Dockercon 2015 - Faster Cheaper Safer

  • View
    2.866

  • Download
    0

Embed Size (px)

Text of Dockercon 2015 - Faster Cheaper Safer

1. Faster, Cheaper, Safer Secure Microservice Architectures using Docker Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures June 2015 2. Key Goals of the CIO? Align IT with the business Develop products faster Try not to get breached 3. Security Blanket Failure Insecure applications hidden behind firewalls make you feel safe until the breach happens http://peanuts.wikia.com/wiki/Linus'_security_blanket 4. What needs to change? 5. Developer responsibilities: Faster, cheaper, safer 6. Faster - Agile 7. You build it, you run it. Werner Vogels 2006 8. DevOps Continuous Delivery No meetings, no tickets Self service tools and APIs 9. Developer Developer Run What You Wrote Developer Developer 10. Developer Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer 11. Developer Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Monitoring Tools 12. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Monitoring Tools 13. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Site Reliability Monitoring Tools Availability Metrics 99.95% customer success rate 14. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Manager Manager Site Reliability Monitoring Tools Availability Metrics 99.95% customer success rate 15. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Manager Manager VP Engineering Site Reliability Monitoring Tools Availability Metrics 99.95% customer success rate 16. Observe Orient Decide Act Continuous Delivery 17. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Measure Customers Continuous Delivery 18. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point INNOVATION Measure Customers Continuous Delivery 19. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis Model Hypotheses INNOVATION Measure Customers Continuous Delivery 20. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis Model Hypotheses BIG DATA INNOVATION Measure Customers Continuous Delivery 21. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Model Hypotheses BIG DATA INNOVATION Measure Customers Continuous Delivery 22. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Model Hypotheses BIG DATA INNOVATION CULTURE Measure Customers Continuous Delivery 23. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Incremental Features Automatic Deploy Launch AB Test Model Hypotheses BIG DATA INNOVATION CULTURE Measure Customers Continuous Delivery 24. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Incremental Features Automatic Deploy Launch AB Test Model Hypotheses BIG DATA INNOVATION CULTURE CLOUD Measure Customers Continuous Delivery 25. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Incremental Features Automatic Deploy Launch AB Test Model Hypotheses BIG DATA INNOVATION CULTURE CLOUD Measure Customers Continuous Delivery 26. Low Cost of Change Using Docker Developers Compile/Build Seconds Extend container Package dependencies Seconds PaaS deploy Container Docker startup Seconds 27. Low Cost of Change Using Docker Fast tooling supports continuous delivery of many tiny changes Developers Compile/Build Seconds Extend container Package dependencies Seconds PaaS deploy Container Docker startup Seconds 28. Change One Thing at a Time! 29. What Happened? Rate of change increased Cost and size and risk of change reduced 30. Cheaper - Lean 31. Freedom and responsibility Reed Hastings 2009 32. Fail early and often Instrument everything Hypothesis driven development Efficient and autoscaled 33. Efficiency Gains: Virtualization consolidates CPUs Docker consolidates CPU and RAM 34. With Docker a test environment should only exist for the few seconds it takes to run a test 35. Autoscale production to consume just the resources you need, by the second 36. Safer - Rugged 37. Developer Defined Infrastructure Jerry Chen 2015 38. What can developers do about the threats? 39. External Threats Build using penetration test tools Manage image supply chain Hardened immutable services Service roles and security groups 40. Internal Threats Assume employees are compromised User roles, minimum privilege Audit logs for everything Encrypt data at rest 41. Patterns and practices 42. In Production https://www.docker.com/resources/usecases/ and many more. 43. Patterns and practices 44. Best Practices https://blog.docker.com/2015/05/understanding-docker-security-and-best-practices/ 45. Immutable deployments Automated penetration testing Role based identity and access Trusted container supply chain Continuous audit 46. Workloads 47. Need for Speed CPU and IO Intensive workloads Hadoop, streaming, datastores Bare metal for efficiency Well isolated for security 48. Cutting the Cost Many similar containers per VM Saving on RAM, oversubscribe CPU Deploy with Swarm, Mesos, ECS, GKE VM based single tenant security 49. Playing it Safe One critical container per VM Extra security for exposed services Deploy as immutable VM image Docker adds to VM security 50. Tooling for Docker and many more. 51. Docker in Production 2014 - DIY frameworks 2015 - Hardening and best practices 2016 - Mature production tooling 52. Thanks ! Continue the discussion on Twitter @adrianco Adrian Cockcroft Technology Fellow - Battery Ventures June 2015 Disclosure: some of the companies mentioned may be Battery Ventures Portfolio Companies See www.battery.com for a list of portfolio investments