I've used docker for process isolation at two companies now. In both cases, we were executing things on the server based on customer input values, and desired the isolation to help ensure safety.

In the first company, these were one-off import jobs that would import customer information from a URL they provided.

In the other, these are long-running daemons for a multi-tenant service, and I need to reduce the risk that one customer could exploit the system and disrupt the other customers or gain access to their data.

I have some other experiments in play right now in which I am packaging up various services as docker containers, but this is currently non-production.

I was involved with a company that received several attacks on AWS. We were premium support customers, and were able to work with our AWS TAM to get a mitigation device in place and turned on. It was a bit shaky at that time, as this was not a common service offering. Things may be better now.

Great work as usual, Ryan. Glad to see this make it out there!

Thanks for sharing these notes on your experience. Clearly a lot was gained.

Your awesome and I look forward to hearing about your next adventure.

I particularly like the reliance on crc to help in situations where a numeric identifier might not be possible / desired. It's organic.

This gave me enough of an 'aha!' to move forward with an experiment I was conducting.

Thanks!

It does!

FWIW, offering SSL is a giant pita considering that it requires a unique IP address for each endpoint. Scaling that is not easy. Add the diminishing pool of IP4 space to that and you've got something that you have to think very carefully about.

I like the quote from Boondock Saints. Makes them scary, like Rocco.

Aww. I'll pay more attention next time.

Hoverboards.