Presentation by Jon Chu, Product Manager - Enterprise, Docker and Rajat Goel, Director of Engineering - Enterprise, Docker Docker Trusted Registry allows you to easily run and manage a private registry on-premise or in your VPC. In this session, learn more about the new capabilities to improve how to manage your images and your Dockerized apps.

1. What’s New with Docker Trusted Registry
(v1.4.0)?
Jon Chu & Rajat Goel
PM, Enterprise
Director of Engineering, Enterprise

2. Docker Trusted Registry Recap
2
Registry for building, storing and managing images securely, within
your firewall
Maintain control over Docker images to meet your security or
regulatory compliance requirements.

3. Content is King…to Build-Ship-Run
Run
Trusted Registry
Base Image Tested Production
Development Test Staging Production Scale Out
Build Ship

4. DTR Primary Usage Scenarios
CI/CD with
Docker
• Centrally located base images
• Store individual build images
• Pull tested images to production
Containers as
a Service
• Deploy Jenkins executors or Hadoop nodes
• Instant-on developer environment
• Selected curated apps from a catalog
• Dynamic composition of micro-services (“PAAS”)

5. Pre DTR 1.4
General
Features
• Admin & Health UI
• Registry Storage Status
• LDAP/AD Integration
• RBAC API (Admin, R/W, R/O)
• User actions/API audit logs
• Registry v2 API & v2 Image Support
• One click install/upgrade
Platform
Features
• Storage drivers for filesystem, s3, and azure
• Support Tooling
• Support for Ubuntu, RHEL, CentOS
• Tested at 300 concurrent pulls/instance

6. DTR 1.4 Release
General
Features
• Orgs, Teams & Repo permissions UI
• Search index, API & UI
• Interactive API documentation
• Image deletion from index
• Image garbage collection
Experimental • Docker Content Trust: View Docker Notary signatures in DTR

7. Architecture
Datastore
Storage
Drivers
Admin UIAudit and
Event logs
Directory
Services
Load
Balancer
Registry ServersAdmin
Server
Auth
Server
Log Aggregator
Docker Engines
PostgreSQL
LDAPS 636Local Syslog
Docker
Client
> docker
HTTPS 443

8. Demo Time
8

9. 9
Deep Dive: Delete

10. 10
Deep Dive: Delete

11. 11
Deep Dive: Garbage Collection

12. 12
Overview: Docker Content Trust
● Built on TUF
● Designed to make good security easy!
● Validates the publisher, not the safety of their
content!

13. 13
Overview: Docker Content Trust
● Built on TUF
● Designed to make good security easy!
● Validates the publisher, not the safety of their
content!

14. 14
Overview: Docker Content Trust
Image Forgery

15. 15
Overview: Docker Content Trust
Why not GPG?
Replay Attacks

16. TOFUs
13

17. 17
Docker Content Trust
Integration
Docker Universal Control
Plane Integration
Future Plans and Features

18. Docker Universal Control Plane Integration
● End-to-end authn integration with LDAP/AD
● Cross product RBAC across orgs
● Complete CI/CD visibility
Description

19. DCT: Image Promotion & Policy
Enforcement
● Cryptographically signed layers
● Promote images through signatures
● dev signed -> QA signed -> prod signed
● Policy enforcement through integrations
Description
Sysadmin
Dev
Prod
Ops

20. International Availability
Docker Subscription available for Europe
Hourly and annual
subscriptions available
from AWS Marketplace
Subscription licenses available
L1 and L2 support for US and
Europe
Bring your own license to
deploy Docker VHD in
Azure Marketplace to
European zones
www.docker.com/aws www.docker.com/ibm www.docker.com/microsoft
30 day free trial
www.docker.com/try-dtr

21. Thank you!
Jon & Rajat
@chu_jon, jon.chu@docker.com
@rajat_g, rajat.goel@docker.com