Let’s imagine that your company hosts its services in its own private cloud and has no shortage of cash. But you’re still not going to simply throw money away reinventing the wheel if you’ve got some alternative, right? It turns out that, for many cases, there is an alternative, and it’s open source, secure, and as reliable as you could hope for. It’s Docker.
We’re going to explore the business case for Docker, but if you want to try Docker from the inside, try this Cloud Academy course on Getting Started with Docker.
What the Docker hosting ecosystem and related services have going for them
This is a major concern when talking about cloud hosting services, as it impacts a business’ long-term survival. It will also depend on the number of services that you are running in your Docker image. With cost in mind, let’s look at a few hosting options:
Dockerhub is a docker spinoff that offers unlimited free public repositories (and one private repository). It offers a huge registry where most commonly used images are found.
You might want to try Tutum which, at least while it’s still in Beta, is also available for free. Tutum appears to excel at providing simple and efficient access options for your container management, offering a full-featured browser-based GUI.
Amazon Web Services provides a brilliant way of getting things done easily without much head-banging. Have a look at their recently launched AWS ECS container service (part of the EC2 environment). Rather than create a new deployment system specifically for Docker, Amazon uses the existing EC2 infrastructure to deploy and manage containers. Docker-ized apps can be launched and managed in clusters of EC2 instances that span multiple Availability Zones, and different instance types can be mixed for operational efficiency, incurring no charges (beyond normal usage costs). This addresses multi-container, multi-host clustering needs, answering customer requirements for high-performance and scale as they move their Dockerized distributed applications into production.
Amazon’s AWS Elastic Beanstalk provides a pre-built infrastructure that automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring. You can manage your web application in an environment that supports the entire range of services that are integrated with AWS Elastic Beanstalk.
Running web apps at scale is the new normal. From gaming to astrophysics, things are increasingly getting done on scale. So why not have a dry run of the future with SSD clouds. Well, DigitalOcean and StackDock could be worth a try, and they’re not too badly priced, either. Docker images, as we know, are environment-independent and can, therefore, be hosted anywhere without issues. While DigitalOcean provides brilliant documentation on numerous docker related services, StackDock’s support is pretty vague…matching its basic, cheap and easy service. So stack dock might be better for people just experimenting and looking for no-frills service. Your choice will depend on your strategy, and whether your containers will be mission-critical and scalable, or whether you’re fine with something more basic.
This is the outer skin of IT that cannot be ignored. After all, skeletons don’t look great, while your skin completes and protects you. So yes, security is a major concern when we talk of cloud and hosting dockers – just as it is for any hosted web apps. Running the Docker daemon requires root privileges on the Linux host or kernel installation. This can carry some significant security consequences if poorly managed, since the Docker application can be used to share underlying system resources with any containers, and can potentially allow the containers to modify files and attributes of the host OS. Under certain circumstances, a malicious user could even leverage APIs to cause Docker to create entirely new containers.
Docker modified its REST API to use traditional UNIX sockets, allowing users to take advantage of standard UNIX permissions to limit access and control over Docker actions. On the other hand, Docker recommends severely limiting privileged use within containers since many of the normal root capabilities are handled outside the containers by the Docker daemon and components. In many ways, Docker containers can help to limit exposure and improve security if permissions and privilege limitation is implemented properly. In hosted docker environment, many of the traditional security concerns for SaaS providers still apply. The security of the underlying host systems will be critical, as well as repository monitoring to ensure no private container data is exposed or account and authentication data available. So it’s very important that the hosting service provider is secured.
Red Hat has launched an interesting initiative known as projectatomic that actually uses SELINUX (NSA) to add security to containers -, especially Docker containers. The bottom line here? Do not run untrusted Docker images. Treat a Docker image the same way you would treat other software you install on your machine. It should be from a source you trust. You should not blindly install software from a third party just to get the latest version of a project or to save a little time.
Quay.io is another secure hosting option for private Docker repos. Quay is a coreOS adoption which provides a great GUI and gives a feeling of GitHub for Docker repos. It’s worth a try.
You might also like to take a look at Andrea’s overview of some popular hosting providers here.
So down the line, we see that a very rich range of docker hosting providers coming online – each with its unique strengths and weaknesses. Keep these important performance-centric parameters in mind:
- Don’t just dockerize: Understand the use case and then choose the hosting provider. Look at the size of scale and if you have to dockerize just a small percentage, do just that. Don’t camouflage the whole infrastructure behind dockers, you may bear some hidden costs later.
- Don’t store data: Use a hosting provider that supports services like AWS or GCS. If you stop a running docker by mistake, it will be difficult to restore so use logstash or similar remote logging services to be data-secured.
- When everything else has been said, choosing a hosting provider requires a trade-off between cost and returns, so the better you understand Docker and its environment, the smoother the transition will be.