If you’ve been following along with DockerCon2016, you probably heard the huge announcement regarding Docker security: they have integrated automated setup and management of Swarm nodes configured with TLS. In summary, they are giving each node a cryptographic identity and protecting communication channels with certificate based authentication and transport encryption. Well guess what? We have some exciting news as well!
A couple of months ago, we disclosed an industry first: support for iSCSI over TLS. In a previous post, we demonstrated that iSCSI/TLS has superior performance when compared to IPsec using functionally equivalent ciphers (3.8x bandwidth!!!). Today, we’re announcing one of the missing pieces to the Docker security puzzle: end-to-end encryption for storage.
In our latest release, you get fully automated end-to-end encryption with perfect forward secrecy (PFS) for persistent volumes. iSCSI/TLS is firewall friendly, blazingly fast and no fuss. Even better, it’s just a single command line option with Docker. Check out the video for a demo and stayed tuned for more exciting security related news to come!