Tag Archives: Docker

DockerCon 2016 Summary

Brief summary of DockerCon 2016 announcements on security, monitoring and company updates:

Announcements:

Key announcements on:

  • AWS and Azure integration
  • DABs
  • SwarmKit
  • Docker on Mac and Win
  • Security: 1. DTR 2. DSS 3. DCT/ImageSigning

Companies (from Sastry)

DataDog

  • Monitoring as a service: infrastructure and application
  • intelligent  alerting, insightful dash-boards
  • Collect data from containers, cloud providers, data stores, other monitoring providers all in one place:
  • metrics and metadata (tagging and labels from docker infrastructure), host map
    • Most intensive container or # of web requests for this application

Dynatrace ruxit

  • Entire stack – hosts, nodes, processes, microservices
  • discover dependencies which service connects to other services
  • Machine learning, no need to configure thresholds etc.
  • Java script errors -> database errors

Sysdig

  • Can be deployed as a container (based on a component deployed in kernel)
  • cluster, network, process, application level, java imx, response time, data base queries
  • aware of services, and understand the relationships, interaction of services
  • kubernets, mesos, docker swarm, amazon aws
  • Deployment and logical topology

Aqua immersive security for containers

  • Jenkins plug-in for scanning image for vulnerabilities before image push
  • Encrypting environment variables to protect secrets
  • REST API for free security scanner, highlights suspicious container behavior

SumoLogic

  • Saas
  • collect data via http post, agent in a container
  • Log signatures with machine learning – outlier, anomaly detection

BLACKDUCK know your code

  • Visibility into open source in containers
  • Identify open source, and enforce open source use policies
  • Identify vulnerabilities 3 weeks before NVD

Twistlock security built for containers

  • Docker containers are declarative (immutable images)
  • What software should be running, what ports  are open, container links
  • Runtime behavior – build models of runtime behavior and compare actual execution state against models

SignalFX

Data Management Solutions:

  • Hedvig software defined storage
  • crate.io scalable SQL database
  • Cluster hq container data management
  • Couchbase
  • Robin Systems: application-aware compute and storage platform,containers data persistence by controlling all layers

Network Solutions:

  • Weave network and management docker and microservices
  • Arista software defined networking
    container tracing -> which container is running on which node
  • Plum Grid  software defined networking

Container Management:

  • CloudSoft container service
  • EMC container platform
  • VMware automation for containers
  • Microsoft
  • Cisco
  • Joynent triton container as a service
  • Google cloud platform
  • Rackspace carina
  • Oracle
  • 1&1 managed cloud hosting
  • Rancher swarm kubernities meso opensource container mgmt
  • Apcera
  • Apprenda

 

 

 

Docker DC ANNOUNCEMENT

On a somewhat unrelated note, Docker also released Docker DC  for on prem containers svc.

Today we are excited to announce the availability of Docker Datacenter (DDC), an integrated, end-to-end platform for application development and management at any scale. The enterprise-ready solution includes: Docker Universal Control Plane, Docker Trusted Registry and embedded support for Docker Engine and Swarm.

DockerConEU-ClosingSession

Could not pay sufficient attention to all:

1. Container Migration – Mantika

2. Unikernel in docker – Anil…


 unikernel.org

3. Minecraft by docker folks

Very cool. ctrl containers from minecraft. we really needed this feature.

DockerConEU-ContainerTorture

jean-tiare From OVH,


talks about introspection, how to run binary incontainer. need to get charts. 

  

GRREAT SIMPLE description of what a container is and how you become one.


how to enter a container

setns, execv

What about host binaries:

easy -> patch; hard -> auto code rewrite;

“ptrace”

Trace, mess w process, interact w process (like gdb)

what he does:

run setns and ptrace


Very good talk on namespace jumping. very similar to what we are already doing w crawler w static binary. So: good /.

A lot more wxamples and demos. Get the video and slides here.

Code Also in github.

Protected: DockerConEU-Understanding Security

This content is password protected. To view it please enter your password below: