It's clear that Docker speeds up development and makes testing and deployment more efficient. As Docker moves into production new use cases and patterns are emerging that address availability and security concerns. With microservices, safety is part of the architecture that developers need to understand and build for. It's no longer good enough to wrap a firewall around an entire app when it goes to production, and have a cold standby in case it breaks.
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Dockercon 2015 - Faster Cheaper Safer
1. Faster, Cheaper, Safer
Secure Microservice Architectures using Docker
Adrian Cockcroft @adrianco
Technology Fellow - Battery Ventures
June 2015
2. Key Goals of the CIO?
Align IT with the business
Develop products faster
Try not to get breached
3. Security Blanket Failure
Insecure applications
hidden behind firewalls
make you feel safe until
the breach happens…
http://peanuts.wikia.com/wiki/Linus'_security_blanket
10. Developer Developer
Run What You Wrote
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Developer Developer
11. Developer Developer
Run What You Wrote
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Developer Developer
Monitoring
Tools
12. DeveloperDeveloper Developer
Run What You Wrote
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Developer Developer
Monitoring
Tools
13. DeveloperDeveloper Developer
Run What You Wrote
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Developer Developer
Site
Reliability
Monitoring
Tools
Availability
Metrics
99.95% customer
success rate
14. DeveloperDeveloper Developer
Run What You Wrote
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Developer Developer
Manager Manager
Site
Reliability
Monitoring
Tools
Availability
Metrics
99.95% customer
success rate
15. DeveloperDeveloper Developer
Run What You Wrote
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Micro
service
Developer Developer
Manager Manager
VP
Engineering
Site
Reliability
Monitoring
Tools
Availability
Metrics
99.95% customer
success rate
47. Need for Speed
CPU and IO Intensive workloads
Hadoop, streaming, datastores
Bare metal for efficiency
Well isolated for security
48. Cutting the Cost
Many similar containers per VM
Saving on RAM, oversubscribe CPU
Deploy with Swarm, Mesos, ECS, GKE
VM based single tenant security
49. Playing it Safe
One critical container per VM
Extra security for exposed services
Deploy as immutable VM image
Docker adds to VM security
51. Docker in Production
2014 - DIY frameworks
2015 - Hardening and best practices
2016 - Mature production tooling
52. Thanks !
Continue the discussion on Twitter @adrianco
Adrian Cockcroft
Technology Fellow - Battery Ventures
June 2015
Disclosure: some of the companies mentioned may be Battery Ventures Portfolio Companies
See www.battery.com for a list of portfolio investments