Top 12 Questions from the Docker Enterprise 3.0 Webinar Series
Staff - August 30, 2019
Earlier in August, we hosted a series of virtual events to introduce Docker Enterprise 3.0. Thousands of you registered and joined us, and many of you asked great questions. This blog contains the top questions and answers from the event series.
Docker Enterprise in the Cloud, On-Prem, with Kubernetes
Q: Can Docker Enterprise be used on AWS and other cloud providers?
A: Yes! Docker Enterprise, including the Docker Universal Control Plane (UCP) and Docker Trusted Registry (DTR), can be deployed to any of the leading cloud environments, including AWS, Azure and GCP. With Docker Enterprise 3.0, we also launched the Docker Cluster CLI plugin for use with Docker Certified Infrastructure. The plugin (now supporting AWS and Azure) allows for simple installation and upgrading of Docker Enterprise on selected cloud providers.
Q: Is Docker Cluster only available in the public cloud, or is it possible to add local machines or VMs?
A: Additional support for VMware vSphere environments is coming shortly. If you have other platforms that need to be supported, please engage with your account team to provide that feedback!
Q: Does Docker Kubernetes Service (DKS) work with both on-premises and other Kubernetes environments such as EKS, AKS, GKE?
A: Docker Kubernetes Service is an integrated and certified Kubernetes distribution that is included in the Docker Enterprise platform – both in Docker Desktop Enterprise and in our Universal Control Plane (UCP). As a conformant Kubernetes distribution, there is an inherent compatibility between Docker Kubernetes Service and other cloud-based Kubernetes environments. However, if you are using EKS/AKS/GKE, you will not need to install another Kubernetes distribution for your runtime environment and that means you will not need UCP. You will still benefit from other elements of the Docker platform including Docker Desktop Enterprise for local developer environments and Docker Hub and Docker Trusted Registry for collaborating with trusted content.
Q: My organization is new to containers and Kubernetes – what’s the recommended path to get started?
A: Most of our customers are new to these technologies. Docker Enterprise Solutions offer an easy on-ramp for customers to deploy and operationalize Docker Enterprise (including Docker Kubernetes Service) within their environments. Solutions include Docker Enterprise platform subscriptions and professional services that leverage a prescriptive methodology developed over time working with hundreds of enterprise customers. You can learn more at docker.com/solutions/docker-enterprise-solutions.
Docker Enterprise 3.0 Security
Q: Is there a way to determine that an image in Docker Hub is validated and has the appropriate security settings?
A: Official and Verified Publisher images provide a first level screen in terms of validating that they came from a trusted source – either with Docker’s direct oversight or from validated 3rd party vendors. The Certified Images in Docker Hub must be run through an additional security test. To provide an even higher level assurance, we recommend scanning the images for known vulnerabilities once they are added to your own private registry.
Q: What if a vulnerability is discovered after you have deployed it to production? Will you be alerted?
A: Yes! Docker Enterprise tracks the layers that have been scanned. If a new vulnerability is detected, you will be alerted on previously scanned images and, using UCP, have the ability to track where those images are deployed.
We track vulnerabilities closely – each of the Official images can be traced back to Github. The vulnerability scanning capabilities will compare the layers in the image against the CVE database. If there is an older release version of software contained in the image, vulnerability scanning (binary level scanning) will pick that up and flag it. Then you can re-build that image with the latest patch
Docker Desktop, Docker App and CNAB
Q: How Docker Desktop Enterprise different than the community version?
The key differences are in two areas: developer productivity and IT manageability. To improve productivity, Docker Desktop Enterprise includes an application designer interface that makes it easy to build container-based applications using pre-defined templates. When it comes to improving manageability, Docker Desktop Enterprise can be deployed via IT’s choice of endpoint management tools, with optional lockable settings. You can see a full list of enhancements here.
Q: I want our developers to work with Docker on Windows desktops, but the production environments are Linux. Can they develop for Linux in Docker Desktop for Windows?
A: Yes! Docker Desktop for Windows already exists today for native .NET and Linux based development. We also recently introduced the Tech Preview to support WSL2 – an improved Linux experience within Windows! You can learn more about WSL2 here.
Q: Is CNAB a viable solution for deploying edge architecture applications?
A: Yes. The CNAB specification is designed to support multiple configuration formats, making it future-proof and inclusive of things like Helm charts and Object YAML files. That allows you to support both existing tech stacks and future tech stacks.
Q: What application frameworks does Docker App support?
A: There is no restriction on application frameworks for Docker App. Today, Docker App supports the packaging of multiple Docker Compose files into a single bundle. These Compose files can be mapped to monolithic or n-tier applications or microservices – there is no dependency on the application architecture. As Docker App expands to support Helm charts and Kubernetes YAML, this will further embrace other configuration formats.
Q: Is there an easy way in Docker App to convert any custom development app to a container ready app?
A: We have some tooling to assist on this. Using Assemble and Templates adds your code to a “scaffold” for containers. Someone does have to create the template – but it is possible to reuse other templates that others have created.
Q: Does Docker App depend on the underlying infrastructure in terms of virtual machines, bare metal, etc.?
A: The underlying infrastructure generally doesn’t matter. Docker Enterprise runs on VMs or bare metal and the parameterized fields within the Docker App can be used to adjust settings (like the port setting) so that you can be adjusted at deployment.
Build, Share and Run Anywhere
The questions attendees asked made it clear that developers and ops teams alike value choice and flexibility. They want to be able to build, share and run applications anywhere, and have the peace of mind that applications are secure.
You can learn more by catching the on-demand 5 part webinar series.