Introduction to MSR

Mirantis Secure Registry (MSR) is Mirantis’s enterprise-grade image storage solution. Installed behind the firewall, either on-premises or on a virtual private cloud, MSR provides a secure environment from which users can store and manage Docker images.

Image and job management

MSR has a web-based user interface that you can use to browse images and audit repository events. With the UI, you can see which Dockerfile lines produced an image and, if security scanning is enabled, a list of all of the software installed in that image. You can also audit jobs with the web interface.

MSR can serve as a Continuous Integration and Continuous Delivery (CI/CD) component, in the building, shipping, and running of applications.

Availability

MSR is highly available through the use of multiple replicas of all containers and metadata. As such, MSR will continue to operate in the event of machine failure, thus allowing for repair.

Efficiency

MSR is able to reduce the bandwidth used when pulling Docker images by caching images closer to users. In addition, MSR can clean up unreferenced manifests and layers.

Built-in access control

As with Mirantis Kubernetes Engine (MKE), MSR uses Role Based Access Control (RBAC), which allows you to manage image access, either manually, with LDAP, or with Active Directory.

Security scanning

A security scanner is built into MSR, which can be used to discover the versions of the software that is in use in your images. This tool scans each layer and aggregates the results, offering a complete picture of what is being shipped as a part of your stack. Most importantly, as the security scanner is kept up-to-date by tapping into a periodically updated vulnerability database, it is able to provide unprecedented insight into your exposure to known security threats.

Image signing

MSR ships with Notary, which allows you to sign and verify images using Docker Content Trust. For more information on managing Notary data in MSR, refer to the Using Notary to sign an image.