Upload
trinhmien
View
238
Download
0
Embed Size (px)
Citation preview
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Oracle Solaris Virtualization: From DevOps to Enterprise
Duncan Hardie Principal Product Manager Oracle Solaris 17th November 2015
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
IMPROVED DEPLOYMENT FREQUENCY
Dev lifecycle significantly reduced, smaller changes more frequently
REMOVE ORGANISATIONAL BARRIERS
Builds trust, encourages good information exchange
LOWER FAILURE RATE AND QUICKER RECOVERY
Incremental changes improve bug detection rate, smaller services start
quickly
The Rise of DevOps, What Makes it Attractive?
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
SECURITY
Perception that some containers are not secure, solved with bespoke,
build your own solutions
NETWORKING
Inflexible network infrastructure is very difficult to change, break or
move
INTEGRATION
Lots of tools and solutions but this can cause confusion – what do I
pick?
Some DevOps Challenges …
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Merging of DevOps and Enterprise Requirements
Cloud DevOps
Flexible
Tooling
Quick Release Cycle
Open Standards
Enterprise
Secure
Highly Available
Efficient
Compliant
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Secure and Compliant: Up, down and across the datacenter
• Simple: sub-systems seamlessly integrated together
• Efficient: resources used in the most efficient way, total control, eliminate downtime
• Open: integrations with key tools and open APIs like (Docker and Openstack)
• Affordable: no waste, applications use what they need
Ops
Dev
Oracle Solaris the Secure Choice for DevOps
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Domains
• Hardware Partitioning
Hypervisor
• Software Partitioning
Containers
• OS Virtualization
Physical Domain
• Hardware Partitioning
OVM Server for SPARC
• Software Partitioning
Native Zones
• OS Virtualization
Virtualization Options for DevOps/Cloud Today
8
Kernel Zones
• Hybrid Hypervisor
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Isolation
Physical Domain
• Hardware Partitioning
Sharing
Virtualization Personalities
9
OVM Server for SPARC
• Software Partitioning
Efficient
Mobile
Native Zones
• OS Virtualization
Kernel Zones
• Hybrid Hypervisor
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Application Requirements Drive Choices
10
Native Zone
SPARC & x86
Lightweight
Instant resource sharing
Kernel Zone
SPARC & x86
Memory Isolation
Independent kernel
Live Migration
Instant resource sharing
Suspend/Resume
Zone in LDom
SPARC only
Memory isolation
Independent kernel
Live Migration
Resilience to control domain failure
Dual I/O domains
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Security
– Co-location of tenants, moving environments, prevent mistakes
• Flexibility
– Create and destroy quickly, move resources around
• Efficiency – No wasted resources, cost effective
• Cloud
– Manage and monitor the environment
Selected Key Parts of a DevOps/Enterprise Solution
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Protect at every level:
– Environment: Unique Read Only virtualization
– Memory: Silicon Secured Memory on chip
– Network: Embedded network protection
– Data at rest: ZFS encryption
– Data in motion: End to End Encryption
• No performance impact: Auto-offloading of CPU-intensive security functions
• Protect against malicious and unintentional acts
12
Most Advanced Security Platform Defense in Depth
Oracle Solaris
Solaris Zone
DATABASE
Solaris Zone
WEBLOGIC SERVER
VNIC VNIC
ZFS
PNIC PNIC
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Solaris
Immutable Guest
#
Immutable Guest
Firewall
• Locked down hypervisor and guests
• Stop malware before it gets in
• Prevent administrator mistakes
• Update and patch but unwritable by users, applications, or hackers
• Simple on/off with ready made security levels
13
Protects Hypervisor and Guest Environments
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Integrated Virtualization, Engineered for DevOps
• Built-in virtualization at the core
• Tight integration with
– Compute
– Network
– Storage
– Lifecycle Management
– Security and Compliance
• Less to manage, best practice built-in – more efficiencies
14
Oracle Solaris Virtualization
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Secure Live Migration with Kernel Zones
• Move Kernel Zones without outage
–Live migrate on SPARC and x86
–No downtime host maintenance
–Perform load balancing across infrastructure
–Forward compatibility for Live Migration moves
–Oracle Solaris 11.3 or later required
15
Oracle Solaris Oracle Solaris
SAN
iSCSI NFS
Solaris 11.3 Zone Solaris 11.3 Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Eliminates Vulnerability During Live Migration
• Encryption by default
• No performance impact hardware cryptographic offload
• Access via RESTful APIs
16
Oracle Solaris Oracle Solaris
Solaris Zone Solaris Zone
Solaris Zone Solaris Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Solaris Oracle Solaris
Moving from Virtualization to Self-Service Cloud • Kernel Zones and live migration
improve application uptime
• Saved €1M or 3.3x on storage space with ZFS compression
• Centralized OpenStack management
– Time to market reduced from days to minutes
– Optimized application clouds run side by side
• Solaris Integrated Load Balancer improves agility and €€€ savings
17
European Auto Manufacturer
Solaris Zone Solaris Zone
Solaris Zone Solaris Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Share – Dynamic CPU, Memory, I/O
– Resources available everywhere, instantly
– “Automatic” assignment
– No need to partition I/O domains from compute domains
– Maximum efficiency for dynamic environments
– Share licenses across VMs
• Isolate – Where necessary, control applications with
isolated resources
CPU
Memory
Network IO
Storage IO
CPU
Memory
Network IO
Ultimate Resource Flexibility and Efficiency
18
CPU
Memory
Network IO
Storage IO
Solaris Zone
DATABASE
Solaris Zone
WEBLOGIC SERVER
Solaris Zone
FUSION APPLICATIONS
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Adjust Without Service Interruptions
• Dynamic resource rebalancing
– Live reconfiguration changes active instances
– Respond instantly to growth
– Add devices “on the fly”
– Also available for Kernel Zones
• Independent Zone versions with Kernel Zones
– In place updates on single system
– Simpler to co-ordinate outage windows
19
50% REDUCTION IN
PLANNED OUTAGES
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle OpenStack for Oracle Solaris
Horizon Centralized Cloud Management
Zones and Kernel Zones
Nova / Ironic Self-Service Compute
and Bare Metal
Elastic Virtual Switch and Open vSwitch
Neutron Software Defined
Networking
ZFS File System
Cinder / Swift Cloud Scale Storage
Unified Archives
Heat / Glance Murano / Trove
Platform as a Service
Integrated with the Infrastructure
20
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 21
Secure OpenStack-Based IaaS
• Secure services
– Minimum privileges
• Data at Rest
– ZFS Encryption
• Data in Motion
– Secure Migration
• Network
– Data link Protection
• Application
– Read only VM
Oracle Solaris Oracle Solaris Oracle Solaris
Zone Zone
Zone Zone
Zone
Zone
Zone
Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Docker open platform being brought to Oracle Solaris Zones
• Oracle joins Open Container Initiative – create open industry standards
• Access to enterprise class security, resource isolation and analytics
Docker for Oracle Solaris Zones
22
OCI
“Integrating Docker with Oracle Solaris Zones will bring a mature and proven container technology to Docker environments running in enterprise class clouds” - Nick Stinemates, Vice President of Business Development & Technical Alliances for Docker
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Docker and Oracle Solaris Combined – Perfect Partnership • Familiar Docker Experience
– Fast application dev lifecycle
– Huge ecosystem with proven benefits
• Leverage Oracle Solaris Key Features – Secure, mature, built-in virtualization
– Secure virtual storage & network
– Zero downtime patching, instant rollback
– Secure remote administration & role-based access control
– Observability, configuration management & audit
Security
ZFS
BEs
IPS
RAD
SMF
DTrace
N/work V12N
SOLARIS
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
DevOps for the Enterprise
Agile Development Continuous Integration Continuous Deployment
Monitoring and Measurement
24
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Develop Faster Applications Faster
• Up to 5x faster SPARC and x86 code
• Up to 50% higher developer efficiency
• Powerful observability tools for Java, C/C++
– Java Mission Control
– HW counter overflow and clock-based profiling
– Rich set of performance data
– Low overhead, accurate
• Remote development and analysis from your laptop
With Oracle Solaris Studio
Monitor CPU, Memory and Thread usage in IDE
Feature-rich language aware code editor
25
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
DevOps for the Enterprise
26
Continuous Deployment
Continuous Integration
• Correlation of app and HW interactions, DTrace
• Memory protection in HW
• Optimized, remote IDE
Agile Development
• Rich performance monitoring tool • Scalable
• Secure
• Multi-level fault-tolerant
YOUR APP
YOUR APP
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
✓Secure and Compliant
✓Simple
✓Efficient
✓Open
✓Affordable
Your Enterprise Cloud
Oracle Solaris 11.3 – Security. Speed. Simplicity.
27
YOUR APP
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
More Information
• oracle.com/solaris
• @ORCL_Solaris
• facebook.com/oraclesolaris
• Oracle Solaris Insider
• blogs.oracle.com/solaris
• youtube.com/oraclesolaris
Oracle Solaris resources
28
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |