2. CopyrightDigitalGlobe2016,All RightsReserved
What does DigitalGlobe do?
DigitalGlobe 2
• We have a constellation of satellites that take images of the earth.
• We collect about 3,500,000 square kilometers of imagery everyday
- Slightly more than the landmass of India
- 21,875 times the landmass of Lichtenstein
• We downlink ~5-6 TB of new “raw” imagery per day (~2 PB year)
• We then create products from that imagery with various forms of
image processing and analytics
• We create between 40 TB - 100 TB of new products per day
10. CopyrightDigitalGlobe2016,All RightsReserved
DigitalGlobe Needed A New Architecture
DigitalGlobe 10
• ‘Old Way’ at DigitalGlobe
- ~3-6 months to get a new applications with new VMs deployed. All
snowflakes, all F5 configuration was snowflakes, etc. Some puppet used in
production.
- Lead us to do unnatural things.
- Bolt on inconsistent functionality onto existing software to avoid a new
deployment.
- Integration through a centralized Database.
- Fragile, slow to change, hard to use our data in new and different ways.
- Very projectfocused.
- Twist the monolith to meet the needs of a new project
11. CopyrightDigitalGlobe2016,All RightsReserved
DigitalGlobe Needed A New Architecture
DigitalGlobe 11
• New Opportunity – WorldView-4
- Upper management gave us the green light to change.
- Tight schedule. Need to move at ‘rapid’ pace.
- Designed and put in a microservice based architecturewith flexible/extensible
workflows.
- Scheduled satellite launch Q3 2016
12. CopyrightDigitalGlobe2016,All RightsReserved 12
• Survey of the available PaaS alternatives
• Created “knockout” criteria
• Down-Select – CF chosen as leading candidate
• Performed tasks to verify knock out criteria met
- e.g. upgraded PCF release while measuring uptime of platform services
• Migrated DG sample Java, Ruby and Python services & verify
portability across multiple environments
• Built pricing and staffing models
Technical Decision Process
DigitalGlobe
14. CopyrightDigitalGlobe2016,All RightsReserved
Architecture
Platform as a Service (PaaS)
Cloud Foundry
- Runs DG Custom Services
Infrastructure as a Service (IaaS)
OpenStack
-Runs Vendor Supplied Programs
-Runs some Custom DG Services
Bare Metal Hardware
-Sits underneath OpenStack
-Runs High Performance Compute Clusters
-Runs some GFE and specialized software
GFE
Crypto
HPC
Clusters
CSSSAP
JBoss
A-MQ
1
2
3
Application Patterns
Pattern Identification#
DG Custom
Services
Service
Wrapper
Service
Wrapper
Postgres
15. CopyrightDigitalGlobe2016,All RightsReserved
Cloud Foundry @ DigitalGlobe
DigitalGlobe 15
• CurrentState
- Open Source Cloud Foundry Running on OpenStack
- Kudosto ECS Team. Great work helpingus here.
- Custom deployment – best-effort at High-Availability config:
- 47 VMsin the foundation. 20 are DEAs.
- Need some tweakingto fullyutilize 2 AZ’s correctly.
- This environment supports: Development, Test, CI/CD Pipeline, and ‘production’
until we get our PCF OpenStack deployment finished.
- Total of ~500 services running in the current environment
- Not all unique. Developersmayhaveto deploya service (or mock of the service) to
theirspace to do developmentof test witha common service.
- ~330 are in developersspaces
- ~170 are in variousstages of test
- DEA VMs are 2 CPU, 16 GB RAM with Cloud Foundry configured for a 3x
overcommit on memory.
- All logs being shipped into an ELK stack via log-drains bound to apps. Looking at
firehose integration.
16. CopyrightDigitalGlobe2016,All RightsReserved
Cloud Foundry Wins
DigitalGlobe 16
• Development Speed
- Once we had ‘patterns’ down, it is now easy to develop a new microservice
- Template-based bootstrap of new team members and services
• Ease of Deployment
- Self-service Jenkins portal to create a new service
- Merge to master in github to initiate the CI/CD pipeline (still a work in progress)
- Managed deployment to several stops in the pipeline (still a work in progress)
• Visibility
- A few cf curl commands reveals all that is deployed
• Auditability
- When new services are found, Nimsoft alerts are sent
- Monitoring automatically creates a new dashboard in Kibana for the discovered
service (still a work in progress)
• Control
- Now that we have Visibility, and Auditability, we have control over our services.
17. CopyrightDigitalGlobe2016,All RightsReserved
Cloud Foundry Wins
DigitalGlobe 17
• Testing
- The test groups are ecstatic. Generally very easy to test micro services. Test
coverage and ability to isolate and troubleshootvastly superior to legacy.
• Resiliency
- OpenStack compute node failures
- Bosh realized its was missing bits and rebuilt the environment
- No users knew
- We lost a few VMs outside of CF that affected people, but nobody knew the CF
environment was even affected.
- Has happened twice, with the same results.
- We’vecaptured stats on these failures and they have been highly useful in
discussion with Program and Executive management
18. CopyrightDigitalGlobe2016,All RightsReserved
Cloud Foundry Challenges
DigitalGlobe 18
• Open Source
- No out-of-the-boxsupportfor an HA environment.
- Manually keeping up to date. Editing deploymentsfor new features, etc.
- Fall behind quickly
- Lack of Graphical Management tools, even just for visibility
• Other infrastructure that you are going to need
- Eureka/consulor some other runtime service discovery.
- Configuration isn’t going to cut it in a world of microservices.
- Log Aggregation
- Impossible to manage without something bringing all of your logs together.
• Integration with Enterprise SSO
- We have not found a lot of guidance. Maybe we are not looking in the right
places. Anyone?
19. CopyrightDigitalGlobe2016,All RightsReserved
Cloud Foundry Challenges
DigitalGlobe 19
• Synchronization across Foundations
- E.g. UAA, Client IDs, Secrets, Scopes.
- Best practices around load-balancing across foundations.
- Best practices around naming of domains across foundations…
- Still want each foundation individually addressable for some functions.
- E.g. we want to be able to target a foundation to do a deploy.
- We want applications load-balanced across foundations though.
• SSL & Domains
- Since CF only supports a single cert, we have to use a ton of SANs (subject
alternative names).
- Impossible to manage with 100+ developers/testers.
- (HTTPS required in our environment)
- Need to get this rectified. We should be able to get a cert for a developers
space and just add it.
20. CopyrightDigitalGlobe2016,All RightsReserved
Cloud Foundry Challenges
DigitalGlobe 20
• Developer/DevOps access to spaces
- We have a lot of spaces, and some ephemeral spaces.
- It is tough to add all the developersas space auditors so they can see the logs
from all spaces.
- Sometimes this is needed with certain types of failures that cant be diagnosed
from the ELK stack logs.
• Tension between microservices and licensing models
- The more you do the right thing, the more it costs.
21. CopyrightDigitalGlobe2016,All RightsReserved
Adoption Cultural Challenges
Don’t change it now
- I just got my head
wrapped around
the old one
Can’t we put off
this ‘PaaS thingy’ –
seems bleeding
edge
Let’s do this on a
‘toy’ project
It’s ‘open’, but is it
really ‘open’?”
22. CopyrightDigitalGlobe2016,All RightsReservedDigitalGlobe 22
• This is a significant change of:
- Culture
- Tools
- Process
- Dependency management
• The gains are significant – but you need someone in Executive
Management that’s willing to go to bat for you
• As an Architecture Team – you need to be willing to:
- Put it on the line (reputation / job)
- Abandon the ivory tower – Dig in, implement, provideguidance, “Keep
pumping gas into the plane”
- We’vedone all of this (and to a significant degree asked our EA colleagues to
“keep the lights on” in the rest of the enterprise)
And then – there is the politics
23. CopyrightDigitalGlobe2016,All RightsReservedDigitalGlobe 23
• A small footprint, OEM type installation of CF
• Manage multiple foundations as a single environment
- E.g. Cross Region type of deploymentsand management.
• Persistent storage access – NFS mounts available in a container
specifically
Future needs
24. CopyrightDigitalGlobe2016,All RightsReserved 24
• Ward Maddux – Pivotal
• Mark Carlson – ECS Team
• Josh Ghiloni – ECS Team
• Steve Wall – ECS Team
• Mike Minges – ECS Team
• Joe Fitzgerald - Pivotal
• James Watters - Pivotal
Thank You!
DigitalGlobe