Upload
david-currie
View
156
Download
1
Embed Size (px)
Citation preview
InterConnect2017
Choosing a Container Platform for your WebSphere Applications
David Currie @[email protected]
Tom Banks @[email protected]
Please note
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.
The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming inthe user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
Agenda
Introduction
WebSphere Liberty Collectives
Docker Datacenter
IBM Spectrum Conductor for Containers
IBM Bluemix Container Service
Microservice Builder
Why Containers?
Better resource utilization than Virtual Machines
Isolation at the process rather than the operating system level
No performance overhead from hypervisor
Faster build and deployment
Smaller build artifacts and layering optimizations
Portability across environments
All dependencies packaged in image
Improved security and resilience
Isolation from host
Reduced capabilities
Resource usage constrained by control groups
Separation of concerns
Operations can treat containers as black boxes
Feb 2015: Support statement for Liberty and traditional running
under Docker
Developer licensed images on Docker Hub:
websphere-libertyibmcom/websphere-traditionalibmcom/ibm-http-server
Dockerfiles on GitHub:
github.com/WASdev/ci.dockergithub.com/WASdev/ci.docker.websphere-traditionalgithub.com/WASdev/ci.docker.ibm-http-server
WebSphere Developer Tools support
WebSphere and Docker
websphere-liberty
:kernel :webProfile7:javaee7 /
:latest
:webProfile6:beta
:microProfile
ubuntu:16.04 ibmjava:8-jre
Container Platform Criteria
Ease of management and monitoring for large numbers of disparate containers,distributed across multiple hosts
Container scheduling
Placement of containers on the most appropriate host based on constraints
Rescheduling if a container or entire hosts fails
Ability to rollout/rollback updates whilst maintaining availability
Deployment of multiple containers that form an application from version controlled configuration
Policies for placement, security, performance, HA
Routing of inbound and inter-container requests (service discovery and routing)
Authentication/authorization
DevOps deployment process
Uses the Liberty collective administration model
Deployment rules define Docker commands to execute locally for create/start/stop/delete
Servers join collectives enabling use of Intelligent Management capabilities e.g. dynamic routing and auto-scaling
WebSphere Administration –Docker Packaging/Isolation
IHS/PluginCollective Controller
Liberty Docker EngineDocker Engine Liberty
LibertyAdmin
HTTP
Docker Swarm Mode
Docker 1.12 made Swarm capability an option of the Docker engine aka swarm mode
RAFT consensus protocol implemented internally
Swarm creation is very simple
On initial manager: docker swarm init
--advertise-addr <ip>
On worker(s): docker swarm join
--token <token> <ip:port>
Managers act as CA (or use external CA) with mutual TLS between all nodes
Certificates are rotated automatically
Multi-container Deployment with Docker stacks
Docker 1.13: Docker Compose YAML version 3 includes support for Swarm mode services
docker stack deploy
--compose-file compose.yml myapp
Updates in subsequent deployments achieved via rolling updates to services
Routing mesh exposes ports on all swarm nodes (regardless of where containers are running)
Experimental ‘distributed application bundle’ replaces image names/tags with image digests to ensure reproducibility when moving between environments
version: '3'services:web:image: myappports:- "9080"deploy:mode:replicatedupdate_config:parallelism: 1delay: 10sreplicas: 2
db:image: mongo
compose.yml
▪ Commercially supported Docker Engine
▪ Universal Control Plane provides both classic Swarm and swarm mode
▪ Highly available Docker Trusted Registry
▪ Web UIs for operational management of nodes, images and containers
▪ Security• User and group-based authentication
(built-in or via LDAP/AD)• Access control based on labels
▪ Hostname based routing
▪ IBM reselling with L1 & L2 support: ibm.biz/ddc-announce
Docker Datacenter adds enterprise capabilities
Docker Datacenter
Docker Universal Control Plane
Integrated
Security
Docker EngineContainer runtime, orchestration, networking, volumes, plugins
Docker Trusted Registry
Operating
Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes
VirtualizationPublic Cloud Physical
Docker Datacenter
Kubernetes Project
Open source container orchestration platform
Inspired and informed by Google’s experiences
Clear governance model with Linux Foundation
Google driving roadmap with contributions from IBM, Huawei, Intel, Red Hat and many others
Operations rather than developer centric
Basic primitives support a rich set of features
Releases new versions every three months
New features preview in alpha/beta
Wide range of deployment options: bare metal, virtualized, private, public, hybrid, …
2013 2014 2015 2016
Apr 2015
The Borg Paper is published
Sep 2014
Kubernetes announced in Wired magazine
Jun 2014
Kubernetes 1st
GitHub commit
Mar 2013
Docker initial release
Oct 2013
CoreOS initial release
2008 …2006
2006
Google starts work on “Process Containers”
(renamed “cgroups”)
Jan 2008
cgroups merged into Linux (2.6.24)
2007
July 2015
CNCF Formed, K8s v1.0 released, donated to CNCF
Borg development inside Google
manifests/service.ymlmanifests/deploy.yml
Deployment
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 3
template:
metadata:
labels:
name: myapp
spec:
containers:
- name: myapp-container
image: myapp:latest
ports:
- containerPort: 9080
volumeMounts:
- name: certs
mountPath: /certs
- name: config
mountPath: /config/configDropins
volumes:
- name: certs
secret:
secretName: liberty-certs
- name: config
configMap:
name: liberty-config
apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
ports:
- port: 9080
selector:
name: myapp
$ kubectl apply -f manifests
IBM Spectrum Conductor for Containers
Self-managed Kubernetes offering from IBM on x86 or Power with free community edition
Simple container based installation with integrated orchestration and resource management
Authorization and access control (built-in user registry or LDAP/AD)
Private Docker registry
Dashboard UI
Metrics and log aggregation
Calico networking
Pre-populated app catalog
IBM Bluemix Container Service
Fully-managed hosted service for building and running containers
Private container registry pre-populated with IBM images (including WebSphere Liberty)
Volume service for persistent storage
Overlay networking providing non-routed IP addresses for every container and ability to bind public IPs
Easily configure and consume services, whether inside or outside of Bluemix
Scalable groups with integrated load balancing and auto-recovery
Vulnerability Advisor
Growing capabilities:
July 2015: Policy Violations/Vulnerable Packages
Nov 2015: Best Practice Improvements
Oct 2016: Security Misconfigurations
Nov 2016: Live Container Scanning
Jan 2017: Integration with IBM X-Force
Administrative control over deployments
Preconfigured metrics for memory, CPU and network I/O
Search across aggregated logs
Monitoring and Logging
Beta available March 20th. Service combines Docker and
Kubernetes to deliver powerful tools, an intuitive user
experience,and built-in security and isolation to enable rapid
delivery of applications all while leveraging Cloud Services
including cognitive capabilities from Watson.
www.ibm.com/cloud-computing/bluemix/containers
Intelligent Scheduling Automated rollouts and rollbacks Container Security & PrivacyDesign Your Own Cluster
Self-healing Horizontal scaling Leverages IBM Cloud & Watson Integrated Operational Tools
Service discovery & load balancing Secret & configuration management Simplified Cluster Management Native Kubernetes Experience
IBM Bluemix Container Service
Consistent Development and Deployment Experience
Common OSS architecture
IBM Spectrum Conductor for
Containersx86 and Power
On Premise Focus
Customer-managed IBM-managed
Common Programming models + Tools + Runtimes
SwiftFAILSAFE
IBM Bluemix Container Service
Bluemix Cloud
Containerized Applications
> bx dev create …
Microservice Builder (Beta)End-to-End user experience to develop and deliver microservices, hybrid and containerized apps
2
8
In 3 stepsCreate and Run your microservices, hybrid and
containerized apps Set up your environment, fabric
and DevOps pipeline in
Minutes
https://developer.ibm.com/microservice-builder
Innovate with
Summary
Introduction
WebSphere Liberty Collectives
Docker Datacenter
IBM Spectrum Conductor for Containers
IBM Containers
Microservice Builder
Notices and disclaimers
Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.”
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and
the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actionsthe customer may need to take to comply with such laws. IBM does not
provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
Notices and disclaimers continued
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular, purpose.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services®,Global Technology Services®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli® Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.