I remember how I felt years ago, when I had the first couple of Linux and Windows Virtual machines running in the lab. It was a great sense of freedom, from hardware limitations, from lost time and productivity. It was real Magic.
Then about 2 years ago, when Docker started its journey, it almost felt like black magic. The speed, the embedded versioning, the Freedom from the Operating system cage…
Looking at the new opportunities and energy at the recent DockerCon EU (2015), feels like a visit to Harry Potter’s Hogwarts castle. Anyway, enough with the story, let’s dig into some tech bits:
Impressive focus on security, quality,scalability and stability (See the Keynote as well as this session)
Docker Trusted Registry – Easy signing of your code using UBkey stick (a bit later AWS launched its own Docker registry service..)
Remote revocation of signed code in case of compromise
Nautilus- Automatic vulnerability scan of code that is uploaded into Dockerhub
Internal Dockerhub on premise option including the secure code signing and Nautilus features
Swarm cluster scales from 10 to 1000 nodes running 50,000 containers without any hiccups!
Docker Universal Control plane – the dashboard for managing your docker swarm as well as on-the-fly secret data insertion and rotation, On-The-Fly insertion of specific Docker images across Swarm nodes.
Docker Remote API that allows remote CLI, remote Compose and Docker Swarm
Docker compose now
Includes the network overlay system that automatically allows containers to find each other and applications merely call hostnames without worrying about name resolution
Allows you to assign volumes to specific containers, which allows mixing of both persistent and non-persistent applications
Started supporting seccomp for more granular Docker permissions as well as user namespaces which allows a process inside a container to “believe” it is running as root, while in fact it’s not
Docker sidekicks – special containers that provide Service Discovery, HealthChecks and orchestration through a REST API. Examples include Amazon ECS Agents, AWS Beanstalk, COREOS, Docker Ambassador
DCOS – The DataCenter Operating System – The Mesosphere Datacenter Operating System (DCOS) is a new kind of operating system that spans all of the machines in your datacenter or cloud. It provides a highly elastic, and highly scalable way of deploying applications, services and big data infrastructure on shared resources including AWS, GCP, Azure.
Docker for Windows
Will not run Linux images
Same code base as Docker for Linux
Requires Windows Server 2016
Includes an abstraction layer between Docker and the Windows Kernel
The Docker C:\Windows maps to \Global?\C:\Windows
Contains all Windows device entry points including C: and \Registry, \Device\TCP
Each container has its own “chrooted” devices
File system is hybrid of UnionFS and NTFS: Virtual Block Device + NTFS partition per container Symlinks to layers on host FS
Sundial – Rides on top of AWS ECS (Docker on AWS) and offers aggregation of Docker JOBS / ECS into processes with dependency tree graphical representation and central logging and control
That’s it. Docker won over Windows containerization as well!
Microsoft just announced it will add to its support for Linux VMs running Docker Linux Containers, support of Docker engine inside Windows Server and Windows Azure, to support native Windows containers,
This means you will be able to develop and support your Windows Apps within a slim agile-to-maintain container. What happens to licensing is one question, and what happens to security is definitely another worthy question.
Here are my VMWorld 2014 notes about the conference’s top new solutions.
Bottom line, I expect most of those features and solutions become popular and although it starts to feel like there is “too much”, that’s our role as IT Professionals, to pick the right tools for use in the right time and place.
EVO: Rail – “Data Center in a Box” – allows hardware and software ISVs to package their multi-suite software appliances into a single kit that includes shrink-wrapped manageability options (no need for vCenter and similar management tools, but they can be used if you have them). All deployed within 15 minutes!
EVO: Rack – “vHardware v2.0“. Yes, “vHardware” is my term to describe the offering of integrated, data center scale hardware to support quick deployment of VMware at mass scale. In the past years it featured products such as Cisco UCS, EMC vBlock, NetAPP FlexPod). I’d say EVO: Rack is the second “vHardware” major effort, now fueled by the new “SDDC” (Software Defined Data Center) standard, including extensible racks including servers, storage, networking (from various hardware vendors) and the complete suite of VMware’s data center management products, all deployable within 2 hours and aimed to allow launching multiple Virtual Data Centers, within a single physical Data Center.
vCloud Air – Allows for easy transparent secure migration of VMs into and from the cloud, or across the world into and from other data centers. The policies, including network and security rules of a VM will migrate with it, and be enforced, no matter where it is migrated to. All based on the new vSphere 6.0 (Beta) engine.
vCloud Realize – Management and monitoring of Operations, Automation, Business, provided on internal external or Hybrid Cloud via vCloud Air.
Contributing to and integrating with Dockercontainers as well as with Google Kubernetes Docker management software, both are becoming a strong standard for agile development, testing, packaging and deploying software. Essentially you can deploy and maintain Docker containers within the well-known VMware management tools, such as VMware vCenter.
vSphere 6 Beta now allows migration of live VMs from one GEO location to another one across the world, providing transparent network access to the VMs without any adjustment of their IP network details independently of the actual local network details for each GEO location, all based on VMware NSX technology)
Policy based deployment and enforcement of SDDC: network, storage, availability, etc. Those policies automate the setup and maintenance of our VMs, and reduces the need to create and monitor operation and monitoring related scripts.
Virtual Volumes (Beta): Using the Sphere APIs for Storage Awareness (VASA), it allows for the offloading of VM operations to the most common storage solutions. For example, creating a VM snapshot can be done by the storage system (EMC, NETAPP, etc), using its own means to do what until now, the VMware ESX server had to do. This complements past offering of VMware’s Virtual SAN, which aimed to replace the need for expensive physical storage solutions, by offering many of the SAN storage features through software on top of economic commodity hardware.
Rapid mobile deployment of apps (temporary desktop) streamed from VMware cloud assisted by the Air-Watch technology. As an example, allows one to send a document that requires a specific APP, to another person. If the receiving party is entitled to use the relevant app, it will be available for him as soon as he tries to open that document.
Federated App / Desktop Delivery via VMware AirWatch. As an example this allows a doctor to securely send a patient health test result to another expert’s mobile device, even though the expert works in another hospital. Only the doctor and the expert can collaborate on this document. All done seamlessly. App delivery and usage is streamed through VMware cloud data centers in the background so it seems delivery is instant.
That’s it for now.
Do let me know what you found out so far (I am still going through the VMWorld Brown Bag sessions).