By Rajat Bhargava Posted January 8, 2016
Docker is one of the hottest IT solutions on the market right now. Containers are viewed as the next generation in application deployment. Their convenience and architecture will replace virtual servers over the next few years. At least that’s one theory. As Docker has grown in popularity, there has been a shift in its use. Not only is Docker being used for small projects, but it’s also being employed to manage large scale roll outs in production environments where many IT professionals – developers, devops, and sysadmins – play active roles in its management. There are a number of different Docker and container management solutions emerging. It’s no surprise, really, given the popularity and adoption of the core technology. And, as larger teams assemble and begin to coordinate the installation of this technology, one of the more challenging aspects will be overall user management. Let’s talk about this in greater detail, shall we?
Docker User Management Support
Docker recently announced support for managing users of its Registry, management tools, and Trusted Registry via Microsoft Active Directory or LDAP. As your development and devops users manage their containers, an authoritative governing directory enables your teams to manage who should be able to deploy, manage, change, and update images within the Docker system.
Daas and Docker Integration via LDAP
JumpCloud’s Directory-as-a-Service has direct integration with Docker through LDAP. Now, organizations can manage their Docker users securely from within JumpCloud. Users are added to the JumpCloud cloud-based directory service where they can be grouped and accordingly assigned varying levels of permissions. These user permissions determine the access and component administration of the Docker management process. Detailed instructions on how to add support for Docker from JumpCloud’s Directory-as-a-Service are available within the Knowledge Base found here.
Understanding the Architecture of Docker Containers
Docker containers are much like virtual servers, albeit less substantial. While each container has a copy of the complete OS file system, it only runs the programs necessary for supporting the container’s application and purpose. As a result, containers eliminate the overhead and duplication of running a full operating system on virtual servers. Along with the need to scale applications came the ease with which to horizontally scale Docker containers. With bare metal servers and virtual servers, users are managed directly on these servers. There is really no sense in managing users within the container, since it likely only has one task; in a sense, it’s a throwaway. As new versions of the container are created, the existing container is destroyed and replaced with an updated version. Directory backed container users are responsible for governing the system that runs the container architecture. Therefore, these users act as authorized accounts when executing the container.
Containing the Growth of this Technology
Since the growth of this technology is an issue that’s becoming increasingly more important to development and devops teams, managing the fleet of containers is critical. Knowing who can setup container images, what infrastructure they can run on, and what they can do with them is crucial to maintaining control and security. Over time, an infrastructure will have a variety of different container types, with the development and operations teams taking ownership for their respective pieces. From a high-level perspective, container permissions need to be managed as if they exist in a regular server or virtual world.
Docker Stays Afloat on the Directory-as-a-Service Cloud
Centralized user management is critical in any organization. Directory-as-a-Service has been focused on centralizing user access and management with systems, applications, and networks. Docker containers need to be included within that framework, since it is designed to provide user authentication, authorization, and permissions. As the infrastructure moves to Docker, the same user management systems will work for development and operations organizations. If you would like to learn more about how to integrate Docker into your identity management infrastructure, drop us a note. Or, feel free to give our new Docker integration a try for yourself.