This presentation is about the various implementations of ManageIQ by actual customers and end users in real world environments. Discover their challenges and the problems they solved with ManageIQ.
For more on ManageIQ, see http://manageiq.org/
2. Agenda
• Introduction
• Insight Europe
• Agile IT and DevOps
• Operators and Administrators
• Business impact
• Q&A
3/17/13 Manage IQ Design Summit
3. Who's Chris?
• Located in Germany
• Joined Red Hat in 2006 as Infrastructure Consultant
• Projects around System-Management, High availability,
Linux Desktops, Identity Management
• Focus on Cloud and Virtualization in recent years
• Since April EMEA Technical Specialist CloudForms
3/17/13 Manage IQ Design Summit
4. What's his role?
• Support pre-Sales
• Answer questions, support during scoping
• Run Demos or Proof of Concepts
• Support Consulting during delivery
3/17/13 Manage IQ Design Summit
6. Insight Europe
• European customers are very sensitive about data
protection and privacy
• Where is my data stored? Who has access to it?
• Companies and public sector very sceptic about public
cloud services
• Results in:
High interest in private cloud or regional clouds
3/17/13 Manage IQ Design Summit
7. Privacy laws
• European law about personal data is very strict
• Some countries have even stricter laws
• Many differences between countries
• European law is setting minimum standards
• local law can be and often is more restrictive
3/17/13 Manage IQ Design Summit
8. Example: Personal data in Germany
• If a company allows private email usage, they
automatically fall under the laws of postal secrecy
• They can no longer scan, read or analysis any mail
(because they can not know if an email was private or
work related)
• This creates special requirements for example for
backups, SPAM and virus filters, out of office rules, data
retention policies
3/17/13 Manage IQ Design Summit
9. Example: User Profiles
• Companies are not allowed to collect data which could
potentially be used to create user profiles
• It is not even relevant if they actually use the data,
storing the data already potentially violates the law!
• Log in times, logging of software usage, usage patterns,
mail transfer logs, web proxies, ...
3/17/13 Manage IQ Design Summit
10. Personal data
• Microsoft has recently been forced by US authorities to
provide personal data about end users even though the
data is stored in the EU
• If they will lose this case and are forced to release the
data, this will be another big blocker for public cloud
adoption in Europe
• http://www.zdnet.com/blog/igeneration/microsoft-admits
-patriot-act-can-access-eu-based-cloud-data/11225
• http://www.washingtonpost.com/news/volokh-conspiracy/w
p/2014/07/07/what-legal-protections-apply-to-e-mail-st
ored-outside-the-u-s/
3/17/13 Manage IQ Design Summit
11. Impact on European Market
• This is actually a big opportunity for European or local
cloud service providers
• They can argue that since they are not owned by an
American company, they can not be forced by US
authorities to release personal data
• The high bars set by law were often seen as a blocker
• Suddenly it's a competitive advantage
3/17/13 Manage IQ Design Summit
13. Why is this a problem for MIQ?
• SmartState Analysis can fetch personal data from VMs
• Desktop virtualization
• Browser history, Registry settings, user generated content
• Mail Servers
• Mail content, log files
• Log files can provide personal data
• Log in times, user behavior, proxy logs
• Reports could be used to create user profiles
• log in behavior (time, Geo location, ... )
3/17/13 Manage IQ Design Summit
14. But also an opportunity
• MIQ can help to respect European and local law
• Zones and Regions can be setup to adjust functionality
to respect local law
• e.g. SmartState Analysis could be disabled in specific zones or
regions
• Control policies can be used to cancel unauthorized
activities
• e.g. cancel SmartState Analysis based on tags by tagging all
virtual desktops, mail servers, proxies,....
3/17/13 Manage IQ Design Summit
15. Basic guidelines
• Data reduction
• Always consider, do I really need this kind of user data or can I
complete the request without it?
• Anonymize data: statistical analysis is allowed
• Remove all references identifying a user, before storing the data
record
• Use strong encryption
• Clear text transfer is always forbidden if it contains user data
• Never store clear text credentials
• use password attribute in MIQ instead
3/17/13 Manage IQ Design Summit
17. Localization
• A must have in some countries like France
• Nice to have for most German customers, but a
challenge in the public sector
• Long term we need full UI localization
• Think beyond ASCII!
3/17/13 Manage IQ Design Summit
18. Localization today
• Localization works for
• VMs
• Providers
• Users
• custom buttons
• service catalog items
• reports
• ....
... so we are almost there!
3/17/13 Manage IQ Design Summit
20. Industry requirements
• Some industries have to meet additional requirements
• financial sector
• Hosting or service providers
• regular audits to prove compliance with local and
European law
• Banks have to prove compliance by yearly audits
• BaFin (German Banking Supervision)
3/17/13 Manage IQ Design Summit
21. How MIQ can help
• control and compliance policies
• verify compliance
• document compliance
• part of audit trail
• verify compliance
• ShellShock
• Heartbleed
• SELinux Enforcement
• the next big thing
3/17/13 Manage IQ Design Summit
22. Summary
• Very sensitive about personal data
• Where is it stored? Who has access?
• Complex law requirements
• Localization
• MIQ can help to address these!
3/17/13 Manage IQ Design Summit
24. Agile IT and DevOps
• Internal IT is usually not fast enough to meet developer
requirements
• Developers are under pressure to deliver results in short
time frame
• Sooner or later Developers start using resources from
AWS or Google
• probably even with approval from their managers
• only way to meet schedule
• Cloud services put IT under specific pressure
• “Why does IT need a week to build a VM while AWS only needs
minutes?”
3/17/13 Manage IQ Design Summit
25. MIQ can help
• reduce deployment time of VMs
• Minutes instead of days
• Deep integration into internal IT tools and processes
• No manual customization after deployment
3/17/13 Manage IQ Design Summit
26. Deep integration
3/17/13 Manage IQ Design Summit
● integration to build
systems like Jason
pre-configured
● backup, monitoring,
etc. pre-configured
● developer tools like
GCC, Java, IDE etc.
are pre-installed
● VM with additional
application (like DB,
Application Server
etc) can be ordered
from a self service
catalog
● IT will take care of
security updates
and bug fixes
● App will work in
production without
modifications
27. Summary
• Expectations on IT are growing
• IT tries to build compelling offers
• MIQ can help by automatically install standardized
applications with deep integration into internal tools and
processes!
• Potential integration with PaaS like OpenShift
3/17/13 Manage IQ Design Summit
29. Traditional IT
• Most customers are not Agile
• Some customers will never apply DevOps
• Often you just want to keep in full control of your IT
infrastructure
3/17/13 Manage IQ Design Summit
30. Operators and Admins
• MIQ allows admins decide and influence how future
software stacks will look like
• e.g. a software stack is split into
frontend/middleware/backend
• admins designs the stack and component is deployed into which
zone
• admins have control about deployed application versions,
configurations, make sure proper firewall and/or load balancer
rules are in place
• a full stack can be deployed by just ordering a single service
catalog item or bundle
3/17/13 Manage IQ Design Summit
32. Operations and Admins
• Predictable and reliable platform for application
development
• admin/ops still is in charge of what is deployed and
where it is deployed
• software release and lifecycle management, firewalls/load
balancers, monitoring etc.
• Integration with e.g. ticket systems can be used to track
all requests created
• will create automatic audit trail in external system about every
service request, lifecycle changes and retirement
3/17/13 Manage IQ Design Summit
33. Placement
• admins can define and enforce rules to meet their needs
• placement polices: "not near" to avoid cluster nodes are running
on the same hypervisor
• placement to use "fast" storage only for I/O intensive workloads
• placement can also override manual migration of VMs
3/17/13 Manage IQ Design Summit
34. Placement “not near”
• Make sure certain workloads never run on the same
hypervisor
• Cluster pairs
• Applications with heavy I/O
• CPU intense applications
• Security requirements
• Use tagging to identify workload
3/17/13 Manage IQ Design Summit
35. Placement “not near”
• Based on existing code
• Never re-invent the wheel!
• Fetch list of VMs for each hypervisor
• Check tags of each VM
• If match, skip hypervisor
• Result is a list of hypervisors which are good to go
3/17/13 Manage IQ Design Summit
37. Global Deployments
• Customer is running multiple data centers around the
globe
• Centralized management from “master” site
• MIQ for global deployments
3/17/13 Manage IQ Design Summit
38. Single entry point
• Admins and Ops are scheduling deployments from one
entry point
• Deployment is orchestrated globally
• Heavy usage of SOAP API
• Automatic scaling
• With geographical awareness
• Integrated with
• License management (for proprietary software)
• Monitoring
• Configuration Management
3/17/13 Manage IQ Design Summit
39. Automatic Scaling
• Application has Management component which keeps
tracks of Requests/s and Queue Length
• Management component calls MIQ to scale up based on
actual load
• MIQ has multiple ways for scaling:
• Dormant VM: Installed and configured, but powered off
3/17/13 Manage IQ Design Summit
40. Automatic Scale Up
• On scale up request:
• Verify hard limit of maximum VMs has not been reached
• Check number of dormant VMs and bring up another one
• If number of dormant VMs is too low, create and install another
VM and add it to the pool of dormant VMs
• Make sure minimum number of dormant VMs exists
• Active VM in Monitoring
• Keep track of license usage
• Add VM to CMDB
3/17/13 Manage IQ Design Summit
41. Automatic Scale Down
• On scale down request:
• Make sure minimum number of running VMs exist
• Shut down not needed VMs and add to dormant pool
• If dormant pool is to large, retire VM (delete)
• Remove VM from monitoring
• Reduce License usage counter
• Deactivate in CMDB
3/17/13 Manage IQ Design Summit
42. New DC Deployments
• Automated process to bring up new DC's
• MIQ easy to deploy
• Configuration of MIQ via Puppet etc.
• Use MIQ to orchestrate VM deployment for new DC's
• Minimum set of VMs for each application
• Infrastructure configuration (aka load balancers)
all orchestrated from “Master” Site
3/17/13 Manage IQ Design Summit
43. Summary
• MIQ allows admins/ops to define stack layouts
• Instead of developers
• Admins have full control over used software versions,
configs, infrastructure, ...
• MIQ helps to make sure they can stay in charge!
3/17/13 Manage IQ Design Summit
45. Business Impact
• Managers and budget owners want overview:
• How are my hypervisors utilized?
• When do I need more storage?
• Are all VMs compliant?
• Do I have enough resources for this new project?
• Do I have potential bottlenecks?
Reduces operational risks!
3/17/13 Manage IQ Design Summit
46. Business Impact
• Optimize and planning provides growth forecasts
• Automatic retirement can help to free up unused
resources
• Right size recommendation can help to scale down
over-sized VMs
3/17/13 Manage IQ Design Summit
Save
Money!!
47. Retirement logic
• Default retirement 6 months
• Notify user upfront
• Shutdown VM
• Move VM to...
• Cheaper storage
• Backup
• And (optionally) delete VM!
• No more Excel sheets to track VM ownership and
cleanup process
3/17/13 Manage IQ Design Summit
48. Business Impact
• reports can help to provide more transparency:
• report "non-VM" related disk usage to free up storage
space
• color formatted reports highlight critical values
• e.g. free disk space on a datastore is less than 10%
• reports on usage based on department, project,
resource type
• how much of my "expensive" storage is used and is it only used
for appropriate workloads?
3/17/13 Manage IQ Design Summit
49. Business Impact
• alerts can send out notifications on critical events
• compliance checks to avoid penalties
• Dashboards to provide role specific overviews
3/17/13 Manage IQ Design Summit
50. Summary
• Managers like
• Reports
• Dashboards
• Trending
• PDF, Scheduler, Mail reports, ...
• MIQ can increase transparency
• Leads to more efficient infrastructure usage and saving
money!
3/17/13 Manage IQ Design Summit
52. Wrap up
• Europe has specific challenges
• Privacy, Regional differences, Localization
• Agile IT and DevOps give traditional IT a hard time
• Rapid deployment, deep integration
• Admins can still be in control
• Define stack deployments, enforce compliance and security
• Managers have better overview
• Reports, Dashboards, Trending, Bottlenecks
3/17/13 Manage IQ Design Summit