SlideShare una empresa de Scribd logo

Docker Roadshow 2016

Descargar como PPTX, PDF
Docker, Inc.
Docker, Inc.

This presentation is from the 2016 Enterprise Roadshow series in North America and Europe. This presentation explains the Docker enterprise solution including Containers as a Service workflows powered by Docker Datacenter and the integration with HPE to deliver a container platform on hybrid cloud infrastructure. Learn more: www.docker.com/enterprise

Tecnología
1 de 51
Docker and the Modern Application Platform Marc Verstaen, EVP Product Development
2 The application landscape is changing Loosely Coupled Services Many Small Servers or devices ~2000 Today Monolithic Big Servers Slow changing Rapidly updated
Development VM QA Server Public Cloud Disaster Recovery Contributor’s Laptop Production Servers Production Cluster Data Center Containers are the catalyst Static Website Web Front End Background Workers User DB Analytics DB Queue API Endpoint
Docker users already running in production 60% Docker driving the containerization movement Docker Survey: State of Applications Q1 2016 Cluster HQ: State of Container Usage June 2016 Companies running container technology in production (500+ employees)
At the center of enterprise IT transformation 80% Docker is central to cloud strategy Docker Survey: State of App development : Q1 - 2016 3 out 4 Top initiatives revolve around applications 44% Looking to adopt DevOps App Modernization DevOpsCloud State of App development Survey: Q1 2016
6 Docker delivers innovation, speed and savings + +Agility Portability Control State of App development Survey: Q1 2016, Cornell University case study 13XMore software releases 62%Report reduction in MTTR 10XCost reduction in maintaining existing applications Eliminate “works on my machine” issues 41%Move workloads across private/public clouds 65%Reduction in developer onboarding time
Docker Containers as a Service
Cloud Zone 1 Cloud Zone 2 Data Center Development Center Headquarters Docker aims to build a programmable layer for the internet to connect your global supply chain Build, ship and run any application anywhere The enterprise software supply chain is global
Enterprise IT is hybrid apps and infrastructure x86 server operating systems worldwide Docker State of App development Survey: Q1 2016 Morgan Stanley CIO Survey: June 30, 2016 Study of Gartner reports re: x86 shipments • 80% looking to Docker to enable hybrid cloud initiatives. • Public Cloud adoption expected to increase to 30% by 2017. • 46% plan to build new microservices
˝ DEVELOPERS IT OPERATIONS BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale Docker enables a new workflow with Containers as a Service
Docker Universal Control Plane Integrated Security Docker Engine Container runtime, orchestration, networking, volumes, plugins Docker Trusted Registry Operating Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes VirtualizationPublic Cloud Physical Docker CaaS platform is flexible, pluggable and portable Docker Datacenter
One platform and one journey for all applications 1 Containerize Legacy Applications Lift and shift for portability and efficiency 2 3 Transform Legacy to Microservices Look for shared services to transform Accelerate New Applications Greenfield innovation
Servers ship with Docker Commercial Engine/Support Docker Datacenter available through all HPE channels Integrated Solution with Hardware, Software, Support, and Services
Docker Datacenter Steven Thwaites, Solutions Engineer
DEVELOPERS IT OPERATIONS BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale Docker Datacenter workflow Docker Trusted Registry Docker Content Trust Universal Control Plane Docker for Mac Docker for Windows
17 Docker Datacenter core values + +Agility Portability Control Extends the Docker developer experience to production Easy to setup and use Native Docker solution Ease of management at scale Integrated security and policy for content and access (RBAC) Integrates with existing systems Full support of Docker API Seamless dev to prod workflow Infrastructure, network and storage portability
18 Key use cases for Docker Datacenter Cloud Microservices Cloud Migration Hybrid Cloud Multi-Cloud Containerization Microservices App Modernization DevOps CI/CD Self Service DevOps
Portability: Frictionless across environments 19 Dev Test / QA Staging Production Same code in dev runs unchanged in every environment Container, network, storage portability Services Networks Volumes
Control: Orchestration and integrations at scale Universal Control Plane High Availability Access Control 3rd Party PluginsSwarm Managed GUI Management Docker Native Integration Monitoring 20
Control: Ease of use and management • Quick and easy to deploy • Easy GUI based configurations • Simple and non-disruptive upgrades • Intuitive GUI and dashboards • Point and click, search and browse • Support for Docker CLI and Toolbox 21
Control : Easy to deploy and use 22
Control: Granular control of applications 23 Manage Compose apps • Start, stop or delete Compose apps • Click to inspect individual containers Manage Containers • Start, stop, destroy or rename • Scale number of containers • View details, stats, logs • Use console to log into
Control: Secure Runtime Access Set up options • LDAP/AD support • Built-in Granular RBAC • Users and Teams • Roles • Permission labels User Experience • Single sign on 24
Control: Unified Authentication Service 25 UCP LDAP/AD External CA DTR eNZi •Provides shared authentication for entire DDC stack •Install/configure with UCP (including HA replication) •Users created in UCP show up in DTR and vice-versa •Streamlined UCP and DTR setup for SSO
Control: Secure Image Collaboration Trusted Registry Log Aggregator Authorization Server Registry ServiceContent Trust 26 LDAP/AD Logs Storage Image Repo Image Repo Image Repo Admin Server Notary Server Web UI CLI
Control: Integrated Content Trust Developers IT Operations BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale 27 Library of signed and trusted images Enforce use of only trusted images
Control: Granular Image Management • Search and browse repos • RBAC by repo –Users, Teams, Orgs –Read, Read-Write, Admin • Garbage collection • Integrated Content Trust 28
Docker Datacenter Subscription 29 Docker Universal Control Plane Docker Trusted Registry Docker Engine Business Day Support $1,500 /node/year Docker Universal Control Plane Docker Trusted Registry Docker Engine Business Critical Support $3,000 /node/year
Value of a Docker Subscription 30 ValidatedConfigurations Enterprise Class Support with SLAs and hotfixes Docker Universal Control Plane Docker Trusted Registry (Integrated Docker Content Trust) Commercially Supported Docker Engine Integrations and API Support
Value of Docker Subscription Official Technical Support • Dedicated support engineers and SLAs • Only available from Docker and IBM Secure • Address vulnerabilities • Hotfixes Stable • Predictable release cadence • Long supported versions • Backport defect fixes 31 Integrations and API Support • Docker native toolset • Access to the broadest ecosystem Validated Configurations • Validated operating systems, configurations and interoperability Direct Product Roadmap Ownership • Directly responsible for proprietary and open source product roadmap
Secure the Enterprise Software Lifecycle with Docker Diogo Monica, Security Lead
source/ dependencies build systems/ engineers network application repository deployed systems Software supply chain
Identity
IMAGE name: alpine:3.4 sha256: ea08...950 ID: f70c828098f5 expires: 2019-06-20 USER name: user org: organization DOCKER HOST name: node-1 ID: 9j1kxp7cd1z...22c *manager expires: 2016-06-21 ID: 58slx2ra5qiee92n4uf56ocvf
source/ dependencies build systems/ engineers Consistent builds
Consistent Builds: Good input = good output
network Application signing
Docker Content Trust
40 Security: Trusted image chaining Add image layer, sign then push image to private registry Continue until complete for a trusted chain of image layers pypy3 Django app Additional Libraries debian:jessie pypy:3 user/pypybase:latest user/myapp:latest
application repository Security Scanning and Gating
Docker Security Scanning Architecture
44 Trusted image chaining with signing Add image layer, sign, security scan then push image to private registry Continue until complete for a trusted chain of image layers Now a security BOM exists for each image tag pypy3 Django app Additional Libraries debian:jessie pypy:3 user/pypybase:latest user/myapp:latest
45 Threshold signing and gating CI Security Scanning Staging Production UCP WorkerUCP Worker UCP Worker UCP Manager Sign image to “approve” passing of each stage. Policy to check for signatures before deployment
deployed systems Orchestration
$ docker run -it --net host --pid host --cap-add audit_control ... docker/docker-bench-security [INFO] 1 - Host Configuration [WARN] 1.1 - Create a separate partition for containers [PASS] 1.2 - Use an updated Linux Kernel [PASS] 1.4 - Remove all non-essential services from the host - Network [PASS] 1.5 - Keep Docker up to date [INFO] * Using 1.12.04 which is current as of 2016-08-16 [INFO] * Check with your operating system vendor for support and security maintenance for docker [INFO] 1.6 - Only allow trusted users to control Docker daemon [INFO] * docker:x:999:docker [WARN] 1.7 - Failed to inspect: auditctl command not found. [WARN] 1.8 - Failed to inspect: auditctl command not found. [WARN] 1.9 - Failed to inspect: auditctl command not found. [INFO] 1.10 - Audit Docker files and directories - docker.service [INFO] * File not found [INFO] 1.11 - Audit Docker files and directories - docker.socket [INFO] * File not found ...
• Docker 1.12 with built in orchestration (clustering and scheduling) • Strong default cluster security Secure Cluster Management
•Leader acts as CA. •Any Manager can be promoted to leader. •Workers and managers identified by their certificate. •Communications secured with Mutual TLS. Mutual TLS by default
• Managers support BYO CA. • Forwards CSRs to external CA. • Customizable certificate rotation periods. • Occurs automatically • Ensures potentially compromised or leaked certificates are rotated out of use. • Whitelist of currently valid certificates. Support for External CA’s and Automatic Rotation
Docker Roadshow 2016

Recomendados

Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
Docker, Inc.
 
Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker Meetup 08 03-2016
Docker Meetup 08 03-2016
Docker
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
Docker, Inc.
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
Docker, Inc.
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
Patrick Chanezon
 

Recomendados

Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
Docker, Inc.
 
Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker Meetup 08 03-2016
Docker Meetup 08 03-2016
Docker
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
Docker, Inc.
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
Docker, Inc.
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
Patrick Chanezon
 
Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0 Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0
Docker, Inc.
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Julien Maitrehenry
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
Docker, Inc.
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker, Inc.
 
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Docker, Inc.
 
Docker Basic to Advance
Docker Basic to AdvanceDocker Basic to Advance
Docker Basic to Advance
Paras Jain
 
Docker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT Infrastructure
Docker, Inc.
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and Docker
Docker, Inc.
 
Docker SF Meetup January 2016
Docker SF Meetup January 2016Docker SF Meetup January 2016
Docker SF Meetup January 2016
Patrick Chanezon
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
Dmitry Skaredov
 
Docker introduction & benefits
Docker introduction & benefitsDocker introduction & benefits
Docker introduction & benefits
Amit Manwade
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
Ajeet Singh Raina
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to docker
Dr Ganesh Iyer
 
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Docker, Inc.
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
Clarence Ho
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
Docker, Inc.
 
Docker Datacenter - CaaS
Docker Datacenter - CaaSDocker Datacenter - CaaS
Docker Datacenter - CaaS
Harish Jayakumar
 
Infinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsInfinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container Environments
Docker, Inc.
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
Will Kinard
 
Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
Docker, Inc.
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRI
Docker, Inc.
 

Más contenido relacionado

La actualidad más candente

Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
Docker, Inc.
 
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker, Inc.
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and Docker
Docker, Inc.
 

La actualidad más candente (20)

Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0 Online Meetup: What's new in docker 1.13.0
Online Meetup: What's new in docker 1.13.0
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
 
Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...Enabling Production Grade Containerized Applications through Policy Based Inf...
Enabling Production Grade Containerized Applications through Policy Based Inf...
 
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
Docker Practice in Alibaba Cloud by Li Yi (Mark) & Zuhe Li (Sogo)
 
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
 
Docker Basic to Advance
Docker Basic to AdvanceDocker Basic to Advance
Docker Basic to Advance
 
Docker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT Infrastructure
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and Docker
 
Docker SF Meetup January 2016
Docker SF Meetup January 2016Docker SF Meetup January 2016
Docker SF Meetup January 2016
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 
Docker introduction & benefits
Docker introduction & benefitsDocker introduction & benefits
Docker introduction & benefits
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to docker
 
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
 
Docker Datacenter - CaaS
Docker Datacenter - CaaSDocker Datacenter - CaaS
Docker Datacenter - CaaS
 
Infinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container EnvironmentsInfinit: Modern Storage Platform for Container Environments
Infinit: Modern Storage Platform for Container Environments
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
 

Destacado

Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
Docker, Inc.
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerd
Docker, Inc.
 
Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&A
Docker, Inc.
 
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Docker, Inc.
 
Why Docker
Why DockerWhy Docker
Why Docker
dotCloud
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to Docker
Docker, Inc.
 

Destacado (20)

Docker 101 - Nov 2016
Docker 101 - Nov 2016Docker 101 - Nov 2016
Docker 101 - Nov 2016
 
containerd and CRI
containerd and CRIcontainerd and CRI
containerd and CRI
 
Driving containerd operations with gRPC
Driving containerd operations with gRPCDriving containerd operations with gRPC
Driving containerd operations with gRPC
 
'The History of Metrics According to me' by Stephen Day
'The History of Metrics According to me' by Stephen Day'The History of Metrics According to me' by Stephen Day
'The History of Metrics According to me' by Stephen Day
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerd
 
Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica Orchestrating Least Privilege by Diogo Monica
Orchestrating Least Privilege by Diogo Monica
 
Containerd - core container runtime component
Containerd - core container runtime component Containerd - core container runtime component
Containerd - core container runtime component
 
Docker Networking: Control plane and Data plane
Docker Networking: Control plane and Data planeDocker Networking: Control plane and Data plane
Docker Networking: Control plane and Data plane
 
Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&A
 
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
Using Docker Swarm Mode to Deploy Service Without Loss by Dongluo Chen & Nish...
 
Why Docker
Why DockerWhy Docker
Why Docker
 
Prometheus design and philosophy
Prometheus design and philosophy Prometheus design and philosophy
Prometheus design and philosophy
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to Docker
 
Persistent storage tailored for containers
Persistent storage tailored for containersPersistent storage tailored for containers
Persistent storage tailored for containers
 
Unikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOSUnikernels: the rise of the library hypervisor in MirageOS
Unikernels: the rise of the library hypervisor in MirageOS
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 

Similar a Docker Roadshow 2016

Docker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - OverviewDocker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - Overview
Chris Ciborowski
 

Similar a Docker Roadshow 2016 (20)

Docker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityDocker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & Agility
 
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...
 
SS Introduction to Docker
SS Introduction to DockerSS Introduction to Docker
SS Introduction to Docker
 
Docker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker ee an architecture and operations overview
Docker ee an architecture and operations overview
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker Slides
 
Docker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - OverviewDocker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - Overview
 
Docker EE 2.0 choice security agility by Erik Tan,Tech Insights Singapore - 2...
Docker EE 2.0 choice security agility by Erik Tan,Tech Insights Singapore - 2...Docker EE 2.0 choice security agility by Erik Tan,Tech Insights Singapore - 2...
Docker EE 2.0 choice security agility by Erik Tan,Tech Insights Singapore - 2...
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - Presentation
 
Getting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick StinematesGetting Started with Docker - Nick Stinemates
Getting Started with Docker - Nick Stinemates
 
Devoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsDevoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and Bolts
 
Tampere Docker meetup - Happy 5th Birthday Docker
Tampere Docker meetup - Happy 5th Birthday DockerTampere Docker meetup - Happy 5th Birthday Docker
Tampere Docker meetup - Happy 5th Birthday Docker
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
 
Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015Docker & aPaaS: Enterprise Innovation and Trends for 2015
Docker & aPaaS: Enterprise Innovation and Trends for 2015
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of Containers
 
DockerCon EU 2015: Docker Universal Control Plane (Gordon's Special Session)
DockerCon EU 2015: Docker Universal Control Plane (Gordon's Special Session)DockerCon EU 2015: Docker Universal Control Plane (Gordon's Special Session)
DockerCon EU 2015: Docker Universal Control Plane (Gordon's Special Session)
 
Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker EnterpriseAlibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
 
Erik Baardse - Bringing Agility to Traditional application by docker
Erik Baardse - Bringing Agility to Traditional application by dockerErik Baardse - Bringing Agility to Traditional application by docker
Erik Baardse - Bringing Agility to Traditional application by docker
 
'Dockerizing' within enterprises
'Dockerizing' within enterprises'Dockerizing' within enterprises
'Dockerizing' within enterprises
 

Más de Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 

Más de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Docker Roadshow 2016

  • 1. Docker and the Modern Application Platform Marc Verstaen, EVP Product Development
  • 2. 2 The application landscape is changing Loosely Coupled Services Many Small Servers or devices ~2000 Today Monolithic Big Servers Slow changing Rapidly updated
  • 3. Development VM QA Server Public Cloud Disaster Recovery Contributor’s Laptop Production Servers Production Cluster Data Center Containers are the catalyst Static Website Web Front End Background Workers User DB Analytics DB Queue API Endpoint
  • 4. Docker users already running in production 60% Docker driving the containerization movement Docker Survey: State of Applications Q1 2016 Cluster HQ: State of Container Usage June 2016 Companies running container technology in production (500+ employees)
  • 5. At the center of enterprise IT transformation 80% Docker is central to cloud strategy Docker Survey: State of App development : Q1 - 2016 3 out 4 Top initiatives revolve around applications 44% Looking to adopt DevOps App Modernization DevOpsCloud State of App development Survey: Q1 2016
  • 6. 6 Docker delivers innovation, speed and savings + +Agility Portability Control State of App development Survey: Q1 2016, Cornell University case study 13XMore software releases 62%Report reduction in MTTR 10XCost reduction in maintaining existing applications Eliminate “works on my machine” issues 41%Move workloads across private/public clouds 65%Reduction in developer onboarding time
  • 8. Cloud Zone 1 Cloud Zone 2 Data Center Development Center Headquarters Docker aims to build a programmable layer for the internet to connect your global supply chain Build, ship and run any application anywhere The enterprise software supply chain is global
  • 9. Enterprise IT is hybrid apps and infrastructure x86 server operating systems worldwide Docker State of App development Survey: Q1 2016 Morgan Stanley CIO Survey: June 30, 2016 Study of Gartner reports re: x86 shipments • 80% looking to Docker to enable hybrid cloud initiatives. • Public Cloud adoption expected to increase to 30% by 2017. • 46% plan to build new microservices
  • 10. ˝ DEVELOPERS IT OPERATIONS BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale Docker enables a new workflow with Containers as a Service
  • 11. Docker Universal Control Plane Integrated Security Docker Engine Container runtime, orchestration, networking, volumes, plugins Docker Trusted Registry Operating Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes VirtualizationPublic Cloud Physical Docker CaaS platform is flexible, pluggable and portable Docker Datacenter
  • 12. One platform and one journey for all applications 1 Containerize Legacy Applications Lift and shift for portability and efficiency 2 3 Transform Legacy to Microservices Look for shared services to transform Accelerate New Applications Greenfield innovation
  • 13.
  • 14. Servers ship with Docker Commercial Engine/Support Docker Datacenter available through all HPE channels Integrated Solution with Hardware, Software, Support, and Services
  • 16. DEVELOPERS IT OPERATIONS BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale Docker Datacenter workflow Docker Trusted Registry Docker Content Trust Universal Control Plane Docker for Mac Docker for Windows
  • 17. 17 Docker Datacenter core values + +Agility Portability Control Extends the Docker developer experience to production Easy to setup and use Native Docker solution Ease of management at scale Integrated security and policy for content and access (RBAC) Integrates with existing systems Full support of Docker API Seamless dev to prod workflow Infrastructure, network and storage portability
  • 18. 18 Key use cases for Docker Datacenter Cloud Microservices Cloud Migration Hybrid Cloud Multi-Cloud Containerization Microservices App Modernization DevOps CI/CD Self Service DevOps
  • 19. Portability: Frictionless across environments 19 Dev Test / QA Staging Production Same code in dev runs unchanged in every environment Container, network, storage portability Services Networks Volumes
  • 20. Control: Orchestration and integrations at scale Universal Control Plane High Availability Access Control 3rd Party PluginsSwarm Managed GUI Management Docker Native Integration Monitoring 20
  • 21. Control: Ease of use and management • Quick and easy to deploy • Easy GUI based configurations • Simple and non-disruptive upgrades • Intuitive GUI and dashboards • Point and click, search and browse • Support for Docker CLI and Toolbox 21
  • 22. Control : Easy to deploy and use 22
  • 23. Control: Granular control of applications 23 Manage Compose apps • Start, stop or delete Compose apps • Click to inspect individual containers Manage Containers • Start, stop, destroy or rename • Scale number of containers • View details, stats, logs • Use console to log into
  • 24. Control: Secure Runtime Access Set up options • LDAP/AD support • Built-in Granular RBAC • Users and Teams • Roles • Permission labels User Experience • Single sign on 24
  • 25. Control: Unified Authentication Service 25 UCP LDAP/AD External CA DTR eNZi •Provides shared authentication for entire DDC stack •Install/configure with UCP (including HA replication) •Users created in UCP show up in DTR and vice-versa •Streamlined UCP and DTR setup for SSO
  • 26. Control: Secure Image Collaboration Trusted Registry Log Aggregator Authorization Server Registry ServiceContent Trust 26 LDAP/AD Logs Storage Image Repo Image Repo Image Repo Admin Server Notary Server Web UI CLI
  • 27. Control: Integrated Content Trust Developers IT Operations BUILD Development Environments SHIP Secure Content & Collaboration RUN Deploy, Manage, Scale 27 Library of signed and trusted images Enforce use of only trusted images
  • 28. Control: Granular Image Management • Search and browse repos • RBAC by repo –Users, Teams, Orgs –Read, Read-Write, Admin • Garbage collection • Integrated Content Trust 28
  • 29. Docker Datacenter Subscription 29 Docker Universal Control Plane Docker Trusted Registry Docker Engine Business Day Support $1,500 /node/year Docker Universal Control Plane Docker Trusted Registry Docker Engine Business Critical Support $3,000 /node/year
  • 30. Value of a Docker Subscription 30 ValidatedConfigurations Enterprise Class Support with SLAs and hotfixes Docker Universal Control Plane Docker Trusted Registry (Integrated Docker Content Trust) Commercially Supported Docker Engine Integrations and API Support
  • 31. Value of Docker Subscription Official Technical Support • Dedicated support engineers and SLAs • Only available from Docker and IBM Secure • Address vulnerabilities • Hotfixes Stable • Predictable release cadence • Long supported versions • Backport defect fixes 31 Integrations and API Support • Docker native toolset • Access to the broadest ecosystem Validated Configurations • Validated operating systems, configurations and interoperability Direct Product Roadmap Ownership • Directly responsible for proprietary and open source product roadmap
  • 32. Secure the Enterprise Software Lifecycle with Docker Diogo Monica, Security Lead
  • 35. IMAGE name: alpine:3.4 sha256: ea08...950 ID: f70c828098f5 expires: 2019-06-20 USER name: user org: organization DOCKER HOST name: node-1 ID: 9j1kxp7cd1z...22c *manager expires: 2016-06-21 ID: 58slx2ra5qiee92n4uf56ocvf
  • 37. Consistent Builds: Good input = good output
  • 40. 40 Security: Trusted image chaining Add image layer, sign then push image to private registry Continue until complete for a trusted chain of image layers pypy3 Django app Additional Libraries debian:jessie pypy:3 user/pypybase:latest user/myapp:latest
  • 42. Docker Security Scanning Architecture
  • 43.
  • 44. 44 Trusted image chaining with signing Add image layer, sign, security scan then push image to private registry Continue until complete for a trusted chain of image layers Now a security BOM exists for each image tag pypy3 Django app Additional Libraries debian:jessie pypy:3 user/pypybase:latest user/myapp:latest
  • 45. 45 Threshold signing and gating CI Security Scanning Staging Production UCP WorkerUCP Worker UCP Worker UCP Manager Sign image to “approve” passing of each stage. Policy to check for signatures before deployment
  • 47. $ docker run -it --net host --pid host --cap-add audit_control ... docker/docker-bench-security [INFO] 1 - Host Configuration [WARN] 1.1 - Create a separate partition for containers [PASS] 1.2 - Use an updated Linux Kernel [PASS] 1.4 - Remove all non-essential services from the host - Network [PASS] 1.5 - Keep Docker up to date [INFO] * Using 1.12.04 which is current as of 2016-08-16 [INFO] * Check with your operating system vendor for support and security maintenance for docker [INFO] 1.6 - Only allow trusted users to control Docker daemon [INFO] * docker:x:999:docker [WARN] 1.7 - Failed to inspect: auditctl command not found. [WARN] 1.8 - Failed to inspect: auditctl command not found. [WARN] 1.9 - Failed to inspect: auditctl command not found. [INFO] 1.10 - Audit Docker files and directories - docker.service [INFO] * File not found [INFO] 1.11 - Audit Docker files and directories - docker.socket [INFO] * File not found ...
  • 48. • Docker 1.12 with built in orchestration (clustering and scheduling) • Strong default cluster security Secure Cluster Management
  • 49. •Leader acts as CA. •Any Manager can be promoted to leader. •Workers and managers identified by their certificate. •Communications secured with Mutual TLS. Mutual TLS by default
  • 50. • Managers support BYO CA. • Forwards CSRs to external CA. • Customizable certificate rotation periods. • Occurs automatically • Ensures potentially compromised or leaked certificates are rotated out of use. • Whitelist of currently valid certificates. Support for External CA’s and Automatic Rotation