The document discusses the role of containerized databases in managing mission-critical enterprise applications, emphasizing the importance of data persistence and security. It outlines misconceptions about container databases, highlighting the benefits of immutability and portability, while urging smart design for data management. Key practices for enhancing data security, such as building trusted images and ensuring secure access, are also presented.

1. Joe Carroll
Containerized Databases for
Enterprise Applications

2. Product, InterSystems
Joe Carroll

3. 1. Definitions
2. Misconceptions
3. Data Persistence
4. Data Security
Outline

4. Enterprise Database
Applications
Definitions

5. Enterprise Database Applications Manage Mission Critical Data
Definition:

6. Mission Critical Data

7. Mission Critical Data
• Vital to lives, wallets, and/or the business
• If we lose it or compromise it, then we’re in the
news, people get fired, and the boss goes to
jail.
• Examples: Patient Records, Financial Data,
Payroll, etc.
Definition:

8. • Data Persistence
• Data Security
Needs

9. Summary
Enterprise Database
Applications Manage
Mission Critical Data
Mission Critical Data
Impacts Lives, Wallets, and
Business
Data Persistence
Data Security
21 3

10. 1. Definitions
2. Misconceptions
3. Data Persistence
4. Data Security
Outline

11. Misconceptions
“Containers
≠ Database”

12. • Immutable
• Portable
• Scriptable
Why Docker Containers?
Docker allows our application to be -

13. • Disposable/Ephemeral
• Broad ecosystem of tools not built
by us
• Docker daemon is privileged
Tension?

14. • Data Persistence
• Data Security
Needs

15. ✚

16. Summary
Containers are Immutable,
Portable, and Scriptable.
Mission Critical Data
Applications Are In Dire
Need Of These Benefits
Containers are for
Enterprise Database
Applications
21 3

17. 1. Definitions
2. Misconceptions
3. Data Persistence
4. Data Security
Outline

18. Data Persistence

19. Container

20. Container Data

21. Examples! (Databases + Volumes)
https://github.com/tjosephcarroll/DatabaseContainerExamples

22. Not All Data Needs Mission Critical Persistence

23. Summary
Critical Data Must Persist
Outside The Container
Not All Data is Critical Data
Make Smart Design
Decisions Regarding Where
Data Goes From Day 0
21 3

24. 1. Definitions
2. Misconceptions
3. Data Persistence
4. Data Security
Outline

25. Data Security

26. Reminder – Mission Critical

27. • Build a registry of trusted images (build your
own images)
• Scan your images for vulnerabilities
• Rotate your credentials
• There are many tools! This is easy! Do it
please!
Trust, Scan, and Sign Your Images

28. • No database passwords in source.
• Defined at runtime.
• Encrypted at rest and in motion.
• Start with Secrets!
Secure Access To Your Data

29. Examples! (Databases + Secrets)
https://github.com/tjosephcarroll/DatabaseContainerExamples

30. • What user/group are you containers running
as?
• Are the cgroups and namespaces what you
want?
• Any container in your configuration can be the
culprit.
Secure Your Runtime Environment

31. Summary
Use Secrets To Protect
Data Access
Runtime Security – Users,
Namespaces, Cgroups
Scan, Sign, and Trust Your
Images
21 3

32. 1. Definitions
2. Misconceptions
3. Data Persistence
4. Data Security
Outline

33. Product, InterSystems
github.com/tjosephcarroll
@JoeCarroll3000
Joe Carroll