Docker Inc. announced the release of Docker Enterprise 2.1 on Nov. 8, providing new features and services for containers running on both Windows and Linux servers.
Among the capabilities that Docker is highlighting is the ability to migrate legacy applications, specifically Windows Server 2008, into containers, in an attempt to help with the challenge of end-of-life support issues. The release also provides enterprises with the new Docker Application Convertor, which identifies applications on Windows and Linux systems and then enables organizations to easily convert them into containerized applications. In addition, Docker is boosting security in the new release, with support for FIPS 140-2 (Federal Information Processing Standards) and SAML (Security Assertion Markup Language) 2.0 authentication.
"We've added support for additional versions of Windows Server, and we're the only container platform that actually supports Windows Server today," Banjot Chanana, vice president of product at Docker Inc., told eWEEK. "All in all, this really puts Windows containers at parity with Linux counterparts."
Docker Enterprise is Docker's flagship commercial platform and builds on the core open-source capabilities available in the Docker Engine. The Docker Enterprise 2.1 release is the second major update for Docker's enterprise platform in 2018, following Docker Enterprise 2.0 that was announced on April 17. Among the new capabilities in Docker Enterprise 2.0 was the Kubernetes orchestration engine.
Prior to Docker Enterprise 2.0, Docker only supported its own Swarm orchestration system. Chanana said Kubernetes adoption among Docker customers is just starting and many have been using Swarm for some time.
"For most customers though, it really doesn't matter as the orchestration element is just a technical component of how the platform is built," he said. "What's really important to customers is their applications. Whether it's running Swarm or Kubernetes nobody really cares, as long as things are deployed properly."
Docker Enterprise 2.1 also provides organizations with improved metrics and visibility into the health and security of running clusters. Chanana said the new metrics can show enterprises how applications are doing in terms of run time, providing insight into the server, host and application level of the infrastructure.
"We have also added the ability to now see vulnerability state for your applications as they get deployed," he said.
Docker has provided security scanning capabilities since 2016 with the Docker Security Scanning technology. The Docker Security Scanning capability enables organizations to scan binaries and container image to identify known vulnerabilities associated with a given application binary.
"What we have done is extended the scanning to now show operators that are deploying applications the status of vulnerabilities in container images," Chanana said.
Chanana explained that runtime visibility can give operators an immediate view on risk, enabling them to patch or take vulnerable services offline.
Docker Enterprise 2.1 now also supports the SAML 2.0 protocol for authentication to help enable broader integration with enterprise authentication systems and multifactor authentication (MFA) technologies. FIPS 140-2 validation has also been added to Docker Enterprise 2.1 on both Windows and Linux.
"This is really critical in highly regulated environments, including financial services, which typically require this level of validation," Chanana said. "FIPS 140-2 is basically validating the cryptography that is used by the Docker Engine."
Audit logs for forensic analysis are another new capability that is landing in Docker Enterprise 2.1. Docker has had monitoring capabilities available via an API that provided limited audit capabilities in the past. Chanana said the new audit logs provides a stream of events that come out of Docker that can be used for forensic analysis. The monitoring capabilities that have been available prior to the new release of Docker Enterprise were in the API of the Docker Engine itself and provided information about what's happening inside of an individual Docker Engine instance, he said. In contrast, the audit capabilities are enabled via a new API in Docker Enterprise.
"What Docker Enterprise adds is SAML integration so organizations can know exactly who is authenticating into a cluster and what they are doing," Chanana explained.
In an effort to make it easier for organizations to migrate applications to containers, Docker is now providing its commercial customers with a tool called the Docker Application Converter.
Converting applications to containers is a process that often involves multiple steps, including identifying application components and then using Docker commands including build and compose to create a dockerfile. Chanana explained that the new Docker Application Converter provides a discovery capability that can help organizations identify what applications are running on a Windows or Linux server. He added that Docker Application Converter will take each of the applications and bundle them up into a Docker image.
"For customers that don't know what a dockerfile is and haven't written a [Docker] Compose file before, Docker Application Convertor takes care of a lot of that upfront work and gets them running with their first Docker container based on an app that they already have," he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.