Benefit 1: Solve "Works on My Machine" Syndrome
Ever have issues in production that you can't reproduce locally? This usually occurs because there are differences between your environments. Over time, changes, such as applying a security patch to production, that are made directly to environments will cause environmental drift. The solution? Use immutable infrastructure and avoid changing environments directly. Docker images gives you that immutable infrastructure.
Benefit 2: Security
The question has been out there for a while: "Is using Docker containers secure?" The verdict is in. Industry experts from Gartner and NCC Group suggest that not only is using containers secure, but it enhances security compared to a non-containerized solution. This is partially because of the isolation between containers (and host) that gives another layer of defense, as well as application specific whitelisting of installed libraries and Linux mandatory access controls.
Additionaly, you have the option to integrate the Docker Security Scanning service into your CI/CD pipeline to scan images for security vulnerabilities. The service scans images against the Common Vulnerabilities and Exposures (CVEÂ®) database and returns a list of vulnerabilities back to the user. When the database is updated, the service will retroactively scan images and send notifications to image maintainers when vulnerabilities are discovered. Combine the security scanning service with Docker content trust to verify the publisher of images.
Benefit 3: Faster Time to Market with Microservices
We all fear the monolith: the mass of spaghetti code that inhibits us from delivering business value because we can't change anything without breaking everything. Microservices help with this by allowing us to develop loosely-coupled services that are independently deployable. But of course, every architecture decision comes with trade-offs, and the trade-offs for microservices are challenging: service orchestration, centralized monitoring and logging, and environments "on-demand", to name a few.
Luckily, Docker can help with these issues. Docker containers provide a standard interface to allow operations-type problems to be solved more generically and allow ecosystem tools to build on top of. The fast spin-up time of Docker containers allows you to create multiple environments quickly and in isolation, including environments needed for your CI/CD pipeline, such as build and test environments.
Benefit 4: Unlock the Ecosystem
One of my favorite things about Docker is the community and the ecosystem that surrounds the technology. Need a tool for container management? You can use ECS on Amazon. Need CI/CD plugins? Jenkins provides several plugins that work with Docker. How about service orchestration? Kubernetes is one of many tools that can help (although I recommend the built-in Docker swarm mode in Docker 1.12). Utilize these tools to avoid solving problems that are not specific to your business, and spend more time on delivering value to your customers.
Benefit 5: "Developed in the Open"
Technologies come and go. Companies go through huge migrations when old technologies become obsolete, and new technologies are made relevant. Because of these cycles it is important to consider not only which technologies to adopt, but the direction in which these technologies are heading.
Docker protects from these cycles by fully embracing the community to help determine the direction of the Docker project. Besides the Docker Engine being open-sourced itself, Docker extracts out internals of the project, such as infrakit, datakit, hyperkit, etc. and publishes them as separate open source projects. These projects don't have a dependency on Docker, and they allow the community to influence and build on top of these components. Docker is also built on top of open standards as defined by the community. The Open Container Initiative (OCI) was created to define open standards around container format and runtime and is backed by a number of industry leaders such as Redhat and Google. Docker contributed the first implementation of the OCI specification (runc), and the Docker Engine is OCI compliant starting with version 1.11.