Sophia Parafina

Announcing (Even) More Speakers for DockerCon 2016

A quick note about the selection process: this year the Review Committee reviewed 570+ proposals using a double blind process, which means proposals were reviewed just by their abstract, outline and takeaways. From the initial review, we selected the top 100 proposals and began conversations with the authors of the most promising talks. We’re not quite done yet, but we expect to publish the schedule soon!

If your proposal was not accepted, please consider submitting for a local meetup or another conference. Once again, we’d like to thank everyone who took the time to both submit and review the proposals.

Without further ado, here are the next round of DockerCon speakers selected by the DockerCon Community Review Committee.


 

Black Belts Track

 

Unikernels and Docker: From revolution to evolution

with Mindy Preston, Engineer at Docker, Inc.

 

Unikernels are a growing technology that augment existing virtual machine and container deployments with compact, single-purpose appliances. Two main flavors exist: clean-slate unikernels, which are often language specific, such as MirageOS (OCaml) and HaLVM (Haskell), and more evolutionary unikernels that leverage existing OS technology recreated in library form, notably Rump Kernel used to build Rumprun unikernels.

To date, these have been something of a specialist’s game: promising technology that requires considerable effort and expertise to actually deploy. After a brief introduction for newcomers to unikernels, Mindy will demonstrate the great strides that have been taken recently to integrate unikernels with existing deployments. Specifically, we will show various ways in which Rumprun and MirageOS unikernels can be used to deploy a LAMP stack, all managed using the popular Docker toolchain (Docker build, Docker run, and the Docker Hub). The result is unikernels that can be used to augment and evolve existing Linux container- and VM-based deployments, one microservice at a time. We no longer need a revolution—welcome to the microservice evolution!


 

johnstarkstaylorbrownWindows Server and Docker – The internals behind bringing Docker and containers to Windows

with John Starks and Taylor Brown, Tech leads at Microsoft

 

Docker leverages  capabilities in Linux like namespaces and cgroups to enable containers and then builds tooling on top to enable users to build distributed apps. A common question is “What about Docker support for Windows?” In this session the Windows engineering leads will dive deep into the primitives within Windows to enable an awesome Docker experience on Windows.  This session will also include a live demo of Docker and Windows Server.


 

Use Case Track

 

Using the SDACK Architecture on Security Event Inspection

with Yu-Lun Chen, Senior Software Engineer at TrendMicro

 

The SDACK architecture stands for Spark, Docker, Akka, Cassandra, and Kafka. At TrendMicro, we adopted the SDACK architecture to implement a security event inspection platform for Advanced Persistent Threat (APT) attack analysis. In this talk, we will introduce the SDACK stack with Spark lambda architecture, Akka and Kafka for streaming data pipeline, Cassandra for time series data, and Docker for microservices. Specifically, we will show you how we Dockerize each SDACK component to facilitate development of algorithms by the R&D team, help the QA team test the product easily, and use the Docker as a Service strategy to ship our products to customers. The talk shows how we monitor each Docker container and adjust the resource usage based on monitoring metrics. Also, we will share our Docker security policy which ensures our products are safety before shipping to customers; including how we developed an all-in-one Docker based data product and scale it out to multi-host Docker cluster to solve the big data problem. Finally, we will share some challenges we faced during the product development and some lesson learned.


 

15ade45.jpgDocker helps Fugro Bring a New IoT-Based Service to Market with High Uptime and Portability

with Jay Blanchard, Web/Software Engineer at Fugro Chance

 

Fugro is a multinational enterprise that collects and provides highly specialized interpretation of geological data for a number of industries, at land and at sea. The company recently launched OARS (Office Assisted Remote Services), an innovation which uses advanced technology to reduce, and potentially eliminate, the need for surveyors onboard sea-going vessels, optimizing project crewing, safety and efficiency.

The OARS unit on board the vessel has network routing, raspberry Pi’s, GPS and redundant Windows embedded machines. Various sensors (GNSS, pitch & roll, heading, etc.) are connected to the OARS unit which subsequently uses its installed software to respond to publishing requests through a messaging service (in its own Docker container) via satellite, allowing Fugro surveyors in command centers and customers to interact with jobs in real time. Docker containerizes the entire application and its systems which are micro-services designed to communicate in real-time with each other as well as offer up the beach side web services necessary for interacting with the application by surveyors and clients alike.

By keeping skilled staff onshore and using an Internet of Things platform model, Fugro’s OARS project provides faster interpretation of data and decisions, better access to information across regions. Hear how Fugro and consulting partner Flux7 created a solution with Docker and Amazon Web Services at its center that provides a high degree of uptime, ensures data is secure and enables portability so that environments that can be quickly replicated in new global regions on demand. Learn how Docker is being used as a key component in Fugro’s continuous delivery cycle and see how Docker is also used to create redundancy that ensures high uptime for Fugro’s 24X7 requirements.


 

CIHYltQUMAAz3Eu.jpgLearning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter

with Brett Timperman, Developer at Kroger Technology

 

What is the right balance between moving fast, innovating, experimenting with new technology, and protecting the personal data of our customers and interests of our stakeholders? How can we safely try new ideas in production without risking costly downtime? Does the utopia where developers are free from lock-in and operators enjoy the calm of a steadily running system exist in the real world? Is it possible to have open platforms with better security?

The drive to move faster moved us to microservices and then to Docker to solve development needs and how we naturally wanted to take containers to production. We created our own monitoring system with Kafka and ElasticSearch which is running on Docker in production. Docker Datacenter is solving a lot of issues with the user security, manageability and administration for customer facing apps. The presentation shows how each code commit is built into a tagged Docker image in Trusted Registry, tested in CI, and auto-deployed alongside the running application. At each step, I will demonstrate the code and containers used to accomplish this – how Registrator containers in UCP register each container as a discoverable service with Consul, how Consul-Template generates NGiNX configurations, and how a custom UI controls NGiNX client splitting rules. I would also shows how UCP allows a group of users to administer the Consul, Registrator and NGiNX stack, while another group of users focuses on deploying and managing apps.

At Kroger Digital we are still working through these questions every day but are redesigning our systems with the goals of true operational maturity and security. Discover how we are building capabilities for monitoring, A/B testing, and continuous delivery with Docker Datacenter, plugins, and open source building blocks such as NGiNX, ElasticSearch, and more.


 

Wild Card Track

 

19bd944.jpgSecuring the Container Pipeline at Salesforce

with Cem Gurkok, Lead Information Security Engineer at Salesforce

 

Customer trust and security is paramount for Salesforce. While containerization is great for DevOps due to flexibility, speed, isolation, transient existence, ease of management and patching, it becomes a challenging environment when the sensitivity level of the data traversing the environment increases.  Monitoring systems, applications and network; performing disk, memory and network forensics in case of an incident; and vulnerability detection can easily become daunting tasks in such a volatile environment.

In this presentation we would like to discuss the infrastructure we have built to address these issues and to secure our Docker container platform while we rapidly containerize Salesforce. Some of the aspects of using Docker at Salesforce are:

  • Leveraging Docker Registry and Docker Notary (image signing, verification, and tracking throughout its lifecycle)
  • Dockerfile changes are tracked via workflows in repositories and ticketing systems
  • Monitor Docker activity via logs (host/container/app, correlated with other infra), network traffic (IDS, NetFlows), and process memory (Volatility Framework) analysis for potential malicious behavior
  • Harden Docker images following best practices as much as we can without hampering developer productivity
  • Track vulnerabilities though our management program (manual and automated) that might be introduced (OS, app, libraries) as layers are created/added and make sure they are patched as reports become public
  • Assume that there will be an eventual compromise and have developed investigative capabilities (disk/network/memory forensics) for root cause analysis

Our solutions focus on securing the container pipeline, building security into the architecture, monitoring, Docker forensics (disk, memory, network), and automation. We also would like to demonstrate some of our live memory analysis capabilities we leverage to assure container and application integrity during execution.


 

Join us at DockerCon 2016DockerCon-2016-regnow

We strongly recommend that you register soon to secure your pass. Each previous edition of DockerCon has sold out in advance.

Click here to register for DockerCon 2016!

For those who have submitted speaking proposals: if your talk proposal gets accepted for DockerCon, we’re more than happy to provide a refund on your purchased ticket.


 

Learn More about Docker

, , , , ,

Sophia Parafina

Announcing (Even) More Speakers for DockerCon 2016


Leave a Reply

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.