Updated on May 31, 2018 by UpGuard
Build once, configure once and run anywhere. Sound familiar? Numerous companies have had a crack at this over the years. Sun was the first with Java and JVM: a platform-independent language and runtime environment that enables developers to build programs that are at once compiled and interpreted, allowing them to be run from anywhere a version of the JVM exists. Docker, the latest company to adopt the mantra, has a similar value proposition--except in this case we’re dealing with servers, not code.
Their technology deploys software applications with all the necessary parts in a container, thereby ensuring it will run on any Linux server, regardless of configuration and/or settings. Containers can be created, configured, and saved as templates for use on other hosts running the Docker engine. These templates can then be used to create more containers with the same OS, configuration, and binaries.
Docker Containers vs. VMs
Though both Docker containers and VMs use mechanisms for virtualization and abstraction, a fundamental difference lies in virtualization scope: VMs contain the full OS, while Docker containers share a single OS with the host machine. Since the support of multiple guest operating systems with a hypervisor is absent, Docker containers are especially lightweight and portable.
Take a look at the following graphic comparing VMs to Containers.
Diagram courtesy of Docker, Inc.
Note that the VM must load the hypervisor layer (see above diagram) as well as one instance of the guest OS for each desired app instance. In contrast, containers do away with the resource-intensive hypervisor layer, and can support any number of app instances running on top of the host OS.
In this paper comparing container and virtual machine environments, IBM tested Docker and KVM against CPU, memory, network and I/O benchmarks. Unsurprisingly, Docker outperformed KVM in every case tested. So while VMs are appropriate in use cases requiring full-machine virtualization, Docker containers boot quicker and require less system resources, making them highly suitable for packaging and shipping apps to run anywhere.
The Docker Hub
A reoccuring theme in the Docker world is speed: in quicker development, faster performing apps, and easier shipping and deployment. Similar to Amazon’s AWS Marketplace, where one can find community-contributed Amazon Machine Images for launching server instances quickly, the Docker Hub features a repository of community-contributed components for creating and publishing custom Docker containers quickly.
Some official Docker repositories. Image courtesy of Docker, Inc.
For example, a developer building a MySQL-backed SaaS app can use the Oracle Linux and MySQL images in Docker Hub to quickly spin up a server with the necessary components. This eliminates the need to build and configure each OS or application component by hand.
In short, Docker is ideal for building, shipping, and running portable cloud apps. If you’re anxious to get hands-on with Docker immediately, check out this interactive demo on the Docker site. And be sure to check back for Part 2 of this article, where we’ll take a closer look at Docker’s features, and find out how GuardRail can be used for monitoring container configurations, scanning differences and changes, and verifying test/production environments.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.