document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-21 02:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3236 from bazz2/master

Browse Source 
[translated by bazz2]Docker Working on Security Components Live Conta…
This commit is contained in:
Xingyu.Wang 2015-08-24 15:21:01 +08:00
commit 885d75e021
2 changed files with 53 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
sources/talk/20150818 Docker Working on Security Components Live Container Migration.md
View File

@ -1,54 +0,0 @@
[bazz2 translating]
Docker Working on Security Components, Live Container Migration
================================================================================
![Docker Container Talk](http://www.eweek.com/imagesvr_ce/1905/290x195DockerMarianna.jpg)
**Docker developers take the stage at Containercon and discuss their work on future container innovations for security and live migration.**
SEATTLE—Containers are one of the hottest topics in IT today and at the Linuxcon USA event here there is a co-located event called Containercon, dedicated to this virtualization technology.
Docker, the lead commercial sponsor of the open-source Docker effort brought three of its top people to the keynote stage today, but not Docker founder Solomon Hykes.
Hykes who delivered a Linuxcon keynote in 2014 was in the audience though, as Senior Vice President of Engineering Marianna Tessel, Docker security chief Diogo Monica and Docker chief maintainer Michael Crosby presented what's new and what's coming in Docker.
Tessel emphasized that Docker is very real today and used in production environments at some of the largest organizations on the planet, including the U.S. Government. Docker also is working in small environments too, including the Raspberry Pi small form factor ARM computer, which now can support up to 2,300 containers on a single device.
"We're getting more powerful and at the same time Docker will also get simpler to use," Tessel said.
As a metaphor, Tessel said that the whole Docker experience is much like a cruise ship, where there is powerful and complex machinery that powers the ship, yet the experience for passengers is all smooth sailing.
One area that Docker is trying to make easier is security. Tessel said that security is mind-numbingly complex for most people as organizations constantly try to avoid network breaches.
That's where Docker Content Trust comes into play, which is a configurable feature in the recent Docker 1.8 release. Diogo Mónica, security lead for Docker joined Tessel on stage and said that security is a hard topic, which is why Docker content trust is being developed.
With Docker Content Trust there is a verifiable way to make sure that a given Docker application image is authentic. There also are controls to limit fraud and potential malicious code injection by verifying application freshness.
To prove his point, Monica did a live demonstration of what could happen if Content Trust is not enabled. In one instance, a Website update is manipulated to allow the demo Web app to be defaced. When Content Trust is enabled, the hack didn't work and was blocked.
"Don't let the simple demo fool you," Tessel said. "You have seen the best security possible."
One area where containers haven't been put to use before is for live migration, which on VMware virtual machines is a technology called vMotion. It's an area that Docker is currently working on.
Docker chief maintainer Michael Crosby did an onstage demonstration of a live migration of Docker containers. Crosby referred to the approach as checkpoint and restore, where a running container gets a checkpoint snapshot and is then restored to another location.
A container also can be cloned and then run in another location. Crosby humorously referred to his cloned container as "Dolly," a reference to the world's first cloned animal, Dolly the sheep.
Tessel also took time to talk about the RunC component of containers, which is now a technology component that is being developed by the Open Containers Initiative as a multi-stakeholder process. With RunC, containers expand beyond Linux to multiple operating systems including Windows and Solaris.
Overall, Tessel said that she can't predict the future of Docker, though she is very optimistic.
"I'm not sure what the future is, but I'm sure it'll be out of this world," Tessel said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
--------------------------------------------------------------------------------
via: http://www.eweek.com/virtualization/docker-working-on-security-components-live-container-migration.html
作者:[Sean Michael Kerner][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.eweek.com/cp/bio/Sean-Michael-Kerner/

53
translated/talk/20150818 Docker Working on Security Components Live Container Migration.md Normal file
View File

@ -0,0 +1,53 @@
Docker Working on Security Components, Live Container Migration
================================================================================
![Docker Container Talk](http://www.eweek.com/imagesvr_ce/1905/290x195DockerMarianna.jpg)
**Docker 开发者在 Containercon 上的演讲,谈论将来的容器在安全和实时迁移方面的创新**
来自西雅图的消息。当前 IT 界最热的词汇是“容器”美国有两大研讨会Linuxcon USA 和 Containercon后者就是为容器而生的。
Docker 公司是开源 Docker 项目的商业赞助商,本次研讨会这家公司有 3 位高管带来主题演讲,但公司创始人 Solomon Hykes 没上场演讲。
Hykes 曾在 2014 年的 Linuxcon 上进行过一次主题演讲,但今年的 Containeron 他只坐在观众席上。而工程部高级副总裁 Marianna Tessel、Docker 首席安全员 Diogo Monica 和核心维护员 Michael Crosby 为我们演讲 Docker 新增的功能和将来会有的功能。
Tessel 强调 Docker 现在已经被很多世界上最大的组织用在生产环境中包括美国政府。Docker 也被用在小环境中,比如树莓派,一块树莓派上可以跑 2300 个容器。
“Docker 的功能正在变得越来越强大而部署方法变得越来越简单。”Tessel 在会上说道。
Tessel 把 Docker 形容成一艘游轮,内部由强大而复杂的机器驱动,外部为乘客提供平稳航行的体验。
Docker 试图解决的领域是简化安全配置。Tessel 认为对于大多数用户和组织来说,避免网络漏洞所涉及的安全问题是一个乏味而且复杂的过程。
于是 Docker Content Trust 就出现在 Docker 1.8 release 版本中了。安全项目领导 Diogo Mónica 中加入 Tessel 上台讨论,说安全是一个难题,而 Docker Content Trust 就是为解决这个难道而存在的。
Docker Content Trusst 提供一种方法来验证一个 Docker 应用是否可信,以及多种方法来限制欺骗和病毒注入。
为了证明他的观点Monica 做了个现场示范,演示 Content Trust 的效果。在一个实验中,一个网站在更新过程中其 Web App 被人为攻破,而当 Content Trust 启动后,这个黑客行为再也无法得逞。
“不要被这个表面上简单的演示欺骗了”Tessel 说道,“你们看的是最安全的可行方案。”
Docker 以前没有实现的领域是实时迁移,这个技术在 VMware 虚拟机中叫做 vMotion而现在Docker 也实现了这个功能。
Docker 首席维护员 Micheal Crosby 在台上做了个实时迁移的演示Crosby 把这个过程称为快照和恢复:首先从运行中的容器拿到一个快照,之后将这个快照移到另一个地方恢复。
一个容器也可以克隆到另一个地方Crosby 将他的克隆容器称为“多利”,就是世界上第一只被克隆出来的羊的名字。
Tessel 也花了点时间聊了下 RunC 组件,这是个正在被 Open Container Initiative 作为多方开发的项目,目的是让窗口兼容 Linux、Windows 和 Solaris。
Tessel 总结说她不知道 Docker 的未来是什么样,但对此抱非常乐观的态度。
“我不确定未来是什么样的,但我很确定 Docker 会在这个世界中脱颖而出”Tessel 说的。
Sean Michael Kerner 是 eWEEK 和 InternetNews.com 网站的高级编辑,可通过推特 @TechJournalist 关注他。
--------------------------------------------------------------------------------
via: http://www.eweek.com/virtualization/docker-working-on-security-components-live-container-migration.html
作者:[Sean Michael Kerner][a]
译者:[bazz2](https://github.com/bazz2)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.eweek.com/cp/bio/Sean-Michael-Kerner/