上QQ阅读APP看书，第一时间看更新

Docker Enterprise – enterprise support and features

Free Docker is great! But supporting yourself is not always so great. Therefore, Docker Engine-Community is usually a fine choice for learning and getting started, but as soon as you head toward production, you should consider stepping up to Docker Enterprise for the support and/or the enterprise class tooling it provides.

Docker Enterprise builds on Docker Engine-Community's already rich feature set and adds commercial support for the Docker Engine (Docker Enterprise Basic), as well as tooling that's important for managing multiple teams and production applications, including Kubernetes applications (Kubernetes is included in Docker Enterprise Standard and Advanced).

Docker offers the following support models for Docker Engine-Community and Docker Enterprise:

Docker Engine-Community: Starting in CE 18.09, you will need to upgrade (deal with possible breaking changes) every 7 months if you want hotfixes and patch support. This is a recent improvement as, prior to CE 18.09, the support cycle was only four months. Docker Engine-Community relies on community-based support forums; you post an issue in a public forum and wait for someone to help you or to generate a fix. Docker has a great community, but with Docker Engine-Community there are no Service Level Agreements (SLAs).
Docker Enterprise: You will need to upgrade (deal with possible breaking changes) every 24 months to maintain access to hotfixes and patch support. Docker Enteprise's cornerstone is their enterprise-grade private support channel with either a business-critical or business day support level agreement.
Hint: Business critical has a faster response time SLA, but costs more.

Docker Enterprise also includes seamless support for ISV-provided Docker certified plugins and Docker certified containers. That means if you have an issue with a certified plugin or container, you just call Docker for support.

Docker Engine-Community support issues are posted publicly for anyone to see. This can be a problem if you are, for example, a financial institution publicly announcing a security vulnerability you discovered and thus tipping off hackers. If you have concerns about the public visibility of your issues or need SLAs, you may want to consider purchasing Docker Enterprise Basic with business day support.

Docker Enterprise also comes in three tiers:

Docker Enterprise basic tier: Docker Engine-Community feature set with Docker Enterprise support as described previously.
Docker Enterprise standard tier: Built on top of Docker Engine-Community with Docker Enterprise support as described previously, but adds the universal control plane (UCP; integrated security with LDAP connections and RBAC through a GUI or CLI bundle for policy management, layer-7 routing, Kubernetes up-and-running out-of-the-box, and a web interface) and the Docker Trusted Registry (DTR; a private image registry tied into the UCP security model with image signing, promotions, webhooks, and full API access).
Docker Enterprise advanced tier: Includes all of the features in the Docker Enterprise standard tier, but gives Universal Control Plane (UCP) additional finer-grained RBAC to allow for node isolation. The advanced tier enhances the Docker Trusted Registry (DTR) with image vulnerability scanning and images mirroring to remote DTRs.

The advanced tier enforces a high degree of resource isolation down to the node level. This allows an enterprise to consolidate all of its non-production environments into a single non-prod docker cluster. This can considerably reduce the number of services required for non-production activities. Developers, testers, and operators are issued appropriate RBAC grants to work in isolation.