Download - Docker Federal Summit 2017 General Session
Docker Federal
Summit 2017
Docker 2017 - Confidential
Thank You Sponsors
Platinum
Gold
Silver
Lunch Happy Hour
Docker 2017 - Confidential
Thank You to our Federal Agency and Community Speakers
Thank You Docker Community
• Summit Attendees
• Summit Speakers
• Summit Sponsors
• Meetup Organizers
• Mentors
• Docker Team
• Customers
• Partners
• Docker Captains
• Contributors & Maintainers
Docker 2017 - Confidential
Driving Docker Momentum in the Industry
Docker
Hosts
14MGrowth in Docker
job listings
77K%Image pulls
Over 390K%
Growth
12BDocker
apps
900KProject
Contributors
3300
Docker 2017 - Confidential
Building a New Industry
Docker Pulls
Docker 2017 - Confidential
Communities Helping Communities
Docker 2017 - Confidential
Healing heroes one
family at a time
www.bouldercrestretreat.org
Docker 2017 - Confidential
Thank you for your
participation today.
Together we are sending
two families to Boulder
Crest for a weekend of
healing.
Visit their table on the 8th
floor to learn more
Docker 2017 - Confidential
Give Back Together
www.bouldercrestretreat.org
Docker 2017 - Confidential
Federal Summit Logistics
• All meals and happy hour
• General session
• Platinum sponsor talks
• Sponsor expo
7th Floor
• Coffee Break
• Learning Lab: Hands on Tutorials
• Gold sponsor talks
• Sponsor expo
8th Floor
Docker 2017 - Confidential
Iain Gray
SVP Customer Success
Docker 2017 - Confidential
Docker In Every Industry
Service
ProviderTec
h
Public
SectorInsurance
Healthcare
& Science
Financial
Services
Docker 2017 - Confidential
Being Used for Critical Apps
To keep planes in the air
To keep soldiers away
from landmines
To cure
diseases
To process $ billions in
transactions per day
To keep the largest ecommerce
websites running
To power the largest
financial institutions
To monitor fire
alarms
To keep healthcare systems
running smoothly
Docker 2017 - Confidential
Docker in Public Sector
Docker 2017 - Confidential
The Myth of Bi-Modal IT
MICROSERVICES TRADITIONAL APPS
Cloud or New
InfrastructureYou are either here..
Old Infrastructure …or here
Docker 2017 - Confidential
There is only one mode
FAST
Docker 2017 - Confidential
Enabling a Journey
…you should be past AND future proof
MICROSERVICESAGILE TRADITIONAL
APPSTRADITIONAL APPS
Cloud or New
Infrastructure
Old
Infrastructure
Docker 2017 - Confidential
The Reality Is Diverse
Virtual
IT Ops
Windows
Cloud
Microservices
Bare Metal
Developers
Traditional
Linux
On Premises
Docker 2017 - Confidential
What is Required for Modern IT
1
2
3
A secure and reliable base platform
Security across the entire supply chain
Leverage an ecosystem that
extends these principles
Docker 2017 - Confidential
The IT Reality is Diverse Apps and Infrastructure
Traditional
Third Party
Microservices
Applications Infrastructure
Docker 2017 - Confidential
Start With a Secure Base and Containerize Apps
Traditional
Third Party
Microservices
DEVELOPERS IT OPERATIONS
Docker 2017 - Confidential
Standardize and Secure the Supply Chain from Dev
Image RegistrySecurity scan& sign
Traditional
Third Party
Microservices
docker store
DEVELOPERS
Docker 2017 - Confidential
Secure the Software Supply Chain to Production
Image RegistrySecurity scan& sign
Traditional
Third Party
Microservices
docker store
DEVELOPERS IT OPERATIONS
Control Plane
Docker 2017 - Confidential
Nathan McCauley
Director Security Engineering
Usable
SecuritySecure defaults with tooling that is native to both dev
and ops
The Key Components of Container Security
2
5
Infrastructure
Independent
Trusted
Delivery
Safer Apps
Everything needed for a full functioning app is delivered
safely and guaranteed to not be tampered with
All of these things in your system are in the app
platform and can move across infrastructure without
disrupting the app
+
+
=
What is Least
Privilege
Infrastructure?
What is Least
Privilege?
A process must be able to access
only the information and
resources that are necessary for
its legitimate purpose. Principle of Least Privilege
Infrastructure that follows the
principle of least privilege in the
strictest manner possible.
Least Privilege Infrastructure
Why Least Privilege?
Blast Radius
Reduction
My Apartment
Neighbor’s Apt
Garage
Neighbor’s Car
My Apartment
Neighbor’s Apt
Garage
Neighbor’s Car
My Apartment
Neighbor’s Apt
Garage
Neighbor’s Car
My Apartment
Neighbor’s Apt
Garage
Neighbor’s Car
My Apartment
Neighbor’s Apt
Garage
Neighbor’s Car
How do we achieve
Least Privilege
Infrastructure?
Reduced Privilege
Neighbor’s Car
Cryptographically
Signed Artifacts
Garage
Segmentation
Neighbor’s Apt
Garage
Minimal
Dependencies
Immutable
Infrastructure
Thank
you
Docker 2017 - Confidential
What is Required for Modern IT
1
2
3
A secure and reliable base platform
Security across the entire supply chain
Leverage an ecosystem that
extends these principles
Docker 2017 - Confidential
A Reliable Platform Available Everywhere
On every Major CloudIn the Datacenter On every Major OS
Docker 2017 - Confidential
Certified & Trusted Ecosystem Technology
Docker Enterprise Edition
Docker 2017 - Confidential
A Global Network for Support and Success
Global NetworkProduct & Support
39
47
18
GSI/FSI
Docker 2017 - Confidential
Beginning the JourneyGet started by modernizing legacy apps with Docker
Enterprise Edition without changing the the source code
Docker 2017 - Confidential
Double click on the apps you already have
Third Party
Microservices
Gartner estimates
that over 90% of an application TCO
is incurred AFTER
it is initially deployed
Traditional
Docker 2017 - Confidential
Docker Brings Immediate Value to Existing Apps
Efficient
Secure
Portable Enable workload portability across hybrid cloud
Reduce the attack surface of legacy apps with inherent
container properties
Optimize infrastructure costs and streamline operations
Docker 2017 - Confidential
Savings and Speed
Optimize Infrastructure Accelerate Deployments
February 2017: HPE and Docker Reference Configuration for infrastructure optimization using Docker containers on HPE infrastructure
25% savings on VMs
47% savings on bare metal
50% savings on cloud
Provision, deploy and scale
apps up to 75% faster
Docker 2017 - Confidential
How: Modernize traditional apps approach
Existing
Application
Convert to
containerModern
InfrastructureMove to cloud or
refresh HW
Modern
MicroservicesAdd new services
or start peeling off
services from
monolith code base
Modern
MethodologiesIntegrate to CI/CD
and automation
systems
APP
Docker 2017 - Confidential
• Accelerate portability, security and efficiency for existing apps without modifying source code
• Turnkey program includes professional services, Docker Enterprise Edition and hybrid cloud infrastructure
• Available from our partner:
Modernize Traditional Apps Program
Learn More
www.docker.com/boozallen
Docker 2017 - Confidential
Banjot Chanana
Senior Director Enterprise Product
Docker 2017 - Confidential
Recap: Docker EE Secure Supply Chain
Image RegistrySecurity scan& sign
Traditional
Third Party
Microservices
docker store
DEVELOPERS IT OPERATIONS
Control Plane
Docker 2017 - Confidential
Docker Enterprise Edition (EE) Values
Efficient
Secure
PortableApplication composition and configuration portability
across any infrastructure
Safer applications and infrastructure
Optimize infrastructure costs and streamline operations
Docker 2017 - Confidential
Key Capabilities of Docker EE
Container App Lifecycle Workflow
Private Image Registry
Image Scanning and
Monitoring
Secure Access and
User Management
Content Trust and
Verification
Application and
Cluster Management
Policy Management
Integrated Lifecycle
Management
Security
Distributed State
Network
Container Runtime
Volumes
Orchestration
Container Engine
Application Composition, Deployment and Reliability
Docker 2017 - Confidential
•Built in orchestration:
clustering and scheduling
•Automatic cluster security
TLS, CA, and rotation
•Container centric networking
•Pluggable platform
Secure and Reliable Base
Security
Distributed State
Network
Container Runtime
Volumes
Orchestration
Docker 2017 - Confidential
•One supply chain for all
applications
•App composition from dev
deploys direct to production
•Secure access with RBAC
and LDAP/AD support
•Integrated content security
End to End Container Lifecycle
Container App Lifecycle Workflow
Private Image Registry
Image Scanning and
Monitoring
Secure Access and
User Management
Content Trust and
Verification
Application and
Cluster Management
Policy Management
Application Composition, Deployment and Reliability
Docker 2017 - Confidential
Demo
Docker 2017 - Confidential
Thank You and Enjoy the Day Next Up
Agency Panel Discussion
by Booz Allen Hamilton
featuring GSA, JIDO, USCIS
Titled “Lessons Learned in Adopting
Containers in Production”
7th Floor
Learning Lab
Featuring Docker Orchestration
Taught by Docker Captains Bret Fisher and Phil Estes
8th Floor
THANK YOU
Docker 2017 - Confidential