Author Archives: Banjot Chanana
Author Archives: Banjot Chanana
On Monday, February 11, Docker released an update to fix a privilege escalation vulnerability (CVE-2019-5736) in runC, the Open Container Initiative (OCI) runtime specification used in Docker Engine and containerd. This vulnerability makes it possible for a malicious actor that has created a specially-crafted container image to gain administrative privileges on the host. Docker engineering worked with runC maintainers on the OCI to issue a patch for this vulnerability.
Docker recommends immediately applying the update to avoid any potential security threats. For Docker Engine-Community, this means updating to 18.09.2 or 18.06.2. For Docker Engine- Enterprise, this means updating to 18.09.2, 18.03.1-ee-6, or 17.06.2-ee-19. Read the release notes before applying the update due to specific instructions for Ubuntu and RHEL operating systems.
Summary of the Docker Engine versions that address the vulnerability:
Docker Engine Community
Docker Engine Enterprise
To better protect the container images run by Docker Engine, here are some additional recommendations and best practices:
Official Images are a curated set of Docker repositories hosted on Docker Hub that are designed to:
In just over one year, Microsoft support for Windows Server 2008 will come to an end. Without the proper planning in place, the ripple effects may impact your business. The cost of maintenance will skyrocket, while security and compliance risks will increase without regular patches.
So, how can companies beat the clock? The short answer is enterprise container platforms can provide a fast and simple way to transform expensive and difficult-to-maintain applications into efficient, secure and portable applications ready for modern infrastructure – whether current Windows Server releases (such as WS 2016 or later) and/or into the cloud. Taking this approach saves a significant amount of money and improves security and performance across the application lifecycle.
We are already seeing immediate demand from customers in modernizing their existing Windows Server applications in preparation for the end of support in January 2020 – here are five key takeaways we have learned in the process.
The fact is that most data in the largest businesses (or companies) in the world run on legacy applications. And these applications can continue to provide value if enterprises containerize and migrate them to modern environments to make them more Continue reading
Last week, we announced the Docker Windows Server Application Migration Program, designed to help companies quickly and easily migrate and modernize legacy Windows Server 2008 applications while driving continuous innovation across any application, anywhere.
We recognize that Windows Server 2008 is one of the most widely used operating systems today and the coming end-of-support in January 2020 leaves IT organizations with few viable options to cost-effectively secure their legacy applications and data. The Docker Windows Server Application Migration Program represents the best and only way to containerize and secure legacy Windows Server applications while enabling software-driven business transformation. With this new program, customers get:
Back in October at DockerCon Europe, we announced that Docker will be delivering a seamless and simplified integration of Kubernetes into the Docker platform. By integrating Kubernetes with Docker EE, we provide the choice to use Kubernetes and/or Docker Swarm for orchestration while maintaining the consistent developer to operator workflow users have come to expect from Docker. For users, this means they get an unmodified, conformant version of Kubernetes with the added value of the Docker platform including security, management, a familiar developer workflow and tooling, broad ecosystem compatibility and an adherence to industry standards including containerd and the OCI.
One of the biggest questions that we’ve been asked since we announced support for Kubernetes at DockerCon EU – what does this mean for an operations team that is already using Kubernetes to orchestrate containers within their enterprise? The answer is really fairly straightforward – Kubernetes teams using Docker EE will have the following:
Docker Enterprise Edition with support for Kubernetes Continue reading
At DockerCon Europe, we announced that Docker will be delivering seamless integration of Kubernetes into the Docker platform. Bringing Kubernetes to Docker Enterprise Edition (EE) will simplify and advance the management of Kubernetes for enterprise IT and deliver the advanced capabilities of Docker EE to a broader set of applications.
Docker EE is an enterprise-grade container platform that includes a private image registry, advanced security features and centralized management for the entire container lifecycle. By including Kubernetes for container orchestration, customers will have the ability to run both Swarm and Kubernetes in the same Docker EE cluster while still leveraging the same secure software supply chain for building and deploying applications.
Figure 1. Docker EE Architecture with Multiple Orchestrators
This is possible because Docker EE has a modular architecture that is designed to support multiple orchestrators. The Linux nodes are both Swarm and Kubernetes-ready and application teams can decide which orchestrator to use at app deployment time.
When creating a new Stack in Docker EE, you are given the choice of deploying it as Swarm Services or as Kubernetes Workloads:
Figure 2. Selectable modes at app deployment time
Upon deployment, the Docker EE dashboard has a “Shared Resources” area Continue reading
It’s another exciting day with a new release of Docker Datacenter (DDC) on 1.13. This release includes loads of new features around app services, security, image distribution and usability.
Check out the upcoming webinar on Feb 16th for a demo of all the latest features.
Let’s dig into some of the new features:
This release of Docker Datacenter includes integrated support for secrets management from development all the way to production.
This feature allows users to store confidential data (e.g. passwords, certificates) securely on the cluster and inject these secrets to a service. Developers can reference the secrets needed by different services in the familiar Compose file format and handoff to IT for deployment in production. Check out the blog post on Docker secrets management for more details on implementation. DDC integrates secrets and adds several enterprise-grade enhancements, including lifecycle management and deployment of secrets in the UI, label-based granular access control for enhanced security, and auditing users’ access to secrets via syslog.
Another element of delivering safer apps is around the ability to ensure trusted delivery of the code that makes up that app. In addition to Continue reading
Today we are excited to introduce new additions to Docker Datacenter, our Container as a Service (CaaS) platform for enterprise IT and application teams. Docker Datacenter provides an integrated platform for developers and IT operations teams to collaborate securely on the application lifecycle. Built on the foundation of Docker Engine, Docker Datacenter (DDC) also provides integrated orchestration, management and security around managing resources like access, images, applications, networks and more across the cluster.
This latest release of Docker Datacenter includes a number of new features and improvements focused in the following areas:
Let’s dig into some of the new features.
Enterprise orchestration with backward compatibility
This release of Docker Datacenter not only integrates the built in orchestration capabilities of Docker Engine 1.12 utilizing swarm mode and services, but also provides backwards compatibility for standalone containers using the
docker run commands. To help enterprise application teams migrate, it is important Continue reading