Managing Users In Docker

By Rajat Bhargava Posted April 14, 2016

Docker has turned the IT infrastructure world upside down. Just when everybody was moving away from bare metal servers and embracing virtual servers and Infrastructure-as-a-Service, the folks at Docker have revolutionized the idea of containers. While the Linux OS is no stranger to the concept of containers, it didn’t start to take off until Docker streamlined the process. And boy, did it take off! Docker is perhaps the hottest technology in the IT infrastructure world. To make this solution even more usable and manageable within IT organizations, they just released the ability to manage users with LDAP.

Take Advantage of the Docker Difference

How does managing Docker containers differ from managing users on bare metal servers or even virtual servers? With more conventional server approaches, users are managed directly on the systems themselves. Users are created, and varying levels of access can be granted based on requirements. Users can be prompted for passwords, SSH keys, or even multi-factor authentication tokens. With containers, it’s more about who can manage the containers rather than who has access inside of the containers. Of course, containers still live on hardware servers. The notion of who has access to that server doesn’t go away, but it doesn’t translate specifically to who has access to the container infrastructure.

Tap into LDAP

You can think of Docker as an application where you grant rights to the people of your choosing. Those rights can extend to individuals that can create, modify, deploy, and terminate containers. Of course, these rights are critical because the Docker containers could be running your production infrastructure or crucial applications. Until recently, that process was run manually. Users would be created within Docker and managed there. There was no ability to connect to a third-party directory service. However, that has changed; Docker now connects via LDAP to a core directory service. Obviously, the benefit is that your users can be centrally managed, and rights can be granted so that permissions are consistent across applications. Another benefit is that provisioning and de-provisioning can be done once and propagated to numerous IT resources saving time and increasing security.

LDAP-as-a-Service: All Gain, No Pain

The challenge for ops personnel and IT is that managing LDAP is painful. The setup, configuration, and ongoing maintenance are all time-consuming tasks. And, LDAP requires significant expertise and experience. JumpCloud offers an LDAP-as-a-Service platform that takes the heavy lifting off of ops and IT. The virtual LDAP service functions by having a global cloud-based LDAP directory infrastructure. Applications can be pointed to authenticate to this highly available network of LDAP directory servers. The LDAP infrastructure is backed by JumpCloud’s Directory-as-a-Service® architecture that centrally stores user information and federates those credentials to LDAP, SAML, RADIUS, SSH, REST, and other protocols. This ensures that a wide variety of devices, applications, and networks can authenticate with the SaaS-based directory service.

Managing Users in Docker is Easy with JumpCloud

For Docker users, the cloud LDAP platform is ideal as it pushes all of the core infrastructure out to the cloud reducing the level of effort on ops and IT. The organization can focus on the application that’s running within Docker rather than the infrastructure. If you would like to learn more about how your Docker infrastructure can be authenticated via JumpCloud’s LDAP-as-a-Service platform, drop us a note. We’d be happy to discuss it with you. Or, feel free to give JumpCloud’s Directory-as-a-Service a try. Your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts