Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Red Hat OpenShift Enterprise
Giovanni Galloro
Cloud Solution Architect – Red Hat
ggalloro@redhat.com
Transforming Applicat...
PaaS and Linux Containers
Agenda
● Platform as a Service Capabilities
● OpenShift Enterprise Architecture
– Linux Containe...
Platform as a Service
Capabilities
PAAS CLOUD SERVICE MODEL
PAAS LETS YOU STREAMLINE APP DEV
RED HAT PAAS SOLUTION
DEVOPS / CONTINOUS DELIVERY
THROUGH PAAS
CHOOSE THE WAY YOU WORK
Developer IDE
Integrations
Web Browser
Console
Command Line
Tooling
REST APIs
RED HAT'S PAAS STRATEGY
OpenShift Enterprise
Architecture
RED HAT CONFIDENTIAL | NDA ONLY11
CREATING DEFACTO STANDARDS
REGISTRY /
CONTAINER
DISCOVERY
CONTAINER FORMAT
WITH DOCKER
I...
WHAT ARE LINUX CONTAINERS?
Software packaging concept that typically includes an application and
all of its runtime depend...
13
Traditional OS Containers
TRADITIONAL OS VS. CONTAINERS
HARDWARE
HOST OS
HARDWARE
HOST OS
CONTAINER
LIBS
APP A
LIBS A L...
WHAT DOCKER PROVIDES
● Multi-version packaging format
and isolation
● Simplified container API
(Docker libcontainer)
● Eas...
THE CHALLENGE
DOCKER IS A SHIPPING CONTAINER
FOR CODE
LINUX DOCKER CONTAINER
LAYERING
● New images can be created by
adding layers
● Layering model allows for
specialization
● ...
CONTAINERS DELIVER MANY
BENEFITS
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in...
KUBERNETES FOR CONTAINER
ORCHESTRATION
● Container orchestration at
scale
● Wiring of multi-container,
multi-host applicat...
RED HAT ENTERPRISE LINUX ATOMIC
HOST
IT IS RED HAT ENTERPRISE
LINUX
OPTIMIZED FOR CONTAINERS
Minimized host
environment
tu...
OPENSHIFT ARCHITECTURE
OPENSHIFT RUNS ON YOUR CHOICE OF
INFRASTRUCTURE
NODES ARE INSTANCES OF RHEL WHERE
APPS WILL RUN
APP SERVICES RUN IN DOCKER CONTAINERS
ON EACH NODE
PODS RUNS ONE OR MORE DOCKER
CONTAINERS AS A UNIT
MASTERS LEVERAGE KUBERNETES TO
ORCHESTRATE NODES / APPS
MASTER PROVIDES AUTHENTICATED API FOR
USERS & CLIENTS
MASTER USES ETCD KEY-VALUE DATA STORE
FOR PERSISTENCE
MASTER PROVIDES SCHEDULER FOR POD
PLACEMENT ON NODES
SERVICES ALLOW RELATED PODS TO
CONNECT TO EACH OTHER
MANAGEMENT/REPLICATION CONTROLLER
MANAGES THE POD LIFECYCLE
WHAT IF A POD GOES DOWN?
OPENSHIFT AUTOMATICALLY RECOVERS AND
DEPLOYS A NEW POD
PODS CAN ATTACH TO SHARED STORAGE FOR
STATEFUL SERVICES
ROUTING LAYER ROUTES EXTERNAL APP
REQUESTS TO PODS
DEVELOPERS ACCESS OPENSHIFT VIA WEB,
CLI OR IDE
MASSIVE SUPPORTED ECOSYSTEM
OPENSHIFT APPLICATION SERVICES
● From Red Hat
● From ISV Partners
● From the Community
BUILD PROCESS
BUILD PROCESS
BUILD PROCESS
BUILD PROCESS
BUILD PROCESS
BUILD PROCESS
BUILD PROCESS
FROM DOCKER IMAGE TO RUNNING APP
PERSISTENT STORAGE
OpenShift Adoption
OPENSHIFT ENTERPRISE ADOPTION
"Once we actually looked at and had all of
the conversations with all the various
people, there was really only one choice...
Containers Adoption
Challenges
TOP CURRENT CONTAINER
CHALLENGES
Training and Education (lack of skills)
Consistency (lack of standards)
Scalability
Lack ...
● Who built this image?
● What’s its purpose?
Was it created to
support a demo?
● Is it safe to consume?
● Who maintains i...
RED HAT CONFIDENTIAL | NDA ONLY57
WHAT'S INSIDE THE CONTAINER
MATTERS
36% of official images in Docker Hub contain high pr...
Red Hat Strategy for
Containers Adoption
RED HAT CONFIDENTIAL | NDA ONLY59
RED HAT CONTAINER CERTIFICATION
UNTRUSTED
● Will what’s inside the containers
compromise...
SIMPLIFYING CONTAINER ADOPTION
FOR PARTNERS
RED HAT CONFIDENTIAL | NDA ONLY65
TRUSTED
CONTAINER
CONTENT
PROVEN
CONTAINER
PORTABILITY
INTEGRATED
APPLICATION
DELIVERY
C...
INSERT DESIGNATOR, IF NEEDED 66
THANK YOU
Nächste SlideShare
Wird geladen in …5
×

Transforming Application Delivery with PaaS and Linux Containers

How Platform as a Service and Linux Containers Orchestration can improve Application Agility.

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

Transforming Application Delivery with PaaS and Linux Containers

  1. 1. Red Hat OpenShift Enterprise Giovanni Galloro Cloud Solution Architect – Red Hat ggalloro@redhat.com Transforming Application Delivery with PaaS and Linux Containers
  2. 2. PaaS and Linux Containers Agenda ● Platform as a Service Capabilities ● OpenShift Enterprise Architecture – Linux Containers – Docker – Kubernetes – RHEL Atomic Host ● OpenShift Application Deployment Flow ● OpenShift Adoption ● Containers Adoption Challenges and Red Hat Strategy
  3. 3. Platform as a Service Capabilities
  4. 4. PAAS CLOUD SERVICE MODEL
  5. 5. PAAS LETS YOU STREAMLINE APP DEV
  6. 6. RED HAT PAAS SOLUTION
  7. 7. DEVOPS / CONTINOUS DELIVERY THROUGH PAAS
  8. 8. CHOOSE THE WAY YOU WORK Developer IDE Integrations Web Browser Console Command Line Tooling REST APIs
  9. 9. RED HAT'S PAAS STRATEGY
  10. 10. OpenShift Enterprise Architecture
  11. 11. RED HAT CONFIDENTIAL | NDA ONLY11 CREATING DEFACTO STANDARDS REGISTRY / CONTAINER DISCOVERY CONTAINER FORMAT WITH DOCKER ISOLATION WITH LINUX CONTAINERS ORCHESTRATION WITH KUBERNETES Red Hat works with the open source community to drive standards for containerization.
  12. 12. WHAT ARE LINUX CONTAINERS? Software packaging concept that typically includes an application and all of its runtime dependencies. ● Easy to deploy and portable across host systems ● Isolates applications on a host operating system ● In RHEL, this is done through: – Control Groups (cgroups) – kernel namespaces – SELinux, sVirt – Docker HOST OS SERVER CONTAINER LIBS APP
  13. 13. 13 Traditional OS Containers TRADITIONAL OS VS. CONTAINERS HARDWARE HOST OS HARDWARE HOST OS CONTAINER LIBS APP A LIBS A LIBS B LIBS LIBS APP A APP B CONTAINER LIBS APP B
  14. 14. WHAT DOCKER PROVIDES ● Multi-version packaging format and isolation ● Simplified container API (Docker libcontainer) ● Easy to create (Dockerfile) ● Atomic deployment (Docker images) ● Large ecosystem (Docker Hub)
  15. 15. THE CHALLENGE
  16. 16. DOCKER IS A SHIPPING CONTAINER FOR CODE
  17. 17. LINUX DOCKER CONTAINER LAYERING ● New images can be created by adding layers ● Layering model allows for specialization ● Base image and select number of platform layers provided by Red Hat ● ISV images form the base of the RHEL ecosystem ● Stack optimized for individual application with minimal packaging per layer
  18. 18. CONTAINERS DELIVER MANY BENEFITS Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015 Faster provisioning Greater deployment flexibility Ability to deliver/deploy applications faster Greater application mobility/portability 69% 70% 72% 73% How important are the following benefits of containers to your organization? Critically or Very Important 73% 72% 70% 69%
  19. 19. KUBERNETES FOR CONTAINER ORCHESTRATION ● Container orchestration at scale ● Wiring of multi-container, multi-host application topologies ● Scheduling / placement ● Manage container health
  20. 20. RED HAT ENTERPRISE LINUX ATOMIC HOST IT IS RED HAT ENTERPRISE LINUX OPTIMIZED FOR CONTAINERS Minimized host environment tuned for running Linux containers while maintaining compatibility with Red Hat Enterprise Linux. Inherits the complete hardware ecosystem, military-grade security, stability and reliability for which Red Hat Enterprise Linux is known. MINIMIZED FOOTPRINT SIMPLIFIED MAINTENANCE ORCHESTRATION AT SCALE Atomic updating and rollback means it’s easy to deploy, update, and rollback using imaged-based technology. Build composite applications by orchestrating multiple containers as microservices on a single host instance.
  21. 21. OPENSHIFT ARCHITECTURE
  22. 22. OPENSHIFT RUNS ON YOUR CHOICE OF INFRASTRUCTURE
  23. 23. NODES ARE INSTANCES OF RHEL WHERE APPS WILL RUN
  24. 24. APP SERVICES RUN IN DOCKER CONTAINERS ON EACH NODE
  25. 25. PODS RUNS ONE OR MORE DOCKER CONTAINERS AS A UNIT
  26. 26. MASTERS LEVERAGE KUBERNETES TO ORCHESTRATE NODES / APPS
  27. 27. MASTER PROVIDES AUTHENTICATED API FOR USERS & CLIENTS
  28. 28. MASTER USES ETCD KEY-VALUE DATA STORE FOR PERSISTENCE
  29. 29. MASTER PROVIDES SCHEDULER FOR POD PLACEMENT ON NODES
  30. 30. SERVICES ALLOW RELATED PODS TO CONNECT TO EACH OTHER
  31. 31. MANAGEMENT/REPLICATION CONTROLLER MANAGES THE POD LIFECYCLE
  32. 32. WHAT IF A POD GOES DOWN?
  33. 33. OPENSHIFT AUTOMATICALLY RECOVERS AND DEPLOYS A NEW POD
  34. 34. PODS CAN ATTACH TO SHARED STORAGE FOR STATEFUL SERVICES
  35. 35. ROUTING LAYER ROUTES EXTERNAL APP REQUESTS TO PODS
  36. 36. DEVELOPERS ACCESS OPENSHIFT VIA WEB, CLI OR IDE
  37. 37. MASSIVE SUPPORTED ECOSYSTEM
  38. 38. OPENSHIFT APPLICATION SERVICES ● From Red Hat ● From ISV Partners ● From the Community
  39. 39. BUILD PROCESS
  40. 40. BUILD PROCESS
  41. 41. BUILD PROCESS
  42. 42. BUILD PROCESS
  43. 43. BUILD PROCESS
  44. 44. BUILD PROCESS
  45. 45. BUILD PROCESS
  46. 46. FROM DOCKER IMAGE TO RUNNING APP
  47. 47. PERSISTENT STORAGE
  48. 48. OpenShift Adoption
  49. 49. OPENSHIFT ENTERPRISE ADOPTION
  50. 50. "Once we actually looked at and had all of the conversations with all the various people, there was really only one choice and that was OpenShift". The only people that actually understood what it was that we were talking about was the Red Hat guys. The Cloud Foundry guys were good about talking about deploying Spring-based frameworks and, you know, that sort of stuff, but once we ran the PoCs and had deeper conversations, there was really only one choice." Tony McGivern - CIO OPENSHIFT ADOPTION @ LEADING ISV IN FINANCIAL SERVICES has built and Analytic cloud based platform on Openshift 70% Reduction in Apps Development time 60% Reduction in Maintenance Costs (simpler, faster and easier) 90% reduction in Time to Deploy models 6 Months running live in Production 5% - 40% increased decision accuracy http://gartner.mediasite.com/Mediasite/Play/4c29e2287c7949cea4b4f8d0367410b01d?sc_cid= 70160000000eGEFAA2&elq=997abd3fad6a49d4ae23e1c7136994bb
  51. 51. Containers Adoption Challenges
  52. 52. TOP CURRENT CONTAINER CHALLENGES Training and Education (lack of skills) Consistency (lack of standards) Scalability Lack of certification or digital structure Management Integration with existing development tools and processes Variable performance Security 29% 31% 32% 35% 35% 41% 44% 53% What are the top three challenges your organization has experienced so far in its use of containers? Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
  53. 53. ● Who built this image? ● What’s its purpose? Was it created to support a demo? ● Is it safe to consume? ● Who maintains it? NEED FOR A “CHAIN OF TRUST” DOCKER HUB docker search mongodb
  54. 54. RED HAT CONFIDENTIAL | NDA ONLY57 WHAT'S INSIDE THE CONTAINER MATTERS 36% of official images in Docker Hub contain high priority security vulnerabilities ● High vulnerabilities: ShellShock (bash), Heartbleed (OpenSSL), etc. ● Medium vulnerabilities: Poodle (OpenSSL), etc. ● Low vulnerabilities: gcc: array memory allocations could cause integer overflow All Images (n=962) 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 36% 28% Medium priority High priority Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)
  55. 55. Red Hat Strategy for Containers Adoption
  56. 56. RED HAT CONFIDENTIAL | NDA ONLY59 RED HAT CONTAINER CERTIFICATION UNTRUSTED ● Will what’s inside the containers compromise your infrastructure? ● How and when will apps and libraries be updated? ● Will it work from host to host? RED HAT CERTIFIED ● Trusted source for the host and the containers ● Trusted content inside the container with security fixes available as part of an enterprise lifecycle ● Portability across hosts
  57. 57. SIMPLIFYING CONTAINER ADOPTION FOR PARTNERS
  58. 58. RED HAT CONFIDENTIAL | NDA ONLY65 TRUSTED CONTAINER CONTENT PROVEN CONTAINER PORTABILITY INTEGRATED APPLICATION DELIVERY CONTAINERS FOR THE ENTERPRISE
  59. 59. INSERT DESIGNATOR, IF NEEDED 66 THANK YOU

×