Public Cloud Made Private with Cloud Foundry & Kubernetes

Transcript

1. © 2018 IBM Corporation BENGALURU 2018

2. © 2018 IBM Corporation BENGALURU 2018 Public cloud made Private

   with Cloud Foundry & Kubernetes Srinivasan Nanduri Vidyasagar Machupalli

3. © 2018 IBM Corporation 3 IBM Cloud Foundry Enterprise Environment

   Allows you to create and manage isolated environments for hosting Cloud Foundry applications exclusively for your enterprise. It provides self-service deployment and elastic consumption, rapid provisioning, complete access to Cloud Foundry admin operations, and is fully integrated with the vast catalog of IBM Cloud services, enabling you to building complex applications with a wide range of services, including Watson AI. Positioned in the IBM Cloud Foundry Public deployment and seamlessly integrated with IBM Console.

4. © 2018 IBM Corporation 4 … provides a new way

   of offering dedicated Cloud Foundry • Provide a tenant-specific Cloud Foundry environment with optional hardware isolation • Deployable through self-service and rapidly available • Provide complete administrative control over Cloud Foundry • Provision and scale on-demand • Instances are deployed on Kubernetes clusters in an infrastructure account • Simplified and consistent user experience with the IBM Cloud platform IBM Cloud Foundry Enterprise Environment Built on IBM Kubernetes Service

5. © 2018 IBM Corporation 5 … self-service provisioning, scaling and

   administration • Available in all regions where the IBM Kubernetes Service is available • Choose the environment size based on number and size of Diego cells • Take advantage of all IBM Cloud services • Single vendor for PaaS, infrastructure, and support • Management of the service instance is independent from the offering • Customer self-managed (only initial option) • IBM/3rd party managed in the future IBM Cloud Foundry Enterprise Environment Built on IBM Kubernetes Service

6. © 2018 IBM Corporation CFEE – Manage and operate the

   infrastructure hosting CF IBM-Managed, Customer Operated Responsibility IBM Client Manage all aspects of the provisioning service X Self-Provision a CF isolated instance using IBM Cloud UI or APIs X Provide curated secured CF images for initial provision and regular maintenance X Apply updates to service instance X Ensure that newly provisioned service instance and update images meet security standards X Manage and operate the K8S layer up through the Pods X Configure & Operate the CF application platform X • Client self-provisions solution instances via the Global Catalog • Client selects target Cloud Region - both MZRs and SZRs supported • Anywhere the Container Service is offered • Can use all capabilities provided by Cloud Foundry • Customer has admin access to Cloud Foundry • Can leverage any service available in the catalog • Customer can scale service instance capacity on-demand Continuation of the IBM fully-managed “dedicated hosting” methodology, but with new customer engagement options.

7. © 2018 IBM Corporation 7 “We need a development platform

   that is, not only secured, but also isolated from other tenants, cost efficient and without bogging us down with maintenance overhead ” Clive, Cloud Architect Michael, operations administrator “We want centralized control over the development platform usage (user management, resource usage monitoring), but we want that centralized management to be efficient and with minimum manual tasks. Josh Lead Developer Janice Developer “We don’t want 5 ways of doing the same thing depending on the resource type we work with, or its location. Current Problems

8. © 2018 IBM Corporation 8 Clive (cloud architect) goes to

   the global catalog in the public IBM Cloud, goes to the Cloud Foundry category, and creates a Cloud Foundry Environment. Cloud Foundry, a service in the catalog

9. © 2018 IBM Corporation 9 Creating Cloud Foundry Enterprise Environment

10. © 2018 IBM Corporation 10 Creating a Cloud Foundry Enterprise

    Environment Zoomed in on next 3 pages Realtime cost calculator

11. © 2018 IBM Corporation 11 Creating a Cloud Foundry Enterprise

    Environment - Plans

12. © 2018 IBM Corporation 12 Creating a Cloud Foundry Enterprise

    Environment - Size

13. © 2018 IBM Corporation 13 Creating a Cloud Foundry Enterprise

    Environment - Cluster

14. © 2018 IBM Corporation 14 Once created, CFEE environments appears

    in main dashboard

15. © 2018 IBM Corporation 15 Access to the new Cloud

    Foundry environment is controlled through the platform’s Identity & Access page, like any other service instance (Manage > Users). Managing access control to CF environments

16. © 2018 IBM Corporation 16 In the ICFEE UI users

    manage that environment. The first (default) tab in the user interface is the Overview, which shows a dashboard with the main metrics and high-level information about the environment. Other categories (tabs) in the page provide information and management of users, organizations, resource capacity, catalog visibility and CF version updates). Some information is available only to users with specific roles. Administering the CF environment

17. © 2018 IBM Corporation 17 Onboarding users

18. © 2018 IBM Corporation 18 Managing resources and organizations

19. © 2018 IBM Corporation 19 Kubernetes cluster information

20. © 2018 IBM Corporation 20 Kubernetes worker nodes

21. © 2018 IBM Corporation 21 Kubernetes dashboard

22. © 2018 IBM Corporation 22 Services addition to cluster

23. © 2018 IBM Corporation IBM Cloud Foundry Enterprise Environment •

    Cloud Foundry application services - Public shared infrastructure on-which customers can directly deploy applications with isolation provided by role-based access control • Cloud Foundry Enterprise Environment - providing customers an isolated CF environment. Available in two deployment models in customer's infrastructure: • Shared infrastructure - where the clusters and host VMs are deployed on a shared hypervisor • Dedicated infrastructure - where the clusters and host VMs are deployed on a dedicated hypervisor New Service! The IBM Cloud Foundry Enterprise Environment is an implementation of the Cloud Foundry PaaS platform that is tailored for IBM Cloud. It provides two basic levels of CF services

24. © 2018 IBM Corporation Cloud Foundry Service – Customer Need

    • An Enterprise DevOps team needs to build, deploy and run applications on “The Cloud” while meeting the isolation and security needs of their security office • An Enterprise IT Operator needs to deploy changes and updates to the cloud applications based on the risk-to-speed cadence they are comfortable with • The IT/LOB buyer needs their cloud spending to be aligned with the volume, time and geographic variability of their business needs • The Enterprise Security Architect needs their applications to communicate securely with each other Organizations demand different levels of isolation in their cloud development platform to balance security, cost, and productivity. They need to isolate workloads both externally to their org and internally for their sub-groups.

25. © 2018 IBM Corporation • Provides a complete and isolated

    Cloud Foundry environment on IBM Cloud with levels of isolation infrastructure, all based on the IBM Cloud Container Service • Allows customers to manage change and access control to their development environment, including it’s configuration • Allows customers to select the right level of isolation v/s cost: Shared (dev/test) or dedicated infrastructure (prod) • Gives customers rapid self-service provisioning and scaling of the environment • Provides full administrative controls on the environment. IBM provides updates; customers apply them at their convenience Enterprise customers can create and manage Isolated Cloud Foundry environments for cloud app deployments by the users within their organization. Cloud Foundry Service Offering

26. © 2018 IBM Corporation Cloud Foundry Service – Business Value

    Customer provisions in their target region: • Including isolated Containers, Cloud Foundry, VMs, Bare Metal and Data Service instances • Encrypted shared Logging, Monitoring, Cloud Object Store, Activity Tracker • Complete single-tenent Cloud Foundry isolation in their customer account. Allows for • In-country data residency • Compute resources provisioned single tenant • Client data isolated & encrypted

27. © 2018 IBM Corporation Cloud Foundry Service – Customer Value

    This Cloud Foundry Service provides specific value to customers with this approach compared to Public application hosting • Rapid isolated deployment speed • Greater customer control over Cloud Foundry environment • Completely self-service driven provisioning • Application isolation from all other organizations • Complete control in your IBM Cloud IaaS account • Higher security and critical regulatory compliance • More finely-tuned cost with exactly what you are using • Speed adoption of cloud-native application development practices

28. © 2018 IBM Corporation One architecture will improve the quality

    of our offerings, including security

29. © 2018 IBM Corporation Cloud Foundry Service – Deployment Architecture

    Every customer gets a single-tenant instance of Cloud Foundry • Self-provisioned into client account • Deployed within the client VPC • Able to be seamlessly integrated with the customer's enterprise network IBM delivers Cloud Foundry service with a defined SLA IBM manages the Service lifecycle Customer operates PaaS environment • Defines Orgs, Spaces for Customer’s users • Monitors application platform User Experience consistent across CF- based offerings (Public, ICp)

30. © 2018 IBM Corporation CF Service Provisioning Stack

31. © 2018 IBM Corporation 31 IBM Cloud – The Cloud

    for Enterprises Designed for your workloads. The broadest range of compute and database options, while ensuring consistency, integrity, and performance AI-ready. Combining high-performance infrastructure with a broad range of Watson and machine learning APIs to build your own applications. Secure to the core. Bringing together nearly 60 locally owned and operated data centers with market leading security products and services. Public Isolation is about making IBM Cloud the #1 destination for Enterprises looking to use cloud computing to innovate faster than ever!

32. © 2018 IBM Corporation 32 IBM Cloud Foundry – Enterprise

    Needs Drivers • Faster time to market Ideation to production in days • Better QoS for Applications Always-on applications that can scale to meet demand • Optimize IT spending Use as needed and pay only for what you use Concerns – Data, data, data… Data security at every stage of the application – Regulatory compliance ISO, PCI-DSS, SOC2,… – Cloud DevOps skills Cloud adoption challenges while keeping existing workloads running

33. © 2018 IBM Corporation 33 IBM Cloud Foundry – Meeting

    Enterprise Needs Speed • Compose environments from the Global console • Broad range of compute and SaaS options, including Watson AI • Start and grow – at your pace • Use what you need; spend only on what you use • Consistency across single zones and multi- zone Regions Security • Isolation options in Compute and SaaS • Encryption of data at rest and in motion with tenant- specific keys • Compliance roadmap with ISO, NIST, SOC2, PCI-DSS, HIPAA, and more • Private endpoints for Cloud compute and services • Extend the Enterprise network with secure high- bandwidth connectivity One Cloud • Identity and Access Management • Resource Groups • Application lifecycle monitoring with Activity Tracker • Log Storage and Analysis • Global Catalog • Hybrid applications with IBM Cloud Private

34. IBM Cloud Public Isolation IBM Cloud Dedicated Customer Requirements •

    Customer needs the ‘flexibility’ of Kubernetes and containers with compute isolation • Customer needs data services in isolation with in- country requirements • Customer needs hardware isolated Cloud Foundry based compute and services for compliance or industry certifications Isolation Characteristics • Compute Isolation • Storage Isolation ( COS through per-tenant encryption ) • Data Isolation ( Cloudant, Compose, DB2 ) • Shared Global Control Plane ( Bluemix.net ) • Network isolation through IaaS services • Single Tenant Hardware Isolation ( Compute, Services, Network, Data ) • Dedicated control plane ( Ex: dedicated.<clientname>.com ) • Network Isolation through IaaS services Catalog • ICCS, Compose, Cloudant, COS and DB2 main services offered today • Service catalog to expand over time • Small subset of services available in Dedicated today ; MessageHub, APIC, GHE, Continuous Delivery, Cloudant, Compose, DB2, Push, Watson IoT, ICCS • Public services available through syndication. Location of Service • Service availability differs by IBM Cloud Region and DC. • Can be deployed in any IBM Cloud Region or DC. Time to access • Immediate & Self Service • 4-6 weeks before customer gets access to the environment; IBM personnel must provision HW and services Pricing • Flexible and PayGo Pricing model. • Client can start at a bare minimum without any upfront monetary commitment. • Sold via IBM Cloud Subscription • $50K One Time Setup Fee • $22K/Month for 64 GB Cloud Foundry Compute • Additional cost for additional services IBM Cloud – Public Isolation Vs Dedicated

35. IBM Cloud Public Isolation IBM Cloud Dedicated Support • Sell

    24x7x365 Support as a minimum • Best practice to upsell to premium support • Sell 24x7x365 Support as a minimum • Best practice to upsell to premium support Responsibility • IBM manages all aspects of provisioning, updating and maintaining services provisioned in service accounts. • Customer responsible for self-provisioning the environment, services, etc through IBM Cloud UI or API’s. Apply updates to services provisioned in customer account ( Ex: ICCS Kubernetes Upgrades ) • IBM Managed: IBM sets up and manages the platform and the services, Upgrades are made during maintenance windows IBM Cloud Garage • Minimum sell IBM Cloud Garage Design Thinking and MVP services to help kickstart consumption • Best practice to sell IBM Cloud Garage services IBM Cloud / Public Isolation and Cloud Foundry © 2018 IBM Corporation IBM Cloud – Public Isolation Vs Dedicated

36. © 2018 IBM Corporation 36 PaaS vs Iaas: Cloud Foundry

    vs Kubernetes Cloud Foundry “is an open source, multi cloud application platform as a service (PaaS) running containerized applications governed by the Cloud Foundry Foundation (CFF).” “is an open-source system for automating deployment, scaling and management of containerized applications ma intained by the Cloud Native Computing Foundation (CNCF).” Kubernetes PaaS IaaS+

37. © 2018 IBM Corporation 37 PaaS vs Iaas: Cloud Foundry

    vs Kubernetes IaaS

38. © 2018 IBM Corporation 38 PaaS vs Iaas: Cloud Foundry

    vs Kubernetes PaaS

39. © 2018 IBM Corporation 39 Cloud Foundry vs Kubernetes Very

    specific and deliberate interest in which one to use. When? Why? Cloud Foundry Use Cases The Cloud Foundry platform is a higher- level abstraction, and offers a higher level of productivity to its users. With productivity, though, comes certain limitations in what can be customized in the infrastructure. Kubernetes Use Cases Kubernetes is a lower-level abstraction in the PaaS world - meaning greater flexibility to implement customizations and build container relationships and connections. This also means more work for your engineering teams and decreased productivity. Cloud Foundry and Kubernetes Containers solve different application delivery concerns for different users within the same space.

40. © 2018 IBM Corporation 40 Jennifer Kotzen, senior product marketing

    manager – SUSE (CF Member, working closely with IBM on CF + Kube work) About CF + Kubernetes “…the two communities has really opened up … and are much more receptive than ever to these innovative ideas… not how do they compete, it's how do we bring them together… this community recognizes that they are complementary, that they do have value to offer each other … each one has its limitations and neither one alone can satisfy the broader need https://www.youtube.com/watch?v=Z7IxIDYMoF0 Cloud Foundry & Kubernetes

41. © 2018 IBM Corporation 41 vs And IBM Cloud Foundry

    Enterprise Environment Cloud Foundry & Kubernetes = CF