Tweet
Tweet

Slide 1

Slide 1 text

Immutable Infrastructure The New App Deployment AXEL FONTAINE @axelfontaine axel@boxfuse.com

Slide 2

Slide 2 text

About Axel Fontaine • Founder and CEO of Boxfuse • Over 15 years industry experience • Continuous Delivery expert • Regular speaker at tech conferences • JavaOne RockStar in 2014 @axelfontaine

Slide 3

Slide 3 text

flywaydb.org

Slide 4

Slide 4 text

boxfuse.com

Slide 5

Slide 5 text

Let’s start with a small story

Slide 6

Slide 6 text

http://commons.wikimedia.org/wiki/File:Gluehlampe_01_KMJ.jpg Incandescent Bulb 60 W LED Bulb 10 W

Slide 7

Slide 7 text

Heater that gives off a little bit of light Light that gives off a little bit of heat

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

Edison Screw

Slide 10

Slide 10 text

Simple, stable, standards-compliant interface with a clear contract My responsibility The electricity company’s responsibility

Slide 11

Slide 11 text

Simple, stable, standards-compliant interface with a clear contract Room For Innovation Undifferentiated Heavy Lifting

Slide 12

Slide 12 text

back to IT infrastructure …

Slide 13

Slide 13 text

POLL: what type of infrastructure are you running on? • On Premise • Colocation • Root Server • Cloud

Slide 14

Slide 14 text

How did this evolve ?

Slide 15

Slide 15 text

sometime in the 20th century …

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

http://en.wikipedia.org/wiki/File:Tdkc60cassette.jpg

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

+ = ON PREM + Challenges • Power, Network, Cooling • Physical Security • Physical Space • Procurement, Vendor Management • Capacity Planning • Financing • OS + Patches • App + Updates

Slide 20

Slide 20 text

+ = ON PREM + Our responsibility

Slide 21

Slide 21 text

+ + Our responsibility Their responsibility = COLO

Slide 22

Slide 22 text

+ = COLO + Simple, stable, standards-compliant interface: (19” Rack, AC Power, Ethernet, …)

Slide 23

Slide 23 text

Can change as long as it complies with the interface contract + = COLO + Undifferentiated Heavy Lifting Our responsibility

Slide 24

Slide 24 text

= ROOT SERVER + Undifferentiated Heavy Lifting Our responsibility Can change as long as it complies with the interface contract

Slide 25

Slide 25 text

= ROOT SERVER + Undifferentiated Heavy Lifting Simple, stable, standards- compliant interface Software <-> Hardware

Slide 26

Slide 26 text

Room For Innovation + Undifferentiated Heavy Lifting Could this be our industry’s Edison Screw? Simple, stable, standards- compliant interface

Slide 27

Slide 27 text

Let’s talk about software

Slide 28

Slide 28 text

POLL: which level of automation are you at? • Build • Unit Tests • Continuous Integration • Acceptance Tests • Continuous Deployment (Code) • Continuous Deployment (Code + DB + Configuration) • Infrastructure

Slide 29

Slide 29 text

Build Test

Slide 30

Slide 30 text

• One immutable unit • Regenerated after every change • Promoted from Environment to Environment Classic Mistake: Build per Environment

Slide 31

Slide 31 text

OS Kernel Libraries Language App Server App

Slide 32

Slide 32 text

OS Kernel Libraries Language App Server App

Slide 33

Slide 33 text

why aren’t we doing the same for the layers this is running on ???

Slide 34

Slide 34 text

what could possibly go wrong in these other layers ???

Slide 35

Slide 35 text

missing software

Slide 36

Slide 36 text

wrong name

Slide 37

Slide 37 text

bad version

Slide 38

Slide 38 text

incorrect permissions

Slide 39

Slide 39 text

http://www.flickr.com/photos/travelinlibrarian/2409633653/sizes/l/ critical resource in use

Slide 40

Slide 40 text

what aren’t we holding our servers to the same standards as our applications ???

Slide 41

Slide 41 text

No content

Slide 42

Slide 42 text

OS Kernel Libraries Language App Server App Build Test

Slide 43

Slide 43 text

OS Kernel Libraries Language App Server App Build Test App

Slide 44

Slide 44 text

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App Multiple instances in multiple Environments

Slide 45

Slide 45 text

OS Kernel Libraries Language App Server App Multiple instances in multiple Environments • All instances should be as similar as possible (any difference is a potential source of errors) • That also includes your local Dev environment! • Must be able to reliably provision new ones (and recreate existing ones from scratch)

Slide 46

Slide 46 text

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App Updates Updates Updates Sysadmin

Slide 47

Slide 47 text

If I had asked my customers what they wanted they would have said a faster horse. Henry Ford

Slide 48

Slide 48 text

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App Updates Updates Updates Sysadmin

Slide 49

Slide 49 text

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App Updates Updates Updates Automated Sysadmin

Slide 50

Slide 50 text

fast forward to 2015 …

Slide 51

Slide 51 text

Every day, AWS adds enough server capacity to power the whole $5B enterprise Amazon.com was in 2003. Weekends included.

Slide 52

Slide 52 text

"Advanced Test Reactor" by Argonne National Laboratory - originally posted to Flickr as Advanced Test Reactor core, Idaho National LaboratoryUploaded using F2ComButton. Licensed under CC BY-SA 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Advanced_Test_Reac tor.jpg#mediaviewer/File:Advanced_Test_Reactor.jpg "RIAN archive 341194 Kursk Nuclear Power Plant" by RIA Novosti archive, image #341194 / Sergey Pyatakov / CC-BY-SA 3.0. Licensed under CC BY-SA 3.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:RIAN_archive_341194_ Kursk_Nuclear_Power_Plant.jpg#mediaviewer/File:RIAN_archi ve_341194_Kursk_Nuclear_Power_Plant.jpg Control Plane Data Plane

Slide 53

Slide 53 text

Control Plane Data Plane

Slide 54

Slide 54 text

• Shift to a world of abundance (no more resource scarcity) • Clean Control Plane/Data Plane split with API-based provisioning • Cost-based Architectures with the ability to turn infrastructure off Benefits of the cloud

Slide 55

Slide 55 text

it is time to rethink the faster horse

Slide 56

Slide 56 text

App OS Kernel Libraries Language App Server Build Test

Slide 57

Slide 57 text

App OS Kernel Libraries Language App Server Build Test Undifferentiated Heavy lifting

Slide 58

Slide 58 text

App OS Kernel Libraries Language App Server Build Test

Slide 59

Slide 59 text

App Machine Image OS Kernel Libraries Language App Server Build Test Machine Image

Slide 60

Slide 60 text

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App Updates

Slide 61

Slide 61 text

Machine Image Machine Image Machine Image Updates

Slide 62

Slide 62 text

but there is one big problem left …

Slide 63

Slide 63 text

Machine Image Network Cable

Slide 64

Slide 64 text

Machine Image Network Cable Multiple GB

Slide 65

Slide 65 text

Running servers in production should be like going backpacking. You take the bare minimum with you. Anything else is going to hurt. A Wise Man

Slide 66

Slide 66 text

what is really adding business value ???

Slide 67

Slide 67 text

Machine Image Network Cable

Slide 68

Slide 68 text

Editors Daemons OS Kernel Libraries Utilities Drivers App App Server Package Mgr Compilers SSH Firewall Compatibility Man Pages Language Log Files Users Shells Network Cable

Slide 69

Slide 69 text

OS Kernel Libraries App App Server Language Bootable App

Slide 70

Slide 70 text

Multiple GB 40 – 80 MB

Slide 71

Slide 71 text

Network Cable Bootable App

Slide 72

Slide 72 text

who is this for ???

Slide 73

Slide 73 text

OS Kernel Libraries Language App Server App 12-factor app

Slide 74

Slide 74 text

demo

Slide 75

Slide 75 text

What are the implications ???

Slide 76

Slide 76 text

Focus shift Individual instances become disposable Instance Service

Slide 77

Slide 77 text

Treat servers like cattle instead of pets

Slide 78

Slide 78 text

high uptime is a liability The longer an instance is up, the harder it becomes to recreate exactly (and it will fail eventually!)

Slide 79

Slide 79 text

How to solve service discovery ? Use a stable entry point with an internal registry Bootable App Bootable App Bootable App ? Elastic Load Balancer

Slide 80

Slide 80 text

What about security ? When was the last time your toaster got hacked?

Slide 81

Slide 81 text

What about security ? • Smallest possible attack surface • Vastly reduced implications due to low uptime and transient nature of instances • Very difficult to exploit other systems because essential tooling is missing

Slide 82

Slide 82 text

• Bake as much configuration as possible for all environments directly in the Bootable App • Use environment detection and auto-configuration • Pass remaining configuration at startup and expose it as environment variables what about configuration ???

Slide 83

Slide 83 text

what about the database ???

Slide 84

Slide 84 text

Bootable App what about the database ???

Slide 85

Slide 85 text

what about the database ??? • Keep all persistent state, including the database, out of the instance • Many good hosted solutions available like Amazon RDS or Google Cloud SQL • Use a database migration tool like Flyway to update on application startup

Slide 86

Slide 86 text

Bootable App what about the logs ??? Ship logs to a central log server where they can be • aggregated • stored and backuped • indexed • searched through a nice web UI Many good hosted solutions • Loggly • Logentries • Papertrail • …

Slide 87

Slide 87 text

what about sessions ??? Bootable App Keep session in an encrypted and signed cookie • avoids session timeouts • avoids server clustering & session replication • avoids sticky sessions & server affinity

Slide 88

Slide 88 text

what about rolling out new versions ???

Slide 89

Slide 89 text

Load Balancer App v1 App v1 Logs Availability Zone 1 Availability Zone 2

Slide 90

Slide 90 text

Load Balancer App v2 App v1 App v2 App v1 Logs Availability Zone 1 Availability Zone 2

Slide 91

Slide 91 text

Load Balancer App v2 App v2 Logs Availability Zone 1 Availability Zone 2

Slide 92

Slide 92 text

what about containers ???

Slide 93

Slide 93 text

understanding modern CPUs Both Intel and AMD have hardware support for virtualization • isolation • performance

Slide 94

Slide 94 text

Bootable App Hardware Hypervisor Bootable App Hardware OS+Container Runtime On Prem On Prem

Slide 95

Slide 95 text

Bootable App Hardware Hypervisor Bootable App Hardware Hypervisor OS+Container Runtime Bootable App Hardware OS+Container Runtime On Prem On Prem / Cloud Cloud Only makes sense if you cannot afford $9.60/month granularity

Slide 96

Slide 96 text

Bootable App Hardware Hypervisor Bootable App Hardware Hypervisor OS+Container Runtime Bootable App Hardware OS+Container Runtime On Prem On Prem / Cloud Cloud Only makes sense if you cannot afford 1.3 cents /hour granularity

Slide 97

Slide 97 text

summary

Slide 98

Slide 98 text

• One immutable unit • Regenerated after every change • Promoted from Environment to Environment Classic Mistake: Build per Environment

Slide 99

Slide 99 text

Bootable App • One immutable unit • Regenerated after every change • Promoted from Environment to Environment Classic Mistake: Build per Environment

Slide 100

Slide 100 text

boxfuse.com

Slide 101

Slide 101 text

Thanks ! AXEL FONTAINE @axelfontaine boxfuse.com