By Sajai Krishnan, vice president of product marketing, Cloud Management Business Unit
Lately, I’ve been asked by customers how we can help them to manage and secure container environments. We have spent years working closely with our customers to develop best practices around securing virtual machines even for the most stringent production workloads. However, given that containers are relatively new in the enterprise, the industry is just beginning to develop best practices for securing containers. Today, I am happy to announce VMware’s role in developing a security configuration benchmark for Docker containers (read Docker’s blog post).
In collaboration with the Center for Internet Security (CIS), Docker and individuals from Cognitive Scale, International Securities Exchange and Rakuten, we developed this first of its kind benchmark for Docker Engine 1.6. The resulting benchmark offers 84 vetted best practices and recommendations to help customers securely set up their Docker Engine and Linux hosts. Download the CIS Docker 1.6 Benchmark v1.0.0 here.
Beyond investing significantly in authoring the configuration benchmark, we have put these recommendations into practice through a tool that customers can download as a free 60 day trial and begin using today. VMware vRealize Configuration Manager provides compliance health status for each Docker container, image, container host, Docker daemon, etc., against each automatable recommendation from CIS benchmark.
In the rapidly evolving container landscape, the security configuration benchmark and vRealize Configuration Manager combine to provide customers with a helpful resource and tool to facilitate the use of Docker Engine and Linux hosts in production today. For additional details on the CIS benchmark and vRealize Configuration Manager, read more here.