SlideShare a Scribd company logo

Advanced Access Control with Docker EE

Docker, Inc.
Docker, Inc.

The document outlines the advanced access control implemented in Docker Enterprise Edition, detailing the permissions and roles assigned to different teams at Orcabank, including payments, mobile, operations, and admin roles. Each team is granted specific capabilities regarding container viewing, managing secrets, and utilizing resources tailored to their functions. Additionally, it mentions the introduction of dedicated nodes for different teams and discusses the cluster architecture used for operations.

Technology
1 of 24
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Docker Enterprise Edition Advanced Access Control Mark Church Solutions Architect, Docker Inc. @churchofmark October, 2017
app container platform physical infrastructure app appapp Team Mobile Team Payments Company Acquisition sharing is caring
container 1 app container 2 app host CPU memory I/O storage secrets images networks volumes services virtual resources physical resources host host users
• Payments team can view their containers and logs only • Mobile team can view their containers and logs only • Admins - Full capabilities, full stack • Ops team Full capabilities against application nodes Access Control at OrcaBank
roles Admin Ops Dev
/production /mobile /payments UCP Controller UCP Workers containerscontainers containerscontainers secret volumes secret networks secret secrets UCP Controller UCP Workers secret configs secret volumes secret networks secret secrets secret configs collections
Payments Team/production/payments Dev Role Collection Subject Role grants GRANT
• Admins - Full capabilities, full stack • Ops team Full capabilities against application nodes • Payments team can view their containers only • Mobile team can view their containers only Access Control at OrcaBank
secret app db mobile volume app network payments app db network app app network volume secret config Shared UCP Controller UCP Controller UCP Controller UCP Controller UCP Controller Docker Trusted Registry System UCP Cluster
/ ├── Shared │ ├── app nodes │ ├── mobile │ └── payments └── System └── infra nodes OrcaBank collection architecture
UsersTeamsGrantsCollections grant mobile payments ops admins Roles Full Control Dev grant / DevelopersDevelopersInfra Admins DevelopersDevelopersDevelopers DevelopersDevelopersDevelopers DevelopersDevelopersSREs / Ops /Shared/mobile grant/Shared/payments grant/Shared Ops grant composition
UCP Controller UCP Controller UCP Controller /System /Shared secret app db UCP Controller UCP Controller Docker Trusted Registry UCP Controller UCP Controller Worker Nodes /mobile volume app network /payments app db network app app network volume secret config
UCP Controller UCP Controller UCP Controller /System /Shared secret app db UCP Controller UCP Controller Docker Trusted Registry UCP Controller UCP Controller UCP Workers /mobile volume app network /payments app db network app app network volume secret config Payments Team ● View containers ● View services ● View logs ● Container Inspect No Access
UCP Controller UCP Controller UCP Controller /System /Shared secret app db UCP Controller UCP Controller Docker Trusted Registry UCP Controller UCP Controller UCP Workers /mobile volume app network /payments app db network app app network volume secret config Mobile Team ● View containers ● View services ● View logs ● Container Inspect No Access No Access
UCP Controller UCP Controller UCP Controller /System /Shared secret app db UCP Controller UCP Controller Docker Trusted Registry UCP Controller UCP Controller UCP Workers /mobile volume app network /payments app db network app app network volume secret config Ops Team ● All Resources ○ Deploy ○ View ○ Update ○ Destroy No Access
OrcaBank “DevOps” Cluster New Requirements • Mobile Team - Full capabilities to deploy in “mobile” collection • Payments Team - Full capabilities to deploy in “payments” collection • DB Team - Full capabilities to deploy in “db” collection • Each team will also have dedicated nodes
UCP Controller UCP Controller UCP Controller System UCP Controller UCP Controller Docker Trusted Registry mobile paymentsdb UCP Controller UCP Controller Worker Nodes UCP Controller UCP Controller Worker Nodes UCP Controller UCP Controller Worker Nodes collection architecture
/ ├── Shared │ ├── app nodes │ ├── mobile │ └── payments └── System └── infra nodes / ├── Shared ├── System │ └── infra nodes ├── db │ └── app nodes ├── mobile │ └── app nodes └── payments └── app nodes diff
/ ├── Shared ├── System │ └── infra nodes ├── db │ └── app nodes │ ├── payments │ └── mobile ├── mobile │ └── app nodes └── payments └── app nodes consumer/provider relationships
UCP Controller UCP Controller UCP Controller /System UCP Controller UCP Controller Docker Trusted Registry /mobile /payments app app network volume config app app network /db /mobile /payments volume network db secret volume network db secret UCP Controller UCP Controller Worker Nodes UCP Controller UCP Controller Worker Nodes UCP Controller UCP Controller Worker Nodes collection architecture
AD/LDAP Users AD/LDAP GroupsTeamsGrantsCollections AD_db AD_pay AD_admin db payments admins DevelopersDevelopersInfra Admins DevelopersDevelopersDB Ops DevelopersDevelopersDevOps grant/db grant/ grant grant /payments /db/payments AD_mobmobile DevelopersDevelopersDevOps grant grant /mobile /db/mobile Roles Admin View & Use Networks + Secrets Ops
UCP Controller UCP Controller UCP Controller /System UCP Controller UCP Controller Docker Trusted Registry /mobile /payments app app network volume config app app network /db /mobile /payments volume network db secret volume network db secret Collection Architecture UCP Controller UCP Controller UCP Workers UCP Controller UCP Controller UCP Workers UCP Controller UCP Controller UCP Workers DB Team ● All Resources ○ Create ○ Update ○ View ○ Destroy ○ Schedule No Access No Access
UCP Controller UCP Controller UCP Controller /System UCP Controller UCP Controller Docker Trusted Registry /mobile /payments app app network volume config app app network /db /mobile /payments volume network db secret volume network db secret Collection Architecture UCP Controller UCP Controller UCP Workers UCP Controller UCP Controller UCP Workers UCP Controller UCP Controller UCP Workers Mobile Team ● All Resources ○ Create ○ Update ○ View ○ Destroy ○ Schedule No Access Mobile Team Networks & Secrets ○ View ○ Use No Access
Docker EE Hosted Demo ● Free 4 Hour Demo ● No Servers Required ● Full Docker EE Cluster Access And hands on labs! docker.com/trial

More Related Content

What's hot (20)

PDF
Continuous Packaging is also Mandatory for DevOps
Docker, Inc.
 
PDF
Docker Multi-arch All The Things
Docker, Inc.
 
PDF
Android Meets Docker
Docker, Inc.
 
PPTX
DockerCon EU 2015: Placing a container on a train at 200mph
Docker, Inc.
 
PPTX
Docker Online Meetup: Announcing Docker CE + EE
Docker, Inc.
 
PDF
Skynet vs. Planet of The Apes: Duel!
Docker, Inc.
 
PDF
Modernizing Java Apps with Docker
Docker, Inc.
 
PDF
How Docker EE Helps Open Doors at Assa Abloy
Docker, Inc.
 
PDF
Docker for Java Developers - Fabiane Nardon and Arun gupta
Docker, Inc.
 
PDF
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
PDF
Docker Platform Internals: Taking runtimes and image creation to the next lev...
Docker, Inc.
 
PDF
Considerations for operating docker at scale
Docker, Inc.
 
PDF
Developing Microservices Directly in AKS/Kubernetes
Chakradhar Rao Jonagam
 
PDF
Modernizing Traditional Applications with Docker EE: From PoC to Production
Docker, Inc.
 
PDF
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
PPTX
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
PPTX
Docker Bday #5, SF Edition: Introduction to Docker
Docker, Inc.
 
PDF
From Code to Kubernetes
Daniel Oliveira Filho
 
PDF
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
Docker, Inc.
 
PDF
Packaging software for the distribution on the edge
Docker, Inc.
 
Continuous Packaging is also Mandatory for DevOps
Docker, Inc.
 
Docker Multi-arch All The Things
Docker, Inc.
 
Android Meets Docker
Docker, Inc.
 
DockerCon EU 2015: Placing a container on a train at 200mph
Docker, Inc.
 
Docker Online Meetup: Announcing Docker CE + EE
Docker, Inc.
 
Skynet vs. Planet of The Apes: Duel!
Docker, Inc.
 
Modernizing Java Apps with Docker
Docker, Inc.
 
How Docker EE Helps Open Doors at Assa Abloy
Docker, Inc.
 
Docker for Java Developers - Fabiane Nardon and Arun gupta
Docker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
Docker Platform Internals: Taking runtimes and image creation to the next lev...
Docker, Inc.
 
Considerations for operating docker at scale
Docker, Inc.
 
Developing Microservices Directly in AKS/Kubernetes
Chakradhar Rao Jonagam
 
Modernizing Traditional Applications with Docker EE: From PoC to Production
Docker, Inc.
 
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker, Inc.
 
From Code to Kubernetes
Daniel Oliveira Filho
 
A Story of Cultural Change: PayPal's 2 Year Journey to 150,000 Containers wit...
Docker, Inc.
 
Packaging software for the distribution on the edge
Docker, Inc.
 

Similar to Advanced Access Control with Docker EE (20)

PPTX
Docker Datacenter Overview and Production Setup Slides
Docker, Inc.
 
PDF
How to accelerate docker adoption with a simple and powerful user experience
Docker, Inc.
 
PPTX
DockerCon EU 2015: Docker Universal Control Plane (Gordon's Special Session)
Docker, Inc.
 
PPTX
Docker Roadshow 2016
Docker, Inc.
 
PDF
Securing the container DevOps pipeline by William Henry
DevSecCon
 
PPTX
DockerCon 16 General Session Day 2
Docker, Inc.
 
PPTX
Container security Familiar problems in new technology
Frank Victory
 
PDF
iExec: Blockchain-based Fully Distributed Cloud Computing
Gilles Fedak
 
PDF
How to containerize at speed and at scale with Docker Enterprise Edition, mov...
Kangaroot
 
PDF
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
PPTX
Docker EE 2.0 Choice, Security & Agility
Ashnikbiz
 
PDF
How to use hybrid cloud to migrate and deploy unified business applications i...
Eric D. Schabell
 
PDF
Docker Containers Security
Stephane Woillez
 
PPTX
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
PDF
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
PPTX
Docker for Ops: Operationalize your Docker Built Apps in Production by Evan H...
Docker, Inc.
 
PDF
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Docker, Inc.
 
PPTX
Erik Baardse - Bringing Agility to Traditional application by docker
Agile Impact Conference
 
PDF
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker, Inc.
 
PPTX
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Docker Datacenter Overview and Production Setup Slides
Docker, Inc.
 
How to accelerate docker adoption with a simple and powerful user experience
Docker, Inc.
 
DockerCon EU 2015: Docker Universal Control Plane (Gordon's Special Session)
Docker, Inc.
 
Docker Roadshow 2016
Docker, Inc.
 
Securing the container DevOps pipeline by William Henry
DevSecCon
 
DockerCon 16 General Session Day 2
Docker, Inc.
 
Container security Familiar problems in new technology
Frank Victory
 
iExec: Blockchain-based Fully Distributed Cloud Computing
Gilles Fedak
 
How to containerize at speed and at scale with Docker Enterprise Edition, mov...
Kangaroot
 
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
Docker EE 2.0 Choice, Security & Agility
Ashnikbiz
 
How to use hybrid cloud to migrate and deploy unified business applications i...
Eric D. Schabell
 
Docker Containers Security
Stephane Woillez
 
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
Docker for Ops: Operationalize your Docker Built Apps in Production by Evan H...
Docker, Inc.
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Docker, Inc.
 
Erik Baardse - Bringing Agility to Traditional application by docker
Agile Impact Conference
 
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker, Inc.
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Ad

More from Docker, Inc. (20)

PDF
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
 
PDF
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
PDF
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
PDF
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
 
PDF
Hands-on Helm
Docker, Inc.
 
PDF
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
PDF
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
 
PDF
Monitoring in a Microservices World
Docker, Inc.
 
PDF
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
PDF
Predicting Space Weather with Docker
Docker, Inc.
 
PDF
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
 
PDF
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
 
PDF
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
PDF
Kubernetes at Datadog Scale
Docker, Inc.
 
PDF
Labels, Labels, Labels
Docker, Inc.
 
PDF
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
PDF
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
PDF
Developing with Docker for the Arm Architecture
Docker, Inc.
 
Containerize Your Game Server for the Best Multiplayer Experience
Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
Docker, Inc.
 
Hands-on Helm
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
Docker, Inc.
 
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Docker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Docker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Docker, Inc.
 
Labels, Labels, Labels
Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 
Developing with Docker for the Arm Architecture
Docker, Inc.
 
Ad

Recently uploaded (20)

PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
Biography of Daniel Podor.pdf
Daniel Podor
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 

Advanced Access Control with Docker EE