Microservices - Powered by Containers-as-a-Service

InterConnect2017

Microservices: Powered by Containers-as-a-Service

Chris RosenSenior Technical Offering ManagerContainer ServicesIBM Cloud Platform

Rick OsowskiSenior Technical Staff MemberMicroservices Adoption LeaderIBM Cloud Architecture & Solution Engineering

1 3/28/17

2 3/28/17

Please noteIBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.

Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.

The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming inthe user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

Step 1. Be an EnterpriseStep 2. Do microservicesStep 3. ???Step 4. Make money

3 3/28/17

The genesis of the Enterprise Monolith…

BrowserIBM HTTP

Server DB2Database

WebSphere ND

WAR

Store UI

Catalog Service

Cart Service

Search Service

Orders Service

DB2Database

Scale, speed, & strength begot microservices…

RDBMS

AccountsService

RDBMS

Store User Interface

Recommendation Service Graph DB

Search Service

Product Details Service

Doc/NoSQL

Orders Service

Hadoop Shopping Analytics

Cached Calls

Traditional Enterprise IT

High end compute infrastructure

Assumes component availability

Mostly centralized

Consistent data

Transactional

Larger Codebases

Easy to understand dependencies

Centralized governance

Network connected

And so on…

Comparing our journey…

Microservices

Utility compute Infrastructure

Assumes component failure

Highly Distributed

Eventual consistency

Compensation flows

Smaller Codebases

Difficult to visualise

Component autonomy

Network complexity

And so forth…

Traditional Enterprise IT

High end compute infrastructure

Assumes component availability

Mostly centralized

Consistent data

Transactional

Larger Codebases

Easy to understand dependencies

Centralized governance

Network connected

And so on…

Comparing our journey…

A standard way to package an application and all its dependencies so that it can be movedbetween environments and run without change.

Containers work by hiding the differences between applications inside the container so that everything outside the container can be standardized.

Containers

ibm.com/cloud-computing/bluemix/containers

An application architecturedesigned to leverage the strengths and accommodate the challenges of a standardized cloud environment, including concepts such as elasticscaling, immutable deployment,disposable instances, and less predictable infrastructure.

Cloud Native

developer.ibm.com/cloud-native

An engineering approach focused on decomposing an application into single-function modules with well defined interfaces which are independently deployed and operated by small teams who own the entire lifecycle of the service.

Microservices accelerate delivery by minimizing communication and coordination between people while reducing the scope and risk of change.

Microservices

developer.ibm.com/tv/microservices

Before starting any microservices project…

3 Things…

• Understand the Business

• Understand the Culture

• Understand the Technology

12

Understand the BusinessNew ecosystems are emerging, as Digital disruption is driving the evolution and creation of new business models!

Source: The Battle Is For The Customer Interface, Tom Goodwin, Havas Media

World’s largest transportationcompany…

owns no vehicles

World’s biggest media company…

creates no content

World’s most valuableretailer…

has no inventory

World’s largest accommodation provider…

owns no real estate

World’s largest video conference company…

has no telcoinfrastructure

Business Owners

Design Leads Developers Operations Architects

Service A

Service B

Service C

Understand the CultureConway’s Law – Don’t build your new teams like your old systems!

Business Owners

Design Leads Developers Operations Architects

Service A

Service B

Service C

Understand the CultureConway’s Law – Don’t build your new teams like your old systems!

Source: http://tech.gilt.com/2014/11/14/making-architecture-work-in-microservice

Monolith Macroservices Microservices Microservices at scale

• Luxury brands at members-only prices• Flash sales daily at Noon ET

• Top 50 Internet Retailer• 150 Engineers

2007 2009 2011 2014

Understand the Technology- A microservices case study

3/28/17

The Microservices Spine

16Monitor

Resilience

Secure

Run

Deliver

Build

Provision

3/28/17

The Microservices Spine

17Monitor

Resilience

Secure

Run

Deliver

Build

Provision

For more information on the Microservices Spine in detail,

visit the IBM Cloud Garage Method site

at https://www.ibm.com/devops/method

OpenWhiskMaximum speed with

serviceless apps

ContainersMaximum portability

Virtual Server or VMware

Leverage existing languages and tools

DEVELOPMENT SPEEDPORTABILITYPERFORMANCE & CONTROL

Bare MetalMaximum

performance and control

Cloud FoundryOpen PaaS environment

Modern Compute Options

19 3/28/17

Question Time

20 3/28/17

Question Time

“If it works, it’s not stupid!”

Agree or Disagree?

OpenWhiskMaximum speed with

serviceless apps

Virtual Server or VMware

Leverage existing languages and tools

DEVELOPMENT SPEEDPORTABILITYPERFORMANCE & CONTROL

Bare MetalMaximum

performance and control

Cloud FoundryOpen PaaS environment

Modern Compute Options

ContainersMaximum portability

More Microservices Resources…

microservicesTVdeveloper.ibm.com/tv/microservices

GameONgameontext.org

TITLEsubtitle

Bluemix Design System | IBM Confidential | ©2016 IBM Corporation 23

Containers as a ServiceIBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation

24IBM

Acquire

Build

Deliver

Run

Maintain

Innovative tools improve control & usability across the container

lifecycle

IBM Bluemix Container Service | IBM Confidential | ©2017 IBM Corporation

• Fully managed hosted runtime

• Integrated logging, monitoring, load balancing, registry and auto-scaling

• Advanced security features• Built using Docker

technology


Acquire

• DockerHub provides 100k+ images• Enterprises will need to host private

repositories for security• Secure repository in proximity to the

runtime environment• Content


Build• Integrated build process • Configure custom stacks to

perform specific tasks• Automation can help speed

the building process• Adhere to corporate

standards• Build from approved base

images

27


Deliver• Automation can help speed delivery of

images and containers

• Processes to manage vulnerabilities is critical


“Over 30% of Official Images in DockerHub Contain High Priority

Security Vulnerabilities”Banyan Ops reportSource: http://bit.ly/2eknhJs

“80% of attacks leverage known vulnerabilities and configuration

management setting weaknesses”US State Department report

Source: http://bit.ly/2esbkke

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the

service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal

data directly from the services and users and to impersonate services and users.

Source: http://heartbleed.com

The consequences of an attacker successfully exploiting this

vulnerability on a Web server are serious in nature. For example

attackers may have the ability to dump password files or download malware

on to infected computers. Once inside the victim’s firewall, the attackers could then compromise and infect other computers on the network.

Source: http://symc.ly/2e1blNM


Vulnerabi l i ty Advisor


July 2015Policy Violations

Vulnerable Packages



November 2015Best Practice Improvements

October 2016Security Misconfigurations



November 2016Live Container Scanning



January 2017Integration between Vulnerability Advisor

and IBM X-Forcehttp://www-03.ibm.com/security/xforce/

Run

A complete solution providing tools for:

• Persistent storage

• Overlay networking and IP management

• Easily configure and consume services

• Scalable groups with integrated load balancing and auto-recovery


Maintain

• Monitoring tools

• Analytics tools

• Logging

• Container complexity

• IBM crawler technology


Container application resiliency – high availability patterns

Anticipate Failure

Leveraging container groups and container availability zones

https://new-console.ng.bluemix.net/docs/containers/container_ha.html

37 3/28/17

Notices and disclaimersCopyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.

U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.

Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.

IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.”

Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.

Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and

the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.

References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.

Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.

It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actionsthe customer may need to take to comply with such laws. IBM does not

provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.

38 3/28/17

Notices and disclaimers continuedInformation concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular, purpose.

The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.

IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services®,Global Technology Services®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli® Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

InterConnect2017

Thank you!

39 3/28/17

Chris [email protected]@ChrisRosen188

Rick [email protected]@rosowski