Docker Enterprise Edition (EE) is a secure, scalable, and supported container platform for building and orchestrating applications across multi-tenant Linux and Windows environments. Join Docker product managers as they dive into how Docker EE addresses challenges faced by enterprise customers, as well as the technical architecture of the solution. They will also walk through demos for the latest and upcoming features around application runtime and image management.
3. Enterprise Edition (EE)
• Paid Docker subscription
• Includes support from Docker
• Predictable biannual releases
• Certified partner ecosystem
• Enterprise-grade features (security,
management, automation)
Recommended for production use
Enterprise & Community Editions
• Free for “do it yourself” dev & ops
• Does not include support
• Quarterly Stable release for ops
• Monthly Edge release for developers
Community Edition (CE)
4. Docker Enterprise Edition (EE)
CaaS enabled platform for the modern software supply chain
• Integrated orchestration, security and
management
• Stable releases with 1 year of support and
maintenance
• Security patches and hotfixes backported
to all supported versions
• Enterprise class support (9am-6pm or
24x7x365)
• Certified Infrastructure, Containers and
Plugins
docker enterprise edition
10. • Scans at a binary level
○ Not just looking at package versions
• Works both online and offline
○ New vulnerability database released daily
○ Great for air gapped scenarios (sneaker net!)
• Scans both Linux (x86_64) and Windows
• Coming soon for IBM z Series
Image Scanning
available
now
11.
12.
13. $ docker history pdevine/partyparrot:1.0
IMAGE CREATED CREATED BY
4e21821ad0d9 5 minutes ago /bin/sh -c #(nop) ENTRYPOINT [“/parrot”]
880254b79668 5 minutes ago /bin/sh -c #(nop) ADD file:6e64234...
6aa638b57d74 5 minutes ago /bin/sh -c apk update && apk add pcre
4a415e366388 6 weeks ago /bin/sh -c #(nop) ADD file:730030a...
19. Image Signing
● Docker Content Trust built in to DTR
● Enforcement can be done in UCP
○ Only valid signers can deploy containers
● docker trust makes things easier than ever
● More to come at Ashwini and Andy’s talk at
13h30
coming soon
20. Image Distribution:
● Image Caching
● Image Promotion
● Image Mirroring
Let’s dive into the features!
coming soon
22. Image Caching
● Caches image layers closer to where
it’s being consumed for faster pulls
(CDN for docker images)
● Works globally for all repositories in
DTR
● Preserves access permission for each
individual repository of the DTR
available
now
docker
dt
r
docker
dt
r
slow
fast
23. Use Case: Without Content Cache...
slow...
San Francisco, USA Copenhagen, Denmark
dtr
dev/hello-world:latest
build
layer A
layer B
1
2
24. Use Case: With Content Cache!
fast
San Francisco, USA Copenhagen, Denmark
Content Cache
dtr
dev/hello-world:latest
build
layer A
layer B
1
2
3
4
layer A
layer B
25. Image Promotion
● Promotes “blessed” images from one repository to a
different repository in the same DTR
● Repositories each have their own access control
● Images can be re-tagged automatically to a new tag
● Can be done “manually” or automatically by a “policy”
available
now
dev /
qa /
staging /
prod /
27. Promotion Policy Criteria
● Tagged with a certain tag
● Doesn’t contain any vulnerabilities above a threshold
(critical, major, minor)
● Package exists or is greater or less than a certain version
● Is greater than (or less than) a certain size
● Doesn’t contain a certain type of license (e.g. GPLv3)
30. Image Mirroring
● Promotes “blessed” images from one repository
to a different one in a different DTR
● Registries each have their own access control
● Mirroring is bi-directional. Can be done via
“push” or “pull”
● Policies can be used to automatically push to
remote DTRs
com
ing
soon
repo /
docker
dtr dev
repo /
docker
dtr stage
31. Image Mirroring (push based)
● Image is pushed to DTR 1
● If the policy is met (e.g. no vulnerabilities) image is pushed to DTR 2
● AuthN and AuthZ managed by each individual DTR
● Signing / Scan data not (yet) preserved
dtr 2dtr 1
1 2
Build
32. Image Mirroring (pull based)
● Image is pushed to DTR 1
● DTR 2 polls DTR 1 at specified intervals to check for updates
● If new images are found, image is pulled to DTR 2
dtr 2dtr 1
1 2
3
Build
33. Image Mirroring (pull based w/ webhook)
● Image is pushed to DTR 1
● DTR 1 notifies DTR 2 that a new image exists
● DTR 2 contacts DTR 1 and pulls the image
dtr 2dtr 1
Build
1
2
3
4
38. San Francisco, USA
build
dev/hello-world
dtr us-west
qa/hello-world
Copenhagen, Denmark
Content Cache
Push1
Cache3
New York, USA
stage/hello-world
dtr us-east
prod/hello-world
Mirror4
Promote
after clean scan
2
39. San Francisco, USA
build
dev/hello-world
dtr us-west
qa/hello-world
Copenhagen, Denmark
Content Cache
Push1
Cache3
New York, USA
stage/hello-world
dtr us-east
prod/hello-world
Mirror4
Promote5
Promote
after clean scan
2
40. Docker EE
Hosted Demo
● Free 4 Hour Demo
● No Servers Required
● Full Docker EE
Cluster Access
docker.com/trial