dockercon 2016 keynoteEarlier this week I was at DockerCon 2016 – two busy days on all things Docker.

Originally going to do an overall recap of the show, I’m going to cut to the chase. Here’s my favorites of the DockerCon 2016: The first keynote, Microsoft’s Windows Server Internals talk, and talking with Rackspace folk about Carina.

The Keynote

The first morning keynote was impressive. Within 90 minutes, Docker unveiled significant threats towards several startups in the container ecosystem. Networking, clustering/orchestration, and application bundling were in Docker’s targets. Some knew Docker’s “swarm mode” was coming, some of us should have connected the dots. Most, though, were caught off-guard, including many vendors. Docker is turning out to be good at strategy and understanding customer needs. They might irk some in the near term, but in the long game they seem to be meeting customers’ needs.

What’s next?

With Swarm built-in, Docker is using a Raft consensus algorithm to reach consensus across a collection of nodes. So they’re a fraction away from having a distributed key/value store – built-in. Combine that with the built-in certificate management for swarm mode, and you have the makings for a secure key/value store. I expect we’ll see this announced before the end of 2016.

Favorite Talk: Docker and Windows Internals

My favorite talk was The Internals Behind Bringing Docker and Containers to Windows by Microsoft’s Taylor Brown and John Starks. Besides just being a good talk, it showed how serious Microsoft is taking the container thing. Much thought and effort has been put into the porting of Docker to Windows. I believe it’s going to be very interesting to see where Windows+Docker goes over the next 2-3 years. I’m looking forward to spending some quality time with Windows 2016 and containers, and addressing security on that platform.

I know I missed a few good talks. Particularly, I passed on Aaron Grattafiori’s The Golden Ticket: Docker and High Security Microservices. I expected it to be a recap of the excellent 120 page PDF NCC released a while ago so I skipped the talk. Afterwards I heard that he went even further into some areas. I’ll be spending plenty of time on YouTube after the videos are published!

The Hallway Track

docker crowdsMy third favorite thing from DockerCon 2016: The “hallway track.” I had great conversations with so many folks about how they use Docker, the issues they are running into, and the services that vendors are providing and how they see the ecosystem changing.

I had a few chances to chat with Rackspace folks about Carina – their new Container as a Service offering. I’ve had beta access and been experimenting with it, but I had misunderstood one key thing: When you spin up a Carina cluster, Carina provisions for you up to three “nodes.” I presumed these were virtual machines, but indeed they’re not. Carina’s running containers on bare metal in a multi-tenant model, and they have some tricks to keep things isolated. This is important to me, as one of key beliefs at Layered Insight is public cloud providers will be replacing VMs with containers – sooner rather than later. A good number of people I talk to in Silicon Valley think our expectations here are too aggressive, so it’s nice to see validation.

When you think about how you secure and manage your containers, this is a key thing to keep in mind: Native CaaS providers will not allow privileged containers, because it’s the equivalent of giving root access to the underlying infrastructure.

Next up: ContainerCon North America this August! I’ll be giving two (count with me – one, two) container-security related talks, hope to see you there!