Modernizing Java Apps with Docker

Modernizing Traditional Apps: Java Edition Sophia Parafina, Docker, Developer Relations Engineer Arun Gupta, Amazon Web Services, Java Champion

Internal External LAMP Stack Java Linux .NET .NET IIS Windows No idea what the app is made of Original app authors are no longer around When was it last updated? Don’t change it! Don’t break it Common Challenges Of A Legacy App

Needs of modern applications Faster response to change in market Delivery time Change time Reduce human errors Scaling to demand Faster recovery High availability Automation

Microservices and Containers Single Responsibility Principle Explicitly Published Interface Independently replace and upgrade Polyglot Lightweight and Fast startup Fault Isolation

Containers abstract applications from infrastructure • Eliminates the “works on my machine” problem • Containers packages code and dependencies together into an isolated process • Containers standardize any workload: legacy, microservices, ISV apps (Windows and Linux) • App configurations “travel” with the app, are not built to the infrastructure • Easy app composition of simple to complex apps with security, networks, storage, env variables, ports

Reduce the attack surface area of legacy apps • Reduce risk associated with older code and components • Default out of the box settings provide greater security • Configurable settings allow admins to further isolate the app • Eliminate all unnecessary syscalls, process, and access to host resources pid namespace mnt namespace net namespace uts namespace user namespace pivot_root uid/gid drop cap drop all cgroups selinux apparmor seccomp 1. Out of the box default settings and profiles 2. Granular controls to customize settings

Docker Community Edition and Enterprise Edition

Amazon EC2 Container Service Container management service on Amazon EC2 instances Fully-managed: no need to install, operate or scale your own Resource management Designed for use with other AWS services ELB, VPC, CloudWatch, Code*, ...

Why now? Cloud is the new normal DevOps adoption and maturity Technology availability Lightweight RPC (JSON, REST) popularity Desire to move faster at lower cost Evidence that cross-functional teams are more efficient

Customer pain points Scale on X-axis or Z-axis, independent of others Simpler maintenance than a monolith Independently replaceable or upgradable Potentially heterogenous and polyglot Fault and resource isolation

Modernize Traditional Apps with Docker Enterprise Edition to get portability, security and efficiency of apps without changing the code You have to cut into the 80% To Fuel The Innovation

Docker EE Gives Legacy Applications Modern Capabilities without any recoding or refactoring of the app Efficient Portable Secure Optimize CapEx and OpEx costs Infrastructure Independent Apps Reduce risk and enforce new controls Size of Infrastructure 50% Reduction Deployment Speed MTTR for Patching up to 90% Faster up to 90% Faster

Docker EE saves time and money Efficient Optimize CapEx and OpEx costs Reduce Total IT Costs by 50% • Consolidate infrastructure • Reduce software costs • Gain operational efficiency

Eliminate the outdated app runbook for a simple Dockerfile Before After ● VMs contain a full OS instance within each VM ● Containers share the kernel of a single OS instance on the physical or virtual server ● Average infrastructure consolidation is 50%

Streamline configuration management Before 100 Page Binder ● Replace the printed (often out of date) runbooks for app deployment and ops documentation ● Dockerfile contains all commands to assemble a Docker container ● Define instructions including: ports, volumes, environment variables, healthchecks and more After Single Text File ● Dockerfile containing all the instructions to deploy your app. ● Enables consistent deployments across multiple environments, and eliminates the problem of “snowflake infrastructure”

Eliminate the outdated app runbook for a simple Dockerfile Simplify app configuration management ● define app configs in Dockerfile (single container) or Compose file (multi- container) Eliminate configuration drift ● No more patching in place, deploy new ● New deployment = new container image and tag in registry ● docker diff command shows exactly what’s changed in the container compared to the dockerfile

Improve asset management ● Centrally manage all container images in a private registry ● Keep a record of all versions (tags) of images available for

Improve app operations: deployments, rollback with built in app reliability ● Copy and paste or single command to deploy apps and define state ● Rolling updates reduce the risk of new deployments ● Easy roll back to previous known container ● Built in health checks continually monitor containers ● Automatic rescheduling of containers in the event of a failure

Docker EE ensures hybrid cloud portability Deploy any app anywhere • Applications can move across multiple infrastructures • Infrastructure agnostic propertiesPortable Infrastructure Independent Apps

Container architecture provides infrastructure agnostic packaging and tooling Disparate IT Infrastructure Host OS Container as a Service Container App A Bins/Lib Linux Mainframe AWS Azure Other Public Clouds Windows Container App B Bins/Lib Container App C Bins/Lib Container App D Bins/Lib Container App E Bins/Lib

Get infrastructure flexibility and portability for legacy apps Dev Test Prod Developer can work in whatever environment they're used to Application gets moved into Test/QE environment Application can then be promoted to production on any public, private, or hybrid infrastructure Security Scan Security Scan

Reduce risk profile • More secure environment • Reduce surface area • Vulnerability management Secure Reduce risk and enforce new controls Docker EE enhances application security

Run apps on the most secure environment • The most secure container runtime and orchestration architecture • Secure by default with out of the box configurations • Cryptographic node identity • Automatic mutual TLS across all nodes within the Docker cluster • Transparent and automatic cert rotation • External CA integration • Optionally encrypt container to container traffic Manager Node Certificate Authority TLS Manager Node Certificate Authority TLS Manager Node Certificate Authority TLS Worker TLS Worker TLS Worker TLS

Make apps safer with vulnerability scanning and monitoring • Security scanning performs binary level scanning of application • Detailed BOM provides security profile of application packages • Make informed decisions before deployment • BOM is maintained and continuously monitored against leading CVE databases

Granular access control for users, apps and nodes • Restrict access to apps and resources • Leverage predefined or custom roles available to manage access and permissions • Create logical or physical isolation between apps and teams

Leverage a secure and automated software supply chain • Establish chain of trust with apps as they move across environments • Digitally sign containers and only run verified containers • Freshness guarantee ensures no tampering and latest container is running • Automate workflow with immutable repos and automated image promotion

Docker 2017 - Confidential MTA Process

Methodology: Docker EE Modernizes Apps and Infrastructure Existing Application Modern Methodologies Integrate to CI/CD and automation system Convert to a container with Docker EE Modern Infrastructure Built on premise, in the cloud, or as part of a hybrid environment. Modern Microservices Add new services or start peeling off services from monolith code base App

Breaking down the deployment savings App deployments before and after Docker 32 ~100 man hours ~<24 man hours Before: Traditional App Deployment : Manual, Risky, Slow Take Offline Deploy Smoke Test Acceptance Test Go/No-Go • Long running processes with several manual steps • Scheduled out of hours • Disruption to users • Lengthy Install Guide(50 pages, 100 man hours to write) usually word document and mostly inaccurate • Bloated App binaries • Bloated App files • Bloated test documents • Requires prior knowledge of the app • Manual tests requires Dev and Ops • Manual bloated regression pack, takes multi hours • Low confidence rate • Rollback is repeat of the entire process After with Docker: Modern App Deployment : Automated, Proven, Fast Take Offline Deploy Acceptance test Go/No-Go • Need not be scheduled out of hours • No disruption to users • ONE single command • ONE light Docker image • Built in health checks • Automated Regression Pack • Rapid addition of new features • High confidence rate • Fast rollback repeatable After : Modern App Deployment : Automated, Proven, Fast Before : Traditional App Deployment : Manual, Risky, Slow Docker 2017 - CONFIDENTIAL

THANK YOU! arun.gupta@gmail.com @arungupta sophia.parafina@docker.com @spara

Interested in MTA ● Stop by the booth (MTA pod) ● Download the kit www.docker.com/mta ● Look for a MTA Roadshow near you ● Contact your Account Team

Docker EE Hosted Demo ● Free 4 Hour Demo ● No Servers Required ● Full Docker EE Cluster Access docker.com/trial

39 Recap: Docker Enterprise Edition Capabilities Policy Management Image Scanning and Monitoring Secure Access and User Management Content Trust and Verification Application and Cluster Management Image Management Security Distributed State Network Container Runtime Volumes Orchestration Application Composition, Deployment and Reliability Certified Containers Certified Plugins Certified Infrastructure Enterprise Edition Optimized Container Engine Integrated App and Cluster Management Certification and Support

Modernizing Java Apps with Docker

More Related Content

What's hot

Viewers also liked

Similar to Modernizing Java Apps with Docker

More from Docker, Inc.

Recently uploaded

Modernizing Java Apps with Docker