Discovery and Inventory of Docker Containers in Flexnet Manager Suite 2020 R1

Flexera
Flexera
6 2 331

What are Containers in FNMS 2020 R1?

Containers are a new type of application virtualisation that provides much greater flexibility and scalability then other technologies.  The most popular of these is Docker and in FNMS 2020 R1 the upgraded agent will allow you to discover and inventory docker containers giving you complete visibility into docker instances in your environment and the software running on them.

Some key points about this functionality:

  1. An agent upgrade IS required (Cloud and On-Premises)
  2. Server components also need to be updated (On-Premises customers only)
  3. Docker capability is only on our Linux agents in this release, Windows will be updated later.
  4. This release is focused on Discovery and Inventory, software running in containers will not be included in license reconcile or consumption calculations
  5. The new agent monitors the Docker Engine service on the device to collect inventory which means you can only discover containers on devices where you have the agent installed and so cloud based Kubernetes or other Container Orchestration services is not currently included.

 

Getting started with Docker discovery and inventory

How to enable Docker Container inventory?

Enabling docker inventory will modify installation counts and so by default it is disabled and will need to be enabled.

You can do this by:

  • Open Discovery & Inventory – Settings
  • Find “Container Scanning” section
  • Enable checkbox “Enable detection of Docker and running inventory agent inside Docker containers”
  • Click Save in bottom right of screen

Once enabled, this will update agent policy and will be deployed to beacons and then agents need to update policy, run inventory, upload this inventory and then full inventory import and reconcile needs to complete.

This process usually takes 24-48 hours before it’s all processed.

mrichardson_0-1593186573901.png

 

 

Viewing list of Containers in your environment

To validate that inventory has succeeded, go back to Discovery & Inventory menu and there is now a new Containers section with a view called “All Containers”, this view shows all containers in your environment.

mrichardson_1-1593186573907.png

 

Licensing Managers

One of the use cases we were trying to address for SAM Managers was “How many of my applications are running in containers”?  We know from discussions that you want to see what impact containerised applications are having so we’ve added a new “Containers” column to the following views:

  • Application views e.g. Install Applications, All Applications etc
  • Unlicensed Installations

mrichardson_2-1593186573916.png

 

mrichardson_3-1593186573924.png

 

 

These Container columns show the subset of installations from containers so from the Unlicensed Installations above, you have 4 installations of Ubuntu and 3 come from Containers which means that as Container applications aren’t included in license reconcile, you have 1 that can be addressed by the reconcile and 3 from containers which you need to review and manually allocate where necessary.

 

 

 

Hardware Asset Managers

If you are managing specific devices and want to see whether they are running containers there is a “Container” tab which lists the Container and Docker Images.

mrichardson_4-1593186573931.png

 

If you then want to see what applications these devices are running within containers you can go to the Applications tab and you will see a new sub-tab called Containers which will show you all the Containers associated with this device.

mrichardson_5-1593186573940.png

 

 

These are the main views we’ve implemented, I will be adding a Q&A section at a later date once I’ve finished collating all of the recent questions.

2 Comments
Rising star

Hi Matt,

A few questions:

  • Will the container data be part of the inventory (ndi) file?
  • How is the container data matched to applications? Is it file evidence?
  • Is this a snapshot only, or is the contianer data taken like usage data, over time?

Best regards,

Markward

Flexera
Flexera

Hi @mfranz,

I'll ask one of the engineers to add further input if needed but in summary we've added an extra daemon service to the usage engine of the agent that monitors the docker engine service and once it identifies a docker image has been created it uses the zero footprint inventory (i.e. ndtrack.sh on Linux) to scan the contents of the image to produce ndi content.

As each docker image is immutable i.e. it cannot be changed, we know that any container deployed from that image will have the same contents, this allows for on-going updates instead of just a one-time snapshot.

So to track both the software in containers and the state of containers / images we use a combination of the inventory agent and the usage agent respectively; the latter will track when the containers were started, stopped and destroyed and these are used to populate the fields you see in the All Containers and properties views.

 

Principal Engineer // Managed Services Leipzig, Germany