At Diaxion, we’ve recently been looking at Docker Enterprise Edition (EE) and how it enables digital transformation, consolidation and collaboration for IT teams, deployment processes and data centres. There are some great insights and exciting possibilities in the development and operations spaces.
Least privilege issues are an age old problem for many business teams and frequently associated with outages. Developers want privileged access to test and deploy, or applications require elevated access in order to function correctly, but this violates least privilege requirements from governance and infrastructure teams. Never mind the arguments around properly designed and written code – the apps are there; the business needs them, and there needs to be a workable, consistent and secure model to make them available.
Docker EE, with the Docker Trusted Registry, plugins for storage, networking and cloud, and support for containers on both Linux and Windows provides us with an exciting framework for securing the software supply chain and enabling greater collaboration and trust between development and operations teams.
The Docker EE model allows developers to code, test, sign and version containerised application updates into a secure registry. Operations are enabled to quickly and easily deploy (and let’s face it, roll back) without needing to be across the complexities of the application and installation dependencies. The SOE and security of the hosts which are used for the deployments remain within the control of the operations team, who will be using a premium configuration management tool such as Puppet Enterprise to ensure standardisation).
To quote Joe Beda, “Every difference between dev/staging/prod will eventually result in an outage.” This is what makes the containerised model so powerful – containers function in the same way, no matter where they are deployed. There are no differences between the platform environments for dev, staging or production deployments when using Docker EE. Customisations made by developers in order to make applications function in development are carried along with the container into staging and production, ensuring repeatability with deployments and behaviour. Operations teams do not have to follow complicated installation checklists, speeding up promotion to production and enabling the CI/CD pipeline.
The systems which the containers deploy upon, be they on-premise infrastructure, managed *aaS platforms or a variety of cloud vendors, are available to containers in a standardised fashion using the plugin abstraction layers for networking, storage and orchestration. This means that applications do not have to be rewritten when deploying to your on-premise or multi-cloud vendor environments.
A configuration option to ensure that privileged users within the container are not equivalent to the privileged users on the hosted environment gives developers the flexibility to work the way they need to and within organisational standards and controls, and provides operations the certainty that developer access and applications cannot undermine platform security.
The traditional reasons for separation of applications and environment access has caused an explosion of machines in many organisations, with the resulting underutilisation of resources and increase in licencing costs and maintenance for hardware and operating systems. Docker EE provides a model to enable concurrent container deployment of different applications and dev/staging/prod facilities onto the same host(s), removing legacy risks and areas of friction between teams.
The Docker Swarm provides a number of advantages over native Kubernetes, fast and intuitive visualisation of what is happening with containers within the swarm. Well written distributed applications gain all of the benefits described above in an easily extensible framework, complementary to technologies such as Auto Scaling from AWS and VM Scale Sets from Azure.
Diaxion is looking forwards to more transformation and consolidation projects with the Docker team and the amazing Docker EE platform.