Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Dockercon 2015 - Faster Cheaper Safer

6.206 Aufrufe

Veröffentlicht am

It's clear that Docker speeds up development and makes testing and deployment more efficient. As Docker moves into production new use cases and patterns are emerging that address availability and security concerns. With microservices, safety is part of the architecture that developers need to understand and build for. It's no longer good enough to wrap a firewall around an entire app when it goes to production, and have a cold standby in case it breaks.

Veröffentlicht in: Technologie

Dockercon 2015 - Faster Cheaper Safer

  1. 1. Faster, Cheaper, Safer Secure Microservice Architectures using Docker Adrian Cockcroft @adrianco Technology Fellow - Battery Ventures June 2015
  2. 2. Key Goals of the CIO? Align IT with the business Develop products faster Try not to get breached
  3. 3. Security Blanket Failure Insecure applications hidden behind firewalls make you feel safe until the breach happens… http://peanuts.wikia.com/wiki/Linus'_security_blanket
  4. 4. What needs to change?
  5. 5. Developer responsibilities: Faster, cheaper, safer
  6. 6. Faster - Agile
  7. 7. “You build it, you run it.” Werner Vogels 2006
  8. 8. DevOps Continuous Delivery No meetings, no tickets Self service tools and APIs
  9. 9. Developer Developer Run What You Wrote Developer Developer
  10. 10. Developer Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer
  11. 11. Developer Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Monitoring Tools
  12. 12. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Monitoring Tools
  13. 13. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Site Reliability Monitoring Tools Availability Metrics 99.95% customer success rate
  14. 14. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Manager Manager Site Reliability Monitoring Tools Availability Metrics 99.95% customer success rate
  15. 15. DeveloperDeveloper Developer Run What You Wrote Micro service Micro service Micro service Micro service Micro service Micro service Micro service Developer Developer Manager Manager VP Engineering Site Reliability Monitoring Tools Availability Metrics 99.95% customer success rate
  16. 16. Observe Orient Decide Act Continuous Delivery
  17. 17. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Measure Customers Continuous Delivery
  18. 18. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point INNOVATION Measure Customers Continuous Delivery
  19. 19. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis Model Hypotheses INNOVATION Measure Customers Continuous Delivery
  20. 20. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis Model Hypotheses BIG DATA INNOVATION Measure Customers Continuous Delivery
  21. 21. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Model Hypotheses BIG DATA INNOVATION Measure Customers Continuous Delivery
  22. 22. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Model Hypotheses BIG DATA INNOVATION CULTURE Measure Customers Continuous Delivery
  23. 23. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Incremental Features Automatic Deploy Launch AB Test Model Hypotheses BIG DATA INNOVATION CULTURE Measure Customers Continuous Delivery
  24. 24. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Incremental Features Automatic Deploy Launch AB Test Model Hypotheses BIG DATA INNOVATION CULTURE CLOUD Measure Customers Continuous Delivery
  25. 25. Observe Orient Decide Act Land grab opportunity Competitive Move Customer Pain Point Analysis JFDI Plan Response Share Plans Incremental Features Automatic Deploy Launch AB Test Model Hypotheses BIG DATA INNOVATION CULTURE CLOUD Measure Customers Continuous Delivery
  26. 26. Low Cost of Change Using Docker Developers • Compile/Build • Seconds Extend container • Package dependencies • Seconds PaaS deploy Container • Docker startup • Seconds
  27. 27. Low Cost of Change Using Docker Fast tooling supports continuous delivery of many tiny changes Developers • Compile/Build • Seconds Extend container • Package dependencies • Seconds PaaS deploy Container • Docker startup • Seconds
  28. 28. Change One Thing at a Time!
  29. 29. What Happened? Rate of change increased Cost and size and risk of change reduced
  30. 30. Cheaper - Lean
  31. 31. “Freedom and responsibility” Reed Hastings 2009
  32. 32. Fail early and often Instrument everything Hypothesis driven development Efficient and autoscaled
  33. 33. Efficiency Gains: Virtualization consolidates CPUs Docker consolidates CPU and RAM
  34. 34. With Docker a test environment should only exist for the few seconds it takes to run a test
  35. 35. Autoscale production to consume just the resources you need, by the second
  36. 36. Safer - Rugged
  37. 37. “Developer Defined Infrastructure” Jerry Chen 2015
  38. 38. What can developers do about the threats?
  39. 39. External Threats Build using penetration test tools Manage image supply chain Hardened immutable services Service roles and security groups
  40. 40. Internal Threats Assume employees are compromised User roles, minimum privilege Audit logs for everything Encrypt data at rest
  41. 41. Patterns and practices
  42. 42. In Production https://www.docker.com/resources/usecases/ and many more….
  43. 43. Patterns and practices
  44. 44. Best Practices https://blog.docker.com/2015/05/understanding-docker-security-and-best-practices/
  45. 45. Immutable deployments Automated penetration testing Role based identity and access Trusted container supply chain Continuous audit
  46. 46. Workloads
  47. 47. Need for Speed CPU and IO Intensive workloads Hadoop, streaming, datastores Bare metal for efficiency Well isolated for security
  48. 48. Cutting the Cost Many similar containers per VM Saving on RAM, oversubscribe CPU Deploy with Swarm, Mesos, ECS, GKE VM based single tenant security
  49. 49. Playing it Safe One critical container per VM Extra security for exposed services Deploy as immutable VM image Docker adds to VM security
  50. 50. Tooling for Docker and many more….
  51. 51. Docker in Production 2014 - DIY frameworks 2015 - Hardening and best practices 2016 - Mature production tooling
  52. 52. Thanks ! Continue the discussion on Twitter @adrianco Adrian Cockcroft Technology Fellow - Battery Ventures June 2015 Disclosure: some of the companies mentioned may be Battery Ventures Portfolio Companies See www.battery.com for a list of portfolio investments

×