This document provides an overview of the technical architecture for a cloud platform. It discusses various components including source control, continuous integration/build services, artifact storage, deployment services, infrastructure as code, orchestration, configuration/vaults, logging, monitoring, service discovery, load balancing, and platform services. For each component, it outlines relevant features, example solutions, and standards. The overall goal is to provide guidance on architecting a cloud platform that can build, deploy, host, run, and monitor application services.
2. Hello!
I am DAVE
I have lots of letters after my name and many years
of experience in getting stuff done.
You can find me at @d_bones
3. Architecture
I like how Simon Brown describes this:
Vision
The process of architecting making
(significant) design decisions etc.
Structure
The definition of something in terms of its
components and interactions.
7. Development pipeline
Simple overview of a build to deployment pipeline. Note that when deployment a compiled artifact,
you may deploy this to a number of environments (test, prod, etc).
9. Overview
Check out my slides on Principals, as this will play into any decision making.
This contains an overview of components to
◇ Build
◇ Deploy
◇ Host / Run
◇ Monitor
a set of application services.
12. Source Control
Centralised location to store your code, with support for master and feature branch development.
Features
◇ Webhook support
◇ 3rd party integrations
◇ Code Collaboration
◇ Code Review
◇ Branches
◇ Revision History
◇ Secure (2FA?, encryption etc)
◇ Workflow support
Solutions
◇ Bitbucket
◇ Github
◇ VSTS
◇ GitLab
◇ ...
https://www.git-tower.com/blog/git-hosting-services-compared/
Standards
◇ Git
◇ Mercurial (HG)
◇ Subversion (SVN)
13. Build Service
Continuous Integration is key to automate the creation of a build artifact. This artifact will be deployed
onto an artifact server such as Docker Hub, NPM etc.
Features
◇ Webhook support
◇ 3rd party integrations
◇ OS Support
◇ Stack support
◇ Source Control Branch Support
◇ Build pipelines
◇ Configuration with code
◇ Clean isolated agent
◇ Parallel test running
◇ Build History / Reports
◇ Run locally
◇ Secure
◇ Workflow support
Solutions
◇ Bamboo
◇ Jenkins
◇ VSTS Build
◇ Travis CI
◇ AppVeyor
◇ Circle Ci
◇ Drone IO
◇ Shippable
◇ Wercker CI
◇ TeamCity
◇ ...
Standards (during build)
◇ Not really, at a pinch
◇ YAML
◇ Docker
Component Standards
◇ NPM
◇ Bower
◇ Docker
◇ Maven
◇ Nuget
◇ Gems
◇ ...
14. Artifact Store
Stores the compiled artifact, which has been tested to a degree. Ready to be consumed directly by the
developer / build server (library component) or deployed via the deployment service (application,
middleware)
Features
◇ Webhook support
◇ 3rd party integrations
◇ Secure (encryption)
◇ Fast network
◇ Store multiple version
Solutions
◇ Docker Hub
◇ Quay IO
◇ Nuget
◇ MyGet
◇ NPM
◇ Artifactory
◇ BitBucket (Releases)
◇ GitHub (Releases)
◇ ...
Standards
◇ NPM
◇ Bower
◇ Docker
◇ Maven
◇ Nuget
◇ Gems
◇ Zip / Tar
◇ ...
15. Deploy Service
Automate deploying an artifact to an environment. (This is different to a CI server responsibility)
In some cases you may need to automate the creation of a temporary environment (e2e testing)
Features
◇ Webhook support
◇ 3rd party integrations
◇ OS Support
◇ Automated deployments
◇ Multiple environment support
◇ Environment definitions
◇ Environment overview
◇ Environment configuration
◇ Approval Workflow support
◇ Scripting
◇ Secure
Solutions
◇ Bamboo
◇ Jenkins
◇ VSTS Release
◇ Shippable
◇ BuildMaster
◇ Octopus Deploy
◇ …
Standards
◇ WebDeploy
◇ Docker
17. IaaS (PaaS*)
Creating networks and servers on demand to host your services, with availability and scale sets.
Use of particular platform services (remember platform vendor lock in.).
Note you can span your platform across more than one IaaS, uses the best parts from any provider.
Features
◇ API & Webhook support
◇ 3rd party integrations
◇ OS Support
◇ Bare Metal / Virtual Machines
◇ Networking
◇ Firewalls
◇ VPN
◇ Hardware SSD / RAM / CPU’s
◇ Availability / Scale sets
◇ Multiple Data Centers
◇ Secure
Solutions
◇ Azure
◇ AWS
◇ RackSpace
◇ Digital Ocean
◇ Google Cloud Engine
◇ …
Interesting solution:
operations-management-suite
Standards
◇ None?
18. IaaS (Provision Scripts)
Infrastructure as Code.
Provision the Network and Servers, with correctly configured Availability and Scale sets. Note that the
servers will be provisioned with the Orchestrators Agents installed onto them.
Features
◇ Create Servers
◇ Create Networks
Solutions
◇ Terraform
◇ Ansible
◇ Azure Resource Manager
◇ ...
Standards
◇ None?
19. Orchestrator
Coordinates deployment and continuous running of services on the platform (servers). This is basically
the hosting platform.
Note that these solutions will be used to deliver other parts of the platform components.
Features
◇ API & Webhook support
◇ 3rd party integrations
◇ OS Support
◇ SDN - Cross host networking
◇ Multiple environments
◇ High Availability
■ Auto Healing
■ Health Monitoring
◇ Rolling upgrades
◇ Fast startup and shutdown
◇ Scaling services
◇ Service placement
◇ High Density
◇ Hyper convergence (VM’s too)
Solutions - Container based
◇ Rancher
◇ Kubernetes
◇ Docker Swarm
◇ …
Solutions - alternative
◇ Service Fabric
Standards
◇ Docker
20. Configuration / Vault
A component to securely store application secrets. These can then be accessed during deployment
and during the application running.
Depending on the component used it will impact the overall solution architecture.
Features
◇ API support
◇ 3rd party integrations
◇ Securely store values
◇ Securely store encryption keys
Solutions - Value
◇ Hashi Vault
◇ Consul
Solutions - HSM Keys
◇ AWS Key Management Service
◇ Azure Key Vault
Solutions - Values @ deployment
◇ MS Release
◇ ...
Standards
◇ None?
22. Logging
Centralised logging service is key to spot and find errors which can occur for a service being hosted on
several machines, or for several service on a single machine.
Features
◇ API support
◇ 3rd party integrations
◇ Dashboard
◇ Easy Log filtering & sorting
■ By service
■ By host
■ By severity
◇ Store log entry details
◇ Automatically manage storage
◇ Live log feed
◇ Alerts
◇ Collect logs from all your
components
Solutions
◇ ELK stack
◇ LogEntries
◇ Loggly
◇ ...
Standards
◇ Log4Net
◇ Winston
23. Monitoring
Knowing that our platform is healthy and being alerted immediately when it is not.
Gain understanding and trend insight of our services.
Interestingly many components will provide partly to this, however we need a central view of our
estate, which could be spanning several data centers across several IaaS providers.
Features
◇ API support
◇ 3rd party integrations
◇ Dashboards
◇ APM
◇ End user monitoring
■ Mobile
■ Browser
◇ Infrastructure Visibility
◇ Database and Queues
monitoring
◇ Application analytics
◇ Alerts
Solutions
◇ ELK stack
◇ New Relic
◇ SysDig cloud
◇ DataDog
◇ Dynatrace
◇ Appdynamics
◇ MS Operations management
suite
◇ Prometheus
◇ Icinga 2
◇ StatusPage IO
◇ Pingdom
◇ ...
Standards
◇ Stats D
◇ HTTP
25. Service Discovery
AKA Service Registry. This component is a lookup for all hosted services and their instances.
As an orchestrator manages the deployment and running of services, they normally a service
discovery solution.
Features
◇ API support
◇ Holds the location of all active
service instance
◇ High availability
Solutions
◇ Etcd
◇ Zoo Keeper
◇ Consul
◇ DNS
◇ Message Broker
Solutions - orchestrator
◇ Rancher - DNS (changeable)
◇ Kubernetes - Env Var / DNS
◇ Docker Swarm - DNS
◇ …
Standards
◇ DNS
http://dbones.github.io/2016/01/service-discovery/
26. Load Balancing
Requests being shared across multiple instances of a service.
As an orchestrator manages the deployment and running of services, they normally include some form
of load balancer
Features
◇ API support
◇ Holds the location of all active
service instance
◇ High availability
◇ Session affinity
◇ Round robin
◇ SSL Termination
Solutions
◇ HA Proxy
◇ Nginx
◇ DNS
Solutions - orchestrator
◇ Rancher - HA Proxy / DNS /
custom
◇ Kubernetes - Kube-Proxy
/custom
◇ Docker Swarm internal /
custom
Standards
◇ DNS
◇ Layer 4 and 7 OSI
http://dbones.github.io/2016/01/service-discovery/
https://www.nginx.com/resources/glossary/layer-4-load-balancing/
28. Set your strategy
◇ Confirm your Goals, Principles and Constraints.
◇ Apply basic research to get a candidate list of
components (put the logo against each component
in the platform diagram).
◇ Note which candidates are tactical or strategic.
◇ Run a number of POC’s and Technology Adoption
Processes on the the candidates.
◇ Retrospect on your choices and evolve.
Consider how you achieve blue/green deployments, and apply database migrations.
This is a generic platform which covers components which are used to devops your solution.
Image from dbones.github.io
pexels
Recommend not to use a CI for deployment.
Image from freepik
Consider PaaS services. But you have to consider what your application architecture is as well.
Microsoft Operations-management-suite <- need to understand more.
Consider PaaS services. But you have to consider what your application architecture is as well.
Note that these tools cover over section of the landscape. Service Discovery, load balancing etc
Take advantage of the SDN.