Docker is the most popular and widely used container platform. Find out everything you need to know about this containerisation solution: its definition, how it works, its advantages and disadvantages, and who its main competitors are.
Virtual machines (VMs) are increasingly being used by businesses. A VM is an operating system or application environment installed on software. It allows the user to take advantage of the same experience as on a physical machinewith several advantages.
In particular, it is possible to run multiple OS environments on the same machineby isolating them from each other. Similarly, virtualization can reduce costs within a company by reducing the number of virtual machines required. It also reduces energy requirements. Backups and restores are also simplified.
However, virtual machine hypervisors rely on hardware emulation, and therefore require a lot of computing power. To remedy this problem, many firms are turning to containers, and by extension to Docker.
What is a container?
Before we approach Docker, it is essential to remember what an image container is.. It is a lightweight and independent set of software processes, gathering all the files needed to run the processes: code, runtime, system tools, library and parameters. They can be used to run Linux or Windows applications.
Containers are therefore close to virtual machines, but have an important advantage. Whereas virtualization consists of running many operating systems on a single system, the containers share the same operating system kernel and isolate the application processes from the rest of the system.
Simply put, rather than virtualizing the hardware like the hypervisor, the container virtualizes the operating system. It is therefore clearly more efficient than a hypervisor in terms of system resource consumption. Concretely, it is possible to run almost 4 to 6 times more application instances with a container than with virtual machines such as Xen or KVM on the same hardware.
Docker: What is it?
It is an open source software platform that allows for Create, deploy and manage virtualized application containers on an operating system.. The services or functions of the application and its various libraries, configuration files, dependencies and other components are grouped within the container. Each running container shares the services of the operating system.
Initially created to work with the Linux platform, Docker now works with other OSes such as Microsoft Windows or Apple macOS. There are also versions of the platform designed for Amazon Web Services and Microsoft Azure.
Docker: what are the features?
The containerisation platform is based on seven main components. The Docker Engine is a client-server tool on which container technology is based to support the tasks of creating container-based applications. The engine creates a server-side daemon process to host images, containers, networks and storage volumes. This daemon also provides a client-side SLI interface allowing users to interact with the daemon via the platform API.
The containers created are called Dockerfiles. The Docker Compose component allows you to define the composition of the components within a dedicated container. The Docker Hub is a SaaS tool allowing users to publish and share container-based applications via a common library.
The Docker Swarm mode of the Docker Engine Supports cluster load balancing . Thus, the resources of several hosts can be brought together to act as a single whole. This allows users to quickly scale container deployments.
Docker: what are the advantages and disadvantages?
The Docker platform has many advantages. It allows you to quickly compose, create, deploy and scale containers on Docker hosts. It also offers a high degree of portabilityThe new feature allows users to register and share containers across a wide variety of hosts in both public and private environments.
Compared to virtual machines, Docker also has several advantages. It makes it possible to develop applications more efficientlys, using fewer resources, and to deploy these applications more quickly.
However, it also has several drawbacks. It can be difficult to efficiently manage a large number of containers simultaneously. Besides, security’s a problem. The containers are isolated, but share the same operating system. In fact, an attack or security breach on the OS can compromise all containers. To minimize this risk, some companies run their containers within a virtual machine.
UPDATE: Docker encountered a security breach that affected nearly 5% of users. Nearly 190,000 of them had their container data exposed after unauthorised access to the Hub database. The organisation asked companies and individuals to change their passwords.
What are the alternatives?
Docker is not the only container platform on the market, but it remains the most widely used. Its main competitor is CoreOS rkt. This tool benefits from the support of SELinux, which makes it secure. Other major platforms include Canonical LXD and Virtuozzo OpenVZ, the oldest container platform.
We can also mention the ecosystem of tools that work with the platform for tasks such as clustering or container management. One example is Kubernetes, the open source Container Orchestration tool created by Google.
Docker: the figures for success
The version 1.0 of Docker was launched in June 2014The aim is to facilitate the use of the containers. Very quickly, the platform was a great success with many companies. Today, according to the creators of Docker, more than 3.5 million applications have been containerised using this technology. No less than 37 billion containerized applications have been downloaded.
Similarly, according to the DataDog cloud monitoring system, 18.8% of users had adopted the platform by 2017. For its part, RightScale estimates that the adoption of the platform in the cloud industry has increased from 35% in 2017 to 49% in 2018. Giants like Oracle and Microsoft have adopted it, as have almost all Cloud companies.
According to de 451 Research, Docker’s growth is not about to stop. These analysts estimate that the container market will literally explode by 2021. Companies will quadruple their revenues with an annual growth rate of 35%, rising from $749 million in 2016 to $3.4 billion in 2021.
Docker Enterprise 3.0
During the DockerCon 2019 in May, Docker made it official the third version of its Docker Enterprise platform. In beta version, it benefits from a containerized application development environment directly embedded within the company’s global platform. Developers can code from their computers and then deploy a solution in multi-cloud mode. Automation features facilitate container deployment, while Docker Application is used to deploy multi-container applications across most infrastructures. This approach aims to make their installation and management flexible.
I mean, come on, Docker Kubernetes Service allows the coded elements to be stored on a computer or a station before operating them in production servers. The tool is compatible with the company’s Compose, Kubernetes, YAML, Helm charts and Swarm versions.
Cloud Native Application Bundle goes to 1.0
Cloud Native Application Bundle or CNAB is a specification for creating multi-container applications. Announced last December, this feature is now in version 1.0. This one consists in defining how different components of cloud-based applications are brought together. Microsoft, Bitnami (acquired by VMware), HashiCorp, Intel, Pivotal and Datadog participated in this project.
Thus, developers benefit from a better interaction between Docker containers and tools such as Kubernetes YAML, Azure Resources Manager Template or Helm charts. These form a package possibly protected by an encryption key. This package then becomes a standard way of deploying containerized applications in cloud or on-premise environments.
Beware of malware on your Docker containers!
A crypto-jacking worm malware has been detected in the Docker application containers. The Palo Alto Network Cyber Security Division, Unit 42, was the first to discover this malware.
Graboid has been identified as the first crypto-jacking worm discovered on Docker Hub. Specifically, it was spotted on the community edition of Docker Engine. However, Docker Enterprise is not concerned.
Like all computer worms, this worm is capable of propagate via insecure images on the servers. However, since cybersecurity software does not usually inspect the data inside application containers, this malware is particularly dangerous .
The corrupted images have been removed from Docker Hub. directly after being reported by Palo Alto Networks. Docker’s security director, Justin Cormack, urges users to leave the default settings of the Docker Engine that prevent this type of attack by denying remote access.
According to Unit 42, about 2000 unsecured Docker engines have been exposed on the web. Such a more sophisticated attack could have even more disastrous consequences. It is therefore imperative for companies to properly secure their Docker hosts .