BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Docker Enterprise Edition has strengthened its case for large IT buyers of container orchestration tools, with new OS support, security and policy-based automation features.
Docker-supported OS types now include IBM z Systems mainframe OSes and Microsoft Windows Server 2016, as well as mixed clusters and applications that run on mainframes, Windows and Linux. Fine-grained, role-based access control and policy-based automation for container images through a DevOps pipeline also are part of this August Docker Enterprise Edition release.
With the addition of these Docker-supported OS features, Windows and Linux containers, as well as mainframe-based ones, can share a cluster of hosts. With this release, mixed OS containers can also be stacked, using a newly developed overlay network, into hybrid applications that may mix, for example, Apache Tomcat servers with Microsoft SQL Server databases.
This will be a key feature for enterprise IT shops that plan to move to container orchestration in the next year or two and use it to modernize legacy applications, said Chris Riley, director of solutions architecture at cPrime, an Agile software development consulting firm in Foster City, Calif.
"Deep container adoption within traditional enterprises is in its formative stages," Riley said. "The addition of z Systems and Windows [Server] native support will show benefits in the next couple of years, as companies upgrade their Windows infrastructure and coordinate that with their mainframe systems."
Mainstream enterprises aren't yet demanding hybrid clusters and applications, according to analysts. However, Docker officials have said HR software giant ADP -- one of the primary beta testers of this Docker Enterprise Edition release -- already mixes and matches Docker-supported OS workloads.
"Typically, these applications are managed separately, but as enterprises move to microservices and DevOps, the ability to manage applications with the same process, regardless of operating system, will be desirable," said Jay Lyman, analyst at 451 Research.
Enterprises also want to run hybrid cloud infrastructures; this portends a future in which such infrastructures are much more flexible and container portability means apps can run anywhere. Docker seems attuned to this with the features it's chosen for this release, Lyman said.
Enterprises that want these abilities from Docker Enterprise Edition should be prepared to open their wallets. Some of the most advanced features introduced in the August 2017 release -- such as node-based security isolation for multi-tenant environments, policy-based container image promotion in DevOps pipelines and continuous security vulnerability scanning -- require Docker Enterprise Edition Advanced licenses, which are priced at $3,500 per node, per year. Advanced licenses also must be purchased separately for Windows and Linux servers.
The pricing makes it clear that Docker is going after "big fish" customers, Lyman said. "They're clearly looking to drive larger deal sizes, as is the Kubernetes community of vendors -- and that's driving intense competition, as well as innovation."
Kubernetes complexity makes IT shops look twice at Docker
The Docker Enterprise Edition update comes weeks after rival container orchestration platform Kubernetes made its appeal to enterprise IT shops with support for granular network security and stateful application support in June's version 1.7.
Jay Lymananalyst at 451 Research
"These two are increasingly competing and evolving together," 451's Lyman noted. "To some extent, you see [the Kubernetes community and Docker] making moves responsive to what the other is doing."
Kubernetes and the many commercial container orchestration packages that bundle it for enterprises, such as CoreOS's Tectonic and Red Hat's OpenShift, boast reference customers that include Experian, Deutsche Bank, BMW and T-Systems. But big companies also came out in favor of Docker's container orchestration this year, from ADP to Hyatt Hotels and The Northern Trust Company. While Kubernetes was an early mover in the container orchestration space and is backed by the experience of web-scale companies such as Google, Docker has made advanced security features generally available in its products, while many in the Kubernetes community remain in beta.
For some enterprises, Docker swarm mode appeals in contrast to the reputation that Kubernetes has for management complexity. One such firm is Rosetta Stone, which has evaluated Docker swarm mode for its container orchestration against Kubernetes and concluded that Kubernetes would be "overkill" for its container orchestration needs.
"Each of our microservices is crazy simple -- just web apps," said Kevin Burnett, DevOps lead for the global education software company in Arlington, Va. "We want to use the simplest possible orchestration tool that supports our use case."
Docker container orchestration also appeals to enterprises, because it comes from the same vendor that popularized Linux containers in Docker. Adding Docker swarm mode to Docker Engine means that much of Docker's container orchestration is already installed with the infrastructure that Rosetta Stone already runs.
However, the company is not inclined to pay the price for the advanced features in Enterprise Edition, and it likely would adopt the open source Community Edition, Burnett said.
"The features they're adding in this release were not for customers like us, in my estimation," Burnett said. Rosetta Stone has some Windows infrastructure it acquired with another company, but is moving away from that and doesn't have mainframe workloads.
"The security stuff seems nice, but it doesn't seem like they've added major features and wouldn't tip the scales," Burnett said.
Startup companies stepped up to solve container security woes
Kubernetes made security a top priority in its update
Streamlining the DevOps tool set made all the difference for ServiceMaster