SlideShare a Scribd company logo

Docker EE Deep Dive

ā€¢
Docker, Inc., profile picture
Docker, Inc.

The document provides a comprehensive overview of Docker Enterprise Edition (EE), detailing its features, architecture, and components. It highlights the difference between Docker EE and Community Edition, emphasizing the enterprise-grade capabilities such as integrated orchestration, security, and management. Additionally, it describes functionalities like image scanning, signing, caching, promotion, and mirroring for efficient container management within the software supply chain.

Technology
1 of 41
Downloaded 100 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Product Deep Dive Docker Enterprise Edition Patrick Devine Product Manager, Docker @pdev110
A little about me...
Enterprise Edition (EE) ā€¢ Paid Docker subscription ā€¢ Includes support from Docker ā€¢ Predictable biannual releases ā€¢ Certified partner ecosystem ā€¢ Enterprise-grade features (security, management, automation) Recommended for production use Enterprise & Community Editions ā€¢ Free for ā€œdo it yourselfā€ dev & ops ā€¢ Does not include support ā€¢ Quarterly Stable release for ops ā€¢ Monthly Edge release for developers Community Edition (CE)
Docker Enterprise Edition (EE) CaaS enabled platform for the modern software supply chain ā€¢ Integrated orchestration, security and management ā€¢ Stable releases with 1 year of support and maintenance ā€¢ Security patches and hotfixes backported to all supported versions ā€¢ Enterprise class support (9am-6pm or 24x7x365) ā€¢ Certified Infrastructure, Containers and Plugins docker enterprise edition
Docker EE Components Public Cloud Virtual Physical docker enterprise edition ADVANCED INTEGRATED SECURITY docker trusted registry image management docker universal control plane app & cluster management docker engine container runtime, orchestration, networking, volumes, plugins CI/CD Images Operating Systems Volumes Monitoring Logging more...
Docker EE Architecture Node UCP manager Raft consensus group Internal distributed store Node UCP manager Node UCP manager
Docker EE Architecture Node UCP manager Raft consensus group Internal distributed store Node UCP manager Node UCP manager Node UCP worker Node UCP worker Node UCP worker Node UCP workerAdmin / User Deploy / Manage
Docker EE Architecture Node UCP manager Raft consensus group Internal distributed store Node UCP manager Node UCP manager Node UCP worker Node UCP worker Node UCP worker Node UCP workerAdmin / User Deploy / Manage Pull / Push Image registry BYO TCP load balancer Node DTR replica Logging Monitoring Image storage External CALDAP/AD Add-ons Node DTR replica Node DTR replica
Image Security: ā— Image Scanning ā— Image Signing Letā€™s dive into the features!
ā€¢ Scans at a binary level ā—‹ Not just looking at package versions ā€¢ Works both online and offline ā—‹ New vulnerability database released daily ā—‹ Great for air gapped scenarios (sneaker net!) ā€¢ Scans both Linux (x86_64) and Windows ā€¢ Coming soon for IBM z Series Image Scanning available now
Docker EE Deep Dive
Docker EE Deep Dive
$ docker history pdevine/partyparrot:1.0 IMAGE CREATED CREATED BY 4e21821ad0d9 5 minutes ago /bin/sh -c #(nop) ENTRYPOINT [ā€œ/parrotā€] 880254b79668 5 minutes ago /bin/sh -c #(nop) ADD file:6e64234... 6aa638b57d74 5 minutes ago /bin/sh -c apk update && apk add pcre 4a415e366388 6 weeks ago /bin/sh -c #(nop) ADD file:730030a...
Docker EE Deep Dive
Docker EE Deep Dive
{... ā€œlayer_detailsā€: [ ā€œcomponentsā€: [ { ā€œcomponentā€: ā€œcoreutilsā€, ā€œversionā€: ā€œ8.22ā€, ā€¦ }, ā€¦ ], ], }
{... ā€œlayer_detailsā€: [ ā€œcomponentsā€: [ { ā€œcomponentā€: ā€œcoreutilsā€, ā€œversionā€: ā€œ8.22ā€, ā€œvulnsā€: [ { ā€œvulnā€: { ā€œcveā€: ā€œCVE-2014-3639ā€, ā€œcvssā€: 2.1, ā€¦ } }, ā€¦ ], }, ā€¦ ], ], }
Docker EE Deep Dive
Image Signing ā— Docker Content Trust built in to DTR ā— Enforcement can be done in UCP ā—‹ Only valid signers can deploy containers ā— docker trust makes things easier than ever ā— More to come at Ashwini and Andyā€™s talk at 13h30 coming soon
Image Distribution: ā— Image Caching ā— Image Promotion ā— Image Mirroring Letā€™s dive into the features! coming soon
Phase 1: image content cache Phase 2: image promotion Phase 3: image mirroring Image Caching, Promotion, & Mirroring docker dtr docker dtr slow fast dtr dev / qa / staging / prod / repo / dtr dev repo / dtr stage
Image Caching ā— Caches image layers closer to where itā€™s being consumed for faster pulls (CDN for docker images) ā— Works globally for all repositories in DTR ā— Preserves access permission for each individual repository of the DTR available now docker dt r docker dt r slow fast
Use Case: Without Content Cache... slow... San Francisco, USA Copenhagen, Denmark dtr dev/hello-world:latest build layer A layer B 1 2
Use Case: With Content Cache! fast San Francisco, USA Copenhagen, Denmark Content Cache dtr dev/hello-world:latest build layer A layer B 1 2 3 4 layer A layer B
Image Promotion ā— Promotes ā€œblessedā€ images from one repository to a different repository in the same DTR ā— Repositories each have their own access control ā— Images can be re-tagged automatically to a new tag ā— Can be done ā€œmanuallyā€ or automatically by a ā€œpolicyā€ available now dev / qa / staging / prod /
Use Case: Promotion Flow
Promotion Policy Criteria ā— Tagged with a certain tag ā— Doesnā€™t contain any vulnerabilities above a threshold (critical, major, minor) ā— Package exists or is greater or less than a certain version ā— Is greater than (or less than) a certain size ā— Doesnā€™t contain a certain type of license (e.g. GPLv3)
Advanced Use Case: Promotion Chaining
Advanced Use Case: Promotion Branching
Image Mirroring ā— Promotes ā€œblessedā€ images from one repository to a different one in a different DTR ā— Registries each have their own access control ā— Mirroring is bi-directional. Can be done via ā€œpushā€ or ā€œpullā€ ā— Policies can be used to automatically push to remote DTRs com ing soon repo / docker dtr dev repo / docker dtr stage
Image Mirroring (push based) ā— Image is pushed to DTR 1 ā— If the policy is met (e.g. no vulnerabilities) image is pushed to DTR 2 ā— AuthN and AuthZ managed by each individual DTR ā— Signing / Scan data not (yet) preserved dtr 2dtr 1 1 2 Build
Image Mirroring (pull based) ā— Image is pushed to DTR 1 ā— DTR 2 polls DTR 1 at specified intervals to check for updates ā— If new images are found, image is pulled to DTR 2 dtr 2dtr 1 1 2 3 Build
Image Mirroring (pull based w/ webhook) ā— Image is pushed to DTR 1 ā— DTR 1 notifies DTR 2 that a new image exists ā— DTR 2 contacts DTR 1 and pulls the image dtr 2dtr 1 Build 1 2 3 4
Image Management Demo!
San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Push1
San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Promote after clean scan 2 Push1
San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Copenhagen, Denmark Content Cache Push1 Cache3 Promote after clean scan 2
San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Copenhagen, Denmark Content Cache Push1 Cache3 New York, USA stage/hello-world dtr us-east prod/hello-world Mirror4 Promote after clean scan 2
San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Copenhagen, Denmark Content Cache Push1 Cache3 New York, USA stage/hello-world dtr us-east prod/hello-world Mirror4 Promote5 Promote after clean scan 2
Docker EE Hosted Demo ā— Free 4 Hour Demo ā— No Servers Required ā— Full Docker EE Cluster Access docker.com/trial
Thank You! @pdev110 @docker #dockercon

More Related Content

PDF
Back to the Future: Containerize Legacy Applications
Docker, Inc.
Ā 
PDF
Continuous Packaging is also Mandatory for DevOps
Docker, Inc.
Ā 
PDF
Becoming the Docker Champion: Bringing Docker Back to Work
Docker, Inc.
Ā 
PDF
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker, Inc.
Ā 
PDF
How Docker EE is Finnish Railwayā€™s Ticket to App Modernization
Docker, Inc.
Ā 
PPTX
Docker Federal Summit 2017 General Session
Docker, Inc.
Ā 
PDF
Talking TUF: Securing Software Distribution
Docker, Inc.
Ā 
PDF
Building a Secure and Resilient Foundation for Banking at Intesa Sanpaolo wit...
Docker, Inc.
Ā 
Back to the Future: Containerize Legacy Applications
Docker, Inc.
Ā 
Continuous Packaging is also Mandatory for DevOps
Docker, Inc.
Ā 
Becoming the Docker Champion: Bringing Docker Back to Work
Docker, Inc.
Ā 
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker, Inc.
Ā 
How Docker EE is Finnish Railwayā€™s Ticket to App Modernization
Docker, Inc.
Ā 
Docker Federal Summit 2017 General Session
Docker, Inc.
Ā 
Talking TUF: Securing Software Distribution
Docker, Inc.
Ā 
Building a Secure and Resilient Foundation for Banking at Intesa Sanpaolo wit...
Docker, Inc.
Ā 

What's hot (20)

PDF
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker, Inc.
Ā 
PDF
Modernizing Java Apps with Docker
Docker, Inc.
Ā 
PDF
What's New in Docker
Docker, Inc.
Ā 
PDF
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
Ambassador Labs
Ā 
PDF
Modernizing Traditional Applications with Docker EE: From PoC to Production
Docker, Inc.
Ā 
PDF
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
Docker, Inc.
Ā 
PDF
Advanced Access Control with Docker EE
Docker, Inc.
Ā 
PPTX
Azure ai on premises with docker
Vishwas N
Ā 
PPTX
Docker Roadshow 2016
Docker, Inc.
Ā 
PDF
EvƩnement Docker Paris: Anticipez les nouveaux business model et rƩduisez vos...
Docker, Inc.
Ā 
PPTX
Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and ...
Docker, Inc.
Ā 
PDF
DCEU 18: App-in-a-Box with Docker Application Packages
Docker, Inc.
Ā 
PDF
How to accelerate docker adoption with a simple and powerful user experience
Docker, Inc.
Ā 
PDF
Packaging software for the distribution on the edge
Docker, Inc.
Ā 
PPTX
Using Docker EE to Scale Operational Intelligence at Splunk
Docker, Inc.
Ā 
PDF
Practical Design Patterns in Docker Networking
Docker, Inc.
Ā 
PDF
Docker Datacenter - CaaS
Harish Jayakumar
Ā 
PDF
Android Meets Docker
Docker, Inc.
Ā 
PDF
DCEU 18: Docker Container Security
Docker, Inc.
Ā 
PDF
Docker ee an architecture and operations overview
Docker, Inc.
Ā 
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker, Inc.
Ā 
Modernizing Java Apps with Docker
Docker, Inc.
Ā 
What's New in Docker
Docker, Inc.
Ā 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
Ambassador Labs
Ā 
Modernizing Traditional Applications with Docker EE: From PoC to Production
Docker, Inc.
Ā 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
Docker, Inc.
Ā 
Advanced Access Control with Docker EE
Docker, Inc.
Ā 
Azure ai on premises with docker
Vishwas N
Ā 
Docker Roadshow 2016
Docker, Inc.
Ā 
EvƩnement Docker Paris: Anticipez les nouveaux business model et rƩduisez vos...
Docker, Inc.
Ā 
Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and ...
Docker, Inc.
Ā 
DCEU 18: App-in-a-Box with Docker Application Packages
Docker, Inc.
Ā 
How to accelerate docker adoption with a simple and powerful user experience
Docker, Inc.
Ā 
Packaging software for the distribution on the edge
Docker, Inc.
Ā 
Using Docker EE to Scale Operational Intelligence at Splunk
Docker, Inc.
Ā 
Practical Design Patterns in Docker Networking
Docker, Inc.
Ā 
Docker Datacenter - CaaS
Harish Jayakumar
Ā 
Android Meets Docker
Docker, Inc.
Ā 
DCEU 18: Docker Container Security
Docker, Inc.
Ā 
Docker ee an architecture and operations overview
Docker, Inc.
Ā 
Ad

Similar to Docker EE Deep Dive (20)

PDF
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
Docker, Inc.
Ā 
PDF
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
Ā 
PDF
Common primitives in Docker environments
alexandru giurgiu
Ā 
PDF
Docker for developers
andrzejsydor
Ā 
PDF
Docker Container-Introduction and Features
Ashnikbiz
Ā 
PPTX
DockerCon EU 2015: What's New with Docker Trusted Registry
Docker, Inc.
Ā 
PDF
Docker for Ops - Scott Coulton, Puppet
Docker, Inc.
Ā 
PDF
Things I've learned working with Docker Support
Sujay Pillai
Ā 
PDF
Immutable infrastructure with Docker and containers (GlueCon 2015)
JƩrƓme Petazzoni
Ā 
PPTX
Docker and kubernetes
Dongwon Kim
Ā 
PDF
Š˜ŃŠæŠ¾Š»ŃŒŠ·Š¾Š²Š°Š½ŠøŠµ Docker Š² CI / ŠŠ»ŠµŠŗсŠ°Š½Š“р ŠŠŗŠ±Š°ŃˆŠµŠ² (HERE Technologies)
Ontico
Ā 
PDF
Introduction to Docker, Devops Virtualization and configuration management
AbhinShyam1
Ā 
PPTX
Docker EE 2.0 Choice, Security & Agility
Ashnikbiz
Ā 
PDF
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
Erica Windisch
Ā 
PPTX
Docker Security workshop slides
Docker, Inc.
Ā 
PPTX
Lessons Learned in Automating Compliance for Containers
All Things Open
Ā 
PDF
Be a better developer with Docker (revision 3)
Nicola Paolucci
Ā 
PPTX
Introduction to Docker
Nissan Dookeran
Ā 
PDF
Docker Security Deep Dive by Ying Li and David Lawrence
Docker, Inc.
Ā 
PDF
Optimizing Docker Images
Brian DeHamer
Ā 
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
Docker, Inc.
Ā 
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
Ā 
Common primitives in Docker environments
alexandru giurgiu
Ā 
Docker for developers
andrzejsydor
Ā 
Docker Container-Introduction and Features
Ashnikbiz
Ā 
DockerCon EU 2015: What's New with Docker Trusted Registry
Docker, Inc.
Ā 
Docker for Ops - Scott Coulton, Puppet
Docker, Inc.
Ā 
Things I've learned working with Docker Support
Sujay Pillai
Ā 
Immutable infrastructure with Docker and containers (GlueCon 2015)
JƩrƓme Petazzoni
Ā 
Docker and kubernetes
Dongwon Kim
Ā 
Š˜ŃŠæŠ¾Š»ŃŒŠ·Š¾Š²Š°Š½ŠøŠµ Docker Š² CI / ŠŠ»ŠµŠŗсŠ°Š½Š“р ŠŠŗŠ±Š°ŃˆŠµŠ² (HERE Technologies)
Ontico
Ā 
Introduction to Docker, Devops Virtualization and configuration management
AbhinShyam1
Ā 
Docker EE 2.0 Choice, Security & Agility
Ashnikbiz
Ā 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
Erica Windisch
Ā 
Docker Security workshop slides
Docker, Inc.
Ā 
Lessons Learned in Automating Compliance for Containers
All Things Open
Ā 
Be a better developer with Docker (revision 3)
Nicola Paolucci
Ā 
Introduction to Docker
Nissan Dookeran
Ā 
Docker Security Deep Dive by Ying Li and David Lawrence
Docker, Inc.
Ā 
Optimizing Docker Images
Brian DeHamer
Ā 
Ad

More from Docker, Inc. (20)

PDF
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
Ā 
PDF
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
Ā 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
Ā 
PDF
Securing Your Containerized Applications with NGINX
Docker, Inc.
Ā 
PDF
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
Ā 
PDF
Hands-on Helm
Docker, Inc.
Ā 
PDF
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
Ā 
PDF
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
Ā 
PDF
Monitoring in a Microservices World
Docker, Inc.
Ā 
PDF
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
Ā 
PDF
Predicting Space Weather with Docker
Docker, Inc.
Ā 
PDF
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
Ā 
PDF
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
Ā 
PDF
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
Ā 
PDF
Kubernetes at Datadog Scale
Docker, Inc.
Ā 
PDF
Labels, Labels, Labels
Docker, Inc.
Ā 
PDF
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
Ā 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
Ā 
PDF
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
Ā 
PDF
Developing with Docker for the Arm Architecture
Docker, Inc.
Ā 
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
Ā 
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
Ā 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
Ā 
Securing Your Containerized Applications with NGINX
Docker, Inc.
Ā 
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
Ā 
Hands-on Helm
Docker, Inc.
Ā 
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
Ā 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
Ā 
Monitoring in a Microservices World
Docker, Inc.
Ā 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
Ā 
Predicting Space Weather with Docker
Docker, Inc.
Ā 
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
Ā 
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
Ā 
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
Ā 
Kubernetes at Datadog Scale
Docker, Inc.
Ā 
Labels, Labels, Labels
Docker, Inc.
Ā 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
Ā 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
Ā 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
Ā 
Developing with Docker for the Arm Architecture
Docker, Inc.
Ā 

Recently uploaded (20)

PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
Ā 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
Ā 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
Ā 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
Ā 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
Ā 
PDF
Orbitly Pitch Deckļ½œA Mission-Driven Platform for Side Project Collaboration (...
zz41354899
Ā 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
Ā 
PDF
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
Ā 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
Ā 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
Ā 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
Ā 
PPTX
Simple and concise overview about Quantum computing..pptx
mughal641
Ā 
PDF
Doc9.....................................
SofiaCollazos
Ā 
PDF
The Future of Mobile Is Context-Awareā€”Are You Ready?
iProgrammer Solutions Private Limited
Ā 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
Ā 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
Ā 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
Ā 
PDF
Software Development Methodologies in 2025
KodekX
Ā 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
Ā 
PDF
OFFOFFBOXā„¢ ā€“ A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
Ā 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
Ā 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
Ā 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
Ā 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
Ā 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
Ā 
Orbitly Pitch Deckļ½œA Mission-Driven Platform for Side Project Collaboration (...
zz41354899
Ā 
The Future of AI & Machine Learning.pptx
pritsen4700
Ā 
How ETL Control Logic Keeps Your Pipelines Safe and Reliable.pdf
Stryv Solutions Pvt. Ltd.
Ā 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
Ā 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
Ā 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
Ā 
Simple and concise overview about Quantum computing..pptx
mughal641
Ā 
Doc9.....................................
SofiaCollazos
Ā 
The Future of Mobile Is Context-Awareā€”Are You Ready?
iProgrammer Solutions Private Limited
Ā 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
Ā 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
Ā 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
Ā 
Software Development Methodologies in 2025
KodekX
Ā 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
Ā 
OFFOFFBOXā„¢ ā€“ A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
Ā 

Docker EE Deep Dive

  • 1. Product Deep Dive Docker Enterprise Edition Patrick Devine Product Manager, Docker @pdev110
  • 3. Enterprise Edition (EE) ā€¢ Paid Docker subscription ā€¢ Includes support from Docker ā€¢ Predictable biannual releases ā€¢ Certified partner ecosystem ā€¢ Enterprise-grade features (security, management, automation) Recommended for production use Enterprise & Community Editions ā€¢ Free for ā€œdo it yourselfā€ dev & ops ā€¢ Does not include support ā€¢ Quarterly Stable release for ops ā€¢ Monthly Edge release for developers Community Edition (CE)
  • 4. Docker Enterprise Edition (EE) CaaS enabled platform for the modern software supply chain ā€¢ Integrated orchestration, security and management ā€¢ Stable releases with 1 year of support and maintenance ā€¢ Security patches and hotfixes backported to all supported versions ā€¢ Enterprise class support (9am-6pm or 24x7x365) ā€¢ Certified Infrastructure, Containers and Plugins docker enterprise edition
  • 5. Docker EE Components Public Cloud Virtual Physical docker enterprise edition ADVANCED INTEGRATED SECURITY docker trusted registry image management docker universal control plane app & cluster management docker engine container runtime, orchestration, networking, volumes, plugins CI/CD Images Operating Systems Volumes Monitoring Logging more...
  • 6. Docker EE Architecture Node UCP manager Raft consensus group Internal distributed store Node UCP manager Node UCP manager
  • 7. Docker EE Architecture Node UCP manager Raft consensus group Internal distributed store Node UCP manager Node UCP manager Node UCP worker Node UCP worker Node UCP worker Node UCP workerAdmin / User Deploy / Manage
  • 8. Docker EE Architecture Node UCP manager Raft consensus group Internal distributed store Node UCP manager Node UCP manager Node UCP worker Node UCP worker Node UCP worker Node UCP workerAdmin / User Deploy / Manage Pull / Push Image registry BYO TCP load balancer Node DTR replica Logging Monitoring Image storage External CALDAP/AD Add-ons Node DTR replica Node DTR replica
  • 9. Image Security: ā— Image Scanning ā— Image Signing Letā€™s dive into the features!
  • 10. ā€¢ Scans at a binary level ā—‹ Not just looking at package versions ā€¢ Works both online and offline ā—‹ New vulnerability database released daily ā—‹ Great for air gapped scenarios (sneaker net!) ā€¢ Scans both Linux (x86_64) and Windows ā€¢ Coming soon for IBM z Series Image Scanning available now
  • 13. $ docker history pdevine/partyparrot:1.0 IMAGE CREATED CREATED BY 4e21821ad0d9 5 minutes ago /bin/sh -c #(nop) ENTRYPOINT [ā€œ/parrotā€] 880254b79668 5 minutes ago /bin/sh -c #(nop) ADD file:6e64234... 6aa638b57d74 5 minutes ago /bin/sh -c apk update && apk add pcre 4a415e366388 6 weeks ago /bin/sh -c #(nop) ADD file:730030a...
  • 16. {... ā€œlayer_detailsā€: [ ā€œcomponentsā€: [ { ā€œcomponentā€: ā€œcoreutilsā€, ā€œversionā€: ā€œ8.22ā€, ā€¦ }, ā€¦ ], ], }
  • 17. {... ā€œlayer_detailsā€: [ ā€œcomponentsā€: [ { ā€œcomponentā€: ā€œcoreutilsā€, ā€œversionā€: ā€œ8.22ā€, ā€œvulnsā€: [ { ā€œvulnā€: { ā€œcveā€: ā€œCVE-2014-3639ā€, ā€œcvssā€: 2.1, ā€¦ } }, ā€¦ ], }, ā€¦ ], ], }
  • 19. Image Signing ā— Docker Content Trust built in to DTR ā— Enforcement can be done in UCP ā—‹ Only valid signers can deploy containers ā— docker trust makes things easier than ever ā— More to come at Ashwini and Andyā€™s talk at 13h30 coming soon
  • 20. Image Distribution: ā— Image Caching ā— Image Promotion ā— Image Mirroring Letā€™s dive into the features! coming soon
  • 21. Phase 1: image content cache Phase 2: image promotion Phase 3: image mirroring Image Caching, Promotion, & Mirroring docker dtr docker dtr slow fast dtr dev / qa / staging / prod / repo / dtr dev repo / dtr stage
  • 22. Image Caching ā— Caches image layers closer to where itā€™s being consumed for faster pulls (CDN for docker images) ā— Works globally for all repositories in DTR ā— Preserves access permission for each individual repository of the DTR available now docker dt r docker dt r slow fast
  • 23. Use Case: Without Content Cache... slow... San Francisco, USA Copenhagen, Denmark dtr dev/hello-world:latest build layer A layer B 1 2
  • 24. Use Case: With Content Cache! fast San Francisco, USA Copenhagen, Denmark Content Cache dtr dev/hello-world:latest build layer A layer B 1 2 3 4 layer A layer B
  • 25. Image Promotion ā— Promotes ā€œblessedā€ images from one repository to a different repository in the same DTR ā— Repositories each have their own access control ā— Images can be re-tagged automatically to a new tag ā— Can be done ā€œmanuallyā€ or automatically by a ā€œpolicyā€ available now dev / qa / staging / prod /
  • 27. Promotion Policy Criteria ā— Tagged with a certain tag ā— Doesnā€™t contain any vulnerabilities above a threshold (critical, major, minor) ā— Package exists or is greater or less than a certain version ā— Is greater than (or less than) a certain size ā— Doesnā€™t contain a certain type of license (e.g. GPLv3)
  • 28. Advanced Use Case: Promotion Chaining
  • 29. Advanced Use Case: Promotion Branching
  • 30. Image Mirroring ā— Promotes ā€œblessedā€ images from one repository to a different one in a different DTR ā— Registries each have their own access control ā— Mirroring is bi-directional. Can be done via ā€œpushā€ or ā€œpullā€ ā— Policies can be used to automatically push to remote DTRs com ing soon repo / docker dtr dev repo / docker dtr stage
  • 31. Image Mirroring (push based) ā— Image is pushed to DTR 1 ā— If the policy is met (e.g. no vulnerabilities) image is pushed to DTR 2 ā— AuthN and AuthZ managed by each individual DTR ā— Signing / Scan data not (yet) preserved dtr 2dtr 1 1 2 Build
  • 32. Image Mirroring (pull based) ā— Image is pushed to DTR 1 ā— DTR 2 polls DTR 1 at specified intervals to check for updates ā— If new images are found, image is pulled to DTR 2 dtr 2dtr 1 1 2 3 Build
  • 33. Image Mirroring (pull based w/ webhook) ā— Image is pushed to DTR 1 ā— DTR 1 notifies DTR 2 that a new image exists ā— DTR 2 contacts DTR 1 and pulls the image dtr 2dtr 1 Build 1 2 3 4
  • 35. San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Push1
  • 36. San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Promote after clean scan 2 Push1
  • 37. San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Copenhagen, Denmark Content Cache Push1 Cache3 Promote after clean scan 2
  • 38. San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Copenhagen, Denmark Content Cache Push1 Cache3 New York, USA stage/hello-world dtr us-east prod/hello-world Mirror4 Promote after clean scan 2
  • 39. San Francisco, USA build dev/hello-world dtr us-west qa/hello-world Copenhagen, Denmark Content Cache Push1 Cache3 New York, USA stage/hello-world dtr us-east prod/hello-world Mirror4 Promote5 Promote after clean scan 2
  • 40. Docker EE Hosted Demo ā— Free 4 Hour Demo ā— No Servers Required ā— Full Docker EE Cluster Access docker.com/trial