Customer managed Vendor managed OpenShift offers the broadest set of managed hybrid cloud services On-premises Azure Red Hat OpenShift Managed by Red Hat Jointly Managed Managed by Red Hat Jointly Managed Red Hat OpenShift on IBM Cloud Cloud Managed - TBD - Fully Automated -Customer defined - Fully Automated -Customer defined - Fully Automated -Customer defined -Customer defined - Fully Automated -Customer defined Amazon Red Hat OpenShift Jointly Managed
Hybrid Cloud Innovation Full Stack Automation (IPI) Pre-existing Infrastructure (UPI) Bare Metal IBM Power Systems NEW! in OCP 4.5 3 4.5 Supported Providers
Azure RBAC Roles OpenShift Azure documentation will specify that a service account (“Service Principal”) be created with Contributor role access. This can be a major issue with customers. Contributor can: ● Create and manage all of types of Azure resources ● Cannot grant access to others In addition, the service account is placed in an azure.conf file on each machine. The service account and password are residing on each machine in clear text. “Create the service principal with the Microsoft Azure role of contributor and with the scope of the Microsoft Azure subscription and the resource group” ~ OCP Azure install guide
Azure Storage Of the main types of storage, we will mainly deal with: - Disk (VM attached) - File (NFS) - Blob (object) For disk - there is an issue where the disks will reattach in a different order after reboot. This can be remediated - see https://docs.microsoft.com/en-us/azure/virtual-machines/troubl eshooting/troubleshoot-device-names-problems Note: Azure cloud provider makes azure-disk the default storage class File is a great option because Microsoft provides services for site replication that can help with DR planning. Note: in the documentation it states that for Azure Gov Cloud - file is NOT supported. Azure Disk can be used for block storage (metrics/logging) - Managed disks provides three replicas of your data, allowing for high durability Azure File can be used by applications. Azure Blob can be used by the registry. Therefore, no need to implement OCS.
11 Azure Red Hat OpenShift Empower developers to innovate Support for traditional, cloud native & serverless tools Easily connect to hundreds of Azure services Scale on-demand. Pay as you go Scale as your application demand changes Leverage your Azure monetary commits Enterprise-grade operations, security, and compliance SLA: 99.9%, 24*7 premium support Compliant with PCI DSS, HITRUST, FedRAMP, SOC (ISO, and HIPAA coming soon) Jointly engineered, operated, and supported by Microsoft and Red Hat with an integrated support experience
13 Fully managed clusters with Azure Red Hat OpenShift Responsibilities User management Project and quota management Application lifecycle Cluster creation Cluster management Monitoring and logging Network configuration Software and security updates Platform support Customer Microsoft and Red Hat Virtual network Azure DNS Azure Load Balancer (Master) Azure Load Balancer (Router) Public IP Public IP Public IP Azure Active Directory OpenShift API/administration console App 1 App 2 User App definition Azure VMs (Master) Scale sets Azure Premium SSD Managed Disks Node 1 Node 2 Node 3 api-server · controller-manager · etcd Azure VMs (Infrastructure) Scale sets Azure Premium SSD Managed Disks Node 1 Node 2 Node 3 registry · router Azure VMs (Applica Sca Azure Premium SSD Managed Disks Node 1 Node 2 Node N application pods Azure Blob Storage OpenShift SDN Let Microsoft and Red Hat… Monitor and operate your VMs Manage all your clusters Manage environment patches Secure your nodes
Enhanced Features, Availability and Control ● Full cluster admin - Full cluster admin support for advanced customization ● Private clusters / Express Route support - Create fully managed clusters in a custom VNet with no public endpoints ● Bring your own VNet - Deploy OpenShift 4.3 based clusters into your own VNet ● Cluster Autoscaling - Automatically adjust the size of your cluster ● Multi-AZ clusters - Clusters automatically deploy across three availability zones Azure Red Hat OpenShift on OpenShift 4 Highlights Operator Support ● Operator/CRD support - Support for Operators and Custom Resource Definitions Improved Developer Productivity ● Developer Productivity tools - Service Mesh, CodeReady Workspaces, serverless etc. ● Azure Portal Integration - Easily view OpenShift clusters in the Azure web portal Regulatory Compliance ● Compliance Certifications: PCI DSS, HiTrust, FedRAMP High, SOC 2 (Coming soon: ISO etc.) 14
15 Unified support and operations Jointly engineered, operated, and supported by Microsoft and Red Hat • In-portal integrated support experience is available 24x7 • ISO 27001 compliant B2B communication channel • Co-located support with Red Hat on-site team • Integrated case systems • Microsoft and Red Hat security response team collaboration Microsoft Help + Support Microsoft Azure Support Site Reliability Engineers Red Hat Customer Portal Red Hat Support Cross-team hand off Flexibility in support channels SSO access to Red Hat support Cross-product support Case exchange platform
ARO FEATURES Azure Red Hat OpenShift Unified support Jointly engineered, operated, and supported by Microsoft and Red Hat with an integrated support experience High availability Multiple masters and infrastructure nodes help ensure your cluster has no single point of failure Regulatory compliance Azure Red Hat OpenShift is compliant with SOC, ISO, PCI DSS, HIPAA, and more Persistent storage volumes Azure Disk is pre-configured as the default storage class, providing dynamically provisioned Premium SSD’s on-demand First party Azure service Clusters are deployed into your Azure subscription and included on your Azure bill Flexible, self-service deployment Create fully managed OpenShift clusters in minutes Cluster node scaling Scale on demand to meet resource demand Azure Active Directory integration Use Azure Active Directory to control access to your cluster with an integrated sign-on experience Fully managed clusters Master, infrastructure, and application nodes are managed by Microsoft and Red Hat; plus, no VMs to operate and no patching required Virtual Network integration Deploy your cluster into a new VNet, then use VNet peering to connect to your existing VNet and on-premises networks
17 Get Azure Red Hat OpenShift through your existing Azure subscription Highly available, fully managed cluster—starting with four application nodes* Use on-demand pricing or reserved instances, whichever suits your workload and business needs On-demand scaling with additional application nodes* Starts at $0.953/hour Use Reserved Virtual Machine instances to save costs ⬤ Choice of standard, high-memory, or high-CPU application nodes ⬤ Integrated support and operations ⬤ Pay through your existing Azure commitment ⬤ 99.9% uptime Service Level Agreement (SLA) ⬤ *Price includes the Azure Linux VM costs
redhatlivestreaming
mclloyd
brad_frost
keithpitt
deanohume
pedronauck
matthewcrist
colly
jonyablonski
moore
kneath
frogandcode
thekraken