Fast, Secure Deployments with Docker on AWS

Fast, Secure Deployments
with Docker on AWS
Ronald Widha Sunarno, Solutions Architect, AWS
Chuck Price, VP of Professional Services, Logicworks
Jerry Hagedorn, VP of Information Technology, Spring Venture Group

DevOps on the AWS Cloud

Traditional IT Delivery Models are Obsolete
 Business is increasingly software-driven
 End-users expect both continuous improvement and
stability from applications
 IT needs to be able to provision infrastructure as rapidly as
developers demand it
 An organization’s pace of innovation is largely constrained
by their ability to develop applications

DevOps Can Help
Increase Decrease
 Length of delivery cycles
 Time to value
 Deployment failures and rollbacks
 Time to recover upon failure
 Operational overhead
DevOps practices enable companies to innovate at a higher velocity
for customers
 Business agility
 Application stability
 Ability to meet customer demand
 Time spent on innovation
 Security

Infrastructure
as Code
Microservices Logging and
Monitoring
Continuous
Integration/
Continuous
Delivery
DevOps on AWS
AWS provides on-demand infrastructure resources and tooling built to
enable common DevOps practices

 Provision the server, storage, and networking capacity you
need on demand
 Deploy independently, as a single service, or a group
of services
 Make configuration changes repeatable and standardized
 Build custom templates to provision resources in a
controlled and predictable way
 Use version control to keep track of all changes made to
your infrastructure and application stack
Infrastructure as Code
Replace traditional infrastructure provisioning and management with code-
based techniques

 Build services around the business capabilities you require
 Scale up and down as required with virtually no notice
 Make configuration code changes repeatable and
standardized
 API-driven model enables management of infrastructure
with language typically used in application code
 Free developers from manually configuring operating
systems, system applications, and server software
Microservices
Build applications as a set of small services that communicates with other
services through APIs

 Maintain visibility and auditability of activity in your
application infrastructure
 Assess how application and infrastructure performance
impact end-user experience
 Gain insight into the root causes of problems or
unexpected changes
 Support services that must be available 24/7 as a result
of continuous integration/ continuous delivery
 Create alerts based on thresholds you define
Logging and Monitoring
Capture, categorize, and analyze data and logs generated by applications
and infrastructure

 Model and visualize your own custom release workflow
 Automate deployments of new code
 Improve developer productivity and deliver updates faster
 Find and address bugs quicker with more frequent and
comprehensive testing
 Store anything from source code to binaries using existing
Git tools
Continuous Integration and Continuous Delivery
Rapidly and reliably build, test, and deploy your applications, while
improving quality and reducing time to market.

Logicworks

About Logicworks
 AWS Premier Partner with the DevOps Competency
 Leader in the 2017 Gartner Magic Quadrant for Public Cloud MSPs
 Specializes in high-risk, compliant workloads for healthcare
and financial services
Cloud Strategy 24/7 Management Cloud Automation Cloud Security

Agenda
1. DevOps From the Ops Side
2. Why People Love Docker
3. Understanding Security + Automation on AWS
Next Up:
Jerry Hagedorn, Spring Venture Group
Real-Life Docker Deployment & DevOps from the Dev Side

Quick Poll (1 of 2)
Who is currently living the dream of Cloud-based DevOps?
A. Me & My Company
B. Just Me
C. Just My Company
D. Neither Me nor My Company

What’s Next? DevOps
“It is not the strongest of the
species that survive, nor the
most intelligent, but the one
most responsive to change.”
– Charles Darwin

DevOps Ops Struggles
Pockets of developers
using their favorite (not
well-integrated) tools
Infrastructure is always “on
fire”, time-consuming,
custom built for each project
Ops is an afterthought
in Agile transformation
projects

Great Ops in a DevOps World
 Make it easy for developers to launch “approved” infrastructure
 Create a clear line between responsibilities of Ops and Dev
 Design for constant change
 Treat infrastructure as code and issues as regressions
 Reduce human effort to reduce security risks
 Use fully-managed cloud resources whenever possible

DevOps in Action
AWS Platform
Infrastructure Automation
(AWS CloudFormation, Amazon ECS, Puppet, etc.)
Self-Service Portal
(AWS Service Catalog)
Deployment Automation — CI/CD Pipeline
Application
Developers
Operations

Case Study: Spring Venture Group
AWS Platform
Self-Service Portal
Application

AWS Platform
Self-Service Portal
Application
Case Study: Spring Venture Group

Most robust, mature,
largest IaaS platform in
the world
Better security than you
could afford in your own
data center
Dozens of services to
support any application, not
just “cloud-ready” ones
Many DevOps-friendly
services, ready to
support containers
AWS Platform

Cloud-First vs Traditional App Dev KPIs
Without AWS With AWS Difference Benefit
Average time to deploy
new application (weeks)
13.4 8.5 4.9 36.7%
# of business apps
deployed per year
22.2 48.5 26.3 118.4%
Equivalent size of app
dev team
146.8 114.1 32.7 22.3%
Unplanned downtime
incidents per year
10.6 2.1 8.5 79.8%
Source: IDC, 2015

Who is currently leveraging “Infrastructure as Code”?
A. All Day Every Day!
B. Minimally Deployed / POC’ing Now
C. Learning more now and hope to start this year…
D. Not sure what that even means…seems contradictory?!
Quick Poll (2 of 2)

Why Infrastructure Automation?
 Every environment is a snowflake
 High chance of forgetting
something important (i.e., security)
 Slow
 Can’t rollback
 Change code, not servers
 Quickly replicate environments
 Easily update environments
 Every instance gets configured
in same way
Manual Automated

Infrastructure Automation Pipeline
“Raw” AWS
Services
Amazon EC2, Amazon
S3, Amazon RDS,
AWS ELB, etc.
Create
Architectures
Design cloud architecture
for your applications.
Templatize your
architecture so that you
can easily replicate/update.
Create Templates Configure OS
Create a consistent way
to get instances ready to
receive code.

 Builds network foundation
 Configures gateways and access points
 Installs management services, like Puppet
 Allocates Amazon S3 buckets
 Attaches encrypted volumes
 Controls and manages access though AWS IAM
 Registers DNS names with Amazon Route 53
 Configures log shipping and retention
AWS CloudFormation
What AWS CloudFormation does for Spring Venture Group:

 What CM Does:
 Configures hostnames
 Binds instances to central auth
 Requires MFA on bastion
 Installs NTP, MTA, other essentials
 Installs log shipping and monitoring software
 Provisions machine for deploy
Configuration Management
The goal of configuration management (CM) is to create and maintain
OS configurations.

 Developers get to choose from available templates
 Instantly build out “approved” environments
 Systems team maintains templates
 Developers are responsible for making code “work”
 Interface between Dev and Ops
Service Catalog

What is the Impact on Security?
You have less direct human interaction in your environment,
but you still need 24/7 human monitors.
Controlled
Build Process
No ad hoc environments
that lead to an unknown
risk profile
Controlled
Update Process
All changes are documented
Reduced Human
Effort
…But 24x7 human
monitors are still important!

Key Takeaways
Building a fully-
automated cloud
environment is complex,
but crucial
Invest in infrastructure
automation as the
foundation for DevOps
We would love to help!
Contact Logicworks or
visit our website to
learn more.

Next Up… Spring Venture Group
AWS Platform
Self-Service Portal
Application

Spring Venture Group
Jerry Hagedorn, VP of Information Technology

DevOps in Action
AWS Platform
Self-Service Portal
Application

About Spring Venture Group
Inside sales and
marketing company with
a concentration on
direct-to-consumer
insurance products
Mission to operate a
world-class distribution
platform
2016 Best Insurance
Companies to Work For
150% Revenue growth in
2016; IT staff has more
than tripled since
January 2016

Agenda
1. Our Technology Goals
2. Why Docker?
3. Our Deployment Pipeline
4. Docker Orchestration & Security
5. Infrastructure Automation + Deployment Automation
= Efficient Developers

Our Technology Goals
Support Business
Growth
ComplianceAutomationFocus on
Development

Our Solution
Docker Containers Logicworks Managed
AWS Services
Migration to the
AWS Cloud
AWS

 Build once, run anywhere
 No worries about missing dependencies and packages
 Isolates software
 Isolates code failures
 Easier to automate testing, integration, packaging
Docker Containers

“The real value of Docker is not
technology. It’s getting people
to agree on something.”
-Solomon Hykes

Docker Basics
 Docker Hub: A “GitHub” for Docker container images
 Dockerfile: Text file that contains commands to build a Docker image
 Container: The thing that’s created from a Docker image
 Docker daemon: Background service running on the host that manages
building, running, and distributing containers
APP 1 APP 2 APP 3
BINS/LIBS BINS/LIBS BINS/LIBS
DOCKER ENGINE
HOST OPERATING SYSTEM
INFRASTRUCTURE

Our Deployment Pipeline
Build
ECS
Cluster
Commit
Pull Base
Image
Push
New
Image
2
AWS Service
Catalog
1
Build Image4
2
3 5
Place Containers
AWS EC2
Container Service
6

AWS Service Catalog from Developers’POV
 Consistent, standard Amazon ECS-ready environment
 Baked-in security controls for HIPAA compliance
 No delay or friction between Ops (Logicworks) and our developers

 Automate, automate, automate
 Invest early in a service discovery solution
(Eureka, Consul, etc.)
 Embrace external configuration
 Use the HEALTHCHECK instruction in your
Docker file, and implement meaningful health
check in your application that it interacts with
 Application Load Balancers
Key Tips for Adopting Docker

Docker Security
Application
Segregation
Shared Kernel
Transient Immutable
Resource isolation

Amazon EC2 Container Service
 Highly scalable, high
performance container
management service
 Lightweight, eliminates need
to install and operate cluster
management infrastructure
 No charge for ECS
(you pay only for AWS
resources you create)

Docker Orchestration: Amazon ECS vs. Other Tools
 We prefer AWS native solutions whenever possible
– Stability
– Maintenance covered
 AWS ECS met our environment management needs
 ECS/Docker provided significant improvement in stability with disposing
of containers based on health checks
 Logicworks manages our infrastructure including ECS and we leverage it
to deploy containers, no overhead of running 3rd party solution

Built AWS environment
from the ground up
Ongoing expertise and
support as our needs change
24x7x365 support Helped us understand
HIPAA requirements
Deploy AWS with click
of button
Working with Logicworks

Results of the Project
 Started in February 2016
 Migration Included
– Building out testing region
– Automated builds and deployments for each system/service
 Migration completed in July 2016
– With minimum business operational impact
– While supporting several key business deployments
– Nearly doubling the number of users

Key Takeaways for Your Team
Automation
Drive efficiency
of developers
Health Checks
Dramatically increases
overall system stability
Partnerships are
key to success
Allowed us to migrate
quickly and continue to
be nimble

We’re Hiring!
 Looking for a great DevOps Engineer to manage our deployment
automation and application monitoring
 http://www.springventuregroup.com/careers/

Q & A Session
widha@amazon.com
Jerry Hagedorn, VP of Information Technology, Spring Venture Group
jerry@springventuregroup.com
cprice@logicworks.com
Phil Christensen, Sr Solutions Architect, Logicworks
pchristensen@logicworks.com

Resources
 Logicworks’ DevOps on AWS Resource Center
– http://go.logicworks.net/aws-devops-webinar
 CD Reference Architecture using AWS ECS/Docker:
– https://github.com/awslabs/ecs-refarch-continuous-deployment
 AWS Whitepaper: Practicing CI/CD on AWS:
– https://d0.awsstatic.com/whitepapers/DevOps/practicing-continuous-integration-continuous-
delivery-on-AWS.pdf
 AWS Whitepaper: Configuring and Running Jenkins on AWS:
– https://d0.awsstatic.com/whitepapers/DevOps/Jenkins_on_AWS.pdf

Fast, Secure Deployments with Docker on AWS

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Fast, Secure Deployments with Docker on AWS

Similar a Fast, Secure Deployments with Docker on AWS (20)

Más de Amazon Web Services

Más de Amazon Web Services (20)

Último

Último (20)

Fast, Secure Deployments with Docker on AWS