Last week, the Docker team had a chance to interact with the attendees of VMworld to talk about containers and container platforms. We spoke to companies in all stages of their containerization journey – some were just getting started and figuring out where containers may be used, others had started early containerization projects, some had mature container environments. Here are some of the most common questions we were asked.
Q: We have developers that are using Docker containers now, but what is the relevancy of containers to me (as an IT or virtualization admin)?
A: While developers were the first to adopt containers, there are many benefits of containers for IT:
- Server consolidation: While virtualization did increase the number of virtual machines per server, studies show that servers are still greatly underutilized. On average, Docker Enterprise customers see 50% greater server consolidation with containerization. That means being able to pack more workloads onto existing infrastructure or even reducing the number of servers and therefore saving on licensing and hardware costs.
- Easier patching and maintenance: Containerized applications can be updated easily through changes to the source image file. This also means it’s possible to update and rollback patches on the fly.
- Faster cloud migration: Many IT organizations are responsible for consolidating data center and migrating a target number of applications to the public cloud. Containerized applications can be easily deployed to different infrastructure platforms in a consistent manner.
- Increased application security: Containers provide an additional layer of isolation to applications while also reducing the attack surface. Many companies see additional security as a key benefit to containerization.
Q: What is the difference between running Docker containers and using a container platform like Docker Enterprise?
A: In an analogy to the VMware world, virtualization is a technology but vSphere/vCenter is a way to manage virtual machines running on a VMware hypervisor. Containers are a technology and you can run containers on a Docker Engine. However, if you need to manage containers running on Docker Engine, you will need a platform solution that includes things like access controls and LDAP integration, dashboards for managing and monitoring containers, visibility into which containers are running on which hosts, with access to which storage volumes or networks. One way to think about it is to consider Docker Enterprise as the “vCenter” for your containerized applications.
Q: Can you run Docker Enterprise on your vSphere environment?
A: Yes! This is a common setup for our customers and we have reference architectures available to help you with this setup. The Docker Enterprise environment consists of a cluster of “nodes”. In a virtualized environment, these nodes are typically virtual machines. This includes the management stack for Docker Enterprise which is deployed as containers running on virtual machines.
Q: When running Docker Enterprise on vSphere, which tool does what? For example, do you manage the virtualized hosts through Docker Enterprise?
A: Docker Enterprise and vSphere control different levels of the infrastructure. Typically, you will still manage virtual machines and the hypervisor through vSphere, but you will manage the container environment and the Docker Engines in your cluster (in the virtual machine) through Docker Enterprise. Docker Enterprise also includes an advanced private registry solution for managing your container images.
Q: What is the importance of a secure container registry?
A: With containers, there is a close relationship between container images (the blueprint to your applications) and running containers. The image files (and Dockerfiles) are the source of the running applications and therefore, need to be closely managed. That means knowing where the images came from, who has had access to it, if they are free of vulnerabilities and if they’re safe to deploy. Docker Trusted Registry, which is part of Docker Enterprise, is the most advanced container registry solution in the market and comes with integrated image signing, image vulnerability scanning, and policy-based image promotions for a secure software supply chain.
Have more questions? Make sure to check out these resources to learn more about Docker Enterprise: