Docker is a quickly-evolving product. In the week or so I’ve been aware of it, it’s already bumped up a minor version. When diving into Docker and learning it I wanted a recent version but a stable host OS. In trying to decide how to proceed I found boot2docker (on GitHub, ISO Download). It must be the easiest way to run Docker on any platform, even Windows.

I simply downloaded the ISO and booted to it in a new Hyper-V VM since I had that ready to go. But the project seems to have easy-install VMs in which various platforms can boot the ISO. It’s a minimal Linux distribution with Docker. I used its tools to partition and format the virtual hard drive I attached with the label boot2docker-data so boot2docker would auto-mount and use it for persistent data–pulled images, saved containers and such.

So that’s the good. Easy download, easy install, easy to start using and learning Docker. (Hint: try sudo docker pull ubuntu then sudo docker run -i ubuntu /bin/bash; you won’t have a prompt, but try ls and a few other commands to see where you are.)

Here’s the potential bad: The boot2docker ISO has a default user name and password. To a user with sudo access. This is not secure! If you’re at home behind a NAT I suppose you can feel walled off, but I’ve learned the hard way in the past you shouldn’t trust your local subnet, especially if you tinker around like me. Also, I have an IPv6 tunnel, so my boot2docker VM had a publicly reachable IPv6 address. So any VMs running boot2docker and any Docker containers running inside are just sitting wide-open waiting for the first worm to start scanning for them.

I wrote up this post a week ahead, and as the publish date approached I realized I didn’t install boot2docker per the instructions. I just grabbed the ISO and booted it in my existing VM host. Maybe you also have VMWare Player, VirtualBox or some other VM host and like me decide to boot the ISO in your existing VM, too, so this concern is still valid, but I realize I should probably install per the instructions before publishing this article.

So I installed boot2docker for Windows on a Win7 laptop that I know supports hardware virtualization. It sets up an icon which downloads the latest ISO, boots it in VirtualBox and connects to it. But it is only open to 127.0.0.1 and not to the local network. So If you follow the instructions you are not putting a known-password host on your network.

But if you’re “clever” like me and boot the ISO on a spare PC or VM-host-of-convenience, don’t let it have access to any real data and don’t leave it running when you’re not playing with it.

(By the way, Docker does not require hardware virtualization support; this is needed to run the VM on Windows for the Docker host. If you have a 64-bit machine without hardware virtualization support, you could still boot the ISO on that PC and run Docker containers, but then you would have the known-password-on-network problem if using the boot2docker ISO.)