Enterprise Engine FEATURE BENEFITS • Linux support included in 18.03 Engine, 18.09 now adds FIPS compliance for Windows • Automatically enable FIPS mode for Docker engine based upon host OS FIPS status • Use env variable to override O/S FIPS state • Meet regulatory requirements by deploying Docker Engines in a FIPS compliant mode • Prevent non-FIPS nodes from joining a FIPS compliant cluster DOCKER ENGINE containerd Docker API Networking Docker Build (BuildKit) Orchestration VolumesDistribution Docker CLI Plugins FIPS 140-2 Validated Encryption Module
  • 29. Audit Logs for All Cluster-Wide Operations {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-fa6b-4ad6-901c- b587fab75277", "stage": "RequestReceived", "requestURI": "/api/v1/namespaces/default/pods", "verb": "list", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08- 07T22:10:35.428850Z"}} orchestrator audit events audit logs user request {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-94e7-4ad6-901c- b587fab31512", "stage": "RequestReceived", "requestURI": "/v1.30/configs/create", "verb": "post", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08- 07T22:10:35.428850Z"}} kubernetes pod listing swarm config create FEATURE • Configurable audit logs for both Swarm and Kubernetes • Logs API calls tracking request, time, user, and response • Persistent storage of audit log entries for historical recall BENEFITS • Track and investigate all security-relevant user activity in the cluster • Provide a full audit trail for more complete troubleshooting, adherence to compliance requirements
  • 30. Access Detailed Audit Logs for the Registry FEATURE • Audit registry events (e.g. Push/Pull/Scan/etc.) to see what is happening inside of a repository BENEFITS • Track and investigate all security-relevant user activity in the registry • Provide a full audit trail for more complete troubleshooting, adherence to compliance requirements
  • 31. Identify Vulnerabilities in Running Containers Docker Trusted Registry Scan Data FEATURE BENEFITS • Create policies to manage service deployments using image vulnerability data • Maintain compliant deployment of production services • View vulnerability data of images deployed through the control plane • Roll up views for services & pods
  • 33. New Features for Docker Enterprise 2.1 Windows updates ● WS1709, WS1803, WS2019 support: ○ Smaller image sizes ○ Relaxed image compatibility requirements ○ Swarm-based routing mesh and VIP-based service discovery CHOICE: Updated Platform Support Kubernetes updates ● Kubernetes v1.11 support ● Native K8s RBAC support inc. cluster roles ● Kubernetes pod autoscaling ● Kubernetes network encryption ● Health status dashboards (service & platform metrics) ● Runtime visibility of known vulnerabilities ● Event activity streams AGILITY: Improved Operational Insight ● SAML 2.0 authentication ● FIPS compliance for Windows & Linux ● Audit logs & events SECURITY: Stronger Security & Compliance
  • 34. Give Docker Enterprise a spin! trial.docker.com