Azure Container Registry (ACR):

Azure Container Registry (ACR) is a private container image registry used to store Docker images
in a secure and high-availability environment. Azure Container Registry is a managed Docker
registry service based on the open-source Docker Registry 2.0 and it allows you to store and
manage images for all types of container deployments. Microsoft Azure manages the underlying
infrastructure and technology behind ACR, while the tenant manages the endpoints, access, and
image repositories.

ACR is an elastic service that can grow easily based on our needs using the following plans:

• Basic • Standard • Premium

Pricing Detail:

Basic Standard Premium

Price Per Day $ 0.167 $ 0.667 $ 1.677
500
Premium offers enhanced
Included Storage (GiB) 10 100 Throughput for Docker
pull across, multiple
concurrent nodes
100
Total web hooks 2 10 (Additional available upon
request)
Supported
Geo Replication Not Supported Not Supported $ 1.667 per replicated
region

ACR pricing details: Most developers will find the basic tier enough to test various applications
and code; however, large businesses will probably opt for the Premium plan, which offers more
storage and global replications. We can manage ACR using Azure CLI (with Azure Cloud Shell) or
the Azure portal. Because the underlying infrastructure is managed by Azure, our role in
managing ACR is limited and doesn’t require complex operation procedures. To push and pull
Docker images to and from ACR, we use the Docker CLI command line utility, which is great as it
doesn’t require us to learn how to use another tool.
 Fig. Azure Container Registry: Securing Container Workflows

Why should we use it?

It provides signed container images, so your Kubernetes cluster can verify that the code it’s
running is the code you pushed to your registry from your build system. Signed images ensure
that no one has tampered with a container’s contents while it’s being deployed. Secondly, ACR
can integrate with Azure’s Security Center. This allows you to scan images as they’re stored in
the registry, checking not only for vulnerabilities in your code and in the base image, but also in
any dependencies that are included or are referred from the image file. Using Qualys’s scanner,
Security Center reports will help you identify vulnerabilities with recommendations for fixes.
Tools such as Azure Container Registry are best thought of as private registries. Only you and
your team and services have access to your registry, automating delivery to Azure services that
use containers. Familiar tools such as Azure DevOps and Jenkins can be configured to use the
Registry as a build end point, so you can go straight from merging a pull request to a container
on Azure, ready to deploy.

PROS:
I. Store and manage images for all types of container deployments
II. Automated Container Builds, Testing and Security Scanning
III. Store your container image in local, network-close storage on Azure
IV. Use Common Command Line Interface (CLI) to interact with the registry
V. Manage Windows and Linux container images in a single registry
I. Store and manage images for all types of container deployments:
Docker is becoming the new binary format for deployments. Development and
operations teams can manage the configuration of their app, isolated from the
configuration of the hosting environment. Containers aren't just deployed to highly
scalable orchestration systems like Mesosphere DC/OS, Docker Swarm and
Kubernetes, but all types of deployments. Azure App Services, Azure Batch, Service
Fabric and other services are coming online that support containers as their
deployment model. Regardless of where you deploy containers, you'll need a place to
store and manage the images. Using the Azure Container Registry, you can store your
images for all types of container deployments.

II. Automated Container Builds, Testing and Security Scanning:

Using Visual Studio Team Services developers can automate the process for compiling
their code, in containers, building Docker images and deploying them to the Azure
Container Registry. With partners like TwistLock and Aqua, you can rest assured that
your image-building process will produce secure images as they are deployed to the
Azure Container Registry, as well as protect your deployment environments like ACS
by securing each node in the cluster.
III. Store your container image in local, network-close storage on Azure
The Azure Container Registry provides local, network-close storage of your container
images. By instancing a registry in the same datacenter as your deployments, your
network latency will be reduced, without incurring ingress/egress charges.

IV. Use Common Command Line Interface (CLI) to interact with the registry
Benefit from using familiar and open source CLI tools like Docker login, push and pull.
You don’t need to learn new APIs or commands to work with the registry. Users can
benefit from using familiar tooling capable of working with the open source Docker
Registry.

V. Manage Windows and Linux container images in a single registry

Azure container registry can manage both Windows and Linux images, giving you the
flexibility to choose the platform and workloads to run within the containers.

These innovations demonstrate our continued investment in the container ecosystem

and highlight our unique strategy of offering the only public cloud container
orchestration service that offers a choice of open source orchestration technologies
 — DC/OS, Docker Swarm and Kubernetes. The support for Azure Container Registry
amplifies our strategy to make it easier for organizations to adopt containers in the
cloud.

Best Practices:

 If you place your registry near your container hosts, it will help reduce both latency and
costs.

 When you are deploying containers to multiple regions, you can use the geo-replication
feature.
 ACR supports nested namespaces that allow you to share a single registry across multiple
groups.
 There are two main situations when authenticating with an ACR:
o Individual identity – allows you to pull or push images from the development
machine.
o Service/Headless identity – enables you to build and deploy pipelines where the
user is not directly involved.
 ACR allows you to delete images by tag, by manifest digest, and by repository.

Cons:
I. The deployment is an area that needs improvement, as it can take some time to deploy.
II. It took time to deploy this containerization and the application. For example, when
creating the ACR and you click to deploy it and create the replication, it takes some time
to create the replication.
III. Implementation needs improvement. When uses VPN connections and try to pull the
images from Container images to the local Dockers, it slows down. The images are slow
when we have a VPN setup.
IV. It can have more graphical interfaces to manage containers. At present, the handling or
management of the containers is very basic.
Azure Container Registry Alternatives &
Competitors:
I. Amazon Elastic Container Registry (ECR)
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that
makes it easy for developers to store, manage, and deploy Docker container images.
Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your
development to production workflow.

II. Docker hub.

Docker Hub is the world’s largest repository of container images with an array of content
sources including container community developers, open source projects and
independent software vendors (ISV) building and distributing their code in containers.
Users get access to free public repositories for storing and sharing images or can choose
subscription plan for private repos.

III. Harbor.
Project Harbor is an enterprise-class registry server that stores and distributes Docker
images. Harbor extends the open source Docker Distribution by adding the functionalities
usually required by an enterprise, such as security, identity and management.

IV. Google Container Registry.

Container Registry offers a fast, private Docker image storage on Google Cloud Platform.

V. Red Hat Quay.

Red Hat Quay container and application registry provides secure storage, distribution, and
deployment of containers on any infrastructure. It is available as an add-on for OpenShift
or as a standalone component.

VI. JFrog Container Registry.

JFrog Container Registry, the most comprehensive and advanced registry in the market
today supporting Docker and Helm for your Kubernetes deployments. Built from proven
industry-leading JFrog Artifactory registry technology, use it as your Docker registry to
 easily manage and deploy your Docker images. Provides DevOps teams with full control
over access and permissions and is the only registry in the market to provide free local,
virtual, and remote repositories. Use it to support your current and future business model
with hybrid, cloud, and multicloud environments.

How azure container registry is different

from nexus:
Nexus Repository as a Container Registry offers enterprise deployment flexibility for any
business with on-prem, hybrid, and multi-cloud deployments with AWS, Microsoft Azure, GCP,
Red Hat OpensShift, Kubernetes, and more! Focused on container deployments, we are excited
for Nexus users to discover and launch Kubernetes-ready apps.

Nexus needs to be served over SSL, otherwise Docker won't connect to it. This can be achieved
with a k8s ingress + kube-lego for a Let's Encrypt certificate. However, in order to serve both
the nexus UI and the Docker registry through one ingress (thus, one port) one needs a reverse
proxy behind the ingress to detect the Docker user agent and forward the request to the
registry. While azure container registry don’t need this.

Nexus as a Container Registry powers enterprises with an advanced Docker and Helm registry
for container storage management and K8s deployments. As DevOps teams scale, it is critical to
rely on precise intelligence about the quality of open source components within applications.
Nexus Lifecycle delivers open source component intelligence regarding security vulnerabilities,
license risks, and architectural quality to developers and security experts. Organizations looking
for a fully integrated, universal container management registry paired with the most precise
component intelligence use the Nexus Platform to meet growing demands of containerization
and open source governance.