It should come as no surprise that behind the rapid adoption of Docker containers are a set of slam-dunk cost and operational benefits. According to Docker, enterprise IT budgets are heavily consumed by maintenance and upkeep of legacy applications on the order of 80%.
Containers drastically change that equation, and the customers that leverage them are realizing massive improvements in resource utilization, resulting in a 50%-60% drop in virtual machines (VMs)– and ultimately, hypervisor licenses– required to run the refactored application. Reduction in the times required to scale and patch the application are two other key benefits; Docker Enterprise Edition (EE) customer MetLife saw its application ‘time to patch’ plummet from 7 days down to 2 hours. This directly contributes to a much stronger security posture for the organization, as well.
However, the journey from containers to fully-developed web-scale microservices can be technically complex and long– on the order of 2 to 5 years for enterprise organizations. In light of this, Docker has partnered with Hewlett Packard Enterprise (HPE) to deliver a reference architecture and program enabling customers to begin modernizing their traditional applications.
I had the opportunity to attend the joint Docker/HPE “Modernizing Traditional Applications (MTA)” roadshow at Docker’s San Francisco headquarters. I came away with some interesting and helpful insights about how enterprises can take the first steps toward containerized applications without plunging directly into the more complex and involved process of re-architecting applications for microservices within a DevOps toolchain complete with a continuous integration / continuous deployment (CI/CD) pipeline. I also got a strong sense of Docker’s commitment and focus on security; even with a basic approach to containerizing an application, their security tools (Docker Security Scanning and Docker Trusted Registry) combine nicely to reduce vulnerabilities and ensure image integrity. Both were featured during the event’s live demo segment.
When it comes to modernizing a legacy application, there’s a bit more involved than simply shoving application code into a container and running it. For starters, some thought needs to go into deciding which applications are the right candidates for containerization. The MTA roadshow team identified over 60 individual criteria spanning business, financial, and technology categories, but the overall approach is to go after the ‘low-hanging fruit’ legacy applications. Prime candidates include:
custom web/service applications
applications involving relatively small data sets
applications that have one or more tiers
Docker also eases some of the financial considerations with their free online ROI calculator, which projects the savings in infrastructure, operations, and development costs, per application. Depending on the scenario and input parameters, savings can be upwards of 50% over three years.
Organizations taking their first few steps into containerization need to think about security at each phase as well. Although a full-fledged DevOps process introduces significant security advantages, vulnerability scanning and identification of Common Vulnerabilities and Exposures (CVEs) is easily done with Docker Security Scanning. And, for developers who have already gotten their feet wet with containerization, StackRox container security expert Yathi Naik offers up a reliable set of techniques on how to harden Docker containers and hosts.
As the ancient Chinese proverb goes, “A journey of a thousand miles begins with a single step.” On the journey toward web-scale microservices that many enterprises are undertaking, those first few steps are being expertly guided by Docker and its partners through the MTA program. And, as enterprise security must be tightly coupled with new infrastructure and application development practices, StackRox is onboard for that entire journey.