Public

How Docker is Finnish Railway’s Ticket to App Modernization

Markus NiskanenOscar Renalias

18.10.2017

Public

Net sales1 186.7million euros

82.1million

train journeys

35.8million

busjourneys

36.1Million

tons of goodstransported by

rail

5.1Million

tons of goodstransported by

road

7 898workers

Train Operations Maintenance

PublicPublic

• 300+ different applications• 100s of integrations• 10s of different vendors• 6 different local datacenters• 90%+ of development outsourced to partners

Managing Diversity – By The Numbers

Public

BUSINESS DRIVERS

• Bang for the buck

• Quality

• Time to market

IT DRIVERS

• Common application platform

• Unified architecture

• Open Source based solutions

• Microservices

• DevOps approach

Drivers For Change – Why Did We Start The Modernization

Public

MigrationBusiness Case

DevOpsPlatform

AnalysingArchitechture

Options

IaCImplementation

CommuterServicesGo-Live

MigrationsStarts

ImplementingDocker

Platform

Migrating PilotApplications

ReservationSystem Go-Live

Pilot AppsGo Live

AWS Architecture

2015 2017 20182016

What Has Been Done - Timeline

Public

As VR’s next-gen application platform, this was a great opportunity to provide teams with a modern, state of the art experience

[pvm] [Aihe, Tekijä]6

ConsistentProvide a runtime, development and operation experience with zero surprises

UnifiedCommon underlying components, regardless of technology or framework

AutomatedEnable as much as possible with zero human intervention

Public

Docker EE Additional components

DOCKER ENTERPRISE EDITION

Infrastructure

Runtime

Services

Administration

Host OS Container OS

Container Engine Container Tooling

Orchestration Resource Management

Service Discovery

PersistenceNetworking

Browser Application Integrations

Containers

Data

Registry

Storage (Images)

Monitoring

DevOps

Logging

Image Build

Access Control

Log aggregation

Metrics aggregation

Monitoring, alerting

Secrets Management

Stacks Swarm Overlays

Sysdig Docker Overlays Convoy DTR

S3

Docker Docker CLI

RHEL RHEL

Jenkins

Docker EE

ELK

Sysdig

Sysdig

Docker EE

Storage (Volumes)EFS

Public

Docker EE allows Finnish Rail to run mixed workloads on a common, consistent platform

DOCKER ENTERPRISE EDITION

Legacy WorkloadsMicroservices & APIsNon-production

Public

Docker EE runs great on AWS

Public

Development

Laying out Docker EE on multiple standalone environments while still achieving the efficiencies of containers required some thinking

Production A

Production B

TestPromote Promote

Promote

Failover if necessary

Public

Docker EE provides robust multi-tenancy capabilities for a multi-tenant application platform

• One org per project with at least one technical user for deployment, integrated with Active Directory; no cross team resource access

• Separate HRM routes per project• Teams manage their own resources: stacks, services, networks,

bundles using standardized naming conventions• Engine labels to separate worker nodes per business group – soon

to be replaced with Node RBAC• Secrets management to simplify configuration management

Public

Docker Trusted Registry greatly simplifies the process of managing a large number of images

• One DTR organization per team, with multiple repositories as needed

• Each team is responsible for managing their own repositories• Immutable repositories to prevent overwriting labels• Image scanning and signing is in the roadmap, has not been

enabled yet

Public

Enabling development

Manual/user guide: naming conventions (stacks, HRM, images, networks), secrets, load balancing

Common base images: CentOS, JDK, JBoss

Reference patterns and cookbook: load balancing, reverse proxy, application configuration, multiple application versions, file shares, and others

Reference applications and pipelines

Public

BUILD TEST PUBLISH DEPLOY(non-prod)

DEPLOY(prod)

Promote

DTR(non-prod)

Non-prod Clusters

Prod clusterBuild Nodes

Enabling a consistently, automated and unified deployment experience with containers

DTR(prod)

Public

Achieving operational visibility across the platform with containers and container-native processes

DOCKER ENTERPRISE EDITION

Logging Monitoring Metrics Resource Management

Public

What Did We Achieve

Public

• Trust that you are on the right track– Technology works

• This is not just a technology change– the whole organization is affected

• Containers are largely developerdriven

• Docker is evolving really fast –make sure your organization and infastructure can deal with it

Lessons learned