containers in the enterprise
play

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda - PowerPoint PPT Presentation

Oct 04, 2023 •187 likes •678 views

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

  1. Containers in the Enterprise Avoiding the Kobayashi Maru

  2. Agenda • Containers Bring Change • An Approach • Required Software • Processes • Cultural Changes • Additional Concerns • Lessons Learned

  3. Why This Talk? • Containers are great • You’re here • How do we get it home? • Especially in large organizations

  4. Container Adoption is Crazy Fast • Containers are being adopted at a faster rate than public cloud • AWS turned 10 years old this year, with 57% of companies using it • Docker turned 3 years old this year, already has 27% penetration • Last year it had 13% • If the migration to cloud was hard for large organizations, how easy will the migration to containers be?

  5. • Approach varies based Change is Hard on group size • Old roles and rituals may no longer make sense • Messengers may get shot

  6. Group Size Affects Approach Small Groups / Startups Enterprise Roles People wearing multiple hats Specific roles established Change Appetite Open to change; easy to convince Many other changes happening; change fatigue Change Pace Easy to establish acceptable speed Likely acceptedspeed: glacial Communication Have a standup Exercise in herding cats Fear Low embarrassment if failure; change Fear of making mistakes can be very high or die

  7. Containers: Going from Rabbit Ears to Cable • In traditional model, software choices typically restricted • Push to use similar platforms (and versions) across enterprise • Ease of operations: easy • “I know apache” • In container model, software choices are vastly increased • Developers can have programming language of the month • Ease of Operations: difficult • “I know apache, nginx, lighttpd, caddy and Hiawatha”

  8. Developers Need to Adjust • Developers are being empowered, but need to take on additional responsibility • Need to know how to build underlying software • Even if it is just FROM nginx • Need to either: • Know how to document operational routines of their services and train others • System Administrators no longer explaining how Apache works! • Embrace DevOps culture

  9. You Need a Plan

  10. Agenda • Containers Bring Change • An Approach • Required Software • Processes • Cultural Changes • Additional Concerns • Lessons Learned

  11. What Do You Need For Containers? Most companies already have most of what is needed: • Enterprise-Ready Container Registry • CI/CD Build Environment • Container Orchestrator • Version Control System • Job Ticketing System • Company Wiki-like system

  12. Enterprise-Ready Container Registry Can be done with hosted solution, but some enterprises may require on premises solution • Typical needs: • Group Membership • User permissions • Both Developer and Machine • Nice to have: • Vulnerability Scanning / Notification • Auditing

  13. CI/CD Build Environment Most enterprises have this, but some groups resist embracing it • Must haves: • Docker (or some other container runtime) available • Good to haves: • Integration with version control • Triggers for automatic builds • Notification integration with chat rooms, etc. • Integration with container orchestrator • Integration with ticketing system

  14. Container Orchestrator Even if you do not use a container orchestrator for production needs now, get familiar with one • What its used for: • Ability to run / smoke test built container images as part of validation process

  15. Agenda • Containers Bring Change • An Approach • Required Software • Processes • Cultural Changes • Additional Concerns • Lessons Learned

  16. Standardize On Single Container Registry Operations / Information Security will thank you • Easier to audit • Writes and Reads • Vulnerable Images • Ability to revoke compromised images and know who is pulling them • Avoids comparisons to ruby -e "$(curl -fsSL https://random.server.io/totally/legit/code)"

  17. Establish Repositories For Images & Services • Separate from application code For Images: • Dockerfile and related artifacts • Tests to validate built images • Information about who maintains image • Configuration / Parameterization Options • Build instructions (link to known build job)

  20. Establish Repositories For Images & Services For Services: • Deployment Artifacts • Kubernetes pods, ECS tasks, etc. • Documentation of Interconnectivity • Network concerns, File access needs, etc. • Operational Footprint • CPU, Memory constraints • Scaling thresholds • Service Reliability Information • How to measure service health

  24. Automated Builds For every service and image • Triggered by changes in: • Image/Service repository • Linked application code • Upstream builds • Derivative of image X? Rebuild when X changes! • Capable of automated deployment • Continuous Delivery is container image publishing • Continuous Deployment is integration with container orchestrator

  25. Builds Should Embrace CI/CD & Dependencies

  26. Automated Builds • Make it easy for someone else to build and deploy your service • Security Vulnerability • Hit by bus • Runs tests to validate result • Run tests on container image before pushing to registry • Push to registry • Deploy to test environment • Perform end to end tests • Promote to production

  27. Automated Builds • Integrated ticketing system provides complete visibility • What tickets were included in build • What tickets are closed with deployment • What tickets are reopened with rollback • Need Prune Policy • If automated builds are happening, container images will increase without bound • Need eviction policy so only N amount of images are kept around

  28. Publish Services and Images to Catalog • Image discovery still a bit problematic • Search works, but so what? • Provide centralized list, presumably in a Wiki • Images and Services available • Which team is maintaining them • Build link • Repository Link • Example(s) of Image or Service being used

  29. Agenda • Containers Bring Change • An Approach • Required Software • Processes • Cultural Changes • Additional Concerns • Lessons Learned

  30. Images and Services Can Be Reused • All too often teams do not think of reusability of image or service • Yet vast majority of images extend from an existing image

  31. Container Images: Analogous to OOP • Think of images as classes in OOP • Configuration variables • Serve a specific purpose • Can either be: • Delegated to, like a sidecar container • Enhanced, like a ruby image with application code burned in • Use judgement to decide seams • Ask how could you sell this image to someone else

  32. Embrace Internal Open Source • Side effect of Service / Image repositories: Forking • Allow other groups to fork / pull request updates • Reduces container variants while also reducing maintenance • Easier for Information Security to audit • One group has to maintain container image, all groups benefit • Allows for transfer of control • Group may shift away from python, but other groups may want to continue it

  33. Have Open Source Strategy Have a great container image? Shouldn’t it be on Docker Hub too? • Good Karma • Increases visibility / free advertising! • Maybe even reduced maintenance

  34. Embrace CI/CD • Containers lend well to CI/CD • Immutable environments • Repeatable events • May be the bait needed to convince groups to embrace CI/CD

  35. Encourage Ownership • Containers allow for any developer to pick any technology • Processes enforce developer to make technology sustainable • Documentation of deployment • Build jobs • Tests • Fosters innovation within organization

  36. Agenda • Containers Bring Change • An Approach • Required Software • Processes • Cultural Changes • Additional Concerns • Lessons Learned

  37. Additional Security: Signed Images • Available through Docker and rkt • Allows centralized authorization • Not very prevalent • Use is increasing • Can help convince some groups regarding security or fidelity

  38. Software-Defined Firewalls • Desire: • Firewalls similar to traditional cloud-provided firewalls • Have auditability • Problem: • Container Orchestrators tend to schedule containers in a rather fluid environment • Some container environments hide the underlying cloud almost completely • Kubernetes with network overlay

  39. Solution: Project Calico • Allows engineering team to define firewalls within existing artifacts • Easily Auditable • Performs well

  40. Embrace Container-Native Monitoring • Traditional monitoring changes when moving to container orchestration • Good time to re-evaluate approach and desired outcomes from monitoring • Is service and VM monitoring one in the same currently? • Are you already using projects like statsd or Prometheus? • Providing a good monitoring tool can help ease transition into cloud- native computing

  41. Agenda • Containers Bring Change • An Approach • Required Software • Processes • Cultural Changes • Additional Concerns • Lessons Learned

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a

Adit Enterprise. Adit Enterprise. Adit Enterprise. Adit Enterprise. ADIT Enterprise is a wholesale distribution business providing complete range of Electronic Security Systems Kamlesh 093232 51184 Adit Enterprise Adit Enterprise Adit

619 views • 29 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
Enterprise Applications Enterprise Systems Enterprise Systems Also called enterprise

Enterprise Applications Enterprise Systems Enterprise Systems Also called enterprise

9/20/2012 Enterprise Applications Enterprise Systems Enterprise Systems Also called enterprise resource planning (ERP) systems Suite of integrated software modules and a common central database Collects data from many

460 views • 16 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
The proposed containers are "Flat-pack" type. Disassembled and reduced as

The proposed containers are "Flat-pack" type. Disassembled and reduced as

CON-IMEX CONTAINERS 2009 AKAR Logistics 70 Beecham Court Owings Mills, MD 21117 USA Sophia Akar Tel: + 410-961-7232 / + 410-961-0327 Fax: + 410-356-8267 sophia@akarlogistics.com 1 / 20 GENERAL The proposed containers are

313 views • 20 slides
Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk Introductions David Porter Fairport Containers Director Steve Collinson Managing Director Fairport Containers Ltd Tam Unsworth Recycling Banks

552 views • 28 slides
Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt Innsbruck Innsbruck Nov 2018 Overview Preliminaries Why containers Understanding Containers vs. Virtual Machines Comparison of

482 views • 37 slides
Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende Globo.com About me Software Engineer at Globo.com/Tsuru @guilhermebr (GitHub) in/guilhermebr (LinkedIn) @gbrezende (Twitter) Agenda Cloud Native

636 views • 45 slides
100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar - Facts & Figures Infrastructure Ecosystem - 100% containers powered carpooling Todays agenda Stateful Services into containers - MariaDB as

463 views • 45 slides
Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman, Technology Evangelist Docker @mikegcoleman Who Am I? Technology evangelist at Docker Former: Puppet, VMware, MSFT, Intel, and HP First

390 views • 25 slides
Working with this title 1 10/27/2017 The Main Points 1. Complex issues require adaptive

Working with this title 1 10/27/2017 The Main Points 1. Complex issues require adaptive

10/27/2017 The The Good, Good, The The Bad Bad & The The Ugl Ugly: Learning Our Way Through Complex Social Issues CUP Annual Celebration Event Edmonton, Alberta October 19, 2017 Working with this title 1 10/27/2017 The Main Points 1.

668 views • 27 slides
Socialising timid cats www.scaredycats.com.au www.scaredycats.com.au Your experience with timid

Socialising timid cats www.scaredycats.com.au www.scaredycats.com.au Your experience with timid

Socialising timid cats www.scaredycats.com.au www.scaredycats.com.au Your experience with timid cats? www.scaredycats.com.au Word to avoid www.scaredycats.com.au Word to avoid Feral Why? www.scaredycats.com.au To many people

655 views • 42 slides
Sudden & Swift Transition Personal Survival After Community Crisis J. Randall Wheeler ICMA

Sudden & Swift Transition Personal Survival After Community Crisis J. Randall Wheeler ICMA

Sudden & Swift Transition Personal Survival After Community Crisis J. Randall Wheeler ICMA Conference Presenter Preparing for Transition - Start the 1 st day on the job Work-life balance is extremely important. Build a support network

323 views • 10 slides
Good faith in the performance of a contract: building bridges between common and civil law

Good faith in the performance of a contract: building bridges between common and civil law

Good faith in the performance of a contract: building bridges between common and civil law systems Dr Sverine Saintier Good faith conference Montreal (10-11 May 2018) Introduction (1) Good faith: divisive doctrine creates enduring

168 views • 14 slides
He says hell kill the dog if I leave Family violence, pets and vets : An Australian

He says hell kill the dog if I leave Family violence, pets and vets : An Australian

He says hell kill the dog if I leave Family violence, pets and vets : An Australian study Dr Lydia Tong Taronga Conservation Society Australia University of Sydney An introduction Commenwealth Mongrel Vet by training worked in

491 views • 14 slides
World War II: The Home Front The British Home Front British Prime Minister Winston Churchill was

World War II: The Home Front The British Home Front British Prime Minister Winston Churchill was

World War II: The Home Front The British Home Front British Prime Minister Winston Churchill was convinced that the war could only be won through the complete mobilization of Britains civilian population. ! In May of 1940, Secretary of State

435 views • 6 slides
in CEE Thierry S Pelgrin, Head of Continental Europe, Sompo Canopius Re, Zurich Overview

in CEE Thierry S Pelgrin, Head of Continental Europe, Sompo Canopius Re, Zurich Overview

Nat Cat reinsurance trends in CEE Thierry S Pelgrin, Head of Continental Europe, Sompo Canopius Re, Zurich Overview Introduction to Sompo Canopius Re Nat Cat perils in CEE Our view on main Nat Cat reinsurance models in CEE How

492 views • 27 slides
COVID-19 REQUIRED TRAINING INFORMATION FOR EMPLOYEES Provided by: S chools Insurance Authority

COVID-19 REQUIRED TRAINING INFORMATION FOR EMPLOYEES Provided by: S chools Insurance Authority

COVID-19 REQUIRED TRAINING INFORMATION FOR EMPLOYEES Provided by: S chools Insurance Authority Helping S chools S ucceed WWW.S IA-JP A.ORG F ACTS ON CORONAVIRUS A novel coronavirus is a new coronavirus that has not been previously

579 views • 31 slides

More recommend