This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
●Breaking patches can be investigated while “known good” images are kept in use
●Extremely portable
●Hardware independent
●Other environment can be set up, tested, torn down in minutes
PROBLEM
●Researchers want custom tool chains
●IT wants researchers on shared
infrastructure
●Researchers need to be able to
reproduce/share environment
Real-world Example #3: Research Computing
Serving Up Multiple Stacks
SOLUTION
●Run every job in a custom Docker-
formatted container
●Keep archive of old container images
with log of which version was used for
which job run
THE RESULT
●Self service: Researchers at Duke are starting to build their own Docker-formatted
container images to run their analysis
THE REALITY OF ADOPTING
CONTAINERS: WHAT ARE THE
TOP CHALLENGES?
Top Challenges by Container Users
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA
Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
TECHNOLOGY
Challenges Duke Is Seeing
PROCESS/STRATEGIC
CONTAINING THE MOST
INTERESTING APPLICATION
IN THE WORLD
The Reality: Security Implications
Security Inside the Container
●High vulnerabilities: ShellShock (bash), Heartbleed (OpenSSL), etc.●Medium vulnerabilities: Poodle (OpenSSL), etc.●Low vulnerabilities: gcc: array memory allocations could cause integer overflow
36% of official images available for download
contain high-priority security vulnerabilities
Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and Yoshio Turner, BanyanOps, May 2015