Hitchhiker’s Guide to the Enterprise-Grade Platform

Agenda• SAP’s Journey• Speed• Multi-Cloud• Security• Other Topics

SAP’s Journey

About SAP• Focus on business applications since 1971• 20k+ developers in R&D• Helping customers with digitization

– IoT, Industrie 4.0– cloud offerings, e.g.:

• 2011: SuccessFactors (HCM)• 2012: Ariba (business network)• 2012: SAP HANA Cloud Platform (PaaS)• 2013: Hybris (E-Commerce)• 2014: Concur (travel)• 2015: SAP S/4 HANA (business suite)

How development evolved @SAPwaterfall agile devOps

monolith n-tier microservices

regular shipments continuousdelivery

physical servers virtualservers containers

datacenter hosted cloud

ownIaaS OpenStack multi cloud

proprietarytools open source&standards

What SAP needs to ensure• Help customers to digitize their business– fast, secure, scalable, non-disruptive

• 24x7 support – every day• Traceability / auditability / certification• Focus on differentiating technology• Engage in and use standards & open source

How to proceed with the learnings?

• Multiple options– Let others have the same experience

(“I've just had an unhappy love affair, so I don't see why anybody else should have a good time.”*)

– Be a good open source citizen and share the learnings

*Quotefromthenovel“Hitchhiker'sGuidetotheGalaxy”byDouglasAdams(1979)

Co-Innovation, Open Source and Standards• Learn from customers what is needed• Engage with strong partners to provide

customers with specific solutions• Contribute useful technology to open

source communities• Concentrate on differentiating

technologies and capabilities

SAP contributions to Cloud Foundry

Speed:Service Fabrik

*Quotefromthenovel“Hitchhiker'sGuidetotheGalaxy”byDouglasAdams(1979)

“therestofyou...keepbangingtherockstogether”*

Challenge• No default services available in off-the-shelf CF• Every provider needs to take care of this task• Service broker API leaves room to pick any

provisioning technology, but this also means, there is no built-in support/solution for this task

• Higher level capabilities like backup & restore or maintenance time windows are not covered

• Cloud controller model is minimal as well, especially in regards to version management

Requirements• Easily setup backing services• Inexpensive services for dev+test• Reliable, isolated and scalable HA/cluster

services for productive usage• Focus on a few provisiong technologies to

ease devops• Backup & Restore• Multiple versions and upgrade support for

services

Service Fabrik• Generic service broker and BOSH release• Supports Docker/Swarm- and BOSH-based

provisioning• Existing docker-boshrelease images can be

reused• Generic service instance dashboards• Automated stemcell & release updates• Backup&restore for OpenStack and AWS on

the way• Operations tooling on the way

https://github.com/SAP/service-fabrik-broker

Service Fabrik in a nutshellCFCLI

CloudController

Swarm BOSH

ServiceFabrikBroker++

Docker Docker DockerPostgreSQLDeployment

MongoDBDeployment

PostgreSQLDeployment

CloudCockpit PluginEnd-User-Facing

Backend

Agent

ServiceSpecificSecGrp

IaaSBlobStore

Agent Agent

Ops UI

Multi-Cloud:CF OpenStack Validator

“TherequirementslistedhereareconsiderednecessarybutnotsufficientforBOSHtobeabletouseyourOpenStackdeployment.Ifyoucannotperformanyoneofthesetaskssuccessfully,BOSHwillnotwork;however,satisfyingalltheserequirementsdoesnotensurethatBOSHwillwork.”*

*Noquotefrom“Hitchhiker'sGuidetotheGalaxy”,butfromhttps://docs.cloudfoundry.org/deploying/openstack/validate_openstack.html

Challenge• Run one Cloud Foundry installation in

various data centers• Will Cloud Foundry be installable and run

on the customers’ or partners’ OpenStack distribution?

• Deep BOSH expertise necessary for analysis of test results

Requirements• No deep BOSH expertise necessary• Should be easy to use• Error messages with actionable

description

SAP’s solution:CF OpenStack Validator• Response to the question “Will it run on

my OpenStack?”• executable + configuration file• actionable hints for non-BOSH-experts

https://github.com/cloudfoundry-incubator/cf-openstack-validator/

Security:IPSec

*Quotefromthenovel“Hitchhiker'sGuidetotheGalaxy”byDouglasAdams(1979)

”nothingtravelsfasterthanthespeedoflightwiththepossibleexceptionofbadnews,whichobeysitsownspeciallaws*”

Challenge• Attackers listening on network traffic

between nodes can read/modify data

Requirements• Encrypt all traffic between nodes (virtual

machines) so that an attacker listening “on the wire“ cannot read and/or modify data.

• Allow dynamic re-configuration in case of a security breach

• Solution should have no impact on scalability

BOSH Release for IPSecWhat SAP contributes• Can be used to e.g. encrypt all non-

encrypted communication inside CF deployment transparently for the communication partners

• To be used as co-deployment

https://github.com/SAP/ipsec-release

Other Topics

Lifecycle management of cloud native apps• Establish a standard for creating packaged

CF apps• Enable their deployment on all certified CF

platforms via a new deploy tool• Used within SAP to automate deployment,

blue-green deployment, deletion, etc.• Bring it into the Foundation and drive its

development with the community

Ramping up:CF auto scale and auto sleep• Collaboration with IBM

(auto scale)https://github.com/cloudfoundry-incubator/app-autoscaler

• Collaboration with Orange (auto sleep)https://github.com/cloudfoundry-community/autosleep

Diego & Abacus• Contributing to CF with 5 full time

committers

Thanks and DON’T PANIC!

Oh wait!

Here’s SAP’s formula with the answer to life, the universe, and

everything:

ComeandjoinSAPatbooth4 oroneoftheotherSAPsessions.You&theSAPcolleagueattheboothorthesessionwillfindout2-gether.

Yes,theansweris42J - still!

ContactInformationRuiNogueira(@ruinogueira)ProductManagerSAPHANACloudPlatform