Weitere ähnliche Inhalte Ähnlich wie Top 5 benefits of docker (20) Kürzlich hochgeladen (20) Top 5 benefits of docker2. Ippon Technologies © 2016
Ippon Technologies
Founded in 2002 by Stephane Nomis, former professional French judoka
● Consulting in Agile Development, Big Data and DevOps / Cloud
● Expertise in project delivery with short time-to-market and high quality
● Located in France, USA, Australia, Morocco
● 250 engineers
● 80% enterprise customers
● $32 million revenue and 20% annual growth rate
We support innovative
open-source projects
such as the popular
application generator
JHipster
We released a fully
managed data platform
based on Docker
a full point
scored in
judo - a win
2
3. Ippon Technologies © 2016
Ippon Technologies USA
Founded in March 2014
40 employees
● Richmond, VA (HQ)
● Washington DC
10+ Customers
● Top 10 US Bank
● Insurance & Health
○ Allianz
○ Genworth
○ CMS
○ Envera
Specialties
● Big Data
● Agile Dev./ Digital
● Devops / Cloud
3
5. Ippon Technologies © 2016
What is Docker?
● Your application… PLUS stuff your application needs to run
➔Libraries, file system, webserver, etc.
● Docker images == Shippable Artifact
● Docker containers/images are lightweight
➔Fast spin-up
➔Small footprint
➔Fast shipping between hosts
● Built on top of Linux kernel features: namespaces and cgroups
➔Features that have been part of the linux kernel for a few years
5
6. Ippon Technologies © 20166
VM uses a hypervisor to create hard
resource boundaries between running
instances.
Docker Engine shares resources, allow
containers to be much more lightweight
9. Ippon Technologies © 2016
Problem: Environmental Drift
● Overtime, changes to servers cause environments to diverge
➔Example: security patches in production environment
● Bugs in production cannot be reproduced
➔Hours wasted debugging
9
10. Ippon Technologies © 2016
Solution: Immutable Infrastructure
● Docker images are immutable
● Don’t change servers directly!
● Need to update?
➔Implement change in Dockerfile, then deploy immutable image to all environments
➔Remove old containers with new containers from new Image
➔Changes are traceable, versioned and reproducible
● Bugs in production?
➔Pull image locally, and debug!
10
12. Ippon Technologies © 2016
Security
“Containers offer many overall advantages. From a security perspective, they create a method to reduce attack surfaces and isolate applications to
only the required components, interfaces, libraries and network connections.”
“In this modern age, I believe that there is little excuse for not running a Linux application in some form of a Linux container, MAC or lightweight
sandbox.”
– Aaron Grattafiori, Formerly Principal Consultant at NCC Group
“Gartner asserts that applications deployed in containers are more secure than applications deployed on the bare OS” because even if a container is
cracked “they greatly limit the damage of a successful compromise because applications and users are isolated on a per-container basis so that
they cannot compromise other containers or the host OS”.
– Joerg Fritsch , Gartner
12
13. Ippon Technologies © 2016
Security with Isolation and Granular Controls
● Isolated containers provide better defense in depth
➔Network, PID, and other namespace isolation
● Only have libraries installed needed for your applications
➔Smaller attack surfaces
➔Don’t give hackers tools they can utilize (linux tools)
● Granular access for mandatory access controls (MAC)
➔Selinux, AppArmor
➔Whitelisting is best practice
➔Each container has exactly the permission required to run the application
13
14. Ippon Technologies © 2016
Security Scan Service
● Available with Docker Cloud and Docker Hub
● Scans against a database of known vulnerabilities
● Scans new layers as they are pushed through the pipeline
● New vulnerability? Scan all images again and notify developers
14
15. Ippon Technologies © 2016
Want to learn more about security?
● Aaron Grattafiori, Security lead of NCC Group wrote a good whitepaper
on container security (very technical)
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/april/understanding-and-hardening-linux-containers/
15
16. Benefit #3 - Faster Time to Market
with Microservices
16
17. Ippon Technologies © 2016
Yay! Microservices!
● Faster time to market
● Highly Scalable
● Loosely coupled
● Agile teams are cross functional and product aligned
● Technology Agnostic
17
18. Ippon Technologies © 2016
Microservices! Oh Wait...
● Service orchestration / discovery
● Centralized monitoring and logging
● Resiliency / self-healing
● Need lots of environments
➔Dev, QA, Prod, Build environments, Test environments
All these problems are harder when you have different types of applications
18
20. Ippon Technologies © 2016
Docker Helps with Microservices
● Standard container interface
➔Operations problems become more generic
➔Ecosystem tools exist
● Spin up new environments quickly
➔ For all of your Dev, QA, Prod, needs
● Containers are isolated
➔Deploy multiple apps with conflicting dependencies on the same VM
➔Fully utilize your allocated infrastructure. Save $$$!
● Use containers for build and test environments
➔ Riot Games does it right: https://engineering.riotgames.com/ 20
25. Ippon Technologies © 2016
Ecosystem Tools
25
Clustering and Container Manager
Docker Swarm
Mesos
Kubernetes
Marathon (Mesos)
Hosting (and PaaS)
Docker Cloud (PaaS with plugin hosting)
Amazon ECS
Google Container Engine (Kubernetes)
Digital Ocean
OpenShift (Redhat Paas)
Service Discovery
Consul
Etcd
zookeeper
Monitoring / Logging
Datadog
cAdvisor
Sysdig
Splunk
FluentD
ELK (or EFK)
https://github.com/veggiemonk/awesome-docker
27. Ippon Technologies © 2016
Community Relationship
● Docker is open-source with >1000 contributors
● Docker extracts internals and publishes as separate OS projects
➔ libnetwork , swarmkit, infrakit, etc.
➔Non are Docker dependent
● Experimental releases to collect feedback
● Programs such as the Docker Captains group and community slack
channels
➔Join the community! https://community.docker.com/registrations/groups/4316o
27
28. Ippon Technologies © 2016
Docker is Built on Open Standards
● Open Container Initiative (OCI) define open Industry standards for
container format and runtime
● Backed by big companies (Google, Docker, Redhat)
● Docker donated reference implementation runc: https://runc.io/
● Starting with Docker 1.11 runs OCI compliant images using OCI-
compliant OS projects: runc and containerd.
28
32. Ippon Technologies © 2016
John Zaccone
Software Engineer, RVA
jzaccone@ipponusa.com
@JohnZaccone
Romain Lhéritier
Managing Director, USA
romain@ipponusa.com
(804) 482-1515
www.ippon.tech
Olivia Deputy
Business Dev. Assoc., RVA
odeputy@ipponusa.com
(540) 421-3861
Addresses: Ippon @PowerPlant
2700 East Cary Street
Richmond, VA 23223
Ippon @WeWork
718 7th St NW
Washington, DC 20001
Contact Us
32