Transforming Application Delivery with PaaS and Linux Containers

Red Hat OpenShift Enterprise
Giovanni Galloro
Cloud Solution Architect – Red Hat
ggalloro@redhat.com
Transforming Application Delivery
with PaaS and Linux Containers

PaaS and Linux Containers
Agenda
● Platform as a Service Capabilities
● OpenShift Enterprise Architecture
– Linux Containers
– Docker
– Kubernetes
– RHEL Atomic Host
● OpenShift Application Deployment Flow
● OpenShift Adoption
● Containers Adoption Challenges and Red Hat Strategy

Platform as a Service
Capabilities

PAAS LETS YOU STREAMLINE APP DEV

DEVOPS / CONTINOUS DELIVERY
THROUGH PAAS

CHOOSE THE WAY YOU WORK
Developer IDE
Integrations
Web Browser
Console
Command Line
Tooling
REST APIs

OpenShift Enterprise
Architecture

RED HAT CONFIDENTIAL | NDA ONLY11
CREATING DEFACTO STANDARDS
REGISTRY /
CONTAINER
DISCOVERY
CONTAINER FORMAT
WITH DOCKER
ISOLATION WITH
LINUX CONTAINERS
ORCHESTRATION
WITH
KUBERNETES
Red Hat works with the open source community to drive standards for containerization.

WHAT ARE LINUX CONTAINERS?
Software packaging concept that typically includes an application and
all of its runtime dependencies.
● Easy to deploy and portable
across host systems
● Isolates applications on a
host operating system
● In RHEL, this is done through:
– Control Groups (cgroups)
– kernel namespaces
– SELinux, sVirt
– Docker
HOST OS
SERVER
CONTAINER
LIBS
APP

13
Traditional OS Containers
TRADITIONAL OS VS. CONTAINERS
HARDWARE
HOST OS
HARDWARE
HOST OS
CONTAINER
LIBS
APP A
LIBS A LIBS B LIBS LIBS
APP A APP B
CONTAINER
LIBS
APP B

WHAT DOCKER PROVIDES
● Multi-version packaging format
and isolation
● Simplified container API
(Docker libcontainer)
● Easy to create (Dockerfile)
● Atomic deployment (Docker
images)
● Large ecosystem (Docker Hub)

DOCKER IS A SHIPPING CONTAINER
FOR CODE

LINUX DOCKER CONTAINER
LAYERING
● New images can be created by
adding layers
● Layering model allows for
specialization
● Base image and select number of
platform layers provided by Red Hat
● ISV images form the base of the
RHEL ecosystem
● Stack optimized for individual
application with minimal packaging
per layer

CONTAINERS DELIVER MANY
BENEFITS
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA
Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
Faster provisioning
Greater deployment flexibility
Ability to deliver/deploy applications faster
Greater application mobility/portability
69%
70%
72%
73%
How important are the following benefits of containers to your organization?
Critically or Very Important
73%
72%
70%
69%

KUBERNETES FOR CONTAINER
ORCHESTRATION
● Container orchestration at
scale
● Wiring of multi-container,
multi-host application
topologies
● Scheduling / placement
● Manage container health

RED HAT ENTERPRISE LINUX ATOMIC
HOST
IT IS RED HAT ENTERPRISE
LINUX
OPTIMIZED FOR CONTAINERS
Minimized host
environment
tuned for running
Linux containers
while maintaining
compatibility with
Red Hat
Enterprise Linux.
Inherits the complete hardware
ecosystem, military-grade security,
stability and reliability for which Red
Hat Enterprise Linux is known.
MINIMIZED
FOOTPRINT
SIMPLIFIED
MAINTENANCE
ORCHESTRATION
AT SCALE
Atomic updating
and rollback
means it’s easy to
deploy, update,
and rollback using
imaged-based
technology.
Build composite
applications by
orchestrating
multiple
containers as
microservices on
a single host
instance.

OPENSHIFT RUNS ON YOUR CHOICE OF
INFRASTRUCTURE

NODES ARE INSTANCES OF RHEL WHERE
APPS WILL RUN

APP SERVICES RUN IN DOCKER CONTAINERS
ON EACH NODE

PODS RUNS ONE OR MORE DOCKER
CONTAINERS AS A UNIT

MASTERS LEVERAGE KUBERNETES TO
ORCHESTRATE NODES / APPS

MASTER PROVIDES AUTHENTICATED API FOR
USERS & CLIENTS

MASTER USES ETCD KEY-VALUE DATA STORE
FOR PERSISTENCE

MASTER PROVIDES SCHEDULER FOR POD
PLACEMENT ON NODES

SERVICES ALLOW RELATED PODS TO
CONNECT TO EACH OTHER

MANAGEMENT/REPLICATION CONTROLLER
MANAGES THE POD LIFECYCLE

OPENSHIFT AUTOMATICALLY RECOVERS AND
DEPLOYS A NEW POD

PODS CAN ATTACH TO SHARED STORAGE FOR
STATEFUL SERVICES

ROUTING LAYER ROUTES EXTERNAL APP
REQUESTS TO PODS

DEVELOPERS ACCESS OPENSHIFT VIA WEB,
CLI OR IDE

OPENSHIFT APPLICATION SERVICES
● From Red Hat
● From ISV Partners
● From the Community

FROM DOCKER IMAGE TO RUNNING APP

"Once we actually looked at and had all of
the conversations with all the various
people, there was really only one choice
and that was OpenShift".
The only people that actually understood
what it was that we were talking about was
the Red Hat guys. The Cloud Foundry guys
were good about talking about deploying
Spring-based frameworks and, you know,
that sort of stuff, but once we ran the PoCs
and had deeper conversations, there was
really only one choice."
Tony McGivern - CIO
OPENSHIFT ADOPTION @
LEADING ISV IN FINANCIAL SERVICES has built and
Analytic cloud based platform on Openshift
70% Reduction in Apps Development
time
60% Reduction in Maintenance Costs
(simpler, faster and easier)
90% reduction in Time to Deploy
models
6 Months running live in Production
5% - 40% increased decision accuracy
http://gartner.mediasite.com/Mediasite/Play/4c29e2287c7949cea4b4f8d0367410b01d?sc_cid=
70160000000eGEFAA2&elq=997abd3fad6a49d4ae23e1c7136994bb

Containers Adoption
Challenges

TOP CURRENT CONTAINER
CHALLENGES
Training and Education (lack of skills)
Consistency (lack of standards)
Scalability
Lack of certification or digital structure
Management
Integration with existing development tools and processes
Variable performance
Security
29%
31%
32%
35%
35%
41%
44%
53%
What are the top three challenges your organization
has experienced so far in its use of containers?
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA
Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015

● Who built this image?
● What’s its purpose?
Was it created to
support a demo?
● Is it safe to consume?
● Who maintains it?
NEED FOR A “CHAIN OF TRUST”
DOCKER HUB
docker search mongodb

WHAT'S INSIDE THE CONTAINER
MATTERS
36% of official images in Docker Hub contain high priority
security vulnerabilities
● High vulnerabilities: ShellShock
(bash), Heartbleed (OpenSSL), etc.
● Medium vulnerabilities: Poodle
(OpenSSL), etc.
● Low vulnerabilities: gcc: array
memory allocations could cause
integer overflow
All Images (n=962)
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
36%
28%
Medium priority
High priority
Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and
Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)

Red Hat Strategy for
Containers Adoption

RED HAT CONTAINER CERTIFICATION
UNTRUSTED
● Will what’s inside the containers
compromise your infrastructure?
● How and when will apps and libraries be
updated?
● Will it work from host to host?
RED HAT CERTIFIED
● Trusted source for the host and the
containers
● Trusted content inside the container with
security fixes available as part of an
enterprise lifecycle
● Portability across hosts

SIMPLIFYING CONTAINER ADOPTION
FOR PARTNERS

TRUSTED
CONTAINER
CONTENT
PROVEN
CONTAINER
PORTABILITY
INTEGRATED
APPLICATION
DELIVERY
CONTAINERS FOR THE ENTERPRISE

INSERT DESIGNATOR, IF NEEDED 66
THANK YOU

Transforming Application Delivery with PaaS and Linux Containers

More Related Content

What's hot

Viewers also liked

Similar to Transforming Application Delivery with PaaS and Linux Containers

Recently uploaded

Transforming Application Delivery with PaaS and Linux Containers