Visa Inc. Gains Speed and Operational Efficiency with Docker Enterprise Edition
DockerCon 2017 was an opportunity to hear from customers across multiple industries and segments on how they are leveraging Docker technology to accelerate their business. In the keynote on Day 2 and also a breakout session that afternoon, Visa shared how Docker Enterprise Edition is empowering them on their mission is to make global economies safer by digitizing currency and making electronic payments available to everyone, everywhere.
Visa is the world’s largest retail electronic payment network that handles 130 billion transactions a year, processing $5.8 trillion annually. Swamy Kocherlakota, Global Head of Infrastructure and Operations, shared that Visa got here by expanding their global footprint which has put pressure on his organization which has remained mostly flat in headcount during that time. Since going into production with their Docker Containers-as-a-Service architecture 6 months ago, Mr. Kocherlakota has seen a 10x increase in scalability, ensuring that his organization will be able to support their overall mission and growth objectives well into the future.
Global Growth Fuels Need for A New Operating Model
In aligning his organization to the company mission, Swamy decided to focus on two primary metrics: Speed and Efficiency.
- Speed is tied to developer on boarding Continue reading
Don’t Miss our Self-Healing Networks Session at the Red Hat Summit
One of my favorite technology catch phrases is “all technology fails”, but when thinking about the network that thought becomes a very scary one. Yes, while all technology does fail, you will always do your best to not have the network be one of those. The concept of healing networks from a conceptual standpoint (the will to want to detect an issue and fix it as soon as possible) is not a new one, as network monitoring is always at the front of any network engineer's mind. We are just fortunate in this day and age to be able to take advantage of newer tools that provide better solutions. Ansible to the rescue!
If you are attending the Red Hat Summit, please make sure not to miss the Discovery Zone session entitled “Self-Healing Networks with Ansible” on Thursday, May 4th at 10:15AM.
In this presentation we will cover topics, such as:
- Why Capturing Metrics from Your Network is Important
- Defining Failure States
- Auto-Remediation versus Remediation (if remediation is the optimal course of action)
- How Are The “Small" Guys Doing It?
- Best Use Cases for Ansible Core and Ansible Tower
- How Can Consulting Services help?
At the end of this session, Continue reading
DockerCon 2017: The Top Rated Sessions
After the general session videos from DockerCon Day 1 and Day 2 yesterday, we’re happy to share with you the video recordings of the top rated sessions by DockerCon attendees. All the slides will soon be published on our slideshare account and all the breakout session video recordings available on our DockerCon 2017 youtube playlist.
Cilium: Network and Application Security with BPF and XDP by Thomas Graf
Docker?!? But I am a Sysadmin by Mike Coleman
Creating Effective Images by Abby Fuller
Taking Docker from Local to Production at Intuit by JanJaap Lahpor and Harish Jayakumar
Container Performance Analysis by Brendan Gregg
Secure Substrate: Least Privilege Container Deployment by Diogo Mónica and Riyaz Faizullabhoy
Escape from VMs with Image2Docker by Elton Stoneman and Jeff Nickoloff
What Have Namespaces Done for You Lately? by Liz Rice
Watch the top rated sessions from #dockercon cc @brendangregg @abbyfuller @lizrice @diogomonica
Click To Tweet
The post DockerCon 2017: The Top Rated Sessions appeared first on Docker Blog.
Big News About the Full Stack Journey Podcast
If you’ve been following the Full Stack Journey podcast, you know that the podcast has been silent for a few months. Some of that was due to some adverse situations in life (it happens to all of us from time to time), but some of it was due to the coordination of a major transition in the podcast. And that’s the big news I’m here to share—read on for the full details!
If you’ve been in the IT industry for any reasonable length of time, especially in the networking space, you’ve probably heard of the Packet Pushers Podcast. It’s a hugely popular podcast created by Greg Ferro and Ethan Banks. In recent years, Packet Pushers has expanded from the “main show” to include other shows, including the Datanauts podcast (led by Chris Wahl and Ethan Banks). They’ve also been looking to expand their stable of podcasts to include additional relevant content.
This brings me to the big news: the Full Stack Journey podcast is joining the Packet Pushers network of podcasts! That’s right—the Full Stack Journey will be part of Packet Pushers’ growing network of podcasts. In talking with Greg and Ethan and the rest of the Packet Pushers team, Continue reading
Getting Started: Tower Users and Credentials
In our previous Getting Started blog post, we discussed how to install Ansible Tower in your environment.
Now we’ll discuss how you can equip your Tower host with users and credentials.
To begin, let’s cover the essentials: setting up your user base and creating credentials for appropriate delegation of tasks.
How To Set Up A User Base
Building your user base will be the first thing you’ll need to do to get started with Tower. The user base can be broken into three easily-defined parts:
1. User: Someone who has access to Tower with associated permissions and credentials.
2. Organization: The top level of the user base - a logical collection of users, teams, projects and inventories.
3. Team: A subdivision of an organization - provides the means to set up and implement role-based access schemes as well as to delegate work across organizations.
Understanding User Types
There are three types of users that can be defined within Tower:
- Normal User: A user that is given no special permissions from the beginning - they must be granted to them by a system administrator.
- System Auditor: A user who will have view access only within Tower.
- System Administrator: A user who has the Continue reading
DockerCon 2017 Day 2 Highlights
Following the general session highlights from DockerCon Day 1, we’re happy to share with you the video recording from general session day 2. All the slides will soon be published on our slideshare account and all the breakout session video recordings available on our DockerCon 2017 youtube playlist.
Here’s what we covered during the day 2 general session:
- 14:00 Docker Enterprise Edition at Visa
- 30:00 Securing the Software supply chain
- 65:00 Oracle applications now available on Docker Store
- 75:00 Modernize your Traditional Apps Program with Docker
Docker Enterprise Edition at Visa
Ben started off his DockerCon Day 2 keynote with key facts and figures around Docker Commercial Adoption. To illustrate his points Ben invited on stage Swamy Kochelakota, Global Head of Infrastructure and Operations at Visa to talk about their journey adopting Docker Enterprise Edition to run their critical applications at scale in a very diverse environment.
Securing the Software supply chain
During the day 2 keynote, Lily and Vivek reprise their 2016 roles of dedicated burners, finally returning from Burning Man to get back to their jobs of enterprise dev and ops. Ben returns as clueless business guy, and decides to add value by hiring a contractor, who Continue reading
DockerCon 2017 Day 1 Highlights
What an incredible DockerCon 2017 we had last week. Big thank you to all of the 150+ confirmed speakers, 100+ sponsors and over 5,500 attendees for contributing to the success of these amazing 3 days in Austin. You’ll find below the videos and slides from general session day 1.All the slides will soon be published on our slideshare account and all the breakout session video recordings available on our DockerCon 2017 youtube playlist.
Here’s what we covered during the day 1 general session:
- 17:00 Developer Workflow improvements and demo
- 37:00 Secure Orchestration and demo
- 59:00 Introducing LinuxKit: a toolkit for building secure, lean and portable linux subsystems
- 1:15 Introducing the Moby Project: a new open source project to advance the software containerization movement
Development workflow Improvements
Solomon’s keynote started by introducing new Docker features to improve the development workflows of Docker users: multi-stage builds and desktop-to-cloud integration. With multi-stage builds you can now easily separate your build-time and runtime container images, allowing development teams to ship minimal and efficient images. It’s time to say goodbye to those custom and non-portable build scripts! With desktop-to-cloud you can easily connect to a remote swarm cluster using your Docker ID for authentication, without having to worry Continue reading
Revisiting CentOS Atomic Host
A couple years ago, I wrote an article about how I was choosing CoreOS over Project Atomic based on some initial testing with CentOS Atomic Host builds. As it turns out—and as I pointed out in the “Update” section of that article—the Atomic Host builds I was using were pre-release builds, and therefore it wasn’t really appropriate to form an assessment based on pre-release builds. Now that both CentOS Atomic Host and CoreOS Container Linux have both grown and matured, I thought I’d revisit the topic and see how—if at all—things have changed.
In my original post, there were 4 major issues I identified (not necessarily in the same order as the original post):
- Lack of container-specific cloud-init extensions
- Difficulty customizing Docker daemon
- Odd issues with cloud-init
- Stability of the distribution
So how do these areas look now, 2 years later?
-
Container-specific cloud-init extensions: Upon a closer examination of this issue, I realized that the cloud-init extensions were actually specific to CoreOS projects, like etcd and fleet. Thus, it wouldn’t make sense for these sorts of cloud-init extensions to exist on Atomic Hosts. What would make sense would be extensions that help configure Atomic Host-specific functionality, though (to be honest) Continue reading
Join Us for the Docker Federal Summit on May 2nd 2017
Docker is excited to announce that we are returning to the Newseum in Washington DC on May 2nd to host the second annual Docker Federal Summit event. A one day event packed with breakout sessions, discussions, hands on labs and technology deep dives from Docker and our ecosystem partners.
This event is designed for federal agency developers and IT ops personnel looking to learn more about how to approach Docker containers, cloud and devops to accelerate agency IT initiatives to support critical civilian and defense missions.
- Government agency registration: Complimentary
- Industry and ecosystem partner registration is $100
Featured Speakers and Sessions
Technology leaders from agencies like GSA, USCIS and JIDO will share their experiences in deploying containers to production and provide pragmatic guidance in how to approach this change from technology to process and culture.
Featured Breakout Sessions: A wide variety of breakout sessions feature technical deep dives, demonstrations and discussions around compliance and security.
- Accelerating app development in the cloud
- The latest initiatives around compliance for IT projects
- How to scale and secure applications requiring FIPS
- Docker technology deep dive from orchestration, security, management and more
- Continue reading
Optimizing OpenVPN Throughput
In the previous post, I talked about OpenVPN TCP and UDP tunnels and why you should not be using TCP. In this post, I’m going to talk about optimizing the said tunnels to get the most out of them.
Believe it or not, the default OpenVPN configuration is likely not optimized for your link. It probably works but its throughput could possibly be improved if you take the time to optimize it.
A tunnel has 2 ends! Optimizing one end, does not necessarily optimizes the other. For the proper optimization of the link, both ends of the tunnel should be in your control. That means when you are using OpenVPN in server mode serving different clients that you do not have control over, the best you could do is to optimize your own end of the tunnel and use appropriate default settings suitable for the most clients.
Below are some techniques that could be used to optimize your OpenVPN tunnels.
Compression
In today’s world where most connections are either encrypted or pre-compressed (and more commonly both), you probably should think twice before setting up compression on top of your vpn tunnel.
While it still could be an effective way Continue reading
DockerCon 2017: Moby’s Cool Hack sessions
Every year at DockerCon, we expand the bounds of what Docker can do with new features and products. And every day, we see great new apps that are built on top of Docker. And yet, there’s always a few that stand out not just for being cool apps, but for pushing the bounds of what you can do with Docker.
This year we had two great apps that we featured in the Docker Cool Hacks closing keynote. Both hacks came from members of our Docker Captains program, a group of people from the Docker community who are recognized by Docker as very knowledgeable about Docker, and contribute quite a bit to the community.
Play with Docker
The first Cool Hack was Play with Docker by Marcos Nils and Jonathan Leibiusky. Marcos and Jonathan actually were featured in the Cool Hacks session at DockerCon EU in 2015 for their work on a Container Migration Tool.
Play with Docker is a Docker playground that you can run in your browser.
Play with Docker’s architecture is a Swarm of Swarms, running Docker in Docker instances.
Running on pretty beefy hosts r3.4xlarge on AWS – Play with Docker is able to run Continue reading
The Agility and Flexibility of Docker including Oracle Database and Development Tools
A company’s important applications often are subjected to random and capricious changes due to forces well beyond the control of IT or management. Events like a corporate merger or even a top programmer on an extended vacation can have an adverse impact on the performance and reliability of critical company infrastructure.
During the second day keynote at DockerCon 2017 in Austin TX, Lily Guo and Vivek Saraswat showed a simulation of how to use Docker Enterprise Edition and its application transformation tools to respond to random events that threaten to undermine the stability of their company critical service.
The demo begins as two developers are returning to work after an extended vacation. They discover that, during their absence, their CEO has unexpectedly hired an outside contract programmer to rapidly code and introduce an entire application service that they know nothing about. As they try to build the new service, however, Docker Security Scan detects that a deprecated library has been incorporated by the contractor. This library is found to have a security vulnerability which violates the company’s best practice standards. As part of Docker Enterprise Edition Advanced, Docker Security Scan automatically keeps track of code contributions and acts as a Continue reading
Introducing the Modernize Traditional Apps Program
Today at DockerCon, we announced the Modernize Traditional Applications (MTA) Program to help enterprises make their existing legacy apps more secure, more efficient and portable to hybrid cloud infrastructure. Collaboratively developed and brought to market with partners Avanade, Cisco, HPE, and Microsoft, the MTA Program consists of consulting services, Docker Enterprise Edition, and hybrid cloud infrastructure from partners to modernize existing .NET Windows or Java Linux applications in five days or less. Designed for IT operations teams, the MTA Program modernizes existing legacy applications without modifying source code or re-architecting the application.
The First Step In The Microservices Journey
In working with hundreds of our enterprise IT customers the last couple years, when we sit down with them one of the first questions they inevitably ask is, “What is the first step we should take toward microservices?”
Through experience we have found that, for the vast majority of them, the best answer is, “Start with what you have today – with your existing applications.” Why is this the right place for them to start? Because it recognizes two realities facing enterprise IT organizations today: existing applications consume 80% of IT budgets, and most IT organizations responsible for existing Continue reading
Liveblog: DockerCon 2017 Day 2 Keynote
This is a liveblog of the day 2 keynote (general session) of DockerCon 2017 in Austin, TX. For a look at what was announced or discussed in the day 1 keynote yesterday, see this liveblog. You can also see all DockerCon 2017-related posts by browsing the posts tagged with “DockerCon2017” (see the links at the bottom of this page). Before the keynote starts, there’s some nice live music playing; a welcome change (in my opinion) from yesterday’s video game.
At 9:03am, Ben Golub takes the stage to kick off the day 2 general session. He starts off by reviewing some proposed Docker logos, with a hint toward an announcement at the end of the session (presumably around changing Docker’s logo).
Golub then transitions into the meat of the general session presentation, which (understandably) is focused on Docker in the enterprise. He reviews the usual slide with notable logos from Docker customers. He also discusses some results from a company called ETR, which (apparently) shows Docker is “off the charts” in terms of adoption and market penetration within the enterprise. Golub also debunks the bi-modal IT structure model, saying that Docker’s customers only want one thing: speed (as in moving faster, Continue reading
Announcing Ansible Container 0.9
The Ansible Container team is proud to announce the 0.9 release of the Ansible Container project. Key new features of the 0.9 release include:
Tighter integration with Ansible roles
Ansible roles are a great way to describe microservices; roles that are "common" between multiple services map well to container image layers and service-specific roles are easy for teams to maintain. We decided to make that concept clearer in the way Ansible Container works. We ditched the main.yml playbook and replaced it with a per-service list of roles in container.yml.
Tighter integration with Kubernetes in OpenShift Origin and Red Hat OpenShift Container Platform
We've built brand new Kubernetes and OpenShift modules for Ansible, and are already using them in Ansible Container. We've also restructured the container.yml syntax to more naturally support Kubernetes and OpenShift concepts out of the box, then fall back to the comparatively simpler Docker ecosystem. Instead of trying to bolt Kubernetes features into the Docker Compose style schema, we have dedicated OpenShift/Kubernetes configuration for resources like Persistent Volume Claims. This will allow end users to transfer existing Ansible roles into Kubernetes/OpenShift and have Ansible Container manage the deployment lifecycle.
Putting more tools into the Continue reading
Announcing LinuxKit: A Toolkit for building Secure, Lean and Portable Linux Subsystems
Last year, one of the most common requests we heard from our users was to bring a Docker-native experience to their platforms. These platforms were many and varied: from cloud platforms such as AWS, Azure, Google Cloud, to server platforms such as Windows Server, desktop platforms that their developers used such as OSX and Windows 10, to mainframes and IoT platforms – the list went on.
We started working on support for these platforms, and we initially shipped Docker for Mac and Docker for Windows, followed by Docker for AWS and Docker for Azure. Most recently, we announced the beta of Docker for GCP. The customizations we applied to make Docker native for each platform have furthered the adoption of the Docker editions.
One of the issues we encountered was that for many of these platforms, the users wanted Linuxcontainer support but the platform itself did not ship with Linux included. Mac OS and Windows are two obvious examples, but cloud platforms do not ship with a standard Linux either. So it made sense for us to bundle Linux into the Docker platform to run in these places.
What we needed to bundle was a secure, lean and portable Linux Continue reading
Introducing Moby Project: a new open-source project to advance the software containerization movement
Since Docker democratized software containers four years ago, a whole ecosystem grew around containerization and in this compressed time period it has gone through two distinct phases of growth. In each of these two phases, the model for producing container systems evolved to adapt to the size and needs of the user community as well as the project and the growing contributor ecosystem.
The Moby Project is a new open-source project to advance the software containerization movement and help the ecosystem take containers mainstream. It provides a library of components, a framework for assembling them into custom container-based systems and a place for all container enthusiasts to experiment and exchange ideas.
Let’s review how we got where we are today. In 2013-2014 pioneers started to use containers and collaborate in a monolithic open source codebase, Docker and few other projects, to help tools mature.
Then in 2015-2016, containers were massively adopted in production for cloud-native applications. In this phase, the user community grew to support tens of thousands of deployments that were backed by hundreds of ecosystem projects and thousands of contributors. It is during this phase, that Docker evolved its production model to an open component based approach. In Continue reading
DockerCon 2017 Day 1 Keynote
This is a liveblog of the day 1 keynote (general session) of DockerCon 2017 in Austin, TX.
At 9:05am, Ben Golub, CEO of Docker, Inc., takes the stage to kick off the general session and the conference. Golub starts the presentation by reviewing Docker’s four-year history and all the things that have changed over the last three years since the very first DockerCon—from the size of Gordon (Docker’s tortoise mascot) to the amount of growth in Docker usage (via statistics in the number of Docker hosts, the number of Docker-ized apps, the number of image pulls from Docker Hub, and so forth).
Golub continues by mentioning some of the various use cases for Docker. One use case mentioned is Intuit’s use of Docker, and Golub points out that the person responsible for running Intuit’s systems is confident enough in their systems that they’re attending DockerCon on Tax Day (when as many as 25 million tax returns are expected to be processed).
Shifting gears a bit, Golub talks a bit more about the changes over the last 3 years in regards to Docker (the open source project) itself. Stakeholders have changed, and the nature of the project (now projects) has Continue reading
DockerCon 2017 Black Belt Session: Cilium for Network and Application Security
This is a liveblog of the DockerCon 2017 Black Belt session led by Thomas Graf on Cilium, a new startup that focuses on using eBPF and XDP for network and application security.
Graf starts by talking about how BPF (specifically, extended BPF or eBPF) can be used to rethink how the Linux kernel handles network traffic. Graf points out that there is another session by Brendan Gregg on using BPF to do analysis performance and profiling.
Why is it necessary to rethink how networking and security is handled? A lot of it has not evolved as application deployments have evolved from low complexity/low deployment frequency to high complexity/high deployment frequency. Further, the age of unique protocol ports (like SMTP on port 25 or SSH on port 22) is coming to a close, as now many different applications or services simply run over HTTP. This leads to “overloading” the HTTP port and a loss of visibility into which applications are talking over that port. Opening TCP port 80 in a situation like this means potentially exposing more privileges than desired (the example to use other HTTP verbs, like PUT or POST instead of just GET).
Graf quickly moves into a Continue reading
Liveblog: Creating Effective Images
This is a liveblog for the DockerCon 2017 session titled “Creating Effective Images.” The speaker is Abby Fuller, a Senior Technical Evangelist with Amazon Web Services. Abby is a former operations engineer who was an early consumer of Amazon’s Elastic Container Service (ECS), and some of her learnings came about the “hard way.” This session is from the “Using Docker” track.
Fuller starts with reviewing the agenda, and shares that she’s intent on providing some practical tips that attendees can put to work immediately.
The first topic that Fuller tackles is the topic of container layers. A Docker container is made up of the read-only layers from the image itself, and a read/write layer at “the top” of the layers. Why do we care? Fewer layers means a smaller image, and smaller images means faster builds and faster deploys. (You may also see a reduced attack surface.)
The differences in making smaller images is important, Fuller explains, because the frequency of deployments is increasing (more deployments happening more quickly), and more containers are being deployed (sometimes at the behest of a CI/CD pipeline). This can result in significant amounts of disk space being consumed unnecessarily.
Some high-level Continue reading