VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
-
Upload
vmworld -
Category
Technology
-
view
166 -
download
1
Transcript of VMworld 2014: The Software-Defined Datacenter, VMs, and Containers
The Software-defined Datacenter, VMs, and Containers: A “Better Together” Story
SDDC3327
Kit Colbert, VMware, Inc
Disclaimer • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
CONFIDENTIAL 2
Agenda
CONFIDENTIAL 3
1 Context
2 Unified Infrastructure Fabric
3 Unified Cloud Management
4 3rd Platform Application Stack
5 Summary
Hardware
OS Kernel
OS File system
Use
rspa
ce
Container
App
pro
cess
App
pro
cess
App
pro
cess
App
pro
cess
App
pro
cess
Container
App
pro
cess
App
pro
cess
Linux Containers
5 5
OS-level Isolation • Isolation at individual kernel subsystem
level (e.g. filesystem, process table, etc) • User-level process (LXC, libcontainer)
orchestrates these subsystems to create a container
Existed for Many Years • Solaris Zones, FreeBSD Jails, OpenVZ
Why? • Process isolation
• Reproducible environment • Enables management at scale
The Problem in 2014
Sta$c website
Web frontend
User DB Queue Analy$cs DB
Background workers API endpoint
nginx 1.5 + modsecurity + openssl + bootstrap 2
postgresql + pgv8 + v8 hadoop + hive + thriJ + OpenJDK
Ruby + Rails + sass + Unicorn
Redis + redis-‐sen$nel
Python 3.0 + celery + pyredis + libcurl + ffmpeg + libopencv + nodejs + phantomjs
Python 2.7 + Flask + pyredis + celery + psycopg + postgresql-‐client
Development VM
QA Server Public Cloud
Disaster Recovery
Contributor’s Laptop Produc$on Servers
Multiplicity of Stacks
Multiplicity of hardware
environments
Produc$on VM Cluster
Customer Data Center
Do services and apps interact
appropriately?
Can I migrate
smoothly and quickly?
6 6
Let’s create a shipping container system for applications
Multiplicity of Stacks
Multiplicity of hardware
environments
Do services and apps interact
appropriately?
Can I migrate
smoothly and quickly?
Sta$c website Web frontend User DB Queue Analy$cs DB
Development VM QA Server Public Cloud Contributor’s Laptop
Produc$on VM Cluster
Customer Data Center
An engine that enables any payload to be encapsulated as a lightweight, portable, self-sufficient container…
…that can be manipulated using standard operations and run consistently on virtually any hardware platform
7 7
Container Fits Well with DevOps Lifecycle
8
Development
Package & Repository
Test Automation
Integrated Dev. Env.
Continuous Integration
UAT
Continuous Delivery Platform
Production Sys. Int. Test
Code Dev & Check-in
Build, Integration and Testing
Repository Mgmt
Deployment & Testing
Promotion & Governance
Production Deployment
Build & Integration
is a “Shipping Container” for Code
9
Ops ♥ Consistent operations on code Uniform start, stop, logging, monitoring
Devs ♥ Consistent environment OS, libs, layering on other containers
9
ü On-premise
ü Client-server, stateful, scaleup
ü Tier 1/Converged HW
ü Classic NAS & SAN
ü Relies on infrastructure availability
ü Human-driven
The Rise of Third Platform Applications
10
ü On/Off premise
ü Elastic, stateless, scale-out
ü Commodity/disaggregated HW
ü DAS, HDFS, Object, Flash, NVM
ü Built-in application resiliency
ü API-Driven/DevOps infrastructure
Implication: Separate Stacks, Higher CapEx & OpEx
12
Management Management
Infrastructure Infrastructure
VMs Containers
Instead, Containers AND VMs!
13
Unified Cloud Management
Unified Infrastructure Fabric
VMs Containers
Unified Infrastructure Fabric (ex. ESX, NSX, SDS)
Unified Cloud Management (ex. vCAC, vCOps, Log Insight)
Containers VMs
Containers Without Compromise
14
Open Containers API
Single Platform for VMs and Containers
Consistent developer & deployment experience
Common management, monitoring, compliance across all applications
• ‘Better-than-physical’ compute layer • Network & security controls for containers • SDS: data persistence, backup, SLA
management
Enable 2-tier scheduler model; integration with Kubernetes, Pivotal CF, and other schedulers
Section 2: Unified Infrastructure Fabric
15
Unified Cloud Management
Unified Infrastructure Fabric
VMs Containers
VM and Container Isolation are Better Together
16
VMs Containers
• Hardware level isolation • Focused on security and
multi-tenancy • 15 years in production,
battle tested
• OS level isolation • Focused on environmental
consistency • Emerging, still maturing
Great for security Great for reproducibility
VMs rs
Best of both worlds
VMs are Lightweight and Efficient
17
Forking
Fast Sub-second VM provisioning time
Ready to Go Clone a running container in warmed up state
Efficient Lower resource usage through sharing
Binaries & Libraries
App A
OS
VM Debunk the Myth • VM overhead < 5% • VM is lightweight • OS tends to be heavier Looking ahead • Thinner OS emerging • Project Fargo
Containers & VMware NSX
• Unified operational model for VMs & containers
• Programmable, datacenter-wide connectivity
• Enterprise-grade security with micro-segmentation.
• Native Open vSwitch support for containers
18
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical Firewall
Logical Load Balancer
Logical L3
Logical VPN
Any Hypervisor
Distributed and Reliable Storage for Container
HOST
Stateless Container
HOST HOST HOST
Stateless Container
HOST
VSAN Distribute, Reliable Storage Snapshots, Clones, QoS, Remote Replication
Boot Image
Boot Image
Boot Image
Container PROVISIONING AND MANAGEMENT • Simple data persistence
• Easy deployment of containers on cluster
• Reliable, high performance storage
• Tolerant of host/disk failures
• Fast container create leveraging snapshots and clones in VSAN
• Quality of Service Controls
Stateless Container
Boot Image
Stateless Container
Boot Image
DBs Traditional Apps
Sharing Infrastructure Efficiently
20
Container cluster
• Unified platform to run all your apps • Dynamically allocate resource based on demands and SLA • Strong security and performance isolation
Database cluster Traditional Apps
Silo’ed cluster leads to server/cluster sprawling, increases cost
Scenario 1: Multiple workloads Scenario 2: Multiple tenants
Containerized apps Tenant/LOB 1
Tenant 1 Tenant 2 Tenant 3
Data Center Virtualization SDDC Platform
Hybrid Platform
21
vCloud Air Data Centers
On-premises Data Centers
Data
vCloud Plug-in
Security
Apps, Tools, Services Multi- tenant
Secure Connectivity
Management
Dedicated
Software-Defined Data Center
Section 3: Unified Cloud Management
22
Unified Cloud Management
Unified Infrastructure Fabric
VMs Containers
Container Fits Well with Devops Lifecycle
23
Development
Package & Repository
Test Automation
Integrated Dev. Env.
Continuous Integration
UAT
Continuous Delivery Platform
Production Sys. Int. Test
Code Dev & Check-in
Build, Integration and Testing
Repository Mgmt
Deployment & Testing
Promotion & Governance
Production Deployment
Build & Integration
Manage VMs and Containers at Scale is Key
24
ü On-premise
ü Client-server, stateful, scaleup
ü Tier 1/Converged HW
ü Classic NAS & SAN
ü Relies on infrastructure availability
ü Human-driven
ü On/Off premise
ü Elastic, stateless, scale-out
ü Commodity/disaggregated HW
ü DAS, HDFS, Object, Flash, NVM
ü Built-in application resiliency
ü API-Driven/DevOps infrastructure
Web tier
App tier
DB tier
Load Balancer Authentication Session
Store Licensing
Monitoring Provisioning
DNS Content Database x3
Web Server
x3
…
Separation of Infrastructure and Apps Concerns
25
Developers “Write code, not tickets”
Infrastructure Team “IT as a service provider”
Focus Deliver IT resources to rest of company
Challenge Agility for devs, while maintaining control
Role Enable rapid delivery of dev sandboxes, pre-provision
3rd Platform Services (Kubernetes, Pivotal CF, etc)
Focus Frictionless development, rapid innovation
Challenge Write code, without worrying about infrastructure details
Role Self-service access to new resources (i.e. new cluster),
comply with company policies and regulations
Separation of Infrastructure and Apps Concerns
Developers “Write code, not tickets”
Infrastructure Team “IT as a service provider”
Focus Deliver IT resources to rest of company
Challenge Agility for devs, while maintaining control
Role Enable rapid delivery of dev sandboxes, pre-provision
3rd Platform Services (Kubernetes, Pivotal CF, etc)
Focus Frictionless development, rapid innovation
Challenge Write code, without worrying about infrastructure details
Role Self-service access to new resources (i.e. new cluster),
comply with company policies and regulations
Architecturally, makes sense to separate infrastructure and app management
Infrastructure Management
Infrequent/no access by developers; devs
shouldn’t care
Application Management
Lightweight, fast; call infrastructure manager
when needed
26
Lifecycle: Self-service, Governance, Automation
27
Data Center Virtualization SDDC Platform
Benefit: Common portal, catalog, permissions for developers and LOB Self-Service
Benefit: Compliance consistently enforced across entire datacenter Governance
Benefit: Same tools for automating traditional and new app lifecycles Automation
DBs Traditional Apps Containerized apps Tenant/LOB 1
Operations: Service Availability and Traceability
28
Hardware
vSphere, NSX, vSAN/vVOL
OS
App
Virtual HW
OS Virtual HW
App
Lib
App
Lib
App
Lib
App
Lib
Performance monitoring
Capacity management
Log management …
Instrument all layers of stack
Inputs: Metrics and log data
Delivering better service levels,
availability, root cause analysis, …
L i n u x O S
Ap p
Lib
Ap p
Lib
Ap p
Lib
Section 4: 3rd Platform Application Stack
29
Unified Cloud Management
Unified Infrastructure Fabric
VMs Containers
The Rise of Third Platform Applications
30
ü On-premise
ü Client-server, stateful, scaleup
ü Tier 1/Converged HW
ü Classic NAS & SAN
ü Relies on infrastructure availability
ü Human-driven
ü On/Off premise
ü Elastic, stateless, scale-out
ü Commodity/disaggregated HW
ü DAS, HDFS, Object, Flash, NVM
ü Built-in application resiliency
ü API-Driven/DevOps infrastructure
Management vCloud Automation Center,
vCenter Operations, Log Insight
Container Repositories
3rd Platform Apps Stack & DevOps Process
31
Container-optimized Linux
Container Packaging
Container Cluster Scheduler
App Definition, Policies, and Provisioning
Infrastructure ESXi, NSX, Virtual SAN vCloud Hybrid Service
Developer Production
Dev’s Laptop
Optional: Type 2 Hypervisor
Linux
Developer Tools
Container Packaging
Open Ecosystem: 3rd Platform Developer Stack
32
Management vCloud Automation Center,
vCenter Operations, Log Insight
Container-optimized Linux
Container Packaging
Container Cluster Scheduler
App Definition, Policies, and Provisioning
Infrastructure ESXi, NSX, Virtual SAN vCloud Hybrid Service
Developer Production
Container Repositories
Dev’s Laptop
Optional: Type 2 Hypervisor
Linux
Developer Tools
Container Packaging
E.g. Hashicorp Vagrant, Jenkins, github, etc
E.g. Docker/Docker Hub
E.g. RedHat, Ubuntu, Boot2Docker
E.g. Fusion, Workstation, Player, VirtualBox
Container Repositories
Developer Production
Dev’s Laptop
Optional: Type 2 Hypervisor
Linux
Developer Tools
Container Packaging
Open Ecosystem: 3rd Platform Production Stack
E.g. Pivotal CF, Fig Terraform, Shipyard
E.g. Kubernetes, libswarm, Mesos, Fleet
E.g. CoreOS, Atomic, Ubuntu
Management vCloud Automation Center,
vCenter Operations, Log Insight
Container-optimized Linux
Container Packaging
Container Cluster Scheduler
App Definition, Policies, and Provisioning
Infrastructure ESXi, NSX, Virtual SAN vCloud Hybrid Service
E.g. Docker
33
Containers at Google
• Everything at Google runs in Linux application containers • A decade of production container experience • We start more than 2 billion a week
• Containers have changed the game • Separation of infra and applications ops • Increased efficiency
35
A few lessons learned... 1: Declarative trumps imperative Imperative: run this container on this server Declarative: run between 2 and 100 copies; keep latency < 2ms
Pros • Repeatable and eventually consistent deployment and update • Fire-and-forget app management (self scaling, self healing) • Dynamic scheduling yields better efficiency
Cons • Tracing action/reaction can be hard (“is it done?”) • Diagnostics can be tough (“what happened?”)
So • We need a cluster manager • Strong integration with container metrics, logging, etc helps
36
A few things we have learned... 2: Prepare for more production services
The system known as Borg made it easier to run production services at scale...so our engineers wrote a lot more
Pros • Strong shift to dev and away from ops • Radically simpler infrastructure operations
But… • Governance gets harder as service number increases • Managing, finding, versioning
So… • We need a cluster manager • It needs mechanism to deal with large numbers of services
37
So we created Kubernetes...
• OSS project created by Google, but owned by the community
• Google style cluster management • Move from static containers to dynamic management
lightweight modular/ extensible portable
: 38
And where do VMs fit in?
• Needed to run untrusted and unconstrained workloads • Linux syscall layer is large and difficult to defend • VMs surface can be aggressively defended • VMware has been doing this for 15 years • Critical for multi-tenant cloud use with untrusted tenants • E.g. VMware vCloud Air
• In Google Cloud Platform • VMs create ‘idealized’ infrastructure • Containers package and run applications
• Kubernetes stitched together VMs to create a mini-Google cluster
39
What is next?
• Make it work everywhere • Operationalize • Extend services for distributed systems development
40
42 © Copyright 2014 Pivotal. All rights reserved.
Core Application Patterns Are Changing Pick 2 of the next 5 slides and delete the rest.
43 © Copyright 2014 Pivotal. All rights reserved.
To Do List � Application and Data Services Centric Platform – Transform human centric data center processes into a software
factory
� Move towards real time deployment scaling and operations; final step in virtual revolution…
� Focus on ease of deployment, but deliver exceptional operational benefits
44 © Copyright 2014 Pivotal. All rights reserved.
Why Containers are Essential � Speed: seconds vs. minutes – Seconds to health management – Seconds to deployment – Seconds to scaling
� Units of currency – Leverage Docker popularity and simplicity for apps and data
services – Push and application artifact (.WAR) or a Docker image
45 © Copyright 2014 Pivotal. All rights reserved.
From Data Center to Software Factory Application
Containerization & Cluster Scheduling
Native and Extended Data
Services
Automatic App Server & OS Configuration with
Buildpacks
Policy, Identity and Roles Management
App Health Management, Load Balancing, Rapid Scaling, Availability Zones
IaaS Provisioning, Scaling & Configuration
Application Network Security
Groups
Application to Services
Binding and Access
Logging as a service, Application metrics & performance, Metric based scaling
Case study: ITBM leveraging containers on SDDC and vCloud Air
49
In our front-end, over dozen micro-services run in Docker containers on CoreOS VMs: • Web Server x3 • Database x3 • Content • Load Balancer • Session Store • Authentication • Licensing • DNS • Provisioning • Monitoring • …
Registry
Cluster Cluster
DNS
• Our backend is processing customer data, acquiring more data from online sources, and generating content for the front-end
• It is also validating the content and serves as staging environment
• Some services use fleet and some are managed by Mesos
fleet & etcd
Cluster Cluster
Mesos
HDFS
Cluster
Registry Jenkins
Binaries and content are packaged in Docker containers during build and moved to staging and pro-duction using Jenkins Pipeline
vCloud Air Data Center Virtualization
SDDC Platform
Data Center Virtualization SDDC Platform
Case Study: ITBM Leveraging Containers on SDDC & vCloud Air
50
fleet & etcd
Cluster Cluster
Mesos
HDFS
Registry
Cluster Cluster
DNS
Registry
IT Benchmarking Service (ITBM) SaaS application to measure IT process against peers or common recognized patterns • Build and content generation on private cloud (SDDC), Customer-facing modules on vCloud Air • All services running in Dockers on CoreOS VMs
vCloud Air
Software-Defined Data Center
• Single platform for running and managing traditional + modern apps
• Enterprise grade: security, performance, operational efficiency
• Ability to extend applications to the hybrid cloud
• Support for community-led projects (Big Data, OpenStack, containers)
51
The Open Platform for Modern Applications
VMware Bridges These Two Worlds
Resilience Security
QoS
Openness Portability
Agility
Traditional Apps Modern Apps
OS App
Virt. HW OS App
Virt. HW OS App
Virt. HW OS App
Virt. HW
App
Container OS
App
OpenStack API Open Container API
Software-Defined Data Center
ESXi, NSX, VSAN
On-premise Off-premise
IT Faces Conflicting Demands
In Summary • VMware is focused on helping companies run and manage their applications,
whether they are packaged in VMs or containers
• A software-defined datacenter is the best place to run and manage all application types
• Docker, Google, Pivotal, VMware are working together to help companies efficiently run and operationalize containerized applications
52
Unified Infrastructure Fabric (ex. ESXi, NSX, Software-Defined Storage)
Unified Cloud Management (ex. vCloud Automation Center, vCenter Operations, Log Insight)
Extends to management of
containers running on physical hosts
2nd Platform App Stack Infrastructure Control
• vSphere (VCenter/HA/DRS/…) • SRM (DR) • 3rd-party integrations w.
vSphere
3rd Platform App Stack Infrastructure Control
• Kubernetes, Yarn, Mesos, … • Pivotal, BOSH
2nd vs 3rd Platform Apps: The Value Prop Changes
54
Open Containers API 2nd Platform App Stack Infrastructure
Control Plane • Scheduling &
placement (DRS) • Resource controls
(SIOC, NIOC) • High availability (HA,
FT) • Mobility (vMotion) • Disaster recovery
(SRM) • Authentication • Logging/Audit • Etc…
3rd Platform App Stack
Infrastructure Control • Scheduling • Resource Controls • Load balancing,
routing • Service registration • Service discovery • Availability • Authentication • Logging/auditing • Data persistence
Fill out a survey Every completed survey is entered into a
drawing for a $25 VMware company store gift certificate