Hands-on with Aqua Container Security

Hands-on with Aqua Container Security

Shift Left security early into the DevOps pipeline with Jenkins and Aqua.

Aqua Container Security

With the growing adoption of Containers comes a proportional concern for security. The Aqua Microscanner is an open-sourced tool that can check container images for vulnerabilities.

Led by our very own Melvin Cheng, our latest DevOps Playground in Singapore was presented with our partners Aqua Security. We went through how to set up a simple Jenkins job to build a docker image and scan it for vulnerabilities using the Aqua Microscanner plugin. We’ll then address the vulnerabilities before re-scanning the image.

Aqua Container Security

The steps needed to complete this Playground can be found on our Github repo:

https://github.com/DevOpsPlayground/Hands-on-with-Aqua-Container-Security-Platform

The Playground recording is also available, just head over to the ECS Digital YouTube channel using the link below:

*****

Interested in attending our next DevOps Playground in Singapore? Follow us on Meetup (https://www.meetup.com/DevOps-Playground-Singapore/to receive a notification about the next event.

Check out the meetups we have at our other global locations:

You can also find all the information and resources you need about DevOps Playground sessions, upcoming events and past events on our website: https://devopsplayground.co.uk

 

Melvin ChengHands-on with Aqua Container Security
read more
Plotting a Container-Centric Future. Part Two

Plotting a Container-Centric Future. Part Two

What to look for in a partner

Containers offer huge advantages over traditional architecture and application development models. Getting the best from this new way of working however, requires detailed knowledge of how to deploy them and the benefits of doing so. To avoid making bad decisions – which could impact the ability to move to containers quickly and effectively – organisations should seek out guidance from experienced experts before jumping in. 

A little assistance during the early phases of a cloud migration, or application refactoring, will pay huge dividends when moving to containers. If you are able to find and work with an experienced partner the benefits will be realised faster, with less risk. Here are some of the essential things to look for in a partner:

Sourcing the Right Expertise

Once you’ve selected your container distribution (e.g. Rancher, Docker, OpenShift…), the adoption of new technology can be disruptive. Not just to your technology ecosystem, but to your teams and culture too. 

Another stumbling block is that the on-premise IT services methodologies, traditionally supporting COTS applications, struggle to translate to the new model of containers, microservices and cloud environments. Care should be taken to ensure that any service provider is suitably skilled and experienced in Rancher, Kubernetes and Docker to enable you on your journey.

Take the time to ask how long they have been working with the technologies, how extensive their training is, and what certifications they hold. Key decisions about application architecture and environment design will be made early in the life of your modern applications – it’s crucial to make the right ones. Seek advice from those with the scars and medals of previous battles in this arena if you want to get ahead of your competition.

Finding the Right Support

You will gain the most from a partner if you are able to engage with engineers who will work in close partnership with you. You want a partner that will collaborate to design and build robust, flexible and cost-efficient cloud provisioning, orchestration and deployment solutions for your modern applications. Take the time to identify a partner who can place automation at the heart of what they do, leveraging the latest industry tooling and techniques including system immutability, infrastructure-as-code and container orchestrators.

What’s more, you will want to work with a qualified professional services team who can provide the architecture design, pre-staging, deployment, integration, training and support requirements for each project they undertake – you could  avoid costly mistakes common in the absence of this help.

An Agnostic Approach

You should ideally find a partner who is technology-agnostic and able to give honest advice, tailored for you – rather than making recommendations on one particular technology stack. You are going to be working with them on strategic elements of your business, so leverage their experience to avoid common design and implementation pitfalls – it will save you a lot of time, and a lot of money.

Lastly, find a partner who is invested in your success. Sounds simple, but finding a partner that looks beyond the surface requirements is a rare feat, but a rewarding one. Look beyond the sticker on the tin and instead focus on how your partner can help you make changes with longevity. Our own partners – such as Rancher – achieve this by upskilling our consultants in their latest technologies and tools so we can better serve our clients. We then pay this forward to our clients by upskilling their teams as part of our Pods offering. Technology isn’t about squeezing lemons, it’s about creating a sustainable innovation that benefits all, and we pride ourselves on enabling teams to make the most of the new technologies that will need to be mastered as they start their DevOps journey. 

Lead by Example

ECS Digital are experts in the deployment of containerised applications, and we provide exactly this type of assistance to organisations of all kinds. We are service delivery and training providers for many of the leaders in the DevOps toolchain, such as Rancher, Docker, HashiCorp, Puppet, Sonatype, New Relic, CloudBees and GitHub. Click here to find out more and get in touch.

If you missed Part One of the series, you can find it here.

——–

About the author

Morgan Atkins is the container technology lead at ECS Digital, and spends his time working with the leading container tools and related technology. You will find him on site with customers from many industries, explaining how to adopt products such as Rancher, Docker and Kubernetes. Morgan is a certified Docker trainer and consultant, and is one of the leading consultants for containerised applications in the UK.

About ECS Digital

ECS Digital is a leading DevOps and Digital Transformation consultancy based in London, Singapore and Edinburgh. Being deeply embedded in the world of DevOps and the tooling that this movement is driving, ECS Digital is proud to partner with the leading software vendors in this space, including Rancher, Docker, CloudBees, Aqua, Sonatype, HashiCorp, New Relic and ServiceNow.

Morgan AtkinsPlotting a Container-Centric Future. Part Two
read more
CloudBees & Electric Cloud: the holy grail for CI/CD software?

CloudBees & Electric Cloud: the holy grail for CI/CD software?

As a specialist DevOps consultancy, ECS Digital often finds itself at the forefront of new and emerging technologies. We work with clients that aim to solve ever more complex problems and have established a history of working with industry-leading software vendors in response to the tools required to tackle these problems head-on. This has enabled ECS Digital to become intrinsically linked to the ever-evolving nature of the business software world.

What we’ve come to realise is that there is a natural lifecycle to the software vendors we work with. Some will grow quickly, establishing themselves as leaders in their market, and will eventually go public in an IPO. Some will fail, falling away as victims of the marketplace. And some will be acquired by another software vendor to be included in a wider portfolio of products. This is a common trend, as we have seen with GitHub joining Microsoft and Red Hat becoming part of IBM, both in multi-billion-dollar deals.

And this trend continues, with CloudBees and their recent acquisition of Electric Cloud.

Electric Cloud is the second business to be acquired by CloudBees – Codeship, a continuous integration and continuous delivery firm, being the first in 2018. These deals pair nicely with two of the end-of-life cycles outlined earlier. They also affirm CloudBees’ overall strategy of acquiring smaller, specialist software companies as a way of bringing onboard expertise missing from their current offerings.

In the words of Andy Cureton, Managing Director and Founder of ECS Digital:

“Combining CloudBees and Electric Cloud gives the combined entity the capability breadth to compete against the AWS CI/CD stack and the Microsoft CI/CD stack prevalent on Azure. Combining the feature depth of multiple tools in a seamless capability that is platform agnostic also gives a powerful alternative to those with a brown field site, as well as addressing concerns around vendor lock in (particularly on Cloud)”.

Phil Drouet, Head of Channel at ECS Digital, agreed with Andy, adding that today’s software landscape enables users to “build their own pipeline and pick their own tools. Whilst it may seem that choosing one ‘continuous delivery powerhouse’ limits your choice, this is offset by integrated systems and better experience. At the end of the day, you don’t want every development team to have their own tools. I have no doubt that enterprises will see this as a good thing, a credible alternative to having to buy everything from different places”.

Is CloudBees the holy grail for CI/CD software?

Electric Cloud is a known brand in its own right, with Gartner positioning them as a leader in its Magic Quadrant for Application Release Orchestration just last year. By acquiring Electric Cloud, CloudBees have strategically strengthened their position in the CI and CD space, as well as allowing them to enter the end-to-end solution market. This will help protect them in a marketplace that is increasingly offering these solutions when migrating to the Cloud.

Not only are they home to the enterprise version of Jenkins, they now have a compelling brand story within the CI/CD and release automation arena. What’s more, these products can now be combined into a single suite, offering the holy grail of product portfolios, without the complexity. In the words of Sacha Labourey, the CEO and co-founder of CloudBees:

“As of today, we provide customers with best-of-breed CI/CD software from a single vendor, establishing CloudBees as a continuous delivery powerhouse. By combining the strength of CloudBees, Electric Cloud, Jenkins and Jenkins X, CloudBees offers the best CI/CD solution for any application, from classic to Kubernetes, on-premise to Cloud, self-managed to self-service.”

The joining of CloudBees and Electric Cloud will unquestionably result in a stronger product set, and thus a stronger brand for those looking for a CI, CD and release platform partner. Electric Cloud evidently feel the same, as being a previously well-funded vendor meant that this acquisition did not come about as a result of them struggling in the marketplace. Much the opposite; “it will strengthen the market for them as a unit and give CloudBees (and now Electric Cloud) another revenue stream” (Phil Drouet).

And it benefits users too, as noted by Christina Noren, Chief Product Officer, CloudBees:

“Having the Electric Cloud offerings under the CloudBees umbrella gives companies a greater ability to manage the delivery of value to customers.

Having CI and CD solutions under one banner may mean customers come to rely on CloudBees. But where monopolistic powerhouses have spelt doom for innovation in other markets, in this case, Andy Cureton sees this as “giving back control” to the customer. It’s a holistic offer that means customers lessen the risk presented by multiple vendors and unintegrated systems.

What this acquisition means for partners

Being the Service Delivery Partner of the year for CloudBees, and with a partnership stretching back many years, we will inevitably see a shift in what we will need to provide following the integration of Electric Cloud.

Part of this shift will involve witnessing new challenges emerge, especially during the ‘settling in’ period where the merging vendors decide upon strategies, personnel and technical directions. We’ll also be keeping an eye out for any innovative products born from this acquisition and look forward to introducing these offerings in future projects. Whilst nothing has been confirmed, we imagine CloudBees will begin to release more information regarding their new direction towards the end of the year, timing it nicely with their annual DevOps World | Jenkins World | CloudBees conference – this year taking place in sunny San Francisco and Lisbon, Portugal.

Despite the turbulence that may occur, working closely with partners in the DevOps software world, and having a legacy of trust and reliable support, we are best placed to deliver the same high-quality service support to software vendors at times of change. And thanks to our existing relationship with CloudBees, we are able to upskill our team at pace. We can get ready to hit the ground running as new tools and technology emerge as a result of this deal.

Not only has their recent acquisition piqued industry interest, CloudBees have reaffirmed themselves as a technology vendor to watch. Not only are they bulking up their market presence, they are also providing customers with an extensive offer in the CI/CD and Release Automation space. And since this new option will be simpler and more robust, more customers will no doubt be drawn to this valued convenience. After all, complexity is the killer of progress.

If you’re yet to reap the benefits of CloudBees and Electric Cloud for your business, talk to a member of the ECS Digital team today.

 

****

Image Credit: <a href=”https://www.freepik.com/free-photos-vectors/background”>Background vector created by creative32965 – www.freepik.com</a>

Phil DrouetCloudBees & Electric Cloud: the holy grail for CI/CD software?
read more
Plotting a Container-Centric Future. Part One

Plotting a Container-Centric Future. Part One

Containers are unlocking new and innovative ways of developing and running software. With containerisation, the potential of hybrid cloud computing is finally becoming a reality. The evolution of containers is much akin to that of Virtual Machines (VMs) 15-years ago – eyed with suspicion in the early days but are now a de facto part of every IT infrastructure. Likewise, containers are becoming the default plan for organisations in all sectors and of all shapes and sizes.

Why? For those not yet familiar, containers are lightweight, portable, virtualised, software-defined environments. Their growing popularity is due to the fact they facilitate modularity, portability and simplicity when provisioning virtual infrastructure. They represent, in many ways, a step-change in how IT functions deliver applications; reduced boot times, improved resource utilisation and a lack of infrastructure dependencies facilitating swift deployment and iterative development and test cycles.

ECS Digital’s approach to containers is simple; it’s all about choice. Tooling agnostic – everything from cloud solutions to automation and edge – we’re led by the needs of our customers. Whilst there are many commercial container distributions available today, we choose to work with two main partners; Docker and Kubernetes (specifically, Rancher). Naturally, many organisations have a few requirements when selecting a platform to host their applications. By far the most common one is the desire to attain and retain agility by not being locked into a particular offering that prevents easy migration to other cloud platforms. In reality, this means selecting a platform based on Kubernetes, as this has been proven to be the standard by which other orchestrators are judged.

In this three-part series, we will take a look at the features of Rancher, highlight those that other container orchestration management tools don’t offer out of the box, and help you find the perfect deployment partner. Let’s start with Rancher’s pivotal features…

Rancher – Extra rBACtteries Included

Rancher is widely regarded as the #1 choice for running enterprise-scale containers and Kubernetes in production. It’s the only distro that can manage all Kubernetes clusters on all Clouds. It also accelerates the adoption of open source Kubernetes while complying with corporate security and availability standards.

100% Open Source

All Rancher products are 100% open source and free to use. Rancher deploys upstream, open-source Kubernetes, so the latest features in each Kubernetes release are always available for users. Rancher has also successfully shaped Kubernetes into an enterprise offering by putting security first and making it easy for businesses to control and interact with all of their clusters from a single interface.

No Vendor Lock-In

Rancher remains agnostic about which provider to use. It gives you, the user, the freedom to quickly deploy Kubernetes anywhere, with the configuration that you want. It also abstracts vendor differences so that users can interact with each cluster in the same way. Rancher makes it possible to run multiple clusters whilst enabling you to manage each cluster independently. And if you ever decide to stop using Rancher, you can quickly and cleanly uninstall the platform as if it was never there.

Multi-Cluster Management

Rancher was built to manage Kubernetes everywhere it runs. It can easily deploy new clusters from scratch, launch EKS, GKE and AKS clusters, or even import existing Kubernetes clusters. This month, Rancher went as far as to launch RIO, a MicroPaaS that can be layered on any standard Kubernetes cluster. And the best part? It’s free! Try it out for yourself today.

In short, Rancher is a complete container management platform, with a few added bells and whistles to make using the tool both practical and able to integrate with other applications. This ease of use makes Rancher an ideal partner for businesses scaling change initiatives using containerisation technology. And we should know. After a 14-month engagement with an industry-leading asset tracking client, ECS Digital has been instrumental in delivering and operating globally deployed container applications on Rancher that will revolutionise the industry.

In part two of the series, we’ll explore what you should look for in a partner, and how choosing the right partner can help drive a successful transformation for you and your business.

——–

About the Author:

Morgan Atkins is the container technology lead at ECS Digital and is one of the leading consultants for containerised applications in the UK. Not only is Morgan a certified Docker trainer and consultant, but he also takes great pride working alongside and upskilling customers in the adoption of container products such as Rancher, Docker and Kubernetes.

About ECS Digital

ECS Digital is a leading DevOps and Digital Transformation consultancy based in London, Singapore and Edinburgh. Being deeply embedded in the world of DevOps and the tooling that this movement is driving, ECS Digital is proud to partner with the leading software vendors in this space, including Rancher, Docker, CloudBees, Aqua, Sonatype, HashiCorp, New Relic and ServiceNow.

Want to adopt Rancher in your business? Talk to the team today about how you can get started.

Morgan AtkinsPlotting a Container-Centric Future. Part One
read more
It’s here, Docker Enterprise 3.0 – Build, Ship, Share, Run

It’s here, Docker Enterprise 3.0 – Build, Ship, Share, Run

DockerCon US 2019 has come and gone for another year! But despair not fellow Docker fans, Docker has left us with a meaty and fairly comprehensive list of announcements for us to chomp on, until DockerCon EU at least, if it decides to go ahead…

Now, before we start imagining a world without DockerCon EU, let us work our way through some of the notable key announcements from this year in San Francisco!

For anyone who has been living under a rock or drinking far too much open source Kool-Aid, Docker Enterprise is an end-to-end container-as-a-service (CaaS) platfor. Since its launch in 2017, it has been a one stop shop for public, private or hybrid cloud container management for both Linux and Windows.

At DockerCon 2019, Docker Inc released the next major iteration of the public beta: Docker Enterprise 3.0! Part of this release was the following three areas of note, namely Docker Desktop Enterprise, Docker Apps + CNAB and DKS. Let’s take a look at these in more detail:

Docker Desktop Enterprise

As the name suggests, Docker Desktop Enterprise (DDE) is a new developer tool that extends the Docker Enterprise Platform to developers’ desktops. Not only does this improve developer productivity, it accelerates time-to-market for new applications too.

DDE sounds a lot like “Docker for [Mac/Windows] 2.0”. And in some ways it’s a very similar tool, except for some extra enterprise features, more uniformed UI and some much needed yard rails. The addition of DDE will help stabilise adoption and allow unskilled engineers to leverage Docker in their workflow in a more meaningful way.

DDE also provides a secure way to configure, deploy and manage developer environments while enforcing safe development standards that align to corporate policies and practices. IT teams and application architects can present developers with application templates designed specifically for their team, to bootstrap and standardise the development process and provide a consistent environment all the way to production.

Docker Application + CNAB

Docker Applications is a stroke of genius from the product team at Docker. This simple application allows you to create an application for predefined components, adding more guard rails to help accelerate adoption and enable more and more people to use and enjoy Docker!

This is a new set of tooling that enables end-to-end application consistency and scalability from developers to operators. It allows users to manage complex applications as simply as individual containers, with tools to build, push, and deploy multi-container applications as self-contained objects. Tools such as:

Docker Application is based on CNAB – a joint collaboration of Docker, Microsoft, Bitnami, HashiCorp and CodeFresh. Docker Application Templates make sharing and standardisation of applications simpler and more scalable by creating templates for applications and their deployment parameters. In addition to creating and sharing, docker app easily generate Dockerfiles and the associated files for common application frameworks without expert Docker knowledge and enables development to get up to speed faster by letting developers focus on their business logic.

Docker Kubernetes Service (DKS)

This will make Kubernetes easier, more secure, and more accessible to the entire organisation.

DKS is compatible with Kubernetes YAML, Helm charts, and the Docker Compose tool for creating multi-container applications. It also provides an automated way to install and configure Kubernetes applications across hybrid and multi-cloud deployments. Other capabilities include security, access control, and lifecycle management. Docker Enterprise customers also can use Docker Swarm to orchestrate Docker containers.

It’s still a little unclear about what DKS is. Whilst it could be the answer to AWS’ EKS or Azure’s AKS, it honestly just sounds like a new and cooler name for Docker EE – as we all should know Docker EE has supported both Swarm and Kubernetes since 2017 and therefore has had a Kubernetes service Out of the Box. If this is true, it seems that Docker is trying to appeal to a wider audience through the descriptions and capabilities of its new tools.

Concluding thoughts

So, that’s it for another year! For more about the DockerCon San Francisco 2019, Docker have written a great wrap up blog, including all the key note live streams videos for you to watch at your leisure. Enjoy!

Morgan AtkinsIt’s here, Docker Enterprise 3.0 – Build, Ship, Share, Run
read more
Opening the Windows on Kubernetes 1.14

Opening the Windows on Kubernetes 1.14

Those of us who have been working in the DevOps industry for a while will be well versed in the Windows conundrum but for the sake of clarity here is an example of what it is and the problem that it poses. Let’s take a CTO within an enterprise organisation – someone in charge of a complex estate of business applications. This estate might include numerous Linux-based applications or in some cases hundreds of legacy windows-based applications. This CTO is already a containerisation convert and is bought into the benefits of added portability, security and agility, and like many organisations in the industry, he recognises Kubernetes as the standard for container orchestration. However, up until now, container orchestration for Windows applications has been limited – and this limitation has caused conflict between the need to run Windows containers in Productions and the largely agreed best practice approach of using Kubernetes.

To those less embedded in the DevOps world, this might sound like an implementation detail to be overcome by the ‘DevOps engineer’ (usually sat in a darken room), but it has a real impact on the business because of the time, resource and cost involved in solving it. To get the real benefits from a containerisation approach you need to have a unified strategy that works across your entire technology suite. Having to manage different approaches and different processes reduces the beneficial impact. Thankfully the coming together of Docker, Kubernetes and Microsoft has at last provided a solution to the problem with the launch of Kubernetes 1.14 (https://kubernetes.io/blog/2019/03/25/kubernetes-1-14-release-announcement/).

Of course, Docker has had a solution to the Windows Containers problem for a while, with a well-established and well-tested security model in the form of Docker Enterprise using Swarm orchestration. However, the rise of Kubernetes (it is increasingly the first choice among container users, with Datadog reporting its use increasing from 22.5 percent in October 2017 to 32.5 percent in October 2018) has meant that Docker had two choices. It could either continue to try and push users towards its own container orchestration solutions or it could take a more collaborative approach and embrace the fact that Kubernetes has become accepted as best of breed in this space. Thankfully for those at the sharp end of implementing containerisation strategies, they seem to have decided on the latter.

You really have to give kudos to Docker for this. It has understood the needs of its community and given it what it needs – a route to a single strategy across both Linux and Windows applications. It also means a big step forward in the move towards serverless environments.

The people who are going to feel the benefits of this most acutely (at least in the short term) are the applications teams. These are the folks at the coal face of implementing a containerisation strategy that is part of a wider IT transformation designed to speed up delivery and reduce complexity. They may also sit below a strategy team who all too often have selective blindness when it comes to looking at the technology stack and seem not to be able to see the Windows elements. It therefore falls to the men and women on the ground to deliver a series of benefits that have been sold in further up the chain based on a view of the application environment that is not entirely accurate.

So, if I am a head of architecture what can I take from the launch of Kubernetes 1.14?

Firstly – if you have been hesitant about moving forward with a containerisation approach because of the complexity of your applications environment, you now have a solution that will work across the entire environment. Not only does it mean a single control plane across different platforms and orchestrations, the UCP GUI (rather than script) means operation is simplified which will increase RUN team use.

Secondly, you can relax in the knowledge that finding yourself the right skillsets to get your containerisation strategy underway is going to be just that little bit easier!

Here’s how ECS Digital can help you use Docker:

There are significant benefits to containerisation, including portability, improved security and increased infrastructure efficiency. ECS Digital is a leading Docker Certified Delivery Partner and can help you use and extend the Docker Container platform.

Docker Modernising Traditional Applications

ECS Digital has the knowledge and experience to bring the benefits of containerisation to your more traditional applications. Working with Docker customers across EMEA, we undertake MTA Modernising Traditional Applications engagements, taking a traditional application into containers to realise the value of Docker in just five days with a turnkey program.

  • 1-week onsite support / 3 weeks remote
  • Deploy Docker EE to cloud or on-prem infrastructure
  • Containerise an existing application
  • End-to-end app deploy using Docker EE
  • App operations using Docker EE

Official Docker Training

As well as Docker Authorised Consulting Partners, ECS Digital is also a Docker Authorised Training Partners offering a range of official Docker training courses for all skills levels.

Enablement PodsTM 

ECS Digital’s Container Enablement PodsTM are an outcome-focused solution that deliver the capability you need, when you need it. Each Enablement PodTM starts with a Sprint Zero in order to establish a backlog of target outcomes with measurable KPIs and the resource.

Our Enablement PodTM approach has been massively successful in delivering large scale digital transformation projects in some of the UKs largest retail and commercial banks, as well as news publishers and international energy providers. Click hereto find out more about how our Enablement PodsTM work.

Here at ECS Digital we’re always happy to talk about how what we do can help benefit you and your business. If you’re interested in finding out how we can help, please do get in touch.

*Kubernetes 1.14 is available for download on GitHub.

Image credit: Photo by Joseph Barrientos on Unsplash

Morgan AtkinsOpening the Windows on Kubernetes 1.14
read more