By Greg Keller Posted March 15, 2016
Docker Registry and Trusted Registry are supporting integration with Microsoft Active Directory. With more organizations deploying Docker than ever before, controlling who has the ability to create, modify, and deploy Docker containers is a critical management activity. To that end, Docker has enabled the ability for authentication to be done through Active Directory or LDAP. What’s the most pressing challenge for Docker users? More often than not, their Docker infrastructure and their directory services are located in two places. That causes extra work and potential security issues.
Docker Containers Create Waves of Change
Docker containers are the next generation of IT infrastructure. Virtual servers were a paradigm shift from bare metal servers; containers represent a similar fundamental shift. Developers and operations personnel now have a powerful tool to leverage to create more scalable applications in less time. The concept of containers isn’t new, but Docker has dramatically changed the ease of use and the toolset to make them ubiquitous. Developers and operations personnel can simply build containers, and ensure that they perform exactly as they did in their development environment. This guarantees that there are no changes needed. From there, the containers can be deployed with the OS components necessary to run the application. This lightens the load of running the application in comparison to a full virtual machine with the application. Another benefit of this approach is that the infrastructure can be horizontally scaled with ease. There is little doubt that developers will be building in a container-filled world. As a result, managing user access to the Docker infrastructure is much like managing access to source code or the production infrastructure.
Navigating the Choppy Waters of Docker Active Directory Integration
It is possible to connect Docker to your on-prem Microsoft Active Directory instance. While that capability exists, our sense is that organizations may find it difficult to leverage. Much like connecting AWS servers to an on-prem Active Directory server is problematic, so too is the task of integrating Docker with AD. Why? Because there are significant challenges of connecting infrastructure that may be cloud hosted with an on-prem AD. Networking the two IT systems together often takes some additional work, including potentially creating and managing a VPN. Historically, AD has not been exposed to the Internet, so security is another major issue. Ensuring that the system is still secure is critical as it houses the core user identities. Simply put, there may be better ways to connect your Docker infrastructure with your core directory services.
DaaS Never Leaves You High and Dry
If you are leveraging Active Directory, it may be wise to use a directory extension solution to connect to cloud-based infrastructure and non-Windows platforms. What is the benefit of syncing your users to a cloud-based directory that integrates with your AD? You get a secure, cloud-based mirror of your AD while avoiding jumping through any networking hoops. Your users can be synced to the cloud-hosted directory which Docker then employs to authenticate user access. For those organizations that aren’t currently using an on-prem directory service, implementing a cloud-based SaaS directory may be preferable. By hosting everything in the cloud, IT admins eliminate the overhead of purchasing, implementing, and managing a number of IT systems. The benefits are twofold: a reduction in cost and time. Directory-as-a-Service® platforms support a wide range of systems, applications, and networks.
If you are considering how to integrate Docker with Active Directory or LDAP, drop us a note. We’d be happy to talk about the best ways to implement the two technologies. Or, if you would like to try the integration yourself, feel free to sign-up for a JumpCloud Directory-as-a-Service account. Your first 10 users are a free forever.