View
864
Download
5
Category
Tags:
Preview:
DESCRIPTION
Recent advancements in OpenStack capabilities have made the cloud better tuned to enterprise needs by introducing much more flexible network designs and networking services, with the tradeoff of making the cloud more complex. In this session we will describe how we can leverage the power of the new networking advancement without exposing the complexity to the end user. We will present alternative approaches and their tradeoffs for automating the deployment of a typical n-tier enterprise application that include multi-tenant environment, separate network for admin and applications, cross region network, attach a floating IP, setup security groups etc. all through a combination of Heat, TOSCA, Chef, Puppet, and more.
Citation preview
When Network Meets Apps!Putting networking and application
together
Nati ShalomGigaSpaces @natishalom
Samuel BercoviciRadware@samuelbercovici
Agenda
• Overview of Networking and Apps• What’s Changed?• Putting Networking and Apps by
Example• Future Work
Let’s Start With Some
Basic Definitions..
Application
Application & Tiers
WebTier
MiddleTier
DBTier
Zoom into a Tier
Server (Physical/VM)
Operating System (RHEL 6.5 64bits)
Database System (MySQL)
Schema (Word-press)
IP Address
IP Address
TCP Port
Logical Connectivity
WebTier
MiddleTier
DBTier
Internet
Where is the network?
Backend ZoneDMZ
WebTier
MiddleTier
DBTier
Multicast/Broadcast, Isolation
Personal DataBusiness centerDMZ
WebTier
MiddleTier
DBTier
Multicast/Broadcast, Isolation
WebTier
MiddleTier
DBTier
Layer 3 Services
• Subnet• GW• IPAM – DHCP• DNS
• Subnet• GW• IPAM – DHCP• DNS
• Subnet• GW• IPAM – DHCP• DNS
WebTier
MiddleTier
DBTier
Availability
SLB
WebTier
MiddleTier
DBTier
Availability & Scalability
SLB
SLB
SLB
WebTier
MiddleTier
DBTier
Security, Availability & Scalability
SLB
SLB
SLB
FW
WebTier
MiddleTier
DBTier
Management
SLB
SLB
SLB
FW
VPN Monitoring, CI
Expertise & Responsibilities
• Network / Security Manager– Network (L2, L3)– Network Services (Router, NAT, DHCP, DNS, LB)– Network Security (FW, VPN)
• IT / Application Manager– Server– Operating System– Software Stack– Application Artifacts– Server’s Security
Load Balancer - Management
• Network based– L2 and L3– L4 Load balancing
• Application based– Cookie based, L7 Content
Switching, L7 Content Modifications, etc.
Network Manager
Network Manager ? Application Manager ?
What’s Changed?
Everything is Software Defined
We Can Automate Everything..
Orchestration Networking
Compute
Neutron/Nova APIs
• Layer 2 networks• Layer 3 subnets
– IP address management – DHCP based– Router / gateway / NAT
• Port• Security groups• Floating IP
• Layer 4-7 Services– Load balancing– VPN– Firewall
Putting Network and Apps Together by Example
HEAT
• OpenStack Orchestration
TOSCA
• Topology• Orchestration• Specification of• Cloud• Application
Apache Server DB Server
Apache
WordpressMySQL
WordPress Simple Example• App Network• App Subnet• App Port• Security Group• Apache Floating IP• Router Gateway
• Data Network• Data Subnet• Data Port• Security Group
Router
Network Topology View
Heat Topology View
Heat Template
Apache Server DB Server
NodeJS
NodeCellerMongoDB
TOSCA (Like) Example• App Network• App Subnet• App Port• Security Group• Apache Floating IP• Router Gateway
• Data Network• Data Subnet• Data Port• Security Group
Router
Monitoring, Logging CI
Network View
Topology View
TOSCA (Like) Blueprint
Adding AutoScaling & Avaliability..
Scalability & AvailabilityRouter
L3
Tenant1 Network
Tenant1 Project
VIP1
Management Network
Web VM3
VIP1VIP1
Alteon VA Project
VM4
VM5
AutoScaling - Heat Template
• web_server_group - OS::Heat::AutoScalingGroup• web_server_scaleup_policy - OS::Heat::ScalingPolicy• web_server_scaledown_policy - OS::Heat::ScalingPolicy• cpu_alarm_high - OS::Ceilometer::Alarm• cpu_alarm_low - OS::Ceilometer::Alarm• monitor - OS::Neutron::HealthMonitor• pool - OS::Neutron::Pool• lb - OS::Neutron::LoadBalancer
So far so good, but...
Considering Real Life Scenarios
Continuous Availability Across AZ’s and Regions– Adding Affinity Rules for Compute,
Storage– Auto-Scaling, etc.
Continuous Deployment – Updating policies and workflow– Creating new deployments every day
Real Life Example
(HP Print)
• 30 HP Helion Public Cloud accounts
• 500+ compute instances
• 1400 Peak deployments per day
• 100+ compute instances per management cluster
• 100x developers doing deployments in a consistent fashion
• <2H Move from HP Helion Public Cloud tenant to a fully provisioned and deployed service
Networking and Apps in Real Life...
Future work..
Putting TOSCA and
HEAT Closer..
• TOSCA HEAT Translator Project (IBM, GigaSpaces, Huawei, Vnomic ..)
• TOSCA enablement in Heat Juno• Integrating
Cloudify and Heat
Group Based Policies
• Addressing Network Requirements from the application perspective• Delegation of
Responsibilities
References
• Examples (Step by Step Guide)– Heat Example– TOSCA (like) Example
• TOSCA Translator Project– Git Project
• OpenStack Heat Project• Cloudify – getcloudify.org• Radware Load Balancing as a Service • Group Based Policies – GPB• AutoScaling Policies – Heat Template
Recommended