Anthos / Application
Modernization Platform
+94%
Of CIOs indicated that business
leaders depend on technology
teams for improved agility and
faster time to market
McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
80%
of CIOs admit they haven’t
attained the desired business
agility with migration*
McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
Technology teams fail at transformation due to lack of
flexibility and agility
4
Innovationrate
Consum
er
20202010200019901980
Enterprise innovation
rate has been lagging
dramatically.Enterprise
Every enterprise
is a snowflake.
I want to manage costs, have
leverage for contract negotiations
I want to Invest my time in innovation
and agility not in building for the
platform
I want a consistency and reliability in
managing the platforms I have been
asked to support
I want security to be an enabler, I want
consistency in managing policies and
auditing access
Enterprises have several different requirements
Developers
Security Operators
IT Operators
Decision Makers
IT is forced into trade-offs
● Development wants to
use the latest tools,
languages and plugins
● Security wants verified
tools and validated
systems before putting
it into production
Security vs Agility
● Redundancy is the
way to minimize
downtime
● Redundancy means
underutilized
resources
Reliability vs Cost
● Lock-in gives you
consistency
● Lock-in keeps you from
using the best tools,
negotiating better
prices, or being as
flexible as you want
Portability vs lock-in
The future of applications, and the infrastructure that
they run on, is created with containerized
microservices, managed through a declarative system
with a single control experience that uses a service
mesh to spans all application locations.
9
Google’s POV
● Avoid lock-in
● Avoid unnecessary
licensing costs
● Broad ecosystem of
partners
Modern Application development
Open software
● Create a software
assembly line
● Build fast feedback into
your systems
● Control deployments
CI/CD and DevOps
● Move at the speed of
your fastest developer
● Use the best tools
● Leverage small and
agile teams
Microservices
● Define goals, instead
of actions
● Less idle resources
● Manage apps instead
of servers
Orchestration
● Increase portability of
applications
● Increase security
● Increase speed
Containerization
● Decrease downtime
● Increase portability of
services
● Manage access and
testing of services
Services and API management
74%
improvement in
productivity for
security tasks
increase in application
migration and
modernization
Increase in platform
operations efficiency
reduction in non-
coding activities
38%
75%
55%
Source: New Technology Projection: The Total Economic Impact™ Of Anthos, September 2019,
a commissioned study conducted by Forrester Consulting on behalf of Google.
*Based on the customer interview
Anthos empowers
organizations, saving
bottom-line costs,
and increasing
top-line revenue1
Up to:
return in investment
(ROI) deploying
Anthos
improvement in
time to market*
4.8x
13xNew
Anthos ROI report by Forrester
The benefits of Google Cloud’s Anthos
Modernize your applications on
premises, or in the cloud.
Automate policy and security for
your hybrid Kubernetes
deployments
Built on open source technology
like Kubernetes; so it’s portable,
consistent, and extensible
Modernize anywhere Put security guardrails in place
Built for portability. Avoid lock-in
Anthos provides a unified
management experience across
environments (on-prem
& cloud)
Anthos gives you one platform that
you can run anywhere
Flexible, predictable subscription
based pricing and lower TCO
Unified management
Consistent experience
Lower TCO
Anthos is a game changer for enterprise customers
Anthos’ multi-cloud
capabilities are so
far unique in the
industry
Forbes, April 2019
Config & Policy
management
Anthos Config
Management
Application Development
Cloud Run for Anthos
Service Management
Anthos Service Mesh
Container Management
Anthos GKE
Operations
Management
Stackdriver
Core Components of Anthos
Google Cloud Other CloudsOn-prem Edge
Anthos has many
Deployment
Options
Anthos end to end
Stack
© 2019 Google LLC. Confidential and Proprietary
Anthos Typical Enterprise Interaction
Managed
Kubernetes
Infrastructure Operator
Kubernetes Anthos GKE
Service Operator / SRE
Istio Anthos Service Mesh
Developer
Knative Cloud Run for Anthos
Build, deploy, scale using serverless
primitives
Connect, secure, manage, monitor
services
Portable container orchestration
Modernize your applications any place, any time
Differentiating Managed Kubernetes
OSS K8s
on your own
OSS K8s
on GCP
Expert Kubernetes users who have time to
manage and configure various settings and
deployment, and are not looking to leverage
any integrations nor take advantage of Google
SRE
Anthos GKE
Customers who don’t want to worry about the
complexity of Kubernetes and want Google to
handle deployment, scaling and management
Anthos
Customers who want to have a Google tested,
Google integrated container deployment offering
across multiple environments
High
Low
Highly managed,
Low customer
effort
Unmanaged,
High customer
effort
Simplified
Management
Why do customers choose GKE?
OpenScale to any
work load
Optimized
workloads
Quick Up and
Running
Google remains the largest contributor to Kubernetes and is seen as the industry leader due to our
investment and launch of ongoing new features leveraging Google infrastructure
GKE continues to out innovate the competition
Auto
upgrades
Efficient
VMs
Service
discovery
Isolation
Managed
masters
Access
control
Scaling
Simple
UIs
Anthos GKE on VMWare
The following baseline choices were made*
Support native Kubernetes constructs as much as possible.
Support underlay networking (DVS and NSX-T are supported).
Separate L4 and L7 load-balancing.
Ship Envoy based L7 load-balancer out-of-the-box within the cluster as a Kubernetes service.
Integrate with existing networking devices for L4 load-balancing.
vSphere
Admin Cluster
Cluster creation,
upgrade, teardown
vCenter APIs
Virtual Machine
Admin Control
Plane
kubelet
GKE On-Prem Admin Workstation
gkectl
kubectl
● Automated deploy on top of vSphere
shipped as a virtual appliance
● Admin cluster provides local CRUD
operations:
Faster, higher reliability, easier to
manage from cloud
Independent failure domain
● Approach extensible to other IaaS
F5 BIG-IP LTM
User ClusterUser Cluster
Virtual Machine
Workload
Virtual Machine
kubelet
Virtual Machine
Workload
Virtual Machine
User Control Plane
Virtual Machine
kubelet
User Control Plane
kubelet
Workload
kubelet
kubelet
Multi-cluster
management
Multi-Cloud
GCP Other Cloud Provider
Multi-Cluster Use-Cases
Low-Latency Services
Alice in Arkansas Bob in Berlin
US Germany
Environment Separation
(by Team, Tenant, Dev/Stage/Prod)
Team A Team B Team C
Canary Clusters
(for upgrades)
Existing Cluster (v 1.10) Canary Cluster (v 1.11)
Data Locality
Bob from Berlin Alice from Arkansas
US Germany
Highly Available Services
Region A Region B
Bring your clusters to
Anthos
Google Cloud Console
Anthos UI
A single-pane-of-glass for your
Anthos GKE clusters, policies &
configs in many environments
Connecting your
cluster to Google
Infrastructure
Kubernetes
Cluster
Kubernetes
API Server
GKE Connect
Agent
GKE Connect
Service
Outbound TLS
connection
GKE UI
● Register your cluster with GCP and install
the GKE Connect Agent in your cluster
● No public IP required for your cluster
● Traverses VPNs, NATs, firewalls, and
proxies
Config and policy
management
Anthos Config Management
Unified management for
hybrid and multi-cloud
Fine-grained guardrails for
security and governance
Modernized workflow for
platform and infrastructure
Define a hybrid Anthos environment as
data in a secure repository.
● Auditable
● Revertable
● Transactional
● Self-Healing
● Versionable
Anthos Config Management
Anthos Config
Management
Monitors configs for drift every
~15s using annotations
Git repo can be On-Prem or
Cloud or SaaS
Use abstract Namespaces for
config inheritance
Selectors allow scoping
objects to specific clusters
Managing
policies
at scale
Require services to disable
unauthorized access
Example policy use cases
Only allow domain-restricted
Roles and RoleBindings
Require strict mTLS for all
clients/services in a namespace
Enforce specific labels for cost
accounting and chargeback
Require fine-grained service
authorization controls
Require access logging to be
enabled for a cluster / mesh
Policy controller
Based on Open Policy Agent’s
Gatekeeper, ACM Policy Controller
provides first-class integration between
OPA and Kubernetes via a custom
controller.
It turns Rego policies into Kubernetes
objects, allowing them to be customized
and deployed using standard workflows.
GKE
Policy Controller
AdmissionReview
(request)
AdmissionReview
(response)
kubectl Config Mgmt API Clients
Policy
Rule Definition
Enforcement
Service
management
Anthos
Service Mesh
Build on Istio open-source
features & APIs
Observability & service
health is critical
Managed control plane
components in 2020
Google fully committed to
Istio and open governance
Infrastructure Operator
Kubernetes Anthos GKE
Service Operator / SRE
Istio Anthos Service Mesh
Modernize your applications
any place, any time
Developer
Knative Cloud Run
Build, deploy, scale using serverless
primitives
Connect, secure, manage, monitor
services
Portable container orchestration
Why do you need a service mesh
Without Service Mesh With Service Mesh
App Encryption library
Tracing libraryIdentity support
Circuit breaking
Ingress control
Certificate authority
Egress firewall
Access control
Pod
App
EgressIngress
Circuit breaking
Fault injection
Identity
Encryption
Observability
Ingress/Egress Controls – Certificate
Authority – Access Controls – Routing Rules
Control plane
Istio
An open platform for
managing service
interactions across
containers and VMs
Service Mesh
A transparent and
language independent
way to automate
network functions
Anthos Service Mesh
A managed platform that uses Istio
APIs to provide service health tools,
complex traffic controls, and
managed security authority
How does Service Mesh help?
Secure Services
Policy driven security
Secure access and
communications between
some or all services
Manage Health
Uniform observability
Examine everything
happening with your services
with little instrumentation
Connect Services
Operational agility
Manage the flow of traffic
into, out of, and within your
complex deployments
Uniform observability
Application A Application B
Trace request
& response flows
Consistent flow
logs and metrics
Monitor customer
impacting behavior
Understand service
dependencies
Track SLOs and
error budgets
Operational agility
Traffic splitting Traffic steering
Fault injection
Circuit breaking Egress control
Frontend v1
Backend v1
Backend v2
Policy-driven security
Application A Application B
Traffic encryption Service auth Access policiesAuditing controls
Uniform observability
Consistent flow logs
and metrics
Understand service
dependencies
Monitor services
using SLOs
Service Level Objectives monitoring
Monitor customer-visible
behavior
Validate promises to our
users
Error budget lets you
balance velocity vs.
reliability
Alert only when
promises are broken or
on the path to be broken
Managed control plane
● Managed telemetry backends
● Managed CA
● Traffic Director
Out of the box service management
● Metrics, logging, tracing, SLOs
● Service security, authentication,
encryption, and authorization
● Traffic management: routing, load
balancing
Anthos Service Mesh
Increasing
Developer
Productivity
Infrastructure Operator
Kubernetes Anthos GKE
Service Operator / SRE
Istio Anthos Service Mesh
Modernize your applications
any place, any time
Developer
Knative Cloud Run
Build, deploy, scale using serverless
primitives
Connect, secure, manage, monitor
services
Portable container orchestration
Cloud Run for
Anthos
Kubernetes
“the easy way”
2 Questions...
1. How many of your customers build
wrappers or a platform on top of
Kubernetes?
2. How long does it take a developer to ramp
up on Kubernetes?
3 days, 3 weeks, or 3 months?
Why do customers want Cloud Run?
Today, developers need training to be productive with Kubernetes
Ideally, developers would have an environment that:
● Lets them be safe, rollback when needed
● Rapidly scales, without the need for capacity planning
● Has logging, monitoring / observability built in
● Makes everything repeatable, Integrates CI/CD, scales out to other teams / environment
Cloud Run for Anthos
Simplify application deployment and management
New capabilities for Kubernetes
Higher level view of applications
1
2
3
Scale to zero
New Capabilities for
applications
1
2
Simplify application
deployment and
management on Kubernetes
Kubernetes N/A
Cloud Run
Scale application to 0, when no
requests coming
Activate (0→1) on the next request
Kubernetes Connection-based load balancing
Cloud Run
Per-request load balancing
Traffic splitting (blue/green
deployments)
Load balancing
New Capabilities for
applications
1
2
Simplify application
deployment and
management on Kubernetes
Higher level view of
applications
1
2
3
New Capabilities for
applications
Simplify application
deployment and
management on Kubernetes
Revision 1
Revision 2
Revision 3
ConfigurationRoute
Service
https://knative.dev
Based on Knative
● Modernize in place
● Migrate workloads to
cloud when ready
● Standard interface across
cloud and on prem
Portability with Consistency
Cloud run for
Anthos on Premises
Rich catalog of secure, vetted
solutions from leading
ecosystem partners in verticals
such as: Security, Database,
CRM
Robust seller platform with
co-sell and enterprise
procurement support
Marketplace - your one stop shop for Anthos enabled
apps
http://cloud.google.com/marketplace
● Launched K8s apps category, designed for Anthos
● Meets Lifecycle needs: managed upgrades, status and monitoring signals
out of the box
● Support trials and tailored pricing models
● Deploy anywhere and meet customers where they are, on-prem or in the
cloud
● Single GCP bill across deployment environments, including on-prem
● Embrace industry standard DevOps approaches
Kubernetes apps designed for Anthos
Move VMs directly into containers in GKE
with Migrate for Anthos
Migration service
● Low friction path for existing workloads to GKE
○ Improve security and manageability without code change
● Accelerated migration, integration into modern infra
○ Significant reduction in cost, time, labor, complexity compared
with upgrading manually, as is current norm.
○ Low touch migration to GKE, w/ minimal downtime
○ Migrate without deep knowledge of apps moved
● Modernization paths to add’l cloud services
○ Enable multiple options: image extraction/generalization,
monolith breakdown, persistent data migration to 2nd hop
managed storage/databases
Application workloads migration methods
Landing
Zone
Rehost
Basic lift and shift from legacy to GCP
Upgrade OS and Rebuild Apps in GCP
Discover
& Plan
Migration
Factory
Replatform
Replace
Modernize and re-architect the application
Use new COTS / SaaS instead of legacy
Refactor / Containerize
Retire
Retain
Decommission
Leave on premise
Change
Factory
60-70%
10-20% New
Migrate for
Anthos
Migrate for
Compute Engine
Sweet spot Linux workloads
● High performance, high memory databases (SAP HANA)
● VMs with special Kernel needs (e.g., kernel modules)
● Always-on database VMs that don’t fit CloudSQL
● HW-specific license constraints (e.g. per CPU)
● Web, Application Servers, Business logic
○ Multi-tier Stacks - e.g. LAMP, Wordpress
○ J2EE Middleware - e.g. Tomcat, COTS
● Low duty-cycle & bursty workloads
○ Dev/test, training, labs
○ “VM Sprawl” management
○ Density mgmt for low load services
● OS:
○ RHEL / CentOS / SUSE / Ubuntu / Debian
○ Old and new versions supported
Containerize
Use Migrate for Compute Engine
Use mixed deployment
Anthos compared to competition
● Compared to AWS Outpost, Azure stack - Complete software solution
● Compared to Redhat Openshift, VMWare PKS - Better integration with cloud managed
services
● Built on open source technologies
Anthos

Anthos Application Modernization Platform

  • 1.
  • 2.
    +94% Of CIOs indicatedthat business leaders depend on technology teams for improved agility and faster time to market McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
  • 3.
    80% of CIOs admitthey haven’t attained the desired business agility with migration* McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
  • 4.
    Technology teams failat transformation due to lack of flexibility and agility 4
  • 5.
  • 6.
  • 7.
    I want tomanage costs, have leverage for contract negotiations I want to Invest my time in innovation and agility not in building for the platform I want a consistency and reliability in managing the platforms I have been asked to support I want security to be an enabler, I want consistency in managing policies and auditing access Enterprises have several different requirements Developers Security Operators IT Operators Decision Makers
  • 8.
    IT is forcedinto trade-offs ● Development wants to use the latest tools, languages and plugins ● Security wants verified tools and validated systems before putting it into production Security vs Agility ● Redundancy is the way to minimize downtime ● Redundancy means underutilized resources Reliability vs Cost ● Lock-in gives you consistency ● Lock-in keeps you from using the best tools, negotiating better prices, or being as flexible as you want Portability vs lock-in
  • 9.
    The future ofapplications, and the infrastructure that they run on, is created with containerized microservices, managed through a declarative system with a single control experience that uses a service mesh to spans all application locations. 9 Google’s POV
  • 10.
    ● Avoid lock-in ●Avoid unnecessary licensing costs ● Broad ecosystem of partners Modern Application development Open software ● Create a software assembly line ● Build fast feedback into your systems ● Control deployments CI/CD and DevOps ● Move at the speed of your fastest developer ● Use the best tools ● Leverage small and agile teams Microservices ● Define goals, instead of actions ● Less idle resources ● Manage apps instead of servers Orchestration ● Increase portability of applications ● Increase security ● Increase speed Containerization ● Decrease downtime ● Increase portability of services ● Manage access and testing of services Services and API management
  • 11.
    74% improvement in productivity for securitytasks increase in application migration and modernization Increase in platform operations efficiency reduction in non- coding activities 38% 75% 55% Source: New Technology Projection: The Total Economic Impact™ Of Anthos, September 2019, a commissioned study conducted by Forrester Consulting on behalf of Google. *Based on the customer interview Anthos empowers organizations, saving bottom-line costs, and increasing top-line revenue1 Up to: return in investment (ROI) deploying Anthos improvement in time to market* 4.8x 13xNew Anthos ROI report by Forrester
  • 12.
    The benefits ofGoogle Cloud’s Anthos Modernize your applications on premises, or in the cloud. Automate policy and security for your hybrid Kubernetes deployments Built on open source technology like Kubernetes; so it’s portable, consistent, and extensible Modernize anywhere Put security guardrails in place Built for portability. Avoid lock-in Anthos provides a unified management experience across environments (on-prem & cloud) Anthos gives you one platform that you can run anywhere Flexible, predictable subscription based pricing and lower TCO Unified management Consistent experience Lower TCO
  • 13.
    Anthos is agame changer for enterprise customers Anthos’ multi-cloud capabilities are so far unique in the industry Forbes, April 2019
  • 14.
    Config & Policy management AnthosConfig Management Application Development Cloud Run for Anthos Service Management Anthos Service Mesh Container Management Anthos GKE Operations Management Stackdriver Core Components of Anthos
  • 15.
    Google Cloud OtherCloudsOn-prem Edge Anthos has many Deployment Options
  • 16.
    Anthos end toend Stack
  • 17.
    © 2019 GoogleLLC. Confidential and Proprietary Anthos Typical Enterprise Interaction
  • 18.
  • 19.
    Infrastructure Operator Kubernetes AnthosGKE Service Operator / SRE Istio Anthos Service Mesh Developer Knative Cloud Run for Anthos Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration Modernize your applications any place, any time
  • 20.
    Differentiating Managed Kubernetes OSSK8s on your own OSS K8s on GCP Expert Kubernetes users who have time to manage and configure various settings and deployment, and are not looking to leverage any integrations nor take advantage of Google SRE Anthos GKE Customers who don’t want to worry about the complexity of Kubernetes and want Google to handle deployment, scaling and management Anthos Customers who want to have a Google tested, Google integrated container deployment offering across multiple environments High Low Highly managed, Low customer effort Unmanaged, High customer effort
  • 21.
    Simplified Management Why do customerschoose GKE? OpenScale to any work load Optimized workloads Quick Up and Running Google remains the largest contributor to Kubernetes and is seen as the industry leader due to our investment and launch of ongoing new features leveraging Google infrastructure
  • 22.
    GKE continues toout innovate the competition Auto upgrades Efficient VMs Service discovery Isolation Managed masters Access control Scaling Simple UIs
  • 23.
    Anthos GKE onVMWare The following baseline choices were made* Support native Kubernetes constructs as much as possible. Support underlay networking (DVS and NSX-T are supported). Separate L4 and L7 load-balancing. Ship Envoy based L7 load-balancer out-of-the-box within the cluster as a Kubernetes service. Integrate with existing networking devices for L4 load-balancing.
  • 24.
    vSphere Admin Cluster Cluster creation, upgrade,teardown vCenter APIs Virtual Machine Admin Control Plane kubelet GKE On-Prem Admin Workstation gkectl kubectl ● Automated deploy on top of vSphere shipped as a virtual appliance ● Admin cluster provides local CRUD operations: Faster, higher reliability, easier to manage from cloud Independent failure domain ● Approach extensible to other IaaS F5 BIG-IP LTM User ClusterUser Cluster Virtual Machine Workload Virtual Machine kubelet Virtual Machine Workload Virtual Machine User Control Plane Virtual Machine kubelet User Control Plane kubelet Workload kubelet kubelet
  • 25.
  • 26.
    Multi-Cloud GCP Other CloudProvider Multi-Cluster Use-Cases Low-Latency Services Alice in Arkansas Bob in Berlin US Germany Environment Separation (by Team, Tenant, Dev/Stage/Prod) Team A Team B Team C Canary Clusters (for upgrades) Existing Cluster (v 1.10) Canary Cluster (v 1.11) Data Locality Bob from Berlin Alice from Arkansas US Germany Highly Available Services Region A Region B
  • 27.
  • 28.
    Google Cloud Console AnthosUI A single-pane-of-glass for your Anthos GKE clusters, policies & configs in many environments
  • 29.
    Connecting your cluster toGoogle Infrastructure Kubernetes Cluster Kubernetes API Server GKE Connect Agent GKE Connect Service Outbound TLS connection GKE UI ● Register your cluster with GCP and install the GKE Connect Agent in your cluster ● No public IP required for your cluster ● Traverses VPNs, NATs, firewalls, and proxies
  • 31.
  • 32.
    Anthos Config Management Unifiedmanagement for hybrid and multi-cloud Fine-grained guardrails for security and governance Modernized workflow for platform and infrastructure
  • 33.
    Define a hybridAnthos environment as data in a secure repository. ● Auditable ● Revertable ● Transactional ● Self-Healing ● Versionable Anthos Config Management
  • 34.
    Anthos Config Management Monitors configsfor drift every ~15s using annotations Git repo can be On-Prem or Cloud or SaaS Use abstract Namespaces for config inheritance Selectors allow scoping objects to specific clusters
  • 35.
  • 36.
    Require services todisable unauthorized access Example policy use cases Only allow domain-restricted Roles and RoleBindings Require strict mTLS for all clients/services in a namespace Enforce specific labels for cost accounting and chargeback Require fine-grained service authorization controls Require access logging to be enabled for a cluster / mesh
  • 37.
    Policy controller Based onOpen Policy Agent’s Gatekeeper, ACM Policy Controller provides first-class integration between OPA and Kubernetes via a custom controller. It turns Rego policies into Kubernetes objects, allowing them to be customized and deployed using standard workflows. GKE Policy Controller AdmissionReview (request) AdmissionReview (response) kubectl Config Mgmt API Clients Policy Rule Definition Enforcement
  • 38.
  • 39.
    Anthos Service Mesh Build onIstio open-source features & APIs Observability & service health is critical Managed control plane components in 2020 Google fully committed to Istio and open governance
  • 40.
    Infrastructure Operator Kubernetes AnthosGKE Service Operator / SRE Istio Anthos Service Mesh Modernize your applications any place, any time Developer Knative Cloud Run Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration
  • 41.
    Why do youneed a service mesh Without Service Mesh With Service Mesh App Encryption library Tracing libraryIdentity support Circuit breaking Ingress control Certificate authority Egress firewall Access control Pod App EgressIngress Circuit breaking Fault injection Identity Encryption Observability Ingress/Egress Controls – Certificate Authority – Access Controls – Routing Rules Control plane
  • 42.
    Istio An open platformfor managing service interactions across containers and VMs Service Mesh A transparent and language independent way to automate network functions Anthos Service Mesh A managed platform that uses Istio APIs to provide service health tools, complex traffic controls, and managed security authority
  • 43.
    How does ServiceMesh help? Secure Services Policy driven security Secure access and communications between some or all services Manage Health Uniform observability Examine everything happening with your services with little instrumentation Connect Services Operational agility Manage the flow of traffic into, out of, and within your complex deployments
  • 44.
    Uniform observability Application AApplication B Trace request & response flows Consistent flow logs and metrics Monitor customer impacting behavior Understand service dependencies Track SLOs and error budgets
  • 45.
    Operational agility Traffic splittingTraffic steering Fault injection Circuit breaking Egress control Frontend v1 Backend v1 Backend v2
  • 46.
    Policy-driven security Application AApplication B Traffic encryption Service auth Access policiesAuditing controls
  • 47.
    Uniform observability Consistent flowlogs and metrics Understand service dependencies Monitor services using SLOs
  • 48.
    Service Level Objectivesmonitoring Monitor customer-visible behavior Validate promises to our users Error budget lets you balance velocity vs. reliability Alert only when promises are broken or on the path to be broken
  • 49.
    Managed control plane ●Managed telemetry backends ● Managed CA ● Traffic Director Out of the box service management ● Metrics, logging, tracing, SLOs ● Service security, authentication, encryption, and authorization ● Traffic management: routing, load balancing Anthos Service Mesh
  • 50.
  • 51.
    Infrastructure Operator Kubernetes AnthosGKE Service Operator / SRE Istio Anthos Service Mesh Modernize your applications any place, any time Developer Knative Cloud Run Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration
  • 52.
  • 53.
    2 Questions... 1. Howmany of your customers build wrappers or a platform on top of Kubernetes? 2. How long does it take a developer to ramp up on Kubernetes? 3 days, 3 weeks, or 3 months?
  • 54.
    Why do customerswant Cloud Run? Today, developers need training to be productive with Kubernetes Ideally, developers would have an environment that: ● Lets them be safe, rollback when needed ● Rapidly scales, without the need for capacity planning ● Has logging, monitoring / observability built in ● Makes everything repeatable, Integrates CI/CD, scales out to other teams / environment
  • 55.
    Cloud Run forAnthos Simplify application deployment and management New capabilities for Kubernetes Higher level view of applications 1 2 3
  • 56.
    Scale to zero NewCapabilities for applications 1 2 Simplify application deployment and management on Kubernetes Kubernetes N/A Cloud Run Scale application to 0, when no requests coming Activate (0→1) on the next request
  • 57.
    Kubernetes Connection-based loadbalancing Cloud Run Per-request load balancing Traffic splitting (blue/green deployments) Load balancing New Capabilities for applications 1 2 Simplify application deployment and management on Kubernetes
  • 58.
    Higher level viewof applications 1 2 3 New Capabilities for applications Simplify application deployment and management on Kubernetes Revision 1 Revision 2 Revision 3 ConfigurationRoute Service
  • 59.
  • 60.
    ● Modernize inplace ● Migrate workloads to cloud when ready ● Standard interface across cloud and on prem Portability with Consistency Cloud run for Anthos on Premises
  • 61.
    Rich catalog ofsecure, vetted solutions from leading ecosystem partners in verticals such as: Security, Database, CRM Robust seller platform with co-sell and enterprise procurement support Marketplace - your one stop shop for Anthos enabled apps http://cloud.google.com/marketplace
  • 62.
    ● Launched K8sapps category, designed for Anthos ● Meets Lifecycle needs: managed upgrades, status and monitoring signals out of the box ● Support trials and tailored pricing models ● Deploy anywhere and meet customers where they are, on-prem or in the cloud ● Single GCP bill across deployment environments, including on-prem ● Embrace industry standard DevOps approaches Kubernetes apps designed for Anthos
  • 63.
    Move VMs directlyinto containers in GKE with Migrate for Anthos Migration service ● Low friction path for existing workloads to GKE ○ Improve security and manageability without code change ● Accelerated migration, integration into modern infra ○ Significant reduction in cost, time, labor, complexity compared with upgrading manually, as is current norm. ○ Low touch migration to GKE, w/ minimal downtime ○ Migrate without deep knowledge of apps moved ● Modernization paths to add’l cloud services ○ Enable multiple options: image extraction/generalization, monolith breakdown, persistent data migration to 2nd hop managed storage/databases
  • 64.
    Application workloads migrationmethods Landing Zone Rehost Basic lift and shift from legacy to GCP Upgrade OS and Rebuild Apps in GCP Discover & Plan Migration Factory Replatform Replace Modernize and re-architect the application Use new COTS / SaaS instead of legacy Refactor / Containerize Retire Retain Decommission Leave on premise Change Factory 60-70% 10-20% New Migrate for Anthos Migrate for Compute Engine
  • 65.
    Sweet spot Linuxworkloads ● High performance, high memory databases (SAP HANA) ● VMs with special Kernel needs (e.g., kernel modules) ● Always-on database VMs that don’t fit CloudSQL ● HW-specific license constraints (e.g. per CPU) ● Web, Application Servers, Business logic ○ Multi-tier Stacks - e.g. LAMP, Wordpress ○ J2EE Middleware - e.g. Tomcat, COTS ● Low duty-cycle & bursty workloads ○ Dev/test, training, labs ○ “VM Sprawl” management ○ Density mgmt for low load services ● OS: ○ RHEL / CentOS / SUSE / Ubuntu / Debian ○ Old and new versions supported Containerize Use Migrate for Compute Engine Use mixed deployment
  • 66.
    Anthos compared tocompetition ● Compared to AWS Outpost, Azure stack - Complete software solution ● Compared to Redhat Openshift, VMWare PKS - Better integration with cloud managed services ● Built on open source technologies
  • 67.