Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Docker Roadshow 2016


Published on

This presentation is from the 2016 Enterprise Roadshow series in North America and Europe. This presentation explains the Docker enterprise solution including Containers as a Service workflows powered by Docker Datacenter and the integration with HPE to deliver a container platform on hybrid cloud infrastructure.
Learn more:

Published in: Technology

Docker Roadshow 2016

  1. 1. Docker and the Modern Application Platform Marc Verstaen, EVP Product Development
  2. 2. 2 The application landscape is changing Loosely Coupled Services Many Small Servers or devices ~2000 Today Monolithic Big Servers Slow changing Rapidly updated
  3. 3. Development VM QA Server Public Cloud Disaster Recovery Contributor’s Laptop Production Servers Production Cluster Data Center Containers are the catalyst Static Website Web Front End Background Workers User DB Analytics DB Queue API Endpoint
  4. 4. Docker users already running in production 60% Docker driving the containerization movement Docker Survey: State of Applications Q1 2016 Cluster HQ: State of Container Usage June 2016 Companies running container technology in production (500+ employees)
  5. 5. At the center of enterprise IT transformation 80% Docker is central to cloud strategy Docker Survey: State of App development : Q1 - 2016 3 out 4 Top initiatives revolve around applications 44% Looking to adopt DevOps App Modernization DevOpsCloud State of App development Survey: Q1 2016
  6. 6. 6 Docker delivers innovation, speed and savings + +Agility Portability Control State of App development Survey: Q1 2016, Cornell University case study 13XMore software releases 62%Report reduction in MTTR 10XCost reduction in maintaining existing applications Eliminate “works on my machine” issues 41%Move workloads across private/public clouds 65%Reduction in developer onboarding time
  7. 7. Docker Containers as a Service
  8. 8. Cloud Zone 1 Cloud Zone 2 Data Center Development Center Headquarters Docker aims to build a programmable layer for the internet to connect your global supply chain Build, ship and run any application anywhere The enterprise software supply chain is global
  9. 9. Enterprise IT is hybrid apps and infrastructure x86 server operating systems worldwide Docker State of App development Survey: Q1 2016 Morgan Stanley CIO Survey: June 30, 2016 Study of Gartner reports re: x86 shipments • 80% looking to Docker to enable hybrid cloud initiatives. • Public Cloud adoption expected to increase to 30% by 2017. • 46% plan to build new microservices
  10. 10. ˝ DEVELOPERS IT OPERATIONS BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale Docker enables a new workflow with Containers as a Service
  11. 11. Docker Universal Control Plane Integrated Security Docker Engine Container runtime, orchestration, networking, volumes, plugins Docker Trusted Registry Operating Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes VirtualizationPublic Cloud Physical Docker CaaS platform is flexible, pluggable and portable Docker Datacenter
  12. 12. One platform and one journey for all applications 1 Containerize Legacy Applications Lift and shift for portability and efficiency 2 3 Transform Legacy to Microservices Look for shared services to transform Accelerate New Applications Greenfield innovation
  13. 13. Servers ship with Docker Commercial Engine/Support Docker Datacenter available through all HPE channels Integrated Solution with Hardware, Software, Support, and Services
  14. 14. Docker Datacenter Steven Thwaites, Solutions Engineer
  15. 15. DEVELOPERS IT OPERATIONS BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale Docker Datacenter workflow Docker Trusted Registry Docker Content Trust Universal Control Plane Docker for Mac Docker for Windows
  16. 16. 17 Docker Datacenter core values + +Agility Portability Control Extends the Docker developer experience to production Easy to setup and use Native Docker solution Ease of management at scale Integrated security and policy for content and access (RBAC) Integrates with existing systems Full support of Docker API Seamless dev to prod workflow Infrastructure, network and storage portability
  17. 17. 18 Key use cases for Docker Datacenter Cloud Microservices Cloud Migration Hybrid Cloud Multi-Cloud Containerization Microservices App Modernization DevOps CI/CD Self Service DevOps
  18. 18. Portability: Frictionless across environments 19 Dev Test / QA Staging Production Same code in dev runs unchanged in every environment Container, network, storage portability Services Networks Volumes
  19. 19. Control: Orchestration and integrations at scale Universal Control Plane High Availability Access Control 3rd Party PluginsSwarm Managed GUI Management Docker Native Integration Monitoring 20
  20. 20. Control: Ease of use and management • Quick and easy to deploy • Easy GUI based configurations • Simple and non-disruptive upgrades • Intuitive GUI and dashboards • Point and click, search and browse • Support for Docker CLI and Toolbox 21
  21. 21. Control : Easy to deploy and use 22
  22. 22. Control: Granular control of applications 23 Manage Compose apps • Start, stop or delete Compose apps • Click to inspect individual containers Manage Containers • Start, stop, destroy or rename • Scale number of containers • View details, stats, logs • Use console to log into
  23. 23. Control: Secure Runtime Access Set up options • LDAP/AD support • Built-in Granular RBAC • Users and Teams • Roles • Permission labels User Experience • Single sign on 24
  24. 24. Control: Unified Authentication Service 25 UCP LDAP/AD External CA DTR eNZi •Provides shared authentication for entire DDC stack •Install/configure with UCP (including HA replication) •Users created in UCP show up in DTR and vice-versa •Streamlined UCP and DTR setup for SSO
  25. 25. Control: Secure Image Collaboration Trusted Registry Log Aggregator Authorization Server Registry ServiceContent Trust 26 LDAP/AD Logs Storage Image Repo Image Repo Image Repo Admin Server Notary Server Web UI CLI
  26. 26. Control: Integrated Content Trust Developers IT Operations BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale 27 Library of signed and trusted images Enforce use of only trusted images
  27. 27. Control: Granular Image Management • Search and browse repos • RBAC by repo –Users, Teams, Orgs –Read, Read-Write, Admin • Garbage collection • Integrated Content Trust 28
  28. 28. Docker Datacenter Subscription 29 Docker Universal Control Plane Docker Trusted Registry Docker Engine Business Day Support $1,500 /node/year Docker Universal Control Plane Docker Trusted Registry Docker Engine Business Critical Support $3,000 /node/year
  29. 29. Value of a Docker Subscription 30 ValidatedConfigurations Enterprise Class Support with SLAs and hotfixes Docker Universal Control Plane Docker Trusted Registry (Integrated Docker Content Trust) Commercially Supported Docker Engine Integrations and API Support
  30. 30. Value of Docker Subscription Official Technical Support • Dedicated support engineers and SLAs • Only available from Docker and IBM Secure • Address vulnerabilities • Hotfixes Stable • Predictable release cadence • Long supported versions • Backport defect fixes 31 Integrations and API Support • Docker native toolset • Access to the broadest ecosystem Validated Configurations • Validated operating systems, configurations and interoperability Direct Product Roadmap Ownership • Directly responsible for proprietary and open source product roadmap
  31. 31. Secure the Enterprise Software Lifecycle with Docker Diogo Monica, Security Lead
  32. 32. source/ dependencies build systems/ engineers network application repository deployed systems Software supply chain
  33. 33. Identity
  34. 34. IMAGE name: alpine:3.4 sha256: ea08...950 ID: f70c828098f5 expires: 2019-06-20 USER name: user org: organization DOCKER HOST name: node-1 ID: 9j1kxp7cd1z...22c *manager expires: 2016-06-21 ID: 58slx2ra5qiee92n4uf56ocvf
  35. 35. source/ dependencies build systems/ engineers Consistent builds
  36. 36. Consistent Builds: Good input = good output
  37. 37. network Application signing
  38. 38. Docker Content Trust
  39. 39. 40 Security: Trusted image chaining Add image layer, sign then push image to private registry Continue until complete for a trusted chain of image layers pypy3 Django app Additional Libraries debian:jessie pypy:3 user/pypybase:latest user/myapp:latest
  40. 40. application repository Security Scanning and Gating
  41. 41. Docker Security Scanning Architecture
  42. 42. 44 Trusted image chaining with signing Add image layer, sign, security scan then push image to private registry Continue until complete for a trusted chain of image layers Now a security BOM exists for each image tag pypy3 Django app Additional Libraries debian:jessie pypy:3 user/pypybase:latest user/myapp:latest
  43. 43. 45 Threshold signing and gating CI Security Scanning Staging Production UCP WorkerUCP Worker UCP Worker UCP Manager Sign image to “approve” passing of each stage. Policy to check for signatures before deployment
  44. 44. deployed systems Orchestration
  45. 45. $ docker run -it --net host --pid host --cap-add audit_control ... docker/docker-bench-security [INFO] 1 - Host Configuration [WARN] 1.1 - Create a separate partition for containers [PASS] 1.2 - Use an updated Linux Kernel [PASS] 1.4 - Remove all non-essential services from the host - Network [PASS] 1.5 - Keep Docker up to date [INFO] * Using 1.12.04 which is current as of 2016-08-16 [INFO] * Check with your operating system vendor for support and security maintenance for docker [INFO] 1.6 - Only allow trusted users to control Docker daemon [INFO] * docker:x:999:docker [WARN] 1.7 - Failed to inspect: auditctl command not found. [WARN] 1.8 - Failed to inspect: auditctl command not found. [WARN] 1.9 - Failed to inspect: auditctl command not found. [INFO] 1.10 - Audit Docker files and directories - docker.service [INFO] * File not found [INFO] 1.11 - Audit Docker files and directories - docker.socket [INFO] * File not found ...
  46. 46. • Docker 1.12 with built in orchestration (clustering and scheduling) • Strong default cluster security Secure Cluster Management
  47. 47. •Leader acts as CA. •Any Manager can be promoted to leader. •Workers and managers identified by their certificate. •Communications secured with Mutual TLS. Mutual TLS by default
  48. 48. • Managers support BYO CA. • Forwards CSRs to external CA. • Customizable certificate rotation periods. • Occurs automatically • Ensures potentially compromised or leaked certificates are rotated out of use. • Whitelist of currently valid certificates. Support for External CA’s and Automatic Rotation