Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DCSF19 Containerized Databases for Enterprise Applications

180 views

Published on

Containerized Databases for Enterprise Applications

Containers are now being used in organizations of all sizes. From small startups to established enterprises, data persistence is necessary in many mission critical applications. “Containers are not for database applications” is a misconception and nothing could be further from the truth.

This session aims to help practitioners navigate the minefield of database containerization and avoid some of the major pitfalls that can occur. Discussion includes traditional enterprise database concerns surrounding data persistence and data security, and how they mesh with containerized deployment.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DCSF19 Containerized Databases for Enterprise Applications

  1. 1. Joe Carroll Containerized Databases for Enterprise Applications
  2. 2. Product, InterSystems Joe Carroll
  3. 3. 1. Definitions 2. Misconceptions 3. Data Persistence 4. Data Security Outline
  4. 4. Enterprise Database Applications Definitions
  5. 5. Enterprise Database Applications Manage Mission Critical Data Definition:
  6. 6. Mission Critical Data
  7. 7. Mission Critical Data • Vital to lives, wallets, and/or the business • If we lose it or compromise it, then we’re in the news, people get fired, and the boss goes to jail. • Examples: Patient Records, Financial Data, Payroll, etc. Definition:
  8. 8. • Data Persistence • Data Security Needs
  9. 9. Summary Enterprise Database Applications Manage Mission Critical Data Mission Critical Data Impacts Lives, Wallets, and Business Data Persistence Data Security 21 3
  10. 10. 1. Definitions 2. Misconceptions 3. Data Persistence 4. Data Security Outline
  11. 11. Misconceptions “Containers ≠ Database”
  12. 12. • Immutable • Portable • Scriptable Why Docker Containers? Docker allows our application to be -
  13. 13. • Disposable/Ephemeral • Broad ecosystem of tools not built by us • Docker daemon is privileged Tension?
  14. 14. • Data Persistence • Data Security Needs
  15. 15.
  16. 16. Summary Containers are Immutable, Portable, and Scriptable. Mission Critical Data Applications Are In Dire Need Of These Benefits Containers are for Enterprise Database Applications 21 3
  17. 17. 1. Definitions 2. Misconceptions 3. Data Persistence 4. Data Security Outline
  18. 18. Data Persistence
  19. 19. Container
  20. 20. Container Data
  21. 21. Examples! (Databases + Volumes) https://github.com/tjosephcarroll/DatabaseContainerExamples
  22. 22. Not All Data Needs Mission Critical Persistence
  23. 23. Summary Critical Data Must Persist Outside The Container Not All Data is Critical Data Make Smart Design Decisions Regarding Where Data Goes From Day 0 21 3
  24. 24. 1. Definitions 2. Misconceptions 3. Data Persistence 4. Data Security Outline
  25. 25. Data Security
  26. 26. Reminder – Mission Critical
  27. 27. • Build a registry of trusted images (build your own images) • Scan your images for vulnerabilities • Rotate your credentials • There are many tools! This is easy! Do it please! Trust, Scan, and Sign Your Images
  28. 28. • No database passwords in source. • Defined at runtime. • Encrypted at rest and in motion. • Start with Secrets! Secure Access To Your Data
  29. 29. Examples! (Databases + Secrets) https://github.com/tjosephcarroll/DatabaseContainerExamples
  30. 30. • What user/group are you containers running as? • Are the cgroups and namespaces what you want? • Any container in your configuration can be the culprit. Secure Your Runtime Environment
  31. 31. Summary Use Secrets To Protect Data Access Runtime Security – Users, Namespaces, Cgroups Scan, Sign, and Trust Your Images 21 3
  32. 32. 1. Definitions 2. Misconceptions 3. Data Persistence 4. Data Security Outline
  33. 33. Product, InterSystems github.com/tjosephcarroll @JoeCarroll3000 Joe Carroll

×