SlideShare a Scribd company logo

You, and Me, and Docker Makes Three

Download as PPTX, PDF
Christopher Grayson
Christopher Grayson

These are the slides from Christopher Grayson's talk on the internals of Docker and the Docker ecosystem.

1 of 48
Download to read offline
YOU, ME, AND DOCKER MAKES THREE The Ins and Outs of the Docker Ecosystem
INTRODUCTION
Talk Roadmap • What is Docker? • The Docker Ecosystem – Docker Engine – Docker Registry – Docker Machine – Docker Compose – Docker Swarm • Demonstration • Docker Pitfalls • Security Considerations for Deploying Docker • AdditionalThoughts • Q&A
WHOAMI • ChristopherGrayson – OSCE – Former consultant at Bishop Fox – MSCS, BSCM from GeorgiaTech – Currently founder of Web Sight.IO
WHAT IS DOCKER?
Docker 101 • Virtualization platform • Virtualizes at the process level • Runs in Linux • Uses Linux kernel isolation primitives
Ok, But Why? • Consider traditional application of virtualization • Significant overhead (single virtual host -> single virtual application) • Why virtualize at the OS level?
Traditional Virtualization (images from Docker web site)
Docker Virtualization (images from Docker web site)
…Still Not Convinced? • When virtualization occurs at the process level, new possibilities emerge • Docker is not the first attempt, but has gotten a lot right with their attempt
THE DOCKER ECOSYSTEM
Docker Engine • Daemon that listens onTCP 2376 (3376 for swarm) • Functionality invoked through API • Command line interface provided by Docker • Takes in images and settings, spins up “containers” (processes)
Docker Images • Tarball’ed images of Linux filesystems • Created through the use of Dockerfiles • Encourages re-usability
Dockerfile Example Sequence of steps for building an image Run through “docker build”, outputs a Docker image
Docker Build Example Build an image through “docker build” List all images available to the Docker daemon through “docker images”
Docker Engine Steps 1. Create image 2. Ensure target docker daemon has access to image 3. Tell the daemon to run the image, and pass arguments as necessary 4. ??? 5. Profit
Docker Engine Perks • Hierarchical organization of Docker images works well with standard DevOps practices • If an image runs in one location through a Docker daemon, it is guaranteed to work on all other same- version Docker daemons • Rid yourself of dealing with dependency headaches
Docker Registry • Where Git has GitHub, Docker has Docker Registry • Version control-esque endpoint for storing Docker images • Docker officially offers Docker Hub • Can (and should) create and run your own Docker registry
Docker Registry Example After creating an image, push the image through “docker push” Pull updated image copies from registry through “docker pull”
Docker Registry Perks • Single, authoritative location to store your Docker images • Follows the central repository model of Git, SVN, other version control systems • …my least favorite part of Docker
Docker Machine • Create new Docker daemons on local or remote hosts • Remote hosts supported across all major hosting and cloud providers • Commands to create machines mostly the same – only changes reflect API differences between providers • Spins up host, installs docker, installs cryptographic artifacts for secure communication
Docker Machine Examples Create a new machine at DigitalOcean using the docker-machine tool
Docker Machine Examples List machines that your device can connect with Change the Docker daemon that your docker client is configured to talk to
Docker Machine Cont’d • Many other machine-specific functions available through docker-machine • Hardware/OS related? docker-machine does it
Docker Machine Perks • Provider agnostic, and very easy to switch between hosting providers (change a few command line arguments) • Go from no infrastructure to full infrastructure in <5 minutes • Go from full infrastructure to no infrastructure in <30 seconds
Docker Compose • The “orchestration” tool of the Docker ecosystem • Enables spinning up N-tier applications in one fell swoop • Can spin up N-tier applications locally • Only requires a docker-compose.yml file to spin up complicated N-tier applications
Docker Compose File Example Defines the various applications contained within the N-tier application Configuration passed to applications through environment variables Defines relationships between applications and host OS
Docker Compose Example Call docker-compose in a directory containing docker-compose.yml file File is read, images are retrieved, containers are created N-tier application goes from non-existent to up and running in <30 seconds
Docker Compose Cont’d • Reduces configuration management complexity to a single config file • Spin up overlay networks across disparate hosting providers on the fly • View logs across N-tier application in real time
Docker Compose Perks • Can configure entire environment with one configuration file • Reduces the complexity of N-tier application deployment and debugging • Go from 0->60 and 60->0 faster than all traditional approaches
Docker Swarm • Turn multiple separate physical hosts into a single logical host • Out of the box management of which containers are deployed where without headache of configuration • Fully configurable to any depth
Docker Swarm Examples Creating a swarm through docker-machine
Docker Swarm Examples Cont’d Changing your Docker daemon to point to the swarm daemon Listing the computing resources available to the Swarm Docker daemon
Docker Swarm Perks • Difference between deploying to a single host and deploying to 100 hosts is minimal – code does not change between the two • Transparently increase / decrease the power of your distributed applications on the fly • Single logical host across disparate hosts – even if those hosts are in completely differeny physical locations
Docker Ecosystem Review • Docker Engine – The core “runtime” of the Docker ecosystem – takes in Docker images and spins up isolated “containers.” • Docker Registry – Enables the storage of Docker images in centralized fashion • Docker Machine – Create and/or destroy Docker daemons on local or remote computing resources, automatically configure access to these daemons • Docker Compose – Spin up/down N-tier applications in rapid fashion, drill down into N-tier deployment options as necessary • Docker Swarm – Turn multiple physical or virtual hosts into a single logical host as far as Docker daemon is concerned
DEMONSTRATION
Putting it All Together • Docker is a core component ofWeb Sight.IO • One of the main reasons I’ve been able to stay a one- man shop • Reduced my need for DevOps assistance to nearly nothing
DOCKER PITFALLS
Nothing is Perfect • Various Docker offerings written in different languages • Terminology has not been consolidated across offerings • Still very much in development – breaking bugs introduced in even minor version updates • Docker networking not particularly robust (userland UDP proxy?) • Documentation could use work • Standard ways of working with virtualization platforms don’t necessarily translate to working with Docker (learning curve) • Not sure what the business plan is for Docker enterprise • Isolation is not as strong as traditionalVM isolation
SECURITY CONSIDERATIONS
The Good • Docker’s security team is top-notch • Traditional security flaws in Docker have been rapidly addressed, and their respective fixes have been either industry-leading or industry-standard • Enterprise business depends heavily on building secure software, so large incentives to continue improving • Logical abstraction of N-tier application -> single application reduces complexity • New defenses possible when set up and tear down of environments takes seconds
The Bad • Docker containers designed to run as root out-of-the- box, require additional configuration and headaches to change • Intra-container communication may be restricted, but otherwise Docker containers have same network access as host machine • Lots of code written by lots of people in different languages doing complex things at all levels of the OS – plenty of places for things to go wrong
The Ugly • Biggest dangers of using Docker are architectural • If you thought losing your source code was bad, what happens when you lose all of your images? • Documentation for setting up your own Registry is very poor • Docker Registry has two levels of authentication – auth’ed and not auth’ed • Docker daemons, if compromised, would allow malicious third-parties to spin up arbitrary software without dealing with dependencies behind your firewall
ADDITIONAL THOUGHTS
On Docker Ecosystem • Throw out what you think you know about virtualization when first wrapping your head around the Docker ecosystem • Docker’s individual offerings are impressive, but their utility pales in comparison to what all of their offerings taken as a complete whole can accomplish
On Docker Security • For the most part, Docker security is good • Traditional security flaws will still be present within Docker and the applications built upon it, and the speed of operations with Docker gives Docker the leg up when compared to traditional approaches • The biggest security concern organizations should have when deploying with Docker should revolve around architectural implications of their Docker deployment and considerations around the possibility of compromised Docker assets
Q&A
THANK YOU
Ad

Recommended

CableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home NetworkCableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home Network
Christopher Grayson
 
Cloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big DataCloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big Data
Christopher Grayson
 
Docker & Daily DevOps
Docker & Daily DevOpsDocker & Daily DevOps
Docker & Daily DevOps
Satria Ady Pradana
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
Gabriella Davis
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
Anil Madhavapeddy
 
A Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsA Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container Platforms
Salman Baset
 
Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker Container
Jesus Guzman
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
Sreenivas Makam
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
OSCON: Incremental Revolution - What Docker learned from the open-source fire...
OSCON: Incremental Revolution - What Docker learned from the open-source fire...OSCON: Incremental Revolution - What Docker learned from the open-source fire...
OSCON: Incremental Revolution - What Docker learned from the open-source fire...
Docker, Inc.
 
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
Frank Munz
 
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCSOracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Frank Munz
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Docker, Inc.
 
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Docker, Inc.
 
Docker Registry + Basic Auth
Docker Registry + Basic AuthDocker Registry + Basic Auth
Docker Registry + Basic Auth
Remotty
 
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Derek Ashmore
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
Ronan Dunne, CEH, SSCP
 
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Docker in the Oracle Universe / WebLogic 12c / OFM 12cDocker in the Oracle Universe / WebLogic 12c / OFM 12c
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Frank Munz
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Delphix Workflow for SQL Server
Delphix Workflow for SQL ServerDelphix Workflow for SQL Server
Delphix Workflow for SQL Server
rcaccia
 
Global Software Development powered by Perforce
Global Software Development powered by PerforceGlobal Software Development powered by Perforce
Global Software Development powered by Perforce
Perforce
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
Clarence Ho
 
Containers and Security for DevOps
Containers and Security for DevOpsContainers and Security for DevOps
Containers and Security for DevOps
Salesforce Engineering
 
Whats new in Microsoft Windows Server 2016 Clustering and Storage
Whats new in Microsoft Windows Server 2016 Clustering and StorageWhats new in Microsoft Windows Server 2016 Clustering and Storage
Whats new in Microsoft Windows Server 2016 Clustering and Storage
John Moran
 
Microservices Runtimes
Microservices RuntimesMicroservices Runtimes
Microservices Runtimes
Frank Munz
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Jo Ee Liew
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and Docker
Chris Taylor
 
Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
Ad

More Related Content

What's hot (20)

Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
OSCON: Incremental Revolution - What Docker learned from the open-source fire...
OSCON: Incremental Revolution - What Docker learned from the open-source fire...OSCON: Incremental Revolution - What Docker learned from the open-source fire...
OSCON: Incremental Revolution - What Docker learned from the open-source fire...
Docker, Inc.
 
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
Frank Munz
 
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCSOracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Frank Munz
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Docker, Inc.
 
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Docker, Inc.
 
Docker Registry + Basic Auth
Docker Registry + Basic AuthDocker Registry + Basic Auth
Docker Registry + Basic Auth
Remotty
 
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Derek Ashmore
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
Ronan Dunne, CEH, SSCP
 
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Docker in the Oracle Universe / WebLogic 12c / OFM 12cDocker in the Oracle Universe / WebLogic 12c / OFM 12c
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Frank Munz
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Delphix Workflow for SQL Server
Delphix Workflow for SQL ServerDelphix Workflow for SQL Server
Delphix Workflow for SQL Server
rcaccia
 
Global Software Development powered by Perforce
Global Software Development powered by PerforceGlobal Software Development powered by Perforce
Global Software Development powered by Perforce
Perforce
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
Clarence Ho
 
Containers and Security for DevOps
Containers and Security for DevOpsContainers and Security for DevOps
Containers and Security for DevOps
Salesforce Engineering
 
Whats new in Microsoft Windows Server 2016 Clustering and Storage
Whats new in Microsoft Windows Server 2016 Clustering and StorageWhats new in Microsoft Windows Server 2016 Clustering and Storage
Whats new in Microsoft Windows Server 2016 Clustering and Storage
John Moran
 
Microservices Runtimes
Microservices RuntimesMicroservices Runtimes
Microservices Runtimes
Frank Munz
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Jo Ee Liew
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and Docker
Chris Taylor
 
Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok Securing the Container Pipeline at Salesforce by Cem Gurkok
Securing the Container Pipeline at Salesforce by Cem Gurkok
Docker, Inc.
 
OSCON: Incremental Revolution - What Docker learned from the open-source fire...
OSCON: Incremental Revolution - What Docker learned from the open-source fire...OSCON: Incremental Revolution - What Docker learned from the open-source fire...
OSCON: Incremental Revolution - What Docker learned from the open-source fire...
Docker, Inc.
 
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
From Docker Swarm to OCCS and Wercker: Live-hacking at Oracle CODE Mexico 2017
Frank Munz
 
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCSOracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Frank Munz
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Docker, Inc.
 
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Moving Legacy Applications to Docker by Josh Ellithorpe, Apcera
Docker, Inc.
 
Docker Registry + Basic Auth
Docker Registry + Basic AuthDocker Registry + Basic Auth
Docker Registry + Basic Auth
Remotty
 
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Microservices with Terraform, Docker and the Cloud. Chicago Coders Conference...
Derek Ashmore
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
Ronan Dunne, CEH, SSCP
 
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Docker in the Oracle Universe / WebLogic 12c / OFM 12cDocker in the Oracle Universe / WebLogic 12c / OFM 12c
Docker in the Oracle Universe / WebLogic 12c / OFM 12c
Frank Munz
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Delphix Workflow for SQL Server
Delphix Workflow for SQL ServerDelphix Workflow for SQL Server
Delphix Workflow for SQL Server
rcaccia
 
Global Software Development powered by Perforce
Global Software Development powered by PerforceGlobal Software Development powered by Perforce
Global Software Development powered by Perforce
Perforce
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
Clarence Ho
 
Containers and Security for DevOps
Containers and Security for DevOpsContainers and Security for DevOps
Containers and Security for DevOps
Salesforce Engineering
 
Whats new in Microsoft Windows Server 2016 Clustering and Storage
Whats new in Microsoft Windows Server 2016 Clustering and StorageWhats new in Microsoft Windows Server 2016 Clustering and Storage
Whats new in Microsoft Windows Server 2016 Clustering and Storage
John Moran
 
Microservices Runtimes
Microservices RuntimesMicroservices Runtimes
Microservices Runtimes
Frank Munz
 
Dockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to GeekDockers & kubernetes detailed - Beginners to Geek
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
Jo Ee Liew
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and Docker
Chris Taylor
 

Viewers also liked (7)

Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
Grey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 RecapGrey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 Recap
Christopher Grayson
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
Christopher Grayson
 
Root the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF AdministrationRoot the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF Administration
Christopher Grayson
 
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
Christopher Grayson
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm Here
Christopher Grayson
 
Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
Grey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 RecapGrey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 Recap
Christopher Grayson
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
Christopher Grayson
 
Root the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF AdministrationRoot the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF Administration
Christopher Grayson
 
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
Christopher Grayson
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm Here
Christopher Grayson
 
Ad

Similar to You, and Me, and Docker Makes Three (20)

Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM France Lab
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
Bangladesh Network Operators Group
 
Docker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container worldDocker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container world
zekeLabs Technologies
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
balaji257
 
Introduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes TrainingIntroduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes Training
Shailendra Chauhan
 
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Dot Net Tricks
 
Docker Overview
Docker OverviewDocker Overview
Docker Overview
Alexander Moon
 
Getting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOpsGetting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOps
demoNguyen
 
Docker 101 - Zaragoza Docker Meetup - Universidad de Zaragoza
Docker 101 - Zaragoza Docker Meetup - Universidad de ZaragozaDocker 101 - Zaragoza Docker Meetup - Universidad de Zaragoza
Docker 101 - Zaragoza Docker Meetup - Universidad de Zaragoza
Angel Borroy López
 
Docker interview Questions-1.pdf
Docker interview Questions-1.pdfDocker interview Questions-1.pdf
Docker interview Questions-1.pdf
Yogeshwaran R
 
Docker
DockerDocker
Docker
Charlie Cai
 
Afrimadoni the power of docker
Afrimadoni the power of dockerAfrimadoni the power of docker
Afrimadoni the power of docker
PHP Indonesia
 
Docker and Microservice
Docker and MicroserviceDocker and Microservice
Docker and Microservice
Samuel Chow
 
Docker slides
Docker slidesDocker slides
Docker slides
Jyotsna Raghuraman
 
Dockerize the World
Dockerize the WorldDockerize the World
Dockerize the World
damovsky
 
ma-formation-en-Docker-jlklk,nknkjn.pptx
ma-formation-en-Docker-jlklk,nknkjn.pptxma-formation-en-Docker-jlklk,nknkjn.pptx
ma-formation-en-Docker-jlklk,nknkjn.pptx
imenhamada17
 
Dockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec KraloveDockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec Kralove
damovsky
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 Barcelona
Roman Dembitsky
 
Introduction: Basic Installation Docker Container
Introduction: Basic Installation Docker ContainerIntroduction: Basic Installation Docker Container
Introduction: Basic Installation Docker Container
OpikTaufiq1
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM France Lab
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with docker
Bangladesh Network Operators Group
 
Docker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container worldDocker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container world
zekeLabs Technologies
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
balaji257
 
Introduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes TrainingIntroduction to Docker | Docker and Kubernetes Training
Introduction to Docker | Docker and Kubernetes Training
Shailendra Chauhan
 
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Introduction Docker and Kubernetes | Docker & Kubernetes Tutorial | Dot Net T...
Dot Net Tricks
 
Docker Overview
Docker OverviewDocker Overview
Docker Overview
Alexander Moon
 
Getting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOpsGetting Started With Docker: Simplifying DevOps
Getting Started With Docker: Simplifying DevOps
demoNguyen
 
Docker 101 - Zaragoza Docker Meetup - Universidad de Zaragoza
Docker 101 - Zaragoza Docker Meetup - Universidad de ZaragozaDocker 101 - Zaragoza Docker Meetup - Universidad de Zaragoza
Docker 101 - Zaragoza Docker Meetup - Universidad de Zaragoza
Angel Borroy López
 
Docker interview Questions-1.pdf
Docker interview Questions-1.pdfDocker interview Questions-1.pdf
Docker interview Questions-1.pdf
Yogeshwaran R
 
Docker
DockerDocker
Docker
Charlie Cai
 
Afrimadoni the power of docker
Afrimadoni the power of dockerAfrimadoni the power of docker
Afrimadoni the power of docker
PHP Indonesia
 
Docker and Microservice
Docker and MicroserviceDocker and Microservice
Docker and Microservice
Samuel Chow
 
Docker slides
Docker slidesDocker slides
Docker slides
Jyotsna Raghuraman
 
Dockerize the World
Dockerize the WorldDockerize the World
Dockerize the World
damovsky
 
ma-formation-en-Docker-jlklk,nknkjn.pptx
ma-formation-en-Docker-jlklk,nknkjn.pptxma-formation-en-Docker-jlklk,nknkjn.pptx
ma-formation-en-Docker-jlklk,nknkjn.pptx
imenhamada17
 
Dockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec KraloveDockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec Kralove
damovsky
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 Barcelona
Roman Dembitsky
 
Introduction: Basic Installation Docker Container
Introduction: Basic Installation Docker ContainerIntroduction: Basic Installation Docker Container
Introduction: Basic Installation Docker Container
OpikTaufiq1
 
Ad

Recently uploaded (19)

Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 

You, and Me, and Docker Makes Three

  • 1. YOU, ME, AND DOCKER MAKES THREE The Ins and Outs of the Docker Ecosystem
  • 3. Talk Roadmap • What is Docker? • The Docker Ecosystem – Docker Engine – Docker Registry – Docker Machine – Docker Compose – Docker Swarm • Demonstration • Docker Pitfalls • Security Considerations for Deploying Docker • AdditionalThoughts • Q&A
  • 4. WHOAMI • ChristopherGrayson – OSCE – Former consultant at Bishop Fox – MSCS, BSCM from GeorgiaTech – Currently founder of Web Sight.IO
  • 6. Docker 101 • Virtualization platform • Virtualizes at the process level • Runs in Linux • Uses Linux kernel isolation primitives
  • 7. Ok, But Why? • Consider traditional application of virtualization • Significant overhead (single virtual host -> single virtual application) • Why virtualize at the OS level?
  • 10. …Still Not Convinced? • When virtualization occurs at the process level, new possibilities emerge • Docker is not the first attempt, but has gotten a lot right with their attempt
  • 12. Docker Engine • Daemon that listens onTCP 2376 (3376 for swarm) • Functionality invoked through API • Command line interface provided by Docker • Takes in images and settings, spins up “containers” (processes)
  • 13. Docker Images • Tarball’ed images of Linux filesystems • Created through the use of Dockerfiles • Encourages re-usability
  • 14. Dockerfile Example Sequence of steps for building an image Run through “docker build”, outputs a Docker image
  • 15. Docker Build Example Build an image through “docker build” List all images available to the Docker daemon through “docker images”
  • 16. Docker Engine Steps 1. Create image 2. Ensure target docker daemon has access to image 3. Tell the daemon to run the image, and pass arguments as necessary 4. ??? 5. Profit
  • 17. Docker Engine Perks • Hierarchical organization of Docker images works well with standard DevOps practices • If an image runs in one location through a Docker daemon, it is guaranteed to work on all other same- version Docker daemons • Rid yourself of dealing with dependency headaches
  • 18. Docker Registry • Where Git has GitHub, Docker has Docker Registry • Version control-esque endpoint for storing Docker images • Docker officially offers Docker Hub • Can (and should) create and run your own Docker registry
  • 19. Docker Registry Example After creating an image, push the image through “docker push” Pull updated image copies from registry through “docker pull”
  • 20. Docker Registry Perks • Single, authoritative location to store your Docker images • Follows the central repository model of Git, SVN, other version control systems • …my least favorite part of Docker
  • 21. Docker Machine • Create new Docker daemons on local or remote hosts • Remote hosts supported across all major hosting and cloud providers • Commands to create machines mostly the same – only changes reflect API differences between providers • Spins up host, installs docker, installs cryptographic artifacts for secure communication
  • 22. Docker Machine Examples Create a new machine at DigitalOcean using the docker-machine tool
  • 23. Docker Machine Examples List machines that your device can connect with Change the Docker daemon that your docker client is configured to talk to
  • 24. Docker Machine Cont’d • Many other machine-specific functions available through docker-machine • Hardware/OS related? docker-machine does it
  • 25. Docker Machine Perks • Provider agnostic, and very easy to switch between hosting providers (change a few command line arguments) • Go from no infrastructure to full infrastructure in <5 minutes • Go from full infrastructure to no infrastructure in <30 seconds
  • 26. Docker Compose • The “orchestration” tool of the Docker ecosystem • Enables spinning up N-tier applications in one fell swoop • Can spin up N-tier applications locally • Only requires a docker-compose.yml file to spin up complicated N-tier applications
  • 27. Docker Compose File Example Defines the various applications contained within the N-tier application Configuration passed to applications through environment variables Defines relationships between applications and host OS
  • 28. Docker Compose Example Call docker-compose in a directory containing docker-compose.yml file File is read, images are retrieved, containers are created N-tier application goes from non-existent to up and running in <30 seconds
  • 29. Docker Compose Cont’d • Reduces configuration management complexity to a single config file • Spin up overlay networks across disparate hosting providers on the fly • View logs across N-tier application in real time
  • 30. Docker Compose Perks • Can configure entire environment with one configuration file • Reduces the complexity of N-tier application deployment and debugging • Go from 0->60 and 60->0 faster than all traditional approaches
  • 31. Docker Swarm • Turn multiple separate physical hosts into a single logical host • Out of the box management of which containers are deployed where without headache of configuration • Fully configurable to any depth
  • 32. Docker Swarm Examples Creating a swarm through docker-machine
  • 33. Docker Swarm Examples Cont’d Changing your Docker daemon to point to the swarm daemon Listing the computing resources available to the Swarm Docker daemon
  • 34. Docker Swarm Perks • Difference between deploying to a single host and deploying to 100 hosts is minimal – code does not change between the two • Transparently increase / decrease the power of your distributed applications on the fly • Single logical host across disparate hosts – even if those hosts are in completely differeny physical locations
  • 35. Docker Ecosystem Review • Docker Engine – The core “runtime” of the Docker ecosystem – takes in Docker images and spins up isolated “containers.” • Docker Registry – Enables the storage of Docker images in centralized fashion • Docker Machine – Create and/or destroy Docker daemons on local or remote computing resources, automatically configure access to these daemons • Docker Compose – Spin up/down N-tier applications in rapid fashion, drill down into N-tier deployment options as necessary • Docker Swarm – Turn multiple physical or virtual hosts into a single logical host as far as Docker daemon is concerned
  • 37. Putting it All Together • Docker is a core component ofWeb Sight.IO • One of the main reasons I’ve been able to stay a one- man shop • Reduced my need for DevOps assistance to nearly nothing
  • 39. Nothing is Perfect • Various Docker offerings written in different languages • Terminology has not been consolidated across offerings • Still very much in development – breaking bugs introduced in even minor version updates • Docker networking not particularly robust (userland UDP proxy?) • Documentation could use work • Standard ways of working with virtualization platforms don’t necessarily translate to working with Docker (learning curve) • Not sure what the business plan is for Docker enterprise • Isolation is not as strong as traditionalVM isolation
  • 41. The Good • Docker’s security team is top-notch • Traditional security flaws in Docker have been rapidly addressed, and their respective fixes have been either industry-leading or industry-standard • Enterprise business depends heavily on building secure software, so large incentives to continue improving • Logical abstraction of N-tier application -> single application reduces complexity • New defenses possible when set up and tear down of environments takes seconds
  • 42. The Bad • Docker containers designed to run as root out-of-the- box, require additional configuration and headaches to change • Intra-container communication may be restricted, but otherwise Docker containers have same network access as host machine • Lots of code written by lots of people in different languages doing complex things at all levels of the OS – plenty of places for things to go wrong
  • 43. The Ugly • Biggest dangers of using Docker are architectural • If you thought losing your source code was bad, what happens when you lose all of your images? • Documentation for setting up your own Registry is very poor • Docker Registry has two levels of authentication – auth’ed and not auth’ed • Docker daemons, if compromised, would allow malicious third-parties to spin up arbitrary software without dealing with dependencies behind your firewall
  • 45. On Docker Ecosystem • Throw out what you think you know about virtualization when first wrapping your head around the Docker ecosystem • Docker’s individual offerings are impressive, but their utility pales in comparison to what all of their offerings taken as a complete whole can accomplish
  • 46. On Docker Security • For the most part, Docker security is good • Traditional security flaws will still be present within Docker and the applications built upon it, and the speed of operations with Docker gives Docker the leg up when compared to traditional approaches • The biggest security concern organizations should have when deploying with Docker should revolve around architectural implications of their Docker deployment and considerations around the possibility of compromised Docker assets
  • 47. Q&A