Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Docker considering dumping Ubuntu in favor of Alpine for the official images

    Feb 6, 2016 · By Marius Nestor

    "Consider" is not the proper word in the sentence above because, by the looks of it, the Docker founder Solomon Hykes has already hired the developer of the Alpine Linux distribution to do all the migration work for them.

    "Incidentally, we have hired Natanael Copa, the awesome creator of Alpine Linux and are in the process of switching the Docker official image library from ubuntu to Alpine," reveals Solomon Hykes, founder and CTO of Docker, in a Hacker News comment.

    For those of you who are not in the loop, Alpine Linux is an open source operating system dedicated to offering users a server-oriented, secure computing environment. It is lightweight, small and simple to use, built on top of Busybox and musl.

    Moving the official Docker images to Alpine Linux has several benefits, as Brian Christner reports in a recent blog article. First, you will see an increase in speed when downloading, installing and running the images on your Docker host.

    Then, the overall security of the Docker images will also be improved, due to the smaller footprint. Faster migration between hosts, which is essential for HA/DR configurations, and smaller disk storage are also two important benefits of the switch.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Docker, Addressing Security Concerns, Hardens Its Containers

    Joseph Tsidulko
    February 5, 2016

    Addressing lingering concerns about container security, Docker has hardened its container-tech platform with a release that also adds several commercial features to ease enterprise deployments.

    The San Francisco-based startup that sparked a revolution of sorts when it reintroduced Linux containers to enterprise IT delivered a number of advancements Thursday around container orchestration, networking and security with the release of Docker 1.10.

    As Docker penetrates corporate data centers and clouds, the portfolio of new tools can be used to "build the kind of distributed applications that enterprises want to run in production," said David Messina, Docker's senior vice president of marketing.

    Docker, the commercial entity behind the open-source software, follows a steady release cadence -- the software is usually updated every two months.

    A key component of the latest release is Docker Compose, a much-simplified method for defining storage and networking topologies.

    Compose is "one of the big things to come out of this release, in the realm of orchestration, being the model for taking multi-container distributed apps and allowing developers to define, cluster and schedule those apps," Messina told CRN.

    Developers can define a distributed application, comprising a set of containers, in one simple file that controls the entire application life cycle, he said.

    "Previously you would have to do a lot of command line work, manual configuration," Messina said. "Now it's much easier to get an application up and running all the way from development to production."

    Aater Suleman, CEO of Flux7, a systems integrator based in Austin, Texas, that specializes in Docker and DevOps methodology, told CRN the latest release adds controls that will facilitate the onboarding of new users and pave a wider path to enterprise adoption.

    But it's the upgrades around security that are especially vital and timely, he said.

    "With Docker Enterprise adoption increasing, we are seeing more and more scrutiny of its security controls from our customers," Suleman told CRN.

    User Namespaces, a security feature that allows configuration of privileges for containers, fixes a longstanding issue with containers being able to access the root on the host, Suleman said.

    "This specific concern has in fact been brought up by InfoSec gurus to our customers," Suleman told CRN of the root access problem. "Version 1.10 provides a good answer."

    Content addressable container IDs is another innovation important to highly regulated industries like health care, where artifacts must be tracked at every step of the way, Suleman told CRN.

    "Last year, we had to implement this control for a Fortune 100 health-care client," Suleman said. "We had to develop it from scratch ourselves using container tags and a series of controls to avoid tainting the IDs as the containers progressed in the code promotion pipelines."

    In addition to security, 1.10 greatly enhances usability of the commercial product, Suleman said. One of the most interesting capabilities is an embedded DNS server.

    Flux7 started using Docker in 2013, when container discovery was not a well-studied problem.

    The company created a solution for -- presented at DockerCon 2014 -- that achieved the same effect that the new embedded DNS server will provide out of the box.

    "As someone who has seen Docker evolve from Day 1, we welcome this change. It may not be technically miraculous but it eases some common use cases," Suleman said.

    That greater ease is true for other new features, like the networking enhancements, the ability to assign IPs to containers, and internal networks, he added.

    Around 40 percent of Docker users are running applications in production environments, Messina told CRN.

    Many of them, especially government institutions and large banks, were clamoring for more features around security and networking topology.

    In version 1.9, Docker networking became generally available, he said. But the latest release enhances the functionality with flexible configurations, greater scalability and integration.

    The 1.9 release also included a Universal Control Plane that, despite still being in a beta preview, is already widely used by several Fortune 500 firms, Messina told CRN.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens