Joint Workshop:Hybrid open multi-cloud is the new normal.

Nigel WatsonHead of Cloud Technology Partners, Google Asia Pacific and Japan

Vish PhaneendraTechnical Director, Platform Architecture, Pivotal South Asia

Michael LeawOpen Source Solutions Architect, Southeast Asia & Korea, VMWare

Hybrid is the new normal

Kārlis Dambrāns via Wikimedia Commons

Modernization strategies

Public

On-Prem

Classic Apps and Operations Cloud-Native Apps and Operations

Lift and ShiftReduced costSelf serviceElasticity Service Mesh

True hybrid deploymentService by service transformation

ContainerizationIncreased developer productivityPortability

Platform Consistency

Infrastructure consistency and abstraction across GCP, on-premises, and other cloud platforms

Service Provisioning and Discovery

Easy programmatic access to cloud services through a service catalog

Service Management

Control, monitor, and secure communication for microservices and external services

Enabling Service Mesh architectures

Service Management

Enabling Service Mesh Architectures

Kubernetes

Open platform for running containers, portable apps that run across environments

Run Open Services

Simple, elegant way to deliver and consume services across environments

Managed by policy

Connect, manage, and secure services across environments

Istio

Platform Consistency Service Provisioning and Discovery

Confidential & Proprietary

K8s provides a container-centric infrastructure

“first Google cage ... filled with ~30 PCs on shelves”1

Google’s decentralized cluster architecture is based on Containers: Light, VM-like, immutable process isolations. Borg, a declarative cluster resource allocation system runs them

Kubernetes and GKE inspired by Borg, it “controls through choreography—achieving a desired emergent behavior by combining the effects of separate, autonomous entities that collaborate”2

1) Urs Hölzle, https://plus.google.com/+UrsH%C3%B6lzle/posts/UseinB6wvmh2) Borg, Omega, and Kubernetes, ACM Queue 2016

Service provisioning and discovery

Management services

Analytics

Dev management

Security analytics

Monolithic systemson premise

Centralized governance of all API services

Kubernetes IntegrationAll Apigee services are Kubernetes services

Apigee

● Integrating legacy applications

● Recompose monolithic applications as services

● Build a service layer in front of existing systems to increase IT velocity

● Import legacy systems into modern, container-based architectures as services

1. Create a service broker

2. Browse service catalog

3. Create service instance; choose your plan size

4. Bind the service to your app

5. Unbind the service when you’re done

6. Delete the serviceBigQuery

CloudPub/Sub

CloudBigtable

CloudSQL

CloudSpanner

CloudStorage

Service provisioning and discovery

What is open service broker?

Service management

Istio Service Mesh

Securing service traffic

Service Discovery

Failure Recovery

Metrics / Monitoring

Uniform observability

Load Balancing

End to end authentication

Rate Limiting

Operational agility

A/B testing

Canary releases

Access Control

Embedded OS(Windows & Linux)

CPI

v1

v2

v3...

CVEsProduct Updates

vSphereAzure &

Azure StackGoogle CloudAWSOpenstack

PivotalNetwork

“3Rs”

Concourse

Repair — CVEs

Repave Rotate — Credhub

● Packaging with embedded OS

● Server provisioning on any IaaS

● Software deployment across clusters

● Service & server state monitoring

● Self-healing w/ Resurrector

● Rolling upgrades via canaries

● Dynamic scaling up or down

BOSH - What?

BOSH:Open Source tool.

The nucleus of Pivotal Cloud Foundry stack.

Tasks:1)Release engineering, 2)Deployment3)Lifecycle management 4)Monitoring of distributed systems.”

BOSH - Why?

● Provision services, not machines

● Enables continuous delivery

● Cloud-agnostic

● Holistic Toolchain to “rule them all"

● Clear visibility into config management

BOSH - Five S’ of Value

SavingsSecurity

ScalabilitySafetySpeed

Provides an automated way to easily create software releases to update

complex deployed systems with simple commands

Able to adapt from a single service, single vm, single IaaS to multiple

services, 1000s of vms, and multiple IaaS’

Utilizes HTTPS by default, provides accountability with audit trails, user

accounts, and protected vm/job credential management

Controlling software releases, Operating System images, persistent data, and system

configuration with a single pane of view reduces demand on IT Operational costs

Centralized server allows users to see and track changes made to the deployed system. Test driven deployments through

canaries, any update error causes the deployment to stop

BOSH - Component Architecture

Director

Postgres DB

NATS

CLI

Health Monitor

Blob Store

Agent

Agent

Agent

Agent

IaaS API

Cloud Provider Interface

IaaS

BOSH provides the means to go from deployment configuration to VM creation and management. It includes interfaces for Azure, vSphere, AWS, GCP, and OpenStack. Additional CPI can be written for alternative IaaS providers.

Registry

BOSH - Cloud Agnostic

Cloud Provider Interface (CPI)

API that the Director uses to interact with an IaaS to create and manage stemcells, VMs, and disks. A CPI abstracts infrastructure differences from the rest of BOSH.

Stemcell `create_stemcell` `delete_stemcell`

VM `create_vm` `delete_vm` `reboot_vm` `set_vm_metadata` `configure_networks`

Disk `create_disk` `delete_disk` `attach_disk` `detach_disk` `has_disk` `get_disk`

Snapshots `snapshot_disk` `delete_snapshot` `current_vm_id`

Multi - Cloud

BOSH - Process High Availability

Director

NATSAgent

Agent

IaaS

Proc-1

Proc-1

Restart! Health Monitor

Alert Sent!

BOSH - VM High AvailabilityManifest - Desired State

Director

NATS

Agent

Proc-1

Agent

IaaS

Proc-1

Health Monitor Agent

Proc-1

Alert Sent!

Agent

Agent

Proc-1

Proc-1

IaaS API

Cloud Provider Interface

Embedded OS(Windows & Linux)

CPI

v1

v2

v3...

CVEsProduct Updates

vSphereAzure &

Azure StackGoogle CloudAWSOpenstack

PivotalNetwork

“3Rs”

Concourse

Pivotal ServicesMarketplace

Pivotal and Partner Products

Public Cloud Services

Customer Managed Services

Repair — CVEs

Repave Rotate — Credhub

Java | .NET Spring | NodeJS

Pivotal Application Service (PAS)

>cf push

Pivotal Function

Service (PFS)

Functions

>riff create

Elastic | SparkPackaged Software

Pivotal Container Service (PKS)

>kubectl run

Github

Concourse

Continuousdelivery

Legacy Systems

Istio - service management & monitoring

Pivotal multi-cloud service mesh platform

VMware Pivotal Container Service (PKS)

A turnkey solution to provision, operate and manage enterprise grade Kubernetes clusters

+

+

Fully supported, globally available Kubernetes

distribution

Latest Stable version of Kubernetes

Deep integration with NSX-T

for networking and security

Runs on vSphere, GCP, AWS.

PKS Product Overview

▪ Kubernetes-based container service with:

▪ advanced networking, an enterprise container registry, and full lifecycle management.

▪ Simplifies deployment and operation of Kubernetes clusters for enterprises and service providers

▪ Jointly developed, marketed, sold and supported by VMware and Pivotal

Who is PKS built for?

IT Operator

– PRE (Platform Reliability Engineering)

– Deploy, Scale, Operate Platform

– Innovation of Business Capability as Cloud native Apps

– Develop, Deploy, Scale, Monitor Apps

– Physical Infrastructure is Operated

– Network & Security Control Policy is defined

• Platform Reliability Engineers– Platform is Reliable– Capacity Is planned for

– Platform is Secured & Controlled– Platform is Auditable– Application Dev/Ops owners are Agile

• Application Dev/Ops owner– Automate Everything

– Agile

Cloud Native Applications at scale can & should be kept running by a 2 Pizza Team approach (DevOps in Action)

ApplicationDev/Ops Owner

Platform Reliability Engineer

22

IaaS

Node

NodeKubernetes

Cluster Services

API

Cluster3

NSX-T

vSphere

PKS includes:

• PKS Control Plane, CFCR• NSX-T, Harbor, GCP Broker• BOSH Release for Kubernetes• Configures Day 1 of

- CFCR- vSphere- NSX Integration- Harbor

• Manages Day 2 of Kubernetes Clusters

- Auto Healing- Scaling- Patch & Upgrade- Upgrades- Control/Audit OPS Events

Kubo CFCR

Kubernetes(As a Bosh Release)

BOSH(Deploys/Manages VMs)

CPI

CNI

HarborPrivate Container

Registry

PKS “How it Works”

Node

Node

Node

Kubernetes Cluster Services

API

Node

Node

Node

Kubernetes Cluster Services

API

Node

Cluster1

Cluster2

Service Brokers

API

#pks create-cluster Cluster1#pks create-cluster Cluster2#pks create-cluster Cluster3

PKS Control Plane

VM

VM

VM

VM

VM

VM

VM

VM

VM

Node

NodeKubernetes

Cluster Services

API

Cluster3

Node

Node

Node

VM

VM

VM

VM

VM

23

PRE

Infrastructure

Compute Network Monitoring

Security Storage

Architecting with Application Requirements

Kubernetes Cluster

vSphere NSX Wavefront

NSX Datastores

PRE RoleFocus on mapping

Kubernetes constructs to a given infrastructure

Load Balancer

Storage Requirements

Availability Zone

Security Policy

Application Metrics

ELK Spark Nth App

K8s API

App Dev architects apps with native Kubernetes

constructs

the SDDC with

AppDev

24

PKS – Control Plane Authentication

InfrastructureStorageCompute Networking

Cluster Mgmt.

NameSpace1

vSphere Google Cloud Platform

Hybrid

NameSpace2

NameSpace3 NameSpace4

Operator admin

DevTeam1Namespace1

Platform Lifecycle Management

K8s Cluster1

K8s Cluster2

DevTeam3K8s Cluster2

Problem• Organizations will demand varying

level of isolation

Solution• Clusters as a unit of tenancy

• Namespaces as a unit of tenancy

How• Provide a simple way to deploy,

operate and maintain multiple clusters

• RBAC for clusters and namespaces

Developer2Namespace2

NameSpace(s)

Cluster Mgmt

K8s Cluster3

DevTeam4K8s Cluster3

NameSpace(s)

Cluster Mgmt

Flexible Multi-tenancy

Multi-AZ Support

Kubectl

NSX Load Balancer

Support of Multi-AZs

■ Distribute clusters and nodes across AZs

■ Dedicate AZs based on tenant requirements

High availability of workloads– Addresses AZ outages for the

worker nodes

Availability Zone = vSphere Cluster or vSphere Resource Pool

Virtual Server

Virtual Server

my_dev-store.acme.com/checkout

my_stage-store.acme.com/payment

AZ3

Worker Node

Worker Node

AZ2

Worker Node

Worker Node

AZ1

Worker Node

Master Node

Virtual Server

Multi-Master with Multi-AZ

Kubectl

NSX Load Balancer

Support of Multi-AZs

■ Distribute clusters and nodes across AZs

■ Dedicate AZs based on tenant requirements

■ Scalability of K8s cluster management plane with load distribution across masters

High availability of K8s cluster management and data plane

– Addresses AZ outages for both worker nodes and master nodes

– Master Node Outages– Dedicated Load Balancer with High

Availability– Health check monitor for K8s

Master NodesAvailability Zone = vSphere Cluster or vSphere Resource PoolDedicated Load Balancer per cluster

Virtual Server

Virtual Server

my_dev-store.acme.com/checkout

my_stage-store.acme.com/payment

AZ1

Worker Node

Master Node

Virtual Server

AZ2

Worker Node

Master Node

AZ3

Worker Node

Master Node

ODB Broker

PKS API

PKS - Open Service Broker API

Summary

Get started with Google Cloud: https://cloud.google.com/free/cloud.google.com/migrate

Velostrata: velostrata.com/google

CloudEndure: info.cloudendure.com/2017-Google-Migration.html

VMWare VRealise Orchestrator Announcement - tinyurl.com/vro-gcp

Pivotal

VMWare

Google Cloud

https://pivotal.io/platform

https://www.vmware.com/sg/try-vmware/pivotal-container-18-hol-labs.html

Summary