In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

Should I Use Docker in Production Environment? Is It Safe? 
Tips

Should I Use Docker in Production Environment? Is It Safe? 

by RADU SIMILEANU on Aug 31 2018

“Should I use Docker in production?” 

Are you "torn” between:

Docker's superpower as a container platform and all the security concerns related to the Docker model?

“Seduced” by the names of all those giant companies — Twitter, Google, Amazon, eBay, Netflix —  who're already using Docker containers in production? Yet, still skeptical and hesitant to run them in production environment considering all the signaled data management issues?                    

Now, instead of letting this question turn into a “haunting” dilemma, you'd better dug for some answers. Find out:

 

  • whether Docker is right for your own unique project, as well
  • how a container infrastructure works (compared to a traditional environment) 
  • what it takes to use Docker in production
  • which are the common misconceptions and issues with Docker in production

     

And, most of all: based on your own use case, should you be running Docker in production environment or not?

 

1. The One Question to Ask Yourself: “What Will I Do with Docker in Production?”

Before asking yourself:

 “Should I be using Docker in production? How safe is it?”

… you'd better answer one critical question:

“What will I do with Docker in production?”

And toying with the thought of using Docker containers does require a reevaluation of your system's whole infrastructure. From the ground up:

 

  • How will you monitor Docker containers in production?
  • How will things be deployed?
  • How will backups be performed?
  • What about updates? How will they be handled?

     

Also, while giving yourself some realistic and straightforward answers to all these questions, try to consider different attack vectors, as well:

 

  • What services will your Docker containers get access to?
  • Are you able to restrict their access to the host system?
  • And what kind of “privileges” will they get?

     

  

So many things to clarify before you can ask yourself:

“Should I use Docker in production?” 

 

2. Container Infrastructure vs Traditional Environments

How does a Docker container infrastructure work?

It's critical that you fully understand what sets it apart from a traditional environment before you can assess whether it's safe for production usage in your project or not.

Unlike traditional environments, where a sysadmin would normally run upgrades and restart services, in container infrastructures, containers are read-only, immutable... elements.

In other words: security upgrades won't happen inside your Docker containers; for these upgrades to run, you'll need to redeploy newly upgraded versions of your containers.

Note: since developers can push containers to your platform, you should define and enforce custom policies to limit the no. of privileges assigned to each one of the containers in your infrastructure.

 

3. 2 Most Common Misconceptions about Using Docker in Production

Since it hit the systems scene (2002) and quickly “stole the show”, Docker's generated a lot of misconceptions. And probably the most common one (that all the other ones stem from) is that:

"Docker's ridiculously easy to use; it's a “one size fits all projects/use cases/infrastructures...” type of technology."

Well, not quite...

Now, let's “bust some Docker-related myths” once and for all:

 

3.1. Running Docker in Multi-Host Production Environments Is (So) Simple

It's almost grown into a universal truth that:

Using Docker even in a multi-host production environment is... nothing but a child's play.

It is technically possible, indeed, yet, it's far from simple!

Before running Docker in a multi-host network —  in a robust and safe way, I mean —  you need to consider and to put in place the proper management of a whole lot of variables:

 

  • orchestrating container deploys with no downtime at all
  • managing container logs
  • ensuring that the private image repository's 100% secure
  • managing container logs
  • properly handling all container deploy roll-backs

     

And the list is almost a never-ending one...

See? Sure, big companies manage to use Docker in multi-host production environments and to successfully handle all the above variables, yet the process's anything but trivial.

 

3.2. It's OK to Blindly Jump into Docker, No Matter The Infrastructure

Tempted to go from “Should I use Docker in production?” to “I should/can definitely use it straight away!”?

And this is yet another misconception that has grown out of the general idea that using Docker requires zero preparations; zero planning and evaluation of your current infrastructure.

That it's conveniently easy to use and it fits all use cases.

Wrong! 

You need to take a whole lot of aspects into account before using Docker in production:

It requires a robust, stable foundation/infrastructure!

In other words, if your current system does not have:

 

  • an automated system setup 
  • a fully secured least-privilege type of access
  • automated deploys
  • easy-to-be-restored and 100% secure database backups
  • and more

     

... you should reconsider using Docker in production ASAP. Or at least postpone your plan till you've filled in all those cracks in your systems' infrastructure...

 

4. Choosing the Right Path From Test Environment to Production Environment

The very first step to take for “leveling up” from running Docker in your test environment to using it in production is: choosing the right path.

This can be either:

 

  • predetermined by your own project's particularities (project-specific constraints such as a specific cloud service or datacenter) 
  • DIY
  • a rented cloud service
  • a pre-made platform

     

Choose your path wisely!

 

5. 3 Key Aspects to Take into Account For a Smooth Production Usage of Docker

 

5.1. The Docker Engine: Tweaking Its Default Settings Is a Must

As I've been trying to stress out here:

Running Docker in production does require certain preparations and considerations.

For instance, once you install the Docker engine to your distribution of choice (Ubuntu or Red Hat or... another one), you shouldn't stick to its default settings.

They're not suitable for production usage!

Therefore, it will require some tweaking so that your Docker engine can handle the load once in production environment.

Moreover, your engine will be in charge of running the containers and nothing more. When it comes to:

 

  • cleaning up containers
  • … volumes
  • … logs

     

these are all your configuration's responsibility.

And 2 more words of caution/pieces of advice:

 

  • keep in mind to check the graph driver (go for Overlay2 if it's the latest version of kernel that you're using)
  • keep both your Docker engine and the kernel safely up-to-date 

     

5.2. A Well-Built CI/CD Pipeline Can Save Your Life

And it's just partly an exaggeration...

For once you run your Docker containers in production and you need to handle a complex infrastructure of services, having a reliable pipeline in place can do wonders.

In short: if you don't automate the process of moving your containers across all the 3 stages of production — build phase, test phase, deployment phase — you'll go nuts...

Tip: remember to script everything; also, to version control each and every script and configuration.

 

5.3. Security: Handle It Properly, Right from the Testing Environment

In other words: no matter how tempted you might be to overlook this aspect once you finally have Docker running properly in production, don't underrate the security issue.

Moreover, you should give it due consideration right from the testing environment...

Once you deploy your Docker containers in production environment, be 101% cautious and vigilant to detect any network vulnerabilities threatening your data.

 

6. “Should I Use Docker in Production?” Is It Safe? Is It Efficient?

Back to our initial question:

“Is it safe to run Docker in production environment?”

My answer to you is:

It is, as long as you take into account all the above-mentioned technical aspects and variables and as long as you adopt the best practices for using Docker in production.

Meaning:

 

  • applying updates
  • running your CI tests
  • automating... everything
  • closely monitoring your Docker containers once in production
  • using the available tools
  • running only current versions
  • running only one process per container 
  • “supercharging” your orchestration tool with all the appropriate security measures (Kubernetes, Swarm, Titus, DCOS etc.) 
  • etc.

     

In short: Docker is only as safe as its users' implemented safety measures.

Technically, it can be used in production. 

When it comes to safety, Docker's come a (really) long way since its early days. 

With:

 

... Docker's once glaring security flaws (e.g. less isolation of containers as compared to virtual machines) now seem like a bad memory from its old “experimenty” stage.

Yet, to your “Should I use Docker in production?” type of question I can only answer:

“You should, if you don't do it blindly and you commit yourself to following the best practices”

 

7. In Conclusion...

If I was to sum up, into a “shortlist of commandments”, all the recommendations, words of caution, clarifications, and explanations here-above, it would go something like this:

 

  1. don't jump blindly into Docker; take your time to think through all the involved aspects
  2. keep in mind that it's far more unlikely for an attacker to exploit an insecure Docker container in your system than to... tap into social engineering for getting his hands on the password
  3. Docker's an extremely powerful tool, so running it on top of an unstable infrastructure is pretty much like driving a sports car on a pothole-riddled road
Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

Tips
How to Create Accessible Content More Easily

How to Create Accessible Content More Easily

  Web accessibility heavily relies on developers and designers. They are responsible for building code and specific design patterns to make a website accessible to people with disabilities.  Another way to enhance a site's accessibility is through content. Creating accessible content is paramount when it comes to making a website accessible to screen reader users or visitors that use assistive technologies.  Content editors can give a piece of writing accessibility by: writing relevant, concise, descriptive text links creating easily scannable headings adding alternative texts to every non-text element of the content writing meaningful copy   Regardless of the scope of your website, as a content editor, your mission is to create and optimize every piece of writing on your site with accessibility in mind. This also means putting yourself into the shoes of your audience and thinking from their perspective. You should ask yourself: What do I need in order to have full access to this website? Which features and website tools can help visitors interact with this website more conveniently?  If you use empathy to answer these questions, you'll get closer to understanding your audience. Only then will you be on the right path to building accessible content on your website.    What Is Accessible Content? Web content accessibility doesn't just include people with disabilities. It also refers to content that can be easily understood and interacted with by smartphone users, older people, persons with low literacy, or those who have low English skills.  According to the WCAG 2.0 standards, web content is considered accessible if it's: Perceivable. Website users should easily perceive any piece of content that is presented on the site.  Operable. When structured, a site's content should focus on operability. Understandable. Accessible content is comprehensive, concise, and includes meaningful structural elements. Robust. A piece of content is considered robust when it can be easily scanned and interpreted by assistive technologies.    How to Create Accessible Content 1. Use specific link texts. And try to avoid link text like "Click here" as they're not suitable in terms of accessibility. Meaningful link texts convey and clearly describe what the URL is about, making it easier for people who use screen readers to interact with the content.  When using link texts, try to: Avoid raw URLs  Include specific keywords Be short and concise Make sure the link text fits naturally into the content Mention the type and size of files  in case of downloadable links   2. Write clear and simple content.  Using concise language for your website's content benefits multiple groups of visitors, such as: Users with cognitive disabilities Non-native English speakers Screen reader users Busy people who want to quickly go through your copy Depending on the professional level of your content's target audience, you should either avoid or explain technical terms and acronyms. Also, focus on using an active voice that clearly states your ideas and avoid long sentences and idioms.    3. Provide transcripts and captions.  While captions appear on the screen as written text, transcripts are the textual version of the video or audio content provided in a separate document.  Transcripts and captions make websites more accessible for users who: Have hearing issues Have low English skills Can't listen to the content due to environmental reasons Transcripts and captions can be provided for all video and audio content, or they can be done by request. Either way, they are great ways to improve a website's accessibility.    4. Add relevant, appropriately formatted headlines.  People with disabilities that use assistive software need scannable content that allows them to quickly find relevant information instead of wasting time going through the entire chunk of text. Structuring and styling your content in a scannable manner can also enhance your SEO efforts and improves your SERP visibility.   Design your headings with accessibility in mind, and ensure that you use them as structural elements of the content and define its hierarchy. The accessible text needs to provide readers the ability to quickly navigate between the most important sections, and headings are the tool for allowing this.    5. Use ALT text for images.  Whether you have complex images or just decorative images on your site, make them accessible by providing precise and concise ALT descriptions. Screen readers can't interpret non-text content elements, so images without ALT text are useless for screen reader users.  Like headlines, alternate descriptions highly improve your SEO rankings and visibility.  Make sure you use ALT text wisely by: Keeping your description short (under 125 characters) Avoiding images with text like graphs or diagrams    6. Write clear, to-the-point website instructions. Web accessibility is all about easier interactions with digital platforms. People want web experiences that require as few resources as possible on their part. And for online visitors with disabilities, this is more than a demand; it is a necessity.  Therefore, web instructions, error messages, or data formats must be easy to understand, so they can be considered accessible.  Part of creating accessible web content includes paying attention to how you write basic text like website instructions.   Web Accessibility Is Here to Stay Implementing web accessibility into the core of your digital platform is a must. As web accessibility laws are getting more restrictive, brands start to think of making their websites accessible to support the future of their businesses. In an increasingly populated digital landscape, the mindset has to evolve in order to meet the complex needs of a variety of internet users. Companies that don't keep up with these trends will fall behind, and those who take web accessibility seriously will be on the winning side.  As we've seen, accessible content creation is not rocket science and will improve your website in multiple ways. Making your content accessible should be a priority and an essential part of your editorial workflow.  A few practices to remember for optimizing your content are: Always use ALT text for images Provide captions and transcripts for audio and video content Properly structure and format headings   If you need help making your website more accessible, check out Optasy's Drupal Website Accessibility services. We'll offer our best support for helping you adopt an accessibility-first mindset to your website.    Photo credit: Nick Morrison on Unsplash.   ... Read more
Raluca Olariu / Jun 09'2023
DrupalTips
Why You Need Drupal Maintenance Services in 2023

Why You Need Drupal Maintenance Services in 2023

  Entering the world of Drupal web development can feel like diving into the unknown for many business owners. Once they've figured it out with the help of a developer or a Drupal development agency, the business runs smoothly for a little while.  However, building and optimizing a website is like buying a new house—it's functional at first, but things break down and need repairing and regular care in time.  Since spring is just over the corner, what better moment to start cleaning, improving, optimizing, and refreshing your website? Whether you do it in-house or hire an agency that offers Drupal maintenance services, it will work wonders and could actually double your potential market value. But first, it's essential to understand why a regular maintenance plan is critical, how to tell when you need Drupal Maintenance, and what does Drupal maintenance include. This article will answer these questions.   Why you should stick to a regular Drupal maintenance plan  If you've already entered the world of digital marketing, you know that the journey towards attracting and retaining customers doesn't end with web development and deployment. Change is a permanent constant in life, and businesses have to adapt to this ever-changing dynamic.  Security  A few years ago, website maintenance was optional. Building a static website that you could leave unattended for the entire year was perfectly normal.  Today, as the digital landscape has expanded and become more prone to security vulnerabilities, Drupal support is imperative for maintaining a healthy security posture.  Although Drupal is known for being the most secure CMS, this only applies if your Drupal website is regularly optimized with security updates and patches. The Drupal community and Drupal security team continuously build security patches, fixes, and upgrades, and Drupal users need to be in the loop about these updates. In other words, keeping up with the news and module updates in Drupal security is vital in order to avoid breaches.  Constant Drupal core module updates can boost website protection and secure it against cyberattacks and threats.  Fixing errors To ensure that your website performs well and meets the needs for speed and agility that the modern digital user demands, fixing bugs and errors is a top priority. These malfunctions may happen for multiple reasons—rushed coding and deployment, inadequate testing, or miscommunication. They may affect your site's performance and loading speed or even alter your Drupal website’s functionality.  And since users don't want to spend more than four seconds waiting for websites to load, not paying attention to repairing bugs could cost you customers.  This price is too big to pay, and it's worth considering Drupal maintenance services as part of your website strategies.  Keep your content fresh with new features Another reason why Drupal maintenance matters is related to scalability. Drupal websites can grow together with your business goals. Constant feature and module updates allow Drupal users a high level of customizing capabilities that helps businesses keep up with the changing needs of the customer.  With Drupal 8, integration is much more affordable, so if you haven't migrated yet, you might want to contact a Drupal agency to help you decide whether an upgrade is the right choice for your business.  The user behavior has dramatically shifted in the last year, which is why content optimization, new features, and enhancements allow brands to stay fresh and align to this changing environment.  SEO optimization Ranking high on Google and other search engines is crucial for your website to stay relevant. An excellent Drupal maintenance team has SEO experts that provide Drupal SEO audits and optimization.  “Good SEO work only gets better over time. It’s only search engine tricks that need to keep changing when the ranking algorithms change.” – Jill Whalen   How to tell when you need Drupal maintenance If you're not yet convinced that you need Drupal support and maintenance services for your website, here are some indicators that you can't postpone it any longer without hurting your business: Your website is slow, and you have received complaints about its loading speed. Your web traffic has dropped considerably. You experience more security breaches. Your content and design are outdated. Links, buttons, or forms are not working.   These are some of the red flags of poorly maintained websites. If you recognize these warning signs as part of your website, it's definitely time to start planning your maintenance strategy. What do Drupal maintenance services and support include? A useful maintenance model covers: Security and module updates Third-party integration support Regression testing  Bug diagnosing, fixing, and testing Hosting infrastructure maintenance Hack, malware, down recovery   Partner with the right Drupal maintenance and support agency When thinking about hiring a Drupal maintenance team, you need to consider your needs. At Optasy, we cover a wide range of website maintenance requirements and can create a customized maintenance and support plan to support your website's specific needs.  How does this sound to you? Have you made up your mind whether it is worth investing in Drupal maintenance services or not? If yes, then contact a reliable, dedicated support partner like Optasy and see how our Drupal maintenance services and Magento development maintenance support services can keep your website up and running.  Photo credit: geralt on Pixabay.     ... Read more
Raluca Olariu / Jun 07'2023
Tips
Staff Augmentation or Managed Services? How to Choose Wisely

Staff Augmentation or Managed Services? How to Choose Wisely

  As digital transformation has forever changed the world of business, more and more companies are interested in IT outsourcing. In fact, the global staffing industry, one of the primary suppliers of staff augmentation talent, is estimated to support $490 billion in annual spending. While this trend is growing fast, there is still some uncertainty regarding the healthiest and most convenient way for a business to use outside personnel. This article discusses two of the most popular contingent working models—staff augmentation and managed services—and how to choose the best option for your business needs.   What Is Staff Augmentation?   Staff augmentation allows companies to expand their in-house team with additional skilled resources to join a particular project. This type of outsourcing model chases once the project is over, and it's suitable for companies that don't need to hire someone permanently.  Staff augmentation is best used for short-term projects and can also be used as a "trial run" for potential full-time employees.  With this type of outsourcing, organizations can leverage specific skills on a per-project basis without going through costly and time-consuming hiring processes.    What Is Managed Services?   Unlike the staff augmentation model, which enables companies to expand their team with additional skilled professionals, managed services outsourcing practices imply hiring a fully-equipped team of professionals to take care of your specific project.  With the managed services model, you save many resources—time, costs, and effort—as you hire an entire team of skilled professionals who have the right tools and tech to complete your project.  While a service provider will handle your project on its entire length, from beginning to end, your job is to ensure that you select a reliable company that you can trust will deliver positive business outcomes.  The managed services model is the best fit for companies looking for stable and reliable long-term business cooperation.    Staff Augmentation or Managed Services?   To help you figure out which one of these outsourcing models is the one you should choose for your organization, let's have a look at the pros and cons of staff augmentation and managed services.    Pros of staff augmentation Specialized expertise. Staff augmentation allows access to a wide range of professionals with specialized skills and knowledge that may not be available in-house. This can be particularly beneficial for projects that require niche expertise or cutting-edge technologies. Flexibility and scalability. With staff augmentation, businesses can quickly adapt to changing demands and scale their workforce up or down as needed. This flexibility helps optimize resource allocation and reduces costs during slower periods. Cost efficiency. Compared to hiring full-time employees, staff augmentation can be a cost-effective solution as it eliminates recruitment and onboarding expenses. Businesses only pay for the services rendered during the contracted period. Retaining control. By leveraging staff augmentation, organizations retain direct control over project management and decision-making. External professionals work alongside the existing team, ensuring seamless collaboration.   Cons of staff augmentation Not suitable for long-term projects. Staff augmentation is practical only as long as you look for short-term business engagements as projects come and go.  Increased dependence on third-party talent organizations. This can put your sustainability plans more at risk.  Lengthy staff integration. New professionals that join specific, complex projects may require some time to get familiar with your products and expectations.    Pros of managed services Access to expertise. Managed service providers (MSPs) have extensive experience and expertise in their respective domains. By engaging their services, businesses can leverage the knowledge and capabilities of industry experts. Operational efficiency. MSPs follow standardized processes and best practices to deliver efficient and high-quality services. This helps organizations improve operational efficiency, reduce costs, and achieve better outcomes. Scalability and flexibility. Managed services can easily scale up or down to match the evolving needs of the business. The service provider can quickly allocate additional resources or adjust service levels as required. Reduced risk and responsibility. By outsourcing specific functions to a managed service provider, organizations can mitigate risks associated with those tasks. The responsibility for managing and delivering results lies with the service provider.   Cons of managed services Hard to ensure security. When opting for the services of a provider, you provide access to sensitive data and assets. Therefore, companies that require high levels of data and information security might want to think twice before choose a managed services outsourcing model. Higher costs. Although hiring a managed services company might be cost-effective in the long run, it's not always possible to get the complete services package at a low price. The costs of handing over your project to an IT firm might be higher than when opting for staff augmentation since managed IT services cover both IT functions and project management.  Less control and autonomy. If you are looking to internalize your project management process and supervise outsourced staff, a managed services model might not be a suitable option for you.    Wrapping up Although outsourcing is becoming more popular, finding an external reliable development team can be a struggle. There is a plethora of options available on the market, making it challenging to make a choice. A wise choice.  At Optasy, we understand how important it is to have a dedicated team of professionals that can handle a wide range of projects. So have a look at your services and contact us to learn more about how we can collaborate for success.    Image credit: Annie Spratt on Unsplash.    ... Read more
Raluca Olariu / May 31'2023

Need a new Project?

Dare us to shape and boost your idea(s)!

Start a Project

(416) 243-2431

Contact

(416) 243-2431

Toronto Downtown

First Canadian Place,
100 King St. W. Suite 5700, Toronto

Toronto West

2275 Upper Middle
Rd. E, Suite 101
Toronto

New York

1177 Avenue of the
Americas, 5th Floor,
New York