Let’s imagine that your company hosts its services in its own private cloud and has no shortage of cash. But you’re still not going to simply throw money away reinventing the wheel if you’ve got some alternative, right? It turns out that, for many cases, there is an alternative, and it’s open source, secure, and as reliable as you could hope for. It’s Docker.
We’re going to explore the business case for Docker, but if you want to try Docker from the inside, try this Cloud Academy course on Getting Started with Docker.
What the Docker hosting ecosystem and related services have going for them
This is a major concern when talking about cloud hosting services, as it impacts a business’ long-term survival. It will also depend on the number of services that you are running in your Docker image. With cost in mind, let’s look at a few hosting options:
Dockerhub is a docker spinoff that offers unlimited free public repositories (and one private repository). It offers a huge registry where most commonly used images are found.
You might want to try Tutum which, at least while it’s still in Beta, is also available for free. Tutum appears to excel at providing simple and efficient access options for your container management, offering a full-featured browser-based GUI.
Amazon Web Services provides a brilliant way of getting things done easily without much head-banging. Have a look at their recently launched AWS ECS container service (part of the EC2 environment). Rather than create a new deployment system specifically for Docker, Amazon uses the existing EC2 infrastructure to deploy and manage containers. Docker-ized apps can be launched and managed in clusters of EC2 instances that span multiple Availability Zones, and different instance types can be mixed for operational efficiency, incurring no charges (beyond normal usage costs). This addresses multi-container, multi-host clustering needs, answering customer requirements for high-performance and scale as they move their Dockerized distributed applications into production.
Amazon’s AWS Elastic Beanstalk provides a pre-built infrastructure that automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring. You can manage your web application in an environment that supports the entire range of services that are integrated with AWS Elastic Beanstalk.
Running web apps at scale is the new normal. From gaming to astrophysics, things are increasingly getting done on scale. So why not have a dry run of the future with SSD clouds. Well, DigitalOcean and StackDock could be worth a try, and they’re not too badly priced, either. Docker images, as we know, are environment-independent and can, therefore, be hosted anywhere without issues. While DigitalOcean provides brilliant documentation on numerous docker related services, StackDock’s support is pretty vague…matching its basic, cheap and easy service. So stack dock might be better for people just experimenting and looking for no-frills service. Your choice will depend on your strategy, and whether your containers will be mission-critical and scalable, or whether you’re fine with something more basic.
This is the outer skin of IT that cannot be ignored. After all, skeletons don’t look great, while your skin completes and protects you. So yes, security is a major concern when we talk of cloud and hosting dockers – just as it is for any hosted web apps. Running the Docker daemon requires root privileges on the Linux host or kernel installation. This can carry some significant security consequences if poorly managed, since the Docker application can be used to share underlying system resources with any containers, and can potentially allow the containers to modify files and attributes of the host OS. Under certain circumstances, a malicious user could even leverage APIs to cause Docker to create entirely new containers.
Docker modified its REST API to use traditional UNIX sockets, allowing users to take advantage of standard UNIX permissions to limit access and control over Docker actions. On the other hand, Docker recommends severely limiting privileged use within containers since many of the normal root capabilities are handled outside the containers by the Docker daemon and components. In many ways, Docker containers can help to limit exposure and improve security if permissions and privilege limitation is implemented properly. In hosted docker environment, many of the traditional security concerns for SaaS providers still apply. The security of the underlying host systems will be critical, as well as repository monitoring to ensure no private container data is exposed or account and authentication data available. So it’s very important that the hosting service provider is secured.
Red Hat has launched an interesting initiative known as projectatomic that actually uses SELINUX (NSA) to add security to containers -, especially Docker containers. The bottom line here? Do not run untrusted Docker images. Treat a Docker image the same way you would treat other software you install on your machine. It should be from a source you trust. You should not blindly install software from a third party just to get the latest version of a project or to save a little time.
Quay.io is another secure hosting option for private Docker repos. Quay is a coreOS adoption which provides a great GUI and gives a feeling of GitHub for Docker repos. It’s worth a try.
You might also like to take a look at Andrea’s overview of some popular hosting providers here.
So down the line, we see that a very rich range of docker hosting providers coming online – each with its unique strengths and weaknesses. Keep these important performance-centric parameters in mind:
- Don’t just dockerize: Understand the use case and then choose the hosting provider. Look at the size of scale and if you have to dockerize just a small percentage, do just that. Don’t camouflage the whole infrastructure behind dockers, you may bear some hidden costs later.
- Don’t store data: Use a hosting provider that supports services like AWS or GCS. If you stop a running docker by mistake, it will be difficult to restore so use logstash or similar remote logging services to be data-secured.
- When everything else has been said, choosing a hosting provider requires a trade-off between cost and returns, so the better you understand Docker and its environment, the smoother the transition will be.
Disadvantages of Cloud Computing
If you want to deliver digital services of any kind, you’ll need to estimate all types of resources, not the least of which are CPU, memory, storage, and network connectivity. Which resources you choose for your delivery — cloud-based or local — is up to you. But you’ll definitely want...
What is Kubernetes? An Introductory Overview
In part 1 of my webinar series on Kubernetes, I introduced Kubernetes at a high level with hands-on demos aiming to answer the question, "What is Kubernetes?" After polling our audience, we found that most of the webinar attendees had never used Kubernetes before, or had only been expos...
How Does Cloud Computing Work?
Whether you're looking to become a cloud engineer or you're a manager wanting to gain more knowledge, learn the basics of how cloud computing works. Are you wondering about how cloud computing actually works? We can help explain the basic principles behind this technology. Cloud comput...
What is Ansible?
What is Ansible? Ansible is an open-source IT automation engine, which can remove drudgery from your work life, and will also dramatically improve the scalability, consistency, and reliability of your IT environment. We'll start to explore how to automate repetitive system administratio...
What is Puppet? Get Started With Our Course
When it comes to building and configuring IT infrastructure, especially across dozens or even thousands of servers, developers need tools that automate and streamline this process. Enter Puppet, one of the leading DevOps tools for automating delivery and operation of software no matter ...
2018 Was a Big Year for Content at Cloud Academy
As Head of Content at Cloud Academy I work closely with our customers and my domain leads to prioritize quarterly content plans that will achieve the best outcomes for our customers. We started 2018 with two content objectives: To show customer teams how to use Cloud Services to solv...
2019 Cloud Computing Predictions
2018 was a banner year in cloud computing, with Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) all continuing to launch new and innovative services. We also saw growth among enterprises in the adoption of methodologies supporting the move toward cloud-native...
Introducing Assessment Cycles
Today, cloud technology platforms and best practices around them move faster than ever, resulting in a paradigm shift for how organizations onboard and train their employees. While assessing employee skills on an annual basis might have sufficed a decade ago, the reality is that organiz...
Cloud Skills: Transforming Your Teams with Technology and Data
How building Cloud Academy helped us understand the challenges of transforming large teams, and how data and planning can help with your cloud transformation. When we started Cloud Academy a few years ago, our founding team knew that cloud was going to be a revolution for the IT indu...
Announcing Skill Profiles Beta
Now that you’ve decided to invest in the cloud, one of your chief concerns might be maximizing your investment. With little time to align resources with your vision, how do you objectively know the capabilities of your teams? By partnering with hundreds of enterprise organizations, we’...
A New Paradigm for Cloud Training is Needed (and Other Insights We Can Democratize)
It’s no secret that cloud, its supporting technologies, and the capabilities it unlocks is disrupting IT. Whether you’re cloud-first, multi-cloud, or migrating workload by workload, every step up the ever-changing cloud capability curve depends on your people, your technology, and your ...
What is Chaos Engineering? Failure Becomes Reliability
In the IT world, failure is inevitable. A server might go down, an app may fail, etc. Does your team know what to do during a major outage? Do you know what instances may cause a larger systems failure? Chaos engineering, or chaos as a service, will help you fail responsibly. It almo...