This week, the Moby Project was introduced with the idea of componentizing Docker into a series of assemblies. At DockerCon, a neat demo was done using the moby tool to assemble various components into customized Linux operating system images. While very cool, this seemed to have confused people – we’d like to provide some more background and explanation about the Moby Project and how it affects Rancher, RancherOS, and our users.
Some background on the Moby Project
The transition to the Moby Project actually started a couple of months ago, with a discussion among the Docker Project maintainers, about the dual nature of Docker as both a product and a project. This dual nature served Docker (the project and the company) well in the beginning, but at the end of the day, Docker, Inc. must make hard decisions about what their product should and will be. As a group of maintainers, we agreed that the product and project should be split. Read more
We’ve just returned from DockerCon 2017, which was a fantastic experience. I thought I’d share some of my thoughts and impressions of the event, including my perspective on some of the key announcements, while they are still fresh in my mind.
New open source projects
Container adoption for production environments is very real. The keynotes on both days included some exciting announcements that should further accelerate adoption in the enterprise as well as foster innovation in the open source community. Day 1 included demos of multi-stage docker builds (introduced in Docker 17.04), which is an incredibly cool feature.
During the keynote, Docker also announced two new open source projects for system builders who want to create their own modular container-based systems. With the Moby Project, Docker has essentially created a Fedora/RHEL split that enables users to build container-based systems from a component library and reference blueprints. Darren Shepherd, Chief Architect at Rancher Labs, provides some more background and explanation about the Moby Project and how it affects Rancher, RancherOS, and our users here. Read more
Docker Enterprise Edition technology and support now available from Rancher Labs
Cupertino, Calif. – April 18, 2017 – Rancher Labs, a provider of container management software, today announced it has partnered with Docker to integrate Docker Enterprise Edition (Docker EE) Basic into its Rancher container management platform. Users will be able to access the usability, security and portability benefits of Docker EE through the easy to use Rancher interface. Docker provides a powerful combination of runtime with integrated orchestration, security and networking capabilities. Rancher provides users with easy access to these Docker EE capabilities, as well as the Rancher platform’s rich set of infrastructure services and other container orchestration tools. Users will now be able to purchase support for both Docker Enterprise Edition and the Rancher container management platform directly from Rancher Labs. Read more
Rancher Labs delivers fast, ultra-lightweight container operating system
Cupertino, Calif. – April 12, 2017 – Rancher Labs, a provider of container management software, today announced the general availability of RancherOS, a simplified Linux distribution built from containers, for containers. RancherOS eliminates any unnecessary libraries and services, resulting in a footprint three times smaller than that of other container operating systems. The simplified container environment reduces container boot time, increases efficiency and improves security by reducing the number of components that can be exploited.
“At BRCloud Services, we strive to deliver the best solutions to address our customers’ needs,” said Helvio Lima, CEO at BRCloud Services. “RancherOS epitomizes what modern infrastructure should look like. We’re thrilled to integrate the container operating system into our portfolio.”
RancherOS makes it simple to run containers at scale in development, test and production. By containerizing system services and leveraging Docker for management, the operating system provides an incredibly reliable and simple to manage container-ready environment. System services are defined by Docker Compose and automatically configured using cloud-init, reducing administrative burden. Unneeded libraries and services are eliminated, significantly reducing the OS footprint and minimizing the hassle of updating, patching and maintaining a container host operating system. Containers running on RancherOS boot in seconds, making the operating system ideal for running microservices or auto-scaling. Teams can use the Rancher container management platform to easily manage RancherOS at large scale in production.Read more
As a relatively new technology, Docker containers may seem like a risk when it comes to security — and it’s true that, in some ways, Docker creates new security challenges. But if implemented in a secure way, containers can actually help to make your entire environment more secure overall than it would be if you stuck with legacy infrastructure technologies.
This article builds on existing container security resources, like Security for your Container, to explain how a secured containerized environment can harden your entire infrastructure against attack.
Some Background on Container Security
When you’re thinking about containers and security, it’s always good to have some history on why containers work the way they do and what that means for security. Aqua Security, one of the firms that specializes in container security, offers A Brief History of Containers to provide some context.
As is visible in the evolution from chroot to Docker and the Open Container Initiative, it is obvious that isolation between services coexisting on shared servers was always the leading goal—not necessarily well thought-out, hardened security practices. Isolation is a good counter-measure, but, as shown in this Security for your Container article, there are a lot more things that can and should be done.
Here are three examples of easy first steps that can be taken use containers to make your environment more secure: Read more
Docker containers make app development easier. But deploying them in production can be hard.
Software developers are typically focused on a single application, application stack or workload that they need to run on a specific infrastructure. In production, however, a diverse set of applications run on a variety of technology (e.g. Java, LAMP, etc.), which need to be deployed on heterogeneous infrastructure running on-premises, in the cloud or both. This gives rise to several challenges Read more