Docker Datacenter for AWS

In this blog, I will cover Docker datacenter usage with AWS. This blog is part of my Docker for AWS series and uses the sample voting application for illustration.

Docker Datacenter is Docker’s enterprise grade CaaS(Container as a service) solution where they have integrated their open source software with some proprietary software and support to make it into a commercial product. Docker Datacenter can be deployed on-premise or in cloud providers like AWS. Docker Datacenter is available free for 30 day trial period.

Docker Datacenter Architecture

Following picture shows the core components of Docker Datacenter:


(Image from Docker webpage)

Following are the key components of Docker Datacenter:

UCP(Universal control plane):

UCP provides controller to manage the platform and it integrates well with Light weight directory access protocol(LDAP) and Role based access control(RBAC). UCP also provides multi-tenancy support. This allows enterprises to integrate Docker Datacenter with their current user management solutions. Swarm is used for orchestration. UCP provides a nice GUI and same Docker APIs can be used to control UCP. Multiple UCP controllers can operate in HA mode. UCP also provides monitoring and logging support for Containers.

DTR(Docker Trusted registry):

DTR provides a secure Docker image repository and it integrates well with UCP and Docker engine.

Docker engine:

This is the open source Docker engine with commercial support.

Docker Datacenter for AWS

Docker Datacenter is an application comprised of UCP, DTR, Docker engine and supporting services running as Containers. Docker Datacenter for AWS means running these system services on AWS instances along with running the application containers which the system services manages. System services and application containers will be run on separate instances for resiliency purposes.

Following picture shows the architecture of Docker Datacenter for AWS:


(Picture from Docker Datacenter documentation)

Following are some important notes on Docker Datacenter for AWS architecture:

  • There are 3 kinds of EC2 cluster instances created. UCP controller cluster, DTR cluster, application cluster. UCP controller cluster runs UCP application, DTR cluster runs DTR application, application cluster runs user containers. UCP and DTR are developed as a micro-service with multiple containers. The EC2 instances are spread between 2 availability zones for HA.
  • Each of the cluster resides in the private network for security purposes. For each of the cluster, there is a ELB in public network that exposes the cluster to the outside world.
  • Docker in collaboration with AWS has created a cloudformation template to simplify the creation of Docker Datacenter infrastructure. Cloudformation template takes care of creation of the EC2 instances, deploying UCP, DTR and all associated system containers into the nodes. In addition, Cloudformation takes care of creation of ELB, VPC and all other supporting infrastructure.


Following are some pre-requisites to be done before we can deploy the voting application:

  • Get Docker datacenter 30 day trial license from here.
  • We need a registered DNS domainname to use Docker datacenter. UCP and DTR runs on sub-domains of the main registered domain name. In my case, i had “” domain already registered with Godaddy. I created a Route53 hosted zone in AWS and updated the nameservers in Godaddy to use AWS nameservers. The other option is to get domainname directly from AWS itself. The cost for domain name varies based on the provider.

Creation of Docker Datacenter infrastructure in AWS

Use the Cloudformation template to create the infrastructure. We need to input number and size of EC2 instances for UCP controller, DTR and application instances. This takes around 30-45 minutes. Following picture shows the user inputs that are needed:


For my case, i used m3.medium for EC2 instances and cluster size as 3. “”for DTR FQDN,  “” for UCP FQDN,  “*” for application FQDN. We need to enter license in JSON format in the license field.

Following is the screenshot of successful creation along with the resource outputs:


UCP can be accessed from “” and DTR can be accessed from “”. (These are not available currently as I have destroyed the cluster)


Following output shows the main UCP dashboard:


Following output shows the different EC2 instances created. This can be seen from AWS EC2 console.


In the above output, we can see 3 UCP controller instances, 3 DTR instances, 3 application node instances and 1 Jumphost. Jumphost is useful to ssh to other EC2 instances.

Following output shows the 3 classic ELBs that gets created. This can be seen from AWS EC2 console. The 3 ELBs are for UCP, DTR and application containers.


Voting application deployment

Following is the voting compose file that I tried to deploy in Docker Datacenter:

  image: 'smakam/myubuntu:v4'
  command: 'ping'
    - vote:vote
  image: 'instavote/vote:latest'
    - '80:80'

Following output shows the application created:


In the above output, we can see that there are 3 containers in this application. I have scaled the “vote” container to have 2 instances.

Voting application exposes port 80 on each node instance. Following output shows that port 80 access to the ELB connected to application nodes getting load balanced between the 2 containers.

$ curl  | grep -i "container id"
          Processed by container ID 50055eec5656
$ curl  | grep -i "container id"
           Processed by container ID 8c8190f2fe9b

ssh into the nodes

Since the EC2 instances are not directly exposed to the outside world, we need to first ssh into the jumphost and then ssh from jumphost into the individual instances. Jumphost is automatically created by Cloudformation template. ssh access helps in debugging.

Following output shows the Docker version in 1 of the application nodes:

$ docker --version
Docker version 1.11.2-cs4, build 7d4e626

Swarm mode is not yet available in Docker Datacenter as it is available only from version 1.12. It will be interesting to see how Swarm mode will be integrated to Docker Datacenter and if that will be kept as a default option instead of traditional Swarm mode.

Following output shows the running Containers in 1 of the application node:

$ docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS              PORTS                     NAMES
847dd233475b        smakam/myubuntu:v4       "ping"        40 minutes ago      Up 40 minutes                                 myvotingapp_client_1
50055eec5656        instavote/vote:latest    "gunicorn app:app -b "   40 minutes ago      Up 40 minutes>80/tcp        myvotingapp_vote_1
db588e83584a        docker/ucp-swarm:1.1.2   "/swarm join --discov"   3 hours ago         Up 3 hours          2375/tcp                  ucp-swarm-join
e03f9cad5763        docker/ucp-proxy:1.1.2   "/bin/run"               3 hours ago         Up 3 hours>2376/tcp   ucp-proxy

In the above output, first 2 are application containers and next 2 are UCP system containers.

Accessing UCP through CLI

We can use the procedure here to get CLI access. This gives us access to the Swarm manager from where we can control the whole cluster. Following output shows that the complete cluster summary including the 9 nodes using the regular Docker command:

$ docker info
Containers: 61
 Running: 60
 Paused: 0
 Stopped: 1
Images: 128
Server Version: swarm/1.2.3
Role: primary
Strategy: spread
Filters: health, port, containerslots, dependency, affinity, constraint
Nodes: 9

Integrating UCP with DTR

This link walks through the steps to integrate UCP with DTR. This would allow UCP to securely push and pull images from DTR.

For folks who want to try Docker Datacenter in the trial period, there is no option to try it out without having a registered domain name. It will be good if there is a way to workaround this.



One thought on “Docker Datacenter for AWS

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s