Modernizing Traditional Apps: Java Edition Sophia Parafina, Docker, Developer Relations Engineer Arun Gupta, Amazon Web Services, Java Champion
Modernizing Traditional Apps:Java EditionSophia Parafina, Docker, Developer Relations EngineerArun Gupta, Amazon Web Services, Java Champion
Internal External
LAMP Stack
Java
Linux
.NET
.NET IIS
Windows
No idea what the app is made of
Original app authors are no longer around
When was it last updated?
Don’t change it! Don’t break it
Common Challenges Of A Legacy App
Needs of modern applications
Faster response to change in market
Delivery time Change time Reduce human errors
Scaling to demand Faster recovery High availability Automation
Microservices and Containers
Single Responsibility Principle
Explicitly Published Interface
Independently replace and upgrade
Polyglot Lightweight andFast startup Fault Isolation
Containers abstract applications from infrastructure
• Eliminates the “works on my machine” problem
• Containers packages code and dependencies together into an isolated process
• Containers standardize any workload: legacy, microservices, ISV apps (Windows and Linux)
• App configurations “travel” with the app, are not built to the infrastructure
• Easy app composition of simple to complex apps with security, networks, storage, env variables, ports
Reduce the attack surface area of legacy apps
• Reduce risk associated with older code and components
• Default out of the box settings provide greater security
• Configurable settings allow admins to further isolate the app
• Eliminate all unnecessary syscalls, process, and access to host resources
pid namespace
mnt namespace
net namespace
uts namespace
user namespace
pivot_root
uid/gid drop
cap drop
all cgroups
selinux
apparmor
seccomp
1. Out of the box default settings and
profiles
2. Granular controls to customize settings
Docker Community Edition and Enterprise Edition
Kubernetes
Swarm and Kubernetes!
Amazon EC2 Container Service
Container management service on Amazon EC2 instancesFully-managed: no need to install, operate or scale your ownResource managementDesigned for use with other AWS services
ELB, VPC, CloudWatch, Code*, ...
Why now?
Cloud is the new normalDevOps adoption and maturityTechnology availabilityLightweight RPC (JSON, REST) popularityDesire to move faster at lower costEvidence that cross-functional teams are more efficient
Customer pain points
Scale on X-axis or Z-axis, independent of othersSimpler maintenance than a monolithIndependently replaceable or upgradablePotentially heterogenous and polyglotFault and resource isolation
Modernize Traditional Apps with Docker Enterprise Edition to get
portability, security and efficiency of apps without changing the code
You have to cut into the 80%
To Fuel The Innovation
Docker EE Gives Legacy Applications Modern Capabilities without any recoding or refactoring of the app
Efficient Portable SecureOptimize CapEx and OpEx costs
Infrastructure Independent
Apps
Reduce risk and enforce new controls
Size of Infrastructure
50% Reduction
Deployment Speed MTTR for Patchingup to
90%Faster
up to
90%Faster
Docker EE saves time and money
EfficientOptimize CapEx and OpEx costs
Reduce Total IT Costs by 50%• Consolidate infrastructure• Reduce software costs• Gain operational efficiency
Eliminate the outdated app runbook for a simple Dockerfile
Before After
● VMs contain a full OS instance within each VM
● Containers share the kernel of a single OS instance on the physical or virtual server
● Average infrastructure consolidation is 50%
● Checked into repository
Streamline configuration managementBefore
100 Page Binder
● Replace the printed (often out of date) runbooks for app deployment and ops documentation
● Dockerfile contains all commands to assemble a Docker container
● Define instructions including: ports, volumes, environment variables, healthchecks and more
AfterSingle Text File
● Dockerfile containing all the instructions to deploy your app.
● Enables consistent deployments across multiple environments, and eliminates the problem of “snowflake infrastructure”
Eliminate the outdated app runbook for a simple Dockerfile
Simplify app configuration management
● define app configs in Dockerfile (single container) or Compose file (multi-container)
Eliminate configuration drift
● No more patching in place, deploy new
● New deployment = new container image and tag in registry
● docker diff command shows exactly what’s changed in the container compared to the dockerfile
Improve asset management
● Centrally manage all container images in a private registry
● Keep a record of all versions (tags) of images available for
Improve app operations: deployments, rollback with built in app reliability
● Copy and paste or single command to deploy apps and define state
● Rolling updates reduce the risk of new deployments
● Easy roll back to previous known container
● Built in health checks continually monitor containers
● Automatic rescheduling of containers in the event of a failure
Docker EE ensures hybrid cloud portability
Deploy any app anywhere• Applications can move across
multiple infrastructures• Infrastructure agnostic propertiesPortable
Infrastructure Independent
Apps
Container architecture provides infrastructure agnostic packaging and tooling
Disparate IT Infrastructure
Host OS
Container as a Service
ContainerApp A
Bins/Lib
Linux Mainframe AWS Azure OtherPublic CloudsWindows
ContainerApp B
Bins/Lib
ContainerApp C
Bins/Lib
ContainerApp D
Bins/Lib
ContainerApp E
Bins/Lib
Get infrastructure flexibility and portability for legacy apps
Dev Test Prod
Developer can work in whatever environment
they're used to
Application gets moved into Test/QE environment
Application can then be promoted to production on any
public, private, or hybrid infrastructure
Security Scan
Security Scan
Reduce risk profile • More secure environment• Reduce surface area • Vulnerability management
SecureReduce risk and
enforce new controls
Docker EE enhances application security
Run apps on the most secure environment• The most secure container runtime and
orchestration architecture
• Secure by default with out of the box configurations
• Cryptographic node identity
• Automatic mutual TLS across all nodes within the Docker cluster
• Transparent and automatic cert rotation
• External CA integration
• Optionally encrypt container to container traffic
ManagerNode
CertificateAuthority
TLS
ManagerNode
CertificateAuthority
TLS
ManagerNode
CertificateAuthority
TLS
Worker
TLS
Worker
TLS
Worker
TLS
Make apps safer with vulnerability scanning and monitoring
• Security scanning performs binary level scanning of application
• Detailed BOM provides security profile of application packages
• Make informed decisions before deployment
• BOM is maintained and continuously monitored against leading CVE databases
Granular access control for users, apps and nodes
• Restrict access to apps and resources
• Leverage predefined or custom roles available to manage access and permissions
• Create logical or physical isolation between apps and teams
Leverage a secure and automated software supply chain
• Establish chain of trust with apps as they move across environments
• Digitally sign containers and only run verified containers
• Freshness guarantee ensures no tampering and latest container is running
• Automate workflow with immutable repos and automated image promotion
Docker 2017 - Confidential
MTA Process
Methodology: Docker EE Modernizes Apps and Infrastructure
ExistingApplication
Modern Methodologies
Integrate to CI/CDand automation
system
Convert to a container
with Docker EE
Modern Infrastructure
Built on premise, in the cloud, or as part of a hybrid environment.
Modern Microservices
Add new services or start peeling off
services from monolith code base
App
Breaking down the deployment savingsApp deployments before and after Docker
32
~100 man hours
~<24 man hours
Before: Traditional App Deployment : Manual, Risky, Slow
Take Offline Deploy Smoke Test Acceptance Test Go/No-Go
• Long running processes with several manual steps
• Scheduled out of hours
• Disruption to users
• Lengthy Install Guide(50 pages, 100 man hours to write) usually word document and mostly inaccurate
• Bloated App binaries • Bloated App files
• Bloated test documents
• Requires priorknowledge of the app
• Manual tests requires Dev and Ops
• Manual bloatedregression pack, takes multi hours
• Low confidence rate• Rollback is repeat of
the entire process
After with Docker: Modern App Deployment : Automated, Proven, Fast
Take Offline Deploy Acceptance test Go/No-Go
• Need not be scheduled out of hours
• No disruption to users
• ONE single command • ONE light Docker
image • Built in health checks
• AutomatedRegression Pack
• Rapid addition of new features
• High confidence rate• Fast rollback
repeatable
After : Modern App Deployment : Automated, Proven, Fast
Before : Traditional App Deployment : Manual, Risky, Slow
Docker 2017 - CONFIDENTIAL
Monolithic Java Applications
Demo
dockercon.com/labs
Interested in MTA● Stop by the booth (MTA pod)
● Download the kit www.docker.com/mta
● Look for a MTA Roadshow near you
● Contact your Account Team
Docker EEHosted Demo
● Free 4 Hour Demo● No Servers Required● Full Docker EE
Cluster Access
docker.com/trial
39
Recap: Docker Enterprise Edition Capabilities
Policy Management
Image Scanning and Monitoring
Secure Access and User Management
Content Trust and Verification
Application and Cluster Management
Image Management
Security
Distributed State
Network
Container Runtime
Volumes
Orchestration
Application Composition, Deployment and Reliability
Certified Containers Certified Plugins
Certified Infrastructure
Enterprise Edition
Optimized Container Engine
Integrated App and Cluster Management
Certification and Support