 Very much All right, so We're gonna do this sort of like I guess stand-up comedy because I have a handheld microphone right now So who am I as was mentioned? I'm a technology evangelist at Docker So I work for Docker Incorporated, which is the company behind the Docker project I spent the first half of my career doing IT networking. It's just admin stuff But that was a long time ago. So I was a certified Banyan engineer There's always there's always like one or two people that are like wow, that's old And then I was a Microsoft certified systems engineer on Windows NT 3.1. So that's how long ago that was So then I moved in second half of my career I've been doing a lot of product management and technical marketing for Docker most recently before that I was at puppet labs So that was sort of my open-source exposure Coming into puppet labs before that I spent about six years at VMware sort of from 98 to right 2005 or 2008 2015 and then before that it's been six years at Microsoft where I did a bunch of stuff on IT admin features and functionality for versions of Windows starting with Windows 2000 or NT 5 whatever whatever it was called If you've ever installed Windows XP and you've ever read the text that says Windows XP will be faster and more reliable I wrote that text. So that's my claim. Well, my other claim to flame Microsoft is I was on stage with Bill Gates in an earthquake So there's that too. I come from an IT pro background I'm not a developer when I pretend to be a developer. You'll see painfully obviously how I am not a developer But if we get to a demo then we'll see that you can follow me on Twitter I tweet mostly about soccer and the Portland Timbers occasionally about work so Why are we sitting here today? So first I'm gonna start with the informal poll question We'll start at the at the at the high end and move down to the More beginner end. How many of you are deploying per containers in production today in your company or in your organization? That's actually really good. Normally like I just did container world and I had a room of about a hundred people And I had six people in production How many of you have? Downloaded Docker and have done a POC with it. So you're planning to go to production How many of you have downloaded Docker and run something like a hello world app or a demo app? How many of you are brand-new to containers and are here because you just want to learn? It seems like everybody the same people all raised their hands It was about 25 25 25 so we're gonna we're gonna spend some time on what is Docker to get people up to speed So if you're familiar with it You know bear with me we'll get into a little bit deeper stuff But as you get familiar with containers as you start moving into that journey questions come up, right? Especially if you come from a how many of you are developers How many of our sys admins? So 50 50 so this talk is really aimed at people coming from the sys admin perspective like what are these things? I need to know about right so when do I use a container? When do I use a virtual machine if I'm going to deploy containers? Do I put them on a physical box or a virtual box right? Do I go do they go in the cloud? They go in the data center, you know all of those different things So we're gonna talk a little bit about how you answer those questions actually I'm gonna give you the questions to ask to answer the questions You wish that I would answer for you because I can't answer your questions and well you'll understand Why as I go through the presentation So we're gonna talk about what our containers and what containers are not containers are not virtual machines When I when I first started a docker Summer of 2015 Everybody like oh, it's like we're virtualization. I've heard docker. It's lightweight virtual so the lightweight VMs. They're not VMs They're totally different. They have different architecture. They have different benefits So you think about a virtual machine a virtual machine is a house, right? It's fully self-contained. It has its own Heating its own plumbing its own air conditioning. It has its has a front door So you can't just bust into it, right? It's got a little bit of security there little isolation thinking about a virtual machine It's a self-contained operating system Ground the entire OS is in there, right? And if I'm running let's say I'm running a couple of servers and their web servers and I need to have a third for capacity I spin up a virtual machine. I spin up a whole new operating system. I spend I build a whole new house There's nothing shared between those houses, right? I would say maybe the sewer and that'd be like the network, but that might offend the network guys So I won't say that So so right VMs like monolithic fully self-contained if you need more capacity You expand them out, right? Houses can be different like in they can kind of look different, right? Like you can have one house that's kind of a big two-story house next to a one-story house And they're different sizes, but houses only get so small first house. I ever bought was about 800 square feet It was two bedrooms a bathroom a living area and a kitchen, right? That's the most houses I could find when you talk about proper houses I could talk about micro houses, but they break my analogy and some of them made out of containers and they really break my analogy So we'll stick on like normal houses So and that's like VMs right even if you go and you shrink them down You're usually looking at a couple hundred megabytes to get it in a VM Right and sometimes you're talking 10 20 30 40 gigabytes, right? They get really big So containers, how are they different? So think about containers as apartments inside of an apartment building So an apartment building is the Docker host the Docker host is any computer physical or virtual Cloud data center, whatever that runs the Docker engine the Docker engine, you know, I'm talking There's a lot of different container runtimes I'm going to talk about Docker, right? But this whole idea of like container runtimes pretty much This is exactly the same in all of them, right? so you've got it you've got a system running a the Docker engine or container runtime and That's like the doorman at the apartment now What makes an apartment different than a house? Well one of the fundamental things is it shares the infrastructure It shares the heating the plumbing the air conditioning, right? It shares the the elevator containers are processes Inside an operating system. They share the underlying kernel in the operating system, right? So unlike a virtual machine which has its own kernel containers share that resource That means there's a couple of big benefits It means there's also a couple of limitations as with respect to virtual machines the big limitation is that every container Running on that host has to be from that host family, right? So You cannot run a windows container on a Linux Host you cannot run a Linux container on a Windows host, right? Because they share the kernel, but you can have a host that's running Sentos and you can run an Alpine Linux container on it or a Red Hat Linux container on it or an Ubuntu Linux container on it, right? As long as the the architectures are the same of the underlying hardware those things are just going to move along But like houses we have a front door Right, so a container is isolated can't just bust into it and then The containers can be quite small someone they're doing a kind of a informal if you if you want to get on a little informal competition on Twitter One of the Docker, I don't know if he's a captain or not, but he's an aficionado at least a community member hacker Pose the question. How can what's the smallest hello world container you can write? So what's the smallest container you can write that says hello Docker, right? And so anybody want to guess what the size is that the smallest I've seen? 68 bytes for that container. So that's a full running container 68 bytes I you know I have an Alpine Linux container that's two two point six megabytes That's a full operating system, right? And so containers are much much smaller than virtual machines the other thing or they can be right the other thing Is that in a container because it's booting up a process? It's not booting up an operating system. They start really fast They start in about three-eighths of a second compared to a virtual machine taking several minutes to boot so fundamental differences shared resources versus dedicated resources a little bit faster a little bit smaller but sort of Very homogeneous in the network or excuse me in the in with respect to the operating systems you run But just because they're different doesn't mean they're mutually exclusive, right? What you see is most people See you see what's on the my left. You're right there where people are taking Containers and they're running them inside of virtual machines, right? They go in they they spin up Linux VM or Windows VM. How many of you knew that there was containers on Windows now a Handful of you. Okay. I don't have that my slides. I know this is the Linux expo But how many of you run environments that are 100% Linux with no windows at all in them? So like 20% like you know So for the rest of you Containers are also available on Windows Server 2016 I won't get into it in a lot of depth But just know that there are such a thing as Windows containers They use the exact same API the exact same CLI as the Linux containers do right but they're based on Windows operating systems Not Linux operating systems So you could in this example here one of those one of these blocks could be a Windows Server 2016 machine with Windows containers The other could be a Linux virtual machine with Linux containers Then you could just have a traditional VM over there doing whatever or you can run them on bare metal You can have a host OS running on a on a piece of Hardware and you can install the Docker engine the thing is it doesn't matter right if these are Linux containers They can move from the left to the right seamlessly Regardless of the distribution underneath right so I've and in in tests. I'm running sent to us and production I'm running red hat whatever. It doesn't matter. We can move across there So and like I said, there's and there's really good reasons for each of these architectures And I'll get into them in future slides. So one thing I want to talk about today With regards to the Docker project. We just announced this today. So I have this in here And so this might be of interest to everybody. So today we announced. We're actually releasing Two version so we've splitting the project not splitting the project, but we're splitting it up into two specific releases, right? So Docker is a commercial company, right? I work for a software company called Docker that happens to manage the open source project Docker And we wanted to make sure people understood that there were a couple different ways to get Docker So the first is enterprise edition and I won't spend a lot of time talking about this because it's a it's a commercial offering It's stuff that we sell but basically it takes the Docker The Docker technologies it bundles them up into releases for people who want support and they want some advanced features Then we have community edition which is the same Docker that people have been using forever under open source, right? So it's great for do-it-yourself organizations or hobbyists or all kinds you know that kind of folks We're gonna be on a quarterly release With those with every month you'll get an edge what's called an edge release, right? So what used to be like experimental or beta you're gonna be able to see like okay, I'm on 17.3 edge, right? And that's the that's the sort of beta upcoming releases And then we do maintenance and support on the on the community edition for four months for each version We do it for a year on the enterprise edition enterprise edition also comes with a whole bunch of certified Certification stuff and I think I have a slide on that where we've certified a bunch of ISPs a bunch of hardware So this is new and you're gonna hear more about it, but I just wanted to bring it up since we were here this morning We're also going to talk a little bit about editions, right? And I'll talk about editions at the end, but I wanted to explain what an edition is An edition is any way you get Docker running on your machine. So I have a whole getting started section But we release Docker for Windows, Docker for Mac, Docker for Azure, Docker for AWS, right? And those are ways for you to get up and running and integrate with whatever platform you're running on So when you think of something like Amazon, it's gonna take into account load balancers It's gonna take into account S3 storage, it's gonna take into account the VPCs and the Natting and everything you need to run It'll stand up Docker, build all that infrastructure out for you, that's something you can get with Community Edition Thoroughly free if you're running on AWS, it's the fastest way to get up and running We'll talk about that a little bit more later Skip this slide So the idea basically is with the Docker platform, regardless of whether you want to pay for your software or not We're gonna give you one platform, right? And the idea here is that the promise of Docker and at the end of the day, why people deploy it Is that they want to be able to write an application, have the developer write an application on their workstation And have that seamlessly flow through the environment and move from developers to QA into production And they want to be able to do that on Linux and they want to be able to do that on Windows And they want to do it on premise and they want to do it in the cloud, right? And any type of app When I joined Docker, everybody was like, oh yeah, it's containers, it's only for microservices And what we're seeing is most of our customers today are not exclusively using Docker for microservices And I'll give an example later Companies are taking traditional applications out of VMs, containerizing them and putting them onto Docker For a number of different reasons which we'll go through So if you've got homegrown applications, ISV applications, microservices, it doesn't matter, right? All of that, moving that And if you're on community edition today and you want to move to enterprise edition, great, it'll just work Okay, so now that I've been speaking for like 15 minutes, some of you were in there like, just answer the question Like the question I came here to get answered But the thing is like, one does not simply answer the question without doing a bunch of marketing stuff Besides, you wouldn't like the answer, right? So this picture, so when I was at VMware, I would get this question And actually, who thinks, I want to hear what you guys would say What is the number one question I answered when I was at VMware? Yeah, well that was number two, but Because I didn't actually, people ask me how much it costs, I'd be like, I have no idea, I don't sell software Okay, so the number one question I got was, how many VMs can I run on my server? What's the answer? It depends So I would always, if I was feeling kind of nice, I would say it depends If I was feeling surly, I would say, how many plants can I get in my car? Because it depends on your car, it depends on the plant So my car is, I used to have a suburban, it was a better analogy when I had my suburban My wife has a Honda Fit, right? So I could clearly carry more plants than her Well, no, because I'm carrying Ficus trees and she's carrying pansies So there isn't an easy answer to this, right? There's a lot of variables to consider So when you think about, you say, okay, well, I understand what a container is, but I still don't know what I'm going to do with it There's all these things you have to think about So I went back and we go back a couple of slides And I talked about this idea of, you know, mixing and matching your workloads This is all about capacity planning and, you know, somewhat about licensing costs But if you think about where VMware came from So 2008, VMware was really picking up steam And the number one use case was, I stand here all day Legacy, I'm sure, but the problem we were trying to solve was resource utilization, right? Because you had all these servers out there and they were all running at 30% utilized, but you couldn't mix the workloads So then we said we put the database and the exchange server and the IIS server into VMs And we can now put them on one physical server And I now have a machine running at 80% utilization instead of 30% utilization So I'm spending a lot less money on hardware That's where we came from If you're sitting there today on your first stages of your container journey And you don't have enough capacity to drive the server utilization You'd be foolish, you know, if your number one concern was capacity utilization To put that on bare metal, right? Because you would be wasting money on that hardware So capacity planning and mixing workloads But now if you go, wait a minute though, I have a security implication And there are security implications that say I cannot run this workload on a shared kernel Like there's some, you know, there's a law or there's a security policy or there's a regulation or something Then you're like, well, what do I do? Well, I put it in a VM then, right? Because I have to, because in a lot of people still consider Well, I mean, it is a shared kernel technology, right? And so they are like, ah, we can't do that. It's just a policy, we can't do it So if you have multi-tenancy requirements, right? And especially in the Linux space, in the Windows space there's this thing called a A Windows container with Hyper-V isolation, which we're not going to get into But if you're interested in that, find me afterwards and I can tell you about it So you're like, well, I have to go in a VM, even though I have enough capacity But so I'm going to go, I'm going to go VM But wait a minute, I really care about performance and latency Well, okay, then you're probably going to go bare metal Because containers always run faster on bare metal They run faster than virtual machines They run faster than containers in virtual machines They are fastest on bare metal So you're sitting there and you work for a financial trader in New York City A company who just paid 70 million dollars to relocate their data center Two miles closer to reduce their latency by, you know, three milliseconds Because they do that kind of thing when you're dealing with like, billions of dollars in trades So then you're like, well, I don't care if that server is 15% utilized If it's 3% faster, I'm going to go ahead and spend that money You know, so there's that So anyway, if you think about it, there's a lot of different variables in there The only one I haven't really touched on is And some of you are sitting out there and you're like, well, I'm a vSphere admin All my tooling is vSphere, all my tooling is KVM, all my tooling is Hyper-V All my tooling is Puppet, all my tooling is Chef, all my tooling is Ansible So you've got these existing automation frameworks And you've got these existing skill sets So you look at that and you say, well, it just doesn't make sense for me to go 100% into containers right now Like, I want to keep what I've done with vRealize automation or vCake or whatever it is So that's another thing where you look at it and you say, you know, how am I going to make this transition With my skill set and my staff and the people who have to do the work Because a lot of people, especially on this admin side, they come into containers Because someone walked into their office one day and said, hey, the new app is ready It's in a container, go ahead and put it in production And you're left with this slide and you're left with, well, I don't know how to capacity plan for that I don't know how to secure that, I don't know how to do that So we're going to take a look at two examples And we're going to talk about first consolidation and compute consolidation And then we'll talk a little bit about security So VM consolidation, so this slide is actually based on some testing we did with Hewlett Packard So HP and then we had an independent consultant named Brett Fisher went out and they took suspension They ran suspension, what they did is they took suspension, they said, okay, on this physical server We're going to create eight virtual machines and we're going to run suspension them And then we're going to measure the output So let's just say for grins that each machine or each VM could do a thousand transactions per second So 8,000 total transactions, right? So then they said, well, what happens if we put that in containers? So let's just use one big giant virtual machine So they took the eight VMs that were using 16 cores and 16 VCPUs and 32 gigs of RAM And they made one big VM that was 16 VCPUs and 32 gigs of RAM Just again, kind of just making up these details really Kind of making this whole thing up, actually that's not true, this is actually a true study And what they found was just by moving from eight smaller VMs into a single VM You actually got 27% greater output So where you were running and getting 8,000 transactions total per second You were now getting 10,000 transactions per second Which means if you had a server farm out there You could take 25% of the servers out of the farm and still do the same amount of work By moving from a bunch of smaller VMs into a larger VM and containerizing those workloads So if you had each container represented a different workgroup or some other different workload By bringing those together, the other thing that you've done there Is you're going to use about 30% less storage You're going to use about 7% less RAM You are going to move from managing eight guest operating systems in eight virtual machines To a single guest operating system in a single machine And you're going to reduce your data center footprint, right? So less electricity, less cooling, less real estate I will say so, for those of you in the room wanting the technical details on this One of the things we did have to do was it wasn't a straight just move over We did some stuff with pinning and affinity to make sure that the workloads went to the right CPUs And there is a 50-page white paper on this available from Humboldt Packard So if you follow me on Twitter, I will tweet the link out to that paper after this talk And it goes into all the detail of how we did it, right? So if you're sitting back there, you're like, well, jeez, okay, there's a benefit So if you do that exact same experiment And you go, okay, now I'm going to take eight VMs And I'm going to move into eight containers running on bare metal So no virtualization at all, you get a 47% output increase So you go from doing 8,000 transactions per second to about 12,000 transactions per second Again, I'm just using those numbers to make them easy to, you know, because they're even whole numbers But what it basically means is, if you were doing a server farm You could take two of those servers out, right? It's a little trickier if you say, well, I have one server doing the work because of the affinity and the pinning So that sort of example works better when you talk about using server farms But if you were just on a single server, you would still get more output from that box than you were before So again, storage savings, operating system management savings You go from managing eight guest OSes and eight virtual machines to running a single host OS Running on bare metal, right? So you have the bare metal server, your Linux operating system And the Docker engine and eight containers out there running So that is, you know, the VM to bare metal consolidation So things to think about then, so you're like, all right, so that's interesting So what do you got to do, right? Like, so higher density Like containers are going to give you higher density than you're used to having So just think about that, right? Because they're lightweight processes, you know, you're going to just get more of them in there They're going to be more responsive Bare metal or bigger VMs, right? So do you want to now look at getting rid of virtualization altogether in some use cases? Well, if you don't have to worry about multi-tenancy, right? That's, you know, if your existing tool set lets you do that, right? Then you can get performance gains there So you have to balance those things out And then tuning to optimize, so I mentioned this before, right? We didn't just slam those VMs and just move them over, right? We had to do some work with the affinity and the pinning on the CPUs The white paper details exactly what we did But by, you know, by tuning it a little bit, right? And it took the consultant, you know, a couple of days to figure that out, right? He made an investment about, you know, I think most of us would invest 16 hours to get 47% performance gains That's a pretty big return on your investment there So that is, you know, the idea of like capacity planning and some real quick overview on that But that's an indication of the things you need to start thinking about We're not, you know, you don't want to just go into it on this mindset of, oh, they're exactly the same We can just sort of do this one-to-one mapping Because things are going to change for you So what about security, right? I put this in here because probably the number one, well it's not really the number one But one of the top five questions I get about Docker containers is what about security, right? Most people, when they say Docker container security They worry about like exploits that allow you to break out of the container Which have happened, right? They've been there We work very hard to protect against those as do all the members of the community But security is more than that, right? When we look at security, we think about end-to-end security And how you can do that And we look at it now from this perspective of like there's three things that we really care about with security The first is that it's usable Because if you make security unusable, if you make it hard They're going to circumvent it, right? They're going to write that 15 character password on a post-it note And they're going to slap it on the side of their monitor They're going to use the same password for every system Like I'm guilty of that I'm not guilty of that Do not try to hack me Anyway, so we know this, this is a common edict, right? And you want to have a way to move things around in a secure manner It's not just about what's happening when the container is running What happens in that application through the entire life cycle? How do I guarantee that the application that I'm putting in production is what I think it is? How do you know when you deploy a VM that it's actually the VM you think it is? How do you know that somebody didn't come in and swap that VM out? And you're looking at it and it says, Master Golden Image 216.17.7 And you think you've got the right version How do you know that I didn't come in last night and change that and just rename it? You don't, I don't think, maybe you do And then whatever you do with that container, whatever you do to define that security policy It needs to follow that container regardless of where that container exists Infrastructure independence, right? So my security works on my MacBook, my security works in the cloud, it works on my data center All of that equals safer apps So how do we do that, right? Things to think about when you're looking at deploying containers in production around security One is application secrets How many of you pass, okay, we're gonna do it like they used to do in Sunday school Everybody close your eyes so nobody has to be embarrassed How many of you pass passwords using environment variables or in static config files? Come on, alright, there's a few brave souls I think more people than raise their hand do it, right? We all know that there's an inherent risk to that, right? So how do you pass that stuff securely? How do you maintain a workflow that works for your developers and your operations team? And then how do you set up a system that out of the box is already secure? So we're gonna talk about those things in a little more detail I think, hold on We're gonna talk a lot about secrets So in here the image signing and image scanning and verification So these are functions available through Docker Image signing and verification is fully open source It uses something called Notary, which is based on the update framework The image scanning is actually a paid service That you can have added to your private repos on Docker Hub Or you can have it added to your Docker Data Center Enterprise Edition thing But what they do is they work in concert So the idea is with image signing, I as an operations person provide a base image to you So you're going to write a Java application So I hand you a Java app, a Java image And I've signed it digitally So as a developer, as an operations person You can configure Docker to only run signed images So I'm a developer, I pull down the Java image And I try to run it, Docker verifies the signature that runs I add my code, I sign it So now it's been signed that it has the right base image It's been signed that the application you're about to deploy has come from one of your developers And then it goes to QA And it goes through the testing process or whatever And then the CICD system or whoever signs it Before I can put it in production I can verify that it's been signed based on a secure base image That my developer wrote it and that it's been through our testing cycles And that's what we mean by the secure software supply chain That's the marketing term for it As we move through each step in the process We can verify that it's been working So the other thing is image scanning So again, this is a commercial thing But just for completeness of the story Once the container is running When containers get stored on something called a registry It's a server to store your Docker images Your container images When you push an image, when you send it up to the registry When it hits the registry, we can scan it We do a bit-level scan on it We can break it down We know everything running in that image And we can list all the vulnerabilities out for you So we can say, look, this image has these known vulnerabilities Based on this CVE database And the CVE databases will be updated regularly And will re-scan for you So once you put a container in production We will tell you if anything is ever discovered against that container So that you can go out and then re-mediate it It's this ongoing security vulnerability scanning A couple other things We talked about secure by default The idea of full TLS encryption Across all the communication between the containers Or the host in the system And that all information is passed over secure channel by default And then as you deploy in production And you start getting into a little bit of the Again, a commercial feature Users and role-based access control So syncing with Active Directory and LDAP for user information And then using that to apply granular permissions So that when you put a container in production If it's a production version of the container Only the ops team can modify it The development team can see it Or maybe they can't, but they can't modify it Or any level of permissions in there Based on these labels that you apply So being able to go through and ensure That only the people who should have access to the Those containers do it Regardless of where it's running Regardless of the system that it's on We should be able to do that So we already know what this is I want to make sure there's anything I didn't really talk about the secrets But let me... I'm going to use this slide because I want to get done here In the next 10 or 15 minutes So a couple things on secrets management This is actually new in the latest release of Docker So what we basically do is We use Docker swarm mode So we're going to come up next We're going to talk about Kubernetes Kubernetes is a clustering and orchestration system Docker has one called swarm mode And in the cluster managers So the cluster is a bunch of managers Managing a bunch of workers In those managers we store We can store the secrets Now they're encrypted by default at rest In the store, right? And they're encrypted while they're sent Across the network And those secrets will only be sent To systems that actually Are running containers that need them So if you've got 10 servers And only two of them are running the database We're only going to send the secrets To those two machines They are never stored on the disk On those worker nodes They're mounted in an in-memory file system So you don't have to shred the disks Because those machines go away Because nothing was ever written to them In that regard And the other thing we have Is we have something called cryptographic node identity So those worker nodes can't be spoofed You cannot go into And say, oh, I'm worker 7 Because worker 7 was cryptographically signed By the manager And so we can verify that identity So there's a lot of protection built into that So if you kind of look at This right here The RAF consensus group is all those managers That's the data store We put the secrets up there And you can see in the example below We have three workers, but the secrets are only put down Under workers 1 and 3 Because that's where the containers are running All the communication between those workers And the managers Is encrypted So that's what we When you think about security Don't just say, think about, oh Did I patch this Did I Is the container Isolated Think about the entire end-to-end story Think about protecting stuff In ways you actually maybe hadn't thought about before Being able to adopt different ways Of managing sensitive information So we talk about passwords here But you can send anything through a secret You can send Directory Environment variables, directory structures Whatever you want to send So why do we even start? So why do we even start? Sometimes I start with this And sometimes I end with it Because I think it's hard to understand it If you don't have a little bit more information About what containers do So we start by Just being faster Just being quicker Being able to Run CICD pipelines on containers And you can cut the time to do a test cycle Of containers of magnitude simply because If you're booting up 100 VMs to do scaling testing That's going to take you a couple hours Potentially, and I can boot 100 Containers in 15 seconds So I go from hours to seconds To get my infrastructure And if you think again like CICD I'm not managing A Java build server And a Python build server And a whatever build server I have build servers and they run Docker Or they run some container runtime Because everything my application needs to run Is in the container I don't have to do anything with it That makes all the dependencies Much simpler The dependency to now run Your application on the infrastructure side Is an operating system And the Docker engine You don't ever have to worry about What version of Java is installed on that machine Or I'm a Java developer And you want to send me Python I don't have to worry about any of that anymore Unified toolchain Yep, unified toolchain So the idea that That The CLI and the API that you use Is the same On your MacBook where you're using for development It's the same as your Linux host running up in Azure It's the same as the host running on vSphere It's the same APIs as the same CLIs Oh, and by the way It's the same APIs and CLIs from Linux to Windows Right, so Docker run Is Docker run wherever you type it Docker push is Docker push wherever you type it We talked about that API automation I'm going to Move forward to Actually, I want to talk about this stuff So So you're like, okay cool I don't know where to start I heard that I have to do Microservices The reality is that you can do Any number of different application Paths into Docker Into containers, right So You know, we talked about already Like the benefits of just lifting and shifting Applications, just taking an application And moving it into a container Is going to be more performant Even if you keep it in the VM You're going to get better performance that way You're going to get better portability And a lot of people are doing that We have customers Who we just did an announcement About a company back in New York Like a Fortune 5 company Or Fortune 40, sorry That's doing lift and shift on windows And they're moving a bunch of their applications Into Docker containers And sometimes what people do Is they move them into containers And they start breaking them down So They take a container And they take an application And they say, all right, I'm moving that into a container Now I've got these three applications That have the same authorization Sort of authorization function I'm going to put that in microservice And I'm going to point those applications out of the VM Into the microservice And they start breaking those things down There's this whole continuum between Monoliths and a monolith being A traditional standalone application in microservices And you can be anywhere on that journey You can put it in the container And never worry about it Or you can start breaking it down Or you can just, we've had some customers All up and they blow the whole thing up And they don't do, they just immediately go To microservices The things you have to worry about With containers as you start looking at These monolithic applications Are things like fixed ports And static configs When you have to define the application For different environments And you're talking about a container Where everything is sort of the same That can be problematic But the beauty is, and this is my favorite Thing about Docker This could be my last question I ask you guys How many of you have ever deployed An extremely complex project Exactly 100% correct the first time Oh I saw a guy try to raise his hand over there You guys get his number quick, hire him You guys want that perfection, right? No, and that's the thing about Docker, is that We hear a lot of people that are like We were in the cloud and we realized The economics of the cloud didn't work And so now we want to move back to the data center Super example, common example Super easy to grasp The problem is that if you've done that In EC2 instances And they need to end up over here In a virtual machine, how do you do that? Like that is a serious Engineering effort If they're in Docker containers it's trivial And what I mean by start somewhere Somewhere else is you are able to recover From decisions that you've later Come to realize we're not the right one I don't want to call them mistakes Because we don't make mistakes I thought I was wrong once but I was mistaken But you start somewhere And you do something and you're like This isn't what I want Well it's easy to recover from that And adjust to it and move around on the fly I'm going to skip that So getting started For those of you who are New to Docker and don't have it If you have your Linux machine You can just do curl, SSL, HTTPS And you'll have Docker in about three minutes Now for those of you who do not Want to pipe to shell We have full installation Manual installation instructions Up on our documentation If you want to do Beta builds you could do Test.docker.com If you want to do bleeding edge Any of those will get you up and running All you need on the Linux side Is a kernel greater than 3.1 That's the requirement A kernel greater than 3.1 We've got a whole bunch of Raspberry Pi enthusiasts in here Anybody got Docker running on the Raspberry Pi yet? There's a Company out there called Hyper I call them HyperIat, I don't know how they say their name But they're basically They're all about Docker on Raspberry Pi They're actually doing a DockerCon workshop On getting Docker running on Raspberry Pi at DockerCon this year So even on Raspberry Pi If you are running Windows or Mac, you want to get Docker for Mac Docker for Windows, easy to download It uses the integrated virtualization On the platform It is running to be able to get Docker up and going in a matter of minutes So I'm running on Docker for Mac On Windows it uses Hyper-V, on Mac it uses Xhive, super fast, again The same API, the same CLI It doesn't matter, it's going to work exactly the same way We used to have something called Docker Toolbox, how many of you have used Docker Toolbox? How many of you love virtual box? Some people like virtual box We moved away from it because there were Some limitations on it And that's what we mean by OS integration For stability So if you're in the cloud, if you're using Azure or AWS, we actually have The ability to go out And run a cloud formation template Or the Azure equivalent An ARM template, I think is where they are They basically stand up A Docker cluster You can kick it off in 30 seconds You actually answer like 5 questions And it will build you a full Docker cluster Up in AWS It will integrate with the load balancers and everything So if you start a service on the cluster That needs a firewall port opened It will open the port for you Like that sort of integration I was geeking around the other day And I just said what can I do with this And I deployed a thousand node cluster Like I just said, give me a thousand nodes And it took an hour to provision all the instances But they all came up and I had a thousand node cluster Up and running So that's pretty nice, we do that for Azure and AWS So Walk jog run So you're new to Docker Go out and install Docker for Mac Docker for Windows, put it on your Linux box And just do Docker run hello dash world Right Super easy You could run Mike G Coleman Catweb Or you could get a really cool website That shows random catgifs in a Docker container And then so for me When I came to Docker I knew nothing about containers So I went on and I said what are the things that I could do And someone said why don't you build a CI CD pipeline So I went and found Jenkins and I got a Jenkins container And I built a Jenkins CI CD pipeline With Docker that basically runs the test jobs Pulls the Docker file off a GitHub Builds the container, tests the container If the container is good If the test pass pushes it back up to Docker hub Right, do something like that Or WordPress because WordPress has Multiple components right Build something like that, there's a thousand And one blogs on all these things Go check those out And then once you get that done say Well WordPress is cool but I need Multiple databases on the back end How do I do a replicated database or a sharded database Or a scaled database Or that Jenkins thing was cool But I really want a full CI pipeline Right, I want more than just Getting it to Docker hub, how do I build this If it pushes it into production And what does that look like Build your own Docker files, we didn't talk about that Build your own compose files, get into swarm mode Talked a little bit about swarm mode Didn't talk much about compose These are some of the more advanced features of Docker You can play with, right So at the end of the day I'm not here So I made the comment I'm here to get you the questions that you need to Answer to answer the question that you Wished I would answer for you I can't answer it for you I want to ask what you need to understand Is it facilitation it's importance For application and container Because only you should understand At the level necessary to make That informed decision Putting something in a container does Not abdicate you of the responsibility Of understanding how your application Works and what it does You still need to understand your applications You still need to perform a profile Them all of those sort of things And then pick the right tool for the job they solve and I think they're obviously the the the motion and stuff that we're getting shows that a lot of people are happy with them but it's up to you to decide what the right tool for the job is and my job today was to helpfully give you some more things to think about as you go down that journey. So what's next go ahead and pick a project get your hands dirty you will make mistakes you will do things like inadvertently delete every image on your system or corrupt an entire cluster and have to rebuild it from scratch at 11 o'clock on a Thursday at least I did but join the community so if you're not involved in the darker community we have you know thousands of contributors right we have a bunch of ways for you to get involved everything from just downloading it played with thing and opening issues and letting us know what doesn't work to joining a meet-up like as mentioned I'm the organizer one of the organizers for the Portland meet-up join our community share what you've learned and with that I have about three or four minutes for questions before we need to bring up the next slide so thank you very much and if you have a question let me know and we will do our best I don't know if we have another microphone if I should just run around I think I have to run around okay any questions perfect presentation no questions no this guy's got a question he's gonna ruin it I was born 300 so the gentleman's question was we talked about Docker for Azure Docker for AWS is there Docker for Google cloud I'm not sure that I can tell you that we're working on that but I think I can and I think if it so what we did with what we did had the the way that Azure and AWS came out as we did a private beta where you would send in a request and we would approve you and let you in then we did a public beta I'm not sure where we're at in that process but we are working on Google Cloud most most definitely yep for sure yeah so the question is Docker data center Docker data center is one of the tiers of the enterprise edition so Docker data center is a commercial offering based on a annual subscription that gives you a graphical front end for managing containers if you're a vCenter admin think about vCenter for containers is essentially what Docker data center is but yes it's a paid offering it's part of enterprise edition you can get a 30-day free trial up on Docker.com but I'm not here to sell you anything if you're just using it Docker at home you probably don't need it honestly but I don't outside of the 30-day trial edition I don't think there's anything like that there's some open source projects out there and some emerging things I think Portainer is one of them that kind of gives similar functionality not quite as enterprise ready if you just want a graphical front end you might want to check one of those out for more of a hobbyist thing I'm gonna come over here and I'll come back over here there was I saw way in the back there how does the AWS integration compared to ECS so ECS is each C2 container service it is basically the Amazon offering for sort of managing your containers up on Amazon so couple of big differences one of the big differences is that the ECS integration uses is always going to be behind as far as the Docker engine goes because they have to integrate it back up so I think they're still like on 112 so with Docker for AWS that release is part of the core release that we do so when we release a new version of the engine we automatically update that cloud formation template and all the omis behind it the other part of it is that EC2 uses its own proprietary sort of chain like tool set or whatever commands and so if your developers over here developing on Docker on their MacBook and then it goes into EC2 container services it's completely different set of APIs in a completely different CLI so you kind of break that workflow essentially they basically do the same sort of thing but EC2 is a little more proprietary than say Docker for AWS like Docker for AWS is more open and leverages all the AWS stuff underneath it. Yeah it's a really really good question so gentlemen's question was what how do you relate or what's the practices around config management puppet chef Ansible and containers and I think you know I had a long conversation with the chef guys last week a container world about this most of those vendors are not going to ever recommend that you put agents inside the container right that you want to you want to those you want to treat those containers as sort of immutable and they don't change and so if you do an update to a container that's a bad way to do it you want to update the stuff outside and do the upgrade puppet in particular has done a lot of work to help set up and maintain Docker environments so that's sort of how I see the delineation right how do you build how they use them to build the infrastructure to maybe track the base images puppet has some tooling to do like manifest into Docker files and then chef is doing this thing called habitat which is kind of cool because it's it's actually like a super set of everything right so it it understands that containers are one way to put out applications but that's there's also VMs there's also physical applications so they're kind of taking a more holistic approach but most people most of those companies like when they get to the actual container managing that they leave that to Docker right they leave that to the Dockerfile and the images so any last questions all right well thank you so much for oh one more back here yep in the Oregon sweatshirt yeah gentlemen said gentlemen's question was what what about the performance characteristics of different workloads and how would that input the impact the consolidation ratio that example that I gave today is actually what we consider to be a fairly conservative estimate because that was a CPU bound application right and so applications that are more memory bound you're going to get better consolidation ratios than you will so but you won't know until you test the individual application CPU bound applications probably going to get less of an increase because you're just like some applications are going to eat as much CPU as they possibly can right and then you're not going to be able to do much about that we find that like memory applications that are more memory bound seem to do a better job of consolidating and applications that use a lot of storage you can get really great storage savings because things we essentially have something that's akin to deduplication or thin provisioning built into containers like containers are by their by their definition thin provisioned so if you scale them out the saving the more you scale out the more you save in terms of disk space okay all right with that I have to stop because next time the next speaker but thank you so much for coming out and let me kick off scale I was your last year I loved it I'm glad to be back this year testing testing testing testing testing testing testing testing testing testing hmm testing hello hello hello yeah but they were having trouble with it earlier than the sound guy disappeared hello I mean if you have a chance to actually run and get somebody yeah hello testing testing testing testing