At DockerCon 2016, the second day’s general session featured products and stories related to Docker running in the enterprise. From product demonstrations of integrated security features, to deployment templates to a session featuring Keith Fulton, CTO of ADP, speaking about their evolution to a tech company and how Docker Datacenter enables them to ship faster, securely at scale across apps big and small.
ADP is the largest global provider of cloud based human capital management (HCM) solutions. ADP has over 630,000 clients that span more than 35 million users in over 100 countries. More than just payroll services, ADP delivers solutions across the entire spectrum of HCM for their customers in each one of these areas with right sized versions for SMBs, mid market and large enterprises.
This breadth and depth of solutions developed over the last 60 years does lead to some complexity in product development. ADP views this as a transition from a services company to a technology company and Docker is the key to future acceleration. Speeding up product development, not just in writing more code faster, but also helping ADP ship the resulting end product faster. Docker enables them to have a common framework between dev and ops and a clean hand off point.
To do this, ADP chose Docker Datacenter as the platform to deploy and manage containerized applications securely at scale. Docker Datacenter is an integrated Containers as a Service (CaaS) solution that brings together the Docker Engine, Trusted Registry for image management and Universal Control Plane to manage the cluster and application containers. ADP found Docker Datacenter able to address their three unique challenges around security, disparate systems at scale and how to get to microservices.
Security is top of mind at ADP because they work with sensitive information. The US government considers ADP “critical infrastructure” because they hold data like over 55 million social security numbers and with all the payroll processing, in the last year they moved about 1.8 trillion dollars through the ADP systems. That’s right, roughly 10% of the GNP was moved four times through ADP systems and for the people reading this blog post right now, most of your social security numbers are sitting in an ADP datacenter.
With that in mind, security and especially the concept of “hardened containers” are critical for ADP. Hardened because inside those containers moves very sensitive information. Docker is able to provide ADP with the ability to know what is running inside the container and where that container came from so their operations team can know exactly what is running in production.
One interesting aspect of the ADP infrastructure is that they have different environments with different security levels. Bullet number 3 refers to a progressive trust workflow with multiple Docker Trusted Registries (DTR). The first DTR is the “whatever goes” registry that allows for complete developer creativity. The second DTR is the “we think we want to run this” registry that is completely separate and allows for the team to vet and validate the application content. The last DTR manages the containers that will be deployed to production. ADP was able to deploy Docker in a flexible fashion to allow for both developer freedom and high security in the right context.
2. Disparate Systems at Scale
“We have two or three hundred products that we offer in one hundred twenty different countries…” – Keith Fulton, CTO, ADP
The broad portfolio of ADP products are delivered from their private datacenters around the world. For the vast majority of their hundreds of thousands of clients, ADP is their cloud. In these clouds there are large systems with many different services running at scale and how they interact could be a risk when looking at change. Keith presented a progressive approach to adopting Docker Engines and clustering them.
First start small, so that each application may actually be made of many small swarms of Docker Engines instead of one swarm per application. From there the swarms can merge so they become bigger over time and eventually each application can have its own swarm. The final state that Keith mentions “freaks out the security team” is the possibility of a swarm that spans across public and private infrastructure and across applications, allowing the swarm to the abstraction layer between physical compute and the application teams. In that new world the decisions will no longer be about who owns and hosts the infrastructure but merely the financial decision of the compute resource itself.
3. Chicken Nuggets and Ice Cream
“Everyone agrees that microservices are awesome. Once you see it in action, you have to have microservices. It’s kind of like chicken nuggets. Everyone loves chicken nuggets” – Keith Fulton, CTO, ADP
In what can only be described as the best set of food analogies ever used to describe software, Keith described the application landscape and vision at ADP through chicken nuggets and ice cream. Over their 60 year history ADP has developed many applications, some of which are millions and millions of lines of code and over a decade old. That scenario is not unique to ADP but common across companies of all sizes. The vision and goal is to get to microservices but the reality is that no company will get there overnight. Not all applications will be refactored at the same rate and the platform needs to be flexible to accommodate a variety of application architectures.
Keith describes what ADP will do with Docker as the “ice cream scoop refactor method.” Initially the applications will be in a single big container (like a tub of ice cream) and the parts that change the most often will be “scooped out” and containerized so it becomes easier to change and re-deploy them moving forward. This allows ADP to refactor the more dynamic parts of the application first while leaving the other areas of the application for a later time. Containerizing with Docker enables ADP to have a hybrid strategy – a mix of big and small containers for any application creating an evolutionary path forward to microservices.
Docker Datacenter is an integrated Containers as a Service (CaaS) solution helping businesses of all sizes build a secure software supply chain for both developers and IT operations teams to accelerate their product delivery. Comprised of commercially supported (CS) Docker Engine, Trusted Registry for image management and Universal Control Plane for cluster and application management, Docker Datacenter is an integrated Docker native solution for any application running anywhere.