UCP and DTR benefits

Docker Enterprise standard and advanced come with the Universal Control Plane (UCP) and the Docker Trusted Registry (DTR).

Docker's UCP includes critical enterprise features such as LDAP integrated, role-based access control, a certificate managed command-line interface, a web-based GUI, and the Kubernetes orchestrator installed and ready to use. UCP also provides a secure API interface for scripting and extensibility.

Rather than using a public image repository such as Docker Hub for enterprise images, Docker Enterprise uses a private image repository called DTR for security and availability reasons. If for some reason an image repository becomes unavailable to a cluster, applications cannot be deployed. So, DTR is a replicated, integral part of the Docker Enterprise platform.

Docker's DTR runs in the same cluster where the workload container images are deployed. DTR is where enterprise images are securely stored after they are built and where they are pulled from at deployment time. DTR is a critical part of an enterprise-class container cluster and is also the heart and soul of a secure image pipeline. Therefor, DTR includes image scanning (Advanced Edition feature only), image signing with Notary's TUF implementation, and webhooks for CI/CD integration and image promotion policies, and is fully integrated with the UCP RBAC system.