This document discusses DevOps, Docker, and security. It begins by introducing the speaker and their background in DevOps. It then discusses how DevOps practices like continuous delivery, automation, and culture can make organizations 2000x faster. It introduces Docker and how it can make deployments more effective. Finally, it discusses how applying supply chain principles from Toyota, such as limiting variability and ensuring visibility, can make systems 100x more reliable when combined with Docker and immutable infrastructure.

1. Devops, Docker and Security
John Willis
@botchagalupe

2. • One of the founding members of “Devopsdays”
• Co-author of the “Devops Handbook”.
• Author of the “Introduction to Devops” on Linux Foundation
edX.
• Podcaster at devopscafe.org
• Devops Enterprise Summit - Cofounder
• Nine person in at Chef (VP of Customer Enablement)
• Formally Director of Devops at Dell
• Found of Socketplane (Acquired by Docker)
• 10 Startups over 25 years
About Me
https://github.com/botchagalupe/my-presentations

5. 5
What If I told you you
could be 2000 times
faster than your
competitors

6. 6
What if I told you that
you could be 100
times more reliable
than your
competitors

7. 7
What if you
could have
both

8. Faster, Effective, Reliable
• Devops (Faster)
• Docker (Effective)
• Supply Chain (Reliable)
8
Immutable
Service
Delivery

9. Devops … faster

10. DTO Solutions

11. • CAMS
• Culture
• Automation
• Measurement
• Sharing
Devops Taxonomies
• The Three Ways
•The First Way
•The Second Way
•The Third Way

12. Devops Practices and Patterns
• Continuous Delivery
• Everything in version control
• Small batch principle
• Trunk based deployments
• Manage flow (WIP)
• Automate everything
• Culture
• Everyone is responsible
• Done means released
• Stop the line when it breaks
• Remove silos12
itrevolution.com/devops-handbook

13. 30x 200x
more frequent
deployments
faster lead
times
60x 168x
the change
success rate
faster mean time to
recover (MTTR)
2x 50%
more likely to
exceed profitability,
market share &
productivity goals
higher market
capitalization growth
over 3 years*
High performers compared to their peers…
Data from 2014/2015 State of DevOps Report - https://puppetlabs.com/2015-devops-report
Recent IT Performance Data is Compelling

14. 30x 200x
more frequent
deployments
faster lead
times
60x 168x
the change
success rate
faster mean time to
recover (MTTR)
2x 50%
more likely to
exceed profitability,
market share &
productivity goals
higher market
capitalization growth
over 3 years*
High performers compared to their peers…
Data from 2014/2015 State of DevOps Report - https://puppetlabs.com/2015-devops-report
Recent IT Performance Data is Compelling
Faster
Higher
Quality
More
Effective
2555x

15. Fast
CheapGood
“Pick Two!”
Conventional Wisdom

16. Devops Automated Deployment Pipeline
16
Source: Wikipedia - Continuous Delivery

18. 18
Devops Results
Google
• Over 15,000 engineers in over 40 offices
• 4,000+ projects under active development
• 5500+ code submissions per day (20+ p/m)
• Over 75M test cases run daily
• 50% of code changes monthly
• Single source tree
• Over 75M test cases run daily

19. 19
Devops Results
Amazon
• 11.6 second mean time between deploys.
• 1079 max deploys in a single hour.
• 10,000 mean number of hosts
simultaneously receiving a deploy.
• 30,000 max number of hosts simultaneously
receiving a deploy

20. 20
Unicorns and Horses (Enterprises)
Unicorns
Enterprise
Shamelessly stolen and repurposed from: Pete Cheslock

21. 21
Devops Results
Enterprise Organizations
• Ticketmaster - 98% reduction in MTTR
• Nordstrom - 20% shorter Lead Time
• Target - Full Stack Deploy 3 months to minutes
• USAA - Release from 28 days to 7 days
• ING - 500 applications teams doing devops
• CSG - From 200 incidents per release to 18

22. Docker … effective

23. • IBM 360/370 (1960/1970)
• CHROOT - Version 7 Unix 1979 (Bell Labs)
• BSD in 1982 (Berkley)
• VMware (1998)
• FreeBSD Jails 2000
• XEN 2003
• Solaris Zones 2004
• OpenVZ 2005
• Amazon Web Services 2006
• Namespaces 2007
• Cgroups (Google) 2007
• KVM 2007
• AIX LPARS (IBM) 2007
• Drawbridge (2008)
• Hyper-V (2008)
• Linux Containers - LXC (Parelles, IBM, Google) 2008
• Docker (Dotcloud Inc) 2013
• Microsoft Docker on Windows Server 2016
History
of
Virtualization

24. •Type 1 Virtualization
•VMware ESX, XEN, Hyper-V
•Type 2 Virtualization
•KVM, Virtualbox, QEMU, VMware Workstation
•OS Level Virtualization
•OpenVZ, LXC, Docker
Virtualization

25. www.slideshare.net/
BodenRussell/realizing-
linux-containerslxc

26. • Provision in milliseconds
• Near bare metal runtime performance
• VM-like agility – it’s still “virtualization”
• Lightweight – Just enough Operating System (JeOS)
• Supported with modern Linux kernel
• Growing in popularity
Why OS Level Virtualization

28. • Isolation
• Lightweight
• Simplicity
• Workflow
• Security
• Community
Why Docker

29. 29
Docker Security Enhancements
• Docker Security Scanning
• Docker Content Trust
• Docker Trusted Registry
• TLS by Default for Swarm/Docker Data Center
• Read Only Containers
• User Namespaces
• Secomp and LSMS support
• Enhanced System “Capabilities” support
• Secrets Management
• Immutable Operating System (Coming Soon)

30. 30
Immutable Delivery

31. 31
Immutable Delivery

32. Supply Chain … Reliable

33. 33

35. 35
Supply&chain&advantage&
Source:(Toyota(Supply(Chain(
Management:(A(Strategic(
Approach(to(Toyota’s(
Renowned(System,(by(Ananth(
Iyer(and(Sridhar(Seshadri(
Toyota&
Advantage&
Toyota&
Prius&
Chevy&
Volt&
Unit%Retail%Price% 61%& $24,200% $39,900%
Units%Sold/Month% 13x& 23,294% 1,788%
In?House%ProducBon% 50%& 27%% 54%%
Plant%Suppliers% 16%&& 125% 800%
Firm@Wide(Suppliers( 4%# 224( 5,500(

36. Use their highest
quality parts
Use fewer, better
suppliers
Track which parts
you use & where

37. 37
Variety
• Determine your variety of
offerings based on operational
efficiency and market demand
Velocity
• Maintain a steady flow through all
processes of the supply chain
Variability
• Manage inconsistencies carefully
to reduce cost and improve
quality
Visibility
• Ensure the transparency of all
processes to enable continuous
learning and improvement
Toyota Production Systems - 4VL

38. 38
Docker and the Three Ways of Devops

39. 39
Variety
• Learn faster, Limited frameworks,
Limited operating systems, Limit
vendors.
Velocity
• Small Batch, Small Teams,
Microservices and Containers
Variability
• Docker and Immutable Delivery
Visibility
• Automated Testing, Docker Trust,
Docker Security Scanning, Bounded
Context, Bill of Materials
Immutable Service Delivery (4VL)
Use their highest
quality parts
Use fewer, better
suppliers
Track which parts
you use & where

40. 40
Visibility - Docker - Bill of Material
• Where and when was it built and why
• What was its ancestor images
• How do I start, validate, monitor and update it
• What git repo is being built, what hash of that git repo
was built
• What are all the tags this specific container is known as
at time of build
• What’s the project name this belongs to
• Have the ability to have arbitrary user supplied rich
metadata
Software Supply Chain - 4VL

41. Devops Automated Deployment Pipeline
41
Source: Wikipedia - Continuous Delivery

42. DevSecOps
Requirements
& Design
Development CI
Interval
Trigger
Assessment
Production
Application Risk
Classification
Security Requirement
Definition
Secure Libraries
Static Analysis/IDE
SCM
Open Source
Governance(CI)
Secure Coding
Standards
Perimeter
Assessment
Dynamic
Assessments
Threat-Based Pen
Test
Web Application
Firewalls
Automated Attack/
Bot Defense
Container Security
Management
Security Mavens (Security-Trained Developers and Operations)
Role Based Software Security Training
Continuous Monitoring, Analytics and KPI Gathering
Preventative Detective
Lightweight threat
modeling approach
Detailed manual
assessments
triggered
automatically at
appropriate interval;
detached from
release cycle
Container Security
Compliance (CI)
Threat modeling
Static Analysis (CI)

43. 43
Immutable Service Delivery
Fortune 500 Insurance Company
• Tracks critical and high security defect rate per 10k
lines of code
• Started out with (10/10k)
• After applying Devops practices and principles (4/10k)
• After applying Toyota Supply Chain 4VL (1/10k )
• After Docker with Immutable Delivery (0.1/10k)

44. 44
With Docker
Fortune 500 Insurance Company
• One Service
• One Container
• One Read Only File System
• One Port

45. Immutable Service Delivery
• Devops (Faster)
• Docker (Effective)
• Supply Chain (Reliable)
45
2000x Faster
and
100x Reliable