SlideShare a Scribd company logo

Modernizing Java Apps with Docker

Docker, Inc.
Docker, Inc.

Docker provides PODA (Package Once Deploy Anywhere) and complements WORA (Write Once Run Anywhere) provided by Java. It also helps you reduce the impedance mismatch between dev, test, and production environment and simplifies Java application deployment. This session will explain how to: * Run your first Java application with Docker * Package your Java application with Docker * Share your Java application using Docker Hub * Deploy your Java application using Maven * Deploy your application using Docker for AWS * Scale Java services with Docker Engine swarm mode * Package your multi-container application and use service discovery * Monitor your Docker + Java applications * Build a deployment pipeline using common tools

Related slideshows

Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
 
Top 5 benefits of docker
Top 5 benefits of dockerTop 5 benefits of docker
Top 5 benefits of docker
 
1 of 39
Download to read offline
Modernizing Traditional Apps: Java Edition Sophia Parafina, Docker, Developer Relations Engineer Arun Gupta, Amazon Web Services, Java Champion
Internal External LAMP Stack Java Linux .NET .NET IIS Windows No idea what the app is made of Original app authors are no longer around When was it last updated? Don’t change it! Don’t break it Common Challenges Of A Legacy App
Needs of modern applications Faster response to change in market Delivery time Change time Reduce human errors Scaling to demand Faster recovery High availability Automation
Microservices and Containers Single Responsibility Principle Explicitly Published Interface Independently replace and upgrade Polyglot Lightweight and Fast startup Fault Isolation
Containers abstract applications from infrastructure • Eliminates the “works on my machine” problem • Containers packages code and dependencies together into an isolated process • Containers standardize any workload: legacy, microservices, ISV apps (Windows and Linux) • App configurations “travel” with the app, are not built to the infrastructure • Easy app composition of simple to complex apps with security, networks, storage, env variables, ports
Reduce the attack surface area of legacy apps • Reduce risk associated with older code and components • Default out of the box settings provide greater security • Configurable settings allow admins to further isolate the app • Eliminate all unnecessary syscalls, process, and access to host resources pid namespace mnt namespace net namespace uts namespace user namespace pivot_root uid/gid drop cap drop all cgroups selinux apparmor seccomp 1. Out of the box default settings and profiles 2. Granular controls to customize settings
Docker Community Edition and Enterprise Edition
Kubernetes
Swarm and Kubernetes!
Amazon EC2 Container Service Container management service on Amazon EC2 instances Fully-managed: no need to install, operate or scale your own Resource management Designed for use with other AWS services ELB, VPC, CloudWatch, Code*, ...
Why now? Cloud is the new normal DevOps adoption and maturity Technology availability Lightweight RPC (JSON, REST) popularity Desire to move faster at lower cost Evidence that cross-functional teams are more efficient
Customer pain points Scale on X-axis or Z-axis, independent of others Simpler maintenance than a monolith Independently replaceable or upgradable Potentially heterogenous and polyglot Fault and resource isolation
Modernize Traditional Apps with Docker Enterprise Edition to get portability, security and efficiency of apps without changing the code You have to cut into the 80% To Fuel The Innovation
Docker EE Gives Legacy Applications Modern Capabilities without any recoding or refactoring of the app Efficient Portable Secure Optimize CapEx and OpEx costs Infrastructure Independent Apps Reduce risk and enforce new controls Size of Infrastructure 50% Reduction Deployment Speed MTTR for Patching up to 90% Faster up to 90% Faster
Docker EE saves time and money Efficient Optimize CapEx and OpEx costs Reduce Total IT Costs by 50% • Consolidate infrastructure • Reduce software costs • Gain operational efficiency
Eliminate the outdated app runbook for a simple Dockerfile Before After ● VMs contain a full OS instance within each VM ● Containers share the kernel of a single OS instance on the physical or virtual server ● Average infrastructure consolidation is 50%
Streamline configuration management Before 100 Page Binder ● Replace the printed (often out of date) runbooks for app deployment and ops documentation ● Dockerfile contains all commands to assemble a Docker container ● Define instructions including: ports, volumes, environment variables, healthchecks and more After Single Text File ● Dockerfile containing all the instructions to deploy your app. ● Enables consistent deployments across multiple environments, and eliminates the problem of “snowflake infrastructure”
Eliminate the outdated app runbook for a simple Dockerfile Simplify app configuration management ● define app configs in Dockerfile (single container) or Compose file (multi- container) Eliminate configuration drift ● No more patching in place, deploy new ● New deployment = new container image and tag in registry ● docker diff command shows exactly what’s changed in the container compared to the dockerfile
Modernizing Java Apps with Docker
Improve asset management ● Centrally manage all container images in a private registry ● Keep a record of all versions (tags) of images available for
Improve app operations: deployments, rollback with built in app reliability ● Copy and paste or single command to deploy apps and define state ● Rolling updates reduce the risk of new deployments ● Easy roll back to previous known container ● Built in health checks continually monitor containers ● Automatic rescheduling of containers in the event of a failure
Docker EE ensures hybrid cloud portability Deploy any app anywhere • Applications can move across multiple infrastructures • Infrastructure agnostic propertiesPortable Infrastructure Independent Apps
Container architecture provides infrastructure agnostic packaging and tooling Disparate IT Infrastructure Host OS Container as a Service Container App A Bins/Lib Linux Mainframe AWS Azure Other Public Clouds Windows Container App B Bins/Lib Container App C Bins/Lib Container App D Bins/Lib Container App E Bins/Lib
Get infrastructure flexibility and portability for legacy apps Dev Test Prod Developer can work in whatever environment they're used to Application gets moved into Test/QE environment Application can then be promoted to production on any public, private, or hybrid infrastructure Security Scan Security Scan
Reduce risk profile • More secure environment • Reduce surface area • Vulnerability management Secure Reduce risk and enforce new controls Docker EE enhances application security
Run apps on the most secure environment • The most secure container runtime and orchestration architecture • Secure by default with out of the box configurations • Cryptographic node identity • Automatic mutual TLS across all nodes within the Docker cluster • Transparent and automatic cert rotation • External CA integration • Optionally encrypt container to container traffic Manager Node Certificate Authority TLS Manager Node Certificate Authority TLS Manager Node Certificate Authority TLS Worker TLS Worker TLS Worker TLS
Make apps safer with vulnerability scanning and monitoring • Security scanning performs binary level scanning of application • Detailed BOM provides security profile of application packages • Make informed decisions before deployment • BOM is maintained and continuously monitored against leading CVE databases
Granular access control for users, apps and nodes • Restrict access to apps and resources • Leverage predefined or custom roles available to manage access and permissions • Create logical or physical isolation between apps and teams
Leverage a secure and automated software supply chain • Establish chain of trust with apps as they move across environments • Digitally sign containers and only run verified containers • Freshness guarantee ensures no tampering and latest container is running • Automate workflow with immutable repos and automated image promotion
Docker 2017 - Confidential MTA Process
Methodology: Docker EE Modernizes Apps and Infrastructure Existing Application Modern Methodologies Integrate to CI/CD and automation system Convert to a container with Docker EE Modern Infrastructure Built on premise, in the cloud, or as part of a hybrid environment. Modern Microservices Add new services or start peeling off services from monolith code base App
Breaking down the deployment savings App deployments before and after Docker 32 ~100 man hours ~<24 man hours Before: Traditional App Deployment : Manual, Risky, Slow Take Offline Deploy Smoke Test Acceptance Test Go/No-Go • Long running processes with several manual steps • Scheduled out of hours • Disruption to users • Lengthy Install Guide(50 pages, 100 man hours to write) usually word document and mostly inaccurate • Bloated App binaries • Bloated App files • Bloated test documents • Requires prior knowledge of the app • Manual tests requires Dev and Ops • Manual bloated regression pack, takes multi hours • Low confidence rate • Rollback is repeat of the entire process After with Docker: Modern App Deployment : Automated, Proven, Fast Take Offline Deploy Acceptance test Go/No-Go • Need not be scheduled out of hours • No disruption to users • ONE single command • ONE light Docker image • Built in health checks • Automated Regression Pack • Rapid addition of new features • High confidence rate • Fast rollback repeatable After : Modern App Deployment : Automated, Proven, Fast Before : Traditional App Deployment : Manual, Risky, Slow Docker 2017 - CONFIDENTIAL
Monolithic Java Applications
Demo
dockercon.com/labs
THANK YOU! arun.gupta@gmail.com @arungupta sophia.parafina@docker.com @spara
Interested in MTA ● Stop by the booth (MTA pod) ● Download the kit www.docker.com/mta ● Look for a MTA Roadshow near you ● Contact your Account Team
Docker EE Hosted Demo ● Free 4 Hour Demo ● No Servers Required ● Full Docker EE Cluster Access docker.com/trial
39 Recap: Docker Enterprise Edition Capabilities Policy Management Image Scanning and Monitoring Secure Access and User Management Content Trust and Verification Application and Cluster Management Image Management Security Distributed State Network Container Runtime Volumes Orchestration Application Composition, Deployment and Reliability Certified Containers Certified Plugins Certified Infrastructure Enterprise Edition Optimized Container Engine Integrated App and Cluster Management Certification and Support

More Related Content

Modernizing Java Apps with Docker

  • 1. Modernizing Traditional Apps: Java Edition Sophia Parafina, Docker, Developer Relations Engineer Arun Gupta, Amazon Web Services, Java Champion
  • 2. Internal External LAMP Stack Java Linux .NET .NET IIS Windows No idea what the app is made of Original app authors are no longer around When was it last updated? Don’t change it! Don’t break it Common Challenges Of A Legacy App
  • 3. Needs of modern applications Faster response to change in market Delivery time Change time Reduce human errors Scaling to demand Faster recovery High availability Automation
  • 5. Containers abstract applications from infrastructure • Eliminates the “works on my machine” problem • Containers packages code and dependencies together into an isolated process • Containers standardize any workload: legacy, microservices, ISV apps (Windows and Linux) • App configurations “travel” with the app, are not built to the infrastructure • Easy app composition of simple to complex apps with security, networks, storage, env variables, ports
  • 6. Reduce the attack surface area of legacy apps • Reduce risk associated with older code and components • Default out of the box settings provide greater security • Configurable settings allow admins to further isolate the app • Eliminate all unnecessary syscalls, process, and access to host resources pid namespace mnt namespace net namespace uts namespace user namespace pivot_root uid/gid drop cap drop all cgroups selinux apparmor seccomp 1. Out of the box default settings and profiles 2. Granular controls to customize settings
  • 7. Docker Community Edition and Enterprise Edition
  • 10. Amazon EC2 Container Service Container management service on Amazon EC2 instances Fully-managed: no need to install, operate or scale your own Resource management Designed for use with other AWS services ELB, VPC, CloudWatch, Code*, ...
  • 11. Why now? Cloud is the new normal DevOps adoption and maturity Technology availability Lightweight RPC (JSON, REST) popularity Desire to move faster at lower cost Evidence that cross-functional teams are more efficient
  • 12. Customer pain points Scale on X-axis or Z-axis, independent of others Simpler maintenance than a monolith Independently replaceable or upgradable Potentially heterogenous and polyglot Fault and resource isolation
  • 13. Modernize Traditional Apps with Docker Enterprise Edition to get portability, security and efficiency of apps without changing the code You have to cut into the 80% To Fuel The Innovation
  • 14. Docker EE Gives Legacy Applications Modern Capabilities without any recoding or refactoring of the app Efficient Portable Secure Optimize CapEx and OpEx costs Infrastructure Independent Apps Reduce risk and enforce new controls Size of Infrastructure 50% Reduction Deployment Speed MTTR for Patching up to 90% Faster up to 90% Faster
  • 15. Docker EE saves time and money Efficient Optimize CapEx and OpEx costs Reduce Total IT Costs by 50% • Consolidate infrastructure • Reduce software costs • Gain operational efficiency
  • 16. Eliminate the outdated app runbook for a simple Dockerfile Before After ● VMs contain a full OS instance within each VM ● Containers share the kernel of a single OS instance on the physical or virtual server ● Average infrastructure consolidation is 50%
  • 17. Streamline configuration management Before 100 Page Binder ● Replace the printed (often out of date) runbooks for app deployment and ops documentation ● Dockerfile contains all commands to assemble a Docker container ● Define instructions including: ports, volumes, environment variables, healthchecks and more After Single Text File ● Dockerfile containing all the instructions to deploy your app. ● Enables consistent deployments across multiple environments, and eliminates the problem of “snowflake infrastructure”
  • 18. Eliminate the outdated app runbook for a simple Dockerfile Simplify app configuration management ● define app configs in Dockerfile (single container) or Compose file (multi- container) Eliminate configuration drift ● No more patching in place, deploy new ● New deployment = new container image and tag in registry ● docker diff command shows exactly what’s changed in the container compared to the dockerfile
  • 20. Improve asset management ● Centrally manage all container images in a private registry ● Keep a record of all versions (tags) of images available for
  • 21. Improve app operations: deployments, rollback with built in app reliability ● Copy and paste or single command to deploy apps and define state ● Rolling updates reduce the risk of new deployments ● Easy roll back to previous known container ● Built in health checks continually monitor containers ● Automatic rescheduling of containers in the event of a failure
  • 22. Docker EE ensures hybrid cloud portability Deploy any app anywhere • Applications can move across multiple infrastructures • Infrastructure agnostic propertiesPortable Infrastructure Independent Apps
  • 23. Container architecture provides infrastructure agnostic packaging and tooling Disparate IT Infrastructure Host OS Container as a Service Container App A Bins/Lib Linux Mainframe AWS Azure Other Public Clouds Windows Container App B Bins/Lib Container App C Bins/Lib Container App D Bins/Lib Container App E Bins/Lib
  • 24. Get infrastructure flexibility and portability for legacy apps Dev Test Prod Developer can work in whatever environment they're used to Application gets moved into Test/QE environment Application can then be promoted to production on any public, private, or hybrid infrastructure Security Scan Security Scan
  • 25. Reduce risk profile • More secure environment • Reduce surface area • Vulnerability management Secure Reduce risk and enforce new controls Docker EE enhances application security
  • 26. Run apps on the most secure environment • The most secure container runtime and orchestration architecture • Secure by default with out of the box configurations • Cryptographic node identity • Automatic mutual TLS across all nodes within the Docker cluster • Transparent and automatic cert rotation • External CA integration • Optionally encrypt container to container traffic Manager Node Certificate Authority TLS Manager Node Certificate Authority TLS Manager Node Certificate Authority TLS Worker TLS Worker TLS Worker TLS
  • 27. Make apps safer with vulnerability scanning and monitoring • Security scanning performs binary level scanning of application • Detailed BOM provides security profile of application packages • Make informed decisions before deployment • BOM is maintained and continuously monitored against leading CVE databases
  • 28. Granular access control for users, apps and nodes • Restrict access to apps and resources • Leverage predefined or custom roles available to manage access and permissions • Create logical or physical isolation between apps and teams
  • 29. Leverage a secure and automated software supply chain • Establish chain of trust with apps as they move across environments • Digitally sign containers and only run verified containers • Freshness guarantee ensures no tampering and latest container is running • Automate workflow with immutable repos and automated image promotion
  • 30. Docker 2017 - Confidential MTA Process
  • 31. Methodology: Docker EE Modernizes Apps and Infrastructure Existing Application Modern Methodologies Integrate to CI/CD and automation system Convert to a container with Docker EE Modern Infrastructure Built on premise, in the cloud, or as part of a hybrid environment. Modern Microservices Add new services or start peeling off services from monolith code base App
  • 32. Breaking down the deployment savings App deployments before and after Docker 32 ~100 man hours ~<24 man hours Before: Traditional App Deployment : Manual, Risky, Slow Take Offline Deploy Smoke Test Acceptance Test Go/No-Go • Long running processes with several manual steps • Scheduled out of hours • Disruption to users • Lengthy Install Guide(50 pages, 100 man hours to write) usually word document and mostly inaccurate • Bloated App binaries • Bloated App files • Bloated test documents • Requires prior knowledge of the app • Manual tests requires Dev and Ops • Manual bloated regression pack, takes multi hours • Low confidence rate • Rollback is repeat of the entire process After with Docker: Modern App Deployment : Automated, Proven, Fast Take Offline Deploy Acceptance test Go/No-Go • Need not be scheduled out of hours • No disruption to users • ONE single command • ONE light Docker image • Built in health checks • Automated Regression Pack • Rapid addition of new features • High confidence rate • Fast rollback repeatable After : Modern App Deployment : Automated, Proven, Fast Before : Traditional App Deployment : Manual, Risky, Slow Docker 2017 - CONFIDENTIAL
  • 34. Demo
  • 37. Interested in MTA ● Stop by the booth (MTA pod) ● Download the kit www.docker.com/mta ● Look for a MTA Roadshow near you ● Contact your Account Team
  • 38. Docker EE Hosted Demo ● Free 4 Hour Demo ● No Servers Required ● Full Docker EE Cluster Access docker.com/trial
  • 39. 39 Recap: Docker Enterprise Edition Capabilities Policy Management Image Scanning and Monitoring Secure Access and User Management Content Trust and Verification Application and Cluster Management Image Management Security Distributed State Network Container Runtime Volumes Orchestration Application Composition, Deployment and Reliability Certified Containers Certified Plugins Certified Infrastructure Enterprise Edition Optimized Container Engine Integrated App and Cluster Management Certification and Support