Case Study

Financial
Services Provider

Industry

“ UpGuard gave us a push button solution

to containerize our Apache servers with
Docker. The UpGuard policies are containers
Financial Services

Challenges
Data Migration
waiting to happen.
” Solutions
Accountability, Automation
The Situation
A large California-based financial services company wanted
to containerize their Apache instances with Docker. As
existing customers of UpGuard, they were already using the
platform to manage drift across scattered environments. Industry:
Moving to containers promised to push that consistency Financial Services
farther upstream.

The Challenge Scale:

The benefits of containerization are becoming more
100 Apache instances
irresistible each year. As a lightweight alternative to VMs,
developing in containers both speeds up development and
makes deployments more reliable. But as with any new Time:
technology, those two steps forward require one step back
when you want to containerize legacy environments.
1 week for POC
1 month to prove ROI
Before Docker, the company was compiling Apache from
source each month. Different libraries would be pulled
into each build and, well, things would break. UpGuard
had already given them the visibility to standardize builds,
enabling them to move forward with Docker.

The Solution
UpGuard scans not only catch drift, they also provide

“
executable documentation for introducing new tools to
the pipeline. Existing scans provided all the documentation With a perfectly tuned container
the Ops team needed for defining a shared OS and the
resources that each app would need to run on top of it. system, you can have as many as
The required resources were added to UpGuard policies
directly from scans and then exported as Dockerfiles. (The four-to-six times the number of server
export is done by selecting “Docker” from a dropdown of
export options so there’s not much to describe here). The application instances as you can
Dockerfiles were used to provision the new containers and
UpGuard confirmed whether they matched the original test using Xen or KVM VMs on the same

”
environment.
hardware.

2
Benefits of Using UpGuard
Initial Scope:
Document Current State
In order to create containers for each of their business
3 months
applications, the company needed documentation of
their existing servers. Fortunately, because they were
already using UpGuard, this was trivial: UpGuard scans are
essentially perfect documentation in a machine-readable Team Size:
format. Having current documentation gave the team a
clear picture of what challenges to anticipate. Automating 4 senior engineers
that process saved time on manual labor and narrowed the
topics requiring research.

Generate Dockerfiles Time Saved:

The benefits of containerization are becoming UpGuard 2 months
policies are assertions that contain the desired value for
any given configuration item. These can be used as tests
to validate configurations, or they can be exported as
resource files for tools like Puppet, Chef, or, in this case,
Docker. The policies the team had been using to validate
UpGuard ROI:
server configurations could thus be turned into Dockerfiles
simply by selecting the Docker format inside UpGuard . Just $35,000
as containers only contain the resources that an application
needs without the additional weight of a full OS, UpGuard
policies only contain the configuration item that need to be
tested. This similarity made it easy for the team to generate

Docker containers based on their pre-existing policies.
Validate, Validate, Validate
UpGuard scans not only catch drift, they Docker has lived
up to its promise for making releases more consistent and
servers more performant but as with any project it wasn’t
all smooth sailing. UpGuard supplied debugging insights
“
Three of the largest banks that had
been using Docker in beta were moving
it into production. That’s a heck of a
confident move for any 1.0 technology,
but it’s almost unheard of in the safety-

”
when deployed containers didn’t match their sources
and certainty when they did. Moving fast means making
mistakes and UpGuard has provided the mechanism to first financial world!
keep the project on track.
- Steven J. Vaughan-Nichols,
“What is Docker and why is it so darn popular?”
ZDNet.com

3
Results
Pulling off the proof of concept would have been a major challenge under normal circumstances. The existing UpGuard
implementation, however, provided all the information needed to avoid landmines and define the containers.

With UpGuard’s policy export, engineers who had little prior exposure to Docker were soon generating Dockerfiles and
deploying containers. Continuous validation through scans and policies ensured that engineers could quickly trace
mistakes and regenerate Dockerfiles with a push of a button.

Using UpGuard to containerize 100 Apache

instances reduced the project cost by 67% and
eliminated a major vector of configuration drift.

4
UpGuard is the only security configuration management company that provides you with CSTAR,
a CyberSecurity Threat Assessment Report that calculates the insurability of enterprise IT assets
against cyber security breaches.

UpGuard customers use our platform to accelerate DevOps initiatives, identify critical security gaps
and vulnerabilities, automate discovery, inspection and security configuration of the IT infrastructure,
and deploy, manage, retire and optimize IT systems safely and securely.

548 Market Street #38076

San Francisco, CA 94104
+1 888 882 3223
hello@UpGuard.com | www.UpGuard.com

© 2016 UpGuard, Inc. All rights reserved. UpGuard and the UpGuard logo are registered trademarks of
UpGuard, Inc. All other products or services mentioned herein are trademarks of their respective companies.
Information subject to change without notice.