Let’s imagine that your company hosts its services in its own private cloud and has no shortage of cash. But you’re still not going to simply throw money away reinventing the wheel if you’ve got some alternative, right? It turns out that, for many cases, there is an alternative, and it’s open source, secure, and as reliable as you could hope for. It’s Docker.
We’re going to explore the business case for Docker, but if you want to try Docker from the inside, try this terrific Cloud Academy course.
What the Docker hosting ecosystem and related services have going for them
1. Cost effective
This is a major concern when talking about cloud hosting services, as it impacts a business’ long-term survival. It will also depend on the number of services that you are running in your Docker image. With cost in mind, let’s look at a few hosting options:
Dockerhub is a docker spinoff that offers unlimited free public repositories (and one private repository). It offers a huge registry where most commonly used images are found.
You might want to try Tutum which, at least while it’s still in Beta, is also available for free. Tutum appears to excel at providing simple and efficient access options for your container management, offering a full-featured browser-based GUI.
Amazon Web Services provides a brilliant way to getting things done easily without much head-banging. Have a look at their recently launched AWS ECS container service (part of the EC2 environment). Rather than create a new deployment system specifically for Docker, Amazon uses the existing EC2 infrastructure to deploy and manage containers. Docker-ized apps can be launched and managed in clusters of EC2 instances that span multiple Availability Zones, and different instance types can be mixed for operational efficiency, incurring no charges (beyond normal usage costs). This addresses multi-container, multi-host clustering needs, answering customer requirements for high-performance and scale as they move their Dockerized distributed applications into production.
Amazon’s AWS Elastic Beanstalk provides a pre-built infrastructure that automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring. You can manage your web application in an environment that supports the entire range of services that are integrated with AWS Elastic Beanstalk.
Running web apps at scale is the new normal. From gaming to astrophysics, things are increasingly getting done on scale. So why not have a dry run of the future with SSD clouds. Well, DigitalOcean and StackDock could be worth a try, and they’re not too badly priced, either. Docker images, as we know, are environment-independent and can therefore be hosted anywhere without issues. While DigitalOcean provides a brilliant documentation on numerous docker related services, StackDock’s support is pretty vague…matching its basic, cheap and easy service. So stackdock might be better for people just experimenting and looking for no-frill service. Your choice will depend on your strategy, and whether your containers will be mission-critical and scalable, or whether you’re fine with something more basic.
This is the outer skin of IT that cannot be ignored. After all, skeletons don’t look great, while your skin completes and protects you. So yes, security is a major concern when we talk of cloud and hosting dockers – just as it is for any hosted web apps. Running the Docker daemon requires root privileges on the Linux host or kernel installation. This can carry some significant security consequences if poorly managed, since the Docker application can be used to share underlying system resources with any containers, and can potentially allow the containers to modify files and attributes of the host OS. Under certain circumstances, a malicious user could even leverage APIs to cause Docker to create entirely new containers.
Docker modified its REST API to use traditional UNIX sockets, allowing users to take advantage of standard UNIX permissions to limit access and control over Docker actions. On the other hand, Docker recommends severely limiting privileged use within containers since many of the normal root capabilities are handled outside the containers by the Docker daemon and components. In many ways, Docker containers can help to limit exposure and improve security if permissions and privilege limitation are implemented properly. In hosted docker environment, many of the traditional security concerns for SaaS providers still apply. The security of the underlying host systems will be critical, as well as repository monitoring to ensure no private container data is exposed or account and authentication data available. So it’s very important that the hosting service provider is secured.
Red Hat has launched an interesting initiative known as projectatomic that actually uses SELINUX (NSA) to add security to containers – especially Docker containers. The bottom line here? Do not run untrusted Docker images. Treat a Docker image the same way you would treat other software you install on your machine. It should be from a source you trust. You should not blindly install software from a third party just to get the latest version of a project or to save a little time.
Quay.io is another secure hosting option for private Docker repos. Quay is a coreOS adoption which provides a great GUI and gives a feeling of github for Docker repos. It’s worth a try..
You might also like to take a look at Andrea’s overview of some popular hosting providers here.
So down the line, we see that a very rich range of docker hosting providers coming online – each with its unique strengths and weaknesses. Keep these important performance-centric parameters in mind:
- Don’t just dockerize : Understand the use case and then choose the hosting provider. Look at the size of scale and if you have to dockerize just a small percentage, do just that. Don’t camouflage the whole infrastructure behind dockers, you may bear some hidden costs later.
- Don’t store data: Use a hosting provider that supports services like AWS or GCS. If you stop a running docker by mistake, it will be difficult to restore so use logstash or similar remote logging services to be data-secured. To learn more about AWS and GCS, join Cloud Academy courses:
- When everything else has been said, choosing a hosting provider requires a trade-off between cost and returns, so the better you understand Docker and its environment, the smoother the transition will be.
2018 Was a Big Year for Content at Cloud Academy
As Head of Content at Cloud Academy I work closely with our customers and my domain leads to prioritize quarterly content plans that will achieve the best outcomes for our customers.We started 2018 with two content objectives: To show customer teams how to use Cloud Services to solv...
2019 Cloud Computing Predictions
2018 was a banner year in cloud computing, with Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) all continuing to launch new and innovative services. We also saw growth among enterprises in the adoption of methodologies supporting the move toward cloud-native...
Introducing Assessment Cycles
Today, cloud technology platforms and best practices around them move faster than ever, resulting in a paradigm shift for how organizations onboard and train their employees. While assessing employee skills on an annual basis might have sufficed a decade ago, the reality is that organiz...
Cloud Skills: Transforming Your Teams with Technology and Data
How building Cloud Academy helped us understand the challenges of transforming large teams, and how data and planning can help with your cloud transformation.When we started Cloud Academy a few years ago, our founding team knew that cloud was going to be a revolution for the IT indu...
Disadvantages of Cloud Computing
If you want to deliver digital services of any kind, you’ll need to compute resources including CPU, memory, storage, and network connectivity. Which resources you choose for your delivery, cloud-based or local, is up to you. But you’ll definitely want to do your homework first.Cloud ...
Announcing Skill Profiles Beta
Now that you’ve decided to invest in the cloud, one of your chief concerns might be maximizing your investment. With little time to align resources with your vision, how do you objectively know the capabilities of your teams?By partnering with hundreds of enterprise organizations, we’...
A New Paradigm for Cloud Training is Needed (and Other Insights We Can Democratize)
It’s no secret that cloud, its supporting technologies, and the capabilities it unlocks is disrupting IT. Whether you’re cloud-first, multi-cloud, or migrating workload by workload, every step up the ever-changing cloud capability curve depends on your people, your technology, and your ...
What is Chaos Engineering? Failure Becomes Reliability
In the IT world, failure is inevitable. A server might go down, an app may fail, etc. Does your team know what to do during a major outage? Do you know what instances may cause a larger systems failure? Chaos engineering, or chaos as a service, will help you fail responsibly.It almo...
AWS re:Invent 2017: Themes and Tools Shaping Cloud Computing in 2018
As the sixth annual re:Invent approaches, it’s a good time to look back at how the industry has progressed over the past year. How have last year’s trends held up, and what new trends are on the horizon? Where is AWS investing with its products and services? How are enterprises respondi...
Cloud Academy at Cloud Expo Santa Clara, Oct 31 – Nov 2
71% of IT decision-makers believe that a lack of cloud expertise in their organizations has resulted in lost revenue.1 That’s why building a culture of cloud—and the common language and skills to support cloud-first—is so important for companies who want to stay ahead of the transfo...
Product News: Announcing Cloud Academy Exams, Improved Filtering, Navigation, and More
At Cloud Academy, we’re obsessed with creating value for the organizations who trust us as the single source for the learning, practice, and collaboration that enables a culture of cloud.Today, we’re excited to announce the general availability of several new features in our Content L...
On ‘the public understanding of encryption’ Tweet by Paul Johnston
Some of the questions by journalists about encryption prove they don't get it. Politicians don't seem to get it either (most of them). In fact, outside technology, there are some ridiculous notions of what encryption means. Over and over again, the same rubbish around encryption gets re...