diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt index 35a06b4664e..f1685dadf64 100644 --- a/_vale/config/vocabularies/Docker/accept.txt +++ b/_vale/config/vocabularies/Docker/accept.txt @@ -65,12 +65,16 @@ Grafana Gravatar HTTP HyperKit +IAM IPs? IPv[46] IPvlan Intel +Intune +Jamf JFrog JetBrains +Kerberos Kitematic Kubernetes LTS @@ -80,16 +84,19 @@ Logstash MAC Mac Mail(chimp|gun) +MDM Microsoft MySQL NAT Netplan Nginx +NTLM Nuxeo OAuth OCI OTel Okta +PAT Postgres PowerShell Python @@ -138,8 +145,10 @@ Zsh [Ff]iletypes? [GgCc]oroutine [Hh]ostname +[Ii]nfosec [Ll]oopback [Mm]oby +[Oo]nboarding [Pp]aravirtualization [Pp]roxying [Rr]eal-time @@ -149,10 +158,12 @@ Zsh [Ss]warm [Tt]oolchains? [Vv]irtualize +[Vv]irtiofs [Ww]alkthrough cgroup config containerd +deprovisioning deserialization deserialize displayName @@ -187,4 +198,4 @@ ufw umask ungated vSphere -virtiofs +vpnkit diff --git a/content/guides/admin-set-up/_index.md b/content/guides/admin-set-up/_index.md new file mode 100644 index 00000000000..0a5bff1818f --- /dev/null +++ b/content/guides/admin-set-up/_index.md @@ -0,0 +1,69 @@ +--- +title: Set up your company for success with Docker +linkTitle: Admin set up +summary: Get the most out of Docker by streamlining workflows, standardizing development environments, and ensuring smooth deployments across your company. +description: Learn how to onboard your company and take advantage of all of the Docker products and features. +levels: [intermediate] +params: + featured: true + image: + resource_links: + - title: Overview of Administration in Docker + url: /admin/ + - title: Single sign-on + url: /security/for-admins/single-sign-on/ + - title: Enforce sign-in + url: /security/for-admins/enforce-sign-in/ + - title: Roles and permissions + url: /security/for-admins/roles-and-permissions/ + - title: Settings Management + url: /security/for-admins/hardened-desktop/settings-management/ + - title: Registry Access Management + url: /security/for-admins/hardened-desktop/registry-access-management/ + - title: Image Access Management + url: /security/for-admins/hardened-desktop/image-access-management/ + - title: Docker Build Cloud subscription information + url: /subscription/build-cloud/build-details/ + - title: Docker Scout subscription information + url: /subscription/scout-details/ +--- + +Docker's tools provide a scalable, secure platform that empowers your developers to create, ship, and run applications faster. As an administrator, you have the ability to streamline workflows, standardize development environments, and ensure smooth deployments across your organization. + +By configuring Docker products to suit your company’s needs, you can optimize performance, simplify user management, and maintain control over resources. This guide will help you set up and configure Docker products to maximize productivity and success for your team whilst meeting compliance and security policies + +## Who’s this for? + +- Administrators responsible for managing Docker environments within their organization +- IT leaders looking to streamline development and deployment workflows +- Teams aiming to standardize application environments across multiple users +- Organizations seeking to optimize their use of Docker products for greater scalability and efficiency +- Organizations with [Docker Business subscriptions](https://www.docker.com/pricing/). + +## What you’ll learn + +- The importance of signing in to the company's Docker organization for access to usage data and enhanced functionality. +- How to standardize Docker Desktop versions and settings to create a consistent baseline for all users, while allowing flexibility for advanced developers. +- Strategies for implementing Docker’s security configurations to meet company IT and software development security requirements without hindering developer productivity. + +## Features covered + +- Organizations. These are the core structure for managing your Docker environment, grouping users, teams, and image repositories. Your organization was created with your subscription and is managed by one or more Owners. Users signed into the organization are assigned seats based on the purchased subscription. +- Enforce sign-in. By default, Docker Desktop does not require sign-in. However, you can configure settings to enforce this and ensure your developers sign in to your Docker organization. +- SSO. Without SSO, user management in a Docker organization is manual. Setting up an SSO connection between your identity provider and Docker ensures compliance with your security policy and automates user provisioning. Adding SCIM further automates user provisioning and de-provisioning. +- General and security settings. Configuring key settings will ensure smooth onboarding and usage of Docker products within your environment. Additionally, you can enable security features based on your company's specific security needs. + +## Who needs to be involved? + +- Docker organization owner: A Docker organization owner must be involved in the process and will be required for several key steps. +- DNS team: The DNS team is needed during the SSO setup to verify the company domain. +- MDM team: Responsible for distributing Docker-specific configuration files to developer machines. +- Identity Provider team: Required for configuring the identity provider and establishing the SSO connection during setup. +- Development lead: A development lead with knowledge of Docker configurations to help establish a baseline for developer settings. +- IT team: An IT representative familiar with company desktop policies to assist with aligning Docker configuration to those policies. +- Infosec: A security team member with knowledge of company development security policies to help configure security features. +- Docker testers: A small group of developers to test the new settings and configurations before full deployment. + +## Tools integration + +Okta, Entra ID SAML 2.0, Azure Connect (OIDC), MDM solutions like Intune \ No newline at end of file diff --git a/content/guides/admin-set-up/comms-and-info-gathering.md b/content/guides/admin-set-up/comms-and-info-gathering.md new file mode 100644 index 00000000000..a70f525ab16 --- /dev/null +++ b/content/guides/admin-set-up/comms-and-info-gathering.md @@ -0,0 +1,33 @@ +--- +title: Communication and information gathering +description: Gather your company's requirements from key stakeholders and communicate to your developers. +weight: 10 +--- + +## Step one: Communicate with your developers and IT teams + +### Docker user communication + +You may already have Docker Desktop users within your company, and some steps in this process may affect how they interact with the platform. It's highly recommended to communicate early with users, informing them that as part of the subscription onboarding, they will be upgraded to a supported version of Docker Desktop. + +Additionally, communicate that settings will be reviewed to optimize productivity, and users will be required to sign in to the company’s Docker organization using their business email to fully utilize the subscription benefits. + +### MDM team communication + +Device management solutions, such as Intune and Jamf, are commonly used for software distribution across enterprises, typically managed by a dedicated MDM team. It is recommended that you engage with this team early in the process to understand their requirements and the lead time for deploying changes. + +Several key setup steps in this guide require the use of JSON files, registry keys, or .plist files that need to be distributed to developer machines. It’s a best practice to use MDM tools for deploying these configuration files and ensuring their integrity is preserved. + +## Step two: Identify Docker organizations + +Some companies may have more than one [Docker organization](/manuals/admin/organization/_index.md) created. These organizations may have been created for specific purposes, or may not be needed anymore. If you suspect your company has more than one Docker organization, it's recommended you survey your teams to see if they have their own organizations. You can also contact your Docker Customer Success representative to get a list of organizations with users whose emails match your domain name. + +## Step three: Gather requirements + +Through [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md), Docker provides numerous configuration parameters that can be preset. The Docker organization owner, development lead, and infosec representative should review these settings to establish the company’s baseline configuration, including security features and [enforcing sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) for Docker Desktop users. Additionally, they should decide whether to take advantage of free trials for other Docker products, such as [Docker Scout](/manuals/scout/_index.md), which is included in the subscription. + +To view the parameters that can be preset, see [Configure Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/configure.md#step-two-configure-the-settings-you-want-to-lock-in). + +## Optional step four: Meet with the Docker Implementation team + +The Docker Implementation team can help you step through setting up your organization, configuring SSO, enforcing sign in, and configuring Docker. You can reach out to set up a meeting by emailing successteam@docker.com. diff --git a/content/guides/admin-set-up/deploy.md b/content/guides/admin-set-up/deploy.md new file mode 100644 index 00000000000..ab91d9f4e56 --- /dev/null +++ b/content/guides/admin-set-up/deploy.md @@ -0,0 +1,18 @@ +--- +title: Deploy +description: Deploy your Docker setup across your company. +weight: 40 +--- + +> [!WARNING] +> Ensure you communicate with your users before proceeding, and confirm that your IT and MDM teams are prepared to handle any unexpected issues, as these steps will affect all existing users signing into your Docker organization. + +## Step one: Enforce SSO + +Enforcing SSO means that anyone who has a Docker profile with an email address that matches your verified domain must sign in using your SSO connection. Make sure the Identity provider groups associated with your SSO connection cover all the developer groups that you want to have access to the Docker subscription. + +## Step two: Deploy configuration settings and enforce sign-in to users + +Have the MDM team deploy the configuration files for Docker to all users. + +Congratulations, you have successfully completed the admin implementation process for Docker. diff --git a/content/guides/admin-set-up/finalize-plans-and-setup.md b/content/guides/admin-set-up/finalize-plans-and-setup.md new file mode 100644 index 00000000000..3f085fb1c55 --- /dev/null +++ b/content/guides/admin-set-up/finalize-plans-and-setup.md @@ -0,0 +1,43 @@ +--- +title: Finalize plans and begin setup +description: Collaborate with your MDM team to distribute configurations and set up SSO and Docker product trials. +weight: 20 +--- + +## Step one: Send finalized settings files to the MDM team + +After reaching an agreement with the relevant teams on your baseline and security configurations as outlined in module one, follow the instructions in the [Settings Management](/manuals/security/for-admins/hardened-desktop/settings-management/_index.md) documentation to create the `admin-settings.json` file that captures these configurations. + +Once the file is ready, collaborate with your MDM team to deploy the `admin-settings.json` file, along with your chosen method for [enforcing sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md). + +> [!IMPORTANT] +> +> It’s highly recommended that you test this first with a small number of Docker Desktop developers to verify the functionality works as expected before deploying more widely. + +## Step two: Manage your organizations + +If you have more than one organization, it’s recommended that you either consolidate them into one organization or create a [Docker company](/manuals/admin/company/_index.md) to manage multiple organizations. Work with the Docker Customer Success and Implementation teams to make this happen. + +## Step three: Begin setup + +### Set up single sign-on SSO domain verification + +Single sign-on (SSO) lets developers authenticate using their identity providers (IdPs) to access Docker. SSO is available for a whole company, and all associated organizations, or an individual organization that has a Docker Business subscription. For more information, see the [documentation](/manuals/security/for-admins/single-sign-on/_index.md). + +You can also enable [SCIM](/manuals/security/for-admins/provisioning/scim.md) for further automation of provisioning and deprovisioning of users. + +### Set up free tier Docker product entitlements included in the subscription + +[Docker Build Cloud](/manuals/build-cloud/_index.md) significantly reduces build times, both locally and in CI, by providing a dedicated remote builder and shared cache. Powered by the cloud, developer time and local resources are freed up so your team can focus on more important things, like innovation. To get started, [set up a cloud builder](http://build.docker.com). + +[Docker Scout](manuals/scout/_index.md) is a solution for proactively enhancing your software supply chain security. By analyzing your images, Docker Scout compiles an inventory of components, also known as a Software Bill of Materials (SBOM). The SBOM is matched against a continuously updated vulnerability database to pinpoint security weaknesses. To get started, see [Quickstart](/manuals/scout/quickstart.md). + +### Ensure you're running a supported version of Docker Desktop + +> [!WARNING] +> +> This step could affect the experience for users on older versions of Docker Desktop. + +Existing users may be running outdated or unsupported versions of Docker Desktop. It is highly recommended that all users update to a supported version. Docker Desktop versions released within the past 6 months from the latest release are supported. + +It's recommended that you use a MDM solution to manage the version of Docker Desktop for users. Users may also get Docker Desktop directly from Docker or through a company software portal. diff --git a/content/guides/admin-set-up/testing.md b/content/guides/admin-set-up/testing.md new file mode 100644 index 00000000000..d4fd0b805cc --- /dev/null +++ b/content/guides/admin-set-up/testing.md @@ -0,0 +1,32 @@ +--- +title: Testing +description: Test your Docker setup. +weight: 30 +--- + +## SSO and SCIM testing + +You can test SSO and SCIM by signing in to Docker Desktop or Docker Hub with the email address linked to a Docker account that is part of the verified domain. Developers who sign in using their Docker usernames will remain unaffected by the SSO and/or SCIM setup. + +> [!IMPORTANT] +> +> Some users may need CLI based logins to Docker Hub, and for this they will need a [personal access token (PAT)](/manuals/security/for-developers/access-tokens.md). + +## Test RAM and IAM + +> [!WARNING] +> Be sure to communicate with your users before proceeding, as this step will impact all existing users signing into your Docker organization + +If you plan to use [Registry Access Management (RAM)](/manuals/security/for-admins/hardened-desktop/registry-access-management.md) and/or [Image Access Management (IAM)](/manuals/security/for-admins/hardened-desktop/image-access-management.md), ensure your test developer signs in to Docker Desktop using their organization credentials. Once authenticated, have them attempt to pull an unauthorized image or one from a disallowed registry via the Docker CLI. They should receive an error message indicating that the registry is restricted by the organization. + +## Deploy settings and enforce sign in to test group + +Deploy the Docker settings and enforce sign-in for a small group of test users via MDM. Have this group test their development workflows with containers on Docker Desktop and Docker Hub to ensure all settings and the sign-in enforcement function as expected. + +## Test Build Cloud capabilities + +Have one of your Docker Desktop testers [connect to the cloud builder you created and use it to build](/manuals/build-cloud/usage.md). + +## Verify Scout monitoring of repositories + +Check the [Docker Scout dashboard](https://scout.docker.com/) to confirm that data is being properly received for the repositories where Docker Scout has been enabled.