View
60
Download
0
Category
Preview:
Citation preview
Red Hat OpenShift Enterprise
Giovanni GalloroCloud Solution Architect – Red Hatggalloro@redhat.com
Transforming Application Delivery with PaaS and Linux Containers
PaaS and Linux Containers Agenda
● Platform as a Service Capabilities● OpenShift Enterprise Architecture
– Linux Containers
– Docker
– Kubernetes
– RHEL Atomic Host
● OpenShift Application Deployment Flow● OpenShift Adoption● Containers Adoption Challenges and Red Hat Strategy
RED HAT CONFIDENTIAL | NDA ONLY11
CREATING DEFACTO STANDARDS
REGISTRY / CONTAINER DISCOVERY
CONTAINER FORMAT WITH DOCKER
ISOLATION WITH LINUX CONTAINERS
ORCHESTRATION WITH
KUBERNETES
Red Hat works with the open source community to drive standards for containerization.
WHAT ARE LINUX CONTAINERS?Software packaging concept that typically includes an application and all of its runtime dependencies.
● Easy to deploy and portable across host systems
● Isolates applications on a host operating system
● In RHEL, this is done through:– Control Groups (cgroups)– kernel namespaces– SELinux, sVirt– Docker
HOST OS
SERVER
CONTAINER
LIBS
APP
13
Traditional OS Containers
TRADITIONAL OS VS. CONTAINERS
HARDWARE
HOST OS
HARDWARE
HOST OS
CONTAINER
LIBS
APP A
LIBS A LIBS B LIBS LIBS
APP A APP B
CONTAINER
LIBS
APP B
WHAT DOCKER PROVIDES
● Multi-version packaging format and isolation
● Simplified container API (Docker libcontainer)
● Easy to create (Dockerfile)● Atomic deployment (Docker
images)● Large ecosystem (Docker Hub)
LINUX DOCKER CONTAINER LAYERING
● New images can be created by
adding layers
● Layering model allows for
specialization
● Base image and select number of
platform layers provided by Red Hat
● ISV images form the base of the
RHEL ecosystem
● Stack optimized for individual
application with minimal packaging
per layer
CONTAINERS DELIVER MANY BENEFITS
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NASource: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
Faster provisioning
Greater deployment flexibility
Ability to deliver/deploy applications faster
Greater application mobility/portability
69%
70%
72%
73%
How important are the following benefits of containers to your organization?
Critically or Very Important
73%
72%
70%
69%
KUBERNETES FOR CONTAINER ORCHESTRATION
● Container orchestration at scale
● Wiring of multi-container, multi-host application topologies
● Scheduling / placement● Manage container health
RED HAT ENTERPRISE LINUX ATOMIC HOST
IT IS RED HAT ENTERPRISE LINUX
OPTIMIZED FOR CONTAINERS
Minimized host environment tuned for running Linux containers while maintaining compatibility with Red Hat Enterprise Linux.
Inherits the complete hardware ecosystem, military-grade security, stability and reliability for which Red Hat Enterprise Linux is known.
MINIMIZEDFOOTPRINT
SIMPLIFIEDMAINTENANCE
ORCHESTRATIONAT SCALE
Atomic updating and rollback means it’s easy to deploy, update, and rollback using imaged-based technology.
Build composite applications by orchestrating multiple containers as microservices on a single host instance.
"Once we actually looked at and had all of the conversations with all the various
people, there was really only one choice and that was OpenShift".
The only people that actually understood what it was that we were talking about was the Red Hat guys. The Cloud Foundry guys
were good about talking about deploying Spring-based frameworks and, you know,
that sort of stuff, but once we ran the PoCs and had deeper conversations, there was
really only one choice."
Tony McGivern - CIO
OPENSHIFT ADOPTION @
LEADING ISV IN FINANCIAL SERVICES has built and Analytic cloud based platform on Openshift
70% Reduction in Apps Development time
60% Reduction in Maintenance Costs (simpler, faster and easier)
90% reduction in Time to Deploy models
6 Months running live in Production
5% - 40% increased decision accuracy
http://gartner.mediasite.com/Mediasite/Play/4c29e2287c7949cea4b4f8d0367410b01d?sc_cid=70160000000eGEFAA2&elq=997abd3fad6a49d4ae23e1c7136994bb
TOP CURRENT CONTAINER CHALLENGES
Training and Education (lack of skills)
Consistency (lack of standards)
Scalability
Lack of certification or digital structure
Management
Integration with existing development tools and processes
Variable performance
Security
29%31%32%35%35%
41%44%
53%
What are the top three challenges your organization has experienced so far in its use of containers?
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NASource: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
● Who built this image?● What’s its purpose?
Was it created to support a demo?
● Is it safe to consume?● Who maintains it?
NEED FOR A “CHAIN OF TRUST”
DOCKER HUB
docker search mongodb
RED HAT CONFIDENTIAL | NDA ONLY57
WHAT'S INSIDE THE CONTAINER MATTERS36% of official images in Docker Hub contain high priority security vulnerabilities
● High vulnerabilities: ShellShock (bash), Heartbleed (OpenSSL), etc.
● Medium vulnerabilities: Poodle (OpenSSL), etc.
● Low vulnerabilities: gcc: array memory allocations could cause integer overflow
All Images (n=962)0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
36%
28%
Medium priority
High priority
Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)
RED HAT CONFIDENTIAL | NDA ONLY59
RED HAT CONTAINER CERTIFICATIONUNTRUSTED
● Will what’s inside the containers compromise your infrastructure?
● How and when will apps and libraries be updated?
● Will it work from host to host?
RED HAT CERTIFIED ● Trusted source for the host and the
containers
● Trusted content inside the container with security fixes available as part of an enterprise lifecycle
● Portability across hosts
SIMPLIFYING CONTAINER ADOPTIONFOR PARTNERS
RED HAT CONFIDENTIAL | NDA ONLY65
TRUSTEDCONTAINER
CONTENT
PROVEN CONTAINER
PORTABILITY
INTEGRATEDAPPLICATION
DELIVERY
CONTAINERS FOR THE ENTERPRISE
Recommended