Modernizing Java Apps with Docker

39
Modernizing Traditional Apps: Java Edition Sophia Parafina, Docker, Developer Relations Engineer Arun Gupta, Amazon Web Services, Java Champion

Transcript of Modernizing Java Apps with Docker

Page 1: Modernizing Java Apps with Docker

Modernizing Traditional Apps:Java EditionSophia Parafina, Docker, Developer Relations EngineerArun Gupta, Amazon Web Services, Java Champion

Page 2: Modernizing Java Apps with Docker

Internal External

LAMP Stack

Java

Linux

.NET

.NET IIS

Windows

No idea what the app is made of

Original app authors are no longer around

When was it last updated?

Don’t change it! Don’t break it

Common Challenges Of A Legacy App

Page 3: Modernizing Java Apps with Docker

Needs of modern applications

Faster response to change in market

Delivery time Change time Reduce human errors

Scaling to demand Faster recovery High availability Automation

Page 4: Modernizing Java Apps with Docker

Microservices and Containers

Single Responsibility Principle

Explicitly Published Interface

Independently replace and upgrade

Polyglot Lightweight andFast startup Fault Isolation

Page 5: Modernizing Java Apps with Docker

Containers abstract applications from infrastructure

• Eliminates the “works on my machine” problem

• Containers packages code and dependencies together into an isolated process

• Containers standardize any workload: legacy, microservices, ISV apps (Windows and Linux)

• App configurations “travel” with the app, are not built to the infrastructure

• Easy app composition of simple to complex apps with security, networks, storage, env variables, ports

Page 6: Modernizing Java Apps with Docker

Reduce the attack surface area of legacy apps

• Reduce risk associated with older code and components

• Default out of the box settings provide greater security

• Configurable settings allow admins to further isolate the app

• Eliminate all unnecessary syscalls, process, and access to host resources

pid namespace

mnt namespace

net namespace

uts namespace

user namespace

pivot_root

uid/gid drop

cap drop

all cgroups

selinux

apparmor

seccomp

1. Out of the box default settings and

profiles

2. Granular controls to customize settings

Page 7: Modernizing Java Apps with Docker

Docker Community Edition and Enterprise Edition

Page 8: Modernizing Java Apps with Docker

Kubernetes

Page 9: Modernizing Java Apps with Docker

Swarm and Kubernetes!

Page 10: Modernizing Java Apps with Docker

Amazon EC2 Container Service

Container management service on Amazon EC2 instancesFully-managed: no need to install, operate or scale your ownResource managementDesigned for use with other AWS services

ELB, VPC, CloudWatch, Code*, ...

Page 11: Modernizing Java Apps with Docker

Why now?

Cloud is the new normalDevOps adoption and maturityTechnology availabilityLightweight RPC (JSON, REST) popularityDesire to move faster at lower costEvidence that cross-functional teams are more efficient

Page 12: Modernizing Java Apps with Docker

Customer pain points

Scale on X-axis or Z-axis, independent of othersSimpler maintenance than a monolithIndependently replaceable or upgradablePotentially heterogenous and polyglotFault and resource isolation

Page 13: Modernizing Java Apps with Docker

Modernize Traditional Apps with Docker Enterprise Edition to get

portability, security and efficiency of apps without changing the code

You have to cut into the 80%

To Fuel The Innovation

Page 14: Modernizing Java Apps with Docker

Docker EE Gives Legacy Applications Modern Capabilities without any recoding or refactoring of the app

Efficient Portable SecureOptimize CapEx and OpEx costs

Infrastructure Independent

Apps

Reduce risk and enforce new controls

Size of Infrastructure

50% Reduction

Deployment Speed MTTR for Patchingup to

90%Faster

up to

90%Faster

Page 15: Modernizing Java Apps with Docker

Docker EE saves time and money

EfficientOptimize CapEx and OpEx costs

Reduce Total IT Costs by 50%• Consolidate infrastructure• Reduce software costs• Gain operational efficiency

Page 16: Modernizing Java Apps with Docker

Eliminate the outdated app runbook for a simple Dockerfile

Before After

● VMs contain a full OS instance within each VM

● Containers share the kernel of a single OS instance on the physical or virtual server

● Average infrastructure consolidation is 50%

● Checked into repository

Page 17: Modernizing Java Apps with Docker

Streamline configuration managementBefore

100 Page Binder

● Replace the printed (often out of date) runbooks for app deployment and ops documentation

● Dockerfile contains all commands to assemble a Docker container

● Define instructions including: ports, volumes, environment variables, healthchecks and more

AfterSingle Text File

● Dockerfile containing all the instructions to deploy your app.

● Enables consistent deployments across multiple environments, and eliminates the problem of “snowflake infrastructure”

Page 18: Modernizing Java Apps with Docker

Eliminate the outdated app runbook for a simple Dockerfile

Simplify app configuration management

● define app configs in Dockerfile (single container) or Compose file (multi-container)

Eliminate configuration drift

● No more patching in place, deploy new

● New deployment = new container image and tag in registry

● docker diff command shows exactly what’s changed in the container compared to the dockerfile

Page 19: Modernizing Java Apps with Docker
Page 20: Modernizing Java Apps with Docker

Improve asset management

● Centrally manage all container images in a private registry

● Keep a record of all versions (tags) of images available for

Page 21: Modernizing Java Apps with Docker

Improve app operations: deployments, rollback with built in app reliability

● Copy and paste or single command to deploy apps and define state

● Rolling updates reduce the risk of new deployments

● Easy roll back to previous known container

● Built in health checks continually monitor containers

● Automatic rescheduling of containers in the event of a failure

Page 22: Modernizing Java Apps with Docker

Docker EE ensures hybrid cloud portability

Deploy any app anywhere• Applications can move across

multiple infrastructures• Infrastructure agnostic propertiesPortable

Infrastructure Independent

Apps

Page 23: Modernizing Java Apps with Docker

Container architecture provides infrastructure agnostic packaging and tooling

Disparate IT Infrastructure

Host OS

Container as a Service

ContainerApp A

Bins/Lib

Linux Mainframe AWS Azure OtherPublic CloudsWindows

ContainerApp B

Bins/Lib

ContainerApp C

Bins/Lib

ContainerApp D

Bins/Lib

ContainerApp E

Bins/Lib

Page 24: Modernizing Java Apps with Docker

Get infrastructure flexibility and portability for legacy apps

Dev Test Prod

Developer can work in whatever environment

they're used to

Application gets moved into Test/QE environment

Application can then be promoted to production on any

public, private, or hybrid infrastructure

Security Scan

Security Scan

Page 25: Modernizing Java Apps with Docker

Reduce risk profile • More secure environment• Reduce surface area • Vulnerability management

SecureReduce risk and

enforce new controls

Docker EE enhances application security

Page 26: Modernizing Java Apps with Docker

Run apps on the most secure environment• The most secure container runtime and

orchestration architecture

• Secure by default with out of the box configurations

• Cryptographic node identity

• Automatic mutual TLS across all nodes within the Docker cluster

• Transparent and automatic cert rotation

• External CA integration

• Optionally encrypt container to container traffic

ManagerNode

CertificateAuthority

TLS

ManagerNode

CertificateAuthority

TLS

ManagerNode

CertificateAuthority

TLS

Worker

TLS

Worker

TLS

Worker

TLS

Page 27: Modernizing Java Apps with Docker

Make apps safer with vulnerability scanning and monitoring

• Security scanning performs binary level scanning of application

• Detailed BOM provides security profile of application packages

• Make informed decisions before deployment

• BOM is maintained and continuously monitored against leading CVE databases

Page 28: Modernizing Java Apps with Docker

Granular access control for users, apps and nodes

• Restrict access to apps and resources

• Leverage predefined or custom roles available to manage access and permissions

• Create logical or physical isolation between apps and teams

Page 29: Modernizing Java Apps with Docker

Leverage a secure and automated software supply chain

• Establish chain of trust with apps as they move across environments

• Digitally sign containers and only run verified containers

• Freshness guarantee ensures no tampering and latest container is running

• Automate workflow with immutable repos and automated image promotion

Page 30: Modernizing Java Apps with Docker

Docker 2017 - Confidential

MTA Process

Page 31: Modernizing Java Apps with Docker

Methodology: Docker EE Modernizes Apps and Infrastructure

ExistingApplication

Modern Methodologies

Integrate to CI/CDand automation

system

Convert to a container

with Docker EE

Modern Infrastructure

Built on premise, in the cloud, or as part of a hybrid environment.

Modern Microservices

Add new services or start peeling off

services from monolith code base

App

Page 32: Modernizing Java Apps with Docker

Breaking down the deployment savingsApp deployments before and after Docker

32

~100 man hours

~<24 man hours

Before: Traditional App Deployment : Manual, Risky, Slow

Take Offline Deploy Smoke Test Acceptance Test Go/No-Go

• Long running processes with several manual steps

• Scheduled out of hours

• Disruption to users

• Lengthy Install Guide(50 pages, 100 man hours to write) usually word document and mostly inaccurate

• Bloated App binaries • Bloated App files

• Bloated test documents

• Requires priorknowledge of the app

• Manual tests requires Dev and Ops

• Manual bloatedregression pack, takes multi hours

• Low confidence rate• Rollback is repeat of

the entire process

After with Docker: Modern App Deployment : Automated, Proven, Fast

Take Offline Deploy Acceptance test Go/No-Go

• Need not be scheduled out of hours

• No disruption to users

• ONE single command • ONE light Docker

image • Built in health checks

• AutomatedRegression Pack

• Rapid addition of new features

• High confidence rate• Fast rollback

repeatable

After : Modern App Deployment : Automated, Proven, Fast

Before : Traditional App Deployment : Manual, Risky, Slow

Docker 2017 - CONFIDENTIAL

Page 33: Modernizing Java Apps with Docker

Monolithic Java Applications

Page 34: Modernizing Java Apps with Docker

Demo

Page 35: Modernizing Java Apps with Docker

dockercon.com/labs

Page 37: Modernizing Java Apps with Docker

Interested in MTA● Stop by the booth (MTA pod)

● Download the kit www.docker.com/mta

● Look for a MTA Roadshow near you

● Contact your Account Team

Page 38: Modernizing Java Apps with Docker

Docker EEHosted Demo

● Free 4 Hour Demo● No Servers Required● Full Docker EE

Cluster Access

docker.com/trial

Page 39: Modernizing Java Apps with Docker

39

Recap: Docker Enterprise Edition Capabilities

Policy Management

Image Scanning and Monitoring

Secure Access and User Management

Content Trust and Verification

Application and Cluster Management

Image Management

Security

Distributed State

Network

Container Runtime

Volumes

Orchestration

Application Composition, Deployment and Reliability

Certified Containers Certified Plugins

Certified Infrastructure

Enterprise Edition

Optimized Container Engine

Integrated App and Cluster Management

Certification and Support