This content is part of the Essential Guide: The complete rundown on Docker data storage and containers
Problem solve Get help with specific problems with your technologies, process and projects.

What are the challenges with protecting Docker container data?

Expert Brien Posey explains how Docker's architecture affects backups and how to best approach backing up Docker data.

While major backup vendors are good at backing up virtual machines (VMs), Docker containers don't depend on a hypervisor. In addition, the Docker container and its various components are separated from the host operating system by the Docker Engine, which runs and secures the virtualized application.

Docker container data backup varies from VM backup because it uses a different architectural structure. Every hypervisor vendor has its own nuances, but a VM generally consists of one or more virtual hard disks (VHDs) and a configuration file. Backup applications protect the configuration file and extract the contents of the VHD.

Docker container data backup varies from VM backup because it uses a different architectural structure.

Instead of depending on VHDs, Docker uses a layered approach. The lowest layer is the read-only platform image that defines the run-time environment for the containerized application.

A container layer sits above the platform image and stores the configuration data (as opposed to the configuration data being kept in a configuration file). The container layer is read/write and acts as the application sandbox.

One factor that makes it difficult to protect the container layer is that there can be multiple container layers. If a set of write operations need to be committed in a way that makes them permanent, the container is converted into a layered image and a new read/write container is created above it. Hence, a single Docker application could contain a platform image, a container and an unknown number of layered images.

The best way to mitigate the challenges of backing up Docker container data is to use a Docker-aware backup application or to write a script. Some Docker-related blogs suggest using a script to copy Docker containers and volumes to a tarball for safe keeping.

Next Steps

Don't expect mass Docker container adoption just yet

Is a Docker data container right for you?

Docker application container engine makes waves

Protect Docker containers in four steps

Dig Deeper on Backup for virtual servers

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What part of protecting Docker container data has presented the biggest challenge?
Right now, the challenge is in making sure the systems are patched and kept up to date. It's not a big deal, but at the moment, it requires we open them, apply the patches, and then commit them again.
I’m a little surprised that there are not more solutions in place for backing up Docker data, given that data is not persistent if something happens and the container is deleted, especially for Docker data containers.