Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern Trust, Rohit Tatachar, Microsoft and Brandon Royal, Docker

People typically think of Docker for microservices and try to make the smallest container they can. There are tremendous benefits to a microservices model but those are not the only apps that qualify for containers. Traditional, homegrown, monolithic apps are also great candidates for Docker - why? By containerizing these apps, many of the same agility, portability, security and cost savings benefits can be applied to the hundreds (if not thousands) of apps in your datacenters. But where to begin? Attend this session to learn how to approach modernizing traditional apps (MTA), considerations, the available tools and possibilities.

  • Be the first to comment

Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern Trust, Rohit Tatachar, Microsoft and Brandon Royal, Docker

  1. 1. Back to the Future: Containerizing Legacy Applications Brandon Royal Solutions Architect, Docker, Inc.
  2. 2. Containers for greenfield applications are awesome! App
  3. 3. LEGACY APPS IN NEED OF INNOVATION Slow deployments, inefficient infrastructure caused by stagnating apps.
  4. 4. Legacy to Containerized App App Data App Web Web DataData Data Legacy App Containerize Compose by Environment Dev Prod App Web App Web App Web
  5. 5. Why Modernize Traditional Apps Secure Reduce risk and enforce new controls Portable Portable Infrastructure Independent Apps Efficient Optimize CapEx and OpEx costs
  6. 6. 1. Identify App 2. Containerize 3. Configure & Secure 4. Compose 5. Deploy Let’s get started
  7. 7. • Existing Initiatives • Framework Compatibility • Architectural Fit • Implementation Identify App
  8. 8. • Persistent data externally or manage using volumes • Build scripts, packages • Registry hacks and phantom binaries • ... Implementation Details GO • In-process session state • GUI dependencies (build or runtime) • Logging to disk • ... REFACTOR
  9. 9. Leverage tooling like Image2Docker to quickly detect app artifacts and create Docker images Containerize App
  10. 10. FROM microsoft/aspnet:windowsservercore-10.0.14393.1066 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # disable DNS cache so container addresses always fetched from Docker RUN Set-ItemProperty -path 'HKLM:SYSTEMCurrentControlSetServicesDnscacheParameters' -Name ServerPriorityTimeLimit -Value 0 -Type DWord RUN Remove-Website 'Default Web Site'; RUN Enable-WindowsOptionalFeature -Online -FeatureName IIS-ApplicationDevelopment,IIS-ASPNET45,IIS-BasicAuthentication,IIS-CommonHttpFeature s,IIS-DefaultDocument,IIS-DirectoryBrowsing,IIS-HealthAndDiagnostics,IIS-HttpCompress ionStatic,IIS-HttpErrors,IIS-HttpLogging,IIS-ISAPIExtensions,IIS-ISAPIFilter,IIS-NetF xExtensibility45,IIS-Performance,IIS-RequestFiltering,IIS-Security,IIS-StaticContent, IIS-WebServer,IIS-WebServerRole,NetFx4Extended-ASPNET45 Image2Docker - ASP.NET
  11. 11. Externalizing XML configuration, move to environment variables and secrets 1. Map app settings to env variables / secrets. Swap at runtime. 2. Build config in image, swap by environment at runtime 3. Refactor to consume env vars and secrets 4. Volume mount configs Configure and Secure App
  12. 12. Use Docker EE to compose and deploy stack Images can be LARGE: Optimize and use DTR cache Secure deployments: Sign and scan images Compose & Deploy Stack
  13. 13. Rohit Tatachar Senior Program Manager, Microsoft IT
  14. 14. Reduce infrastructure and operational cost while moving to Azure and modernizing application architecture About Microsoft IT >2,500 Applications 10 Business Units Azure Cloud Migration
  15. 15. Current Legacy App Initiatives ~90% Legacy apps in virtual machine environments 25% Legacy apps approaching sunsetting in 2-4 years (No refactoring) ~90% Apps require traditional or enterprise components
  16. 16. Increase Infrastructure Utilization Standardize VM Infrastructure Isolate App Dependencies w/o Additional VMs Increase App Portability and Reuse Docker and Windows Containers to the Rescue!
  17. 17. Journey to Containers Select Initial Apps Technical Selection Criteria Coordinate with App Owners Containerize Use tooling like Image2Docker (i2D) to create Docker Images and deploy to Docker EE on Azure Apply Enterprise Configuration gMSA domain identities Windows Auth Service Accounts
  18. 18. • Web and app tier • IIS 6.0+ • .NET Framework 3.5+ • Windows Server 2008+ • No low level network or identity services Selecting Our First Apps • No dependency on hardware or driver access • No desktop apps RDP, VDI • SQL Server containerized for development only
  19. 19. domain joined host IIS ASP.NET App container workerworkermanager domain service accounts IIS management windows auth Legacy Patterns in Modern Infrastructure Docker Enterprise Edition : The Modern Hybrid App Platform
  20. 20. #Request gMSA from Active Directory #Create credspec referencing gMSA C:> New-CredentialSpec –Name csf –AccountName foo #Run docker container with credspec C:> docker run –security-opt “credentialspec=file://foo.json” ... #Deploy docker container with credspec across swarm (COMING SOON!) C:> docker service create --credential-spec=“file://foo.json” … #NOTE: Use Local Service context for app identity Windows Authentication
  21. 21. 10 Applications 4x App Density without performance degradation 1/3 Infrastructure Cost* Initial Results *projected savings for PPE based on performance testing
  22. 22. Next Steps Deploy at Scale Deploy next set of apps across larger Docker EE Docker EE CI/CD Integration Production Operations Manage initial apps in production Integrate Docker Content Trust and Docker Security Scanning into production build process Achieve Digital Transformation Contribute to I2D to continue to address use cases Visual Studio 2017 Integrated Azure Deployment
  23. 23. Rob Tanner Division Manager – Enterprise Middleware Services Northern Trust
  24. 24. Wealth Management Leading advisor to the affluent market ■ Individuals ■ Families ■ Family offices ■ Foundations ■ Endowments ■ Privately held businesses Founded in 1889, Northern Trust is a global leader in asset servicing, asset management, and banking for personal and institutional clients. Corporate & Institutional Services Global provider of investment services for institutional investors ■ Pensions ■ Sovereign entities ■ Fund managers ■ Foundations & endowments ■ Insurance companies Banking $120 billion in assets Asset Servicing $6.2 trillion in AUC Asset Management $946 billion in AUM About Us
  25. 25. Software Defined Data Center Strategy Agility Reliability & Stability Security Performance & Experience Lower TCO Run IT as a Business Guiding Principles Strategic Initiatives Converged Platforms Converged Teams Software- Defined X Increased Automation Cognitive Infrastructure *Northern Trust is an investor in Docker Inc.
  26. 26. “Greenfield microservice apps are great...but what do I do with the other the remainder of my applications?”
  27. 27. Our Environment WebLogic Applications 400+ .NET Applications Tomcat Applications
  28. 28. Why Traditional Apps in Docker EE? Infrastructure Efficiency Foundation for Hybrid Cloud Improved Security
  29. 29. • App Specific Infrastructure Provisioning • Challenging dependency / middleware management • Per Application Isolation Infrastructure Efficiency THE OLD WAY • Heterogeneous pool of infrastructure resources available to apps • Dependencies / middleware contained within app images • Multi-Tenant THE DOCKER WAY
  30. 30. Building a Reliable Foundation for Hybrid Cloud Declarative Docker Services Health Checks Complete Service Isolation On-Prem Cloud Developer agility Rapid geo / capacity scale
  31. 31. • Limited Attack Surface • Understood and Scanned App BoM - Security Scanning • Automated patching in build process • TLS signed images at every stage of build - Docker Notary • 3rd Party IPS/IDS Improved Security
  32. 32. 4x Faster Deployments With 2x Improved Infrastructure Utilization Faster Deployments with Less Infrastructure Without Docker 29 days With Docker 7 days
  33. 33. Docker EE Single Pane of Glass Docker EE became the obvious choice since it’s a single pane of glass for all workload...including Windows / Linux heterogeneous stacks host host host host host ASP.NET web API spring boot front-end Docker EE app Stack
  34. 34. The Future of Docker at NT Docker EE is the standard for all legacy applications at Northern Trust...period
  35. 35. Containerize all the legacy apps!! @docker #dockercon #dockermta Identify your app, start small and keep it simple To learn more about modernizing your apps with Docker EE, go to
  36. 36. LEGACY APPS MODERNIZED Docker Brings New Life Back to Legacy Apps By containerizing legacy apps, Docker is now making it possible to manage a legacy app on modern infrastructure, gaining all the benefits
  37. 37. Thank You! @brandon_royal #dockercon