Is Docker Scalable? 5 Big Docker Myths Explodeded
•Download as PPTX, PDF•
0 likes•230 views
These are slides from our webinar which gives genuine insights and expert guidance irrespective of where you are on your Docker implementation journey, helping you build the right strategy for advancement. Docker separates the application constraints from infrastructure concerns and reduce dependenices that slow agility. Anyone in development and operations, focused on DevOps, Continuous Delivery and accelerating time-to-market.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Similar to Is Docker Scalable? 5 Big Docker Myths Explodeded
Similar to Is Docker Scalable? 5 Big Docker Myths Explodeded (20)
Recently uploaded
Recently uploaded (20)
Is Docker Scalable? 5 Big Docker Myths Explodeded
- 1. sendachi.com Docker: 5 Big Myths Exploded Matt Saunders Principal Consultant Sendachi
- 2. sendachi.com Sendachi • Formed in 2016 • Merging Clutch (US) and Contino (UK) • VC Funded Services Company • Docker Premier Partner
- 3. sendachi.com Sendachi • Enterprise Focus • DevOps & Continuous Delivery • Containerisation & Virtualisation • Microservices • Security, Reliability & Resilience • Cloud Architecture
- 5. sendachi.com Docker Adoption 5.6 million pulls/day $1 billion valuation 2 billion + pulls to date
- 8. sendachi.com Containerisation Benefits (1/2) • Container abstraction layer • Platform Portability • Resilience with Clustering • Provenance and Traceability
- 9. sendachi.com Containerisation Benefits (2/2) • Environment Consistency • Improved Compute Density • Multi-Tenancy • Remove the Virtualisation Tax
- 10. sendachi.com Container Abstraction Layer • Common point of entry for containers • Run diverse technology stacks • HTTP with RESTful Interfaces work well • Microservices • 12 Factor Applications
- 11. sendachi.com Platform Portability • Move applications easily between servers • Private and public cloud • Everything is contained
- 12. sendachi.com Resilience with Clustering • Higher-order clustering options • Built specifically for Docker • Docker Swarm itself is a containerised application
- 13. sendachi.com Provenance and Traceability • Container builds can be automated • Cryptographic signing available • Docker registry comms are encrypted • Proof that the image is as-built
- 14. sendachi.com Environment Consistency • Applications run purely inside containers • Environment information stored outside containers • The same unaltered container runs in all environments • Environmental drift is minimised
- 15. sendachi.com Improved Compute Density • Applications can be limited by memory and CPU • Pre-allocation of resources isn’t necessary • Intelligent scheduling of workloads with Swarm • Run larger Docker host servers without virtualisation
- 16. sendachi.com Multi-Tenancy • Docker containers are insulated from each other • Containers can’t interfere or interact with each other • Enables greater density
- 17. sendachi.com Remove the Virtualisation Tax • Docker machine can run on bare metal • Swarm orchestration optimally places containers • Swarm will replace containers on failed nodes • Any need for virtualisation?
- 19. sendachi.com Docker is Insecure • Don’t run as root • User namespaces • Capabilities • Use AppArmor, SELinux and friends
- 23. sendachi.com Docker in the Enterprise • Docker will lose your data
- 24. sendachi.com Docker in the Enterprise • Use volume mounts • Store data on your resilient storage
- 25. sendachi.com Docker in the Enterprise • No-one knows what’s in your containers
- 26. sendachi.com Docker in the Enterprise • Use version control and CI • Use Docker Notary • Sign your images • Scan containers at build-time
- 27. sendachi.com Docker in the Enterprise
- 28. sendachi.com Docker in the Enterprise • Goldman Sachs • Swisscom • New York Times • ING • BBC
- 29. sendachi.com Docker Containers are unusably large Myth 3
- 30. sendachi.com Containers are too big • Full OS images can be > 1 Gb • Laden container with app > 2 Gb
- 31. sendachi.com Containers are too big
- 32. sendachi.com Containers are too big • Don’t embed large OSes in containers • Not gonna need it • Work with Security people
- 33. sendachi.com Containers are too big • Host locally • Docker Trusted Registry • Hosts your images • Fine-grained RBAC • Cryptographic signing
- 35. sendachi.com Docker and Microservices • Run a staged move to Docker • Run your monolith in a container
- 36. sendachi.com Docker and Microservices • Run a staged move to Docker • Run your monolith in a container
- 37. sendachi.com Docker and Microservices • Get some benefits • Faster startup times • Move app between environments
- 38. sendachi.com Docker and Microservices • Start breaking up the monolith • Slice bits of the edges • Make microservices
- 40. sendachi.com Docker and Microservices • Manage Microservice-based architectures • Gradual transformation
- 41. sendachi.com Docker only works in the Cloud Myth 5
- 42. sendachi.com Docker in the Cloud • Run Docker Engine on your own hosts • Reduce the VM tax with larger instances • Leverage existing hardware investment • Use existing firewalls and loadbalancers
- 43. sendachi.com Docker doesn’t work on Windows Myth 6
- 44. sendachi.com Docker on Windows • Docker Toolbox now runs natively • Docker Engine runs on Server 2016 TP5 • Run Windows Docker containers • Still early days
- 45. sendachi.com Docker on Windows • Docker Toolbox now runs natively • Docker Engine runs on Windows Server 2016 TP5
- 46. sendachi.com Docker on Windows • Windows Nano Server
- 48. sendachi.com More Myths • Containers can’t be orchestrated at scale • Containers are just small VMs • Enterprise IT and containers are incompatible • Docker isn’t being used in production
Editor's Notes
- Abstraction layer: Banks are a museum of technologies, Technology diversity is prevalent. But when you containerise the container becomes the common unit of management and operations, whatever is encapsulated within it – either Weblogic or Websphere or another Java application, or a NodeJS application. Management becomes much simpler Platform portability: containers add a powerful layer of portability – once an app is containerised it is packaged up with all its dependencies, so it can be moved around different environments within the data centre, or between private and public clouds. This reduces the platform risk Resilience and robustness: containers allow you to solve resilience at a platform level – using clustering tools like Swarm which will restart containers on another host if the original one goes away Provenance and traceability: for regulatory reasons, banks need to know exactly what’s running – which versions, where they came from, who deployed the code and when. Docker Datacenter gives us all of this – a full audit trail of who did what and when, and also cryptographic signing of container images to prove they are what we thought they were
- Abstraction layer: Banks are a museum of technologies, Technology diversity is prevalent. But when you containerise the container becomes the common unit of management and operations, whatever is encapsulated within it – either Weblogic or Websphere or another Java application, or a NodeJS application. Management becomes much simpler
- Platform portability: containers add a powerful layer of portability – once an app is containerised it is packaged up with all its dependencies, so it can be moved around different environments within the data centre, or between private and public clouds. This reduces the platform risk
- Resilience and robustness: containers allow you to solve resilience at a platform level – using clustering tools like Swarm which will restart containers on another host if the original one goes away
- Provenance and traceability: for regulatory reasons, banks need to know exactly what’s running – which versions, where they came from, who deployed the code and when. Docker Datacenter gives us all of this – a full audit trail of who did what and when, and also cryptographic signing of container images to prove they are what we thought they were
- Environment consistency: because we are packaging up the entire application with all its dependencies, we need only inject the bare minimum of environment data – perhaps a database and cache hostname – everything else is contained within the container. This dramatically reduces environment complexity
- Compute Density: we’re used to overprovisioning infrastructure to deal with peak loads, but scheduling algorhythms in Docker Swarm allow containers to be scheduled more efficiently than in a virtualised world, including scale-up techniques that make the most of the available compute resources
- Multi-Tenancy: Docker contains process isolation features which prevent processes from interfering with each other – this means that different teams could share host servers with proper isolation, whilst increasing compute density
- Virtualisation Tax: given the process isolation available, and the improvements in compute density, there’s an argument to run containers on bare metal – removing the need to run a virtualisation hypervisor. Docker Engine itself is something of a mixture between a jail and a virtual machine, with enough isolation and security to justify removing the virtualisation layer entirely
- Docker containers can now run in their own namespaces – instead of as root. This removes the attack vector where one container can affect the running of another because they are running as the same Linux user ID
- Docker containers can now run in their own namespaces – instead of as root. This removes the attack vector where one container can affect the running of another because they are running as the same Linux user ID
- Docker containers can now run in their own namespaces – instead of as root. This removes the attack vector where one container can affect the running of another because they are running as the same Linux user ID
- Use a CI pipeline – from development, to a source code repository, through a CI build, then to your docker registry, and then to production
- Docker Trusted Registry for the management and versioning of the images. This incorporates a workflow called Content Trust which allows us to sign and verify our images as they move between environments and machines.
- Nano server – stripped down version of Windows server – without a GUI. Ideal for running Docker Engine
- We have a stand outside in the expo area, and I’ll be around for a while to answer any questions too. I know I’m keeping you from lunch – are there any questions?