When it comes to the Docker container ecosystem, a lot truly has changed over the last while. Depending on the...
last time you explored Docker, you might be surprised at some of the changes the Docker container services have undergone -- especially how much they have evolved to be enterprise-ready.
From Docker security enhancements, to container orchestration updates, to the release of new types of container platforms, Docker has endured a wide range of changes that made the container ecosystem much broader. They also helped to ready containers for enterprise adoption.
To understand exactly what has made the Docker container services enterprise-ready, let's break things down according to different sections of the container ecosystem.
Securing the Docker container stack is still challenging in some respects. But the release of CoreOS Clair and Docker Security Scanning, which help find security vulnerabilities within container images, have helped to plug one large Docker security hole.
In 2016, we saw the introduction or expansion of other container security platforms. Twistlock, a vendor that specializes in Docker security, secured funding to help build out its tool set. FlawCheck, another container security company, was acquired by Tenable, sending a signal to the market about the value of creating security offerings that go along with Docker container services. And new open source container security projects, like Trireme, debuted. As a side note, Trireme means warship in Greek, which is possibly a nod to Kubernetes -- a Greek word for helmsman.
Is Docker secure enough for the enterprise? That's a question that enterprise CTOs will have to answer for themselves. But in the wake of developments occurring over 2016 and 2017, they are now likely to answer in the affirmative.
One of the more momentous Docker announcements of 2016 was the decision to bake Swarm, Docker's own container orchestration platform, into Docker itself. While Docker is still compatible with other types of orchestrators, like Kubernetes and Mesos, this change provided easier access to container orchestration -- even for people who are simply experimenting with Docker.
Technologically, integrating Swarm into Docker's core offering did not change much. Swarm still works the same way. But from an ecosystem perspective, it made Docker a more holistic platform and encouraged Docker partners to focus on innovating in areas other than orchestration. It also encouraged companies that might be considered Docker frenemies, like Red Hat, to double down on their commitment to building alternative orchestrators into their container distributions -- such as OpenShift in Red Hat's case.
Docker's acquisition of Unikernels -- a company that specialized in building lightweight, stand-alone operating systems known, appropriately enough, as unikernels -- may be old news by now. And Docker, so far, has not said anything significant about what it plans to do with unikernels.
Still, if you want to understand where Docker is headed, this acquisition is worth keeping in mind. The Unikernels grab suggested that Docker plans to build out its platform to include unikernels along with Docker containers. Unikernels are valuable because they can run almost instantly on any type of hardware, without requiring a host operating system. That makes them even more lightweight and portable than Docker containers, which require a Docker server to run on.
A big part of what is making Docker container services enterprise-ready is Windows.
Before adding native Windows support, Docker already offered a Windows installer that set up a Linux-based virtual machine and ran Docker there for Windows users. However, native Windows support takes things much further. It means all of the benefits of Docker are now available on Windows, without the overhead of a virtual machine. There are, however, some caveats, such as limited networking support for Windows containers.
So far, we've covered Docker. But there have also been significant changes to other container platforms. Most notably, in 2016, Canonical released LXD, a system container platform built on top of LXC. LXD is different from Docker in that LXD is designed to run entire operating systems inside containers, whereas Docker containers are primarily used to host just individual applications.
From a container ecosystem perspective, the release of LXD, combined with the persistence of other types of system container platforms, such as OpenVZ, is a sign that the container landscape is expanding beyond Docker container services. For many people today, containers may still basically be synonymous with Docker, but that is likely to change going forward, as developers come to realize that container technology can be used for other purposes.
Repackaged container management tools are bringing enterprises back to Docker
How to network Docker containers for critical production workloads
Discover 10 Docker tutorials that can assist you in DevOps initiatives