Swarm is here to stay — and will keep getting better in security and ease of operations

Michelle Yakura - March 27, 2024

- swarm community, container orchestration, Mirantis Kubernetes Engine, container, docker swarm, swarm

After a decade of rapid container adoption around the globe, many enterprises continue to deploy Swarm for its simple and solid container orchestration. Originally developed by Docker, Swarm became part of the Mirantis product portfolio with our acquisition of the Docker Enterprise business. With ongoing market demand for Swarm, Mirantis is committed to providing the best enterprise support for Swarm for the long term — at least for the next three years — and for as long as it makes sense for our customers.

Market demand for Swarm

Kubernetes is the world’s leading container orchestrator, but it doesn’t meet the needs of all teams or workloads. Now as more organizations bring containerized workloads into production, many are choosing Swarm as a container orchestrator because it is extremely stable and easy to use. Mirantis has more than 100 customers utilizing Swarm for production workloads. This translates to more than 10,000 nodes spread across approximately 1,000 clusters, supporting over 100,000 containers orchestrated by Swarm. Additionally, we regularly get new inquiries about Swarm from enterprises that are just beginning their container journey or need a more streamlined orchestrator for specific workloads.

Our Swarm customers span a broad range of industries and include global leaders such as MetLife, Royal Bank of Canada, and S&P Global. Our biggest Swarm customers also include a top 5 global telecom operator, a large federal agency, other iconic names in financial services, global pharmaceutical manufacturers, and IT services providers. All of these customers use Swarm as part of Mirantis Kubernetes Engine (MKE), our enterprise-grade, FIPS-validated container platform that features both orchestration options.

The vast majority of enterprise Swarm customers also deploy Kubernetes clusters using MKE, and a significant number of them deploy mixed clusters with both Swarm and Kubernetes nodes. They typically use Swarm for specific microservices-based workloads, including both internally developed and commercial off-the-shelf enterprise software, such as core banking applications, customer-facing mobile apps, mobile security tools, and applications for e-commerce and real-time tracking. Many customers who begin their container journey with Swarm also take advantage of MKE as a convenient on-ramp to future Kubernetes adoption.

Keeping Swarm components secure and up to date

Sustaining Swarm’s security and functionality requires ongoing maintenance to the codebase. Our dedicated Swarm engineering staff continuously work to keep dependencies up to date and quickly patch security vulnerabilities.

Some of the key features that we maintain for Swarm customers include:

FIPS 140-2 validation and support
Signed image support
Regular security validation and updates (typically on a 6-week cadence, but can be delivered on a 3-week cadence for CVEs)
Extended support providing a 24-month window
Extensive lifecycle management tooling
Security integration to enable RBAC and Enterprise Authentication
Extensive metrics

Additionally, as Mirantis is a steward of the open source Moby project, the container system framework that underlies Swarm and Docker Engine, and our engineering staff also regularly triages issues reported upstream to ensure the overall health of the codebase.

Delivering new features to the Swarm community

Mirantis is committed to innovating Swarm to ensure it meets the needs of both our customers and the wider Swarm community. New features typically originate from requests from existing customers or issues reported upstream, and we prioritize developing features that will substantially benefit the Swarm community at large.

For example, in response to upstream requests, our engineering staff recently strengthened Swarm security by adding API support for Seccomp security profiles, which enable the secure computing mode of a Linux kernel to restrict actions within the container, and AppArmor security profiles, which leverage the Application Armor Linux security module to protect an operating system and its applications from security threats.

Other features and capabilities we delivered in the last year include:

Swarm Container Storage Interface (CSI) - Currently going through upstream validation
MKE image pruning - Automate routine maintenance of nodes
MKE mandatory Swarm resources constraints - Administrators can set constraints for CPU and memory requests
Mirantis Secure Registry (MSR) support for Swarm - Run MSR on Swarm clusters to enable a secure software supply chain

Upcoming features in the Swarm roadmap

The next features we plan to deliver to Swarm are focused on enterprise security requirements. As companies continue to adopt remote or hybrid work policies, they need to provide users with secure access to business applications from any device. For this reason, we plan to add Swarm support for the PingFederate enterprise federation server, which provides user authentication and single sign-on with support for OAuth, SAML, and other identity standards.

Another Swarm feature on our near-term roadmap is OSTree Linux support for our Mirantis Launchpad automated deployment and lifecycle management tool. We see more Swarm customers adopting OSTree Linux distributions such as Rocky Linux in financial services and other security-sensitive industries. Mirantis Launchpad can already run on almost any Linux, Mac or Windows machine, and adding OSTree Linux support gives our customers even greater freedom to choose the best OS to suit their needs.

Further down the road, features and capabilities in our longer term roadmap include:

Client bundle expiration timer
Configurable LDAP information in MKE configuration file (TOML)
Customizable SAML configuration as part of MKE
IPv6 Support
ARM Support