Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Considerations in Cloud DevOps

41412a40b6ba18ba3e82a887a4f2e0de?s=47 Ben Whaley
October 23, 2014

Considerations in Cloud DevOps

Presented at BNY Mellon Silicon Valley Innovation Center, 10/22/2014

Video: https://www.youtube.com/watch?v=q-c20Z1ZN-I&list=UUODym48KciXOkpU_U62Ut6g

41412a40b6ba18ba3e82a887a4f2e0de?s=128

Ben Whaley

October 23, 2014
Tweet

Transcript

  1. Considerations in Cloud DevOps. Ben Whaley @iAmTheWhaley

  2. Mobile Scale

  3. 0 900000000 1800000000 2700000000 3600000000 PCs Mobile Phones Connected Clients

    3.5 billion 1.8 billion Source: Andreessen Horowitz
  4. Growth in Connected Client Devices Units (millions) 0 400 800

    1,200 1,600 Jun 07 Jun 08 Jun 09 Jun 10 Jun 11 Jun 12 Jun 13 Tablets iPhone & Android PCs Source: Andreessen Horowitz
  5. 0 400000000000 800000000000 1200000000000 1600000000000 Photos Taken 2014 1999 1.5

    trillion 80 billion Source: Andreessen Horowitz
  6. ~1.3 Million Apps

  7. Revisions measured in days or weeks.

  8. IoT

  9. Mobile is powered by APIs.

  10. Mature Mobile • Use the cloud to enable rich native

    apps • Blur the line between apps and the web • Hyperlocal via iBeacons & NFC • Mobile != Smartphone
  11. Business Benefits • APIs engage customers, partners • Data pipelines

    for business analytics • Improved availability • Elasticity for • Cost savings • Capacity on demand • Focus on core competencies
  12. Systems

  13. Systems • n+2 redundancy n n+1 n+2 Load Balancer

  14. Systems • n+2 redundancy • Compute is ephemeral n n+1

    n+2 n+3 n+4 n+5 Load Balancer
  15. Systems • n+2 redundancy • Compute is ephemeral • Infrastructure

    is code resource "digitalocean_droplet" "www-1" {! image = "ubuntu-14-04-x64"! name = "www-1"! region = "nyc2"! size = "512mb"! private_networking = true! ssh_keys = [! "${var.ssh_fingerprint}"! ]! }!
  16. Systems • n+2 redundancy • Compute is ephemeral • Infrastructure

    is code • Less is more
  17. Systems • n+2 redundancy • Compute is ephemeral • Infrastructure

    is code • Less is more • Ubiquitous monitoring
  18. Systems • n+2 redundancy • Compute is ephemeral • Infrastructure

    is code • Less is more • Ubiquitous monitoring • Service discovery
  19. Applications

  20. Applications • Loosely coupled

  21. Applications • Loosely coupled • Deeply instrumented

  22. Applications • Loosely coupled • Deeply instrumented • Lean

  23. Applications • Loosely coupled • Deeply instrumented • Lean •

    Built to be disabled
  24. Applications • Loosely coupled • Deeply instrumented • Lean •

    Built to be disabled • Stateless
  25. Applications • Loosely coupled • Deeply instrumented • Lean •

    Built to be disabled • Stateless • Robustly implemented “Be conservative in what you send, be liberal in what you accept”
  26. Applications • Loosely coupled • Deeply instrumented • Lean •

    Built to be disabled • Stateless • Robustly implemented • Continuously integrated
  27. Delivery

  28. Delivery Commit Test Build Deploy

  29. Delivery Build server Commit Site Deploy

  30. Delivery

  31. Delivery Challenges

  32. Delivery Challenges 1. Zero downtime

  33. Zero Downtime Green/Blue www.example.com Old Code

  34. Zero Downtime Green/Blue www.example.com Old Code New Code

  35. Zero Downtime Rolling Upgrade www.example.com Old Old Old

  36. Zero Downtime Rolling Upgrade www.example.com New Old Old

  37. Zero Downtime Rolling Upgrade www.example.com New New Old

  38. Zero Downtime Rolling Upgrade www.example.com New New New

  39. Zero Downtime Replacement www.example.com Old Old Old

  40. Zero Downtime Replacement www.example.com New New New

  41. Delivery Challenges 1. Zero downtime 2. Distributing credentials

  42. Distributing Credentials 1. Seed credentials in the OS image Pros

    Cons Simpler bootstrap process Must load credential to image initially May be more difficult to modify Credentials in plain text in stored image
  43. Distributing Credentials 1. Seed credentials in the OS image! 2.

    Commit encrypted config data to DVCS repository Pros Cons Data stored alongside code in version control Distributing decryption key to nodes varies by tool Easily updated Key distribution
  44. Distributing Credentials 1. Seed credentials in the OS image! 2.

    Commit encrypted config data to DVCS repository! 3. Asymmetric encryption Pros Cons Public/Private key pair may already exist Requires mature, possibly automated cert infrastructure Easy rotation and revocation Limited implementations No shared secret
  45. Delivery Challenges 1. Zero downtime 2. Distributing credentials 3. Database

    migrations
  46. Database Migrations 1. NoSQL vs Relational!

  47. Database Migrations 1. NoSQL vs Relational! 2. Multi-stage! a. Make

    backward compatible DB changes ! b. Run new code that is both backward and forward compatible! c. Migrate old data to new schema! d. Remove code that understands old schema! e. Clean up old schema
  48. Delivery Challenges 1. Zero downtime! 2. Distributing credentials! 3. Database

    migrations! 4. Distributing the code! 5. Updating the config! 6. Rollbacks
  49. Thanks! ! Ben Whaley ! bwhaley.com @iAmTheWhaley