People typically think of Docker for microservices and try to make the smallest container they can. There are tremendous benefits to a microservices model but those are not the only apps that qualify for containers. Traditional, homegrown, monolithic apps are also great candidates for Docker - why? By containerizing these apps, many of the same agility, portability, security and cost savings benefits can be applied to the hundreds (if not thousands) of apps in your datacenters. But where to begin? Attend this session to learn how to approach modernizing traditional apps (MTA), considerations, the available tools and possibilities.
Edge 2016 Session 1886 Building your own docker container cloud on ibm power...Yong Feng
Similaire à Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern Trust, Rohit Tatachar, Microsoft and Brandon Royal, Docker (20)
9. • Persistent data externally
or manage using
volumes
• Build scripts, packages
• Registry hacks and
phantom binaries
• ...
Implementation Details
GO
• In-process session state
• GUI dependencies (build
or runtime)
• Logging to disk
• ...
REFACTOR
11. FROM microsoft/aspnet:windowsservercore-10.0.14393.1066
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';
$ProgressPreference = 'SilentlyContinue';"]
# disable DNS cache so container addresses always fetched from Docker
RUN Set-ItemProperty -path
'HKLM:SYSTEMCurrentControlSetServicesDnscacheParameters' -Name
ServerPriorityTimeLimit -Value 0 -Type DWord
RUN Remove-Website 'Default Web Site';
RUN Enable-WindowsOptionalFeature -Online -FeatureName
IIS-ApplicationDevelopment,IIS-ASPNET45,IIS-BasicAuthentication,IIS-CommonHttpFeature
s,IIS-DefaultDocument,IIS-DirectoryBrowsing,IIS-HealthAndDiagnostics,IIS-HttpCompress
ionStatic,IIS-HttpErrors,IIS-HttpLogging,IIS-ISAPIExtensions,IIS-ISAPIFilter,IIS-NetF
xExtensibility45,IIS-Performance,IIS-RequestFiltering,IIS-Security,IIS-StaticContent,
IIS-WebServer,IIS-WebServerRole,NetFx4Extended-ASPNET45
Image2Docker - ASP.NET
12. Externalizing XML
configuration, move to
environment variables and
secrets
1. Map app settings to env
variables / secrets. Swap at
runtime.
2. Build config in image, swap by
environment at runtime
3. Refactor to consume env vars
and secrets
4. Volume mount configs
Configure and
Secure App
13. Use Docker EE to compose
and deploy stack
Images can be LARGE:
Optimize and use DTR cache
Secure deployments:
Sign and scan images
Compose &
Deploy Stack
15. Reduce infrastructure and operational cost while
moving
to Azure and modernizing application architecture
About Microsoft IT
>2,500
Applications
10
Business Units
Azure
Cloud Migration
16. Current Legacy App Initiatives
~90%
Legacy apps in
virtual machine
environments
25%
Legacy apps
approaching
sunsetting in 2-4
years
(No refactoring)
~90%
Apps require
traditional or
enterprise
components
18. Journey to Containers
Select Initial
Apps
Technical
Selection Criteria
Coordinate with
App Owners
Containerize
Use tooling like
Image2Docker (i2D) to
create Docker Images
and deploy to
Docker EE on Azure
Apply Enterprise
Configuration
gMSA domain identities
Windows Auth
Service Accounts
19. • Web and app tier
• IIS 6.0+
• .NET Framework 3.5+
• Windows Server 2008+
• No low level network or
identity services
Selecting Our First Apps
• No dependency on
hardware or driver
access
• No desktop apps
RDP, VDI
• SQL Server containerized
for development only
20. domain joined host
IIS
ASP.NET App
container
workerworkermanager
domain service
accounts
IIS management
windows auth
Legacy Patterns in Modern Infrastructure
Docker Enterprise Edition : The Modern Hybrid App Platform
21. #Request gMSA from Active Directory
#Create credspec referencing gMSA
C:> New-CredentialSpec –Name csf –AccountName foo
#Run docker container with credspec
C:> docker run –security-opt “credentialspec=file://foo.json” ...
#Deploy docker container with credspec across swarm (COMING SOON!)
C:> docker service create --credential-spec=“file://foo.json” …
#NOTE: Use Local Service context for app identity
Windows Authentication
23. Next Steps
Deploy at Scale
Deploy next set of
apps across larger
Docker EE
Docker EE CI/CD
Integration
Production
Operations
Manage initial apps
in production
Integrate Docker
Content Trust and
Docker Security
Scanning into
production build
process
Achieve Digital
Transformation
Contribute to I2D to
continue to address
use cases
Visual Studio 2017
Integrated Azure
Deployment
25. Wealth
Management
Leading advisor to
the affluent market
■ Individuals
■ Families
■ Family offices
■ Foundations
■ Endowments
■ Privately held
businesses
Founded in 1889, Northern Trust is a global leader in asset servicing, asset
management, and banking for personal and institutional clients.
Corporate &
Institutional Services
Global provider of
investment services for
institutional investors
■ Pensions
■ Sovereign entities
■ Fund managers
■ Foundations &
endowments
■ Insurance companies
Banking
$120 billion
in assets
Asset
Servicing
$6.2 trillion
in AUC
Asset
Management
$946 billion
in AUM
About Us
26. Software Defined Data Center Strategy
Agility Reliability &
Stability
Security Performance &
Experience
Lower TCO
Run IT as a Business
Guiding Principles
Strategic Initiatives
Converged
Platforms
Converged
Teams
Software-
Defined X
Increased
Automation
Cognitive
Infrastructure
*Northern Trust is an investor in Docker Inc.
29. Why Traditional Apps in Docker EE?
Infrastructure
Efficiency
Foundation for
Hybrid Cloud
Improved
Security
30. • App Specific
Infrastructure
Provisioning
• Challenging dependency
/ middleware
management
• Per Application Isolation
Infrastructure Efficiency
THE OLD WAY
• Heterogeneous pool of
infrastructure resources
available to apps
• Dependencies /
middleware contained
within app images
• Multi-Tenant
THE DOCKER WAY
31. Building a Reliable Foundation for Hybrid Cloud
Declarative
Docker Services
Health
Checks
Complete
Service
Isolation
On-Prem Cloud
Developer agility
Rapid geo / capacity scale
32. • Limited Attack Surface
• Understood and Scanned App BoM - Security Scanning
• Automated patching in build process
• TLS signed images at every stage of build - Docker Notary
• 3rd Party IPS/IDS
Improved Security
33. 4x Faster Deployments
With 2x Improved Infrastructure Utilization
Faster Deployments with
Less Infrastructure
Without
Docker
29 days
With
Docker
7 days
34. Docker EE Single Pane of Glass
Docker EE became the obvious choice since it’s a single pane of glass
for all workload...including Windows / Linux heterogeneous stacks
host host host host host
ASP.NET
web API
spring boot
front-end
Docker EE
app
Stack
35. The Future of Docker at NT
Docker EE is the standard for all legacy applications
at Northern Trust...period
36. Containerize all the legacy apps!!
@docker #dockercon #dockermta
Identify your app,
start small
and keep it simple
To learn more about modernizing your apps with Docker
EE, go to www.docker.com/MTA
37. LEGACY APPS MODERNIZED
Docker Brings New
Life Back to Legacy
Apps
By containerizing legacy apps,
Docker is now making it possible to
manage a legacy app on modern
infrastructure, gaining all the benefits