Transforming Your Business
Technical Point of View
Yitao Jiang
jiangyt.cn@gmail.com

Agenda
➢ Cloudfoundry Introduction
➢ Architecture
➢ Runtime
➢ Services
➢ Scaling
➢ Demo
2

PaaS发展经历的阶段
第一阶段： SaaS/IaaS的向下
/向上扩展，PaaS萌芽期
第二阶段： 基于容器技术、针
对原生云应用的PaaS平台快
速发展
第三阶段
❏ 2007年force.com发布
❏ 2008年4月 GAE Beta预览版发
布
❏ 2010 Heroku 被salesforce.com
收购
❏ 2010.2 Windows Azure发布
❏ 2011 Wmware 宣布
Cloudfoundry 开源项目
❏ 2011 Redhat 宣布openshift 开
源项目
❏ 2013.3 Netflix 发布 Netflix OSS
cloud Prize
❏ 2013.11Pivotal 发布企业版
❏ 2013.12 dotcloud改名为Docker
❏ 2014.2 Cloudfoundry 基金会成
立
❏ 2014.2 GAE 支持Managed VM
❏ 2014.4 IBM Bluemix 发布
❏ 与IaaS/SaaS的深度融合
❏ 企业应用, 混合云
3

传统的3层架构模型
3-Tier Shared Nothing Architecture
● Most Common Archiecture, widely deployed
4

Micro-service 架构
● All is API
● Build large systems
composed by small
services that encapsulate
the functionality
corresponding to a single
feature
● Simple
5

I Know them
but who cares
6

*-aaS
7

工作流程
● have a good idea
● request a server
● get a purchase order
● wait
● wait
● server arrives
● server get power and network
● server get OS
● start to config and deploy
Developer
I
a
a
S
8

工作流程
● keep systems running
● don’t care about your application
● not paid to care
● people waiting for their servers
● might have to worry about other
servers
● and emails
● and printers
The System Admin
9

为什么需要PaaS？
PaaS makes it easier to to develop,
run and scale applications.
A growing number of businesses:
● transitioning from packaged
software to cloud-based services
● adding analytics, db services and
multiple services to their products
PaaS technology supports a variety of
clouds, application styles and services.
10

PaaS ?
A PaaS provides ready-to-use-libraries,tools and
services, such as databases, security, user
management, monitoring and analytics, which can
be easily integrated with the applications you are
developing.
PaaS can support applications written different in
frameworks for a wide variety of programming
languages, such as Java, Python, Ruby, .NET,etc.
11

Architecture
12

Components
13

Router
● Proxy
● All traffic
● Access logs
● Load Balancing
● Routing Scheduler
14

Uaa
● Authentication/Authorization
● Oauth2
15

Loginserver
● standard JEE servlet application
● Just Login
● Easy Integration
● LDAP
● SAML
16

CC
The Cloud Controller is responsible for managing
the lifecycle of applications. When a developer
pushes an application to Cloud Foundry, she is
targeting the Cloud Controller. The Cloud Controller
then stores the raw application bits, creates a
record to track the application metadata, and directs
a DEA node to stage and run the application. The
Cloud Controller also maintains records of orgs,
spaces, services, service instances, user roles, and
more
17

Blobstore
The Cloud Controller manages a blob store for the
following:
Resources: Files that are uploaded to the Cloud Controller with a
unique SHA such that they can be reused without re-uploading the
file
App Packages: Unstaged files that represent an application
Droplets: Result of taking an app package, staging it by processing
a buildpack, and preparing it to run
18

DEA
● The Droplet Execution Agent manages application
instances, tracks started instances, and broadcasts
state messages.
● Application instances live inside Warden containers.
Containerization ensures that application instances
run in isolation, get their fair share of resources,
and are protected from noisy neighbors.
19

Runtime/Buildpack
● What you code run with
and depend on
● tomcat
● jdk
● weblogic
● python
● ...
20

How Application Run
● Container(Warden)
● Applications running in a stack with a prebuilt root filesystem (rootfs) which
works in tandem with a buildpack
● Code + Runtime + Dependency
21
Platform
Your

Push 流程
22

Services and Service Instances
Cloud Foundry offers a marketplace of services, from which users can provision
reserved resources on-demand. Examples of resources services provide
include databases on a shared or dedicated server. These resources are
known as Service Instances and the systems that deliver and operate these
resources are known as Services. Think of a service as a factory that delivers
service instances
23

How CF Work with Service
24

Mysql Service
25

Service 定义流程
Develop the broker program
● Push package to CF
cf push testbroker -p testbroker.war
url: http://testbroker.xxx.com
● Register the Broker
cf create-service-broker testbroker username password http://testbroker.xxx.com
● Enable the Broker
cf service-access
cf enable-service-access test-service -p small
26

如何使用？
cf push testapp -p HelloWorldJavaWeb.war
cf create-service MysqlService free testservice
cf bind-service testapp testservice
cf restage testapp
access the application
27

Scaling
Vertical Scaling
Vertical scaling is often referred to as scaling up. Vertical scaling increases the resources available
to an application by adding the capacity directly to the individual nodes.
28

Scaling
Horizontal Scaling
Horizontal scaling is often referred to as scaling out. The overall application resource capacity grows
by adding entire nodes.
29

Orgs, Spaces, Roles, and Permissions
Cloud Foundry uses role-based access control (RBAC), with each role granting permissions in
either an org or a space
Orgs
An org is a development account that an individual or multiple collaborators can own and use. All collaborators access an
org with user accounts. Collaborators in an org share a resource quota plan, applications, services availability, and custom
domains.
User Accounts
A user account represents an individual person within the context of a Cloud Foundry installation. A user can have different
roles in different spaces within an org, governing what level and type of access they have within that space.
Spaces
Every application and service is scoped to a space. Each org contains at least one space. A space provides a set of users
access to a shared location for application development, deployment, and maintenance. Each space role applies only to a
particular space.
30

Orgs, Spaces, Roles, and Permissions(Cont.)
Roles and Permissions
A user can have one or more roles. The combination of these roles defines the user’s overall permissions in the org and
within specific spaces in that org.
Org Roles and Permissions
Org Manager
Assign this role to managers or other users who need to administer the account.
An Org Manager can:
● Add and manage users
● View users and edit org roles
● View the org quota
● Create, view, edit, and delete spaces
● Invite and manage users in spaces
● View the status, number of instances, service bindings, and resource use of each application in every space in the
org
● Add domains
31

Orgs, Spaces, Roles, and Permissions(Cont.)
Note: An Org Manager needs explicit administrator permissions to perform certain actions. Refer to the Creating and
Managing Users with the UAA CLI (UAAC) topic to learn how to create a user with admin rights.
Org Auditor
Assign this role to people who need to view but not edit user information and org quota usage information.
An Org Auditor can:
● View users and org roles
● View the org quota
Space Roles and Permissions
Space Manager
Assign this role to managers or other users who need to administer a space.
A Space Manager can:
● Add and manage users in the space
● View the status, number of instances, service bindings, and resource use of each application in the space
32

Orgs, Spaces, Roles, and Permissions(Cont.)
Space Developer
Assign this role to application developers or other users who need to manage applications and services in a space.
A Space Developer can:
● Deploy an application
● Start or stop an application
● Rename an application
● Delete an application
● Create, view, edit, and delete services in a space
● Bind or unbind a service to an application
● Rename a space
● View the status, number of instances, service bindings, and resource use of each application in the space
● Change the number of instances, memory allocation, and disk limit of each application in the space
● Associate an internal or external URL with an application
Space Auditor
Assign this role to people who need to view but not edit the space.
A Space Auditor can:
● View the status, number of instances, service bindings, and resource use of each application in the space 33

Security
➢ IaaS
○ security group
○ FWaaS
➢ CF
○ security group
■ dea iptable rules
34

Perspective on DevOps
DevOps is all about:
➢ Automating complex IT
processes
➢ With Full visibility and control
35

PaaS on vmware
All components run in vm
2 compute servers (minimum)
N+1 compute servers to support single compute node failure
Active environment consumption: (128GB application pool)
● Total physical Cores: 32 @2.0+ GHZ each (need more cores on OpenStack vs VMware ~2x)
● Total physical RAM: 512GB
● Total datastore size: 3.5TB (when using multiple datastores, use an identical prefix)
● Networking (similar configuration…….different details)
● Minimum: One port group with outbound internet access and inbound access from the customer network.
Will need 10 customer network IP’s
● Preferred: One additional port group that is private, only the ESXi’s in the cluster are able to communicate
across it.
36

37