Docker EE 2.0 provides choice, security and agility for container management. It offers more than just containers and orchestration, including lifecycle management, governance, security and automation features. Docker EE can run on various operating systems and clouds while maintaining a consistent experience. It supports both traditional and microservices applications. Docker continues to drive Windows container adoption and now supports running Kubernetes on Windows Server. Docker Desktop introduces template-based workflows to simplify containerization for more developers.

1. Docker EE 2.0
Choice, Security & Agility
Eric Tan
Solutions Engineer

2. Evolution of Containers

3. Containers are the “Fastest Growing Cloud Enabling Technology”
By 2020, more than 50% of global
organizations will be running
containers in production.
-Gartner
Title source: 451 Research

4. Static Website ? ? ? ? ? ? ? ?
Web Frontend ? ? ? ? ? ? ? ?
Background
Workers
? ? ? ? ? ? ? ?
User DB ? ? ? ? ? ? ? ?
Analytics DB ? ? ? ? ? ? ? ?
Queue ? ? ? ? ? ? ? ?
Desktop
Test/QA
Cluster
Production
Cluster
Public
Cloud
Data
Center
Mainframe
Windows
Server
Edge
Device
The “Matrix from Hell” Breeds Complexity

5. The “Matrix from Hell” Breeds Complexity
Static Website ? ? ? ? ? ? ?
Web Frontend ? ? ? ? ? ? ?
Background
Workers
? ? ? ? ? ? ?
User DB ? ? ? ? ? ? ?
Analytics DB ? ? ? ? ? ? ?
Queue ? ? ? ? ? ? ?
Desktop
Test/QA
Cluster
Production
Cluster
Public
Cloud
Data
Center
Mainframe
Windows
Server
Edge
Device
— Containers Cut Complexity

6. The Docker Enterprise Edition

7. Docker Enterprise Edition is More than Containers + Orchestration...
CONTAINER
ORCHESTRATION
Container placement &
schedulingDOCKER ENTERPRISE EDITION
CONTAINER
Image format &
runtime
Lifecycle Mgt Governance Security
Automated, Open and Extensible
Orchestration
Organizations also require:
Lifecycle Management + Governance + Security + Automation + Support

8. Only Docker Delivers All Three Core Enterprise Requirements
• Hybrid and multi-clouds
• Windows and Linux
• Traditional apps and
microservices
• DevOps and existing ops
processes
Choice AgilitySecurity
• Unified operations
• Rapid delivery and
response
• Cost efficiency
• Safer apps
• Governance
• Chain of custody
• Threat mitigation
Only Docker EE Gives Global 2000 Customers the Following:

9. 450+ Enterprise IT Customers Trust Docker Enterprise Edition
Financial
Services
Healthcare
& Science
Tech
Oil & Gas /
Energy
Insurance
Public
Sector

10. DockerCon 2018
Announcements

11. • Docker Enterprise Edition expands containerization across different
application types and infrastructure:
− Docker debuts federated application management across
hybrid/multi-cloud infrastructure
− Docker demonstrates Kubernetes for Windows Server containers
• Docker unveils template-based workflows for Docker Desktop to
extend containerization to a broader range of enterprise developers
Docker Announces New Capabilities Across the Application
Lifecycle from Developer Desktop through Production

12. • Most enterprise organizations have a hybrid
and multi-cloud strategy
• Containers helped to make applications
portable, but the management of these
containers is not:
− Each cloud is managed under a separate
operational model, duplicating efforts
− Different security and access policies
across each platform
− Content is hard to distribute and track
− Poor infrastructure utilization still remains
• Emergence of cloud-hosted Kubernetes is
exacerbating the challenges with managing
containerized applications across multiple
clouds
Containers are Portable Today; The Management of Containers is Not
Private Data
Center

13. Use Cases that are Driving the Need for the Federated Management of
Containerized Applications
Run dev/test in the cloud,
move production to own data
centers
Run the same application in
multiple countries for data
locality & compliance
reasons
Allow different teams to
access specific clouds for
their app services (e.g. IoT,
AI/ML, Big Data)
Extend availability across
multiple locations
Cloud Bursting / Load
Balancing
Planned Migration for DR

14. ENTERPRISE EDITION
INTEGRATED SECURITY
CONTAINER ENGINE
POLICIES &
GOVERNANCE
AUTOMATION &
EXTENSIBILITY
REGISTRY
SERVICES
DEVELOPER
SERVICES
ORCHESTRATION NETWORKING & STORAGE
APP LIFECYCLE
MANAGEMENT
CERTIFIED OPERATING SYSTEMS & INFRASTRUCTURE
Cloud VM Bare Metal
Docker Enterprise Edition Today: Multi-Linux, Multi-OS and Multi-Cloud; No-
Lock-In

15. Only Docker Delivers All Three Core Enterprise Requirements
Choice SecurityAgility
Only Docker Enterprise Edition Can Deliver Federated Application
Management
● Not tied to a single OS
or VM model
● Only Docker supports
leading cloud-hosted
Kubernetes services
● Docker EE has proven
ROI and infrastructure
savings
● Accelerate onboarding
with uniform operating
model across clouds
● Automation of application
lifecycle policies
● Centralized and federated
source of truth for content
in Docker Trusted
Registry
○ Enterprise-grade
image management
● Integrated security
policies across clouds

16. DOCKER ENTERPRISE EDITION
Federated Application Management
1. Secure, federated
content distribution
2. Automation and
governance across
multiple clouds
Only Enterprise-Ready
Container Platform to Deliver:
Introducing Federated Application Management Across Hybrid/Multi-cloud
Infrastructure
1
2
EE EE
Azure (AKS) Google (GKE)

17. Secure, Federated Content Distribution
SOLUTION
• Centralize content to Docker’s
secure software supply chain
• Maintain a secure chain of
custody as apps are
deployed, migrated or
replicated to various clouds
PROBLEM
• Cloud-based registries create
unmanaged content silos
• No ability to collaborate across
teams
1
Private Data
Center
Docker Trusted
Registry
Azure (AKS)
Google (GKE)

18. Governance and Policy-Based Automation Across Docker and Cloud-
Hosted Kubernetes
SOLUTION
• Get an aggregated view of all
containerized applications
• Control where applications are
deployed, migrated or replicated
through a single management UI
• Global access and policy
definitions apply across clouds
DOCKER ENTERPRISE EDITION
Federated Application Management
PROBLEM
• Fragmented visibility of
applications across container
clusters and services
• Shadow IT breaks corporate
security and compliance policies
2
EE EE
Azure (AKS) Google (GKE)
MyApp
MyApp
MyApp
App App AppApp
App
Security Governance Policies

19. Docker Continues Leadership with Windows Containers
Sep 2016:
Windows Server
includes Docker
EE Engine
2H 2018:
Kubernetes on
Windows Server
with Docker EE
Oct 2014:
Joint engineering
with Microsoft
begins
Aug 2017:
Docker EE
supports mixed
Windows and
Linux clusters
● Docker continues to drive innovation and adoption of Windows containers in
collaboration with Microsoft
○ Docker and Microsoft have a joint engineering and support relationship
○ DockerCon speakers, Jabil and GE Digital, both speaking about their Windows
container usage for modernizing of legacy .NET apps and analytics
● Existing R&D work with Windows Server makes Kubernetes integration possible

20. Deploy Windows- and Linux-based Applications with Both Swarm and
Kubernetes in Docker Enterprise Edition
ORCHESTRATION
Swarm KubernetesOR
DOCKER ENTERPRISE EDITION
Docker Enterprise Cluster with
Windows Server and Linux Nodes
• Deploy .NET and Windows Server-
based apps with both Swarm and
Kubernetes
• Swarm and Kubernetes run
interchangeably in the same cluster
DOCKER SOLUTION
BENEFITS
• Gain more efficiencies with less
cluster sprawl
• Empower migration to the cloud
• Modernize .NET applications
and/or migrate applications off
Windows Server 2003/2008

21. Docker Desktop Template-Based Workflows Extend Containerization to a
Broader Range of Enterprise Developers
• Docker Desktop (Docker for Mac and Docker for Windows) is the most popular tool for developers to
start working with containers
− Millions of users; AND over 1 million new developers in the last year
− Achieved Kubernetes conformance
• Docker Desktop is expanding containerization to a wider audience of enterprise developers
− Give developers a choice to leverage a guided template or native CLI
Via CLI
Via GUI
IDE Integration
MyApp

22. Tech Preview: New Easy Way to Design Containerized Applications
1 2Select custom application or
pre-approved template
Customize and validate
Baseline Dockerfile
and Compose files
are auto-generated
and ready for
developer code
• Just bring your code:
− Design an app from pre-approved templates or select your services
− Auto-generate standard Dockerfiles and Compose files
− Integrate to existing IDE tools to customize, build, and ship

23. CHOICE

24. Docker Enterprise Edition is certified to run on CentOS, RHEL, Ubuntu, SUSE,
Oracle Linux and Windows Server and can be deployed into all major public clouds
while maintaining the same operating experience
companies with
1,000+ employees
have multiple clouds81%
Source: https://w3techs.com/technologies/details/os-linux/all/all
Source: Rightscale 2018 State of the Cloud Report
CHOICE
Only Container Platform that is Multi-Linux, Multi-OS and Multi-
Cloud

25. Existing
Application
Modern
Methodologies
Integrate to CI/CD
and automation
system
Convert to a
container
with Docker EE
Modernize Traditional Applications
Modern
Infrastructure
Built on premises, in the
cloud, or as part of a
hybrid environment.
Modern
Microservices
Add new services or
start peeling off
services from monolith
code base
App
CHOICE
Only Container Platform Designed for both Microservices and
Traditional Applications

26. Node
Worker
Node
Worker
Node
Worker
Node
Worker
Worker Nodes
App-Net:
10.0.0.0/24
10.0.0.1 10.0.0.2
• Leverage best-in-class technologies across Windows and Linux
• Connect Windows and Linux containers in the same cluster through a common overlay network
• Build Compose files for hybrid applications
• Leverage labels and constraints for intelligent placement and scheduling
CHOICE
Only Container Platform to Deliver First-Class Support and
Interoperability across Linux and Windows

27. Choice of Swarm and Kubernetes: Only Solution That Lets You
Run Swarm Today, Kubernetes Tomorrow and Vice Versa
Docker EE is the only platform that allows you
to run both Swarm and Kubernetes in the
same cluster:
● Developers do not need to select
orchestrators
● Freedom to change orchestrators as
needs arise
● EE Manager Nodes are both Swarm and
Kubernetes enabled
● Every worker node is both Kubernetes
API- and Swarm API-ready
Secure Cluster Management
App Scheduler
Swarm KubernetesOR
Docker EE Cluster
Docker EE Orchestration
Node Node Node
CHOICE

28. Deploy Applications with Either Compose or Kubernetes YAML
Docker Compose Kubernetes YAML
Node NodeNode Node
• Simple Compose spec for
developers, IT ops have multiple
options for deployment
• Migrate existing Docker apps to
Kubernetes at your own pace
KEY BENEFITS
• Use existing Docker Compose files
and choose at runtime to deploy
on either Swarm or Kubernetes
FEATURE / CAPABILITY
CHOICE

29. Deploy Kubernetes Apps via UI or CLI
• Docker EE uses standard Kube
API and CLI
• Use UCP UI to upload yaml files
for deploying Kube workloads
• Both methods enforce permissions
and limit unauthorized access
−Client bundle to connect local
client to UCP controller with
user certs
CHOICE

30. AGILITY

31. Distributed Supply Chain Supports Global Development and
Deployment
• Enable “follow the sun” development with
secure image promotion and image
caching
• Rapidly update software when new
patches need to be distributed globally
KEY BENEFITS
• Image mirroring: Push and pull images
from one registry to another based on pre-
defined policies
• Image caching: Extend the registry to a
local cache while maintaining secure
posture via encryption and access controls
FEATURE / CAPABILITY
Primary
Registry
Mirror
Registry
HQ
Cache
AGILITY

32. Natively Integrated
Networking
Service Discovery
Load Balancing
Layer 7 Routing NGINX built-in, but swappable NGINX built-in, but swappable
Flexible and Extensible Networking and Routing Options
Docker Swarm
AGILITY

33. Swarm: Application (Layer 7) Ingress Routing
33
Upstream External LB
Traffic via DNS (http port 80, https port 443, etc)
Worker Node
App2
Ingress LB Node
Proxy
Ingress LB Node
Proxy
Worker Node Worker Node
acme.com/app1 acme.com/app2
App1 App1 App2
AGILITY
• Intelligently route traffic to the
appropriate nodes with performance
and security
• Integrate with preferred load balancing
tools
KEY BENEFITS
• Hostname and Path-based routing
• SSL termination
• Included load balancing proxy with
NGINX, swappable for others
FEATURE / CAPABILITY

34. Docker EE Delivers Infrastructure Savings and Productivity Gains
Financial Services Case Study
Applications
500
VMs
5,300
Cores
22,000
$12 million
CPU utilization
57% max
Docker EE Cuts TCO by 41%, Saves $28M over 5yrs
Applications
500
VMs
1,320
Cores
13,100
$7 millionCPU utilization
~90% max
75%
reduction
40%
reduction
41%
reduction
2x
improvement
Annualized Cost
AGILITY

35. Docker EE Makes Scaling Your Environment Easy
Docker EE Management Console
Docker EE Control Plane and
Cluster Management
Node Node Node
• Single command to join new
Swarm/Kubernetes nodes into
a secure cluster
• Automatically integrate new
nodes into existing access
controls and policies
• No need to install separate
services; all nodes come pre-
installed with necessary
services
KEY BENEFITS
Swarm-mode cluster with Kubernetes-ready Linux nodes
Node Node
AGILITY

36. Unified Operations Enable Your Existing Team to Operationalize
Docker Containers in Production
Docker EE simplifies and automates the day-to-day application delivery and
operations of containers, increasing what your existing team can support
With Docker
Enterprise Edition
Other Container
Platforms
SKILLS REQUIRED
Unbudgeted new
headcount for operational
expertise and support
Existing team
AGILITY

37. SECURITY

38. >
_
***
***
***
Build With Integrity
• Verify, sign, & scan
• Secure image storage
• Secure sensitive data
Trusted Automation (CI/CD)
• Verifiable chain of custody
• Policy-based automation
Run Safe
• Secure by default
• Security Zones
• Governance
controls
Docker EE Secures the End-to-End Software Supply ChainSECURITY

39. • Respond faster to changing
organizational demands
• Drive higher infrastructure and
operational efficiencies and
avoid cluster sprawl
KEY BENEFITS
• Secure Environment Zones
−Logical and physical
partitioning
− Role-based permissions
for delivery and operations
FEATURE / CAPABILITY
Operations Team
TEST STAGING PRODUCTION
DOCKER ENTERPRISE EDITION
MANAGEMENT PLANE
Single cluster, multiple divided zones
SANDBOX
Define Secure Environment Zones to Avoid Costly Cluster SprawlSECURITY

40. Node
Worker
Node
Worker
Node
Worker
Node
Worker
swarm mode cluster
docker
enterprise
edition
universal control plane
trusted registry
Node
Worker
Node
Worker
.NET Dev Team
Using Swarm
Java Dev Team
using K8s
Java Dev Team
Using Swarm
Ops Team
Define Secure Application Zones to Enforce IT Governance
• Easily define resource-based
permissions to different teams
and expose only the allotted
resources to each team
• Re-allocate resources as
needed
KEY BENEFITS
• Integrate with LDAP/AD and
create granular and flexible
access controls
• Combine Namespace isolation
with node-based isolation for
increased separation
FEATURE / CAPABILITY
SECURITY

41. Threat Mitigation: Scan Container Images for VulnerabilitiesSECURITY
• Reduce risk by identifying
security issues early
• Stop automation workflows
when security issues discovered
• Ensure compliance with alerts
for new vulnerabilities
KEY BENEFITS
• Integrated security scanning
and vulnerability monitoring
with customized alerts
• Binary level scanning provides
deep visibility into all
components
FEATURE / CAPABILITY

42. Threat Mitigation: Audit All Image Layers and ComponentsSECURITY
• Ensure compliance with an audit
log of all application
dependencies
• Track supporting library versions
and licenses
KEY BENEFITS
• Get a full Bill of Materials for all
of your Docker images that
details all application and
library dependencies
• Detailed visibility of all Layers
including those from Base
Images
FEATURE / CAPABILITY

43. Access Control: Image PromotionSECURITY
FEATURE / CAPABILITY
KEY BENEFITS
• Restrict access to images to the
right users.
• Track and lock down on image
versions.
• Promotes “blessed” images from
one repository to a different
repository in the same DTR
using a policy.
• Repositories each have their
own access control.
• Images can be re-tagged
automatically to a new flag.

44. Maintaining a Globally Consistent Supply Chain
• Create a single source of truth for
containerized applications no matter
where they are deployed
• Maintain a single supply chain for a
globally-distributed enterprise footprint
KEY BENEFITS
• Connect multiple Docker EE clusters
to a single private registry
• Validate image signatures before
deployment
FEATURE / CAPABILITY
Docker Trusted
Registry
Docker EE
Cluster
Docker EE
Cluster
Docker EE
Cluster
Docker EE
Cluster
SECURITY

45. Trusted Automation, With Verifiable Chain of Custody
● Image signing and scanning of applications
to validate and verify content
● Content Trust: Only run applications that
have the required signatures
● Automated policies for image promotions
across the app development lifecycle
dev/hello-world
No ‘critical’ or ‘major’
vulnerabilities
prod/hello-world
App.go App.go
SECURITY

46. THANK YOU :)