Home > Blog > Securing applications at the Edge with Trusted Docker Containers

Securing applications at the Edge with Trusted Docker Containers

Marc Meunier - February 26, 2020 - | | |

Last week we presented a live webinar on How to Build a Basic Edge Cloud. One of the topics that drew the most attention was container security, so we wanted to bring you this white paper which we published jointly with Intel, Secure the IoT Edge with Trusted Docker Containers.

Deploying applications to the edge requires special attention to security to prevent the compromise of end devices.   Mirantis has partnered with Intel to secure the last mile in Docker Enterprise Platform to hardware primitives in Trusted Platform Module (TPM), leveraging Intel Platform Trust Technology (Intel PTT). 

Some of the key steps we have taken to supply hardened enterprise security for trusted containers for our customers deploying at the edge include: 

  • Security in transit: Docker Enterprise leverages the trusted platform module to create credentials and generate key pairs for secure connection to enterprise infrastructure. 
  • Security at rest: The Docker Enterprise platform makes use of disk encryption to protect images in an encrypted volume, backed by keys in TPM. 
  • Node integrity: Security services tied to Docker Engine and to secure boot use a secure cryptoprocessor such as a Trusted Platform Module (TPM)  to measure container infrastructure files and prevent compromised files and data from being accessed. 
  • Image integrity:  In the Docker Trusted Registry, images are signed prior to delivery to end devices.  Once the image is received in the end device, Docker Content Trust verifies image integrity.
  • Node attestation:  Critical Docker infrastructure is measured against the Integrity Measurement Architecture and chained to the integrity of the Secure Boot flow, and can be attested by a remote verifier. 
  • Registry authentication: Docker Trusted Registry authenticates the device identify with credentials stored in a TPM. 

All of these features enhance the Docker Enterprise Platform and provide the foundational capabilities required to extend the secure deployment of apps to the Edge and IOT. 

Interested in more details about how this all works?  Please download the white paper.

Subscribe to Mirantis Newsletter

Get blogs and other content delivered straight to your inbox.

FREE EBOOK!
Service Mesh for Mere Mortals
by Bruce Basil Mathews
DOWNLOAD
LIVE WEBINAR
Cloud Native & Coffee: Porting apps from legacy systems to cloud. Is it worth it

Thursday, Oct 21 at 8:00am PDT
SAVE SEAT
LIVE WEBINAR
Docker Swarm is Dead! Long Live Docker Swarm

Thursday, October 28 at 10:00am PDT
SAVE SEAT
LIVE WEBINAR
Defining a Kubernetes that just works, anywhere

Thursday, November 11 at 8:00am PST
SAVE SEAT
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW
WHITEPAPER
The Definitive Guide to Container Platforms
READ IT NOW

Subscribe to Mirantis Newsletter

Get blogs and other content delivered straight to your inbox.

FREE EBOOK!
Service Mesh for Mere Mortals
by Bruce Basil Mathews
DOWNLOAD
LIVE WEBINAR
Cloud Native & Coffee: Porting apps from legacy systems to cloud. Is it worth it

Thursday, Oct 21 at 8:00am PDT
SAVE SEAT
LIVE WEBINAR
Docker Swarm is Dead! Long Live Docker Swarm

Thursday, October 28 at 10:00am PDT
SAVE SEAT
LIVE WEBINAR
Defining a Kubernetes that just works, anywhere

Thursday, November 11 at 8:00am PST
SAVE SEAT
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW
WHITEPAPER
The Definitive Guide to Container Platforms
READ IT NOW