One of the things Microsoft and other big tech companies like to do is build a product and then wait for third-party developers to come along and fill in the feature gaps with add-ons. If the add-ons are good and the developers are lucky, then Microsoft or whoever will acquire their company and add the functionality of the add-on to the base product.
That’s the plan for many startups, but there’s another way things can go down that usually doesn’t result in so many millionaires being made. That’s when the big company simply takes the idea and runs with it, replicating the functionality of the add-on and incorporating it into the main product.
And that’s what’s happening over at Docker. Kind of, anyway.
At DockerCon in Seattle last week, Docker announced Docker Engine 1.12, and with it comes built-in orchestration for containers.
It’s not unexpected, but it’s a move that will be putting a damper on many other container orchestration efforts developed by third parties including Kubernetes and Marathon.
Docker Swarm Mode Released: What Is Docker Swarm Mode?
Docker has long offered Docker Swarm, its cluster management system, and now Docker Engine includes Docker “swarm mode,” which can be optionally turned on to enable built-in container orchestration for tasks like creating Docker Swarm Clusters using the Consul service.
That the Docker Swarm Mode is optional is important, as administrators are still free to keep Docker swarm mode switched off and instead use a third-party orchestration system like Kubernetes if they want to.
“By enabling swarm mode, containers will discover themselves, set up a cluster, and set up the master nodes and designate workers automatically,” David Messina, Docker’s vice president of enterprise marketing, told Virtually Speaking. Administrators can define the end state they want and leave it to the orchestration tool to “make it so,” he added.
“You can define the containers, connections, storage and networking resources that can be consumed (in a compose file), and how the system gets to that end state is left to the orchestration, not the user,” he said.
Securing a Future for Docker
Some critics of the company have said that Docker paid insufficient attention to security in the past, or that it has been slow to implement some security measures.
So it’s no surprise that with the new release — which is designed for large production environments — Docker is trying to counter this criticism by pushing the message that it is serious about security.
“It goes without saying that if this is going to be put into production environments, then security is table stakes,” said Messina. “Often security is added as an afterthought or developers have to go through hoops to provide it, and we wanted to take that away.”
You do have to wonder whose fault it is that developers have had to go through these hoops, but at least Docker is addressing the container security issue now. Better late than never, eh?
Examples of the security measures provided include integration with certificate authorities, TLS connections that fire up automatically between nodes, and the assignment of a cryptographic ID to each node.
“That means if any blackhat tries to spoof a node, it won’t be possible,” Messina explained. “These are very strong security attributes that have been built in out of the box.”
Clearing Up Confusion Between Swarm Mode and Docker Swarm
If you’re scratching your head in confusion about the difference between swarm mode and Docker Swarm, and what exactly is new here, Messina attempts to clear things up.
“Docker Swarm was a separate product, but now it is integrated in Docker Engine,” he said. “The security measures are new, the architecture that enables horizontal swarming using pieces of Swarm is new, and the fact that there are no single points of failure is also new,” said Messina.
(A word on that last point: Through the API, the swarm is aware of the application defined and will continuously check and reconcile the environment against the requirements of the application when something adverse happens, according to Docker. The state of all services is replicated in real time across a group of managers so containers can be rescheduled after any node failure.)
Docker 1.12 is currently in beta with GA planned for July.
Docker’s Relationship with Microsoft Strengthening
Docker also made two other significant announcements at DockerCon, and both show that there’s a strong and developing relationship between Docker and Microsoft. Firstly, Docker for Windows is now available in public beta.
“There is a user appetite for a more tuned and optimized product out of the box, and these give you a more native experience than the open source download,” Messina explained. (There’s also a Docker for Mac that’s been put in public beta too, in case anyone cares.)
Second, Docker announced Docker for Azure beta (as well as Docker for AWS).
The idea behind these is the same as for Docker for Windows, with plugins for Azure (and AWS) networking and volumes. Updates will be released in lockstep with Docker RC and GA releases. Docker for Azure and AWS are designed for the public cloud (obviously) and as such both start a fleet of Docker 1.12 Engines with swarm mode enabled out of the box.
All in all, it’s an impressive set of announcements for Docker as the company strives to make its container platform more convenient to set up and easier to use while heading off some of the competition.
But there’s also an awful lot of sidling-up-to-Microsoft-and-giving-it-coy-smiles going on here, isn’t there?
Microsoft is clearly smitten with Docker, and you have to wonder whether Docker has a future as an independent entity or whether this friendship will ultimately lead to acquisition.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.