Securing applications at the Edge with Trusted Docker Containers

Marc Meunier - February 26, 2020 - , , ,

Last week we presented a live webinar on How to Build a Basic Edge Cloud. One of the topics that drew the most attention was container security, so we wanted to bring you this white paper which we published jointly with Intel, Secure the IoT Edge with Trusted Docker Containers.

Deploying applications to the edge requires special attention to security to prevent the compromise of end devices.   Mirantis has partnered with Intel to secure the last mile in Docker Enterprise Platform to hardware primitives in Trusted Platform Module (TPM), leveraging Intel Platform Trust Technology (Intel PTT). 

Some of the key steps we have taken to supply hardened enterprise security for trusted containers for our customers deploying at the edge include: 

  • Security in transit: Docker Enterprise leverages the trusted platform module to create credentials and generate key pairs for secure connection to enterprise infrastructure. 
  • Security at rest: The Docker Enterprise platform makes use of disk encryption to protect images in an encrypted volume, backed by keys in TPM. 
  • Node integrity: Security services tied to Docker Engine and to secure boot use a secure cryptoprocessor such as a Trusted Platform Module (TPM)  to measure container infrastructure files and prevent compromised files and data from being accessed. 
  • Image integrity:  In the Docker Trusted Registry, images are signed prior to delivery to end devices.  Once the image is received in the end device, Docker Content Trust verifies image integrity.
  • Node attestation:  Critical Docker infrastructure is measured against the Integrity Measurement Architecture and chained to the integrity of the Secure Boot flow, and can be attested by a remote verifier. 
  • Registry authentication: Docker Trusted Registry authenticates the device identify with credentials stored in a TPM. 

All of these features enhance the Docker Enterprise Platform and provide the foundational capabilities required to extend the secure deployment of apps to the Edge and IOT. 

Interested in more details about how this all works?  Please download the white paper.

banner-img
test
tst
tst
Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)

Note: this blog post was originally published by Avinash Desireddy on Medium. You can view the original post here. Docker Containers, Kubernetes, CNCF, and many other relevant projects completely changed how we package, ship, and run applications. As you all know, Kubernetes has become a defacto standard for running applications. At the same time, container registries and chart repositories play a …

Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)
Software Supply Chain Security on Any Kubernetes with Mirantis Secure Registry 3.0

Security and cloud infrastructure availability concerns have been in the news of late with the recent Log4j vulnerabilities and outages at some of the world’s largest public cloud providers. The security and integrity of your container-based images has never been more important. Many have taken to Kubernetes to assist in the deployment and management of their container-based workloads, and are leveraging …

Software Supply Chain Security on Any Kubernetes with Mirantis Secure Registry 3.0
A Year in Review: A Look Back at the Most Powerful Mirantis Resources from 2021

2021 has been quite the year - and while there have been plenty of not-so-good times, we at Mirantis would like to take a moment to focus on the good. We are thankful for the opportunity to provide our readers with informative, accurate, and, above all, educational content via our company blog. We try not only to include helpful information …

A Year in Review: A Look Back at the Most Powerful Mirantis Resources from 2021
WHITEPAPER
The Definitive Guide to Container Platforms
READ IT NOW
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW
LIVE WEBINAR
Manage your cloud-native container environment with Mirantis Container Cloud

Wednesday, January 5 at 10:00 am PST
SAVE SEAT