Docker CEO On Delivering Containers To The World's Largest Enterprises And Why Partners Are Critical
Steve Singh spoke at this week's DockerCon conference about his company's strategy around Docker Enterprise 3.0 and what partners bring to the table in delivering Docker as SaaS.
Pioneering container software developer Docker introduced the latest major update to its enterprise containerization platform, Docker Enterprise 3.0, at this week's DockerCon conference in San Francisco.
At a closed session with reporters, Docker CEO Steve Singh and some of his product executives shared the company's strategy for developing its feature sets and offering them to the world's largest enterprises in multiple forms.
"Our investment in the enterprise platform is a huge part of how we grow this business and how we serve our customers," Singh said. "We have come a long ways over the last few years in building our platform in a way that customers can get meaningful value out of it."
Singh explained the strategy behind first delivering a hosted version of its enterprise container management platform through partners, and also addressed a recent security breach of the Docker Hub container image repository.
"We're not just hitting our stride," Singh said of the business. "We're really solving problems with deep commitments to our customers.
Docker has decided to offer a hosted, fully managed version of its enterprise container management platform through partners.
The product, and the program, are called Docker Enterprise-as-a-Service—launched this week with Capgemini as the first provider.
"You should expect that we will have multiple partners on this front," Docker CEO Steve Singh said.
It's "really driven by customers," Singh added. "Who are their partners and who do they rely on for their application migration, development strategies."
While "Capgemini was a great partner," Singh said other "fantastic regional systems integrators, like Capstone" are making sure Docker's service is "is available anywhere the customer wants it."
What Partners Bring To The Table In Delivering Docker As SaaS
Docker is highly capable of running a shared SaaS service, as it has done for years with its Docker Hub container image repository, said Banjot Chanana, senior director of product management.
"But that's not the same level of requirements that a large enterprise needs, so we wanted to make sure we had best-of-breed capabilities, along with best understanding of how to deliver that to the G 10k."
"While we are experts at developer productivity and providing an enterprise container platform, what Capgemini can bring to the table here is the understanding of the regulatory environment and the way in which large enterprise customers need to be able to consume these capabilities and the level of certification that needs to happen beneath it," Chanana said.
A partner like Capgemini "brings a lot of expertise to running these types of environments."
Docker SaaS For SMB Coming?
While Docker has launched a partner program to offer a hosted service built on its Docker Enterprise platform, the company might soon look to offer its own SaaS solution to empower both smaller customers, and specific divisions within large enterprises.
" Our focus for the last two years has been to make sure we can deliver a scale, enterprise solution. That’s Docker Enterprise, and obviously 3.0 was the most recent announcement on that. That's predominantly focused on the G 10K—the biggest companies in the world," Singh said.
While Docker offers a Community Edition of its products, SMBs are often buying the enterprise version.
"I might argue that's more than they need, or even maybe they'd like to consume it a different way. Within the small groups within the enterprise, there's a need for a different consumption model of the Docker Enterprise platform," Singh said.
"So I think its rational to assume that at some point in the not-to-distant future, you might see us deliver the Docker Enterprise platform as a SaaS offering that can be purchased or consumed in a model that's more designed for SMBs and groups," he said.
Docker Hub Breach
In a private session with reporters, Docker CEO Steve Singh addressed a data breach impacting almost 200,000 customers using the Docker Hub repository for storing container images. Docker detected the intrusion on April 25.
"There are bad actors in the world and they do things we just have to contend with," Singh said.
Docker has resolved the "really small intrusion" around Hub, Singh said, "but we want to take this and say, 'how do we get to the point where across the entire software supply chain … it's security by design. And this is an opportunity for us to say, let's own that problem, let's make sure we get better from it. That's where we are."
Banjot Chanana, Docker's senior director of product management, said the security incident impacted less than 5 percent of Docker's user base. All those impacted were notified immediately, "so we reacted quickly and as transparently as we could about what was happening what they needed to do immediately."
"It's never a question if you're going to get hacked," Chanana said. "It's when."
Singh said Docker knows how the hackers penetrated its system, but he cannot share that info since there's an ongoing forensic investigation.
While Singh wouldn't directly talk about Docker's outreach to law-enforcement, he said Docker has implemented a standard process for reacting to security breaches that involves bringing in external help to do forensic analysis.
"That’s how we did it when I ran Concur. That's how we run things here," Singh said. "A professional, standardized model, this is how we react, this is what we get done, this is the expertise we bring in."
Kubernetes vs. Swarm
While Kubernetes has become a standard for container orchestration, Docker still sees value in supporting its native orchestrator, Swarm.
Customers like Citizens Bank have actually moved some infrastructure running on Kubernetes back to Swarm. And there are Edge use cases in particularly where Swarm is a better fit.
"What it really speaks to is Kubernetes is still very difficult to use," Docker CEO Steve Singh told reporters.
Which doesn't mean Docker wants to back away from Kubernetes. The objective is to make Kubernetes as easy to use as Swarm, he said.
"In long term, Kubernetes is going to be the default orchestration layer. And we don’t have any issues with that. We want that to happen," Singh said.
But Docker will continue to support its Swarm project. "We have commitments to our customers and we want to make sure we always honor them," Singh said.
"My feeling is that one day we will have that same ease of use in our Kubernetes support, and then the customer can say, 'hey look we're going to use Kubernetes because you've made it so accessible I can do this in the Docker platform. Until that day comes about, we're just going to continue to support both of them. It's your choice, you get to decide."
Docker 3.0 introduced Docker Applications, which makes it easier to share multi-container applications across the application development pipeline.
Docker Applications is "the container of containers," said Banjot Chanana, Docker's senior director of product management.
"In providing the container format, we're able to take individual components of the application and brig portability and management to those components," Chanana said.
"When you define something as complex as a set of microservices that maybe using cloud services and maybe using containers and some of it on physical servers, the application now becomes fairly complicated to describe in one layer. You can't describe it just with a single tool or a single set of automation tools, you now actually need multiple tools," Chanana said.
Docker Applications provides a way for bringing those tools—Docker Compose files, Helm charts, Kubernetes YAML files—into one packaged format so they can run on any infrastructure on any environment, he said.
The new feature is the implementation of the CNAB (Cloud Native Application Bundles) specification Docker has developed jointly with Microsoft.
Introducing Istio Service Mesh
Istio is quickly becoming the standard for service mesh, an emerging technology that lends better visibility into micro-services deployments.
Docker waited until this week to finally adopt that open source technology as an integrated solution in its container platform.
Docker CEO Steve Singh said on the choice of Istio, "it wasn't a debate in our mind."
"The issue was just a question of prioritization and when we wanted to go focus on it," Singh said.
Jenny Fong, Docker's director of product marketing, said the leading service mesh technology was introduced in a way consistent with Docker's philosophy to providing customers with choice: "Batteries included, but swappable."
"We want to make it easy out of the box, which means getting it integrated into the platform," Fong said. "But also we've generally made things modular so if they need to replace it with a different solution, they can."