Datica Blog

Introducing Container Services: Deploy Custom Docker Images onto Datica

Laleh Hassibi

Vice President of Marketing

February 6, 2018   Open Source Healthcare News

It’s nearly impossible to be a part of a conversation among application or cloud developers today without somebody mentioning Docker or containers. Datica was an early adopter of Docker containers and, in fact, the Datica Platform has always been based on running Docker containers. Historically, use of Docker has been restricted to our “git push” model in which customers would push their code to Datica directly from their git repository and rely on our automated build process to build the code that would package that application for them.

This buildpack architecture allowed Datica to control the build process from start-to-finish, ensuring security and compliance at every step of the application deployment process. But it didn’t always work great for our customers. For some customers, it’s not possible for them to deploy within that model. For example, they might not even have the code for the application they’re deploying to push to us. We’ve listened to our customers’ concerns about wanting a higher degree of control around creating and debugging their own applications and have come up with a secure solution where customers can now bring their own Docker images onto the Datica Platform.

Introducing Container Services

Our just-released Container Services are an integral part of the Datica Platform and provide a direct way for customers to push a Docker image to Datica’s Docker registry, skipping the buildpack and “git push” process entirely. There are many benefits to this alternative deployment model, but the one we are most excited about is that our customers can push up an exact image to be run — without needing to rely on a build process, dependencies being available, or anything else of that nature.

Deploy Docker Images on Datica

Customers create their Dockerfile locally (built on top of Datica’s base image), sign it, and push it to Datica. Once that Docker image is pushed to the registry, a “deploy” command will run the image on the specified container service associated with their Datica environment.

Security and Compliance Built In

Giving customers that amount of control over their applications seems simple in theory, but the reality of adhering to HIPAA, GDPR, GxP and other healthcare regulations when developing digital health applications presented us with a massive security and compliance problem to solve before we could release this service to our customers.

We have done an incredible amount of security work that is largely invisible to our customers so that this new feature can pass a difficult HITRUST certification audit. For example, we have secured the containers with very stringent AppArmor profiles and per-tenant namespace profiles in Linux so that it appears to customers that they can run privileged code (i.e. anything) on our system, when in fact we’ve limited them to a very thin slice of our resources. Additionally, we have created end-to-end security on receiving their Docker images by enforcing notarization of Docker images through the Docker notary service which authenticates their images as being created by their organization so no one can push malicious code on their behalf.

The notary service is especially useful in larger organizations, as it allows organizations to create “delegate” roles (via keys) within their organization so that, for example, they can ensure that only their operations team or CI can sign production images, but that the development team can sign staging or test images. See the notary documentation for more details on how to accomplish this.

The ability for customers to construct Docker images locally, run them locally, and then push them onto The Datica Platform will increase developer productivity immensely and make it much easier for our customers to debug their own applications when something goes wrong with them. Our new Container Services also make deploying third-party vendor libraries (like Tableau or other licensed software) a whole lot easier.

Reach out to us to learn more about bringing your Docker images onto the Datica Platform, or take a look at our guide to getting started with container services.


AWS Fargate and HIPAA Compliant Containers

Ryan Rich

Chief Product Officer

Day 3 of re:Invent kicked off with AWS CEO, Andy Jassy, announcing Fargate among a slew of new AWS services. Can you tell we're excited about Fargate?

event-note November 29, 2017

Announcing one-click installations of Mirth Connect and Open-Source Connectors

Mark Olschesky

Chief Data Officer

Today we are launching one-click installations of Mirth Connect combined with Open-Source Connectors for the Datica Platform.

event-note November 17, 2017

Lifting A Fork for Open Source

Marcia Noyes

Director of Communications

This Q&A with Datica's Chief Data Officer, Mark Olschesky, explores what it means that Datica just passed 200 forks of our open-source policies.

event-note September 7, 2017

HITRUST on AWS is possible! Find out how at HIMSS18

Kris Gösser

Chief Marketing Officer

HIMSS is only a week away! On Tuesday, March 6th, Datica is presenting on the topic of HITRUST in the AWS booth #1625 at 11:00am.

event-note February 26, 2018