Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Choosing a Container Platform for your WebSphere Applications

1,564 views

Published on

Presentation from IBM InterConnect 2017.
Abstract: One thing the container ecosystem is not short on is options, whether you are looking at the container runtime itself, platforms providing scheduling and orchestration, or a hosted container service. This session will help you make an informed choice when looking for the best container platform on which to run your WebSphere applications.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Choosing a Container Platform for your WebSphere Applications

  1. 1. InterConnect 2017 Choosing a Container Platform for your WebSphere Applications David Currie @dcurrie david_currie@uk.ibm.com Tom Banks @tom_will_banks tom.banks@uk.ibm.com
  2. 2. Please note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
  3. 3. Agenda Introduction WebSphere Liberty Collectives Docker Datacenter IBM Spectrum Conductor for Containers IBM Bluemix Container Service Microservice Builder
  4. 4. Introduction
  5. 5. Why Containers? Better resource utilization than Virtual Machines Isolation at the process rather than the operating system level No performance overhead from hypervisor Faster build and deployment Smaller build artifacts and layering optimizations Portability across environments All dependencies packaged in image Improved security and resilience Isolation from host Reduced capabilities Resource usage constrained by control groups Separation of concerns Operations can treat containers as black boxes
  6. 6. Feb 2015: Support statement for Liberty and traditional running under Docker Developer licensed images on Docker Hub: websphere-liberty ibmcom/websphere-traditional ibmcom/ibm-http-server Dockerfiles on GitHub: github.com/WASdev/ci.docker github.com/WASdev/ci.docker.websphere-traditional github.com/WASdev/ci.docker.ibm-http-server WebSphere Developer Tools support WebSphere and Docker websphere-liberty :kernel :webProfile7 :javaee7 / :latest :webProfile6:beta :microProfile ubuntu:16.04 ibmjava:8-jre
  7. 7. Container Platform Criteria Ease of management and monitoring for large numbers of disparate containers, distributed across multiple hosts Container scheduling Placement of containers on the most appropriate host based on constraints Rescheduling if a container or entire hosts fails Ability to rollout/rollback updates whilst maintaining availability Deployment of multiple containers that form an application from version controlled configuration Policies for placement, security, performance, HA Routing of inbound and inter-container requests (service discovery and routing) Authentication/authorization DevOps deployment process
  8. 8. WebSphere Liberty Collectives
  9. 9. Uses the Liberty collective administration model Deployment rules define Docker commands to execute locally for create/start/stop/delete Servers join collectives enabling use of Intelligent Management capabilities e.g. dynamic routing and auto-scaling WebSphere Administration – Docker Packaging/Isolation IHS/Plugin Collective Controller Liberty Docker EngineDocker Engine Liberty Liberty Admin HTTP
  10. 10. Docker Datacenter
  11. 11. Docker Swarm Mode Docker 1.12 made Swarm capability an option of the Docker engine aka swarm mode RAFT consensus protocol implemented internally Swarm creation is very simple On initial manager: docker swarm init --advertise-addr <ip> On worker(s): docker swarm join --token <token> <ip:port> Managers act as CA (or use external CA) with mutual TLS between all nodes Certificates are rotated automatically
  12. 12. Multi-container Deployment with Docker stacks Docker 1.13: Docker Compose YAML version 3 includes support for Swarm mode services docker stack deploy --compose-file compose.yml myapp Updates in subsequent deployments achieved via rolling updates to services Routing mesh exposes ports on all swarm nodes (regardless of where containers are running) Experimental ‘distributed application bundle’ replaces image names/tags with image digests to ensure reproducibility when moving between environments version: '3' services: web: image: myapp ports: - "9080" deploy: mode:replicated update_config: parallelism: 1 delay: 10s replicas: 2 db: image: mongo compose.yml
  13. 13. ▪ Commercially supported Docker Engine ▪ Universal Control Plane provides both classic Swarm and swarm mode ▪ Highly available Docker Trusted Registry ▪ Web UIs for operational management of nodes, images and containers ▪ Security • User and group-based authentication (built-in or via LDAP/AD) • Access control based on labels ▪ Hostname based routing ▪ IBM reselling with L1 & L2 support: ibm.biz/ddc-announce Docker Datacenter adds enterprise capabilities Docker Datacenter Docker Universal Control Plane Integrated Security Docker Engine Container runtime, orchestration, networking, volumes, plugins Docker Trusted Registry Operating Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes VirtualizationPublic Cloud Physical Docker Datacenter
  14. 14. IBM Spectrum Conductor for Containers
  15. 15. Kubernetes Project Open source container orchestration platform Inspired and informed by Google’s experiences Clear governance model with Linux Foundation Google driving roadmap with contributions from IBM, Huawei, Intel, Red Hat and many others Operations rather than developer centric Basic primitives support a rich set of features Releases new versions every three months New features preview in alpha/beta Wide range of deployment options: bare metal, virtualized, private, public, hybrid, … 2013 2014 2015 2016 Apr 2015 The Borg Paper is published Sep 2014 Kubernetes announced in Wired magazine Jun 2014 Kubernetes 1st GitHub commit Mar 2013 Docker initial release Oct 2013 CoreOS initial release 2008 …2006 2006 Google starts work on “Process Containers” (renamed “cgroups”) Jan 2008 cgroups merged into Linux (2.6.24) 2007 July 2015 CNCF Formed, K8s v1.0 released, donated to CNCF Borg development inside Google
  16. 16. Kubernetes Architecture
  17. 17. manifests/service.ymlmanifests/deploy.yml Deployment apiVersion: extensions/v1beta1 kind: Deployment metadata: name: myapp spec: replicas: 3 template: metadata: labels: name: myapp spec: containers: - name: myapp-container image: myapp:latest ports: - containerPort: 9080 volumeMounts: - name: certs mountPath: /certs - name: config mountPath: /config/configDropins volumes: - name: certs secret: secretName: liberty-certs - name: config configMap: name: liberty-config apiVersion: v1 kind: Service metadata: name: myapp-service spec: ports: - port: 9080 selector: name: myapp $ kubectl apply -f manifests
  18. 18. IBM Spectrum Conductor for Containers Self-managed Kubernetes offering from IBM on x86 or Power with free community edition Simple container based installation with integrated orchestration and resource management Authorization and access control (built-in user registry or LDAP/AD) Private Docker registry Dashboard UI Metrics and log aggregation Calico networking Pre-populated app catalog
  19. 19. IBM Bluemix Container Service
  20. 20. IBM Bluemix Container Service Fully-managed hosted service for building and running containers Private container registry pre-populated with IBM images (including WebSphere Liberty) Volume service for persistent storage Overlay networking providing non-routed IP addresses for every container and ability to bind public IPs Easily configure and consume services, whether inside or outside of Bluemix Scalable groups with integrated load balancing and auto-recovery
  21. 21. Vulnerability Advisor Growing capabilities: July 2015: Policy Violations/Vulnerable Packages Nov 2015: Best Practice Improvements Oct 2016: Security Misconfigurations Nov 2016: Live Container Scanning Jan 2017: Integration with IBM X-Force Administrative control over deployments
  22. 22. Bluemix Open Toolchains IBM Bluemix Container Service Image Build Image Registry
  23. 23. Preconfigured metrics for memory, CPU and network I/O Search across aggregated logs Monitoring and Logging
  24. 24. Beta available March 20th. Service combines Docker and Kubernetes to deliver powerful tools, an intuitive user experience,and built-in security and isolation to enable rapid delivery of applications all while leveraging Cloud Services including cognitive capabilities from Watson. www.ibm.com/cloud-computing/bluemix/containers
  25. 25. Intelligent Scheduling Automated rollouts and rollbacks Container Security & PrivacyDesign Your Own Cluster Self-healing Horizontal scaling Leverages IBM Cloud & Watson Integrated Operational Tools Service discovery & load balancing Secret & configuration management Simplified Cluster Management Native Kubernetes Experience IBM Bluemix Container Service
  26. 26. Microservice Builder
  27. 27. Consistent Development and Deployment Experience Common OSS architecture IBM Spectrum Conductor for Containers x86 and Power On Premise Focus Customer-managed IBM-managed Common Programming models + Tools + Runtimes SwiftFAILSAFE IBM Bluemix Container Service Bluemix Cloud Containerized Applications > bx dev create …
  28. 28. Microservice Builder (Beta) End-to-End user experience to develop and deliver microservices, hybrid and containerized apps 2 8 In 3 steps Create and Run your microservices, hybrid and containerized apps Set up your environment, fabric and DevOps pipeline in Minutes https://developer.ibm.com/microservice-builder Innovate with
  29. 29. Questions?
  30. 30. Summary Introduction WebSphere Liberty Collectives Docker Datacenter IBM Spectrum Conductor for Containers IBM Containers Microservice Builder
  31. 31. Notices and disclaimers Copyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
  32. 32. Notices and disclaimers continued Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular, purpose. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services®, Global Technology Services®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli® Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
  33. 33. InterConnect 2017

×