Hyperizing Docker Containers with rock solid security

Jun 30, 2016 Written by Ranjitha Platform Operations Engineer


One of the questions we have been asked is what is the secret sauce in our enterprise edition as all our stuff is opensource.

Hence this is one of our secret sauce. Yes if you want to run secure docker containers by using a hypervisor like KVM, contact us If you are from the hosting industry we will put you in touch with our partner (

In this article we will provide the opensource way of doing stuff on your own.

Lets get started too launch the docker container in secure isolated with a very fast launch using hypercontainers.

Introducing HyperContainer

HyperContainer is a Hypervisor-agnostic Docker Runtime that allows you to run Docker images on any hypervisor (KVM, Xen, etc.).

 HyperContainer = Hypervisor + Kernel + Docker Image

By containing applications within separate VM instances and kernel spaces, HyperContainer is able to offer an excellent Hardware-enforced Isolation, which is much needed in multi-tenant environments.

HyperContainer also promises Immutable Infrastructure by eliminating the middle layer of Guest OS, along with the hassle to configure and manage them.

Setup HyperContainer

This initial section contains everything you need to setup the hypercontainer on one of your baremental server.

Now if your have a several servers, you can contact us, the enterprise edition is a lifesaver.

Step - 1 Install HyperContainer

The Prerequisites are,

Hypervisor: at least one of

[Linux] QEMU KVM 2.0 or later [Linux] Xen 4.5 or later (for Xen support)

We will use KVM here. Supose your server doesn’t have the any hypervisor you need to install the following

  sudo apt-get install qemu-system

Now the install hypercontainer on your server,

 tar -xvzf hyper-latest.tgz

Then cd into the hyper-pkg directory


Next we start the hyperd service

sudo service hyperd start
Step - 2 Pull Docker Images

To pull the docker images from docker registry by using these command

hyper pull tutum/hello-world

Now the container pulled in sub-millseconds.

To list the docker images

hyper images

tutum/hello-world   latest  4b95f40f2f4d   2015-12-14 16:16:44   17.0 MB
Step -3 Network setup

By default the hypercontainer uses hyper0 bridge but we wil have to use our own subnet (own bridge)

Lets setup a bridge named one in your server.

brctl addbr one

Once you have created a bridge you need to change the configuration file under in /etc/hyper/config


Then restart the hyperd service

service hyperd restart
Step - 4 Run the HyperContainer
hyper run --name test -d tutum/hello-world

The hypercontainer runs in an isolated space in an independent kernal.

To list the running hypercontainers

hyper list
POD ID            POD Name           VM name                 Status
pod-IlLsHBTYGQ      tutum1       vm-FXBRjvEgJY              running


These are the very simple steps to successfully launch a docker container in a secure isolated space.

Again if you have a lot os server rack, we have the solution. Contact us