In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

Should I Use Docker in Production Environment? Is It Safe? 
Tips

Should I Use Docker in Production Environment? Is It Safe? 

by RADU SIMILEANU on Aug 31 2018

“Should I use Docker in production?” 

Are you "torn” between:

Docker's superpower as a container platform and all the security concerns related to the Docker model?

“Seduced” by the names of all those giant companies — Twitter, Google, Amazon, eBay, Netflix —  who're already using Docker containers in production? Yet, still skeptical and hesitant to run them in production environment considering all the signaled data management issues?                    

Now, instead of letting this question turn into a “haunting” dilemma, you'd better dug for some answers. Find out:

 

  • whether Docker is right for your own unique project, as well
  • how a container infrastructure works (compared to a traditional environment) 
  • what it takes to use Docker in production
  • which are the common misconceptions and issues with Docker in production

     

And, most of all: based on your own use case, should you be running Docker in production environment or not?

 

1. The One Question to Ask Yourself: “What Will I Do with Docker in Production?”

Before asking yourself:

 “Should I be using Docker in production? How safe is it?”

… you'd better answer one critical question:

“What will I do with Docker in production?”

And toying with the thought of using Docker containers does require a reevaluation of your system's whole infrastructure. From the ground up:

 

  • How will you monitor Docker containers in production?
  • How will things be deployed?
  • How will backups be performed?
  • What about updates? How will they be handled?

     

Also, while giving yourself some realistic and straightforward answers to all these questions, try to consider different attack vectors, as well:

 

  • What services will your Docker containers get access to?
  • Are you able to restrict their access to the host system?
  • And what kind of “privileges” will they get?

     

  

So many things to clarify before you can ask yourself:

“Should I use Docker in production?” 

 

2. Container Infrastructure vs Traditional Environments

How does a Docker container infrastructure work?

It's critical that you fully understand what sets it apart from a traditional environment before you can assess whether it's safe for production usage in your project or not.

Unlike traditional environments, where a sysadmin would normally run upgrades and restart services, in container infrastructures, containers are read-only, immutable... elements.

In other words: security upgrades won't happen inside your Docker containers; for these upgrades to run, you'll need to redeploy newly upgraded versions of your containers.

Note: since developers can push containers to your platform, you should define and enforce custom policies to limit the no. of privileges assigned to each one of the containers in your infrastructure.

 

3. 2 Most Common Misconceptions about Using Docker in Production

Since it hit the systems scene (2002) and quickly “stole the show”, Docker's generated a lot of misconceptions. And probably the most common one (that all the other ones stem from) is that:

"Docker's ridiculously easy to use; it's a “one size fits all projects/use cases/infrastructures...” type of technology."

Well, not quite...

Now, let's “bust some Docker-related myths” once and for all:

 

3.1. Running Docker in Multi-Host Production Environments Is (So) Simple

It's almost grown into a universal truth that:

Using Docker even in a multi-host production environment is... nothing but a child's play.

It is technically possible, indeed, yet, it's far from simple!

Before running Docker in a multi-host network —  in a robust and safe way, I mean —  you need to consider and to put in place the proper management of a whole lot of variables:

 

  • orchestrating container deploys with no downtime at all
  • managing container logs
  • ensuring that the private image repository's 100% secure
  • managing container logs
  • properly handling all container deploy roll-backs

     

And the list is almost a never-ending one...

See? Sure, big companies manage to use Docker in multi-host production environments and to successfully handle all the above variables, yet the process's anything but trivial.

 

3.2. It's OK to Blindly Jump into Docker, No Matter The Infrastructure

Tempted to go from “Should I use Docker in production?” to “I should/can definitely use it straight away!”?

And this is yet another misconception that has grown out of the general idea that using Docker requires zero preparations; zero planning and evaluation of your current infrastructure.

That it's conveniently easy to use and it fits all use cases.

Wrong! 

You need to take a whole lot of aspects into account before using Docker in production:

It requires a robust, stable foundation/infrastructure!

In other words, if your current system does not have:

 

  • an automated system setup 
  • a fully secured least-privilege type of access
  • automated deploys
  • easy-to-be-restored and 100% secure database backups
  • and more

     

... you should reconsider using Docker in production ASAP. Or at least postpone your plan till you've filled in all those cracks in your systems' infrastructure...

 

4. Choosing the Right Path From Test Environment to Production Environment

The very first step to take for “leveling up” from running Docker in your test environment to using it in production is: choosing the right path.

This can be either:

 

  • predetermined by your own project's particularities (project-specific constraints such as a specific cloud service or datacenter) 
  • DIY
  • a rented cloud service
  • a pre-made platform

     

Choose your path wisely!

 

5. 3 Key Aspects to Take into Account For a Smooth Production Usage of Docker

 

5.1. The Docker Engine: Tweaking Its Default Settings Is a Must

As I've been trying to stress out here:

Running Docker in production does require certain preparations and considerations.

For instance, once you install the Docker engine to your distribution of choice (Ubuntu or Red Hat or... another one), you shouldn't stick to its default settings.

They're not suitable for production usage!

Therefore, it will require some tweaking so that your Docker engine can handle the load once in production environment.

Moreover, your engine will be in charge of running the containers and nothing more. When it comes to:

 

  • cleaning up containers
  • … volumes
  • … logs

     

these are all your configuration's responsibility.

And 2 more words of caution/pieces of advice:

 

  • keep in mind to check the graph driver (go for Overlay2 if it's the latest version of kernel that you're using)
  • keep both your Docker engine and the kernel safely up-to-date 

     

5.2. A Well-Built CI/CD Pipeline Can Save Your Life

And it's just partly an exaggeration...

For once you run your Docker containers in production and you need to handle a complex infrastructure of services, having a reliable pipeline in place can do wonders.

In short: if you don't automate the process of moving your containers across all the 3 stages of production — build phase, test phase, deployment phase — you'll go nuts...

Tip: remember to script everything; also, to version control each and every script and configuration.

 

5.3. Security: Handle It Properly, Right from the Testing Environment

In other words: no matter how tempted you might be to overlook this aspect once you finally have Docker running properly in production, don't underrate the security issue.

Moreover, you should give it due consideration right from the testing environment...

Once you deploy your Docker containers in production environment, be 101% cautious and vigilant to detect any network vulnerabilities threatening your data.

 

6. “Should I Use Docker in Production?” Is It Safe? Is It Efficient?

Back to our initial question:

“Is it safe to run Docker in production environment?”

My answer to you is:

It is, as long as you take into account all the above-mentioned technical aspects and variables and as long as you adopt the best practices for using Docker in production.

Meaning:

 

  • applying updates
  • running your CI tests
  • automating... everything
  • closely monitoring your Docker containers once in production
  • using the available tools
  • running only current versions
  • running only one process per container 
  • “supercharging” your orchestration tool with all the appropriate security measures (Kubernetes, Swarm, Titus, DCOS etc.) 
  • etc.

     

In short: Docker is only as safe as its users' implemented safety measures.

Technically, it can be used in production. 

When it comes to safety, Docker's come a (really) long way since its early days. 

With:

 

... Docker's once glaring security flaws (e.g. less isolation of containers as compared to virtual machines) now seem like a bad memory from its old “experimenty” stage.

Yet, to your “Should I use Docker in production?” type of question I can only answer:

“You should, if you don't do it blindly and you commit yourself to following the best practices”

 

7. In Conclusion...

If I was to sum up, into a “shortlist of commandments”, all the recommendations, words of caution, clarifications, and explanations here-above, it would go something like this:

 

  1. don't jump blindly into Docker; take your time to think through all the involved aspects
  2. keep in mind that it's far more unlikely for an attacker to exploit an insecure Docker container in your system than to... tap into social engineering for getting his hands on the password
  3. Docker's an extremely powerful tool, so running it on top of an unstable infrastructure is pretty much like driving a sports car on a pothole-riddled road
Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

TipsWeb Design
How to Master the Art of User Experience Design

How to Master the Art of User Experience Design

  Websites and web applications are becoming increasingly complex, providing rich and interactive experiences. However, despite these emerging changes, the success of a website still relies on how the visitors perceive it. Is the website accessible and easy to use? Does it provide any value for me? Is it fun to navigate? Your users' interaction with your website comes with these questions in mind, which build the foundation of their long-term decision to become regular customers.    What Does User Experience (UX) Mean?   UX is how a digital user feels when interacting with a website, web app, or software. Today, human-computer interaction should be accessible, efficient, provide value and utility for the user. User experience design is a discipline that aims at meeting all these needs of the modern digital consumer by offering seamless web experiences.    Why Is UX Important?   User-centric business models are increasingly popular nowadays compared to how digital design was approached prior to the codification of user-centered design. Websites were built, and design decisions were made based on the preferences of the client and the designers' creative ideas.  The focus was on the brand and how the website looked, without considering what the users might feel when they would interact with the site.  However, as the Web is transforming at a fast pace—59.5 of the global population uses the internet today—and websites are becoming increasingly feature-rich, user experience designs are a must. The design industry understands the need for optimization as users are interacting with web applications through multiple devices (mobile phones, tablets). Also, businesses also recognize accessibility as an essential requirement for modern digital users.    Key Steps for Creating Top-Notch User Experience Designs   1. Evaluate your current system to learn about your website's current state, existing issues, and possible improvements.  2. Use A/B testing to compare and decide upon the effectiveness and reliability of different user interfaces.  3. Hold user surveys to find out what existing, and potential users of the system think about its design. Remember, the user experience is a subjective one, so what better way to collect insights about it than by interviewing the users? 4. Build user flows to outline how visitors move through your website. This enhances the ease of movement through your platform by ensuring that your users don't waste time looking at what to do next.  5. Develop wireframes and high-fidelity prototypes to convey the overall direction of the user interface.  6. Create design patterns to provide consistency and find the right user interface elements, like module tabs or slideshows, for specific tasks. By doing so, you'll be able to build improved, more familiar user experiences. 7. Do a content inventory so that you can enhance the user experience by changing your information architecture.  8. Get to know your audience, as this is an essential step for creating user-friendly website designs. Create user profiles and personas that support you in delivering experiences that reflect the needs and voice of your audience.  9. Create content style guides that provide UX designers and writers with the correct input for building consistent brand and design elements.    How do you know your project needs UX design?   Identifying the areas where UX design would be of most benefit is important. While all Web systems could benefit from a design of the user experience, resources are not unlimited, and things need to be prioritized in the complex world of web development.  Complex systems with complicated architectures like multi-faceted websites, interaction-rich apps, or e-commerce sites can benefit a lot from UX design. The same goes for start-ups and small companies, which can opt for training existing employees in the art of UX design to save some extra costs. However, creating solid user experiences in the first version of a product can generate more organic traffic and attract more visitors. But start-ups might not have enough resources for recruiting a highly-skilled UX designer.   UX design is also a good choice for projects with longer timeframes. Although UX design is not one size fits all, the concept can benefit long-term website projects by potentially saving time and costs.    Are you in doubt whether or not you need UX design or not? Don't worry, Optasy has your back. Contact us, and we'll do the hard work for you—analyze your website and offer advice and support on your UX design capabilities and opportunities. So let’s have a chat! Photo credit: UX Indonesia on Unsplash.   ... Read more
Raluca Olariu / May 12'2021
DrupalDrupal 8Tips
Everything You Should Know About Headless Drupal

Everything You Should Know About Headless Drupal

  Traditional Drupal websites use Drupal as the end-to-end solution for creating, storing, and displaying content to the end-user. Modern approaches leverage headless Drupal, where building and storing happen on Drupal, but displaying is not.  Headless Drupal approaches make Drupal the backend content repository and build the frontend in different technologies that communicate with Drupal through an API.    Why is the headless approach an effective one? Today, many companies opt for using headless Drupal solutions, and the reasons are not few. If you don't want to sacrifice the user experience but still enjoy the powerful tools provided by Drupal, a headless approach might be the best fit.   Decoupled Drupal is known for its several benefits such as:   More channels to display content on In the hectic digital landscape, your marketing team knows that communicating with your customers on multiple channels is critical. The way companies use content management systems today has to do with their need to push content on various channels, thus increasing their digital presence.  If used properly, headless Drupal can be a source of content for various consumers. It provides content on the frontend site and serves content via API to be consumed on mobile devices, applications, or IoT. This gives great flexibility for headless Drupal users.    Meets the need for intuitive user experiences Bringing together Drupal with a frontend Javascript framework is a smart strategy for making the most out of Drupal's capabilities for content creation and data storage while at the same time create easy to use, fast frontend applications.  If you're thinking of choosing a headless Drupal approach for your next web development project, combining these two solutions will offer greater functionality—why not enjoy the power of Drupal's modules and the intuitiveness of a Javascript frontend application at the same time? You can really have the best of both worlds!   Technological reliance is widely spread This means you get to be more dynamic in managing frontend technologies without the need to re-architect large Drupal backends. From a developer's point of view, this is a real blessing.  Many businesses redesign their websites every few years, and separating the frontend from the backend makes it much easier to rebuild. This saves a lot of resources and reduces the expenses associated with rebuilding Drupal websites.    Drupal works best with a headless approach One of the reasons Drupal is often chosen for a headless project is because this CMS has most of the required functionality and API modules. As the Drupal community is committed to continuously make Drupal a reliable API-driven CMS, Drupal is known for efficiently serving and receiving content via APIs.    Microsite manager If you need to create multiple separate websites, a headless approach is the right way to do it. It's a lot easier to build one content engine such as Drupal and use it to deliver content to all microsites. As a result, you'll have all your content in one content hub, and you'll be able to create and close microsites when needed quickly.    What are the challenges associated with a headless approach? Before deciding to opt for headless Drupal development, you might want to consider these aspects:   A headless infrastructure is harder to manage than a traditional Drupal site Keep in mind that headless development can be complicated and complex, and you might need a professional developer or Drupal agency, like Optasy, to help you on the way.    Headless Drupal is more expensive You're likely to spend more resources with a headless approach as you now build two systems. The development process will take longer, and therefore the expenses associated with it will be higher.    You'll have to manage two teams Since headless Drupal requires two separate components, that means that you'll often have to manage two teams (backend and frontend). At this point, you want to ensure that you enable great collaboration and coordination between your teams as data models have to be agreed upon.    Higher maintenance costs As decoupled systems rely only on REST API, maintaining these systems to function properly requires intense testing. Compatibility issues when editing and making changes can arise between the two systems. What is more, security updates are required more often as there will be a need to patch more than one system.    How to decide If you're still torn between traditional Drupal projects and going for a headless approach, seeking advice from Drupal experts might be needed. At Optasy, we offer expert guidance based on your business needs so that you can get the most out of your next web development project.  Photo credit: Nubleson Fernandes on Unsplash.  ... Read more
Raluca Olariu / May 06'2021
Tips
5 SEO Best Practices When Building Your Magento Store

5 SEO Best Practices When Building Your Magento Store

  The eCommerce market is getting more competitive. As the digital world expands at a rapid pace and online stores become the norm, eCommerce retailers must find new ways of differentiating their brands from the competition. A reliable method of building a solid online presence is search engine optimization (SEO).  To generate more organic traffic on your website, you need to improve your search engine rankings. With the right SEO strategies in place, you will not only rank higher on Google but also get more value from your Magento eCommerce store.  Keep reading this article to discover five SEO tips for driving better search engine rankings and organically grow your business.   Tip #1: Optimize Meta Tags.    Title tags and meta descriptions help search engines understand the content on a page. Optimized and well-written meta tags can attract more visitors to your site and increase your organic traffic.  SEO-friendly page titles have between 50-60 characters and include the main keyword from a particular page that you target. When it comes to meta descriptions, their length should be between 50-160 characters and incorporate primary and secondary keywords. Although inserting keywords is essential to improve your SEO, it's also important to pay attention to the way your description sounds. It shouldn't be forced or unnatural.    Tip #2: Realize an SEO-Friendly URL Structure.   When working with Magento, it is advisable to use the following URL structure for your pages:  website.com/category-sub-category/product name/ for product pages website.com/category/ for category pages website.com/category/sub-category/ for sub-category pages   To remove the "index.php" part from your URLs, you need to enable URL rewrites. You can do this by clicking on Stores - Configuration - General - Web, then enter the Search Engine Optimization tab and then click on YES in the Use Web Server Rewrites section.  By doing this, you'll create cleaner, more readable URLs, which will make it easier for you to complete a website migration in the future if that will be the case.    Tip #3: Spend Some Time on Product Descriptions.   As many eCommerce sites sell products manufactured by other companies, the product description they receive from the manufacturer is often the one actually used on the site. Consequently, product pages may end up containing little valuable content that doesn't provide significant insights to visitors. Also, Google doesn't usually rank these websites very high, so you need to start creating your own unique product descriptions.   Tip #4: Accelerate Your Site's Speed.   Today, speed and accessibility are what digital customers are looking for. Around 40% of people abandon a website that doesn't load in less than three seconds. A ranking factor used by Google for mobile is page speed, so it's essential to take all the measures to accelerate your loading speed. Here are some tips for this: Migrate to a new host. Try searching for a Magento hosting package as it will be optimized for Magento's infrastructure and capabilities.  Use browser caching. By doing this, users that visit your website won't need to download the same files each time they enter your site, which improves load speeds.  Don't forget about a content delivery network. There some free options on the market that you can use with confidence.    Tip #5: Leverage Magento SEO Plugins.   Fortunately, Magento has high-quality extensions for boosting your website's SEO, like ReloadSEO or SEO Suite Ultimate. Investing in SEO extensions is a great way of taking your SEO efforts to the next level and improve your SERP rankings and organic traffic.  Or you could let a team of experts like Optasy do the hard work for you. We can help you build your SEO-friendly website and grow your business in the digital world. Don't hesitate to contact us for more details.  Photo credit: Myriam Jessier on Unsplash.     ... Read more
Raluca Olariu / Apr 22'2021

Need a new Project?

Dare us to shape and boost your idea(s)!

Start a Project

(416) 243-2431

Contact

(416) 243-2431

Toronto Downtown

First Canadian Place,
100 King St. W. Suite 5700, Toronto

Toronto West

2275 Upper Middle
Rd. E, Suite 101
Toronto

New York

1177 Avenue of the
Americas, 5th Floor,
New York