At ExitCertified, we believe a successful digital transformation starts with training, and we’re here to help. Read about our recent success stories in our case studies.
You are likely familiar with containerization and the benefits it brings to your applications and data center. Docker democratized containers by providing a simple, efficient and cost-effective container implementation and management solution. Over the next few years, most — if not all — new applications will be deployed using some form of containerization.
There are a few important initial decisions you must make as you launch your containerization or application modernization program:
- Should you use the free open-source Docker Community Edition (CE) or pay for Docker’s commercially supported solution, Docker Enterprise Edition (EE)?
- Should you launch and manage your containerized applications manually or use an orchestrator to automate your containerized data center?
- Between Kubernetes and Docker Swarm, which orchestrator is best? And how are they different from one another?
You may have noticed there’s one important question missing above: Which container system should you use? While Docker is the most popular container runtime, there are other solutions you may consider as well, such as rkt (Rocket) from CoreOS. However, because most people are familiar with Docker, we will assume in this blog post that you are using Docker for your containers, and will explore some of the factors you should consider when answering these questions and others.
Should I Use Docker CE for Free or Pay for Docker EE?
To help you answer this question, let’s look at the pros and cons of the free Docker CE solution and Docker’s commercial solution, Docker EE.
CE Pros: The foundational Docker software is open source and available to everyone as part of Docker Community Edition. Most Docker CE components are licensed under the Apache 2.0 license, which means Docker is free to use, so long as you include the license and copyright notices. Docker CE includes the Docker engine (runtime) and the Docker Swarm orchestrator. You can also use the open-source Kubernetes orchestrator with Docker CE if preferred. With desktop versions of Docker CE for macOS and Windows 10, as well as server versions that run on CentOS, Debian, Fedora and Ubuntu, platform support is broad. Additionally, there is a large ecosystem of addons to help you get the most out of Docker CE.
CE Cons: Docker CE is community supported, so you must rely on your own expertise and that of the Docker open-source community when you need assistance or guidance. If you want to use Kubernetes — which we’ll cover later — you have to download, install, configure and manage it yourself. Because Docker CE is not supported on Windows Server, deploying Windows containers is limited to the Docker Windows Desktop.
Docker issues patches for CE releases for only seven months after general availability of a specific release, which means you must keep your systems current to take advantage of bug fixes. Finally, there is no built-in graphical user interface (GUI) to interact with and manage Docker CE. Instead, you must use the command line interface (CLI) or a third-party tool such as Portainer or Kitematic, the latter of which is part of the Docker Toolbox, for all configuration and management functions.
EE Pros: Docker Enterprise Edition is designed for enterprise-class scale, and you can manage hundreds or thousands of containers with its tools, features and infrastructure. It works equally well for smaller sites that have limited IT resources and want to focus on the “dev” part of DevOps rather than managing an open-source solution.
Docker EE consists of two main solutions:
- The Universal Control Plane (UCP) includes a browser-based management GUI, role-based access controls (RBAC) and integrated, seamless support for both Swarm and Kubernetes.
- The Docker Trusted Registry (DTR) is a secured private hub to store and manage your Docker images.
Docker EE is a commercially supported product with defined SLAs and extended maintenance cycles of up to 24 months. Docker Trusted Registry supports image storage, role-based authentication and authorization, vulnerability scanning, image promotion and integration with your CI/CD pipeline tools, such as Jenkins and Git.
Finally, Docker EE has broader platform support than CE, including CentOS, Oracle Linux, RHEL, SLES, Ubuntu and Windows Server. Docker EE is also supported on Docker Certified Infrastructure, which includes VMware, Amazon Web Services (AWS), and Microsoft Azure.
EE Cons: Docker EE requires enterprise licensing, and this cost may initially be steep for smaller companies or for organizations just getting started. As with any platform, Docker EE may limit some of your hybrid cloud deployment choices depending on your architecture and your cloud provider’s options.
Bottom Line: The decision to go it alone (or rather, go with the open-source community) through Docker CE or to pay for the commercial Docker EE often comes up out of necessity. If you don’t have the budget for EE, then either CE or a pay-as-you-go cloud-based container service is likely your best option. Or, you may choose to begin your containerization journey with Docker CE and then later upgrade to EE when you have more experience and are starting to deploy your apps into production.
Docker Swarm or Kubernetes?
An orchestrator is a system for managing — or orchestrating — a collection of container-based apps. Whether you decide to use Docker CE or Docker EE, you will almost certainly want to use an orchestrator to manage your containers at some point because you are likely to have more than you can manage individually.
You can start your containerization journey by playing with individual, “one-off” containers, but eventually you will want to scale up the number of containers you are deploying without also having to scale up the amount of IT staff to manage them. Both the community and enterprise editions of Docker support two orchestrators: Docker Swarm and Kubernetes.
Docker Swarm Pros: Docker Swarm is built into the Docker engine. If you install the Docker engine, you have also installed (but not yet enabled) Swarm. Building a Docker Swarm cluster is easy. Simply run a single command (docker swarm init), and Docker does everything else behind the scenes. It is similarly easy to add nodes to your cluster (docker swarm join). You can have a multi-node cluster up and running in a couple of minutes, allowing you to immediately focus on your apps and their containers. Because everything is self-contained and secure by default, very little initial configuration is required, and your learning curve is short. This simplicity and the tight integration with the Docker runtime engine are huge benefits of using Swarm.
Additionally, Swarm is supported on both Docker CE and EE. With CE, you enable Swarm yourself. With Docker EE, Swarm is enabled as part of the UCP installation, which means you’re all set once you’ve installed your UCP cluster.
Swarm has a robust stack of app (container)- and cluster-management features. You can create self-healing services, perform rolling updates and rollbacks of your services, securely store secrets (such as passwords and private keys) and monitor the health of your applications.
Docker Swarm Cons: There are only a couple relatively minor disadvantages to choosing Swarm as your orchestrator. The tight integration with the Docker engine means you are somewhat locked into the Docker ecosystem with Swarm, at least for the time being. Secondly, the all-in-one nature of Swarm means you have slightly less control over the specifics of the implementation.
Kubernetes Pros: Kubernetes has a more modular architecture than Docker Swarm. For example, Kubernetes does not have a native network implementation. You must bring your own (plugin), which means you can choose whichever network plugin has the features you prefer. Likewise, service discovery with DNS is not included, but you can add a plugin to provide that service. Because of its modular nature, you have more fine-grained control over your site’s Kubernetes implementation.
Kubernetes is more popular than Docker Swarm, which means there are more community resources that provide support if you do not have paid support. Docker EE has full support for Kubernetes, which is tightly integrated into UCP. All Kubernetes services have been containerized and run as self-healing services in Docker EE. Docker even includes the Calico network plugin and the Kube-DNS service discovery plugin, lowering your learning costs.
Kubernetes Cons: Kubernetes’ modular architecture adds complexity and makes for a steeper learning curve. There are more opportunities for misconfiguration, which can lead to broken systems. On Docker CE, you will likely have to devote more IT resources toward managing Kubernetes than you would with Swarm, which works out of the box. Kubernetes itself is open-source software and there is no single vendor standing behind the product. If you want commercial- or enterprise-level support, you must either pay for Docker EE or contract with independent support organizations.
Additional Pro or Con — You Decide: Depending on your requirements and policies, there is one additional security factor that you may consider to be either a pro or a con. Docker designed Swarm to be secure by default, with each container completely isolated from all others, whereas Kubernetes’ architecture prioritizes communication between multiple containers in the same pod at the expense of higher default security.
If you prefer higher security and isolation between your containers by default, then these factors are a Swarm pro and a Kubernetes con. But if you prefer a model in which you have groups of cooperating processes and you want easy communication between them (in a Kubernetes pod), then these are a Kubernetes pro and a Swarm con.
Is That Your Final Answer?
As with most decisions in the IT industry, there is no single correct answer for everyone. Many dependencies impact your choice. But we will leave you with some generalized advice: If you are new to containerization or are constrained by cost, start with Docker CE and use Docker Swarm as your orchestrator.
Then, as you grow, consider upgrading to Docker EE to gain access to enterprise-class support and features such as Role-Based Access Control. Finally, consider whether the Kubernetes model of communication prioritization is worth the tradeoffs involved. If so, look into moving your apps — or developing new apps — in Kubernetes.
You can even run workloads under both orchestrators with Docker EE, and there are tools and experts who can help you migrate your Swarm apps to Kubernetes (or vice versa). In short, whichever route you go, just remember that you are not forever locked in to your first choice, so experiment, learn and have fun.