Latest Docker Release Offers New Features for IT Managers

large_v-transDocker continues to push its platform for assembling, installing, and running applications in Linux containers into more business data centers and now focusing more on security and high availability.

The most recent release of Docker, Docker 1.10, which came out before this month, adds lots of characteristics that are significant to IT managers that set up containerized applications in their data centers.

  • Automatic Rescheduling If There Is Server Failure

When a node in the cluster fails, Swarm, Docker’s software for handling server clusters to containerized applications, can now automatically reschedule containers. Because it’s not unaware which containers run on which node, if any of the nodes fail, it is going to schedule those containers to run on a stable node.

  • Advanced Clustering Features

In the past, if the node failed to connect to a cluster, the cluster would boot and launch without waiting for the node to connect.  However, in the new release the node will continue to connect to the cluster until a stable connection is made.  The system is designed to keep trying for specific numbers of time before giving up on the connection.

  • Individual Privileges for Host and Container

Many users raised the security issue where access privileges inside the contained can impact the access privileges outside the container.  Therefore, the new release splits the access between the inside and out of the container.  This ensures that any user inside the container is not able to access the permissions on the host level thus limiting the amount of damage a root user inside a contained can unleash on the host.

When programmers assemble programs that are containerized, they generally do not understand what network stack their programs will run on in the data center. The network is an abstraction. They would like to reference a particular network stack when IT managers set up the program, which new feature enables simple mapping involving the abstraction of the network of the program as defined from the programmer as well as the execution of the network interface in the data center.