Docker Enterprise Edition for Linux on IBM Z (yes, mainframe!)

Recently we released a new version of Docker Enterprise Edition featuring expansion of the multi-architecture capabilities from Linux to Windows Server and now the IBM Z mainframe platform. Enterprise IT architecture is complex and diverse and include workloads across different server hardware types and operating systems.

Docker and IBM have partnered together to deliver the support for Red Hat Enterprise Linux, Ubuntu and SUSE Linux Enterprise Server for IBM Z (x390x) systems as certified infrastructure for Docker Enterprise Edition. This first release features support for the the IBM Z product family.

Why bring Docker containers and mainframe systems together? Enterprises across industries like financial services, government, manufacturing and more use mainframe systems for many high throughput applications. Many organizations recognize that these applications are at the core of their systems but rewriting and refactoring them for a different platform is expensive and time-consuming. By wrapping them in a container, organizations can make these applications easier to maintain and update while bringing them into the same software supply chain as other x86 applications

Multi-Architecture Support for Mainframe Systems

Docker Enterprise Edition allows for the same orchestration, security model, supply chain and integrated management that can be applied across a broader range Continue reading

The Tale of Windows UAC and Incompetent Programmers

The Tail of Windows UAC

Windows systems… I’m not particularly fond of them anymore. I do believe however that the introduction of UAC, while not perfect¹, was a step in the right direction.

We’re all familiar with UAC by now; introduced in Windows Vista and got better by newer versions. While the technical details are complex, the basic concept is simple enough.

Microsoft realized that no matter how much they empathize on Principle of least privilege and advise against using administrator accounts for everyday tasks², almost all users still do so anyway. On top of that, programmers not following any guidelines, use any location they deem to be fit for their application’s settings.

A solution was needed. One that would not break compatibility with older programs, while giving programmers time to adjust to the new security model. It was also needed to give the sensation of “Administrator privilege” to those users who are so damn eager to have it all the time.

So thanks to the windows users and programmers, we ended up with an overly complicated solution for an imaginary problem³.

From the very start, the new model managed to get a bad reputation. Continue reading

Red Hat Ansible Automation: Engine, Tower or Both

Whether you’re a seasoned veteran of Ansible, or just starting out, the following blog provides experts and newbies with an update to the Red Hat Ansible Automation portfolio of products from Red Hat. You may have seen the official press release, and this blog hopes to answer some of the questions you still have.

Built on open source, backed by Red Hat

The Ansible project is one of the most popular open source projects, with almost 3,000 contributors in just over five years of existence. The Ansible project has always been an important part of the Ansible Tower “built-for-enterprise” story, but over the past few years a pattern has begun to emerge.

The Ansible project has grown over time, moving from just managing Linux servers to managing different types of devices: servers, virtual machines, containers, networking hardware, Windows platforms… even smart light bulbs. With the breadth of abilities to automate highly heterogeneous environments we received more requests for additional Red Hat offerings for diverse automation use cases. Red Hat Ansible Engine is now available for individuals and small teams to receive support for their Ansible environment, even if they do not need enterprise scalability via Ansible Tower.

Deep Dive: Red Hat Ansible Tower 3.2

We are excited to announce the release of Red Hat Ansible Tower 3.2 for availability soon. Our engineering team has been working hard to enable Ansible Tower to provide the best platform for managing, executing, and delegating your Ansible automation throughout your entire enterprise, whether you’re managing servers, applications, networks, and more.

With Ansible Tower 3.2, we’re continuing to innovate in two main areas:

• making automation more powerful and more flexible
• enabling continued enterprise-wide deployment of automation

To do that, we’ve enhanced several areas of Ansible Tower, and I’m happy to talk about them today.

Enhanced Integration with Red Hat Insights

With Ansible Tower 3.1, we built the first step of our integration with Red Hat Insights - allowing you to sync Insights remediation playbooks to Ansible Tower for use as needed. We’ve continued to enhance this integration in Ansible Tower 3.2. Now, we bring the ability to view Insights Actions directly in Ansible Tower. With this, you can more easily see your minor, major, and critical issues, and with just a few clicks, schedule remediation with Insights Plans.

Built-in Fact Caching

Ansible facts give you powerful capabilities to adjust, branch, and conditionalize playbook execution Continue reading

Secure Multi-Tenancy at Scale with Docker Enterprise Edition

With the latest release of Docker Enterprise Edition (EE), enterprise organizations are able to extend the benefits of containers across their entire application portfolio. Docker EE enables rapid modernization of traditional Windows and Linux applications as well as Linux applications running on IBM Z mainframes. By addressing all of these applications, Docker EE provides the opportunity to standardize around a common packaging format for greater portability, agility, and with an additional layer of security, resulting in more teams bringing their workloads into Docker EE.

The key to operating this diverse environment is to have a way to secure and isolate the applications and the multiple teams who build, ship, and deploy them. This release of Docker Enterprise Edition makes it possible for organizations to modernize traditional applications of every variety and to do so in a secure manner that aligns to complex organizational needs.

Building a Secure Software Supply Chain for Windows Applications

Windows applications make up about half of all enterprise applications. Docker has been working closely with Microsoft to ensure that the same security benefits that are available to Linux containers are also available to Windows Server containers. When Windows containers are managed with Docker EE, organizations Continue reading

Using Keybase with GPG on macOS

During my too-brief stint using Fedora Linux as my primary laptop OS (see here for some details), I became attached to using GPG (GNU Privacy Guard)—in conjunction with Keybase—for signing Git commits and signing e-mail messages. Upon moving back to macOS, I found that I needed to set this configuration back up again, and so I thought I’d document it here in case others find it useful.

I’m making a couple assumptions here:

1. First, I’m assuming you’ve already signed up for Keybase, generated your proofs, installed the app (this provides the keybase CLI tool), and created a PGP key using Keybase. (Hard-core PGP/GPG users will probably prefer to create their key outside of Keybase and import it, but then again they aren’t necessarily the target audience for this article either.)

2. Second, I’m assuming you’ve already installed GPG on your Mac, typically via something like GPG Tools.

With those assumptions in mind, let’s assume that you’d like to be able to use the PGP key generated by/stored in Keybase with something like GPGMail. Here are the steps you’d need to follow to do that:

1. First, you’ll need to export the PGP public key out of Keybase and into Continue reading

Docker in the Enterprise Showcased at VMworld 2017

Last week, in the blistering heat of Las Vegas, Docker had a chance to interact with thousands of VMworld attendees to talk about containers. The message we heard again and again was that those in charge of infrastructure and virtualization are now being asked to manage containers. Sometimes it is being driven by developer teams that are already using Docker, but sometimes it is the infrastructure teams who recognize the benefits of moving applications to containers for easier maintenance and operations as well as cost savings. With Docker Enterprise Edition (EE), we have a solution that is designed to let IT secure and manage containerized applications.

Learn More About Docker for VMware Admins

If you’re interested in learning more about how Docker EE allows IT to improve operations, move workloads to the cloud and increase application agility all while saving costs, we’re happy to be partnering with the VMware User Group (VMUG) to deliver a webcast tomorrow. Register now to see how Docker EE is being used by some of the world’s largest container deployments, how Docker works with Windows applications or to clarify any confusion you may have about how Docker containers and VMs work together.

Docker + vSphere: Two Continue reading

Coming Soon: Networking Features in Ansible 2.4

Wow, how time flies! Here we go with another Ansible Project release packed full of updates for automating network infrastructure. After spending the last year heavily focused on building much of the foundation for Ansible network integration, this release represents the beginning of the journey towards building more application-aware, declarative-based Ansible modules. This is an exciting time and on behalf of the entire Ansible community, including the Ansible network engineering team. I’m very pleased to share with you the enhancements and updates to network integration included with the forthcoming Ansible 2.4 open source release.

The initial introduction of network support was originally conceived to help operators focus on being able to execute configuration changes on network devices with a set of imperative-based configuration modules.

Today, the Ansible network modules are focused on pushing configuration statements to network devices. It was a small step, but an important one in the journey towards full configuration management of physical network devices.

Since then, we have turned our attention towards how to better help organizations become more agile in actively managing network configurations. Over the course of the Ansible 2.4 release, we have been phasing in a more intelligent approach to building Continue reading

Docker in Higher Education: Announcing Tools & Resources for Teachers

At the beginning of the summer we published a blog post announcing the Docker Student Developer Kit and Campus Ambassador program. The positive reception from students has been overwhelming and we were so excited to see hundreds of applications flood in!

Many teachers took notice of the enthusiasm of their students and began to reach out, asking us for tools, resources and support in using Docker in the classroom and adding Docker to their curriculum. To this end we have put together a free package for teachers!

Making use of this offer will enable teachers to effectively use and teach Docker in the classroom as we will be able to provide:

1. Free Tools: eliminating the need for students to install anything locally, thus saving you valuable class time
2. Resources: the most up to date presentations, hands-on labs, workshops etc. on every topic for every skill level
3. Support and recognition: you will have a dedicated contact at Docker to help you through the process and also be welcomed into the online Docker Teachers community where you can collaborate and learn from other educators

If you are a teacher at a higher-education institution who would like to unlock the benefits outlined Continue reading

What’s New in Docker Enterprise Edition Webinar Recap

The latest release of Docker Enterprise Edition (EE) allows organizations to modernize Windows, Linux, and Linux-on-mainframe applications—all with minimal disruption. The release also allows organizations to run containers at scale with advanced capabilities around secure multi-tenancy and policy-based automation.

In last week’s webinar, we walked through the key new features of this release and saw a demo of Docker EE in action. If you missed the webinar, you can watch it here:

Here are the top questions from the webinar:

Q: Can you provide more information about Windows support? Which version of Windows? Is this only available with Docker Enterprise Edition?

A: You can run Windows Docker containers either with Docker Community Edition for Windows (PC) which supports Windows 10 or Docker Enterprise Edition for Windows Server 2016 (including Nano Server). Docker EE Basic is included with the Windows Server 2016 license, and you also have the option to upgrade to EE Standard or EE Advanced for Windows Server 2016 to get complete lifecycle management capabilities, Docker Trusted Registry, and advanced security features like image signing and scanning.

Q: Is it possible to deploy the Windows containers on top of a native Linux host?

A: As a form of packaging Continue reading

A Brief Look at VMware’s Three Cloud Approaches

I’m at VMworld 2017 this week (obviously, based on my tweets and blog posts), and in the general sessions Monday and yesterday VMware made a big deal about how VMware is approaching cloud computing and cloud services. However, as I’ve been talking to other attendees, it’s become clear to me that many people don’t understand the three-pronged approach VMware is taking.

I should start out by saying that this post hasn’t been officially reviewed by VMware (none of my stuff is) and may not align with the “approved” marketing approach, so keep that in mind. This is just me speaking.

As I see it, the three cloud approaches are as follows:

1. Private cloud
2. VMware Cloud on AWS
3. VMware Cloud Services for native cloud workloads

The first option (private cloud) is, I think, pretty much self-explanatory. VMware is offering VMware Cloud Foundation to help streamline some of the infrastructure management in this space, and then the VMware SDDC stack (vSphere, vSAN, and NSX) are layered on top. Couple that with a cloud management platform/automation platform such as OpenStack (VIO would be a good option) or vRealize Automation, and you have a private cloud. (I’m glossing over a few details, but you Continue reading

An Inside Look at the Docker Captains Program

Since launching the Docker Captains over a year ago, we’ve received a lot of questions: What is a Docker Captain? What do Captains do? How do I become a Captain? So who better to answer that than the Docker Captains themselves? At DockerCon Austin, we asked the Docker Captains to share their favorite thing about wearing the Captain’s hat.

What is a Captain?

Captains are Docker experts that are leaders in their communities, organizations or ecosystems. As Docker advocates, they are committed to sharing their knowledge and do so every chance they get!

What do Captains do?

Captains are advisors, ambassadors, coders, contributors, creators, tool builders, speakers, mentors, maintainers and super users and are required to be active stewards of Docker in order to remain in the program.

In addition to sharing their knowledge with the community, Captains provide insight and feedback to Docker. They have direct access to our technical teams, and are first to hear about and try upcoming features, product releases and big announcements.

What do Captains get? 

In return for their efforts, Captains get access to the existing captains community and Docker staff. They get ongoing training, private briefings and Slack chat channels where Captains Continue reading

Why You Should Attend AnsibleFest

It’s that time again! The time when automators from all over converge at the official event for all things Ansible — AnsibleFest San Francisco! Fresh off the heels from a packed house at AnsibleFest London in June, AnsibleFest San Francisco is shaping up to be the biggest AnsibleFest ever. With about a week before showtime, now’s the best time to start planning a trip to the “City by the Bay” for a fantastic event before it sells out.

To give a better idea of what to expect (and how to convince your manager to go), I’ve provided the top five reasons to go to AnsibleFest in San Francisco:

1. Expanded agenda and a session on Key Topics and Trends with Jim Whitehurst Red Hat CEO

We’ve heard your feedback, and listened: now more breakout sessions! We have made an unprecedented increase in sessions, up from 16 to 25, from customers, partners and the community. All session have been posted to the AnsibleFest agenda so you can see the better-than-ever lineup we have created.

2. All Ansible, all the time

Of course, we realize that Red Hat Summit is the company’s flagship event (I’ve been to seven of them), but Summit Continue reading

Liveblog: VMworld 2017 Day 2 Keynote

This is a liveblog of the day 2 keynote at VMworld 2017 in Las Vegas, NV. Unlike yesterday, I wasn’t accosted by the local facilities team trying to get a seat at a table in the bloggers/press/analyst area, so that’s an improvement over yesterday. While I’m aware of (most, if not all, of) the announcements that will be made today, I’m still looking forward to the keynote.

Promptly at 9am, Pat Gelsinger takes the stage to kick off the day 2 keynote. He quickly recaps yesterday’s announcements and activities, and then rapidly dives into day 2. First up is a “fireside chat” with Michael Dell.

Gelsinger brings Dell onto the stage and they dive into a number of questions submitted by folks.

• Gelsinger fields the first question, which is regarding VMware support. He calls on customers to be sure to let VMware know if support, services, products, etc., don’t meet their expectations. Gelsinger refers back to Skyline, which was brushed off yesterday, as a key component of improving VMware’s support mechanisms.
• Dell leads off the discussion on a question regarding quantum computing, artificial intelligence (AI) and machine learning (ML), and other forward-looking efforts. Naturally, he positions his company (Dell Continue reading

Video Series: Modernizing .NET Apps for IT Pros

This is a new 5-part video series in Docker’s Modernize Traditional Apps (MTA) program, aimed at Microsoft IT Pros. The video series shows you how to move a .NET 3.5 app from Windows Server to a Windows Docker container and deploy it to a scalable, highly-available environment in the cloud – without any changes to the app.

Part 1 introduces the series, explaining what is meant by “traditional” apps and the problems they present. Traditional apps are built to run on a server, rather than on a modern application platform. They have common traits, like being complex to manage and difficult to deploy. A portfolio of traditional applications tends to under-utilize its infrastructure, and over-utilize the humans who manage it. Docker Enterprise Edition (EE) fixes that, giving you a consistent way to package, release and manage all your apps, without having to re-write them.

Part 2 shows how easy it is to move traditional apps to Docker EE. I start with an ASP.NET 3.5 WebForms application running on Windows Server 2003, and use Image2Docker to extract the app and package it as a Docker image. Then I run the application in a Docker Windows container on Continue reading

Liveblog: VMworld 2017 Day 1 Keynote

This is a liveblog of the day 1 keynote at VMworld 2017 in Las Vegas, NV. There was a bit of a kerfluffle regarding seating (the local facilities staff didn’t want to let me sit in the bloggers’ area because “you’re not a blogger”), but I managed to snag a seat anyway.

Prior to the keynote, a number of announcements were released; here’s a quick look at a few of them:

• VMware and AWS Announce Initial Availability of VMware Cloud on AWS
• VMware Integrated OpenStack 4.0 and vRealize Network Insight (vRNI) 3.5
• Availability of VMware Cloud Services (Discovery, Cost Insight, Network Insight, AppDefense, NSX Cloud, Wavefront) (this has been a big part of my work life for the last year, great to see them available)

Pat Gelsinger takes the stage at about 9:05am, after a very cool AR/VR demo. Gelsinger welcomes the crowd, and takes a minute to reflect upon his time at CEO of VMware. Gelsinger also takes a moment to talk about the devastation caused by Hurricane Harvey, and urges attendees to help support the recovery of that effort.

Gelsinger talks how “science fiction” is becoming “science fact”: exoskeletons, teleportation, and genetically modified organisms via CRISPR. Continue reading

Technology Short Take #86

Welcome to Technology Short Take #86, the latest collection of links, articles, and posts from around the web, focused on major data center technology areas. Enjoy!

Networking

• Csilla Bessenyei has a series of articles on step-by-step automation that you might find helpful. I found the articles at step 5, the benefits of Git for network engineers, but the previous four articles also look helpful.
• James Governor provides a useful explanation of a service mesh in the context of Istio and Linkerd; this is helpful for those of you out there who’ve heard the terms/names but haven’t had time to really dig in and understand what’s happening here.
• Speaking of service mesh: a couple related articles passed across my desk(top) recently. The first of these is an article on using Traefik with Kubernetes and Let’s Encrypt (throwing in a Consul back-end for the fun of it). The second is this post on Istio plus Linkerd, which talks about how to use Linkerd in conjunction with Istio to build a service mesh. (Do I need to talk about how understanding a service mesh is a good thing for networking professionals? That might be a good blog post topic right there! Continue reading

Moby Project and Open Source Summit North America

Docker will be at Open Source Summit from to highlight new development with the Moby Project and it’s various components: containerd, LinuxKit, InfraKit, Notary, etc.

Come see us at Booth #510 to learn more about:

• The different uses cases for the Moby Projects and components
• The difference between Docker and the Moby Project
• How to get started with each component

As part of the OSS NA, Docker is also organizing a Moby Summit on September 14, 2017. Following the success of the previous editions, we’ll keep the same format which consists of short technical talks / demos in the morning and Birds-of-a-Feather in the afternoon.

 We have an excellent line up of speakers in store for you and are excited to share the agenda below. We hope that these sessions inspire you to come participate in the Moby community and register for this Moby summit.

For those of you who can’t attend the summit we recommend the following sessions as part of the main event / tracks:

Building specialized container-based systems with Moby: a few use cases

Speaker: Patrick Chanezon

This talk will explain how you can leverage the Moby project to assemble your own Continue reading

Announcing new DockerCon Europe tracks, sessions, speakers and website!

The DockerCon Europe website has a fresh look and new sessions added. The DockerCon Review Committee is still working through announcing final sessions in each breakout track, but below is an overview of the tracks and content you’ll find this year in Copenhagen. To view abstracts in more detail check out the Agenda Page.

In case you missed it, we have two summits happening on Thursday, October 19th. The Moby Summit, a hands-on collaborative event for advanced container users who are actively maintaining, contributing or generally interested in the design and development of the Moby Project and it’s components. The Enterprise Summit, a full day event for enterprise IT practitioners who want to learn how they can embrace the journey to hybrid IT and implement a new strategy to help fund their modernization efforts.

We have an excellent line up of speakers in store for you and are excited to share the agenda below. We hope that these sessions inspire you to register to DockerCon Europe.

Using Docker

Using Docker sessions are introductory sessions for Docker users, dev and ops alike. Filled with practical advice, learnings, and insight, these sessions will help you get started with Docker or Continue reading

Test Drive Docker Enterprise Edition at VMworld 2017

Docker will be at VMworld 2017 next week (August 27-31) in Las Vegas to highlight new developments with Docker Enterprise Edition (EE), the only Container as a Service (CaaS) platform for managing and securing Windows, Linux and mainframe applications across any infrastructure, both on premises and in the cloud.

Stop by Booth #1206 to learn more about:

• How VMs and containers work together for improved application lifecycle management
• How containers and Docker EE can help IT with day-to-day maintenance and operations tasks
• How IT can lead modernization efforts with Docker EE and become drivers of innovation in their organizations

Just as VMware vSphere simplified the management of VMs and made virtualization the de facto standard inside the data center, Docker is driving containerization of your entire application portfolio with Docker EE and helping organizations like yours to achieve their cloud and app modernization goals without requiring you to change how you operate.

Test Drive Docker EE in the Booth

Don’t miss the chance to get hands-on experience with Docker with our in-booth labs. Led by Docker experts, you will get to see for yourself how Docker brings all applications—traditional and cloud-native, Windows and Linux, on-prem and in Continue reading