Going Atomic with your Container Infrastructure
-
Upload
red-hat-india-pvt-ltd -
Category
Internet
-
view
328 -
download
2
Transcript of Going Atomic with your Container Infrastructure
Going Atomic with your Container Infrastructure
Arvind Sharma
Solution Architect, Red Hat
8 October 2015
I.T. UNDER PRESSURE
CURRENT STATE
Manual processes
Inconsistent environments
Dependency hell
Legacy inheritance
Skills fragmentation
DESIRED STATE
Automation of processes
Environmental independence
Application autonomy
Modernization and expansion
Skill abstraction
CONCRETE SHOES OF RIGID PROCESSES AND INFRASTRUCTURE
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA
Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
69%
70%
72%
73%
75%
75%
Faster provisioning
Greater deployment flexibility
Ability to deliver/deploy applications faster
Greater application mobility/portability
Increased server consolidation/server efficiency
Better security through isolation
How important are the following benefits of containers to your organization?
Critically or Very Important
CONTAINERS DELIVER MANY BENEFITS
CONTAINERS DELIVER
FLEXIBILITY AND AGILITY
•WHY?
Deploy applications faster
Reduce efforts to deploy apps
Streamline development
Gain consistency between dev/test/prod environments
Lower deployment costs
Reduce overhead
More...
64%
64% are either using or
evaluating containers
for future use
Source: TechValidate survey of 383 global IT decision makers and professionals
67%
67% plan production
roll-outs over the next
two years
DOCKER NOT READY FOR
ENTERPRISE?
The world of containers doesn't
end with Docker
“The open-source app
containerization startup has built up
quite a bit of momentum, but it's still
not entirely ready for enterprise.”
Matt Weinberger
Computerworld | Feb 9, 2015
CONTAINER ADOPTION CHALLENGES
Organizations need a secure and reliable foundation on which they can run and
orchestrate multi-container based applications at scale
Containerizing the datacenter requires planning
CONTAINERS ARE AN OS
TECHNOLOGY
TRADITIONAL OS CONTAINERS
HARDWARE
OS
HARDWARE
HOST OS
CONTAINER
LIBS A LIBS B LIBS LIBS
CONTAINER
LIBS A
APP A
LIBS B
APP B APP B APP A
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA
Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
TOP CONTAINER CHALLENGES
29%
31%
32%
35%
35%
41%
44%
53%
Training and Education (lack of skills)
Consistency (lack of standards)
Scalability
Lack of certification or digital structure
Management
Integration with exsiting development tools andprocesses
Variable performance
Security
What are the top three challenges your organization has experienced so far in its use of containers?
Total mentions (sum of responses of '1', '2', and '3')
THE PROMISE: CONSISTENT DELIVERY FOR ANY LANGUAGE
public class HelloWorld {
public static void
main(String[] args) {
System.out.println
("Hello, World");
}
}
#include<stdio.h>
main()
{
printf("Hello World");
}
var http = require('http');
var server = http.createServer(
function (request, response) {
response.writeHead(200,
{"Content-Type": "text/plain"});
response.end("Hello World\n");
});
server.listen(8000);
$_ = "hello world";
$_ =~ s/^(\b\w)(\B\w+)\s(\D)(\D+)$/
\U$1\E$2 \U$3\E$4\!\n/;
print $_;
bash glibc
...
bash glibc
jre
libssl libv8
...
bash glibc
nodejs perl php
...
bash glibc
<?php Print "Hello, World!"; ?>
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD
THE REALITY:
SECURITY IMPLICATIONS
public class HelloWorld {
public static void
main(String[] args) {
System.out.println
("Hello, World");
}
}
#include<stdio.h>
main()
{
printf("Hello World");
}
var http = require('http');
var server = http.createServer(
function (request, response) {
response.writeHead(200,
{"Content-Type": "text/plain"});
response.end("Hello World\n");
});
server.listen(8000);
$_ = "hello world";
$_ =~ s/^(\b\w)(\B\w+)\s(\D)(\D+)$/
\U$1\E$2 \U$3\E$4\!\n/;
print $_;
bash glibc
...
bash glibc
jre
libssl libv8
...
bash glibc 4 6
nodejs perl php
...
bash glibc 4 6
4 6
4 6
66
29 5
5 29
? # of critical, important, and
moderate vulnerabilities
identified and fixed by Red Hat
over a 315 day period.
<?php Print "Hello, World!"; ?>
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD
All Images (n=962)
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
36%
28%
Medium priority
High priority
14
WHAT'S INSIDE THE CONTAINER
MATTERS 36% of official images in Docker Hub
contain high priority security vulnerabilities
High: ShellShock (bash), Heartbleed
(OpenSSL), etc.
Medium: Poodle (OpenSSL), etc.
Low: gcc: array memory allocations
could cause integer overflow
Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and
Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)
RED HAT CONTAINER CERTIFICATION
UNTRUSTED
Will what’s inside the containers compromise
your infrastructure?
How and when will apps and libraries be
updated?
Will it work from host to host?
RED HAT CERTIFIED
Trusted source for the host and the
containers
Trusted content inside the container with
security fixes available as part of an
enterprise lifecycle
Portability across hosts
MODERNIZE APP DELIVERY
STANDARDS AND AUTOMATION
CONSISTENCY
DEV, TEST, AND PRODUCTION
GAIN AGILITY
FLEXIBILITY AND OWNERSHIP
DEPLOY ANYWHERE
ACROSS OPEN HYBRID CLOUD
Develop, run, and manage container-based applications at scale
RED HAT CONTAINER SOLUTIONS
CREATING DEFACTO STANDARDS
REGISTRY /
CONTAINER
DISCOVERY
CONTAINER FORMAT
WITH DOCKER
ISOLATION WITH
LINUX CONTAINERS
ORCHESTRATION
WITH
KUBERNETES
Red Hat works with the open source community to drive standards for containerization.
PROVEN APPLICATION PORTABILITY
portability across environments
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD
portability across platforms
CONSISTENT ACROSS TRADITIONAL AND CLOUD-READY
APPLICATIONS
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD
CONTAINER-BASED APPLICATION DELIVERY SOLUTIONS
A continuum of solutions to develop, run, and manage container-based applications
RED HAT ATOMIC ENTERPRISE
PLATFORM
Run and orchestrate multi-container based applications at scale
• An integrated infrastructure platform
powered by Red Hat Enterprise Linux that
is designed to run, orchestrate, and scale
container-based applications and services
Easily manage and scale applications and
infrastructure through a managed cluster of
container hosts
Gain application resiliency and elasticity via
orchestration and service aggregation
OPENSHIFT ENTERPRISE by Red Hat
• An integrated hybrid cloud application
platform for application development and
deployment that facilitates DevOps and and
needs
• Develop, build, manage container based
applications with application lifecycle
experience
• Easily turn source code into running
management and a rich developer
applications with source-to-image
capabilities
Integrated hybrid cloud application platform for application development and deployment
RED HAT ATOMIC ENTERPRISE
PLATFORM AND OPENSHIFT 3
CONTAINER API
RHEL RHEL ATOMIC HOST
CONTAINER ORCHESTRATION AND
MANAGEMENT
CONTAINER CONTAINER CONTAINER
PHYSICAL INFRASTRUCTURE
LANGUAGE RUNTIMES, MIDDLEWARE,
DATABASES, AND OTHER SERVICES
DEVOPS TOOL AND EXPERIENCE
RED HAT CLOUD SUITE
FOR APPLICATIONS
• Solution providing both Infrastructure-as-
a-Service (IaaS) for massive scalability
and Platform-as-a-Service (PaaS) for
faster application delivery, combined with
a unified management framework that
supports hybrid deployment models
• Seamlessly manage from infrastructure to
applications
• Build scalable infrastructure based on
OpenStack
Run, orchestrate, and manage multi-container based applications
and scalable infrastructure at scale
Virtualization
IaaS
Hybrid
Managem
ent
PaaS
Containers
Cloud Instances
Virtual Machines
Red Hat Cloud Suite for Applications
CERTIFIED HARDWARE ECOSYSTEM
MIDDLEWARE AND MOBILITY SERVICES
CE
RT
IFIE
D A
PP
LIC
AT
ION
S V
IA IS
V E
CO
SY
ST
EM
RED HAT ENTERPRISE LINUX, INCLUDING ATOMIC HOST
Application lifecycle management
Continuous integration
Developer experience
Source-to-image
Unified management from bare metal to containers
Scalable infrastructure
Hybrid deployment management
Managed cluster of container-optimized hosts
Orchestration and service aggregation
Seamlessly manage from infrastructure to applications
Build scalable infrastructure based on OpenStack
Develop, build, and manage container-based
applications
Run and orchestrate multi-container based applications
at scale
MICROSERVICES-BASED APPLICATION
ARCHITECTURE Mon
go
DB Drup
al jetty
node
.js
tomc
at
ngin
x
Java
Perl Rub
y
Pyth
on
PHP SQL
CHOICE OF INFRASTRUCTURE
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD
FLEXIBILITY AND SCALE
CHOICE OF CONTENT
CHOICE OF HOST PLATFORMS
MICROSERVICES-BASED APPLICATION
ARCHITECTURE Mon
go
DB Drup
al jetty
node
.js
tomc
at
ngin
x
Java
Perl Rub
y
Pyth
on
PHP SQL
CHOICE OF INFRASTRUCTURE
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD
FLEXIBILITY AND SCALE
CHOICE OF CONTENT
CHOICE OF HOST PLATFORMS
CONTAINERS FOR THE ENTERPRISE
TRUSTED PORTABLE INTEGRATED
Red Hat transforms application delivery with the first credible
hybrid cloud platform for container-based applications and services.