Strategies for Securing Availability and Optimizing Application Performance in the Cloud


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • In Red Hat fashion, we are leveraging the best of community-powered innovation to drive the development of OpenShift Origin. OpenShift Origin then becomes the “Upstream” project for Red Hat’s PaaS offerings, OpenShift Online and OpenShift Enterprise. These two enterprise-class PaaS solutions leverage the combination of the innovation provided by the community and the enterprise support provided by Red Hat. Whether you want to utilize PaaS in the public cloud, or on-premise, the OpenShift technology is available to you.<next slide>
  • OpenShift utilizes the RHEL instances and delegates them to one of two different functions.Some of the instances are designated as OpenShift Brokers which serve as the control plane, or management system, for the PaaS. Brokers can be configured in a redundant configuration for HA and failover. Utilizing messaging and automation technologies, the Brokers keep the PaaS running.The rest of the RHEL instances are designated as OpenShift Nodes and these instances are where user applications will reside.<next slide>
  • These slices of RHEL are called OpenShift Gears. OpenShift Gears are super-secure and highly efficient containers that host user applications in OpenShift. To the user, the Gear appears like an instance of RHEL. They can even SSH in to the gear. They can see their processes, their memory, and their filesystem, but they are prevented from seeing or impacting anyone else’s environment or the system as a whole.SELinux was built by Red Hat in conjunction with the National Security Agency in order to support some of their strict requirements. It is a “Deny everything, and allow by exception” policy subsystem that allows very strict control of what processes and users can do. In OpenShift, SELinux policies are used to enable hi security in a container based multitenant environment. Likewise, Control Groups are used to carefully control what resources an OpenShift Gear is able to consume. Cgroups allow Gears to consume CPU and RAM but also limits that consumption based on configurable policies. And finally NameSpaces are used to allow each Gear to have it’s own file system complete with the system directories that it may need including /tmp, /var, and others.Red Hat has been able to leverage these technologies to build a secure and yet efficient multi-tenant PaaS because Red Hat has incredible knowledge with respect to the Operating System underneath, Red Hat Enterprise Linux. With some of the best linux kernel coders in the world, Red Hat has used these smarts to build a cloud Platform-as-a-Service on top of the industry leading enterprise Linux operating system.OpenShift Gears represent the resulting benefit of leveraging this wealth of knowledge in the Operating System Platform to build a Cloud Application Platform that is both super-secure and highly efficient.<Optional statements>The OpenShift Gear-based architecture provides two other key benefits:Deploying multi-tenancy inside of RHEL Nodes allows many, many applications to be maintained by deploying maintenance to a much smaller set of RHEL Operating System instances. The Sys Admins job becomes much easier when they only need to patch and perform maintenance on a small number of nodes instead of 1000s of Virtual Machine instances (as would be the case with VM-based multi-tenancy).OpenShift also has the ability to “Idle” Gears that are not actively being used. In this situation the Broker will take a snapshot of an application Gear and write it to disk to take it out of RAM. Network connections are maintained so when an application URL is requested, the Gear will be “un-idled” and able to service the request quickly. This Idling technology allows many more Gears to be supported within one instance of RHEL because not all Gears will be active at the same time. Implemented for the OpenShift hosted service, this Idling capability is also beneficial to the enterprise that wants to optimize resource consumption as much as possible.<next slide>
  • So, let’s take a look at how a Developer would use OpenShift once the Brokers and Nodes are up and running.When a Developer wants to create a new application, the first thing to do is to instantiate a container for the application language runtime and middleware in the PaaS. With OpenShift the Developer can do this using their choice of interface. They can work from the command line via OpenShift’s RHC command-line tool set, they can work from the OpenShift Web Console interface, or they can work from their Eclipse-based IDE.When the Developer gives the command to create a new application, the OpenShift Broker looks at the Nodes, determines the best place to create the application based on resources and/or policy and then it creates the Gear for the user’s application and provides the connectivity information back to the user.<next slide>
  • As part of the application creation process, the user specifies what Language they want to program in and what middleware or database services they want to use. OpenShift installs these via OpenShift Cartridges. The OpenShift Cartridge technology is an extensible mechanism for providing application development services to the Developer.When database cartridges are installed in a second gear (the default configuration, BTW), OpenShift will automatically wire the two gears together on the network and it will automatically create the new datasource definition within the Jboss configuration, for example.<next slide>
  • OpenShift provides built-in Cartridges for most of the popular programming languages including Java, Ruby, Node.JS, PHP, Python, and Perl along with the many Frameworks that can be used with these languages. With OpenShift, Developers can pick the language that either is best suited to solve the problem at hand, or is the one that they are most comfortable with. Our goal is to allow Developers to work the way they want to work.OpenShift also provides MySQL and Postgres as relational database options and MongoDB as a NoSQL alternative.In addition to these built-in capabilities OpenShift also provides the ability to create Custom Cartridges so that a user can add their own desired middleware service.<next slide>
  • So, once the Gear is fully configured and Cartridges are installed, the Developer can then begin coding. As code is completed, the Developer pushes the code to OpenShift via the Git protocol. Git is a popular Source Code Control system used in the Open Source development world. A Git repository is created in the Gear and the Developer uses the Git “Push” command, or the IDE, to push the latest code into the repository over an SSH encrypted channel using the Git protocol.Depending on the programming language, once the code is pushed, the application will show the updates immediately. This accelerates the Application Development Lifecycle by providing immediate feedback on application changes.<next slide>
  • The advances that OpenShift provides in the automation of both the Application Development Lifecycle and the management and hosting of applications allow OpenShift help IT organizations take a step in the direction of implementing the IT Factory business model in order to increase efficiency and velocity. OpenShift becomes the Assembly Line for IT Services and Applications.<Next slide>
  • Strategies for Securing Availability and Optimizing Application Performance in the Cloud

    1. 1. Strategies for Securing Availability and Optimizing Application Performance in the Cloud Vijay Sarathy Oren Elias Red Hat Correlsense1 by
    2. 2. Agenda• PaaS and its relevance to the Enterprise• Overview of OpenShift – PaaS by Red Hat• PaaS management with Openshift• Improving application performance• SharePath demo• Conclusion/questions2 by
    3. 3. Housekeeping• Presentation will last 45 minutes• Submit questions via the chat window• Slides will be made available tomorrow3 by
    4. 4. Featured speakers Vijay Sarathy Director, OpenShift Partner Ecosystem Red Hat Oren Elias EVP, Strategy and Business Development Correlsense4 by
    5. 5. Introduction to Red Hat OpenShift5 by
    6. 6. Today’s IT Challenge IT is under Need to tremendous Constant accelerate, aut pressure from demand for omate, and the new services standardize Organization (new apps) developer to enable workflows growth6 by
    7. 7. Streamlining App Dev with PaaS Physical Virtualized With PaaSHow to Build an App: How to Build an App: How to Build an App:1. Have Idea 1. Have Idea 1. Have Idea2. Get Budget 2. Get Budget 2. Get Budget3. Submit hardware acquisition request 3. Submit VM Request request 3. Code4. Wait 4. Wait 4. Test5. Get Hardware 5. Deploy framework/appserver 5. Launch6. Rack and Stack Hardware 6. Deploy testing tools 6. Automatically Scale7. Install Operating System 7. Code8. Install Operating System 8. Test Patches/Fix-Packs 9. Configure Prod VMs9. Create user Accounts 10. Push to Prod10. Deploy framework/appserver 11. Launch11. Deploy testing tools 12. Request More Prod VMs to12. Code meet demand13. Test 13. Wait14. Configure Prod servers (and buy 14. Deploy app to new VMs them if needed) 15. Etc.15. Push to Prod16. Launch17. Order more servers to meet demand “The use of Platform-as-a-Service technologies will enable18. Wait…19. Deploy new servers IT organizations to become more agile and more20. Etc. responsive to the business needs.” –Gartner* 7 by
    8. 8. PaaS leverages automation technologies and a cloud architecture… Code Deploy Run Push-button Save Time and Money Deploy, and Code your app your App is running in the Cloud! …to drive Velocity, Efficiency, and Scalability in IT8 by
    9. 9. OpenShift is PaaS by Red Hat Multi-language, Auto-Scaling, Self-service, Elastic, Cloud Application Platform9 by
    10. 10. Red Hat’s OpenShift PaaS Offerings Open Source Project origin On-premise Public or Private Cloud Cloud Service Software10 by
    11. 11. The Foundation of OpenShift is Red HatEnterprise Linux Nodes are where User Applications live. Brokers keep OpenShift running. RHEL RHEL RHEL RHEL Brokers Node Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal11 by
    12. 12. OpenShift User Applications run in Gears OpenShift GEARS represent containers in RHEL secured by SE Linux policies and CGroups RHEL RHEL RHEL Broker Node Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal12 by
    13. 13. Developer Web ConsoleWorkflow Eclipse IDE Cmd Line A Developer creates a new application  OpenShift OpenShift creates a Gear Gear RHEL RHEL RHEL Broker Node Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal13 by
    14. 14. Cartridges automate Web ConsoleGear Configuration Eclipse IDE Cmd Line CARTRIDGES are how OpenShift installs Languages JBoss MySQL & Middleware RHEL RHEL RHEL Broker Node Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal14 by
    15. 15. Support forUser-Built Cartridges Java MySQL PHP CUSTOM Postgres Python Etc. Ruby Etc. Developers can add custom language, data-store, or middleware OpenShift Default with with a custom Cartridge. Cartridges AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal15 by
    16. 16. Now, Code and Push Git Protocol / ssh Push Developer pushes Code Git application code via Repo MySQL GIT source code JBoss management system RHEL RHEL RHEL Broker Node Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal16 by
    17. 17. OpenShift Automates theIT Assembly Line POWERED BY OPENSHIFT AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal17 by
    18. 18. OpenShift offers.. 1. Trust. OpenShift is built on proven Red Hat technologies. 2. Freedom. In OpenShift, work the way you want. • Choice of Interface: Web Console, Command-line, or IDE • Choice of Middleware: Java(EE6), Ruby, Node.js, PHP, Python, etc. • Choice of Cloud: Public, Private, or Hybrid Cloud • Choice of Scale: Automatic application scaling when needed 3. Openness. OpenShift’s open source software stack ensures application portability and No Lock-In.18 by
    19. 19. OpenShift Ecosystem - Enabling Choice19 by
    20. 20. Correlsense – OpenShift Integration20 by
    21. 21. The Changing Role of IT OpsPaaS poses new questions about application supportTraditional production deployment: Infrastructure Application Code Platform IT Ops Full control Full control No control Full responsibility Full responsibility No responsibility Dev No control No control Full control No responsibility No responsibility Full responsibility21 by
    22. 22. The Five Scenarios of Management in PaaS1. User experience monitoring2. Code level diagnostics3. Dependency mapping – where are my cartridges??4. Preparing to scale 1. Capacity planning 2. Gears and cartridges5. Intelligent scaling22 by
    23. 23. 1. User Experience Monitoring• When the app goes live, all the users care about is the user experience• 99.9% uptime is not enough. It’s all about response times now23 by
    24. 24. 2. Mind the Code• Diagnosing code in production is now a must!• Not just for developers. IT ops also need to isolate code related issues24 by
    25. 25. 2. Mind the Code (cont’d) Exception occurred Log4J Exception reporting25 by
    26. 26. 3. Where are My Cartridges?• Understand dependencies between cartridges and gears helps build better composite apps• How do you manage an app with 10 cartridges and 100 gears?26 by
    27. 27. Example - Auto-Detected Dependency MapA new cartridge is added and automatically mapped27 by
    28. 28. 4. Preparing to Scale• How do the cartridges affect workload?• Do we have ‘resource hogs’?• Which cartridges need to be scaled up/out?28 by
    29. 29. Example - Real Time View of Workload and SLAAbility to see ‘by gear’, ‘by tier’, ‘by cartridge’ and more29 by
    30. 30. 5. Auto-Scaling – the Holy Grail• Auto-scaling is done by concurrent users/threads• How about being able to auto-scale by response times or workloads?30 by
    31. 31. Example – Auto-Scaling By App ResponseTimes and SLAExample of auto-scale triggered by real user experience31 by
    32. 32. SharePath Demo32 by
    33. 33. Summary – Red Hat OpenShift + CorrelsenseWhy OpenShift for your Why Correlsense forEnterprise PaaS? Enterprise PaaS Management• Tested and Trustable • A management system that is ‘baked’ into the platform• Choice • Tools to serve both ops and• Openness dev – a common language • Wide coverage – support for all cartridges, not just Jboss33 by
    34. 34. Thank You. Questions? Additional Correlsense Info:    email: info@correlsense.com34 by