View
30
Download
4
Category
Preview:
Citation preview
InterConnect2017
Microservices: Powered by Containers-as-a-Service
Chris RosenSenior Technical Offering ManagerContainer ServicesIBM Cloud Platform
Rick OsowskiSenior Technical Staff MemberMicroservices Adoption LeaderIBM Cloud Architecture & Solution Engineering
1 3/28/17
2 3/28/17
Please noteIBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.
The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming inthe user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
Step 1. Be an EnterpriseStep 2. Do microservicesStep 3. ???Step 4. Make money
3 3/28/17
The genesis of the Enterprise Monolith…
BrowserIBM HTTP
Server DB2Database
WebSphere ND
WAR
Store UI
Catalog Service
Cart Service
Search Service
Orders Service
DB2Database
Scale, speed, & strength begot microservices…
RDBMS
AccountsService
RDBMS
Store User Interface
Recommendation Service Graph DB
Search Service
Product Details Service
Doc/NoSQL
Orders Service
Hadoop Shopping Analytics
Cached Calls
Traditional Enterprise IT
High end compute infrastructure
Assumes component availability
Mostly centralized
Consistent data
Transactional
Larger Codebases
Easy to understand dependencies
Centralized governance
Network connected
And so on…
Comparing our journey…
Microservices
Utility compute Infrastructure
Assumes component failure
Highly Distributed
Eventual consistency
Compensation flows
Smaller Codebases
Difficult to visualise
Component autonomy
Network complexity
And so forth…
Traditional Enterprise IT
High end compute infrastructure
Assumes component availability
Mostly centralized
Consistent data
Transactional
Larger Codebases
Easy to understand dependencies
Centralized governance
Network connected
And so on…
Comparing our journey…
A standard way to package an application and all its dependencies so that it can be movedbetween environments and run without change.
Containers work by hiding the differences between applications inside the container so that everything outside the container can be standardized.
Containers
ibm.com/cloud-computing/bluemix/containers
An application architecturedesigned to leverage the strengths and accommodate the challenges of a standardized cloud environment, including concepts such as elasticscaling, immutable deployment,disposable instances, and less predictable infrastructure.
Cloud Native
developer.ibm.com/cloud-native
An engineering approach focused on decomposing an application into single-function modules with well defined interfaces which are independently deployed and operated by small teams who own the entire lifecycle of the service.
Microservices accelerate delivery by minimizing communication and coordination between people while reducing the scope and risk of change.
Microservices
developer.ibm.com/tv/microservices
Before starting any microservices project…
3 Things…
• Understand the Business
• Understand the Culture
• Understand the Technology
12
Understand the BusinessNew ecosystems are emerging, as Digital disruption is driving the evolution and creation of new business models!
Source: The Battle Is For The Customer Interface, Tom Goodwin, Havas Media
World’s largest transportationcompany…
owns no vehicles
World’s biggest media company…
creates no content
World’s most valuableretailer…
has no inventory
World’s largest accommodation provider…
owns no real estate
World’s largest video conference company…
has no telcoinfrastructure
Business Owners
Design Leads Developers Operations Architects
Service A
Service B
Service C
Understand the CultureConway’s Law – Don’t build your new teams like your old systems!
Business Owners
Design Leads Developers Operations Architects
Service A
Service B
Service C
Understand the CultureConway’s Law – Don’t build your new teams like your old systems!
Source: http://tech.gilt.com/2014/11/14/making-architecture-work-in-microservice
Monolith Macroservices Microservices Microservices at scale
• Luxury brands at members-only prices• Flash sales daily at Noon ET
• Top 50 Internet Retailer• 150 Engineers
2007 2009 2011 2014
Understand the Technology- A microservices case study
3/28/17
The Microservices Spine
16Monitor
Resilience
Secure
Run
Deliver
Build
Provision
3/28/17
The Microservices Spine
17Monitor
Resilience
Secure
Run
Deliver
Build
Provision
For more information on the Microservices Spine in detail,
visit the IBM Cloud Garage Method site
at https://www.ibm.com/devops/method
OpenWhiskMaximum speed with
serviceless apps
ContainersMaximum portability
Virtual Server or VMware
Leverage existing languages and tools
DEVELOPMENT SPEEDPORTABILITYPERFORMANCE & CONTROL
Bare MetalMaximum
performance and control
Cloud FoundryOpen PaaS environment
Modern Compute Options
19 3/28/17
Question Time
20 3/28/17
Question Time
“If it works, it’s not stupid!”
Agree or Disagree?
OpenWhiskMaximum speed with
serviceless apps
Virtual Server or VMware
Leverage existing languages and tools
DEVELOPMENT SPEEDPORTABILITYPERFORMANCE & CONTROL
Bare MetalMaximum
performance and control
Cloud FoundryOpen PaaS environment
Modern Compute Options
ContainersMaximum portability
More Microservices Resources…
microservicesTVdeveloper.ibm.com/tv/microservices
GameONgameontext.org
TITLEsubtitle
Bluemix Design System | IBM Confidential | ©2016 IBM Corporation 23
Containers as a ServiceIBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
24IBM
Acquire
Build
Deliver
Run
Maintain
Innovative tools improve control & usability across the container
lifecycle
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
• Fully managed hosted runtime
• Integrated logging, monitoring, load balancing, registry and auto-scaling
• Advanced security features• Built using Docker
technology
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
Acquire
• DockerHub provides 100k+ images• Enterprises will need to host private
repositories for security• Secure repository in proximity to the
runtime environment• Content
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
Build• Integrated build process • Configure custom stacks to
perform specific tasks• Automation can help speed
the building process• Adhere to corporate
standards• Build from approved base
images
27
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
Deliver• Automation can help speed delivery of
images and containers
• Processes to manage vulnerabilities is critical
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
“Over 30% of Official Images in DockerHub Contain High Priority
Security Vulnerabilities”Banyan Ops reportSource: http://bit.ly/2eknhJs
“80% of attacks leverage known vulnerabilities and configuration
management setting weaknesses”US State Department report
Source: http://bit.ly/2esbkke
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the
service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal
data directly from the services and users and to impersonate services and users.
Source: http://heartbleed.com
The consequences of an attacker successfully exploiting this
vulnerability on a Web server are serious in nature. For example
attackers may have the ability to dump password files or download malware
on to infected computers. Once inside the victim’s firewall, the attackers could then compromise and infect other computers on the network.
Source: http://symc.ly/2e1blNM
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
Vulnerabi l i ty Advisor
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
July 2015Policy Violations
Vulnerable Packages
Vulnerabi l i ty Advisor
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
November 2015Best Practice Improvements
October 2016Security Misconfigurations
Vulnerabi l i ty Advisor
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
November 2016Live Container Scanning
Vulnerabi l i ty Advisor
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
January 2017Integration between Vulnerability Advisor
and IBM X-Forcehttp://www-03.ibm.com/security/xforce/
Run
A complete solution providing tools for:
• Persistent storage
• Overlay networking and IP management
• Easily configure and consume services
• Scalable groups with integrated load balancing and auto-recovery
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
Maintain
• Monitoring tools
• Analytics tools
• Logging
• Container complexity
• IBM crawler technology
IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation
Container application resiliency – high availability patterns
Anticipate Failure
Leveraging container groups and container availability zones
https://new-console.ng.bluemix.net/docs/containers/container_ha.html
37 3/28/17
Notices and disclaimersCopyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.”
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and
the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actionsthe customer may need to take to comply with such laws. IBM does not
provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
38 3/28/17
Notices and disclaimers continuedInformation concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular, purpose.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services®,Global Technology Services®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli® Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
InterConnect2017
Thank you!
39 3/28/17
Chris Rosencrosen@us.ibm.com@ChrisRosen188
Rick Osowskiosowski@us.ibm.com@rosowski
Recommended