This presentation is from the 2016 Enterprise Roadshow series in North America and Europe. This presentation explains the Docker enterprise solution including Containers as a Service workflows powered by Docker Datacenter and the integration with HPE to deliver a container platform on hybrid cloud infrastructure.
Learn more: www.docker.com/enterprise
1. Docker and the Modern
Application Platform
Marc Verstaen, EVP Product Development
2. 2
The application landscape is changing
Loosely
Coupled
Services
Many Small
Servers or devices
~2000 Today
Monolithic
Big Servers
Slow
changing
Rapidly
updated
4. Docker users already
running in production
60%
Docker driving the containerization movement
Docker Survey: State of Applications
Q1 2016
Cluster HQ: State of Container Usage
June 2016
Companies running container
technology in production
(500+ employees)
5. At the center of enterprise IT transformation
80%
Docker is central to
cloud strategy
Docker Survey: State of App development : Q1 - 2016
3 out 4
Top initiatives revolve
around applications
44%
Looking to adopt DevOps
App
Modernization
DevOpsCloud
State of App development Survey: Q1 2016
6. 6
Docker delivers innovation, speed and savings
+ +Agility Portability Control
State of App development Survey: Q1 2016, Cornell University case study
13XMore software releases
62%Report reduction in MTTR
10XCost reduction in maintaining
existing applications
Eliminate
“works on my machine”
issues
41%Move workloads across
private/public clouds
65%Reduction in developer
onboarding time
8. Cloud Zone 1
Cloud Zone 2 Data Center
Development
Center
Headquarters
Docker aims to build a
programmable layer for the
internet to connect your global
supply chain
Build, ship and run any
application anywhere
The enterprise software supply chain is global
9. Enterprise IT is hybrid apps and infrastructure
x86 server operating
systems worldwide Docker State of App development Survey: Q1 2016
Morgan Stanley CIO Survey: June 30, 2016
Study of Gartner reports re: x86 shipments
• 80% looking to Docker to enable
hybrid cloud initiatives.
• Public Cloud adoption expected to
increase to 30% by 2017.
• 46% plan to build new
microservices
10. ˝
DEVELOPERS IT OPERATIONS
BUILD
Development Environments
SHIP
Secure Content & Collaboration
RUN
Deploy, Manage, Scale
Docker enables a new workflow with Containers as a
Service
11. Docker Universal Control Plane
Integrated
Security
Docker Engine
Container runtime, orchestration, networking, volumes, plugins
Docker Trusted Registry
Operating
Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes
VirtualizationPublic Cloud Physical
Docker CaaS platform is flexible, pluggable and
portable
Docker Datacenter
12. One platform and one journey for all applications
1 Containerize Legacy Applications
Lift and shift for portability and efficiency
2
3
Transform Legacy to Microservices
Look for shared services to transform
Accelerate New Applications
Greenfield innovation
13.
14. Servers ship with Docker
Commercial Engine/Support
Docker Datacenter available
through all HPE channels
Integrated Solution with
Hardware, Software, Support,
and Services
16. DEVELOPERS IT OPERATIONS
BUILD
Development Environments
SHIP
Secure Content & Collaboration
RUN
Deploy, Manage, Scale
Docker Datacenter workflow
Docker Trusted Registry
Docker Content Trust
Universal Control Plane
Docker for Mac
Docker for Windows
17. 17
Docker Datacenter core values
+ +Agility Portability Control
Extends the Docker developer
experience to production
Easy to setup and use
Native Docker solution
Ease of management at scale
Integrated security and policy for
content and access (RBAC)
Integrates with existing systems
Full support of Docker API
Seamless dev to prod workflow
Infrastructure, network and
storage portability
18. 18
Key use cases for Docker Datacenter
Cloud Microservices
Cloud Migration
Hybrid Cloud
Multi-Cloud
Containerization
Microservices
App Modernization
DevOps
CI/CD
Self Service
DevOps
19. Portability: Frictionless across environments
19
Dev Test / QA Staging Production
Same code in dev runs unchanged in every environment
Container, network, storage portability
Services
Networks
Volumes
20. Control: Orchestration and integrations at scale
Universal Control Plane
High
Availability
Access Control
3rd Party PluginsSwarm Managed
GUI
Management
Docker Native
Integration
Monitoring
20
21. Control: Ease of use and management
• Quick and easy to deploy
• Easy GUI based configurations
• Simple and non-disruptive upgrades
• Intuitive GUI and dashboards
• Point and click, search and browse
• Support for Docker CLI and Toolbox
21
23. Control: Granular control of applications
23
Manage Compose apps
• Start, stop or delete Compose apps
• Click to inspect individual containers
Manage Containers
• Start, stop, destroy or rename
• Scale number of containers
• View details, stats, logs
• Use console to log into
24. Control: Secure Runtime Access
Set up options
• LDAP/AD support
• Built-in
Granular RBAC
• Users and Teams
• Roles
• Permission labels
User Experience
• Single sign on
24
25. Control: Unified Authentication Service
25
UCP
LDAP/AD
External CA
DTR
eNZi
•Provides shared authentication for entire DDC stack
•Install/configure with UCP (including HA replication)
•Users created in UCP show up in DTR and vice-versa
•Streamlined UCP and DTR setup for SSO
26. Control: Secure Image Collaboration
Trusted Registry
Log
Aggregator
Authorization
Server
Registry ServiceContent Trust
26
LDAP/AD
Logs
Storage
Image Repo Image Repo Image Repo
Admin Server
Notary
Server
Web UI
CLI
27. Control: Integrated Content Trust
Developers IT Operations
BUILD
Development Environments
SHIP
Secure Content & Collaboration
RUN
Deploy, Manage, Scale
27
Library of signed and trusted images
Enforce use of only trusted images
29. Docker Datacenter Subscription
29
Docker Universal
Control Plane
Docker Trusted
Registry
Docker Engine
Business Day Support
$1,500 /node/year
Docker Universal
Control Plane
Docker Trusted
Registry
Docker Engine
Business Critical Support
$3,000 /node/year
30. Value of a Docker Subscription
30
ValidatedConfigurations
Enterprise Class
Support with SLAs
and hotfixes
Docker Universal Control Plane
Docker Trusted Registry
(Integrated Docker Content Trust)
Commercially Supported
Docker Engine
Integrations and API Support
31. Value of Docker Subscription
Official Technical Support
• Dedicated support engineers and SLAs
• Only available from Docker and IBM
Secure
• Address vulnerabilities
• Hotfixes
Stable
• Predictable release cadence
• Long supported versions
• Backport defect fixes
31
Integrations and API Support
• Docker native toolset
• Access to the broadest ecosystem
Validated Configurations
• Validated operating systems, configurations
and interoperability
Direct Product Roadmap
Ownership
• Directly responsible for proprietary and open
source product roadmap
44. 44
Trusted image chaining with signing
Add image layer, sign, security scan then push image to private registry
Continue until complete for a trusted chain of image layers
Now a security BOM exists for each image tag
pypy3 Django
app
Additional
Libraries
debian:jessie pypy:3 user/pypybase:latest user/myapp:latest
45. 45
Threshold signing and gating
CI Security Scanning Staging Production
UCP WorkerUCP Worker UCP Worker
UCP Manager
Sign image to “approve” passing of each stage.
Policy to check for signatures before deployment
47. $ docker run -it --net host --pid host --cap-add audit_control ... docker/docker-bench-security
[INFO] 1 - Host Configuration
[WARN] 1.1 - Create a separate partition for containers
[PASS] 1.2 - Use an updated Linux Kernel
[PASS] 1.4 - Remove all non-essential services from the host - Network
[PASS] 1.5 - Keep Docker up to date
[INFO] * Using 1.12.04 which is current as of 2016-08-16
[INFO] * Check with your operating system vendor for support and security maintenance for docker
[INFO] 1.6 - Only allow trusted users to control Docker daemon
[INFO] * docker:x:999:docker
[WARN] 1.7 - Failed to inspect: auditctl command not found.
[WARN] 1.8 - Failed to inspect: auditctl command not found.
[WARN] 1.9 - Failed to inspect: auditctl command not found.
[INFO] 1.10 - Audit Docker files and directories - docker.service
[INFO] * File not found
[INFO] 1.11 - Audit Docker files and directories - docker.socket
[INFO] * File not found
...
48. • Docker 1.12 with built in
orchestration (clustering
and scheduling)
• Strong default cluster
security
Secure Cluster Management
49. •Leader acts as CA.
•Any Manager can be
promoted to leader.
•Workers and managers
identified by their certificate.
•Communications secured
with Mutual TLS.
Mutual TLS by default
50. • Managers support BYO CA.
• Forwards CSRs to external CA.
• Customizable certificate rotation
periods.
• Occurs automatically
• Ensures potentially compromised
or leaked certificates are rotated
out of use.
• Whitelist of currently valid
certificates.
Support for External CA’s and Automatic
Rotation