offload: enterprise beta

Signed-off-by: Craig Osterhout <[email protected]>

Author: craig-osterhout

content/manuals/admin/organization/manage-products.md

@@ -16,6 +16,7 @@ product, including how to set up and configure them, see the following manuals:
 - [Docker Build Cloud](../../build-cloud/_index.md)
 - [Docker Scout](../../scout/_index.md)
 - [Testcontainers Cloud](https://testcontainers.com/cloud/docs/#getting-started)
+- [Docker Offload](../../offload/_index.md)
 
 ## Manage product access for your organization
 
@@ -98,6 +99,27 @@ To manage access to Testcontainers Cloud:
 select **Account**.
 1. Select **Settings**, then **Lock access to Testcontainers Cloud**.
 
+{{< /tab >}}
+{{< tab name="Docker Offload" >}}
+
+### Manage Docker Offload access
+
+To initially configure Docker Offload access:
+
+1. Sign in to [Docker Home](https://app.docker.com/) as an organization owner.
+1. Select **Admin Console** > **Offload access**.
+1. For **Configuration**, select whether to enable or disable access to Docker Offload for your entire organization.
+1. If you selected to enable access, choose whether to allow GPU access.
+1. Select **Save**.
+
+> [!NOTE]
+>
+> Docker Offload isn't included in the core Docker subscription plans and is not available to every organization. To make
+> Docker Offload available, you must [sign up](https://www.docker.com/products/docker-offload/) and subscribe.
+
+{{< /tab >}}
+{{< tab name="All products" >}}
+
 {{< /tab >}}
 {{< /tabs >}}
 
@@ -110,6 +132,8 @@ To view usage for Docker products:
 - Docker Build Cloud: View the **Build minutes** page in [Docker Build Cloud](http://app.docker.com/build).
 - Docker Scout: View the [**Repository settings** page](https://scout.docker.com/settings/repos) in Docker Scout.
 - Testcontainers Cloud: View the [**Billing** page](https://app.testcontainers.cloud/dashboard/billing) in Testcontainers Cloud.
+- Docker Offload: View the **Offload** > **Offload overview** page in [Docker Home](https://app.docker.com/). For more details, see
+  [Docker Offload usage and billing](/offload/usage/).
 
 If your usage or seat count exceeds your subscription amount, you can
 [scale your subscription](../../subscription/scale.md) to meet your needs.

content/manuals/desktop/settings-and-maintenance/settings.md

@@ -519,3 +519,15 @@ On Mac, you can reconfigure your initial installation settings  on the **Advance
 - **Allow privileged port mapping (Requires password)**. Starts the privileged helper process which binds the ports that are between 1 and 1024. For more information, see [permission requirements for macOS](/manuals/desktop/setup/install/mac-permission-requirements.md#binding-privileged-ports).
 
 For more information on each configuration and use case, see [Permission requirements](/manuals/desktop/setup/install/mac-permission-requirements.md).
+
+## Docker Offload
+
+When signed in with a Docker account that has access to [Docker Offload](../../offload/_index.md), you can manage your
+Offload settings from the **Docker Offload** tab.
+
+Use the **Docker Offload** tab to:
+
+- Toggle **Enable Docker Offload**. When enabled, you can start Offload sessions.
+- Select **Idle timeout**. This is the duration of time between no activity and Docker Offload entering idle mode.For
+  details about idle timeout, see [Active and idle states](../../offload/configuration.md#understand-active-and-idle-states)
+- Check **Enable GPU support**. When enabled, workloads can use cloud GPU if available.

content/manuals/desktop/setup/vm-vdi.md

@@ -16,18 +16,16 @@ depending on whether nested virtualization is supported:
 
 - If your environment supports nested virtualization, you can run Docker Desktop
   with its default local Linux VM.
-- If nested virtualization is not supported, Docker recommends using [Docker
-  Offload](/offload/).
+- If nested virtualization is not supported, Docker recommends subscribing to and using [Docker Offload](/offload/).
 
 ## Use Docker Offload
 
 Docker Offload lets you offload container workloads to a high-performance, fully
 hosted cloud environment, enabling a seamless hybrid experience.
 
-Docker Offload is useful in virtual desktop environments where nested
-virtualization isn't supported. In these environments, Docker Desktop defaults
-to using Docker Offload to ensure you can still build and run containers without
-relying on local virtualization.
+Docker Offload is useful in virtual desktop environments where nested virtualization isn't supported. In these
+environments, Docker Desktop can use Docker Offload to ensure you can still build and run containers without relying on
+local virtualization.
 
 Docker Offload decouples the Docker Desktop client from the Docker Engine,
 allowing the Docker CLI and Docker Desktop Dashboard to interact with

content/manuals/enterprise/security/hardened-desktop/settings-management/settings-reference.md

@@ -900,20 +900,6 @@ deployment of AI features in security-conscious organizations.
     - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
     - Settings Management: `enableDockerMCPToolkit` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
 
-### Enable Docker Offload
-
-| Default value | Accepted values | Format   |
-|---------------|-----------------|----------|
-| `false`       | `true`, `false` | Boolean  |
-
-- **Description:** Enable [Docker Offload](/offload/) in Docker Desktop.
-- **OS:** {{< badge color=blue text="All" >}}
-- **Use case:** Offload building and running containers to the cloud.
-- **Configure this setting with:**
-    - **Beta** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md)
-    - Settings Management: `enableCloud` setting in the [`admin-settings.json` file](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md)
-    - Settings Management: **Enable Docker Cloud** setting in the [Admin Console](/manuals/enterprise/security/hardened-desktop/settings-management/configure-admin-console.md)
-
 ### Enable Wasm
 
 | Default value | Accepted values | Format   |

content/manuals/offload/_index.md

@@ -55,7 +55,9 @@ aliases:
 
 Docker Offload is a fully managed service that lets you offload building and
 running containers to the cloud using the Docker tools you already know. It
-provides cloud infrastructure for fast, consistent builds and compute-heavy
+enables developers to work efficiently in virtual desktop infrastructure (VDI)
+environments or systems that don't support nested virtualization, while also
+providing cloud infrastructure for fast, consistent builds and compute-heavy
 workloads like running LLMs or machine learning pipelines.
 
 In the following topics, learn about Docker Offload, how to set it up, use it

content/manuals/offload/about.md

@@ -3,39 +3,36 @@ title: About Docker Offload
 linktitle: About
 weight: 15
 description: Learn about Docker Offload, its features, and how it works.
-keywords: cloud, build, remote builder
+keywords: cloud, offload, vdi, on-demand gpu, gpu
 ---
 
 Docker Offload is a fully managed service for building and running containers in
 the cloud using the Docker tools you already know, including Docker Desktop, the
 Docker CLI, and Docker Compose. It extends your local development workflow into a
-scalable, cloud-powered environment, so you can offload compute-heavy tasks,
-accelerate builds, and securely manage container workloads across the software
-lifecycle.
+scalable, cloud-powered environment, enabling developers to work efficiently even
+in virtual desktop infrastructure (VDI) environments or systems that don't support
+nested virtualization.
 
 Docker Offload also supports GPU-accelerated instances, allowing you to
-containerize and run compute-intensive workloads such as Docker Model Runner and
+containerize and run compute-intensive workloads such as running models and
 other machine learning or data processing tasks that benefit from GPU.
 
 ## Key features
 
 Docker Offload includes the following capabilities to support modern container
 workflows:
 
-- Cloud-based builds: Execute builds on remote, fully managed BuildKit instances
 - GPU acceleration: Use NVIDIA L4 GPU-backed environments for machine learning,
   media processing, and other compute-intensive workloads.
 - Ephemeral cloud runners: Automatically provision and tear down cloud
   environments for each container session.
-- Shared build cache: Speed up build times across machines and teammates with a
-  smart, shared cache layer.
 - Hybrid workflows: Seamlessly transition between local and remote execution
   using Docker Desktop or CLI.
 - Secure communication: Use encrypted tunnels between Docker Desktop and cloud
   environments with support for secure secrets and image pulling.
 - Port forwarding and bind mounts: Retain a local development experience even
   when running containers in the cloud.
-- VDI-friendly: Use Docker Offload in virtual desktop environments or systems that
+- VDI-friendly: [Use Docker Desktop](../desktop/setup/vm-vdi.md) in virtual desktop environments or systems that
   don't support nested virtualization.
 
 ## Why use Docker Offload?
@@ -44,7 +41,6 @@ Docker Offload is designed to support modern development teams working across
 local and cloud environments. It helps you:
 
 - Offload heavy builds and runs to fast, scalable infrastructure
-- Accelerate feedback loops in development and testing
 - Run containers that require more resources than your local setup can provide
 - Build and run AI apps with instant access to GPU-powered environments
 - Use Docker Compose to manage complex, multi-service apps that need cloud
@@ -61,39 +57,16 @@ local tools.
 Docker Offload replaces the need to build or run containers locally by connecting
 Docker Desktop to secure, dedicated cloud resources.
 
-### Building with Docker Offload
-
-When you use Docker Offload for builds, the `docker buildx build` command sends
-the build request to a remote BuildKit instance in the cloud, instead of
-executing it locally. Your workflow stays the same, only the execution
-environment changes.
-
-The build runs on infrastructure provisioned and managed by Docker:
-
-- Each cloud builder is an isolated Amazon EC2 instance with its own EBS volume
-- Remote builders use a shared cache to speed up builds across machines and
-  teammates
-- Build results are encrypted in transit and sent to your specified destination
-  (such as a registry or local image store)
-
-Docker Offload manages the lifecycle of builders automatically. There's no need to
-provision or maintain infrastructure.
-
-> [!NOTE]
->
-> Docker Offload builders are currently hosted in the United States East region. Users in
-> other regions may experience increased latency.
-
 ### Running containers with Docker Offload
 
-When you use Docker Offload to run containers, a Docker Desktop creates a secure
+When you use Docker Offload to build or run containers, a Docker Desktop creates a secure
 SSH tunnel to a Docker daemon running in the cloud. Your containers are started
 and managed entirely in that remote environment.
 
 Here's what happens:
 
 1. Docker Desktop connects to the cloud and triggers container creation.
-2. Docker Offload pulls the required images and starts containers in the cloud.
+2. Docker Offload builds or pulls the required images and starts containers in the cloud.
 3. The connection stays open while the containers run.
 4. When the containers stop running, the environment shuts down and is cleaned
    up automatically.
@@ -105,7 +78,7 @@ using environments such as virtual desktops, cloud-hosted development machines,
 or older hardware.
 
 Docker Offload also supports GPU-accelerated workloads. Containers that require
-GPU access can run on cloud instances provisioned with NVIDIA L4 GPUs for
+GPU access can run on cloud instances provisioned with NVIDIA GPUs for
 efficient AI inferencing, media processing, and general-purpose GPU
 acceleration. This enables compute-heavy workflows such as model evaluation,
 image processing, and hardware-accelerated CI tests to run seamlessly in the
@@ -115,11 +88,11 @@ Despite running remotely, features like bind mounts and port forwarding continue
 to work seamlessly, providing a local-like experience from within Docker Desktop
 and the CLI.
 
-Docker Offload provisions an ephemeral cloud environment for each session. The
-environment remains active while you are interacting with Docker Desktop or
-actively using containers. If no activity is detected for about 5 minutes, the
-session shuts down automatically. This includes any containers, images, or
-volumes in that environment, which are deleted when the session ends.
+Docker Offload automatically transitions between active and idle states based on
+usage. You're only charged when actively building or running containers. When
+idle for more than 5 minutes, the session ends and resources are cleaned up. For
+details about how this works and how to configure idle timeout, see [Active and
+idle states](configuration.md#understand-active-and-idle-states).
 
 ## What's next
 

content/manuals/offload/configuration.md

@@ -3,102 +3,73 @@ title: Configure Docker Offload
 linktitle: Configure
 weight: 20
 description: Learn how to configure build settings for Docker Offload.
-keywords: cloud, configuration, settings, cloud builder, GPU, disk allocation, private resources, firewall
+keywords: cloud, configuration, settings, offload, gpu
 ---
 
-To use Docker Offload, you must start it in Docker Desktop. For more details,
-see the [Docker Offload quickstart](/offload/quickstart/).
+You can configure Docker Offload settings at different levels depending on your role. Organization owners can manage
+settings for all users in their organization, while individual developers can configure their own Docker Desktop
+settings.
 
-Settings for the cloud builders in Docker Offload can be further configured, in
-addition to settings for an entire organization, through **Offload settings** in
-the Docker Offload dashboard.
+## Manage settings for your organization
 
-> [!NOTE]
->
-> To view usage and configure billing for Docker Offload, see [Docker Offload
-> usage and billing](/offload/usage/).
-
-## Offload settings
-
-The **Offload settings** page in Docker Home lets you configure disk
-allocation, private resource access, and firewall settings for your cloud
-builders in your organization.
+For organization owners, you can manage Docker Offload settings for all users in your organization. For more details,
+see [Manage Docker products](../admin/organization/manage-products.md). To view usage and configure billing for Docker
+Offload, see [Docker Offload usage and billing](/offload/usage/).
 
-To view the **Offload settings** page:
+## Configure settings in Docker Desktop
 
-1. Go to [Docker Home](https://app.docker.com/).
-2. Select the account for which you want to manage Docker Offload.
-3. Select **Offload** > **Offload settings**.
+For developers, you can manage Docker Offload settings in Docker Desktop. To manage settings:
 
-The following sections describe the available settings.
+1. Open the Docker Desktop Dashboard and sign in.
+2. Select the settings icon in the Docker Desktop Dashboard header.
+3. In **Settings**, select **Docker Offload**.
 
-### Disk allocation
+   Here you can:
 
-The **Disk allocation** setting lets you control how much of the available
-storage is dedicated to the build cache. A lower allocation increases storage
-available for active builds.
+   - Toggle **Enable Docker Offload**. When enabled, you can start Offload sessions.
+   - Select **Idle timeout**. This is the duration of time between no activity and Docker Offload entering idle mode.
+     For details about idle timeout, see [Understand active and idle states](#understand-active-and-idle-states).
+   - Check **Enable GPU support**. When enabled, workloads can use cloud GPU if available.
 
-Adjust the **Disk allocation** slider to specify the percentage of storage used
-for build caching.
-
-Any changes take effect immediately.
-
-> [!TIP]
->
-> If you build very large images, consider allocating less storage for caching.
+### Understand active and idle states
 
-### Build cache space
+Docker Offload automatically transitions between active and idle states to help
+you control costs while maintaining a seamless development experience.
 
-Your subscription includes the following Build cache space:
+#### When your session is active
 
-| Subscription | Build cache space |
-|--------------|-------------------|
-| Personal     | N/A               |
-| Pro          | 50GB              |
-| Team         | 100GB             |
-| Business     | 200GB             |
+Your Docker Offload environment is active when you're building images, running
+containers, or actively interacting with them, such as viewing logs or
+maintaining an open network connection. During active state:
 
-To get more Build cache space, [upgrade your subscription](/manuals/subscription/change.md).
+- Usage is charged
+- A remote Docker Engine is connected to your local machine
+- All container operations execute in the cloud environment
 
-### Private resource access
+#### When your session is idle
 
-Private resource access lets cloud builders pull images and packages from
-private resources. This feature is useful when builds rely on self-hosted
-artifact repositories or private OCI registries.
+When there's no activity, Docker Offload transitions to idle state. During idle
+state:
 
-For example, if your organization hosts a private [PyPI](https://pypi.org/)
-repository on a private network, Docker Build Cloud would not be able to access
-it by default, since the cloud builder is not connected to your private network.
+- You are not charged for usage
+- The remote connection is suspended
+- No containers are running in the cloud
 
-To enable your cloud builders to access your private resources, enter the host
-name and port of your private resource and then select **Add**.
+The idle transition delay can be configured in Docker Desktop settings, ranging
+from 10 seconds to 1 hour. This setting determines how long Docker Offload
+waits after detecting inactivity before transitioning to idle state.
 
-#### Authentication
+#### How your session is preserved
 
-If your internal artifacts require authentication, make sure that you
-authenticate with the repository either before or during the build. For internal
-package repositories for npm or PyPI, use [build
-secrets](/manuals/build/building/secrets.md) to authenticate during the build.
-For internal OCI registries, use `docker login` to authenticate before building.
+If your session has been idle for less than 5 minutes and you resume activity,
+your previous containers and images are preserved and remain available. This
+allows you to pick up right where you left off.
 
-Note that if you use a private registry that requires authentication, you will
-need to authenticate with `docker login` twice before building. This is because
-the cloud builder needs to authenticate with Docker to use the cloud builder,
-and then again to authenticate with the private registry.
-
-```console
-$ echo $DOCKER_PAT | docker login docker.io -u <username> --password-stdin
-$ echo $REGISTRY_PASSWORD | docker login registry.example.com -u <username> --password-stdin
-$ docker build --builder <cloud-builder> --tag registry.example.com/<image> --push .
-```
-
-### Firewall
-
-Firewall settings let you restrict cloud builder egress traffic to specific IP
-addresses. This helps enhance security by limiting external network egress from
-the builder.
-
-1. Select **Enable firewall: Restrict cloud builder egress to specific public IP address**.
-2. Enter the IP address you want to allow.
-3. Select **Add** to apply the restriction.
+However, if the idle period exceeds 5 minutes, a new session starts with a
+clean environment and any containers, images, or volumes from the previous
+session are deleted.
 
+> [!NOTE]
+>
+> Transitioning from active to idle and back to active within 5 minutes will be
+> charged as continuous usage.