2. W H I T E P A P E R | Apcera Platform Features
T H E T R U S T E D C L O U D P L AT F O R M 2
Table of Contents
Introduction...............................................................................................................................................................................................3
Build and Deploy......................................................................................................................................................................................3
Applications from Source Code, Binaries and Docker Images..........................................................................................................3
Customizable and Extensible Application Build Process..................................................................................................................3
Multi-Language Support........................................................................................................................................................................3
Policy-Driven Package Dependency Management.............................................................................................................................3
Application Lifecycle Management......................................................................................................................................................4
Orchestrate................................................................................................................................................................................................4
Self-Healing Network and Service Discovery......................................................................................................................................4
Protocol Aware Services Communication...........................................................................................................................................4
Extensible Service Brokering.................................................................................................................................................................4
Persistent Storage Support...................................................................................................................................................................4
Horizontal Application Scaling.............................................................................................................................................................4
Policy/Govern............................................................................................................................................................................................4
Fine Grained Attribute-Based Policy Controls.....................................................................................................................................4
Instant and Transparent Policy Enforcement.....................................................................................................................................5
Scriptable Policy Language...................................................................................................................................................................5
Auditing and Log Management............................................................................................................................................................5
Multi-Cloud Access Controls.................................................................................................................................................................5
Multi-Cloud.................................................................................................................................................................................................5
Heterogeneous Multi-Clouds Environment Support..........................................................................................................................5
Application Mobility and Portability.....................................................................................................................................................5
Geographical Scalability........................................................................................................................................................................5
Global Policy Enforcement....................................................................................................................................................................5
Secure Programmable Intercloud Networking...................................................................................................................................5
Multi-Workload.........................................................................................................................................................................................5
Cloud-Native Applications.....................................................................................................................................................................6
Legacy Applications...............................................................................................................................................................................6
Web Applications....................................................................................................................................................................................6
Big Data Workloads................................................................................................................................................................................6
Operating Systems.................................................................................................................................................................................6
Enterprise Ready......................................................................................................................................................................................6
High-Availability and Zero-Downtime Upgrades.................................................................................................................................6
LDAP, OAuth, and Crowd Integration....................................................................................................................................................6
Automated Platform Installation and Scaling.....................................................................................................................................6
Comprehensive Platform Tooling and User Interfaces......................................................................................................................6
Secure Cloud Resources Segmentation..............................................................................................................................................6
3. W H I T E P A P E R | Apcera Platform Features
T H E T R U S T E D C L O U D P L AT F O R M 3
A
pcera offers an un-opinionated, next-generation PaaS
that increases development velocity. Apcera supports
a broad array of infrastructure providers and workload
types. Infrastructure support includes Amazon Web Services, Google
Compute Engine, Microsoft Azure, IBM SoftLayer, VMware vSphere
and OpenStack. Apcera supports all common web application
languages and runtimes including Java, Node.js, Ruby, Python, PHP,
Go and .NET. In addition, Apcera uses container technologies (native
as well as Docker) to support microservices-based application
development.
With Apcera, you spend less time worrying about environments,
libraries and other dependencies. Apcera is policy-driven so you
have the ability to define the boundaries for the developers while
simultaneously giving them access to the environments and services
they need to innovate. Our customizable policy allows you to define
your own process—any way you like.
With Apcera you can deploy any application across highly scalable
and available clusters. Clusters can span infrastructure providers
or regions for better availability and efficiency. Policy underlies all
deployment activities, so you can rest assured that only properly
vetted software and services are allowed in production environments.
Until now, creating a common policy to connect and extend your
infrastructure left you with the lowest common denominator
functionality. Keeping policy in sync requires both provider-specific
expertise and patience. Apcera provides a single, consistent policy
layer that delivers fine-grained control of resources, network and
service access, software versions and locality.
The Apcera Platform manages the details so you don’t have to.
Build and Deploy
On the Apcera Platform, developers spend more time writing code
and less time worrying about environments, libraries, and other
dependencies for their applications.
IT Operations define the boundaries within which developers operate,
while simultaneously giving them access to the environments and
services they need to innovate.
Applications from Source Code, Binaries, and
Docker Images
The Apcera Platform gives developers the ability to build and deploy
applications from source code, pre-compiled binaries, as well as
containers such as Docker images and operating system capsules.
Developers can deploy Docker images securely from Docker Hub or
other image repositories. IT Operations can control which images can
run with powerful built-in policy rules.
Customizable and Extensible Application
Build Process
IT Operations can control how code is built and deployed. Stagers
prepare ready-to-execute software bundles containing developer's
code, dependencies, language runtime and operating system.
IT Operations can build custom staging pipelines for any tool,
framework and language that developers need and perform tasks
such as: compiling source code, bundling dependencies, running
unit tests or scanning for viruses. Apcera provides an open API for
multiple programming languages to customize and extend the pre-
built stagers.
Multi-Language Support
The Apcera Platform provides pre-loaded supports for Java, Ruby,
Bash, Go, Node.js, Perl, PHP, Python and .NET. A built-in smart staging
processes scan the application source code and automatically build
the code and pull the required dependencies.
Policy-Driven Package Dependency
Management
With automated and policy-controlled package management
capabilities, developers do not have to worry about managing library
dependencies with their applications. The Apcera Platform includes
policy rules that provide IT Operations with the ability to control
provisioned resources, services, application libraries and the versions
Apcera Platform Features
4. W H I T E P A P E R | Apcera Platform Features
T H E T R U S T E D C L O U D P L AT F O R M 4
of the programming languages that are permitted.
Application Lifecycle Management
The Apcera Platform provides increased control and security over
the full application lifecycle. Lifecycle management support spans
from build and deployment to ongoing management. The Platform
provides policy-controlled version management and the ability to
simplify application development with manifests. Using staging
pipelines to manage and control code quality at ingestion, Apcera
builds packages that behave predictably throughout application
lifecycle. The Platform also performs health checks and monitoring
on running applications to help keep them stable and ensure that they
are scaling as requested.
Orchestrate
Dynamically assemble and orchestrate applications and services
inside and outside the platform in a uniform and policy-controlled way.
IT Operations orchestrate microservices, connect to legacy systems,
establish connections and dependencies between applications and
services (databases, users, service requests, etc.) on increasingly
vast, hybrid, and heterogeneous systems.
Self-Healing Programmable Network and
Dynamic Binding
Apcera's programmable overlay network keeps applications
connected and running even when applications move between
environments and clouds. Apcera uses standard URI addresses for
service resolution within and outside of the platform. These URIs
are provided to applications via environmental variables so they are
always available to any application that needs to know the location
of a given service. With this approach (referred to as dynamic
binding), the connectivity information is given to an application rather
than built into it. When a database moves, the platform will tell the
application where the new database location is. Developers don't
have to hardcode that into their applications.
Protocol-Aware Services Communication
Apcera’s protocol-aware Semantic Pipelines sit between applications
and databases, as well as between applications and other services
that require an HTTP interface. Semantic pipelines enforce rules
about which database actions applications can perform. One
important feature provided by the Semantic Pipelines is ephemeral
credentialing. Ephemeral credentialing offers organizations greater
peace of mind knowing that if a container becomes compromised
and passwords are leaked, they will not work outside of the
application.
Extensible Service Brokering
The Apcera Platform includes several built-in service gateways such
as LDAP, S3, RabbitMQ, Memcache, MongoDB, MySQL, Network File
Share, and Postgres. Service gateways run as any other workload
inside the Apcera Platform, and IT Operations can write them in any
language they wish. Service Gateways manage service providers and
configure connections between service providers and applications.
Service Gateways ensure that the communication is secure and
conforms to IT policies. The platform provides a simple HTTP-based
API that enables IT operations to extend the built-in gateways and
add new types of services.
Persistent Storage Support
The Apcera Platform includes built-in persistent storage support,
known as the Apcera File System (APCFS), for applications or Docker
containers that require persistent volume support. The Apcera File
System allows developers to request and use storage resources
without having any knowledge of the underlying infrastructure.
Horizontal Application Scaling
The Apcera Platform provides developers with the ability to scale
their applications horizontally using the built-in application load
balancing framework. Configuration is handled by the Apcera
Platform and no additional software is needed to scale applications.
Policy / Govern
Apcera is architected for trust. The policy engine empowers
developers to deploy quickly, while enabling operations to remain in
control. The engine manages all the elements of the platform and
defines, and enforces privileges and constraints.
IT Operations control who can perform an action on an application or
service, which resources the application can consume, and how the
application interacts with other services and data repositories.
Fine-Grained, Attribute-Based Policy Controls
The Apcera Platform gives enterprises the power to set policy
based on multiple dimensions (not just roles). These dimensions
include users, namespaces, workloads, clouds, resources, software
dependencies, auditing, application quotas, internal and external
5. W H I T E P A P E R | Apcera Platform Features
T H E T R U S T E D C L O U D P L AT F O R M 5
services, network routing and other factors to
achieve high levels of flexibility, automation, and
compliance.
Instant and Transparent Policy Enforcement
The policy engine is embedded in each system component allowing
IT Operations to create, apply, and enforce policy instantaneously and
on any resource or application running in the platform. No re-coding
or inclusion of Apcera APIs is needed.
Scriptable Policy Language
The Apcera policy language enables IT Operations and DevOps to
programmatically define and execute custom policy rules that best
suit their needs.
Auditing and Log Management
The Apcera Platform provides a rich set of logging and auditing
facilities to help developers and IT Operations troubleshoot and
debug deployed applications, services and cluster components.
Anything written to standard out (stdout) or standard error (stderr)
is captured in app logs. IT Operations can retrieve the trail of actions
that occurred on the system anytime for audit purposes thanks to
fine-grained monitoring of connections between apps and services,
and logging capabilities compatible with third party logging services.
Multi-Cloud Access Controls
The Apcera policy framework keeps pace with increasing app mobility
and enforces policy globally over heterogeneous IT. Each workload
is isolated by default with no network access, using policy to define
all permitted interactions between workloads. Discovery, addressing,
connecting and load balancing between internal and external apps
and services are governed by access control policies. This ensures
security compliance in multi-cloud and multi-tenant environments
that demand isolation.
Multi-Cloud
The developer experience is the same no matter which cloud
provider is used to deploy and run applications (AWS, Azure, VMware,
SoftLayer, GCE and OpenStack).
IT Operations combine multiple cloud providers and take full control
of their infrastructure needs. Organizations are never locked into
a single provider and have complete flexibility for deployment and
scaling.
Heterogeneous Multi-Cloud
Environment Support
Write once, deploy on any cloud. Apcera’s unique control plane
architecture enables multi-cloud resources to be brought together in
a single, homogeneous cluster. Policy can define which applications
(or application components) are allowed to run in each of the
underlying infrastructures. Choose to scale up applications and
services internally or externally through the supported clouds. This
ability provides ultimate flexibility and reduced costs so organizations
can scale their infrastructure as needed.
Application Mobility and Portability
Apcera's multi-cloud capabilities allow seamless migration of
workloads across IaaS providers and layers. Once an application is
deployed on the Apcera Platform, you can port it across any cloud in
the cluster—AWS, GCE, OpenStack, VMware, IBM SoftLayer, Digital
Ocean, and Azure. This includes the ability to scale the application
across clouds without the need for application-specific code.
Geographical Scalability
IT Operations can deploy clusters that span infrastructure providers
or regions for better availability and efficiency.
Global Policy Enforcement
Modern enterprise IT needs to be able to apply policies globally
across increasingly heterogeneous and complex IT environments.
Wherever workloads move between clouds, the policies and security
profile will follow.
Secure Programmable Inter-Cloud Networking
When deploying applications across different cloud platforms, it
is important to have a secure means of communication between
applications and services. Apcera uses an overlay networking layer
to automate network provisioning without having to involve network
operations groups. The overlay network takes responsibility for all of
the network management within the cluster, providing each container
a completely isolated view of the network.
Multi-Workload
Developers deploy cloud native and legacy applications, big data
workloads and operating systems to a single platform.
IT Operations achieve the highest data center and cloud utilization
using Apcera's automated "bin-packing" applications deployment.
The Apcera integrated scheduler takes into account the resource
6. W H I T E P A P E R | Apcera Platform Features
T H E T R U S T E D C L O U D P L AT F O R M 6
requirements of the workload (CPU, disk space, memory, or network),
scheduling tags, number of instances of the same workload already
running and the available resources of the hosts composing the
cluster to optimize placement.
Cloud Native Applications
With the Apcera Platform, developers can turn workloads into
scalable and modular cloud native applications that support scale-
out architectures. Cloud native applications are typically designed as
distributed applications with a shared-nothing architecture composed
of autonomous and stateless services that can horizontally scale and
communicate asynchronously via message queues. A cloud native
application typically has environmental variables which contain
deployment information for the application, such as which port to
listen on, storage location and communication settings with internal
and external services (e.g. a database).
Legacy Applications
Deploy or continue to use legacy applications while adopting
new cloud native technologies and frameworks. IT operators and
developers can create capsules to install and configure legacy
software as well as connect to other applications and services. This
allows IT operations to enforce policy even on legacy applications.
Web Applications
Apcera is a platform for building scalable web applications and mobile
backends. The Apcera Platform provides built-in services such as
databases, messaging systems and storage, and allows IT Operations
to connect to existing infrastructure services.
Big Data Workloads
Run and scale applications such as Apache Spark and Hadoop to run
complex queries on large data sets.
Operating Systems
Create dedicated containerized operating systems to run legacy
style hard-coded applications as you would on a physical or virtual
machine.
Enterprise-Ready
Developers continue to use the platform, deploy and run applications
without interruption or downtime, even when the underlying
infrastructure changes, parts of it fail, or when administrative tasks
such as upgrades or scalability measures are taking place.
The Apcera Platform supports out-off-the-box features that enterprise
IT Operations are already accustomed to such as LDAP integration,
simplified management and upgrades, security, and detailed
monitoring.
High-Availability and Zero-Downtime
Upgrades
The Apcera Platform can be easily upgraded in production without
downtime. Enterprises can deploy security patches and new features
without stopping workloads, dramatically improving application
availability.
Path Weighting for Seamless Deployment
Built in to the high-speed HTTP router of the system is the ability to
spread the load between instances of an application, as well as with
newer versions of the application. This allows you to perform A/B
testing as well as blue/green deployments.
LDAP, OAuth, and Crowd Integration
LDAP integration is a must-have in the enterprise. With built-in LDAP
integration, enterprise users can easily integrate the Apcera Platform
with Active Directory without managing additional authentication and
authorization mechanisms. OAuth such as Google Auth and Crowd are
also supported.
Automated Platform Installation and Scaling
Each component of the Apcera Platform can be configured to be
highly-available before or after installation. The platform can be scaled
on-prem or to any supported public cloud automatically via the Apcera
orchestration tool.
Comprehensive Platform Tooling and User
Interfaces
The Apcera Platform provides you with an intuitive web console,
command line utility, and RESTful API to control and manage the
system.
Secure Cloud Resources Segmentation
Developers deploy applications in their own private namespace, an
isolated environment from everything else in the cluster. If policy
allows, they can access IT operation-defined global namespaces to
manage the stages of the development lifecycle such as dev, test
and production. Dev, test and production environments look exactly
the same from the application perspective and its behavior is 100%
deterministic.
7. W H I T E P A P E R | Apcera Platform Features
T H E T R U S T E D C L O U D P L AT F O R M 7
About Apcera
The Apcera trusted cloud platform is a highly secure, policy-driven
multi-cloud platform for cloud-native applications, containers,
microservices and legacy applications. Apcera enables developers and
DevOps teams to use any modern tool or software they want while
giving IT and Operations teams the assurance that their infrastructure
is safe and secure. With Apcera, companies can innovate at speed
with full confidence and trust.
Global 2000 companies use Apcera to securely develop, deploy,
orchestrate and govern diverse workloads across multiple cloud
providers, resulting in lower cost, faster time to market, and mitigated
risk. Apcera is headquartered in San Francisco. For more information,
visit http://www.apcera.com, read the company’s blog or follow on
Twitter: @apcera.