Injustice - Developers Among Us (SciFiDevCon 2024)
Build and Run Cloud-Native Apps in Your Software-Defined Data Center
1. Build and Run Cloud-Native Apps
in Your Software-Defined Data Center
Kit Colbert, VMware, Inc
@KitColbert
CNA6649-S
#CNA6649
2. • This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
Disclaimer
CONFIDENTIAL 2
5. IT Drives These Changes
Compared to peers across the industry, high-performing IT organizations experience:
5
Source: https://puppetlabs.com/2015-devops-report
60x
fewer failures
168x
faster failure
recovery time
30x
more frequent
deployments
200x
shorter
lead times
CONFIDENTIAL
6. How to Get There
6
Application
Code
Running
Application
DevOps
Culture, practice
Automation, frequent updates
Secure, resilient, scalable
CONFIDENTIAL
9. VMware AppCatalyst
9
Download Technology Preview Now!
http://getappcatalyst.com
Built for Developers
AppCatalyst is REST API- and CLI-driven
for seamless integration with container-
and microservices-based workflows.
Free to Use
AppCatalyst is available at no cost to the
user, and ready for download today.
Ready for Cloud Native
AppCatalyst ships with Photon OS and
Vagrant, and supports Docker containers
out of the box.
CONFIDENTIAL
10. VMware AppCatalyst
10
Developer Desktop
VMware AppCatalyst
CLIRESTAPI
Network and Storage Abstractions
(coming soon)
Docker
Machine
Container Container Container
Container Container Container
Vagrant
or
Bring Your Own Linux
PHOTON OS
10CONFIDENTIAL
12. DevOps Enables High Business Performance
12
Source: State of DevOps Report, 2013 and 2014
High performers
are more agile
30x
Faster in shipping code
8,000x
Faster in completing
deployments
High performers
are more reliable
2x
The change success rate
12x
Faster meant time to recover
(MTTR)
High performers win
in the marketplace
2x
More likely to exceed profitability,
market share & productivity goals
50%
Higher market capitalization
growth over 3 years
CONFIDENTIAL
13. The Challenges of Continuous Delivery
13
Release Process with Agile Development
Production
Agile Software
Development with
Continuous Integration
Development
Test StageUAT
Load
Test
DevOps
Frequent release of
small sets of changes
Manual process and
inconsistent configurations
result in lengthy delivery and poor quality
Dev wants to push
quickly into production
Operations wants
stability
CONFIDENTIAL
14. vRealize Code Stream – Accelerate Application Delivery
14
• Eliminate the costs and errors associated with manual tasks and hand-offs
$$$
• Ensure a consistent, repeatable & predictable software release process
• Leverage the value from all of the tools in your software development release chain
CUSTOM
CONFIDENTIAL
16. Application Design is Changing
Properties of a Microservice
• Small code base
• Easy to scale, deploy and throw away
• Autonomous
• Resilient
Benefits of a Microservices Architecture
• A highly resilient, scalable and resource efficient
application
• Enables smaller development teams
• Teams free to use the right languages and
tools for the job
• Rapid application development
16
Monolithic/Layered Micro Services
CONFIDENTIAL
17. PaaS = Platform-as-a-Service
17
Source: http://wikibon.com/cloud-native-application-
platforms-structured-and-unstructured/
Structured
• Pre-integrated and tested solution
• Out-of-the-box functionality
• “Just works”, but may not offer specifics
you want
• Examples: Cloud Foundry, MS Azure,
Heroku, Google App Engine
Unstructured
• DIY combination of cloud-provided
services & homegrown tools
• Likely container-based
• Maximum flexibility, but can be expensive
to build
PaaS Platform - Visible to Developers
Message Bus / Queuing / Routing Service Brokers
Capacity Planning Logging Monitoring
Application Staging / Application Services
Application Scheduling
Container Scheduling
Service Discovery
Container Cluster Management
Container Networking
Container Runtime
Container OS
Container Runtime
Container OS
Physical Host (or VM) Physical Host (or VM)
DevOps Tools
Container Container Container
ConfigurationManagement
Marketplace/Image
Management
Security
Container Container Container
Two Ways to Implement
CONFIDENTIAL
24. Hardware
OS Kernel
OS File system
Userspace
Container
Appprocess
Appprocess
Appprocess
Appprocess
Appprocess
Container
Appprocess
Appprocess
Linux Containers
2424
OS-level Isolation
• Isolation at individual kernel subsystem
level (e.g. filesystem, process table, etc)
• User-level process (LXC, libcontainer)
orchestrates these subsystems to create
a container
Existed for Many Years
Solaris Zones, FreeBSD Jails, OpenVZ
Why?
• Process isolation
• Reproducible environment
• Enables management at scale
CONFIDENTIAL
25. is a “Shipping Container” for Code
Developers because …
• Frictionless deployment and maximum portability
On developer laptop:
Then on server:
That’s it!!
• A natural fit for 3rd Platform, 12 factor,
microservices
• It makes DevOps much, much easier
25
~# docker build my_app
~# docker push my_app
~#
~# docker pull my_app
~# docker run my_app
~#
CONFIDENTIAL
28. Cloud-Native Identity & Access Management
Identity, Authentication and
Authorization Server
LDAP, Kerberos, SAML, OAuth2.0, x.509
Scalable Architecture
Multi-master state-based replication
Multi-data center replication
Multi-Tenant
Multiple independent forests
Open Source
CONFIDENTIAL 28
29. Secure Container Runtime
Container Optimized Linux OS
Docker, rkt and Garden (Pivotal) support
Minimal footprint to run containers
vSphere Integration
Part of your vSphere install
Hypervisor-optimized container runtime
Updates from VMware
Enterprise support
Security and update patches from VMware
Open Source
CONFIDENTIAL 29
30. Uniting Technologies – Introducing vSphere Integrated Containers
30
• EXTENDING an existing vSphere environment
• Containers become a first-class citizen
• Industry-leading capabilities
• DRS, vMotion, HA/DR
• Storage and Network Integration (VSAN and NSX)
• NO rebuilding or re-architecture required
• Full compatibility with existing tools
• Broadest ecosystem
• Cloud-Native developer tools, application services,
and hardware platforms
“Cloud-Native Platform”
VMware vSphere
vSphere Integrated Containers
NSX
VSAN
vRealize
Instant Clone,
Project Bonneville, Photon OS
CONFIDENTIAL
31. vSphere Integrated Containers Before & After
31
Docker API
VMware ESX
PhotonOS
VMware ESX
PhotonOS
Shared Datastores
C1
Layer1
Layer2
Layer3
Image1
VM create, start,
stop, delete
docker run
docker stop
docker rm
VMware ESXVMware ESX
Shared Datastores
docker-machine1
VM created
w/ Docker Engine2
Docker
API
docker run3
DE
C1 C2
DE’
VI admin creates
Virtual Container
Host
1
C2
3
2
Virtual
Container
Host
(Resoure
Pool) and
Docker
Engine uVM
created
uVM
uVM
uVM
vCenter
Docker containers
are created inside
the VM
4 Instant
Clone!
4
Docker containers
created in uVMs via
Instant Clone
VMware ESX
PhotonOS
vCenter
CONFIDENTIAL
33. Select Customers Need an Optimized Approach for Cloud Scale
33
Focused Feature-set
Purpose-built for cloud native, it provides just
the features needed to provide a secure and
SLA-capable infrastructure for next-gen apps.
API-first Model
Built on clean, development-friendly APIs,
enabling consumption and operations to
automate heavily to handle massive scale.
Scale-out Control Plane
A scale-out control plane optimizes for the
creation of 1000s of simultaneous new
workloads while also delivering active-active
availability of system APIs.
New Economics
Enables new “pay for what you need, when
you need it” consumption model that is
better suited for large-scale deployments
with elastic and variable workload
requirements.
CONFIDENTIAL
34. A Different Approach – Introducing the VMware Photon Platform
34
New Platform Built from Ground Up and
Optimized for Containers
• Rich API Set
• Distributed management
• Streamlined and optimized hypervisor
Differentiating Benefits
• Speed – Spin-up in seconds
• Scale – Supports hundreds of thousands of
containers
• Movement – Fluid and dynamic
Core Components
• Photon Controller – Distributed Management,
Scheduling, Orchestration, Project Lightwave
• Photon Machine – Photon OS, Microvisor
“Cloud-Native Platform”
VMware Photon Platform
Photon Controller
Photon Machine
CONFIDENTIAL
35. What’s in Photon Platform
35
Cloud
Foundry
Docker Hadoop …
Deep integration with modern, open source
frameworks and application and data platforms
Photon Controller
Host controller and scheduler
Distributed, multi-tenant control plane,
includes Project Lightwave
Single API endpoint
Photon Machine
Compute host
Microvisor” based on ESX, includes Photon OS
Simple, stackable, replaceable hosts
API
@cloudnativeapps #vmwcna CONFIDENTIAL
36. Photon Platform Architecture
36
Photon Machine
PhotonOS
Photon Machine
PhotonOS
Photon Machine
PhotonOS
Photon API
Photon Controller
Clustered design
delivers massive
scale and high-
availability.
Combination of
local and/or shared
Photon Machine
datastores.
Photon Controller #2
Photon Controller #3
Photon Machine
Combination of
core ESX with
PhotonOS
Cloud Foundry API Kubernetes API
Create CF cluster
Create Kubernetes clustercf push
cf scale
kubectl create
kubectl get pods
Photon Controller #1
Cloud Foundry
Cluster
Kubernetes Cluster
CONFIDENTIAL
38. Container Networking
Containers Run Inside of VMs
• One VM per server per security domain
• Containers often behind NAT
• No container level networking
Does This Make Sense?
• It actually does…
38
Enterprise Model Today
VM
Container
Container
Container
Container
Hypervisor
VM
Container
Container
Container
Container
vSwitch
CONFIDENTIAL
39. Container Networking
Two Levels of vSwitch
• First layer vSwitch inside the container VM
• Second layer vSwitch inside the Hypervisor
• Container level networking
39
In the Future, Container Level Visibility
VM
Container
Container
Container
Container
Hypervisor
VM
Container
Container
Container
Container
vSwitch
vSwitch vSwitch
CONFIDENTIAL
44. Container Data Volumes
• Usage
– Contains persistent data for local containers
– Appears as folder within host’s file system
(e.g. “/mount/yourdata/”)
– Can locate on host or external storage
• Benefits
– Manage and preserve your stateful data
– Utilize storage platform data services
But…how do you preserve data
when moving apps between hosts?
Host
Container
Storage Platform
Container
Data
Volumes
45. Announcing vSphere Driver for Flocker 1.0!
• Run containerized stateful apps on your current vSphere deployment
using open-source Flocker software
• Move containers and attached data volumes between ESX VMs
• Compatible with ALL vSphere storage (VSAN, VVOL, VMFS, NFS)
• Straightforward install/configure/deploy process
• Free!
• Available at https://github.com/vmware/vsphere-flocker-driver
46. Native Docker on vSphere
CONFIDENTIAL
ESX VM2
Container
DB App
ESX VM1
Container
DB App
VMDK1
+ Container Volume
VMDK2
ESX VM2
Container
DB App
ESX VM1
Container
DB App
vSphere + Flocker
Move
Container
Move
Container
VMDK1 VMDK2Container Volume
VMDK
When container moves, data volume stays
on host VMDK. Database starts on new
VM without any of its data.
Data Volume stored on separate VMDK.
When container moves, VMDK moves with
it. Database keeps its data!
Datacenter-in-a-laptop, model production deployments on your laptop
Same battle-tested virtualization engine as Fusion and Workstation
Drop-in replacement for Virtualbox in Docker Machine and Vagrant
Developer-Friendly
Optimized to support developer workflows
Exposes REST API with command-line interface
No UI to mess with, built to run fast and mean
CI / CD and DevOps enables breakthrough business performance, according to the survey results from the 2013 and 2014 State of DevOps Report. This report is based on the answers from 9,200 and 4,000 survey responses respectively. The benefits of DevOps are clear and impressive: High performers are more agile, they are more reliable and most of all they win in the market place.
Over the past few years, Developers have adopted Agile methodologies to rapidly make changes to code. This process is called Continuous Integration where groups of changes are tested regularly to make sure the code is working correctly.
So now we have Development using agile or continuous integration, they want to push small sets of changes frequently into production and as a result Development became fast. However, the rest of the process has not changed and thus applications are still delivered late.
The challenges are now very different:
With the traditional release process, the challenge was the amount of change – and thus risk - hitting the production system. Now releases are very small and therefore they are much less risky. Even if a problem occurs in production, it is easier to identify the change and roll it back.
Also, the traditional release process moved in 1 or 3 months rhythms so the manual nature of the process was not a big problem since there was enough time. Now with many frequent releases the manual nature of the process becomes a major problem and a repeatable and consistent process is needed. In fact Gartner states that 40% of unplanned operations downtime is caused by operations errors (e.g. not performing an operations task or performing a task incorrectly)*.
In the end development became fast and they want to push changes quickly into production while operations has not changed yet and they view changes as a source of instability. This is why the conflict between Dev and Ops escalated over the last years and this of course is referred to as the DevOps conflict.
I am sure you see the same challenges in your organization?
-----
*Gartner, Roberta J. Witty, John P Morency, Survey Analysis: BCM Program Posture, 24 October 2013,
Pivotal Cloud Foundry (PCF) is Pivotal’s platform for deploying cloud-native apps, and can be used to deploy apps to the private cloud or the public cloud. It enables 3 key benefits that enterprises are in critical need of: the ability to deliver software fast, at internet scale and with confidence, knowing that the platform enforces constraints and encourages practices that will ensure application uptime, and availability.
PCF provides a collaboration platform for developers and operators to learn and use the same tools and practices across teams and across stages of application delivery, from development through testing and production deployment. Such consistency is key for effective devops.
Developer benefits include a rich and growing set of services for app development and dead simple app deployment with “cf push”. PCF also unlocks operational excellence in the enterprise, to handle Day 2 concerns for managing the software after it is in production. Operators need to be able to handle myriad concerns after software has been deployed to production, including ensuring high availability, enabling adaptive scalability to incoming load, providing security from threat vectors outside and inside the enterprise and managing software updates without downtime. Through integrated and automated features such as monitoring/logging, automatic scaling and health monitoring and high availability, the platform eliminates the need for teams to continue with manual workflows that are time consuming, inconsistent and error prone. It further obviates the need to cobble together tool chains to create a “platform”, which can present a substantial investment over its lifetime.
Finally, enterprises that leverage Pivotal Cloud Foundry can feel confident knowing that their investment in PCF gives them flexibility and choice in deploying PCF and their apps on any one of multiple underlying cloud infrastructure technologies.
Pivotal Cloud Foundry is based on open source Cloud Foundry, and now guided by the Cloud Foundry Foundation comprised of a plethora of industry leaders. VMWare is proud to have initiated the project and helped it grow over the years. In 2013, we helped create Pivotal and transferred stewardship of the project to Pivotal. Last year, in 2014, with the help of Pivotal, we helped recruit broad industry traction for the project, with companies representing over 1 trillion dollars of market cap, supporting its mission and direction. Finally, this year, we and the broader industry rejoiced, as the torch of stewardship for the project officially passed into the hands of the Cloud Foundry Foundation. With 1000s of developers across 50 countries, this is truly a global phenomenon!
We in the software industry are not the only ones excited by what the future holds for Cloud Foundry! Our counterparts in other industries are equally excited by the potential of Cloud Foundry to help them transform their businesses! <Allude to quotes from GE and JPMC>
https://www.docker.io/learn_more/
When Creating a Container:
Receives “docker run” API request.
Download any new image layers to datastore.
Select container VM IP.
Set up any network mappings for exposed ports.
Identify ESX host to run VM.
Use InstantClone to create “child” PhotonOS-Pico container VM with IP address.
Creates VMDKs representing container image (layers) and volumes, attach to the container VM.
Container VM executes the “entrypoint” command for the container image.
Handles further API requests (e.g., “docker stop, docker start, docker rm) with corresponding VM life-cycle operations.
VMware is committed to the OpenStack project.
VMware was the #4 contributor to OpenStack integrated projects in the Icehouse release.
VMware has a growing number of developers contributing to OpenStack.
Contributions span across a number of OpenStack projects listed in this slide.