Upload
john-zaccone
View
376
Download
2
Embed Size (px)
Citation preview
Top 5 Benefits of Docker
1
December 2nd, 2016
Ippon Technologies © 2016
Ippon Technologies Founded in 2002 by Stephane Nomis, former professional French judoka
● Consulting in Agile Development, Big Data and DevOps / Cloud● Expertise in project delivery with short time-to-market and high quality● Located in France, USA, Australia, Morocco ● 250 engineers● 80% enterprise customers● $32 million revenue and 20% annual growth rate
We support innovative open-source projects such as the popular application generator JHipster
We released a fully managed data platform based on Docker
a full point scored in judo - a win
2
Ippon Technologies © 2016
Ippon Technologies USAFounded in March 2014
40 employees● Richmond, VA (HQ)● Washington DC
10+ Customers● Top 10 US Bank● Insurance & Health
○ Allianz ○ Genworth○ CMS○ Envera
Specialties● Big Data● Agile Dev./ Digital● Devops / Cloud 3
Ippon Technologies © 2016
About John
4
Ippon Technologies © 2016
What is Docker?
●Your application… PLUS stuff your application needs to run
➔ Libraries, file system, webserver, etc.
●Docker images == Shippable Artifact●Docker containers/images are lightweight
➔ Fast spin-up➔ Small footprint➔ Fast shipping between hosts
●Built on top of Linux kernel features: namespaces and cgroups
➔ Features that have been part of the linux kernel for a few years
5
Ippon Technologies © 20166
VM uses a hypervisor to create hard resource boundaries between running instances.
Docker Engine shares resources, allow containers to be much more lightweight
Top 5 Benefits of Docker
7
Benefit #1 Solve “Works on my machine” Syndrome
8
Ippon Technologies © 2016
Problem: Environmental Drift
● Overtime, changes to servers cause environments to diverge
➔ Example: security patches in production environment
●Bugs in production cannot be reproduced➔ Hours wasted debugging
9
Ippon Technologies © 2016
Solution: Immutable Infrastructure
● Docker images are immutable
●Don’t change servers directly!
● Need to update?➔ Implement change in Dockerfile, then deploy immutable image to all
environments➔ Remove old containers with new containers from new Image➔ Changes are traceable, versioned and reproducible
●Bugs in production?➔ Pull image locally, and debug! 10
Benefit #2 - Security
11
Ippon Technologies © 2016
Security
“Containers offer many overall advantages. From a security perspective, they create a method to reduce attack surfaces and isolate applications to only the required components, interfaces, libraries and network connections.”
“In this modern age, I believe that there is little excuse for not running a Linux application in some form of a Linux container, MAC or lightweight sandbox.”
– Aaron Grattafiori, Formerly Principal Consultant at NCC Group
“Gartner asserts that applications deployed in containers are more secure than applications deployed on the bare OS” because
even if a container is cracked “they greatly limit the damage of a successful compromise because applications and users are
isolated on a per-container basis so that they cannot compromise other containers or the host OS”.– Joerg Fritsch , Gartner
12
Ippon Technologies © 2016
Security with Isolation and Granular Controls
●Isolated containers provide better defense in depth➔ Network, PID, and other namespace isolation
●Only have libraries installed needed for your applications
➔ Smaller attack surfaces➔ Don’t give hackers tools they can utilize (linux tools)
●Granular access for mandatory access controls (MAC)➔ Selinux, AppArmor➔ Whitelisting is best practice➔ Each container has exactly the permission required to run the application13
Ippon Technologies © 2016
Security Scan Service
●Available with Docker Cloud and Docker Hub●Scans against a database of known vulnerabilities●Scans new layers as they are pushed through the
pipeline●New vulnerability? Scan all images again and notify
developers
14
Ippon Technologies © 2016
Want to learn more about security?
●Aaron Grattafiori, Security lead of NCC Group wrote a good whitepaper on container security (very technical)
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/april/understanding-and-hardening-linux-containers/
15
Benefit #3 - Faster Time to Market with Microservices
16
Ippon Technologies © 2016
Yay! Microservices!
●Faster time to market●Highly Scalable●Loosely coupled●Agile teams are cross functional and product aligned●Technology Agnostic
17
Ippon Technologies © 2016
Microservices! Oh Wait...
●Service orchestration / discovery●Centralized monitoring and logging●Resiliency / self-healing●Need lots of environments
➔ Dev, QA, Prod, Build environments, Test environments
All these problems are harder when you have different types of applications
18
Ippon Technologies © 2016
Introducing.. The Container
19
Ippon Technologies © 2016
Docker Helps with Microservices
●Standard container interface➔ Operations problems become more generic➔ Ecosystem tools exist
● Spin up new environments quickly➔ For all of your Dev, QA, Prod, needs
●Containers are isolated➔ Deploy multiple apps with conflicting dependencies on the same VM➔ Fully utilize your allocated infrastructure. Save $$$!
●Use containers for build and test environments➔ Riot Games does it right: https://engineering.riotgames.com/ 20
Ippon Technologies © 201621
Ippon Technologies © 201622
Ippon Technologies © 201623
Benefit #4 - Unlock the Ecosystem
24
Ippon Technologies © 2016
Ecosystem Tools
25
Clustering and Container Manager
Docker SwarmMesosKubernetesMarathon (Mesos)
Hosting (and PaaS)Docker Cloud (PaaS with plugin hosting)Amazon ECSGoogle Container Engine (Kubernetes)Digital OceanOpenShift (Redhat Paas)
Service DiscoveryConsulEtcdzookeeper
Monitoring / LoggingDatadogcAdvisorSysdigSplunkFluentDELK (or EFK)
https://github.com/veggiemonk/awesome-docker
Benefit #5 - “Developed in the Open”
26
Ippon Technologies © 2016
Community Relationship
● Docker is open-source with >1000 contributors
● Docker extracts internals and publishes as separate OS projects➔ libnetwork , swarmkit, infrakit, etc. ➔ Non are Docker dependent
●Experimental releases to collect feedback
●Programs such as the Docker Captains group and community slack channels
➔ Join the community! https://community.docker.com/registrations/groups/4316o
27
Ippon Technologies © 2016
Docker is Built on Open Standards
● Open Container Initiative (OCI) define open Industry standards for container format and runtime
● Backed by big companies (Google, Docker, Redhat)
●Docker donated reference implementation runc: https://runc.io/
●Starting with Docker 1.11 runs OCI compliant images using OCI-compliant OS projects: runc and containerd.
28
Ippon Technologies © 201629
Ippon Technologies © 2016
Back by Big Players
30
Thank You
31
Ippon Technologies © 2016
John ZacconeSoftware Engineer, [email protected]@JohnZaccone
Romain LhéritierManaging Director, [email protected](804) 482-1515
www.ippon.tech
Olivia DeputyBusiness Dev. Assoc., [email protected](540) 421-3861
Addresses: Ippon @PowerPlant2700 East Cary StreetRichmond, VA 23223
Ippon @WeWork718 7th St NWWashington, DC 20001
Contact Us
32