ZEISS Microscopy Knowledge Base
Help
ZEISS Microscopy Knowledge Base
Search

Installing Docker Engine on AWS

Overview

Guidance on installing a standalone Docker Engine for Instance segmentation in the Amazon Cloud environment.

arivis Pro instance segmentation is typically performed on a local workstation using Docker Desktop. This process is discussed in the KB article here:

Installing Docker for AI Instance Segmentation

Docker Desktop is not licensed or intended for multi-session use. On a server environment, the Docker Engine must be used.

Introduction

The Docker Engine can be installed as a standalone instance, to be shared remotely as a service.

From arivis Cloud, the segmentation container is Linux based, so for both reduced costs and ease of implementation, we would recommend a Linux based distribution to host the Docker Engine.

Here is an overview of the required steps when creating the virtual machine on AWS.

Selecting size and image

  1. From the EC2 Dashboard, open the Launch instance dialog.
    AWS EC2 Launch instance screen: Launch instance button; Name DockerEngineLinux; Ubuntu AMI; g4dn.xlarge; key pair arivisEC2
  2. Label the instance as wished.
    Name and tags panel showing Name field value 'DockerEngineLinux' and Add additional tags link
  3. Select an OS, for example Ubuntu.
  4. Select an AMI with nVidia drivers contained. Here the Deep Learning Base image is selected as it contains nVidia drivers and toolkit:
    azon.com/dlami/latest/devguide/gpu.html
    Application and OS Images panel with Ubuntu tab selected and AMI 'Deep Learning Base OSS Nvidia Driver GPU AMI (Ubuntu 22.04)'
  5. Select an Instance type. Only certain AWS instance types have GPU. A recommended list can be found on the website:
    https://docs.aws.amazon.com/dlami/latest/devguide/gpu.html
    For this example, we will use a g4dn instance type:
    Instance type panel showing g4dn.xlarge selected, family g4dn, 4 vCPU and 16 GiB Memory
  6. Create your Key pair to access the instance.
    Key pair (login) panel showing Key pair name set to arivisEC2 and Create new key pair link
  7. Download the .pem file in your browser and save it as you will need it to connect to the instance.
  8. Create your network. You may want to switch SSH traffic from Anywhere to your specific IP. Extra inbound rules can be added to the security group later if needed.
    Network settings: VPC vpc-2fcd6e4a, subnet subnet-d2f16eb7, Create security group, Allow SSH from 0.0.0.0/0
  9. Configure your storage. Be aware that most image models are at least 5GB in size.
    Configure storage panel showing 75 GiB gp3 root volume with 3000 IOPS and Add new volume button
    By adding the nVidia OSS image there is an extra volume.
    Volume 2 panel showing storage type ephemeral0, size 125 GB, device /dev/nvme0n1, SSD volume type
  10. Launch the instance.
  11. When started, use the key pair .pem and the default user ssh inside the instance. Use it's public IP address: ssh -i arivisEC2.pem ubuntu@<ip address>

Installing Docker Engine

Install | Docker Docs

Set up Docker's apt repository:

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

 

Install the Docker packages:

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Enabling Docker Remote access

Configure remote access for Docker daemon | Docker Docs

Please note opening TCP to the Docker Engine is a security risk.

Connection to the containers can provide root access. Ensure that necessary firewall restrictions are in place to allow only expected clients. Within a Cloud environment external access is typically blocked by default but access from other machines within the virtual network need to be considered.

Edit the systemctl service override:

sudo systemctl edit docker.service

The Docker instructions specify using 127.0.0.1, which will only bind to the localhost interface. To permit external connections, 0.0.0.0 will listen on all interfaces, you can modify this to a specific interface IP as required.

Add these lines between the top comments:

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375

Save the file (CTRL+X) and reload the systemctl configuration.

sudo systemctl daemon-reload

Restart Docker

sudo systemctl restart docker.service

Within AWS the VM Security Group settings must receive a new port rule to allow 2375 from any specific clients that need to connect. Also a port range for the containers is required (if 10 containers may run in parallel, use 5000-5009):

Inbound rules showing two security group rules: port 2375 and ports 5000-5009 with source 161.143.83/32

Configuring arivis Pro to use Remote Docker Engine

  1. Create an access token in arivis Cloud.
  2. Copy the access token and paste it into the Access token field.
  3. Inside the Remote URL field, select your server IP.
  4. Click Apply to end the configuration.

arivis Cloud preferences showing Access token 1234xyz, Model metadata folder X:\Docker and Remote URL http://127.0.0.1:2375

Last updated: 2025.02.18

Code snippets were used from the links provided at the time of writing. Check the contained links for updates to any presented commands.

ON THIS PAGE

PRODUCTS
ZENX Ray SoftwareEM SoftwareSolutions Lab
ABOUT ZEISS
AboutCareerNewsroomCompliance
Social Media
LinkedInFacebookYouTubeXInstagram
Impressum
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Legal