Google OKs Docker Container Registry Service - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Infrastructure as a Service
09:30 AM
Connect Directly

Google OKs Docker Container Registry Service

Google adds Docker container registry and encryption service to keep customers' containerized workloads private and secure.

10 Cloud Analytics & BI Platforms For Business
10 Cloud Analytics & BI Platforms For Business
(Click image for larger view and slideshow.)

Applications and data in cloud-hosted containers often represent a business's core functions and intellectual property. As large, monolithic applications start to be replaced with microservices in the cloud, Google is making its App Engine and Compute Engine a more attractive place to run workloads formatted by Docker.

Google has kicked off a Docker container registry service to expand how customers may use its existing container-launching service. Google Container Registry will store, shield, encrypt, and control access to a customer's Docker containers, offering a higher level of security for containers than has been available in the past. The service is still a beta offering.

Registry services such as this reflect Google's emphasis on making it easier for developers to build applications on its compute infrastructure and update them frequently in the cloud.

Google is also trying to stay a step ahead of Amazon Web Services as it, too, charges into cloud-container operations. Amazon launched Amazon EC2 Container Service in November to enable its customers to set up clusters on which to run Docker containers and gain simple launch and stop procedures. The service allows the resources to scale to meet a container's needs. The customer doesn't need to manage the container cluster.

[Want to learn more about Amazon's containers? See Amazon's Container Strategy Examined.]

Google, long a skilled user of containers, already had Google Container Engine and some management capabilities based on the open source Kubernetes project, which it founded last June. At Google I/O in San Francisco last year, spokesmen boasted that Google launches 2 billion containers a week.

Now it is taking steps to extend the security in storing, handling, and launching containers in either its App Engine or Compute Engine environments. Its container expertise, however, doesn't result in a drastically different runtime environment. Like Amazon and VMware, Google also says the only way to safely run a container in the multi-tenant cloud is inside a virtual machine.

The Google Container Registry stores a containerized application or "image" sent to it in Google Cloud Storage. It links the image with the development project that it's associated with. "This ensures by default that your private images can only be accessed by a member of your project," wrote Pratul Dublish, Google's technical program manager, in a blog posted last week. That also allows developers associated with the project to securely push and pull images by using the Google Cloud SDK's command line. A virtual machine running on App Engine or Compute Engine can also access the secured images, allowing automated updating via "secured images" of existing workloads.

In addition, the service automatically encrypts the Docker images sent to it on the host server, before they are written to disk, Dublish wrote. Such a move eliminates the possibility of the workload's code being accessed by an intruder or through some form of snooping by co-users of a host.

Once in Google Cloud Storage, the Docker images are replicated to alternative data centers and available for deployment by Google Container Engine to App Engine or Compute Engine virtual machines.

The Container Registry is available at no charge during the beta period, although usual charges for Google Cloud Storage and network use will be incurred. Customers must also have Docker installed, along with the Google Cloud SDK.

Dublish cited online retailer Zulily as an early adopter of the service and quoted Steve Reed, principal engineer of core Zulily engineering, as saying: "Docker registry availability, security, performance, and durability become more and more critical as more of our Compute Engine applications are containerized with Docker. Private registries help, but they need valid certificates, authentication, ... firewalls, backups, and monitoring. Google's container registry provides us with a complete Docker registry that we integrate into our development and deployment workflow with little effort."

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
1/27/2015 | 2:58:42 PM
Containers can boot in one/twentieth of a second
Why containers in the cloud? Miles Ward, global head of solutions for Google's Cloud Platform, said in a blog Jan. 9: 'Rapid availability: By abstracting just the OS rather than the whole physical computer, this package can boot in ~1/20th of a second compared to a minute or so for a modern VM." Why is that? Because the container is going to use the kernel of the host's operating system, already running.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll