Accelerate Digital
Transformation with IBM
Cloud Private
Michael Elder
IBM Distinguished Engineer, IBM Cloud Private
@mdelder
Get these slides @
http://ibm.biz/ibm-cloud-private-intro

Purpose
Client needs, concerns being addressed, value

Application
Portfolio
Customer Information
Payment Systems
Business Process
Evolution to Cloud-
based Application
• Base Virtualization with
Standardization &
Automation
On-premises | Off-premises
VMs | Containers | aPaaS | iPaaS
Event Driven
Transformation uses multiple concurrent approaches
… to minimize risk & cost while leveraging new & existing investments to innovate & differentiate
• Cloud native
• Loosely-Coupled
• 12-factor
• Horizontal Scaling
• Eventually consistent
• Microservices
• Auto-scaling
• DevOps & CI
• Self-recovering
➡ Lift-Standardize-Consolidate-Automate-Shift
➡ Contain-Expose-Extend
➡ Refactor/Create as Cloud-Native/Microservices
New Applications
➡ Data Classification, Movement & Governance
Bare metal, VMs, Containers, Automation - SDDC
API Creation & Management, Connectivity & Integration
Event-Driven, aPaas, Containers, Microservices
Cognitive Data Classification, High-volume data transfer,
Metadata Management

Web Page
Java
UI
Portal
Mobile
MS SQL
Data & Transactions
DB2
IMS
Warehouse
account-groups
Business Logic
{REST/WS}
Enterprise Java
Mobile BFF
Process
BPM
Process
Analytics &
Reporting
MQ
APIC
Data
Connect
Development Tools Management Security Operations
Lift-Optimize-Shift Contain-Expose-Extend Refactor as Microservices
Data
Classification
&
Governance
Private Cloud Public Cloud
APIC
IaaS CaaS (I & A) PaaS Event
Transformation
Approach
Cloud Type
Technology
Service Provider Operator Developer, Integrator, Data Scientist User Persona
Evolution of existing workloads

IBM Cloud Private
Kubernetes
based container
platform
Common
Services
For prescribed application
development & deployment
IBM Middleware,
Data & Analytics
Services
Industry leading container
orchestration platform
across private, dedicated &
public clouds
To simplify operations
management, DevOps and
hybrid integration
Cloud enabled middleware,
application runtimes,
messaging, databases and
analytics to optimize current
investments and rapidly
innovate
Cloud Foundry

• Reuse existing infrastructure
• IBM Data Center transformation to a proven
VMware SDDC architecture
• IBM Managed Services
• IBM Storage including optimization for container-
based workloads
• Automation &
Infrastructure-as-Code
ICP Cloud Automation Manager
(Terraform, Chef)
• Containers & Orchestration
ICP with Kubernetes
• Cloud Foundry
ICP with Cloud Foundry
• Function-as-a-Service
ICP with OpenWhisk (future)
• IBM API Connect
- Containerizedon ICP (future)
- Open Standards
• ICP Catalog
- Helm Charts
- Patterns
- Cloud Foundry Services
• IBM Supported Languages & Frameworks
- Container Images& Buildpacks for Java, Node, Swift. .Net
- Frameworks: Spring, JEE, Mobile, ManyNode & Reactive
• IBM DevOps Tools + Open Source
- Urban Code Release/Deploy
- Cloud Automation Manager
- Containerizedon ICP (future)
• ICP-based
Management
- For Containers&
Cloud Foundry
- Metrics
- Common Ops
functions
- Identity, RBAC &
Policies
- Capacity&
Placement with
CloudMatrix
• ICP Common Services
- Monitoring: Prometheus, Grafana
- Logging: ELK
- IAM: Built-in + Federation to Enterprise
- Metering: Product insights
- Key Management: Vault
IBM Cloud Private capabilities

The Four Tenets
Enterprise grade. Open by design.
Rapid
Innovation
Hybrid
Integration
Investment
Leverage
Management and
Compliance
Built on 4 Key Tenets to
Drive Enterprise Transformation

IBM Cloud Private brings cloud native to the enterprise
Open Kubernetes-based
container platform
Cloud Foundry for app
dev and deployment
Integrated DevOps
toolchain
Integration capabilities
to unlock and connect
Secure access to
public cloud services
(AI, Blockchain)
Consistent experience
across private/public
Containerized versions
of IBM Middleware
(WebSphere, MQ, DB2, DSX
and popular Open Source)
Prescriptive guidance to
optimize workloads
Work with existing apps,
data, skills, infrastructure
Core operational
services including
logging, monitoring,
security
Flexibility to integrate
with existing tools
and processes
Rapid
Innovation
Hybrid
Integration
Investment
Leverage
Management and
Compliance

IBM Cloud Private changes your daily work routine
Todd
Operations / Admin
Responsible for infrastructure,
security, and management of the
environment.
Jane
Enterprise Developer
Responsible for modernizing existing
applications and creating new Cloud Native
Workloads.
IBM Cloud Private empowers both developers and administrators to meet business
demands:
• IT Operations and Administrators can quickly set up a modern, flexible, and compliant private cloud
on enterprise infrastructure that enables enterprise developers to innovate; they can also integrate
with their existing management tools and processes
• Developers can create new cloud-native applications, optimize existing ones, and securely connect
their applications with data and services across all clouds

1. Optimize legacy
apps with cloud
Containers &
Common Services
Next Generation
Middleware,
Data & Analytics
Automation &
Orchestration
Cloud-enabled
middleware
Self-service Experience
2. Open your datacenter to work with
cloud services
Integration Services
& Cloud Native
Programming Models
Integration & Hybrid
Cloud
APIs
Public
Cloud
Services
Machine Learning
on p/z
Blockchain
Business Process
Data & Apps
3. Create new cloud
native applications
Cloud Native
Services & Runtimes
New
Applications
New Applications
On-Premises Software
& Services
Containers &
Common Services
Automation &
Orchestration
Containers &
Common Services
Automation &
Orchestration
Use cases driving private cloud adoption

Possibilities
Use cases

IBM Systems
IBM Cloud Private
IBM Cloud Private – Your Workloads, Your Infrastructure
Mix and match worker nodes to run Kubernetes cloud apps you need on the infrastructure
you have. Manage from the same master node.
X86 VMs pLinux VMs zLinux VMs
Master/Proxy/Management Nodes
Worker Nodes
Your App Workloads
IBM Provided Services
VMware
OpenStack ppc64le zVM, zKVM
or LPA

IBM Systems
Example – Use Microservices
Microservices
Scaling
DeveloperBenefits
• No need to manage
supporting
components
• Repeatable
• Consistent
• Pre-integrated
services
Monolithic
Scaling

IBM Systems
Example – Stock Trader – Client Goals
14
“I want to improve my Java app”
Product leaders want to improve their Stock Trader application to increase client satisfaction
“I want continuousdelivery – built with microservices”
Development leads demand greater flexibility with microservices and continuous delivery
that only Cloud can give them
“I need sensitivedata to stay local”
Lead administrators need the data and workload to stay local, wants to manage the cloud,
yet does not want to be burdened with complicated operations

IBM Systems
Example – Stock Trader – App Architecture
15
Public CloudPrivate Cloud
Web
App
Portfolio
Stock
Quote
Loyalty
Level
Quandl
Slack
Browser
POST
GET
PUT
DELETE
API
Connect
Open
Whisk
GET
GET
GET
POST
Db2
MQ
JMS
NotificationonMessage
JDBC
Redis
GET
SET
Microservice
Builder
Github
(GHE)

IBM Systems
Example – Stock Trader – Cloud Architecture
16
Nodes: Masters (1, 3 or 5), Proxy (1, 3 or 5), Workers (1..n), Management (1..n)
Private Cloud
IBM Cloud Private
Db2
MQ
Redis
Docker Docker DockerDocker
Liberty
Micro-service
Builder
Kubernetes
Dashboard
UI
ELK
DSM
Grafana
Prometheus
Jenkins w/
GHE access
Service
graph
Private Docker
Registry
Cloudant
App Workloads
Internal
Services

IBM Systems
Example – Stock Trader – Portability with Secrets
17
GitHub
Enterprise
QA Zone (Namespace)
App1
Db2
Endpoint: test-instance-db2
Port: 50002
Microservice
Builder
App2
App3
Dev Zone (Namespace)
App1
Db2
Endpoint: dev-instance-db2
Port: 50000
Microservice
Builder
App2
App3
Prod Zone (Namespace)
App1
Db2
Endpoint: prod-instance-db2
Port: 50003
Microservice
Builder
App2
App3

Architecture
Enterprise grade. Open by design.

User Consumption
Model
Choice with consistency - Runtimes
Operating System
(e.g. Linux cgroups & namespaces)
Docker
Containers
Code +
Manifest
Code +
Packaging as Container Image
Containers
Garden -> Docker Docker
Containers
Event/Action
Automation &
Orchestration
(Chef,Terraform
etc.)
Service
(SaaS)
Cloud
Foundry
Custom
Scheduling
Event
Handlers
API
Patterns
Templates
Kubernetes

Enterprise transformation requires an integrated PaaS and IaaS
Leverage existing
investments
Open by design,
preventing vendor
lock-in
Consistency across
your Hybrid IT
environment
Enterprise grade
services for
Middleware, Data and
Analytics, DevOps
IBM Middleware, Data, Analytics and Developer Services
Cloud enabled middleware, application runtimes, messaging,
databases & analytics to optimize current investments and rapidly
innovate
Core Operational Services
To simplify Operations Management, Security, DevOps, and hybrid
integration
Kubernetes-based Container
Platform
Industry leading container
orchestration platform across
private, dedicated & public
clouds
Cloud Foundry
For prescribed application
development & deployment
Runs on existing IaaS: Vmware, OpenStack, Power, LinuxOne, …

IBM Cloud private – Enterprise Kubernetes Architecture

IBM Systems
IBM Cloud Private – October MVP
IBM Cloud Private – End to End Architecture
CF Apps
(Cloud Native, Microservices)
OpenStack or VMware (with NSX-T)
Storage Options (VMware datastore,GlusterFS, Spectrum Scale, NFS, HostPath)
Cloud Foundry
(Calico Overlay Network ??)
CNICNI
Container
Apps
(Cloud Native,
Microservices Builder)
DevOps & Advanced Hybrid Services
User Experience
(Developer, Operator, Service Provider)
SERVICES
MANAGEMENT
MULTI-INSTANCE
PROVIDES ALL SERVICES & MANAGEMENT NEW CLOUD NATIVE & MICROSERVICES APPS
NEW CLOUD NATIVE & MICROSERVICES APPS
VMware
Current
Middleware
& Data
Automation &
Orchestration
EXISTING
MIDDLEWARE
ON IAAS
Kubernetes (CFC)
(Calico Overlay Network)
Core Services
Current
Middleware
&
Data
New
IBM &
Partner
Services
Management
Services
(Dashboards,
Security,
Monitoring,
Microservices)
Content
Delivery
&
Currency
(Catalog)
Self
Managed
(evolving to additional
management options)

23
Security
Or, why most enterprise still prefer private cloud

IBM Systems
Primary goal is to provide visibility, control, and analytics permitting a to assess and enforce
security and compliance of their applications and data running in the cloud
• When workloads are deployed as containers, container layer is a natural place where such visibility and
control should be provided
• Focus on applications and data, not infrastructure – application-centric visibility and control
Applications and data is what users care about – regardless of the infrastructure
Active area of innovation and start-up investment
• A new approachemerging: declarative, portable, DevOpsfocused
Several Research assets and activity in this area
24
By providing flexible, application-centric visibility and control security services in container layer on a fully-
managed container platform, we can leapfrog security advantage of our competitors.
Container Security

The Execution: Container Service
25
Deep Visibility à Operational Insights/Analytics à Solve Real Customer Problems
- OS Info
- Processes
- Disk Info
- Metrics
- Network Info
- Packages
- Files
- Config Info
From Container
- Docker metadata
- Kubernetes data
- Docker history
- Metrics
From Runtime
Config
Annotator
Vulnerability
Annotator
Compliance
Annotator
Password
Annotator
SW
Annotator
Licence
Annotator
- Audit Subsystem
- Syscall Tracing
- System Integrity
From Platform
25
Index (Data)
Data Collection Curation Index (Data) Analyitcs
* All services for security, compliance and
beyond work from the same data & pipeline!
Vulnerability
& Sec. Scan
for Images
Risk
Analysis
w XForce
Delivery
Pipeline
Service
Remediation
Service
Policy
Manager
for Orgs
Vulnerability
& Sec. Scan
for Containers
Secure
Config
Advisor
Vulnerability
Advisor
for POWER
Rootkit
Discovery
Remote Login
Config Discov.
(ssh, weak pwd)
License
Discovery
Container Safety
Determination
w Signatures
Custom Rule
Definitions
Config
Explorer &
Analytics
Time
Machine
Forensics
Vulnerability AdvisorCrawlers

27
Cloud Foundry
Running opinionated app containers

• A locally managed offering
• Deploy faster then ever before
• Full control of the Cloud Foundry configuration
• Extend the deployment using Community or 3rd Party add-ons
• Connect to multiple logging and monitoring solutions
• Middleware and Cloud service offerings
Evolution of the Cloud Foundry Runtime

• Passport Advantage and IBM Container Registry
• When combined with your Cloud Foundry token, all binaries will be
downloaded from a secure IBM Cloud registry
• Can be launched from a Linux or Mac using Docker CE
launch.sh
TOKEN+
IBM
+ =
Deploying Cloud Foundry
Cloud
Foundry
Runtime

Cloud Foundry Operations Monitoring
Operations Console
Cloud
Foundry
Runtime
Bosh API
Cloud Foundry
API

Managing Cloud Foundry
• A local managed offering
• Administrative Access to the Bosh CLI
• IBM Operations Monitoring Tool
• Graphical view of Bosh health metrics for the
environment
• Console connectivity to all Bosh managed virtual
machines
• Bosh virtual machine and job management
operations start/stop/restart
• Cloud Foundry and Buildpack version information
• Application information
• API control for install and updates (manage at scale)
• Air-gap support

Maintenance cycle
• Integrates IBM’s Cloud Foundry release
• Public Bluemix
• Dedicated Bluemix
• Major updates every quarter – Cloud Foundry releases
• Minor updates weekly – Security patches & IBM Buildpacks
• Full control of when the updates are applied
• Standardized delivery framework, easily delivers changes at scale

Customize Cloud Foundry
• IBM’s Cloud Foundry Runtime provides new levels of control
• Stemcell substitution (modify the stemcell to meet your corporate
operating system guidelines)
• 3rd Party release support:
• Leverage releases from the community, 3rd parties or your own
DevOp’s team
• Customize the Bosh Director and Cloud Foundry deployments
to incorporate new capabilities
• Full Bosh administrative access with visibility, customize and execute
on your schedule
• Integrate your corporate security and compliance tools(via releases,
stemcell, agents, or scripting)

Application syslogs with Splunk

36
Storage
Persistent volumes, storage classes, supported
storage connectivity

Storage
• Persistent Volume
Networked storage in a cluster that is
provisioned by an administrator
• Persistent Volume Claim
A request for storage that is made by a user
• Storage Classes
A label used to identify, and dynamically
create, specific qualities of storage to use.
(“ibmc-file-silver” for higher-intensity
workloads compared to “ibmc-file-bronze”)
• Storage Options
VMware datastore, GlusterFS, Spectrum
Scale, (including defaults for NFS, HostPath)

Storage Example
• Helm chart specs
Service declares what persistent volume it will “claim”. In this
case, a ReadWriteMany volume with the size and storage class
specified in the parameters set by the user.
• Clients can customize
A set of variables that will show up in the UI (or customized at the
helm command line). Notice here it will claim a persistent volume
of any storage class of 2GB or more.
• UI showing variables
DB2 storage options where admin can choose “Claim 10GB of
storage for this instance of Db2”. Admin could create custom
“gold” storage class so it will use best storage for this instance.
• Persistent Volume
Admin pre-creates PV that matches, or sets up to dynamically
create.
Deployment Chart (View online)
Values.yaml file (View online)

Storage Classes – Example
• Dynamic Provisioning
Storage classes can map to a “provisioner” to
dynamically provision persistent volumes based
on the volume claim requests coming in as users
deploy workloads and services.
• Map to Storage
IBM Cloud private supports the following for
dynamic provisioning,abstracts details so the
user doesn’t need to take multiple steps to
acquire, bind, and claim storage for their app:
• GlusterFS learn more
• VMware vSphere volumes learn more
• Change Default Storage Class
A default storage class can dynamically provision
storage when a storage class is not specified.
learn more
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mypvc
namespace: testns
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
storageClassName: gold
Claiming ‘gold’ storage when deploying an app
Use selected storage class:
storageClassName: gold
Disable dynamic provisioning:
storageClassName:
Use default storage class:
storageClassName: gold
Tips for claiming storage:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: gold
provisioner: kubernetes.io/glusterfs
parameters:
resturl: “http://glusterIP:8080”
Create ‘gold’ storage class, mapped to glusterfs
#get the names, see which is default
kubectl get storageclass
#set current default to “false”
kubectl patch storageclass default-class-name -p '{"metadata":
{"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}’
#set your desired default to “true”
kubectl patch storageclass gold -p '{"metadata":
{"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
Change default storage class to your GlusterFS

Private Image Repository
• Bundled Images
Import Docker images from bundle into private
registry, or import any Docker image you want to
deploy across your nodes.
• Secure Access
Add only the images you approve of so your
developers have trusted, validated images to build
from.
kubectl get serviceaccounts default -o json | jq
'del(.metadata.resourceVersion)' | jq
'setpath(["imagePullSecrets"];[{"name":"admin.registrykey"}])' |
kubectl replace serviceaccount default -f -
Command so all deploying pods can access private image repo
Built-in storage for your Docker images

41
Network
Proxy, Calico, Internal and external
communication

Network Concepts
• Proxy Node
Transmits external request to the services
created inside your cluster.
• Calico Network
Enables networking and network policy in
Kubernetes clusters Learn more
• Network Policy
Labels specifying which groups of pods are
allowed to communicate with each other and
other network endpoints
• VMware NSX-T
Labels used in NSX-T can be mapped to
Network Policies in ICp for deeper VMware
control

VMware NSX-T Integration (Tech Preview)
IBM Cloud private will offer
NSX-T as the networking
mesh between pods on
VMWare ESXi 6.5
Calico will continue to be used
in OpenStack and lower
versions of VMWare (down to
ESXi 5.5)

44
Multi-Tenancy
Multiple departments, one ICp

One cloud, isolation across teams
45
Namespace 1 Users: Quotas:
Kubernetes Cloud
Namespace 2 Users: Quotas:
kube-system Users: Quotas:
Objects created by the Kubernetes system
Pod 1
Service 1
10.4.5.6
Volume
Pod 2 Pod 3
Service 2
10.4.5.7
Volume
Pod 4
Master
Nodes
Master
Nodes
Master
Nodes
Master
Nodes
Master
Nodes
Proxy
Nodes
Master
Nodes
Master
Nodes
Worker
Nodes
Quotas
Categories you can
set quotes in a
namespace:
• Compute
• Storage
• Object count
(pods, services,
pvc, …)
• Scope

46
HA
How to run HA topology, workloads

IBM Cloud Private highly available topology
Managementservices are running in all the master nodes.
• UI, kube-apiservice, docker registry (and so on) run in active/active mode
• Virtual IP manager assigns virtual IP to one of the master nodes to serve the UI/API
request
• Other services rely on etcd to select a leading instance (you could treat them as
active/passive mode)
• The number of master nodes should be odd (per request of etcd to handle split
brain issue)
• Proxy services are running in all the proxy nodes in active/active mode
• Virtual IP manager assigns virtual IP to one of the proxy nodes to serve application
requests. The number of proxy nodes could be any value.
47

Your Workload – Levels of Availability
48
One pod
Good for development.
Single pod with single
log. Can fail over using
same persistent volume
Pod
Multiple Pods
Multiple pods in a replica
set. One pod fails, load
balance to 2nd pod with
no downtime
Multiple Services
Multiple services with a load balancer
allows each replica set to run in a separate
name space, cluster, even data center
Load Balancer
Replica Set
Pod
Pod
Service
Namespace
Replica Set
Pod
Pod
Service
Namespace
Replica Set
Pod
Pod
Service
Namespace

49
Hybrid Cloud
Connecting to Public, Existing Data Centers

Integrate with IBM Cloud Public
Goal: Workload portability across IBM Cloud private/public
1 2 3
Dev/Test vs. Prod Bursting Move to Public
I want Dev/Test on public
cloud and production on IBM
Cloud private
I want the dream of bursting
from private to public when
workload demand exceeds
capacity
When I’m ready to get out of my
data center I want the easiest
and fastest to be to IBM Cloud,
not another public cloud
Production
IBM Cloud private
Dev
IBM Cloud Public
Test
IBM Cloud Public
Production
IBM Cloud private
Bursting
IBM Cloud Public Shrink
IBM Cloud private
Grow
IBM Cloud Public
✓

51
Urban Code Deploy

Typical Delivery Pipelines
52
JenkinsCI
TravisCI
UrbanCode Build
IBM Managed
GitHub Enterprise
Artifactory
Nexus
Docker Image Registry
Kubernetes

53
Istio
Open platform to connect, manage, and secure
microservices
http://istio.io

What else do we need for
Microservices?
● Visibility
● Resiliency & Efficiency
● Traffic Control
● Security
● Policy Enforcement
Enter Istio

Istio Features
Intelligent Routing
and Load
Balancing
Resiliency across
Languages and
Platforms
Fleet Wide Policy
Enforcement
In-Depth
Telemetry and
Reporting

Microservice-1 Sidecar
SERVICE
DISCOVERY
Service Mesh
Control Plane
SERVICE
REGISTRYMicroservice-2 Sidecar
Microservice-3 Sidecar ROUTING
RULES
TELEMETRY
ACCESS
CONTROL
RESILIENCY
FEATURES
Service Mesh
Data Plane
• Lightweight sidecars
to manage traffic
between services
• Sidecars can do
much more
than just load
balancing!
How to build a
‘Service Mesh’ ?

Istio
Concepts
ENVOY
ISTIO
AUTH
ISTIO
CONTROL
PLANE
ISTIO
PILOT
ROUTING
RULES
MIXER
GRAPHANA
/ZIPKIN
MICROSERVICE
ENVOY
MICROSERVICE
ENVOY
MICROSERVICE
ENVOY
MICROSERVICE
ENVOY
ISTIO
DATA
PLANE
Pilot: Configures Istio deployments
and propagate configuration to the
other components of the system.
Routing and resiliency rules go here
Mixer: Responsible for policy
decisions and aggregating telemetry
data from the other components in the
system using a flexible plugin
architecture
Proxy: Based on Envoy, mediates
inbound and outbound traffic for all
Istio-managed services. It enforces
access control and usage policies, and
provides rich routing, load balancing,
and protocol conversion.

Istio
Architecture
appA
Proxy
Pod
Proxy
Istio ingress
Controller
Service A
appB
Proxy
Service B
1. All traffic entering and
leaving pod is transparently
routed via Proxy without
requiring any application
changes.
Kube API Server
User/application traffic. HTTP/1.1,
HTTP/2, gRPC, TCP with or
without TLS
Istio control plane traffic. Request
routing rules, resilience
configuration (circuit breakers,
timeouts, retries), policies (ACLs,
rate limits, auth), and
metrics/reports from proxies.
Prometheus
Metrics & reports
from proxies
Istio Control Plane
Istio Control PlaneIstio Control Plane
(Manager, Mixer)
Control Plane REST API
Kubernetes Cluster
Proxy. Based on Envoy, a high
performance L7 proxy from Lyft,
currently being used at large
scale in production.
https://github.com/lyft/envoy
2. Proxy implements intelligent L7
routing, circuit breakers, enforces
policies and reports metrics to
control plane.

59
Getting Started
Where it runs, how to get help

Your data center
• Learn from Knowledge Center
• Download Community Edition (does not include master/proxy HA)
• Download Enterprise Edition from Passport Advantage (accept licenses)
• Prepare VMs and Storage
• Install (guided UI) – can be offline (no Internet connection)
• Import Helm Charts, Images into IBM Cloud private
Download, Install, Configure
Download binaries from passport advantage, prepare your infrastructure, install
Passport
Advantage
Master
VMsStorage
Proxy
VMs
Worker
VMs
IBM Cloud private
Boot
node
Private Docker
Registry
Internal Services
Network mesh with tenant isolation
Persistent
Volumes
Offline
Install
Source

Roadmap
Continuous Delivery

• Delivered IBM Cloud private
• June - Developer-focused
• Core platform ships with developer
services: Micro Services
Builder/Liberty, MQ community
edition, DB2 community edition, Redis
• Easily build, test, package and
continuously update my running
services using a CICD solution
• Platform support for GPU, x86, and
POWER
OCTOBER 2017
Release 2.1
JULY AUGUST SEPTEMBERJUNE
Roadmap & Key Milestones
• Unified offering for Kubernetes and Cloud Foundry
• New packaging and pricing for IBM middleware
workloads delivered out of the box to run on
Kubernetes with consumption from Kubernetes or
Cloud Foundry apps
• More complete enterprise-ready operations plane for
common concerns such as logging, monitoring,
alerting, auditing and security.
• Details follow
In Progress 2017 4Q – 2018 Q1 Roadmap
• Expand operational integrations for the datacenter
including Splunk, Dynatrace, Netcool etc
• Built-in operational behavior for backup/recovery,
scale-in/scale-out for IBM middleware
• Istio Service Mesh integrated within the platform
• Encryption key management (Vault + HSM)
• Summarized backlog follows
Complete
Sprint 3 Beta S4 Beta S5 Beta

Category Summary
Continuous Delivery • New App Catalog API & UI
• Service Catalog CLI
• Untethered Cloud Foundry option
Continuous Availability • Elasticsearch, Logstash, Kibana (ELK) available in the catalog
• Prometheus & Grafana available in the catalog
• Web terminal console
• Prometheus dashboard for platform and application monitoring
• New admin command line interface with cluster management functions
• Backup and Disaster Recovery for platform datastores
• IBM Cloud Operations Platform for Cloud Foundry (Bluemix Doctor)
Continuous Security • Open ID Connect provider replaces keystone with LDAP integration for users and groups
• Role-based access control (RBAC) with 4 defined roles out of the box
• Cluster-wide data in transit encryption via VPN-mesh for inter-node communication (optional)
• Data at rest encryption for platform datastores via filesystem-level encryption
• [Tech Preview] Vulnerability Advisor for Docker images
Cluster • New Admin Console UI
• Provision and manage VMs using Cloud Automation Manager on the platform
• Runs on vSphere 5.5 or OpenStack VMs + Manage to support for zLinux worker nodes
• Multi-cluster support (via CLI)
• Storage: GlusterFS, vSphere volumes configurable out of the box
• Network: Calico performance improvements & Limited Tech Preview support for VMWare NSX-T on vSphere 6.5 on request
• Upgraded Kubernetes to 1.7.3
• Scale tested to 300 nodes, 9000 pods
• Docker Engine install option
IBM Cloud Private 2.1 GA

IBM Cloud
IBM Cloud Private Content - Kubernetes
Open Source
Toolchains & Runtimes
Jenkins
Apache Tomcat
Open Liberty
Messaging
RabbitMQ
Data Services
MongoDB
PostgreSQL
Redis
Clustering
Galera
Http Servers
Nginx
Terminal Access
Web Terminal
IBM Software
Toolchain & Runtimes
IBM Microservice Builder
IBM WebSphere Liberty
IBM SDK for Node.js
Messaging
IBM MQ Advanced for Developers
IBM MQ Advanced
Data Services
IBM Db2 Dev-C
IBM Data Server Manager (for Db2 Dev-C)
IBM Db2 Direct Advanced Edition / AESE
with Data Server Manager
IBM Db2 Warehouse Dev-C
IBM Db2 Warehouse Enterprise*
IBM Cloudant Developer Edition
Multi-cloud Management
IBM Cloud Automation Manager
Core Operational Services
Monitoring Service
Prometheus or BYO
Logging Service
Elk or BYO
Metering Service
Product Insights
Security
Identify and Access Management
• LDAP integration and RBAC
Vulnerability Advisor (beta)
Data Science
IBM Data Science Experience Developer Edition
IBM Data Science Experience Local*
Integration
IBM Integration Bus for Developers
IBM Integration Bus
IBM DataPower Gateway for Developers
IBM DataPower Gateway Virtual Edition
App Modernization Tooling
IBM Transformation Advisor
Monitoring
IBM Cloud Application Performance
Management for DevOps (beta)
HPC
IBM Spectrum LSF Community Edition
+ Develop or bring your own…
Self written, community and open source
compatible with Kubernetes 1.7
*coming soon

IBM Cloud
IBM Cloud Private Content - Multi-cloud and Cloud Foundry
IBM Buildpacks
WebSphere Liberty
Runtime Buildpacks
Node.js
Swift
.Net
Bring your own Buildpacks
Add additional open source or private
Extend workload provisioning with Cloud Automation Manager
MEAN stack – VMware, Azure, AWS, IBM Cloud
LAMP stack – VMware, Azure, AWS, IBM Cloud
Node.js – VMware, IBM Cloud
Strongloop – VMware, IBM Cloud
MariaDB - VMware
MongoDB – VMware, IBM Cloud
MongoDB Strongloop 3 tier – VMware, IBM Cloud
Virtual Servers with SSH key – AWS, IBM Cloud
Apache HTTP Server - VMware
Apache Tomcat - VMware
Template driven provisioning of private and public cloud infrastructure: Bare-
metal servers, VMs, cloud native services & complex application stacks
Open Source Catalog (1)
IBM DB2 EE (v10.5 & v11.1) - VMware
IBM MQ (v8 & v9) - VMware
IBM WebSphere Application Server ND (v11.1) - VMware
IBM WebSphere Liberty (v17) - VMware
IBM HTTP Server (v8.5.5, v9) - VMware
Oracle DB Enterprise (v12c) - VMware
Oracle MySQL (v5.7) - VMware
Enterprise Catalog (1)
+ Community Templates
+ Bring your own templates
Hashicorp Terraform Registry Self written, IBM Cloud Schematics, etc
(1) Automation content available with IBM Cloud Private purchase. Product licenses must be
purchased separately or BYOL. See pricing and packaging for more information.

Summary

IBM Systems
• IBM Cloud Private
• https://www.ibm.com/cloud-computing/products/ibm-cloud-
private/
• Videos
• Introduction to IBM Cloud Private
(https://www.youtube.com/watch?v=UL_jXJoRPdY)
• IBM Cloud Private Overview in 4 Minutes
(https://www.youtube.com/watch?v=yzXA3qhfaq0)
• Technical Playlist
(https://www.youtube.com/watch?v=ctuUTDIClms&list=PLz
peuWUENMK37ZlLBc_pIlXlOWeGnYRA_)
• Articles (https://medium.com/ibm-cloud)
Resources