DockerCon 2016

Ecosystem Talk 1.
Cost Control Across Cloud, On-Premise and VM Computers by Calm.io

Anecdotal numbers suggest that more than 40% compute resources are under utilized -- from unused cloud instances to virtual machines running on bare-metal. Hundreds of QA & Dev nodes to thousands of production instances could be shutdown, and brought back to the same state on demand. That's what cloud is about -- agility and efficiency, but our on-premise datacenter habits have migrated to the cloud as well.

Calm's DevOps automation platform helps fix our old habits. Calm provides a single pane of glass across cloud and on-premise, integrating with Chef, Puppet and Docker ecosystems. The single pane of glass enables orchestration, cost-control and on-demand provisioning.

Ecosystem Talk 2.
Implementing Secure Docker Environments At Scale by Twistlock

Modern container technology like Docker holds great promise for building large cloud infrastructure. Many enterprises, like Adobe, Salesforce, GE, have all found success with Docker to power Internet-scale cloud data centers. However, in a system of that scale, managing policy compliance and security is a challenging proposition. First, security functions deployed in those environments must be agile enough to accommodate massive scale changes. Second, there is very little room for guesswork and false positives. Finally, all the controls, including those at the host level, the daemon level, and the container level must operate in an integrated fashion to ensure robust operations of the entire environment. In this talk, we show that effective security for large container systems must be a cradle-to-scale initiative. We demonstrate that by leveraging development resources early in the lifecycle helps to scale up security controls tremendously in runtime. We show that we can automatically develop security profiles for running containers based on image analysis and with these profiles, we can accurately enforce runtime behaviors of containerized applications. We describe an actual Internet-scale deployment where rigorous image analysis and configuration inspection in development lead to an effective, easily scalable set of security controls in production.