SlideShare a Scribd company logo

Three Degrees of Mediation: Challenges and Lessons in building Cloud-agnostic Systems

Alex Maclinovsky
Alex Maclinovsky

The paper presented on Cloud slam 2014 cloud computing conference. It is based on the work I have done while working as a Technology Principal and Cloud Innovation Lead at Global Technology Consulting Firm. It describes unique challenges encountered during the development of a Cloud Broker. Designed to provide seamless and uniform user experience as well as additional enterprise-level capabilities over a broad range of public and private cloud platforms, the broker had to work with a wide variety of diverse cloud APIs. And, in order to allow rapid onboarding of new target clouds, we had to design the system to operate in a generic cloud-agnostic way. We have reviewed and tried quite a few of available cloud integration technologies, both commercial and open-source as a foundation for our cloud abstraction and mediation layer. Couple seemed to be a good choice and, in theory, should have served all our needs, but in the course of development we found that the problem was far more complex than we (and the rest of the market) had anticipated. As we were building our system, we discovered that there was not just one, but 3 different levels of mediation required to build a truly cloud-agnostic solution: syntactic, semantic and idiosyncratic and even the best off-the-shelf solution will not be able to give us that last two out of the box. The final part of the presentation describes the architecture that allows to realize our goals and build the universal broker.

SoftwareTechnologyBusiness
1 of 19
Download to read offline
Copyright © 2010 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Confidential & Proprietary. Do not Distribute Copyright © 2010 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Confidential & Proprietary. Do not Distribute Three Degrees of Mediation Challenges & Lessons in Building Cloud-agnostic Systems Copyright © 2014 Alex Maclinovsky All Rights Reserved. Alex Maclinovsky, Principal Engineer, Sears Holdings
2Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
What is Cloud-Agnostic and why should I care? 3Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Cloud-Agnostic System consumes cloud services while being loosely coupled to the underlying cloud platforms and providers. Common CAS traits: • Integrates with the underlying cloud rather than just running on it • Large contact surface with the cloud • Leverages Cloud API for the integration • Orchestrates cloud operations and capabilities • Typically integrates on the lower (IaaS, STaaS) levels of abstraction
Degrees of Cloud-Agnostic behavior 4Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. • Works with a TBD Cloud • Works with multiple versions of a Cloud • Can work with one of several clouds • Can work with more than one cloud • Can support new clouds • Uses the same code to talk to multiple clouds  Will support future features and capabilities of target clouds  Marginal  Useful Valueofmediation Technology Parallels:
Approaches for building Generic Clients 5Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Lowest Common Denominator • Implements only functionality which is present and consistently implemented in all target systems • Leaves all deviations out of scope Reflection • Builds rich canonical domain model encompassing majority of the features found in the target systems • Uses meta-model + discovery APIs to allow users to discover feature set supported by specific target Do This • Implements only a single operation doThis() that takes an XML document describing the request <XML /> <XML /> <XML />
<XML /> <XML /> <XML /> Popular Multi-Cloud Integration Options • Apache jclouds – often seen as the leader of the pack, VM-centric – no networking, support for cloud-specific features is largely done via provider contexts • Apache d-cloud - even more basic, with no networking support. Is a REST API not a Java library • Apache Libcloud – a python library that lacks even most basic canonical relying on the dynamic language to hide feature differences between cloud drivers • Dasein Cloud – the only one built on a real canonical model. Supports broad variety of clouds. Has rich networking. OSS foundation for Dell Cloud Manager • Cisco CIAC - Cisco Intelligent Automation for Cloud 6Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
The Importance of Canonicals •Much more variability between clouds than RDBMS •Whether cloud abstraction layer uses a rich, well- defined canonical determines its mediation value – … and, ultimately, ability to write cross-cloud code •Next 2 slides compare code snippets launching VMs with default configurations in EC2 and Terremark eCloud, highlighting: common, parameterizable and divergent code and showing overall mediation score between two integration libraries: one uses the other: 7Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
jclouds – What Canonical? + = 8Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. ComputeServiceContext context = ContextBuilder.newBuilder("aws-ec2") … Template template = context.getComputeService().templateBuilder().osFamily(OsFamily.CENTOS).build(); options.as(AWSEC2TemplateOptions.class).subnetId(subnetId); template.getOptions().as(EC2TemplateOptions.class).noKeyPair(); Set<? extends NodeMetadata> nodes = context.getComputeService().createNodesInGroup("webserver", 1, template); NodeMetadata node = Iterables.get(nodes, 0); // when you need access to very ec2-specific features, use the provider-specific context AWSEC2Client ec2Client = AWSEC2Client.class.cast(context.getProviderSpecificContext().getApi()); ComputeServiceContext context = ContextBuilder.newBuilder("trmk-ecloud") … RestContext<TerremarkECloudClient, TerremarkECloudAsyncClient> providerContext = context.getProviderContext(); CommonVCloudClient client = context.getApi(); CatalogItem item = client.findCatalogItemInOrgCatalogNamed(null, null, "Centos"); VAppTemplate vAppTemplate = client.getVAppTemplate(item.getEntity().getHref()); vdc = client.findVDCInOrgNamed(null, null); VApp = client.instantiateVAppTemplateInVDC(vdc.getHref(), vAppTemplate.getHref(), serverName); taskTester = new RetryablePredicate<String>(new TaskSuccess(context.getAsyncApi()), 300, 10, TimeUnit.SECONDS); if (!taskTester.apply(task.getHref()) throw new Exception("could not deploy and powerOn "+vApp.getHref());
Dasein Cloud + = 9Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. provider= constructProvider(DASEIN_CLASS_AWS, ACCOUNT_IDENTIFIER_AWS, CREDENTIALS_PUBLIC_AWS, CREDENTIALS_PRIVATE_AWS, CLOUD_NAME_AWS, ENDPOINT_AWS, DEFAULT_REGION_AWS); if (provider != null) { try { String name = “ServerName"; String imageId = "ami-802c96e9"; String productId = "m1.small"; VMLaunchOptions vmOpts = VMLaunchOptions.getInstance(productId, imageId, name, "Minimal EC2 VM Launch Test"); String result = vmOpts.build(provider); System.out.println("Resulting VM ID: "+ result); } catch (CloudException e) { … provider = constructProvider(DASEIN_CLASS_TMK, ACCOUNT_IDENTIFIER_TMK, CREDENTIALS_PUBLIC_TMK, CREDENTIALS_PRIVATE_TMK, CLOUD_NAME_TMK, ENDPOINT_TMK, DEFAULT_REGION_TMK); if (provider != null) { try { String name = "ServerName"; String imageId = "32452"; String productId = "248:2379:TEMPLATE"; VMLaunchOptions vmOpts = VMLaunchOptions.getInstance(productId, imageId, name, "Minimal TMK VM Launch Test"); String result = vmOpts.build(provider); System.out.println("Resulting VM ID: "+ result); } catch (CloudException e) { …
Dasein Cloud : Power of Reflection 10Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. static CloudProvider constructProvider(String providerClass, String account, String shared, String secret, String name, String endpoint, String regionId) { Cloud cloud = Cloud.register(name, name, endpoint, (Class<? extends CloudProvider>) Class.forName(providerClass)); ContextRequirements requirements = cloud.buildProvider().getContextRequirements(); List<ContextRequirements.Field> fields = requirements.getConfigurableValues(); List<ProviderContext.Value> values = new ArrayList<ProviderContext.Value>(fields.size()); for (ContextRequirements.Field f : fields) { if (f.type.equals(ContextRequirements.FieldType.KEYPAIR)) { if (shared != null && secret != null) { values.add(ProviderContext.Value.parseValue(f, shared, secret)); } else { throw new RuntimeException("Keypair parameters are not set up correctly"); } } else { String value = System.getProperty(f.name); values.add(ProviderContext.Value.parseValue(f, value)); } } ProviderContext ctx = cloud.createContext(account, regionId, values.toArray(new ProviderContext.Value[0])); provider = ctx.connect(); return provider; } The common method which is identical across both clouds and was factored out for brevity:
But Canonical & Reflection is not Enough •Even when the code for each operation (create network, launch VM, assign IP, etc.) is the same across the target clouds, code to implement the same user story will differ because the sequence of operations will differ between clouds: – the user story of interest being not: Launch server A with characteristics XYZ on cloud B, but: – Launch server A with characteristics XYZ in the [location C of the] network D with access rights E on the cloud B - the devil in the details [of cloud providers’ networking] 11Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
End-to-end Meaningful Use Case: A Tale of Two Clouds 12Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Deploy a simple standalone application serving API calls from mobile clients over HTTPS from an existing image. AWS 1. Create VPC 2. Add Internet Gateway 3. Create Public subnet 4. Create Firewall 5. Add Allow rule to the FW 6. Deploy a Server on the subnet into the FW 7. Create public IP 8. Assign Public IP to Server NTTA / OpSource / Dimension Data 1. Create Network 2. Remove extra FW rules 3. Deploy a Server on the network 4. Check for free public IPs in the network and create a public IP block if necessary 5. Assign Public IP to Server Consistent, in-order steps. Specific to a particular Cloud. Common enough to be modelled and inferred via reflection.
Three Degrees of Mediation As I was struggling why even the best cloud abstraction layer doesn’t help me write truly generic code to implement the above use case, I realized there was not just one but three distinct levels of mediation that needed to be addressed: •Syntactic – which can be done through a good library based on a canonical model •Semantic – that could be tackled to a degree via reflection and •Idiosyncratic – that had to be addressed on case- by-case bases 13Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
Syntactic vs Semantic Model in mapping Network topology across cloud providers 14Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Network Universe Encapsulates a set of mutually routable networks with a distinct IP space and means of interconnection with the outside world Usable Network A contiguous space of IP addresses representable by a CIDR, that can be used as a deployment target for servers. Has a distinct perimeter, with ACL, NAT, RNAT and Forwarding rules associated with it. All servers deployed within a UN are mutually reachable. Network Partition An optional subdivision within a Network that can be used for partitioning of IP space and controlling multicast boundaries. Semantic Model Syntactic Model Network Subnet Amazon VPC Subnet Dimension Data Azure Virtual Network Network Subnet Datacenter (implied) Deploy servers here...
Examples of Idiosyncratic Features Provider “Feature” Mitigation Terremark eCloud Private image launches with original IP of source VM, making it unreachable Use public images and configure on the fly NTTA Issuing too many networking Ops per DC locks cloud’s networking layer Client-side throttling of networking requests NTTA When adding drives to an existing server 7th and 11th SCSI slots are left empty Vertical scaling logic needs to handle this correctly Google GCA Default templates start without swap, so small VMs getting stuck in heavy configuration during heavy provisioning Launch large VMs then replace with small after 10 minutes Windows Azure Incomplete emulation of IP protocol – some communication between 2 VMs on the same subnet might not work Use only supported ports and protocols AWS EC2 When launching an instance in VPC without specifying subnet it appears to be quietly ejected into legacy EC2 Avoid 15Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
Polymorphic Orchestration •Structure cloud-facing code as a hierarchy of workflows arranged according to abstraction level: Level 0: Service Provider – common across all services Level 1: Business Service – e.g. IaaS Provisioning Level 2: Generic Technical Operation (provider- agnostic) – e.g. Create Network or Launch Server Level 3: Provider-Specific Technical Operation – e.g. Create Amazon VPC or Reserve NTTA Public IP Block •Higher level workflows specify generic behaviors while lower levels provide necessary overrides for semantic and idiosyncratic deviations 16Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
Use of Polymorphic Workflows to Implement Application Deployment UC 17Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. L2 Deploy Application L3: AWSL3: NTTA NTTA AWSCreate Network Universe Create Network Universe Create VPC Create IG Create Usable Network Create Usable Network Create Subnet Create Network Create or Discover Firewall Create or Discover Firewall Create Security Group Secure Network Secure Network Remove ACL loop Open Firewall Port (Add SG Rule) Open Firewall Port (Create ACL) Deploy Server Deploy Server Create Public IP Create Public IP Create Elastic IP Reserve Public IP Block opt Assign IP to Server Assign IP to Server Legend: NoOP
Conclusions •Building Cloud-agnostic systems is really hard! •But it is possible, given right tools, design, architecture and realistic expectations •CA system needs to address all 3 mediation levels: Abstraction layer with good canonical provides syntactic Reflective logic and polymorphic orchestration can ensure semantic consistency Idiosyncratic requires case-by-case handling by provider-specific code •This approach will work for new providers but not new features 18Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
Q & A 19Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.

Recommended

OpenStack 101 Technical Overview
OpenStack 101 Technical OverviewOpenStack 101 Technical Overview
OpenStack 101 Technical Overview
Open Stack
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
Amazon Web Services
 
AWS-compared-to-OpenStack
AWS-compared-to-OpenStackAWS-compared-to-OpenStack
AWS-compared-to-OpenStack
Jonathan Gershater
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioning
buildacloud
 
Cloud orchestration major tools comparision
Cloud orchestration major tools comparisionCloud orchestration major tools comparision
Cloud orchestration major tools comparision
Ravi Kiran
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
Amazon Web Services
 
Sjug aug 2010_cloud
Sjug aug 2010_cloudSjug aug 2010_cloud
Sjug aug 2010_cloud
Michael Neale
 
Automating cloud security - Jonny Griffin
Automating cloud security - Jonny GriffinAutomating cloud security - Jonny Griffin
Automating cloud security - Jonny Griffin
Jonnathan Griffin
 

Recommended

OpenStack 101 Technical Overview
OpenStack 101 Technical OverviewOpenStack 101 Technical Overview
OpenStack 101 Technical Overview
Open Stack
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
Amazon Web Services
 
AWS-compared-to-OpenStack
AWS-compared-to-OpenStackAWS-compared-to-OpenStack
AWS-compared-to-OpenStack
Jonathan Gershater
 
Orchestration & provisioning
Orchestration & provisioningOrchestration & provisioning
Orchestration & provisioning
buildacloud
 
Cloud orchestration major tools comparision
Cloud orchestration major tools comparisionCloud orchestration major tools comparision
Cloud orchestration major tools comparision
Ravi Kiran
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
Amazon Web Services
 
Sjug aug 2010_cloud
Sjug aug 2010_cloudSjug aug 2010_cloud
Sjug aug 2010_cloud
Michael Neale
 
Automating cloud security - Jonny Griffin
Automating cloud security - Jonny GriffinAutomating cloud security - Jonny Griffin
Automating cloud security - Jonny Griffin
Jonnathan Griffin
 
Just one-shade-of-openstack
Just one-shade-of-openstackJust one-shade-of-openstack
Just one-shade-of-openstack
Roberto Polli
 
Working in the multi-cloud with libcloud
Working in the multi-cloud with libcloudWorking in the multi-cloud with libcloud
Working in the multi-cloud with libcloud
Grig Gheorghiu
 
Advanced Container Security - AWS Summit Sydney 2018
Advanced Container Security - AWS Summit Sydney 2018Advanced Container Security - AWS Summit Sydney 2018
Advanced Container Security - AWS Summit Sydney 2018
Amazon Web Services
 
OpenStack architecture and services
OpenStack architecture and servicesOpenStack architecture and services
OpenStack architecture and services
vinoth kumar selvaraj
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
Amazon Web Services
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
Tim Nolet
 
Power of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityPower of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure Security
Adin Ermie
 
Openstack Heat
Openstack HeatOpenstack Heat
Openstack Heat
Arun prasath
 
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
Amazon Web Services
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
Amazon Web Services
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...
Steffen Mazanek
 
Apache Libcloud
Apache LibcloudApache Libcloud
Apache Libcloud
Sebastien Goasguen
 
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWSAWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
Control Group
 
Openstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolOpenstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2School
Asaf Abres
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
 
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Amazon Web Services
 
Apache LibCloud - Keeping up with the cloud market in 2016
Apache LibCloud - Keeping up with the cloud market in 2016Apache LibCloud - Keeping up with the cloud market in 2016
Apache LibCloud - Keeping up with the cloud market in 2016
Anthony Shaw
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
 
Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015
Tomasz Zen Napierala
 
Generated REST Gateways for Mobile Applications
Generated REST Gateways for Mobile ApplicationsGenerated REST Gateways for Mobile Applications
Generated REST Gateways for Mobile Applications
Wolfgang Frank
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Vishal Biyani
 
Jclouds Intro
Jclouds IntroJclouds Intro
Jclouds Intro
guesta31f61
 

More Related Content

What's hot

Just one-shade-of-openstack
Just one-shade-of-openstackJust one-shade-of-openstack
Just one-shade-of-openstack
Roberto Polli
 
Working in the multi-cloud with libcloud
Working in the multi-cloud with libcloudWorking in the multi-cloud with libcloud
Working in the multi-cloud with libcloud
Grig Gheorghiu
 
Advanced Container Security - AWS Summit Sydney 2018
Advanced Container Security - AWS Summit Sydney 2018Advanced Container Security - AWS Summit Sydney 2018
Advanced Container Security - AWS Summit Sydney 2018
Amazon Web Services
 
OpenStack architecture and services
OpenStack architecture and servicesOpenStack architecture and services
OpenStack architecture and services
vinoth kumar selvaraj
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
Amazon Web Services
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
Tim Nolet
 
Power of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityPower of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure Security
Adin Ermie
 
Openstack Heat
Openstack HeatOpenstack Heat
Openstack Heat
Arun prasath
 
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
Amazon Web Services
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
Amazon Web Services
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...
Steffen Mazanek
 
Apache Libcloud
Apache LibcloudApache Libcloud
Apache Libcloud
Sebastien Goasguen
 
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWSAWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
Control Group
 
Openstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolOpenstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2School
Asaf Abres
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
 
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Amazon Web Services
 
Apache LibCloud - Keeping up with the cloud market in 2016
Apache LibCloud - Keeping up with the cloud market in 2016Apache LibCloud - Keeping up with the cloud market in 2016
Apache LibCloud - Keeping up with the cloud market in 2016
Anthony Shaw
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
 
Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015
Tomasz Zen Napierala
 
Generated REST Gateways for Mobile Applications
Generated REST Gateways for Mobile ApplicationsGenerated REST Gateways for Mobile Applications
Generated REST Gateways for Mobile Applications
Wolfgang Frank
 

What's hot (20)

Just one-shade-of-openstack
Just one-shade-of-openstackJust one-shade-of-openstack
Just one-shade-of-openstack
 
Working in the multi-cloud with libcloud
Working in the multi-cloud with libcloudWorking in the multi-cloud with libcloud
Working in the multi-cloud with libcloud
 
Advanced Container Security - AWS Summit Sydney 2018
Advanced Container Security - AWS Summit Sydney 2018Advanced Container Security - AWS Summit Sydney 2018
Advanced Container Security - AWS Summit Sydney 2018
 
OpenStack architecture and services
OpenStack architecture and servicesOpenStack architecture and services
OpenStack architecture and services
 
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS securityAWS Summit Stockholm 2014 – T2 – Understanding AWS security
AWS Summit Stockholm 2014 – T2 – Understanding AWS security
 
Building a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with PuppetBuilding a Hyper Secure VPC on AWS with Puppet
Building a Hyper Secure VPC on AWS with Puppet
 
Power of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityPower of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure Security
 
Openstack Heat
Openstack HeatOpenstack Heat
Openstack Heat
 
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
AWS Elastic Beanstalk under the Hood (DMG301) | AWS re:Invent 2013
 
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
(SEC305) How to Become an IAM Policy Ninja in 60 Minutes or Less
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...
 
Apache Libcloud
Apache LibcloudApache Libcloud
Apache Libcloud
 
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWSAWS Re:Invent - Securing HIPAA Compliant Apps in AWS
AWS Re:Invent - Securing HIPAA Compliant Apps in AWS
 
Openstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolOpenstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2School
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
 
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
Container Networking Deep Dive with Amazon ECS - CON401 - re:Invent 2017
 
Apache LibCloud - Keeping up with the cloud market in 2016
Apache LibCloud - Keeping up with the cloud market in 2016Apache LibCloud - Keeping up with the cloud market in 2016
Apache LibCloud - Keeping up with the cloud market in 2016
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
 
Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015Architecture of massively scalable, distributed systems - InfoShare 2015
Architecture of massively scalable, distributed systems - InfoShare 2015
 
Generated REST Gateways for Mobile Applications
Generated REST Gateways for Mobile ApplicationsGenerated REST Gateways for Mobile Applications
Generated REST Gateways for Mobile Applications
 

Similar to Three Degrees of Mediation: Challenges and Lessons in building Cloud-agnostic Systems

Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Vishal Biyani
 
Jclouds Intro
Jclouds IntroJclouds Intro
Jclouds Intro
guesta31f61
 
.NET Core Apps: Design & Development
.NET Core Apps: Design & Development.NET Core Apps: Design & Development
.NET Core Apps: Design & Development
GlobalLogic Ukraine
 
Introduction to Cloudify for OpenStack users
Introduction to Cloudify for OpenStack users Introduction to Cloudify for OpenStack users
Introduction to Cloudify for OpenStack users
Nati Shalom
 
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
DevDay Da Nang
 
TechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricTechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud Fabric
Robb Boyd
 
Service fabric and azure service fabric mesh
Service fabric and azure service fabric meshService fabric and azure service fabric mesh
Service fabric and azure service fabric mesh
Mikkel Mørk Hegnhøj
 
Chef and Apache CloudStack (ChefConf 2014)
Chef and Apache CloudStack (ChefConf 2014)Chef and Apache CloudStack (ChefConf 2014)
Chef and Apache CloudStack (ChefConf 2014)
Jeff Moody
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
CloudStack - Open Source Cloud Computing Project
 
DDD, CQRS and testing with ASP.Net MVC
DDD, CQRS and testing with ASP.Net MVCDDD, CQRS and testing with ASP.Net MVC
DDD, CQRS and testing with ASP.Net MVC
Andy Butland
 
2020-02-10 Java on Azure Solution Briefing
2020-02-10 Java on Azure Solution Briefing2020-02-10 Java on Azure Solution Briefing
2020-02-10 Java on Azure Solution Briefing
Ed Burns
 
Openstack_administration
Openstack_administrationOpenstack_administration
Openstack_administration
Ashish Sharma
 
Escalabilidad horizontal y arquitecturas elásticas en Microsoft azure
Escalabilidad horizontal y arquitecturas elásticas en Microsoft azureEscalabilidad horizontal y arquitecturas elásticas en Microsoft azure
Escalabilidad horizontal y arquitecturas elásticas en Microsoft azure
Enrique Catala Bañuls
 
2016 07 - CloudBridge Python library (XSEDE16)
2016 07 - CloudBridge Python library (XSEDE16)2016 07 - CloudBridge Python library (XSEDE16)
2016 07 - CloudBridge Python library (XSEDE16)
Enis Afgan
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 Recap
Patrick Chanezon
 
IaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysisIaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysis
Graisy Biswal
 
Vijay Oscon
Vijay OsconVijay Oscon
Vijay Oscon
vijayrvr
 
Introduction to Apache jclouds at NYJavaSIG
Introduction to Apache jclouds at NYJavaSIGIntroduction to Apache jclouds at NYJavaSIG
Introduction to Apache jclouds at NYJavaSIG
Everett Toews
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
Kumton Suttiraksiri
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
CloudStack - Open Source Cloud Computing Project
 

Similar to Three Degrees of Mediation: Challenges and Lessons in building Cloud-agnostic Systems (20)

Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Jclouds Intro
Jclouds IntroJclouds Intro
Jclouds Intro
 
.NET Core Apps: Design & Development
.NET Core Apps: Design & Development.NET Core Apps: Design & Development
.NET Core Apps: Design & Development
 
Introduction to Cloudify for OpenStack users
Introduction to Cloudify for OpenStack users Introduction to Cloudify for OpenStack users
Introduction to Cloudify for OpenStack users
 
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
[DevDay 2016] OpenStack and approaches for new users - Speaker: Chi Le – Head...
 
TechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricTechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud Fabric
 
Service fabric and azure service fabric mesh
Service fabric and azure service fabric meshService fabric and azure service fabric mesh
Service fabric and azure service fabric mesh
 
Chef and Apache CloudStack (ChefConf 2014)
Chef and Apache CloudStack (ChefConf 2014)Chef and Apache CloudStack (ChefConf 2014)
Chef and Apache CloudStack (ChefConf 2014)
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
 
DDD, CQRS and testing with ASP.Net MVC
DDD, CQRS and testing with ASP.Net MVCDDD, CQRS and testing with ASP.Net MVC
DDD, CQRS and testing with ASP.Net MVC
 
2020-02-10 Java on Azure Solution Briefing
2020-02-10 Java on Azure Solution Briefing2020-02-10 Java on Azure Solution Briefing
2020-02-10 Java on Azure Solution Briefing
 
Openstack_administration
Openstack_administrationOpenstack_administration
Openstack_administration
 
Escalabilidad horizontal y arquitecturas elásticas en Microsoft azure
Escalabilidad horizontal y arquitecturas elásticas en Microsoft azureEscalabilidad horizontal y arquitecturas elásticas en Microsoft azure
Escalabilidad horizontal y arquitecturas elásticas en Microsoft azure
 
2016 07 - CloudBridge Python library (XSEDE16)
2016 07 - CloudBridge Python library (XSEDE16)2016 07 - CloudBridge Python library (XSEDE16)
2016 07 - CloudBridge Python library (XSEDE16)
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 Recap
 
IaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysisIaaS Cloud Providers: A comparative analysis
IaaS Cloud Providers: A comparative analysis
 
Vijay Oscon
Vijay OsconVijay Oscon
Vijay Oscon
 
Introduction to Apache jclouds at NYJavaSIG
Introduction to Apache jclouds at NYJavaSIGIntroduction to Apache jclouds at NYJavaSIG
Introduction to Apache jclouds at NYJavaSIG
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
 

Recently uploaded

How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
GohKiangHock
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
AnkitaPandya11
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
Peter Muessig
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 

Recently uploaded (20)

How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.fiscal year variant fiscal year variant.
fiscal year variant fiscal year variant.
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 

Three Degrees of Mediation: Challenges and Lessons in building Cloud-agnostic Systems

  • 1. Copyright © 2010 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Confidential & Proprietary. Do not Distribute Copyright © 2010 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Confidential & Proprietary. Do not Distribute Three Degrees of Mediation Challenges & Lessons in Building Cloud-agnostic Systems Copyright © 2014 Alex Maclinovsky All Rights Reserved. Alex Maclinovsky, Principal Engineer, Sears Holdings
  • 2. 2Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 3. What is Cloud-Agnostic and why should I care? 3Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Cloud-Agnostic System consumes cloud services while being loosely coupled to the underlying cloud platforms and providers. Common CAS traits: • Integrates with the underlying cloud rather than just running on it • Large contact surface with the cloud • Leverages Cloud API for the integration • Orchestrates cloud operations and capabilities • Typically integrates on the lower (IaaS, STaaS) levels of abstraction
  • 4. Degrees of Cloud-Agnostic behavior 4Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. • Works with a TBD Cloud • Works with multiple versions of a Cloud • Can work with one of several clouds • Can work with more than one cloud • Can support new clouds • Uses the same code to talk to multiple clouds  Will support future features and capabilities of target clouds  Marginal  Useful Valueofmediation Technology Parallels:
  • 5. Approaches for building Generic Clients 5Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Lowest Common Denominator • Implements only functionality which is present and consistently implemented in all target systems • Leaves all deviations out of scope Reflection • Builds rich canonical domain model encompassing majority of the features found in the target systems • Uses meta-model + discovery APIs to allow users to discover feature set supported by specific target Do This • Implements only a single operation doThis() that takes an XML document describing the request <XML /> <XML /> <XML />
  • 6. <XML /> <XML /> <XML /> Popular Multi-Cloud Integration Options • Apache jclouds – often seen as the leader of the pack, VM-centric – no networking, support for cloud-specific features is largely done via provider contexts • Apache d-cloud - even more basic, with no networking support. Is a REST API not a Java library • Apache Libcloud – a python library that lacks even most basic canonical relying on the dynamic language to hide feature differences between cloud drivers • Dasein Cloud – the only one built on a real canonical model. Supports broad variety of clouds. Has rich networking. OSS foundation for Dell Cloud Manager • Cisco CIAC - Cisco Intelligent Automation for Cloud 6Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 7. The Importance of Canonicals •Much more variability between clouds than RDBMS •Whether cloud abstraction layer uses a rich, well- defined canonical determines its mediation value – … and, ultimately, ability to write cross-cloud code •Next 2 slides compare code snippets launching VMs with default configurations in EC2 and Terremark eCloud, highlighting: common, parameterizable and divergent code and showing overall mediation score between two integration libraries: one uses the other: 7Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 8. jclouds – What Canonical? + = 8Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. ComputeServiceContext context = ContextBuilder.newBuilder("aws-ec2") … Template template = context.getComputeService().templateBuilder().osFamily(OsFamily.CENTOS).build(); options.as(AWSEC2TemplateOptions.class).subnetId(subnetId); template.getOptions().as(EC2TemplateOptions.class).noKeyPair(); Set<? extends NodeMetadata> nodes = context.getComputeService().createNodesInGroup("webserver", 1, template); NodeMetadata node = Iterables.get(nodes, 0); // when you need access to very ec2-specific features, use the provider-specific context AWSEC2Client ec2Client = AWSEC2Client.class.cast(context.getProviderSpecificContext().getApi()); ComputeServiceContext context = ContextBuilder.newBuilder("trmk-ecloud") … RestContext<TerremarkECloudClient, TerremarkECloudAsyncClient> providerContext = context.getProviderContext(); CommonVCloudClient client = context.getApi(); CatalogItem item = client.findCatalogItemInOrgCatalogNamed(null, null, "Centos"); VAppTemplate vAppTemplate = client.getVAppTemplate(item.getEntity().getHref()); vdc = client.findVDCInOrgNamed(null, null); VApp = client.instantiateVAppTemplateInVDC(vdc.getHref(), vAppTemplate.getHref(), serverName); taskTester = new RetryablePredicate<String>(new TaskSuccess(context.getAsyncApi()), 300, 10, TimeUnit.SECONDS); if (!taskTester.apply(task.getHref()) throw new Exception("could not deploy and powerOn "+vApp.getHref());
  • 9. Dasein Cloud + = 9Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. provider= constructProvider(DASEIN_CLASS_AWS, ACCOUNT_IDENTIFIER_AWS, CREDENTIALS_PUBLIC_AWS, CREDENTIALS_PRIVATE_AWS, CLOUD_NAME_AWS, ENDPOINT_AWS, DEFAULT_REGION_AWS); if (provider != null) { try { String name = “ServerName"; String imageId = "ami-802c96e9"; String productId = "m1.small"; VMLaunchOptions vmOpts = VMLaunchOptions.getInstance(productId, imageId, name, "Minimal EC2 VM Launch Test"); String result = vmOpts.build(provider); System.out.println("Resulting VM ID: "+ result); } catch (CloudException e) { … provider = constructProvider(DASEIN_CLASS_TMK, ACCOUNT_IDENTIFIER_TMK, CREDENTIALS_PUBLIC_TMK, CREDENTIALS_PRIVATE_TMK, CLOUD_NAME_TMK, ENDPOINT_TMK, DEFAULT_REGION_TMK); if (provider != null) { try { String name = "ServerName"; String imageId = "32452"; String productId = "248:2379:TEMPLATE"; VMLaunchOptions vmOpts = VMLaunchOptions.getInstance(productId, imageId, name, "Minimal TMK VM Launch Test"); String result = vmOpts.build(provider); System.out.println("Resulting VM ID: "+ result); } catch (CloudException e) { …
  • 10. Dasein Cloud : Power of Reflection 10Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. static CloudProvider constructProvider(String providerClass, String account, String shared, String secret, String name, String endpoint, String regionId) { Cloud cloud = Cloud.register(name, name, endpoint, (Class<? extends CloudProvider>) Class.forName(providerClass)); ContextRequirements requirements = cloud.buildProvider().getContextRequirements(); List<ContextRequirements.Field> fields = requirements.getConfigurableValues(); List<ProviderContext.Value> values = new ArrayList<ProviderContext.Value>(fields.size()); for (ContextRequirements.Field f : fields) { if (f.type.equals(ContextRequirements.FieldType.KEYPAIR)) { if (shared != null && secret != null) { values.add(ProviderContext.Value.parseValue(f, shared, secret)); } else { throw new RuntimeException("Keypair parameters are not set up correctly"); } } else { String value = System.getProperty(f.name); values.add(ProviderContext.Value.parseValue(f, value)); } } ProviderContext ctx = cloud.createContext(account, regionId, values.toArray(new ProviderContext.Value[0])); provider = ctx.connect(); return provider; } The common method which is identical across both clouds and was factored out for brevity:
  • 11. But Canonical & Reflection is not Enough •Even when the code for each operation (create network, launch VM, assign IP, etc.) is the same across the target clouds, code to implement the same user story will differ because the sequence of operations will differ between clouds: – the user story of interest being not: Launch server A with characteristics XYZ on cloud B, but: – Launch server A with characteristics XYZ in the [location C of the] network D with access rights E on the cloud B - the devil in the details [of cloud providers’ networking] 11Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 12. End-to-end Meaningful Use Case: A Tale of Two Clouds 12Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Deploy a simple standalone application serving API calls from mobile clients over HTTPS from an existing image. AWS 1. Create VPC 2. Add Internet Gateway 3. Create Public subnet 4. Create Firewall 5. Add Allow rule to the FW 6. Deploy a Server on the subnet into the FW 7. Create public IP 8. Assign Public IP to Server NTTA / OpSource / Dimension Data 1. Create Network 2. Remove extra FW rules 3. Deploy a Server on the network 4. Check for free public IPs in the network and create a public IP block if necessary 5. Assign Public IP to Server Consistent, in-order steps. Specific to a particular Cloud. Common enough to be modelled and inferred via reflection.
  • 13. Three Degrees of Mediation As I was struggling why even the best cloud abstraction layer doesn’t help me write truly generic code to implement the above use case, I realized there was not just one but three distinct levels of mediation that needed to be addressed: •Syntactic – which can be done through a good library based on a canonical model •Semantic – that could be tackled to a degree via reflection and •Idiosyncratic – that had to be addressed on case- by-case bases 13Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 14. Syntactic vs Semantic Model in mapping Network topology across cloud providers 14Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. Network Universe Encapsulates a set of mutually routable networks with a distinct IP space and means of interconnection with the outside world Usable Network A contiguous space of IP addresses representable by a CIDR, that can be used as a deployment target for servers. Has a distinct perimeter, with ACL, NAT, RNAT and Forwarding rules associated with it. All servers deployed within a UN are mutually reachable. Network Partition An optional subdivision within a Network that can be used for partitioning of IP space and controlling multicast boundaries. Semantic Model Syntactic Model Network Subnet Amazon VPC Subnet Dimension Data Azure Virtual Network Network Subnet Datacenter (implied) Deploy servers here...
  • 15. Examples of Idiosyncratic Features Provider “Feature” Mitigation Terremark eCloud Private image launches with original IP of source VM, making it unreachable Use public images and configure on the fly NTTA Issuing too many networking Ops per DC locks cloud’s networking layer Client-side throttling of networking requests NTTA When adding drives to an existing server 7th and 11th SCSI slots are left empty Vertical scaling logic needs to handle this correctly Google GCA Default templates start without swap, so small VMs getting stuck in heavy configuration during heavy provisioning Launch large VMs then replace with small after 10 minutes Windows Azure Incomplete emulation of IP protocol – some communication between 2 VMs on the same subnet might not work Use only supported ports and protocols AWS EC2 When launching an instance in VPC without specifying subnet it appears to be quietly ejected into legacy EC2 Avoid 15Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 16. Polymorphic Orchestration •Structure cloud-facing code as a hierarchy of workflows arranged according to abstraction level: Level 0: Service Provider – common across all services Level 1: Business Service – e.g. IaaS Provisioning Level 2: Generic Technical Operation (provider- agnostic) – e.g. Create Network or Launch Server Level 3: Provider-Specific Technical Operation – e.g. Create Amazon VPC or Reserve NTTA Public IP Block •Higher level workflows specify generic behaviors while lower levels provide necessary overrides for semantic and idiosyncratic deviations 16Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 17. Use of Polymorphic Workflows to Implement Application Deployment UC 17Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary. L2 Deploy Application L3: AWSL3: NTTA NTTA AWSCreate Network Universe Create Network Universe Create VPC Create IG Create Usable Network Create Usable Network Create Subnet Create Network Create or Discover Firewall Create or Discover Firewall Create Security Group Secure Network Secure Network Remove ACL loop Open Firewall Port (Add SG Rule) Open Firewall Port (Create ACL) Deploy Server Deploy Server Create Public IP Create Public IP Create Elastic IP Reserve Public IP Block opt Assign IP to Server Assign IP to Server Legend: NoOP
  • 18. Conclusions •Building Cloud-agnostic systems is really hard! •But it is possible, given right tools, design, architecture and realistic expectations •CA system needs to address all 3 mediation levels: Abstraction layer with good canonical provides syntactic Reflective logic and polymorphic orchestration can ensure semantic consistency Idiosyncratic requires case-by-case handling by provider-specific code •This approach will work for new providers but not new features 18Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.
  • 19. Q & A 19Copyright © 2014 Alex Maclinovsky All Rights Reserved. Confidential & Proprietary.