GDG Cloud Bengaluru, profile picture
Uploaded byGDG Cloud Bengaluru
PDF, PPTX670 views

Anthos Application Modernization Platform

Anthos is a comprehensive application modernization platform that enhances flexibility and management across hybrid and multi-cloud environments. It aims to address the challenges faced by enterprises in achieving business agility while balancing security and cost-effectiveness through containerized microservices, automated policy, and security management. With significant improvements in productivity and time to market, Anthos empowers organizations to streamline their operations and leverage a broad ecosystem of partners effectively.

Embed presentation

Download as PDF, PPTX
Anthos / Application Modernization Platform
+94% Of CIOs indicated that business leaders depend on technology teams for improved agility and faster time to market McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
80% of CIOs admit they haven’t attained the desired business agility with migration* McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
Technology teams fail at transformation due to lack of flexibility and agility 4
Innovationrate Consum er 20202010200019901980 Enterprise innovation rate has been lagging dramatically.Enterprise
Every enterprise is a snowflake.
I want to manage costs, have leverage for contract negotiations I want to Invest my time in innovation and agility not in building for the platform I want a consistency and reliability in managing the platforms I have been asked to support I want security to be an enabler, I want consistency in managing policies and auditing access Enterprises have several different requirements Developers Security Operators IT Operators Decision Makers
IT is forced into trade-offs ● Development wants to use the latest tools, languages and plugins ● Security wants verified tools and validated systems before putting it into production Security vs Agility ● Redundancy is the way to minimize downtime ● Redundancy means underutilized resources Reliability vs Cost ● Lock-in gives you consistency ● Lock-in keeps you from using the best tools, negotiating better prices, or being as flexible as you want Portability vs lock-in
The future of applications, and the infrastructure that they run on, is created with containerized microservices, managed through a declarative system with a single control experience that uses a service mesh to spans all application locations. 9 Google’s POV
● Avoid lock-in ● Avoid unnecessary licensing costs ● Broad ecosystem of partners Modern Application development Open software ● Create a software assembly line ● Build fast feedback into your systems ● Control deployments CI/CD and DevOps ● Move at the speed of your fastest developer ● Use the best tools ● Leverage small and agile teams Microservices ● Define goals, instead of actions ● Less idle resources ● Manage apps instead of servers Orchestration ● Increase portability of applications ● Increase security ● Increase speed Containerization ● Decrease downtime ● Increase portability of services ● Manage access and testing of services Services and API management
74% improvement in productivity for security tasks increase in application migration and modernization Increase in platform operations efficiency reduction in non- coding activities 38% 75% 55% Source: New Technology Projection: The Total Economic Impact™ Of Anthos, September 2019, a commissioned study conducted by Forrester Consulting on behalf of Google. *Based on the customer interview Anthos empowers organizations, saving bottom-line costs, and increasing top-line revenue1 Up to: return in investment (ROI) deploying Anthos improvement in time to market* 4.8x 13xNew Anthos ROI report by Forrester
The benefits of Google Cloud’s Anthos Modernize your applications on premises, or in the cloud. Automate policy and security for your hybrid Kubernetes deployments Built on open source technology like Kubernetes; so it’s portable, consistent, and extensible Modernize anywhere Put security guardrails in place Built for portability. Avoid lock-in Anthos provides a unified management experience across environments (on-prem & cloud) Anthos gives you one platform that you can run anywhere Flexible, predictable subscription based pricing and lower TCO Unified management Consistent experience Lower TCO
Anthos is a game changer for enterprise customers Anthos’ multi-cloud capabilities are so far unique in the industry Forbes, April 2019
Config & Policy management Anthos Config Management Application Development Cloud Run for Anthos Service Management Anthos Service Mesh Container Management Anthos GKE Operations Management Stackdriver Core Components of Anthos
Google Cloud Other CloudsOn-prem Edge Anthos has many Deployment Options
Anthos end to end Stack
© 2019 Google LLC. Confidential and Proprietary Anthos Typical Enterprise Interaction
Managed Kubernetes
Infrastructure Operator Kubernetes Anthos GKE Service Operator / SRE Istio Anthos Service Mesh Developer Knative Cloud Run for Anthos Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration Modernize your applications any place, any time
Differentiating Managed Kubernetes OSS K8s on your own OSS K8s on GCP Expert Kubernetes users who have time to manage and configure various settings and deployment, and are not looking to leverage any integrations nor take advantage of Google SRE Anthos GKE Customers who don’t want to worry about the complexity of Kubernetes and want Google to handle deployment, scaling and management Anthos Customers who want to have a Google tested, Google integrated container deployment offering across multiple environments High Low Highly managed, Low customer effort Unmanaged, High customer effort
Simplified Management Why do customers choose GKE? OpenScale to any work load Optimized workloads Quick Up and Running Google remains the largest contributor to Kubernetes and is seen as the industry leader due to our investment and launch of ongoing new features leveraging Google infrastructure
GKE continues to out innovate the competition Auto upgrades Efficient VMs Service discovery Isolation Managed masters Access control Scaling Simple UIs
Anthos GKE on VMWare The following baseline choices were made* Support native Kubernetes constructs as much as possible. Support underlay networking (DVS and NSX-T are supported). Separate L4 and L7 load-balancing. Ship Envoy based L7 load-balancer out-of-the-box within the cluster as a Kubernetes service. Integrate with existing networking devices for L4 load-balancing.
vSphere Admin Cluster Cluster creation, upgrade, teardown vCenter APIs Virtual Machine Admin Control Plane kubelet GKE On-Prem Admin Workstation gkectl kubectl ● Automated deploy on top of vSphere shipped as a virtual appliance ● Admin cluster provides local CRUD operations: Faster, higher reliability, easier to manage from cloud Independent failure domain ● Approach extensible to other IaaS F5 BIG-IP LTM User ClusterUser Cluster Virtual Machine Workload Virtual Machine kubelet Virtual Machine Workload Virtual Machine User Control Plane Virtual Machine kubelet User Control Plane kubelet Workload kubelet kubelet
Multi-cluster management
Multi-Cloud GCP Other Cloud Provider Multi-Cluster Use-Cases Low-Latency Services Alice in Arkansas Bob in Berlin US Germany Environment Separation (by Team, Tenant, Dev/Stage/Prod) Team A Team B Team C Canary Clusters (for upgrades) Existing Cluster (v 1.10) Canary Cluster (v 1.11) Data Locality Bob from Berlin Alice from Arkansas US Germany Highly Available Services Region A Region B
Bring your clusters to Anthos
Google Cloud Console Anthos UI A single-pane-of-glass for your Anthos GKE clusters, policies & configs in many environments
Connecting your cluster to Google Infrastructure Kubernetes Cluster Kubernetes API Server GKE Connect Agent GKE Connect Service Outbound TLS connection GKE UI ● Register your cluster with GCP and install the GKE Connect Agent in your cluster ● No public IP required for your cluster ● Traverses VPNs, NATs, firewalls, and proxies
Config and policy management
Anthos Config Management Unified management for hybrid and multi-cloud Fine-grained guardrails for security and governance Modernized workflow for platform and infrastructure
Define a hybrid Anthos environment as data in a secure repository. ● Auditable ● Revertable ● Transactional ● Self-Healing ● Versionable Anthos Config Management
Anthos Config Management Monitors configs for drift every ~15s using annotations Git repo can be On-Prem or Cloud or SaaS Use abstract Namespaces for config inheritance Selectors allow scoping objects to specific clusters
Managing policies at scale
Require services to disable unauthorized access Example policy use cases Only allow domain-restricted Roles and RoleBindings Require strict mTLS for all clients/services in a namespace Enforce specific labels for cost accounting and chargeback Require fine-grained service authorization controls Require access logging to be enabled for a cluster / mesh
Policy controller Based on Open Policy Agent’s Gatekeeper, ACM Policy Controller provides first-class integration between OPA and Kubernetes via a custom controller. It turns Rego policies into Kubernetes objects, allowing them to be customized and deployed using standard workflows. GKE Policy Controller AdmissionReview (request) AdmissionReview (response) kubectl Config Mgmt API Clients Policy Rule Definition Enforcement
Service management
Anthos Service Mesh Build on Istio open-source features & APIs Observability & service health is critical Managed control plane components in 2020 Google fully committed to Istio and open governance
Infrastructure Operator Kubernetes Anthos GKE Service Operator / SRE Istio Anthos Service Mesh Modernize your applications any place, any time Developer Knative Cloud Run Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration
Why do you need a service mesh Without Service Mesh With Service Mesh App Encryption library Tracing libraryIdentity support Circuit breaking Ingress control Certificate authority Egress firewall Access control Pod App EgressIngress Circuit breaking Fault injection Identity Encryption Observability Ingress/Egress Controls – Certificate Authority – Access Controls – Routing Rules Control plane
Istio An open platform for managing service interactions across containers and VMs Service Mesh A transparent and language independent way to automate network functions Anthos Service Mesh A managed platform that uses Istio APIs to provide service health tools, complex traffic controls, and managed security authority
How does Service Mesh help? Secure Services Policy driven security Secure access and communications between some or all services Manage Health Uniform observability Examine everything happening with your services with little instrumentation Connect Services Operational agility Manage the flow of traffic into, out of, and within your complex deployments
Uniform observability Application A Application B Trace request & response flows Consistent flow logs and metrics Monitor customer impacting behavior Understand service dependencies Track SLOs and error budgets
Operational agility Traffic splitting Traffic steering Fault injection Circuit breaking Egress control Frontend v1 Backend v1 Backend v2
Policy-driven security Application A Application B Traffic encryption Service auth Access policiesAuditing controls
Uniform observability Consistent flow logs and metrics Understand service dependencies Monitor services using SLOs
Service Level Objectives monitoring Monitor customer-visible behavior Validate promises to our users Error budget lets you balance velocity vs. reliability Alert only when promises are broken or on the path to be broken
Managed control plane ● Managed telemetry backends ● Managed CA ● Traffic Director Out of the box service management ● Metrics, logging, tracing, SLOs ● Service security, authentication, encryption, and authorization ● Traffic management: routing, load balancing Anthos Service Mesh
Increasing Developer Productivity
Infrastructure Operator Kubernetes Anthos GKE Service Operator / SRE Istio Anthos Service Mesh Modernize your applications any place, any time Developer Knative Cloud Run Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration
Cloud Run for Anthos Kubernetes “the easy way”
2 Questions... 1. How many of your customers build wrappers or a platform on top of Kubernetes? 2. How long does it take a developer to ramp up on Kubernetes? 3 days, 3 weeks, or 3 months?
Why do customers want Cloud Run? Today, developers need training to be productive with Kubernetes Ideally, developers would have an environment that: ● Lets them be safe, rollback when needed ● Rapidly scales, without the need for capacity planning ● Has logging, monitoring / observability built in ● Makes everything repeatable, Integrates CI/CD, scales out to other teams / environment
Cloud Run for Anthos Simplify application deployment and management New capabilities for Kubernetes Higher level view of applications 1 2 3
Scale to zero New Capabilities for applications 1 2 Simplify application deployment and management on Kubernetes Kubernetes N/A Cloud Run Scale application to 0, when no requests coming Activate (0→1) on the next request
Kubernetes Connection-based load balancing Cloud Run Per-request load balancing Traffic splitting (blue/green deployments) Load balancing New Capabilities for applications 1 2 Simplify application deployment and management on Kubernetes
Higher level view of applications 1 2 3 New Capabilities for applications Simplify application deployment and management on Kubernetes Revision 1 Revision 2 Revision 3 ConfigurationRoute Service
https://knative.dev Based on Knative
● Modernize in place ● Migrate workloads to cloud when ready ● Standard interface across cloud and on prem Portability with Consistency Cloud run for Anthos on Premises
Rich catalog of secure, vetted solutions from leading ecosystem partners in verticals such as: Security, Database, CRM Robust seller platform with co-sell and enterprise procurement support Marketplace - your one stop shop for Anthos enabled apps http://cloud.google.com/marketplace
● Launched K8s apps category, designed for Anthos ● Meets Lifecycle needs: managed upgrades, status and monitoring signals out of the box ● Support trials and tailored pricing models ● Deploy anywhere and meet customers where they are, on-prem or in the cloud ● Single GCP bill across deployment environments, including on-prem ● Embrace industry standard DevOps approaches Kubernetes apps designed for Anthos
Move VMs directly into containers in GKE with Migrate for Anthos Migration service ● Low friction path for existing workloads to GKE ○ Improve security and manageability without code change ● Accelerated migration, integration into modern infra ○ Significant reduction in cost, time, labor, complexity compared with upgrading manually, as is current norm. ○ Low touch migration to GKE, w/ minimal downtime ○ Migrate without deep knowledge of apps moved ● Modernization paths to add’l cloud services ○ Enable multiple options: image extraction/generalization, monolith breakdown, persistent data migration to 2nd hop managed storage/databases
Application workloads migration methods Landing Zone Rehost Basic lift and shift from legacy to GCP Upgrade OS and Rebuild Apps in GCP Discover & Plan Migration Factory Replatform Replace Modernize and re-architect the application Use new COTS / SaaS instead of legacy Refactor / Containerize Retire Retain Decommission Leave on premise Change Factory 60-70% 10-20% New Migrate for Anthos Migrate for Compute Engine
Sweet spot Linux workloads ● High performance, high memory databases (SAP HANA) ● VMs with special Kernel needs (e.g., kernel modules) ● Always-on database VMs that don’t fit CloudSQL ● HW-specific license constraints (e.g. per CPU) ● Web, Application Servers, Business logic ○ Multi-tier Stacks - e.g. LAMP, Wordpress ○ J2EE Middleware - e.g. Tomcat, COTS ● Low duty-cycle & bursty workloads ○ Dev/test, training, labs ○ “VM Sprawl” management ○ Density mgmt for low load services ● OS: ○ RHEL / CentOS / SUSE / Ubuntu / Debian ○ Old and new versions supported Containerize Use Migrate for Compute Engine Use mixed deployment
Anthos compared to competition ● Compared to AWS Outpost, Azure stack - Complete software solution ● Compared to Redhat Openshift, VMWare PKS - Better integration with cloud managed services ● Built on open source technologies
Anthos

More Related Content

PDF
Architecting for Success: Designing Secure GCP Landing Zone for Enterprises
byBhuvaneswari Subramani
 
PDF
Google Anthos - Azure Stack - AWS Outposts :Comparison
byKrishna-Kumar
 
PDF
Introduction to Google Cloud Platform
byOpsta
 
PPTX
[Konveyor] migrate and modernize your application portfolio to kubernetes wit...
byKonveyor Community
 
PDF
Google cloud certified professional cloud developer practice dumps 2020
bySkillCertProExams
 
PDF
Best Practices for Middleware and Integration Architecture Modernization with...
byClaus Ibsen
 
PDF
Cloud run - Serverless Containers Done Right
bymfazal
 
PPTX
Google cloud
byRounak Maheshwari
 
Architecting for Success: Designing Secure GCP Landing Zone for Enterprises
byBhuvaneswari Subramani
 
Google Anthos - Azure Stack - AWS Outposts :Comparison
byKrishna-Kumar
 
Introduction to Google Cloud Platform
byOpsta
 
[Konveyor] migrate and modernize your application portfolio to kubernetes wit...
byKonveyor Community
 
Google cloud certified professional cloud developer practice dumps 2020
bySkillCertProExams
 
Best Practices for Middleware and Integration Architecture Modernization with...
byClaus Ibsen
 
Cloud run - Serverless Containers Done Right
bymfazal
 
Google cloud
byRounak Maheshwari
 

What's hot

PPTX
Azure kubernetes service (aks)
byAkash Agrawal
 
PDF
Hands-On Introduction to Kubernetes at LISA17
byRyan Jarvinen
 
PDF
Kubernetes Basics
byEueung Mulyana
 
PDF
Best Practices with Azure Kubernetes Services
byQAware GmbH
 
PPSX
Cloud Architecture - Multi Cloud, Edge, On-Premise
byAraf Karsh Hamid
 
PPTX
App Modernisation with Microsoft Azure
byAdam Stephensen
 
PDF
Kubernetes Architecture and Introduction
byStefan Schimanski
 
PDF
VMware Tanzu Introduction- June 11, 2020
byVMware Tanzu
 
PPTX
Turning Virtual Machines Cloud-Native using KubeVirt
bySuman Chakraborty
 
PDF
Google Cloud Anthos on HPE Simplivity
byTanawit Chansuchai
 
PDF
Azure Arc - Managing Hybrid and Multi-Cloud Platforms
byWinWire Technologies Inc
 
PPTX
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
byTimothy McAliley
 
PDF
EKS Workshop
byAWS Germany
 
PDF
Open shift 4 infra deep dive
byWinton Winton
 
PDF
Kubernetes 101
byWinton Winton
 
PPTX
Azure Application Modernization
byKarina Matos
 
PPTX
Kubernetes and container security
byVolodymyr Shynkar
 
PDF
An Introduction to Kubernetes
byImesh Gunaratne
 
PPTX
Introduction to kubernetes
byRishabh Indoria
 
ODP
Kubernetes Architecture
byKnoldus Inc.
 
Azure kubernetes service (aks)
byAkash Agrawal
 
Hands-On Introduction to Kubernetes at LISA17
byRyan Jarvinen
 
Kubernetes Basics
byEueung Mulyana
 
Best Practices with Azure Kubernetes Services
byQAware GmbH
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
byAraf Karsh Hamid
 
App Modernisation with Microsoft Azure
byAdam Stephensen
 
Kubernetes Architecture and Introduction
byStefan Schimanski
 
VMware Tanzu Introduction- June 11, 2020
byVMware Tanzu
 
Turning Virtual Machines Cloud-Native using KubeVirt
bySuman Chakraborty
 
Google Cloud Anthos on HPE Simplivity
byTanawit Chansuchai
 
Azure Arc - Managing Hybrid and Multi-Cloud Platforms
byWinWire Technologies Inc
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
byTimothy McAliley
 
EKS Workshop
byAWS Germany
 
Open shift 4 infra deep dive
byWinton Winton
 
Kubernetes 101
byWinton Winton
 
Azure Application Modernization
byKarina Matos
 
Kubernetes and container security
byVolodymyr Shynkar
 
An Introduction to Kubernetes
byImesh Gunaratne
 
Introduction to kubernetes
byRishabh Indoria
 
Kubernetes Architecture
byKnoldus Inc.
 

Similar to Anthos Application Modernization Platform

PDF
Anthos - Oxford - AI - Cloud and edge implementations.pdf
byAntonioGulli2
 
PDF
Powerup & GCP | Workshop on Google Kubernetes Engine
byPowerup
 
PPTX
Hybridcloud & Multicloud with GCP Anthos.pptx
byHARSH MANVAR
 
PPTX
GCP containers, Cloud Run & Anthos.pptx
byHARSH MANVAR
 
PDF
Anthos Security: modernize your security posture for cloud native applications
byGreg Castle
 
PDF
GCP Meetup #3 - Approaches to Cloud Native Architectures
bynine
 
PDF
Top 3 reasons why you should run your Enterprise workloads on GKE
bySreenivas Makam
 
PDF
GCP Security Refresher and GKE Enterprise In Action
byStacy Véronneau
 
PDF
Speed & Agility of Innovation with Docker & Kubernetes
byICS
 
PDF
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
byChris Jang
 
PDF
Google Anthos in Action - MEAP Version 6 Antonio Gulli
bykinch7varesno
 
PDF
Google Anthos in Action - MEAP Version 6 Antonio Gulli
byiohlrfnod1685
 
PDF
Google Anthos in Action - MEAP Version 6 Antonio Gulli
bykuhlinhereid
 
PPTX
Adapt or Die: A Microservices Story at Google
byApigee | Google Cloud
 
PDF
Instant Download Google Anthos in Action - MEAP Version 6 Antonio Gulli PDF A...
bymderohuuhka
 
PPTX
Google Cloud Fundamentals by CloudZone
byIdan Tohami
 
PPTX
Session 4 GCCP.pptx
byDSCIITPatna
 
PDF
HCE204: The Wonderful World Of Containers
byNEXTtour
 
PDF
Container Technologies and Transformational value
byMihai Criveti
 
PDF
Yaroslav Ravlinko, Intellias. You don’t need Kubernetes. You need to understa...
byIT Arena
 
Anthos - Oxford - AI - Cloud and edge implementations.pdf
byAntonioGulli2
 
Powerup & GCP | Workshop on Google Kubernetes Engine
byPowerup
 
Hybridcloud & Multicloud with GCP Anthos.pptx
byHARSH MANVAR
 
GCP containers, Cloud Run & Anthos.pptx
byHARSH MANVAR
 
Anthos Security: modernize your security posture for cloud native applications
byGreg Castle
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
bynine
 
Top 3 reasons why you should run your Enterprise workloads on GKE
bySreenivas Makam
 
GCP Security Refresher and GKE Enterprise In Action
byStacy Véronneau
 
Speed & Agility of Innovation with Docker & Kubernetes
byICS
 
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
byChris Jang
 
Google Anthos in Action - MEAP Version 6 Antonio Gulli
bykinch7varesno
 
Google Anthos in Action - MEAP Version 6 Antonio Gulli
byiohlrfnod1685
 
Google Anthos in Action - MEAP Version 6 Antonio Gulli
bykuhlinhereid
 
Adapt or Die: A Microservices Story at Google
byApigee | Google Cloud
 
Instant Download Google Anthos in Action - MEAP Version 6 Antonio Gulli PDF A...
bymderohuuhka
 
Google Cloud Fundamentals by CloudZone
byIdan Tohami
 
Session 4 GCCP.pptx
byDSCIITPatna
 
HCE204: The Wonderful World Of Containers
byNEXTtour
 
Container Technologies and Transformational value
byMihai Criveti
 
Yaroslav Ravlinko, Intellias. You don’t need Kubernetes. You need to understa...
byIT Arena
 

More from GDG Cloud Bengaluru

PDF
Making cloud native deployments easy with Buildpack
byGDG Cloud Bengaluru
 
PDF
Cloud spanner architecture and use cases
byGDG Cloud Bengaluru
 
PPTX
What's new with serverless on google cloud
byGDG Cloud Bengaluru
 
PDF
Managing serverless workloads with knative
byGDG Cloud Bengaluru
 
PDF
Introduction to OpenFaas
byGDG Cloud Bengaluru
 
PDF
Building observable infrastructure and code
byGDG Cloud Bengaluru
 
PPTX
Kubernetes best practices with GKE
byGDG Cloud Bengaluru
 
PDF
Serverless solutions on GCF
byGDG Cloud Bengaluru
 
PDF
Assessing the quality of doctor consultations using ML
byGDG Cloud Bengaluru
 
PDF
Intro to GKE and app deployment with Kubernetes
byGDG Cloud Bengaluru
 
PDF
Google Cloud - Stand Out Features
byGDG Cloud Bengaluru
 
Making cloud native deployments easy with Buildpack
byGDG Cloud Bengaluru
 
Cloud spanner architecture and use cases
byGDG Cloud Bengaluru
 
What's new with serverless on google cloud
byGDG Cloud Bengaluru
 
Managing serverless workloads with knative
byGDG Cloud Bengaluru
 
Introduction to OpenFaas
byGDG Cloud Bengaluru
 
Building observable infrastructure and code
byGDG Cloud Bengaluru
 
Kubernetes best practices with GKE
byGDG Cloud Bengaluru
 
Serverless solutions on GCF
byGDG Cloud Bengaluru
 
Assessing the quality of doctor consultations using ML
byGDG Cloud Bengaluru
 
Intro to GKE and app deployment with Kubernetes
byGDG Cloud Bengaluru
 
Google Cloud - Stand Out Features
byGDG Cloud Bengaluru
 

Recently uploaded

PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Workflow and decision Automation with Flowable
bychakib ch
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 

Anthos Application Modernization Platform

  • 1.
  • 2.
    +94% Of CIOs indicatedthat business leaders depend on technology teams for improved agility and faster time to market McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
  • 3.
    80% of CIOs admitthey haven’t attained the desired business agility with migration* McKinsey Study: Unlocking business acceleration in a hybrid cloud world, July 2019
  • 4.
    Technology teams failat transformation due to lack of flexibility and agility 4
  • 5.
  • 6.
  • 7.
    I want tomanage costs, have leverage for contract negotiations I want to Invest my time in innovation and agility not in building for the platform I want a consistency and reliability in managing the platforms I have been asked to support I want security to be an enabler, I want consistency in managing policies and auditing access Enterprises have several different requirements Developers Security Operators IT Operators Decision Makers
  • 8.
    IT is forcedinto trade-offs ● Development wants to use the latest tools, languages and plugins ● Security wants verified tools and validated systems before putting it into production Security vs Agility ● Redundancy is the way to minimize downtime ● Redundancy means underutilized resources Reliability vs Cost ● Lock-in gives you consistency ● Lock-in keeps you from using the best tools, negotiating better prices, or being as flexible as you want Portability vs lock-in
  • 9.
    The future ofapplications, and the infrastructure that they run on, is created with containerized microservices, managed through a declarative system with a single control experience that uses a service mesh to spans all application locations. 9 Google’s POV
  • 10.
    ● Avoid lock-in ●Avoid unnecessary licensing costs ● Broad ecosystem of partners Modern Application development Open software ● Create a software assembly line ● Build fast feedback into your systems ● Control deployments CI/CD and DevOps ● Move at the speed of your fastest developer ● Use the best tools ● Leverage small and agile teams Microservices ● Define goals, instead of actions ● Less idle resources ● Manage apps instead of servers Orchestration ● Increase portability of applications ● Increase security ● Increase speed Containerization ● Decrease downtime ● Increase portability of services ● Manage access and testing of services Services and API management
  • 11.
    74% improvement in productivity for securitytasks increase in application migration and modernization Increase in platform operations efficiency reduction in non- coding activities 38% 75% 55% Source: New Technology Projection: The Total Economic Impact™ Of Anthos, September 2019, a commissioned study conducted by Forrester Consulting on behalf of Google. *Based on the customer interview Anthos empowers organizations, saving bottom-line costs, and increasing top-line revenue1 Up to: return in investment (ROI) deploying Anthos improvement in time to market* 4.8x 13xNew Anthos ROI report by Forrester
  • 12.
    The benefits ofGoogle Cloud’s Anthos Modernize your applications on premises, or in the cloud. Automate policy and security for your hybrid Kubernetes deployments Built on open source technology like Kubernetes; so it’s portable, consistent, and extensible Modernize anywhere Put security guardrails in place Built for portability. Avoid lock-in Anthos provides a unified management experience across environments (on-prem & cloud) Anthos gives you one platform that you can run anywhere Flexible, predictable subscription based pricing and lower TCO Unified management Consistent experience Lower TCO
  • 13.
    Anthos is agame changer for enterprise customers Anthos’ multi-cloud capabilities are so far unique in the industry Forbes, April 2019
  • 14.
    Config & Policy management AnthosConfig Management Application Development Cloud Run for Anthos Service Management Anthos Service Mesh Container Management Anthos GKE Operations Management Stackdriver Core Components of Anthos
  • 15.
    Google Cloud OtherCloudsOn-prem Edge Anthos has many Deployment Options
  • 16.
    Anthos end toend Stack
  • 17.
    © 2019 GoogleLLC. Confidential and Proprietary Anthos Typical Enterprise Interaction
  • 18.
  • 19.
    Infrastructure Operator Kubernetes AnthosGKE Service Operator / SRE Istio Anthos Service Mesh Developer Knative Cloud Run for Anthos Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration Modernize your applications any place, any time
  • 20.
    Differentiating Managed Kubernetes OSSK8s on your own OSS K8s on GCP Expert Kubernetes users who have time to manage and configure various settings and deployment, and are not looking to leverage any integrations nor take advantage of Google SRE Anthos GKE Customers who don’t want to worry about the complexity of Kubernetes and want Google to handle deployment, scaling and management Anthos Customers who want to have a Google tested, Google integrated container deployment offering across multiple environments High Low Highly managed, Low customer effort Unmanaged, High customer effort
  • 21.
    Simplified Management Why do customerschoose GKE? OpenScale to any work load Optimized workloads Quick Up and Running Google remains the largest contributor to Kubernetes and is seen as the industry leader due to our investment and launch of ongoing new features leveraging Google infrastructure
  • 22.
    GKE continues toout innovate the competition Auto upgrades Efficient VMs Service discovery Isolation Managed masters Access control Scaling Simple UIs
  • 23.
    Anthos GKE onVMWare The following baseline choices were made* Support native Kubernetes constructs as much as possible. Support underlay networking (DVS and NSX-T are supported). Separate L4 and L7 load-balancing. Ship Envoy based L7 load-balancer out-of-the-box within the cluster as a Kubernetes service. Integrate with existing networking devices for L4 load-balancing.
  • 24.
    vSphere Admin Cluster Cluster creation, upgrade,teardown vCenter APIs Virtual Machine Admin Control Plane kubelet GKE On-Prem Admin Workstation gkectl kubectl ● Automated deploy on top of vSphere shipped as a virtual appliance ● Admin cluster provides local CRUD operations: Faster, higher reliability, easier to manage from cloud Independent failure domain ● Approach extensible to other IaaS F5 BIG-IP LTM User ClusterUser Cluster Virtual Machine Workload Virtual Machine kubelet Virtual Machine Workload Virtual Machine User Control Plane Virtual Machine kubelet User Control Plane kubelet Workload kubelet kubelet
  • 25.
  • 26.
    Multi-Cloud GCP Other CloudProvider Multi-Cluster Use-Cases Low-Latency Services Alice in Arkansas Bob in Berlin US Germany Environment Separation (by Team, Tenant, Dev/Stage/Prod) Team A Team B Team C Canary Clusters (for upgrades) Existing Cluster (v 1.10) Canary Cluster (v 1.11) Data Locality Bob from Berlin Alice from Arkansas US Germany Highly Available Services Region A Region B
  • 27.
  • 28.
    Google Cloud Console AnthosUI A single-pane-of-glass for your Anthos GKE clusters, policies & configs in many environments
  • 29.
    Connecting your cluster toGoogle Infrastructure Kubernetes Cluster Kubernetes API Server GKE Connect Agent GKE Connect Service Outbound TLS connection GKE UI ● Register your cluster with GCP and install the GKE Connect Agent in your cluster ● No public IP required for your cluster ● Traverses VPNs, NATs, firewalls, and proxies
  • 31.
  • 32.
    Anthos Config Management Unifiedmanagement for hybrid and multi-cloud Fine-grained guardrails for security and governance Modernized workflow for platform and infrastructure
  • 33.
    Define a hybridAnthos environment as data in a secure repository. ● Auditable ● Revertable ● Transactional ● Self-Healing ● Versionable Anthos Config Management
  • 34.
    Anthos Config Management Monitors configsfor drift every ~15s using annotations Git repo can be On-Prem or Cloud or SaaS Use abstract Namespaces for config inheritance Selectors allow scoping objects to specific clusters
  • 35.
  • 36.
    Require services todisable unauthorized access Example policy use cases Only allow domain-restricted Roles and RoleBindings Require strict mTLS for all clients/services in a namespace Enforce specific labels for cost accounting and chargeback Require fine-grained service authorization controls Require access logging to be enabled for a cluster / mesh
  • 37.
    Policy controller Based onOpen Policy Agent’s Gatekeeper, ACM Policy Controller provides first-class integration between OPA and Kubernetes via a custom controller. It turns Rego policies into Kubernetes objects, allowing them to be customized and deployed using standard workflows. GKE Policy Controller AdmissionReview (request) AdmissionReview (response) kubectl Config Mgmt API Clients Policy Rule Definition Enforcement
  • 38.
  • 39.
    Anthos Service Mesh Build onIstio open-source features & APIs Observability & service health is critical Managed control plane components in 2020 Google fully committed to Istio and open governance
  • 40.
    Infrastructure Operator Kubernetes AnthosGKE Service Operator / SRE Istio Anthos Service Mesh Modernize your applications any place, any time Developer Knative Cloud Run Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration
  • 41.
    Why do youneed a service mesh Without Service Mesh With Service Mesh App Encryption library Tracing libraryIdentity support Circuit breaking Ingress control Certificate authority Egress firewall Access control Pod App EgressIngress Circuit breaking Fault injection Identity Encryption Observability Ingress/Egress Controls – Certificate Authority – Access Controls – Routing Rules Control plane
  • 42.
    Istio An open platformfor managing service interactions across containers and VMs Service Mesh A transparent and language independent way to automate network functions Anthos Service Mesh A managed platform that uses Istio APIs to provide service health tools, complex traffic controls, and managed security authority
  • 43.
    How does ServiceMesh help? Secure Services Policy driven security Secure access and communications between some or all services Manage Health Uniform observability Examine everything happening with your services with little instrumentation Connect Services Operational agility Manage the flow of traffic into, out of, and within your complex deployments
  • 44.
    Uniform observability Application AApplication B Trace request & response flows Consistent flow logs and metrics Monitor customer impacting behavior Understand service dependencies Track SLOs and error budgets
  • 45.
    Operational agility Traffic splittingTraffic steering Fault injection Circuit breaking Egress control Frontend v1 Backend v1 Backend v2
  • 46.
    Policy-driven security Application AApplication B Traffic encryption Service auth Access policiesAuditing controls
  • 47.
    Uniform observability Consistent flowlogs and metrics Understand service dependencies Monitor services using SLOs
  • 48.
    Service Level Objectivesmonitoring Monitor customer-visible behavior Validate promises to our users Error budget lets you balance velocity vs. reliability Alert only when promises are broken or on the path to be broken
  • 49.
    Managed control plane ●Managed telemetry backends ● Managed CA ● Traffic Director Out of the box service management ● Metrics, logging, tracing, SLOs ● Service security, authentication, encryption, and authorization ● Traffic management: routing, load balancing Anthos Service Mesh
  • 50.
  • 51.
    Infrastructure Operator Kubernetes AnthosGKE Service Operator / SRE Istio Anthos Service Mesh Modernize your applications any place, any time Developer Knative Cloud Run Build, deploy, scale using serverless primitives Connect, secure, manage, monitor services Portable container orchestration
  • 52.
  • 53.
    2 Questions... 1. Howmany of your customers build wrappers or a platform on top of Kubernetes? 2. How long does it take a developer to ramp up on Kubernetes? 3 days, 3 weeks, or 3 months?
  • 54.
    Why do customerswant Cloud Run? Today, developers need training to be productive with Kubernetes Ideally, developers would have an environment that: ● Lets them be safe, rollback when needed ● Rapidly scales, without the need for capacity planning ● Has logging, monitoring / observability built in ● Makes everything repeatable, Integrates CI/CD, scales out to other teams / environment
  • 55.
    Cloud Run forAnthos Simplify application deployment and management New capabilities for Kubernetes Higher level view of applications 1 2 3
  • 56.
    Scale to zero NewCapabilities for applications 1 2 Simplify application deployment and management on Kubernetes Kubernetes N/A Cloud Run Scale application to 0, when no requests coming Activate (0→1) on the next request
  • 57.
    Kubernetes Connection-based loadbalancing Cloud Run Per-request load balancing Traffic splitting (blue/green deployments) Load balancing New Capabilities for applications 1 2 Simplify application deployment and management on Kubernetes
  • 58.
    Higher level viewof applications 1 2 3 New Capabilities for applications Simplify application deployment and management on Kubernetes Revision 1 Revision 2 Revision 3 ConfigurationRoute Service
  • 59.
  • 60.
    ● Modernize inplace ● Migrate workloads to cloud when ready ● Standard interface across cloud and on prem Portability with Consistency Cloud run for Anthos on Premises
  • 61.
    Rich catalog ofsecure, vetted solutions from leading ecosystem partners in verticals such as: Security, Database, CRM Robust seller platform with co-sell and enterprise procurement support Marketplace - your one stop shop for Anthos enabled apps http://cloud.google.com/marketplace
  • 62.
    ● Launched K8sapps category, designed for Anthos ● Meets Lifecycle needs: managed upgrades, status and monitoring signals out of the box ● Support trials and tailored pricing models ● Deploy anywhere and meet customers where they are, on-prem or in the cloud ● Single GCP bill across deployment environments, including on-prem ● Embrace industry standard DevOps approaches Kubernetes apps designed for Anthos
  • 63.
    Move VMs directlyinto containers in GKE with Migrate for Anthos Migration service ● Low friction path for existing workloads to GKE ○ Improve security and manageability without code change ● Accelerated migration, integration into modern infra ○ Significant reduction in cost, time, labor, complexity compared with upgrading manually, as is current norm. ○ Low touch migration to GKE, w/ minimal downtime ○ Migrate without deep knowledge of apps moved ● Modernization paths to add’l cloud services ○ Enable multiple options: image extraction/generalization, monolith breakdown, persistent data migration to 2nd hop managed storage/databases
  • 64.
    Application workloads migrationmethods Landing Zone Rehost Basic lift and shift from legacy to GCP Upgrade OS and Rebuild Apps in GCP Discover & Plan Migration Factory Replatform Replace Modernize and re-architect the application Use new COTS / SaaS instead of legacy Refactor / Containerize Retire Retain Decommission Leave on premise Change Factory 60-70% 10-20% New Migrate for Anthos Migrate for Compute Engine
  • 65.
    Sweet spot Linuxworkloads ● High performance, high memory databases (SAP HANA) ● VMs with special Kernel needs (e.g., kernel modules) ● Always-on database VMs that don’t fit CloudSQL ● HW-specific license constraints (e.g. per CPU) ● Web, Application Servers, Business logic ○ Multi-tier Stacks - e.g. LAMP, Wordpress ○ J2EE Middleware - e.g. Tomcat, COTS ● Low duty-cycle & bursty workloads ○ Dev/test, training, labs ○ “VM Sprawl” management ○ Density mgmt for low load services ● OS: ○ RHEL / CentOS / SUSE / Ubuntu / Debian ○ Old and new versions supported Containerize Use Migrate for Compute Engine Use mixed deployment
  • 66.
    Anthos compared tocompetition ● Compared to AWS Outpost, Azure stack - Complete software solution ● Compared to Redhat Openshift, VMWare PKS - Better integration with cloud managed services ● Built on open source technologies
  • 67.