Docker & Apcera Better Together
-
Upload
simone-morellato -
Category
Technology
-
view
685 -
download
2
Transcript of Docker & Apcera Better Together
Apcera Hybrid Cloud Operating System
SinglePolicy
Multiple Workloads
MultipleClouds
Enterprise-Grade Cloud Platform
Policy is built in at the core for providing pervasive security and control.
Run PaaS binaries, containers, and full OS
(capsule) on same infrastructure today.
Additional workloads in future.
Workloads mobility. Private-to-private, public-to-public, and private-to-public.
vSphere, OpenStack, AWS, GCE, IBM Softlayer, Mirantis
Express.
Unified Orchestration & Governance
Unified Infrastructure
Why containers?● > 10X as many containers can run on the same hardware
● Run anywhere - from your laptop to the cloud
● Faster boot enables on-demand application deployment
● Increased performance - no more hardware emulation
● Increased agility and mobility - No more full OS to move around
● Smaller attack surface
● Repository makes finding and deploying services easy. (Postgres/MySQL/Redis/Mongo/etc)
● Growing ecosystem of developers and tools.
Server Hardware
Hypervisor
OS OS OS
Libraries Libraries Libraries
App App App
VM
Any Hardware
Container OS
App
Container
App
Libraries Libraries
Any Cloud
1 x 30 MB
n x 700 MB
App
Libraries
App
Libraries
App
Libraries
Wast
ed
Sp
ace
Where is Docker today?
● Containers bring speed and agility to developers
● Containers are great for web and greenfield apps
● Development and runtime are siloed either in the private or in the public cloud
Private Cloud
Public CloudOR
What is industry trying to figure out?
● Containers moving into the enterprise
● Enterprise-grade security and reliability
● Multi cloud mobility● Integration with existing enterprise
apps and services ● Multi workload capabilities
Hybrid Cloud
Private Cloud
Public Cloud
● Container-optimized small-footprint OS
Docker in poduction, barriers to adoption
This report is based on the current and planned container usage patterns of 285respondents. The survey was conducted over the latter half of May 2015. https://clusterhq.com/assets/pdfs/state-of-container-usage-june-2015.pdf
Why Apcera HCOS? Complete enterprise-grade
platform Multi-host, multi-cloud secure
networking Integrated load balancing and
routing Containers isolation and
container-level firewall Images visibility, control and
malware inspection Consistent policy across multi-
cloud environments Authentication and authorization
layer Integration with production
logging services Health monitoring
Container Engine
Networking
Container Scheduling
Container Orchestration
Web Console, CLI, API
Storage Polic
y &
Govern
ance
Internal ServicesIntegration
Multi-vendor IaaS and hybrid cloud support(OpenStack, VMware, Amazon AWS, Google Cloud, Bare-metal)
Cluster Installation and Management
Advanced features
Containers linking, semantic pipelines, scaling, load balancing, images malware inspection
Multi-Workloads: Containers, OSes, Apps
External ServicesIntegration
A couple of more reasons…
Pull images directly from Docker registries Docker CLI options support Policy controls to restrict packages in the system. Layers caching for near instant launch times Dynamic binding for container to container
communication Active connections management Service credentials protection with ephemeral
credentials
Apcera vs. DIY
+
+
+
Integration effort and competence Integration with external systems and
services Feature gaps/overlap between the
components Maintenance and lifecycle
management UI and usability Security (including policy and
governance) State of the art in industry (many
components still in alpha or beta) No multi-tenancy No multi-workload
Apcera
One System vs. Components
DIY
Apcera Policy for Docker
Workload Placement
Service Access
Resource Quota
Network Ingress/Egress
Runtime Requirement
A Docker workload is just like any other
HCOS job
Policy is not limited just to resources, you can also control routes, packages, service access, etc.
Semantics pipelines
What’s in your container? You don’t know. And that’s a problem!
Image source: BanyanOps Blog, June 2015
General Images with VulnerabilitiesOfficial Images with Vulnerabilities
Security for images
Dow
nla
od
Inp
ort
Dep
en
den
cie
s
Vir
us
Sca
n
Ap
pro
val
No
tifi
cati
on
PackageRepo
RunningInstance
Docker Image
Apcera Staging Pipeline
Staging Pipeline open source API allows partners (eg. FlawCheck) and users to write custom stagers eg. Docker images security checks to detect security flaws.
For more info and a FREE trial please visithttp://docs.apcera.com/setup/setup-overview/
Apcera