Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(DVO311) Containers, Red Hat & AWS For Extreme IT Agility

3,300 views

Published on

Red Hat is helping organizations like Duke University become more efficient by delivering environmental parity for container-based applications across physical, virtual, private cloud, and public cloud environments. Red Hat delivers a comprehensive, integrated, and modular platform for containerized application delivery across the open hybrid cloud - from the OS platform, to software-defined storage, to development and deployment, and management. Through its work with Certified Cloud Service Providers like AWS, Red Hat ensures that application containers built for Red Hat Enterprise Linux can seamlessly move across public clouds. In this session, you will learn how Duke University used containers on Red Hat Enterprise Linux and AWS to combat a denial-of-service attack; how companies are using containers to increase the quality and speed of software delivery; key considerations for implementing container-based applications that can be moved across public clouds; and challenges organizations experience when using containers and how to address them. This session is sponsored by Red Hat.

Published in: Technology

(DVO311) Containers, Red Hat & AWS For Extreme IT Agility

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DVO311 Learn How to Use Containers, Red Hat, and AWS to Achieve Extreme IT Agility and Combat Network Exploits Sean Dilda Senior Automation Engineer Duke University Chris Collins Senior Linux System Administrator Duke University Scott McCarty Container Technical Evangelist Red Hat
  2. 2. What to Expect from the Session In this session, you will learn: •Where containers provide real value •How Duke University use containers Combatting a Denial of Service (DoS) attack Identity management Research computing •How to address common container adoption challenges •Key recommendations for working with containers
  3. 3. REAL VALUE OF CONTAINERS
  4. 4. Containers Deliver Many Benefits Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
  5. 5. CONTAINERS IN USE
  6. 6. Adoption Patterns PACKAGE AND SHIP MONOLITHIC APPS MIGRATE DIFFERENTIATING APPS TO CLOUD PACKAGE AND SHIP CLOUD-READY APPS
  7. 7. PROBLEM ●DDoS attack targeting Duke.edu ●Flooding load balancers ●All load-balanced services impacted ●Duke.edu down Real-world Example #1: Combatting a Denial of Service Attack SOLUTION ●Duke.edu container image ●AWS Docker hosts ●External DNS for duke.edu pointed to AWS ●Internal traffic kept inside Duke THE RESULT ●Duke.edu unaffected for internal customers ●Duke.edu traffic handled by AWS for external customers/DDoS ●30-minute migration! ●Attack removed from load balancers ●Other load-balanced services back to normal
  8. 8. PROBLEM ●Legacy IDM apps ●Unpredictable behavior after patching ●Result: Infrequent patching ●Inability to easily upgrade ●Result: Ancient hardware Real-world Example #2: Internet Download Manager (IDM) in a Container SOLUTION ●Build IDM apps in containers ●Jenkins builds every 4 hours w/latest patches ●Automated testing notifies of failures ●Last “known good” image kept THE RESULT ●“Known good” image always available; uptime assured ●Breaking patches can be investigated while “known good” images are kept in use ●Extremely portable ●Hardware independent ●Other environment can be set up, tested, torn down in minutes
  9. 9. PROBLEM ●Researchers want custom tool chains ●IT wants researchers on shared infrastructure ●Researchers need to be able to reproduce/share environment Real-world Example #3: Research Computing Serving Up Multiple Stacks SOLUTION ●Run every job in a custom Docker- formatted container ●Keep archive of old container images with log of which version was used for which job run THE RESULT ●Self service: Researchers at Duke are starting to build their own Docker-formatted container images to run their analysis
  10. 10. THE REALITY OF ADOPTING CONTAINERS: WHAT ARE THE TOP CHALLENGES?
  11. 11. Top Challenges by Container Users Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
  12. 12. TECHNOLOGY Challenges Duke Is Seeing PROCESS/STRATEGIC
  13. 13. CONTAINING THE MOST INTERESTING APPLICATION IN THE WORLD
  14. 14. The Reality: Security Implications
  15. 15. Security Inside the Container ●High vulnerabilities: ShellShock (bash), Heartbleed (OpenSSL), etc. ●Medium vulnerabilities: Poodle (OpenSSL), etc. ●Low vulnerabilities: gcc: array memory allocations could cause integer overflow 36% of official images available for download contain high-priority security vulnerabilities Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)
  16. 16. And That's Why the Ops Guy Is Freaking Out
  17. 17. Container Host & Container Image UNTRUSTED ●Will what’s inside the containers compromise your infrastructure? ●How and when will apps and libraries be updated? ●Will it work from host to host? RED HAT CERTIFIED ●Trusted source for the host and the containers ●Trusted content inside the container with security fixes available as part of an enterprise lifecycle ●Portability across hosts ●Container Development Kit ●Certification as a service ●Certification catalog ●Red Hat Container Registry HOST OS CONTAINER OS RUNTIME APP HOST OS CONTAINER OS RUNTIME APP
  18. 18. RECOMMENDATIONS AND A WORD OF ADVICE
  19. 19. TRUST PORTABILITY COMPREHENSIVE Red Hat’s Container Strategy
  20. 20. Start Small, but Think Big: Advanced Tools & Planning portability across environments PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD portability across platforms
  21. 21. A Word of Advice ●Adoption Patterns Start small for quick wins Top-down approach for confidence Advanced management tools Single vs. multiple containers Portability ●Trust Supply chain, build methodology, temporal Training and education ●Tenancy Resources, security, and configuration
  22. 22. •Talk with Red Hat container experts at booth #409 •Follow our blogs: http://rhelblog.redhat.com/tag/containers/ https://blog.openshift.com/ •Connect with us: Learn more Red Hat Atomic @RedHatAtomic Scott McCarty @fatherlinux Sean Dilda Chris Collins @ChrisInDurham
  23. 23. Remember to complete your evaluations!
  24. 24. Thank you!

×