Going Atomic with your Container Infrastructure

Arvind Sharma

Solution Architect, Red Hat

8 October 2015

I.T. UNDER PRESSURE

CURRENT STATE

Manual processes

Inconsistent environments

Dependency hell

Legacy inheritance

Skills fragmentation

DESIRED STATE

Automation of processes

Environmental independence

Application autonomy

Modernization and expansion

Skill abstraction

CONCRETE SHOES OF RIGID PROCESSES AND INFRASTRUCTURE

RED HAT'S VISION: OPEN HYBRID CLOUD

Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA

Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015

69%

70%

72%

73%

75%

75%

Faster provisioning

Greater deployment flexibility

Ability to deliver/deploy applications faster

Greater application mobility/portability

Increased server consolidation/server efficiency

Better security through isolation

How important are the following benefits of containers to your organization?

Critically or Very Important

CONTAINERS DELIVER MANY BENEFITS

CONTAINERS DELIVER

FLEXIBILITY AND AGILITY

•WHY?

Deploy applications faster

Reduce efforts to deploy apps

Streamline development

Gain consistency between dev/test/prod environments

Lower deployment costs

Reduce overhead

More...

64%

64% are either using or

evaluating containers

for future use

Source: TechValidate survey of 383 global IT decision makers and professionals

67%

67% plan production

roll-outs over the next

two years

DOCKER NOT READY FOR

ENTERPRISE?

The world of containers doesn't

end with Docker

“The open-source app

containerization startup has built up

quite a bit of momentum, but it's still

not entirely ready for enterprise.”

Matt Weinberger

Computerworld | Feb 9, 2015

CONTAINER ADOPTION CHALLENGES

Organizations need a secure and reliable foundation on which they can run and

orchestrate multi-container based applications at scale

Containerizing the datacenter requires planning

CONTAINERS ARE AN OS

TECHNOLOGY

TRADITIONAL OS CONTAINERS

HARDWARE

OS

HARDWARE

HOST OS

CONTAINER

LIBS A LIBS B LIBS LIBS

CONTAINER

LIBS A

APP A

LIBS B

APP B APP B APP A

Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA

Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015

TOP CONTAINER CHALLENGES

29%

31%

32%

35%

35%

41%

44%

53%

Training and Education (lack of skills)

Consistency (lack of standards)

Scalability

Lack of certification or digital structure

Management

Integration with exsiting development tools andprocesses

Variable performance

Security

What are the top three challenges your organization has experienced so far in its use of containers?

Total mentions (sum of responses of '1', '2', and '3')

CONTAINING THE

MOST INTERESTING APPLICATION

IN THE WORLD

THE PROMISE: CONSISTENT DELIVERY FOR ANY LANGUAGE

public class HelloWorld {

public static void

main(String[] args) {

System.out.println

("Hello, World");

}

}

#include<stdio.h>

main()

{

printf("Hello World");

}

var http = require('http');

var server = http.createServer(

function (request, response) {

response.writeHead(200,

{"Content-Type": "text/plain"});

response.end("Hello World\n");

});

server.listen(8000);

$_ = "hello world";

$_ =~ s/^(\b\w)(\B\w+)\s(\D)(\D+)$/

\U$1\E$2 \U$3\E$4\!\n/;

print $_;

bash glibc

...

bash glibc

jre

libssl libv8

...

bash glibc

nodejs perl php

...

bash glibc

<?php Print "Hello, World!"; ?>

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

THE REALITY:

SECURITY IMPLICATIONS

public class HelloWorld {

public static void

main(String[] args) {

System.out.println

("Hello, World");

}

}

#include<stdio.h>

main()

{

printf("Hello World");

}

var http = require('http');

var server = http.createServer(

function (request, response) {

response.writeHead(200,

{"Content-Type": "text/plain"});

response.end("Hello World\n");

});

server.listen(8000);

$_ = "hello world";

$_ =~ s/^(\b\w)(\B\w+)\s(\D)(\D+)$/

\U$1\E$2 \U$3\E$4\!\n/;

print $_;

bash glibc

...

bash glibc

jre

libssl libv8

...

bash glibc 4 6

nodejs perl php

...

bash glibc 4 6

4 6

4 6

66

29 5

5 29

? # of critical, important, and

moderate vulnerabilities

identified and fixed by Red Hat

over a 315 day period.

<?php Print "Hello, World!"; ?>

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

AND THAT'S WHY THE OPS GUY IS

FREAKING OUT

All Images (n=962)

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

36%

28%

Medium priority

High priority

14

WHAT'S INSIDE THE CONTAINER

MATTERS 36% of official images in Docker Hub

contain high priority security vulnerabilities

High: ShellShock (bash), Heartbleed

(OpenSSL), etc.

Medium: Poodle (OpenSSL), etc.

Low: gcc: array memory allocations

could cause integer overflow

Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and

Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)

RED HAT CONTAINER CERTIFICATION

UNTRUSTED

Will what’s inside the containers compromise

your infrastructure?

How and when will apps and libraries be

updated?

Will it work from host to host?

RED HAT CERTIFIED

Trusted source for the host and the

containers

Trusted content inside the container with

security fixes available as part of an

enterprise lifecycle

Portability across hosts

MODERNIZE APP DELIVERY

STANDARDS AND AUTOMATION

CONSISTENCY

DEV, TEST, AND PRODUCTION

GAIN AGILITY

FLEXIBILITY AND OWNERSHIP

DEPLOY ANYWHERE

ACROSS OPEN HYBRID CLOUD

Develop, run, and manage container-based applications at scale

RED HAT CONTAINER SOLUTIONS

CREATING DEFACTO STANDARDS

REGISTRY /

CONTAINER

DISCOVERY

CONTAINER FORMAT

WITH DOCKER

ISOLATION WITH

LINUX CONTAINERS

ORCHESTRATION

WITH

KUBERNETES

Red Hat works with the open source community to drive standards for containerization.

PROVEN APPLICATION PORTABILITY

portability across environments

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

portability across platforms

CONSISTENT ACROSS TRADITIONAL AND CLOUD-READY

APPLICATIONS

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

CONTAINER-BASED APPLICATION DELIVERY SOLUTIONS

A continuum of solutions to develop, run, and manage container-based applications

RED HAT ATOMIC ENTERPRISE

PLATFORM

Run and orchestrate multi-container based applications at scale

• An integrated infrastructure platform

powered by Red Hat Enterprise Linux that

is designed to run, orchestrate, and scale

container-based applications and services

Easily manage and scale applications and

infrastructure through a managed cluster of

container hosts

Gain application resiliency and elasticity via

orchestration and service aggregation

OPENSHIFT ENTERPRISE by Red Hat

• An integrated hybrid cloud application

platform for application development and

deployment that facilitates DevOps and and

needs

• Develop, build, manage container based

applications with application lifecycle

experience

• Easily turn source code into running

management and a rich developer

applications with source-to-image

capabilities

Integrated hybrid cloud application platform for application development and deployment

RED HAT ATOMIC ENTERPRISE

PLATFORM AND OPENSHIFT 3

CONTAINER API

RHEL RHEL ATOMIC HOST

CONTAINER ORCHESTRATION AND

MANAGEMENT

CONTAINER CONTAINER CONTAINER

PHYSICAL INFRASTRUCTURE

LANGUAGE RUNTIMES, MIDDLEWARE,

DATABASES, AND OTHER SERVICES

DEVOPS TOOL AND EXPERIENCE

RED HAT CLOUD SUITE

FOR APPLICATIONS

• Solution providing both Infrastructure-as-

a-Service (IaaS) for massive scalability

and Platform-as-a-Service (PaaS) for

faster application delivery, combined with

a unified management framework that

supports hybrid deployment models

• Seamlessly manage from infrastructure to

applications

• Build scalable infrastructure based on

OpenStack

Run, orchestrate, and manage multi-container based applications

and scalable infrastructure at scale

Virtualization

IaaS

Hybrid

Managem

ent

PaaS

Containers

Cloud Instances

Virtual Machines

Red Hat Cloud Suite for Applications

CERTIFIED HARDWARE ECOSYSTEM

MIDDLEWARE AND MOBILITY SERVICES

CE

RT

IFIE

D A

PP

LIC

AT

ION

S V

IA IS

V E

CO

SY

ST

EM

RED HAT ENTERPRISE LINUX, INCLUDING ATOMIC HOST

Application lifecycle management

Continuous integration

Developer experience

Source-to-image

Unified management from bare metal to containers

Scalable infrastructure

Hybrid deployment management

Managed cluster of container-optimized hosts

Orchestration and service aggregation

Seamlessly manage from infrastructure to applications

Build scalable infrastructure based on OpenStack

Develop, build, and manage container-based

applications

Run and orchestrate multi-container based applications

at scale

MICROSERVICES-BASED APPLICATION

ARCHITECTURE Mon

go

DB Drup

al jetty

node

.js

tomc

at

ngin

x

Java

Perl Rub

y

Pyth

on

PHP SQL

CHOICE OF INFRASTRUCTURE

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

FLEXIBILITY AND SCALE

CHOICE OF CONTENT

CHOICE OF HOST PLATFORMS

MICROSERVICES-BASED APPLICATION

ARCHITECTURE Mon

go

DB Drup

al jetty

node

.js

tomc

at

ngin

x

Java

Perl Rub

y

Pyth

on

PHP SQL

CHOICE OF INFRASTRUCTURE

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

FLEXIBILITY AND SCALE

CHOICE OF CONTENT

CHOICE OF HOST PLATFORMS

28

CONTAINER MANAGEMENT

WITH CLOUDFORMS

CONTAINERS FOR THE ENTERPRISE

TRUSTED PORTABLE INTEGRATED

Red Hat transforms application delivery with the first credible

hybrid cloud platform for container-based applications and services.

Thank you

Red Hat Forum 2015

Energize Your Enterprise