Simone MorellatoJul 7th 2015

& Docker better togetherApcera

Apcera Hybrid Cloud Operating System

SinglePolicy

Multiple Workloads

MultipleClouds

Enterprise-Grade Cloud Platform

Policy is built in at the core for providing pervasive security and control.

Run PaaS binaries, containers, and full OS

(capsule) on same infrastructure today.

Additional workloads in future.

Workloads mobility. Private-to-private, public-to-public, and private-to-public.

vSphere, OpenStack, AWS, GCE, IBM Softlayer, Mirantis

Express.

Unified Orchestration & Governance

Unified Infrastructure

Why containers?● > 10X as many containers can run on the same hardware

● Run anywhere - from your laptop to the cloud

● Faster boot enables on-demand application deployment

● Increased performance - no more hardware emulation

● Increased agility and mobility - No more full OS to move around

● Smaller attack surface

● Repository makes finding and deploying services easy. (Postgres/MySQL/Redis/Mongo/etc)

● Growing ecosystem of developers and tools.

Server Hardware

Hypervisor

OS OS OS

Libraries Libraries Libraries

App App App

VM

Any Hardware

Container OS

App

Container

App

Libraries Libraries

Any Cloud

1 x 30 MB

n x 700 MB

App

Libraries

App

Libraries

App

Libraries

Wast

ed

Sp

ace

Where is Docker today?

● Containers bring speed and agility to developers

● Containers are great for web and greenfield apps

● Development and runtime are siloed either in the private or in the public cloud

Private Cloud

Public CloudOR

What is industry trying to figure out?

● Containers moving into the enterprise

● Enterprise-grade security and reliability

● Multi cloud mobility● Integration with existing enterprise

apps and services ● Multi workload capabilities

Hybrid Cloud

Private Cloud

Public Cloud

● Container-optimized small-footprint OS

Docker in poduction, barriers to adoption

This report is based on the current and planned container usage patterns of 285respondents. The survey was conducted over the latter half of May 2015. https://clusterhq.com/assets/pdfs/state-of-container-usage-june-2015.pdf

Why Apcera HCOS? Complete enterprise-grade

platform Multi-host, multi-cloud secure

networking Integrated load balancing and

routing Containers isolation and

container-level firewall Images visibility, control and

malware inspection Consistent policy across multi-

cloud environments Authentication and authorization

layer Integration with production

logging services Health monitoring

Container Engine

Networking

Container Scheduling

Container Orchestration

Web Console, CLI, API

Storage Polic

y &

Govern

ance

Internal ServicesIntegration

Multi-vendor IaaS and hybrid cloud support(OpenStack, VMware, Amazon AWS, Google Cloud, Bare-metal)

Cluster Installation and Management

Advanced features

Containers linking, semantic pipelines, scaling, load balancing, images malware inspection

Multi-Workloads: Containers, OSes, Apps

External ServicesIntegration

A couple of more reasons…

Pull images directly from Docker registries Docker CLI options support Policy controls to restrict packages in the system. Layers caching for near instant launch times Dynamic binding for container to container

communication Active connections management Service credentials protection with ephemeral

credentials

Apcera vs. DIY

+

+

+

Integration effort and competence Integration with external systems and

services Feature gaps/overlap between the

components Maintenance and lifecycle

management UI and usability Security (including policy and

governance) State of the art in industry (many

components still in alpha or beta) No multi-tenancy No multi-workload

Apcera

One System vs. Components

DIY

Apcera Policy for Docker

Workload Placement

Service Access

Resource Quota

Network Ingress/Egress

Runtime Requirement

A Docker workload is just like any other

HCOS job

Policy is not limited just to resources, you can also control routes, packages, service access, etc.

Semantics pipelines

What’s in your container? You don’t know. And that’s a problem!

Image source: BanyanOps Blog, June 2015

General Images with VulnerabilitiesOfficial Images with Vulnerabilities

Security for images

Dow

nla

od

Inp

ort

Dep

en

den

cie

s

Vir

us

Sca

n

Ap

pro

val

No

tifi

cati

on

PackageRepo

RunningInstance

Docker Image

Apcera Staging Pipeline

Staging Pipeline open source API allows partners (eg. FlawCheck) and users to write custom stagers eg. Docker images security checks to detect security flaws.

Apcera provides the infrastructure that Docker needs

For more info and a FREE trial please visithttp://docs.apcera.com/setup/setup-overview/

Apcera