It was a big day for DockerCon Barcelona. If there was one theme for the day it was container security. Docker led this theme off with three security related new functionality announcements:
- Industry’s first hardware signing of container images for trusted content – Building on the previously released Docker Content Trust, based on Notary and The Update Framework (TUF), a secure general design for the problem of software distribution, it uses Yubico’s Yubikey. From the release:
Docker and Yubico have deployed the world’s first touch-to-sign code signing system using YubiKeys, enabling secure software creation for Docker developers, sysadmin and third-party ISVs. With the YubiKey 4, Docker users can digitally sign code during initial development and through subsequent updates to ensure the integrity of the Dockerized application throughout the application pipeline.
- Content integrity with image scanning and vulnerability detection – Docker announced their own container image scanning and vulnerability detection as well. Built on top of an unnamed 3rd party’s analysis/scanning software, like the Clair/Quay service also announced at Dockercon, you can now scan containers in repos to make sure they contain the latest packages and fixes. The fact that we are seeing multiple vendors with this type of functionality demonstrates how important the container vendors feel this is.
- Granular access control with user namespaces – from the release:
User namespaces gives IT operations the ability to separate container and Docker daemon-level privileges to assign privileges for each container by user group. This means for the first time containers themselves don’t have access to root on the host — only the Docker daemon does. Additionally, IT operations will lock down hosts to a restricted group of sysadmins per security best practices.
Also with this capability, IT ops can establish more granular access control rights, enabling them to establish explicit permissions for different Dockerized services by departments or teams and enabling those groups to work within the bounds of the privileges that have been set. This separation also prevents one organization from having control over another organization’s application services.
In other vendor’s news from day one, courtesy of Docker:
DAY 1 NEWS
Custom Docker File Creation Made Easy – Bitnami Launches New Stacksmith Beta and Google Container Registry Images at Dockercon Europe
Bitnami, a leading provider of ready-to-run server applications and development environments, today released Bitnami Stacksmith, a service that generates Dockerfiles for custom applications. Stacksmith relieves developers from having to build containerized applications from scratch by providing a set of high-quality, updated and curated application components used for both development and production within Docker. In addition to Stacksmith, Bitnami also released today new container images for common language runtimes in the Google Container Registry.
The Stacksmith service translates high-level application requirements into a simple to understand Docker file. By adding application code to this Docker file applications and all its dependencies are captured into an easy-to-share, customizable Docker file and container image that fits with existing build and deployment tools. The Stacksmith service proactively notifies the developer when a component they’re shipping is updated; greatly reducing the time and effort required stay on top of changes including security fixes.
ClusterHQ Empowers Developers to Successfully Code, Test and Deploy Stateful Docker Containers throughout Their Lifecycle
Today ClusterHQ released two new products designed specifically for developers, the ClusterHQ Volume Hub and dvol, a CLI providing Git-like functionality for data. Developers spend a majority of their time waiting for tests to run and tracking down and reproducing bugs. To address these challenges, ClusterHQ created dvol and the ClusterHQ Volume Hub to better assist Docker users looking to test, build and run container-based applications.
These new options give developers and operations people expanded resources for testing and managing containerized applications, so that users at any level can easily manage their data in containers from the convenience of a laptop.
ClusterHQ’s Rapidly Growing Partner Ecosystem Includes 4 of the Top 5 Enterprise Storage Global Market Leaders: Dell, EMC, HPE and NetApp
ClusterHQ’s storage partner ecosystem now includes four of the top five global market leaders in enterprise storage: Dell, EMC, Hewlett Packard Enterprise (HPE), and NetApp. The most recent additions to the ecosystem include, Dell, HPE, Kaminario, PMC Sierra and Pure Storage, growing the program to include a total of 13 of the biggest and most innovative names in global enterprise storage.
Huawei and Nexenta who joined the ClusterHQ storage partner program in June have just released their Flocker storage drivers. Joint customers can use Flocker with their hardware-based or software-defined storage solution of choice and any of the leading container management tools, including Docker, Mesosphere and Kubernetes to create portable container-level storage for Docker.
Codefresh Announces the Availability of One-Click Multi-Container Environments
Codefresh, maker of the world’s only Docker workflow management platform, is announcing the release of a major new feature: Composite Environments. Leveraging Docker compose, this feature provides the ability to spin up multiple interconnected containers in a few seconds, saving development and QA teams hundreds of hours of setting up and duplicating complex Docker environments for development and testing.
Codefresh is a Docker platform for development and QA teams. It features Docker Flow, an automated Docker image workflow management platform, which streamlines the lifecycle of Docker images (build, run, test, deploy). Codefresh customers benefit from accelerated application delivery times, complete tracing and auditing capabilities for Docker images and seamless transition to Docker-based applications. Learn more at http://codefresh.io
Container Solutions and Cisco Cloud release IoT application deployed on Mantl.io.
Container Solutions and Cisco Intercloud Services have been collaborating on Mantl, a framework for building hassle free microservice systems. One of the use cases for this is IoT systems that generate big data.
The IoT ‘wheel of fortune’ was revealed at the Cisco and Container Solutions pre-party in Barcelona on Sunday evening.
ContainerX: All-Inclusive, Ready-to-Go Container Platform Designed for Enterprise IT Admins
ContainerX today announced the beta launch of its comprehensive, multi-tenant container platform designed for enterprise IT admins. ContainerX will make its global debut at DockerCon Europe 2015 on November 16-17 at booth number seven. ContainerX provides a single pane of glass for all containers allowing support for Linux and Windows, bare metal and virtual machines, private and public cloud environments.
ContainerX eliminates the container landscape confusion by offering enterprise IT a ready-to-go, enterprise-class solution for multi-tenant container management, orchestration, compute, network and storage management. It’s unique patented technology approach, Elastic Container Clusters™ and Container Pools™, provide multi-tenancy and high levels of resiliency, elasticity and horizontal scalability not offered by other container solutions. To sign up for the ContainerX beta, visit: http://containerx.io/
Crate.IO launches JOINs at DockerCon 15
Crate is an easy to use SQL database that makes scaling to any query and data volume as easy as a “docker run crate”. With a familiar SQL interface, powerful search capabilities and no-configuration setup and auto-healing, it’s no wonder that the Docker community loves using Crate as much as we love using Docker!
We’re proud to announce at DockerCon that we’re launching the number one requested feature by our community: Support for table JOINs. Supporting even more of the SQL goodness you’re familiar with, on a scalable database that can deal with terabytes of data is a huge step forward towards bringing what makes Docker great, to the database world.
(Deis) Deploy Official Docker Hub images to Kubernetes with Helm
Helm is the best way to find, share and use software built for Kubernetes. Use Helm’s simple charts to quickly deploy official Docker images to your Kubernetes cluster. Need an instance of the Docker registry, we have a chart for you.
Users of DHCQ Docker Lifecycle Management Software Surpass 1,000
A San Francisco startup in the red-hot container management space is racking up users. DCHQ, which launched in April of this year, has surpassed 1,000 signups for its hosted product, approximately 300 of which are active users. The on-premise product has been downloaded more than 500 times. Also, to make the software more accessible for evaluation in production scenarios, DCHQ has launched a free Standard version that lets users run up to 1,000 containers at no cost.
DCHQ builds container management software for enterprises using Docker, focused on application modeling, deployment and lifecycle management. More at www.dchq.io and at booth #22.
Sign up for the free Volume Hub – clusterhq.com/volume-hub
Try dVol today – clusterhq.com/dvol
Hewlett Packard Enterprise Delivers Docker Solutions from the Data Center to the Cloud
Hewlett Packard Enterprise (HPE) unveiling a significant portfolio of technologies designed to help organizations leverage Docker to help them transform to a hybrid infrastructure in a highly scalable, secure and trusted manner. The new solutions span cloud, software, storage and services and include: the HPE Helion Development Platform 2.0 with support for Docker, HPE StormRunner and HPE AppPulse for Docker, remote Docker Swarm cluster monitoring with HPE Sitescope, HPE Codar for Docker, Docker Machine plugin for HPE Composable Infrastructure, persistent storage for Docker containerized apps, Docker Reference Architecture and Reference Guides and enterprise-grade customer support.
Press release link
Portworx’ Container Defined Storage Infrastructure Earns New Innovator Honors at DockerCon EU 2015
Portworx, a Silicon Valley startup creating next-generation storage software for hosting stateful applications in Docker containers, bridges the worlds of enterprise application development, delivery and production with its PWX solution. PWX enables the rapid deployment of stateful, distributed applications into production by allowing them to be scaled without IT intervention. In recognition of its unique container-aware storage solution, Portworx was named to the New Innovators Showcase at DockerCon EU 2015 and will demo its featured solution in the show’s Ecosystem Expo. The New Innovators Showcase highlights young startups that are building cool tools and services around Docker.
The Portworx PWX demo will be hosted in the company’s Sandbox, a live cluster hosted in Amazon Web Services that allows users to see how a truly software-defined, container-centric data center would function. The Sandbox allows the deployment of stateful services directly from a private repository or the Docker hub and supports the creation and scaling of container instances to use these services.
RackN, Inc. Announces 200 Servers Provisioned, Networked and Deployed with Docker v1.9 By RackN Enterprise In Less Than A Day At Ubiquity Hosting
RackN Inc Announces A Fully Automated Deployment Of Docker 1.9 and Swarm 1.0 Of 200 Servers At Ubiquity Hosting In Less Than A Day With RackN Enterprise
RackN Inc, a software company focused on accelerating the transition to running containers and other next-generation technologies at massive scale on any platform and Ubiquity Hosting, a global managed cloud and hosting provider jointly announce a successful, fully automated deployment of Docker v1.9 with Swarm 1.0 on 200 physical servers by RackN Enterprise.
Unlike most runbook-based provisioning and deployment software platforms that are vendor-specific, lacking formal support or do not adapt to the ever-present snowflaked software, infrastructure configurations and operational models, RackN abstracts away the tediousness and guesswork of building complete systems by trial and error and accelerates from start to scale. By auto-discovering and inventorying 1000s of objects and microservices and treating them as functional units, RackN provides a “InstallShield”-like experience by intelligently orchestrating dependencies to create a functional system based on the desired platform. As the corporate sponsor of the open source Digital Rebar project and provider of support and services for RackN Enterprise, RackN provides the ability to deploy Docker, CEPH, Kubernetes and Mesos on Amazon EC2, virtual and bare metal platforms.
Rancher Labs Introduces Persistent Storage Services for Docker
Rancher Labs announced on November 12 that Rancher, the company’s flagship product for building a private container service, has introduced support for orchestrating Persistent Storage Services for Docker, making it possible for developers to deploy storage reliably in conjunction with containerized applications. The new feature builds on Docker 1.9 volume plugin capabilities, and makes it easier for developers to run applications that require stateful databases and persistent storage. Rancher Labs will be showcasing Persistent Storage Services for Docker in booth #28 at DockerCon Europe.
Rancher Labs and Redapt Introduce First Hyper-Converged Infrastructure Platform for Containers
Rancher Labs, a developer of Docker infrastructure software, and Redapt announced on November 12 the industry’s first hyper-converged infrastructure platform for containers, greatly simplifying and reducing the cost of building a private container service from scratch. As the de-facto standard for cloud native workloads, Docker enables vendors like Rancher Labs and Redapt to create purpose-built infrastructure stacks for containerized workloads by defining an application packaging and runtime standard. The companies are working together to leverage containers, enabling the new hyper-converged infrastructure platform that is ideal for simplifying operations, and reducing the cost of running container and cloud workloads. Rancher Labs will be showcasing this hyper-converged infrastructure platform in booth #28 at DockerCon Europe.
SmartBear Features API Readiness Tools and Swagger Specification at DockerCon Europe
SmartBear Software, the leader in software quality tools for the connected world, is featuring its API readiness platform, Ready! API and Swagger at DockerCon Europe, taking place on Monday, November 16 – Tuesday, November 17, 2015 in Barcelona, Spain, booth #19. SmartBear recently launched the Open API Initiative (OAI) under The Linux Foundation with key industry leaders including Google, IBM and Microsoft, to create an open approach to governing the continued evolution of the Swagger Specification used for describing RESTful APIs.
For more information, visit: http://smartbear.com/news/news-releases/smartbear-launches-open-api-initiative-with-key-in/.
SmartBear’s Ready! API is a unified set of testing tools that includes SoapUI NG for functional testing, LoadUI NG Pro for load testing, ServiceV Pro for API service virtualization and Secure Pro for dynamic API security testing. For more information, visit: http://smartbear.com/product/ready-api/overview/. For updates, follow @ready_api on Twitter. Swagger is the leading API description format used by developers in almost every modern programming language and deployment environment to design and deliver APIs that fuel IoT, microservices and mobile applications. For more information on Swagger, visit: http://swagger.io/. Follow on Twitter @swaggerapi.
Sysdig Announces First Comprehensive Monitoring Solution for Kubernetes
Sysdig, the container-native visibility company, announced comprehensive support for Kubernetes across the Sysdig product line, including open source sysdig and Sysdig Cloud. Kubernetes, an open source container orchestration tool originally created by Google, is rapidly becoming the most popular framework on which to deploy microservice-oriented applications in Docker containers. Sysdig Cloud now becomes the first and only monitoring solution to offer complete visibility into these cutting edge Kubernetes environments. Open source system exploration tool, sysdig, has also added native support for Kubernetes, further building on its industry-leading Docker troubleshooting capabilities. Sysdig will be debuting and demoing these new releases at DockerCon in Barcelona.
Twistlock Announces General Availability of Container Security Suite
Twistlock, the leading provider of cloud container security solutions, announced the general availability of the Twistlock Container Security Suite and a strategic partnership with Sonatype. With a successful beta program that included 15 customers, including Wix, AppsFlyer, HolidayCheck, and Streamrail, Twistlock’s technologies are now available for all eligible customers worldwide. This makes it possible for many additional businesses to benefit from the vulnerability management, fine-grained access control and smart runtime protection capabilities offered by Twistlock.
Today in many organizations containers are being adopted and managed by developers. Operations and Security do not have the level of visibility and control that they are accustomed to previously. At the same time, for DevOps to succeed, security and operations controls must be as agile and move as quickly as the assets to be protected. Twistlock’s Container Security Suite, the only dev-to-production security product on the market today, enables just that — our technologies bring together security operations with developers to achieve control and compliance without impeding the efficiency and operational benefits of container technologies.
- To read the full release, see here.
- To read our blog on this topic, see here.
- To learn more about Twistlock Container Security Suite, see here.
- To start a free trial for Twistlock Container Security, see here.
- Follow us on Twitter: @twistlockteam
- Follow us on LinkedIn: https://www.linkedin.com/company/twistlock
VMware Photon Controller Now Available as Open Source Software
Today at DockerCon EU, VMware announced that Photon Controller is now available as an open source software. VMware Photon Controller is a distributed, API-driven, multi-tenant control plane that is designed for extremely high scale and high churn environments. The software makes it easy to deliver Docker Swarm, Kubernetes, Mesos, and Pivotal Cloud Foundry, on-demand to application development teams. VMware Photon Controller was introduced in conjunction with the VMware Photon Platform at VMworld 2015 San Francisco in late August
- GitHub page: http://vmware.github.io
- Blog post: http://blogs.vmware.com/cloudnative/photon-controller-oss/
Yubico Launches Yubikey 4 and Touch-to-Sign Functionality at DockerCon Europe 2015
Yubico has unveiled the YubiKey 4, the company’s next generation authentication device at DockerCon Europe 2015. Yubico’s 4th Generation YubiKey (www.yubico.com/yubikey4) includes the first of its kind touch-to-sign feature, the latest secure elements supporting longer public/private keys, faster cryptographic operations, and more.
Announced during the DockerCon keynote, Yubico and Docker, the open platform for building, shipping and running distributed applications used by millions of developers and system admins, have deployed the world’s first touch-to-sign code signing system using YubiKeys, helping secure software development for Docker developers. With the YubiKey 4, Docker users can digitally sign code during initial development and through subsequent updates to ensure the integrity of the Dockerized applications and guard against malware or other nefarious attacks. YubiKey 4 supports multiple authentication protocols, including Yubikey OTP, smart card, and FIDO U2F.