2. +94%
Of CIOs indicated that business
leaders depend on technology
teams for improved agility and
faster time to market
McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
3. 80%
of CIOs admit they havenât
attained the desired business
agility with migration*
McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
7. I want to manage costs, have
leverage for contract negotiations
I want to Invest my time in innovation
and agility not in building for the
platform
I want a consistency and reliability in
managing the platforms I have been
asked to support
I want security to be an enabler, I want
consistency in managing policies and
auditing access
Enterprises have several different requirements
Developers
Security Operators
IT Operators
Decision Makers
8. IT is forced into trade-offs
â Development wants to
use the latest tools,
languages and plugins
â Security wants verified
tools and validated
systems before putting
it into production
Security vs Agility
â Redundancy is the
way to minimize
downtime
â Redundancy means
underutilized
resources
Reliability vs Cost
â Lock-in gives you
consistency
â Lock-in keeps you from
using the best tools,
negotiating better
prices, or being as
flexible as you want
Portability vs lock-in
9. The future of applications, and the infrastructure that
they run on, is created with containerized
microservices, managed through a declarative system
with a single control experience that uses a service
mesh to spans all application locations.
9
Googleâs POV
10. â Avoid lock-in
â Avoid unnecessary
licensing costs
â Broad ecosystem of
partners
Modern Application development
Open software
â Create a software
assembly line
â Build fast feedback into
your systems
â Control deployments
CI/CD and DevOps
â Move at the speed of
your fastest developer
â Use the best tools
â Leverage small and
agile teams
Microservices
â Define goals, instead
of actions
â Less idle resources
â Manage apps instead
of servers
Orchestration
â Increase portability of
applications
â Increase security
â Increase speed
Containerization
â Decrease downtime
â Increase portability of
services
â Manage access and
testing of services
Services and API management
11. 74%
improvement in
productivity for
security tasks
increase in application
migration and
modernization
Increase in platform
operations eïŹciency
reduction in non-
coding activities
38%
75%
55%
Source: New Technology Projection: The Total Economic Impactâą Of Anthos, September 2019,
a commissioned study conducted by Forrester Consulting on behalf of Google.
*Based on the customer interview
Anthos empowers
organizations, saving
bottom-line costs,
and increasing
top-line revenue1
Up to:
return in investment
(ROI) deploying
Anthos
improvement in
time to market*
4.8x
13xNew
Anthos ROI report by Forrester
12. The benefits of Google Cloudâs Anthos
Modernize your applications on
premises, or in the cloud.
Automate policy and security for
your hybrid Kubernetes
deployments
Built on open source technology
like Kubernetes; so itâs portable,
consistent, and extensible
Modernize anywhere Put security guardrails in place
Built for portability. Avoid lock-in
Anthos provides a uniïŹed
management experience across
environments (on-prem
& cloud)
Anthos gives you one platform that
you can run anywhere
Flexible, predictable subscription
based pricing and lower TCO
Unified management
Consistent experience
Lower TCO
13. Anthos is a game changer for enterprise customers
Anthosâ multi-cloud
capabilities are so
far unique in the
industry
Forbes, April 2019
14. ConïŹg & Policy
management
Anthos Config
Management
Application Development
Cloud Run for Anthos
Service Management
Anthos Service Mesh
Container Management
Anthos GKE
Operations
Management
Stackdriver
Core Components of Anthos
15. Google Cloud Other CloudsOn-prem Edge
Anthos has many
Deployment
Options
19. Infrastructure Operator
Kubernetes Anthos GKE
Service Operator / SRE
Istio Anthos Service Mesh
Developer
Knative Cloud Run for Anthos
Build, deploy, scale using serverless
primitives
Connect, secure, manage, monitor
services
Portable container orchestration
Modernize your applications any place, any time
20. Differentiating Managed Kubernetes
OSS K8s
on your own
OSS K8s
on GCP
Expert Kubernetes users who have time to
manage and configure various settings and
deployment, and are not looking to leverage
any integrations nor take advantage of Google
SRE
Anthos GKE
Customers who donât want to worry about the
complexity of Kubernetes and want Google to
handle deployment, scaling and management
Anthos
Customers who want to have a Google tested,
Google integrated container deployment offering
across multiple environments
High
Low
Highly managed,
Low customer
effort
Unmanaged,
High customer
effort
21. Simplified
Management
Why do customers choose GKE?
OpenScale to any
work load
Optimized
workloads
Quick Up and
Running
Google remains the largest contributor to Kubernetes and is seen as the industry leader due to our
investment and launch of ongoing new features leveraging Google infrastructure
22. GKE continues to out innovate the competition
Auto
upgrades
Efficient
VMs
Service
discovery
Isolation
Managed
masters
Access
control
Scaling
Simple
UIs
23. Anthos GKE on VMWare
The following baseline choices were made*
Support native Kubernetes constructs as much as possible.
Support underlay networking (DVS and NSX-T are supported).
Separate L4 and L7 load-balancing.
Ship Envoy based L7 load-balancer out-of-the-box within the cluster as a Kubernetes service.
Integrate with existing networking devices for L4 load-balancing.
24. vSphere
Admin Cluster
Cluster creation,
upgrade, teardown
vCenter APIs
Virtual Machine
Admin Control
Plane
kubelet
GKE On-Prem Admin Workstation
gkectl
kubectl
â Automated deploy on top of vSphere
shipped as a virtual appliance
â Admin cluster provides local CRUD
operations:
Faster, higher reliability, easier to
manage from cloud
Independent failure domain
â Approach extensible to other IaaS
F5 BIG-IP LTM
User ClusterUser Cluster
Virtual Machine
Workload
Virtual Machine
kubelet
Virtual Machine
Workload
Virtual Machine
User Control Plane
Virtual Machine
kubelet
User Control Plane
kubelet
Workload
kubelet
kubelet
26. Multi-Cloud
GCP Other Cloud Provider
Multi-Cluster Use-Cases
Low-Latency Services
Alice in Arkansas Bob in Berlin
US Germany
Environment Separation
(by Team, Tenant, Dev/Stage/Prod)
Team A Team B Team C
Canary Clusters
(for upgrades)
Existing Cluster (v 1.10) Canary Cluster (v 1.11)
Data Locality
Bob from Berlin Alice from Arkansas
US Germany
Highly Available Services
Region A Region B
28. Google Cloud Console
Anthos UI
A single-pane-of-glass for your
Anthos GKE clusters, policies &
conïŹgs in many environments
29. Connecting your
cluster to Google
Infrastructure
Kubernetes
Cluster
Kubernetes
API Server
GKE Connect
Agent
GKE Connect
Service
Outbound TLS
connection
GKE UI
â Register your cluster with GCP and install
the GKE Connect Agent in your cluster
â No public IP required for your cluster
â Traverses VPNs, NATs, ïŹrewalls, and
proxies
32. Anthos Config Management
UniïŹed management for
hybrid and multi-cloud
Fine-grained guardrails for
security and governance
Modernized workïŹow for
platform and infrastructure
33. DeïŹne a hybrid Anthos environment as
data in a secure repository.
â Auditable
â Revertable
â Transactional
â Self-Healing
â Versionable
Anthos Config Management
34. Anthos Config
Management
Monitors conïŹgs for drift every
~15s using annotations
Git repo can be On-Prem or
Cloud or SaaS
Use abstract Namespaces for
conïŹg inheritance
Selectors allow scoping
objects to speciïŹc clusters
36. Require services to disable
unauthorized access
Example policy use cases
Only allow domain-restricted
Roles and RoleBindings
Require strict mTLS for all
clients/services in a namespace
Enforce speciïŹc labels for cost
accounting and chargeback
Require ïŹne-grained service
authorization controls
Require access logging to be
enabled for a cluster / mesh
37. Policy controller
Based on Open Policy Agentâs
Gatekeeper, ACM Policy Controller
provides ïŹrst-class integration between
OPA and Kubernetes via a custom
controller.
It turns Rego policies into Kubernetes
objects, allowing them to be customized
and deployed using standard workïŹows.
GKE
Policy Controller
AdmissionReview
(request)
AdmissionReview
(response)
kubectl ConïŹg Mgmt API Clients
Policy
Rule DeïŹnition
Enforcement
39. Anthos
Service Mesh
Build on Istio open-source
features & APIs
Observability & service
health is critical
Managed control plane
components in 2020
Google fully committed to
Istio and open governance
40. Infrastructure Operator
Kubernetes Anthos GKE
Service Operator / SRE
Istio Anthos Service Mesh
Modernize your applications
any place, any time
Developer
Knative Cloud Run
Build, deploy, scale using serverless
primitives
Connect, secure, manage, monitor
services
Portable container orchestration
41. Why do you need a service mesh
Without Service Mesh With Service Mesh
App Encryption library
Tracing libraryIdentity support
Circuit breaking
Ingress control
CertiïŹcate authority
Egress ïŹrewall
Access control
Pod
App
EgressIngress
Circuit breaking
Fault injection
Identity
Encryption
Observability
Ingress/Egress Controls â CertiïŹcate
Authority â Access Controls â Routing Rules
Control plane
42. Istio
An open platform for
managing service
interactions across
containers and VMs
Service Mesh
A transparent and
language independent
way to automate
network functions
Anthos Service Mesh
A managed platform that uses Istio
APIs to provide service health tools,
complex traïŹc controls, and
managed security authority
43. How does Service Mesh help?
Secure Services
Policy driven security
Secure access and
communications between
some or all services
Manage Health
Uniform observability
Examine everything
happening with your services
with little instrumentation
Connect Services
Operational agility
Manage the ïŹow of traïŹc
into, out of, and within your
complex deployments
44. Uniform observability
Application A Application B
Trace request
& response ïŹows
Consistent ïŹow
logs and metrics
Monitor customer
impacting behavior
Understand service
dependencies
Track SLOs and
error budgets
48. Service Level Objectives monitoring
Monitor customer-visible
behavior
Validate promises to our
users
Error budget lets you
balance velocity vs.
reliability
Alert only when
promises are broken or
on the path to be broken
49. Managed control plane
â Managed telemetry backends
â Managed CA
â TraïŹc Director
Out of the box service management
â Metrics, logging, tracing, SLOs
â Service security, authentication,
encryption, and authorization
â TraïŹc management: routing, load
balancing
Anthos Service Mesh
51. Infrastructure Operator
Kubernetes Anthos GKE
Service Operator / SRE
Istio Anthos Service Mesh
Modernize your applications
any place, any time
Developer
Knative Cloud Run
Build, deploy, scale using serverless
primitives
Connect, secure, manage, monitor
services
Portable container orchestration
53. 2 Questions...
1. How many of your customers build
wrappers or a platform on top of
Kubernetes?
2. How long does it take a developer to ramp
up on Kubernetes?
3 days, 3 weeks, or 3 months?
54. Why do customers want Cloud Run?
Today, developers need training to be productive with Kubernetes
Ideally, developers would have an environment that:
â Lets them be safe, rollback when needed
â Rapidly scales, without the need for capacity planning
â Has logging, monitoring / observability built in
â Makes everything repeatable, Integrates CI/CD, scales out to other teams / environment
55. Cloud Run for Anthos
Simplify application deployment and management
New capabilities for Kubernetes
Higher level view of applications
1
2
3
56. Scale to zero
New Capabilities for
applications
1
2
Simplify application
deployment and
management on Kubernetes
Kubernetes N/A
Cloud Run
Scale application to 0, when no
requests coming
Activate (0â1) on the next request
57. Kubernetes Connection-based load balancing
Cloud Run
Per-request load balancing
Traffic splitting (blue/green
deployments)
Load balancing
New Capabilities for
applications
1
2
Simplify application
deployment and
management on Kubernetes
58. Higher level view of
applications
1
2
3
New Capabilities for
applications
Simplify application
deployment and
management on Kubernetes
Revision 1
Revision 2
Revision 3
ConïŹgurationRoute
Service
60. â Modernize in place
â Migrate workloads to
cloud when ready
â Standard interface across
cloud and on prem
Portability with Consistency
Cloud run for
Anthos on Premises
61. Rich catalog of secure, vetted
solutions from leading
ecosystem partners in verticals
such as: Security, Database,
CRM
Robust seller platform with
co-sell and enterprise
procurement support
Marketplace - your one stop shop for Anthos enabled
apps
http://cloud.google.com/marketplace
62. â Launched K8s apps category, designed for Anthos
â Meets Lifecycle needs: managed upgrades, status and monitoring signals
out of the box
â Support trials and tailored pricing models
â Deploy anywhere and meet customers where they are, on-prem or in the
cloud
â Single GCP bill across deployment environments, including on-prem
â Embrace industry standard DevOps approaches
Kubernetes apps designed for Anthos
63. Move VMs directly into containers in GKE
with Migrate for Anthos
Migration service
â Low friction path for existing workloads to GKE
â Improve security and manageability without code change
â Accelerated migration, integration into modern infra
â SigniïŹcant reduction in cost, time, labor, complexity compared
with upgrading manually, as is current norm.
â Low touch migration to GKE, w/ minimal downtime
â Migrate without deep knowledge of apps moved
â Modernization paths to addâl cloud services
â Enable multiple options: image extraction/generalization,
monolith breakdown, persistent data migration to 2nd hop
managed storage/databases
64. Application workloads migration methods
Landing
Zone
Rehost
Basic lift and shift from legacy to GCP
Upgrade OS and Rebuild Apps in GCP
Discover
& Plan
Migration
Factory
Replatform
Replace
Modernize and re-architect the application
Use new COTS / SaaS instead of legacy
Refactor / Containerize
Retire
Retain
Decommission
Leave on premise
Change
Factory
60-70%
10-20% New
Migrate for
Anthos
Migrate for
Compute Engine
65. Sweet spot Linux workloads
â High performance, high memory databases (SAP HANA)
â VMs with special Kernel needs (e.g., kernel modules)
â Always-on database VMs that donât ïŹt CloudSQL
â HW-speciïŹc license constraints (e.g. per CPU)
â Web, Application Servers, Business logic
â Multi-tier Stacks - e.g. LAMP, Wordpress
â J2EE Middleware - e.g. Tomcat, COTS
â Low duty-cycle & bursty workloads
â Dev/test, training, labs
â âVM Sprawlâ management
â Density mgmt for low load services
â OS:
â RHEL / CentOS / SUSE / Ubuntu / Debian
â Old and new versions supported
Containerize
Use Migrate for Compute Engine
Use mixed deployment
66. Anthos compared to competition
â Compared to AWS Outpost, Azure stack - Complete software solution
â Compared to Redhat Openshift, VMWare PKS - Better integration with cloud managed
services
â Built on open source technologies