Oracle Solaris Virtualization: From DevOps to Enterprise · The development, release, ... Oracle Solaris the Secure Choice for DevOps . ... Embedded network protection –Data at

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted

Oracle Solaris Virtualization: From DevOps to Enterprise

Duncan Hardie Principal Product Manager Oracle Solaris 17th November 2015

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


IMPROVED DEPLOYMENT FREQUENCY

Dev lifecycle significantly reduced, smaller changes more frequently

REMOVE ORGANISATIONAL BARRIERS

Builds trust, encourages good information exchange

LOWER FAILURE RATE AND QUICKER RECOVERY

Incremental changes improve bug detection rate, smaller services start

quickly

The Rise of DevOps, What Makes it Attractive?


SECURITY

Perception that some containers are not secure, solved with bespoke,

build your own solutions

NETWORKING

Inflexible network infrastructure is very difficult to change, break or

move

INTEGRATION

Lots of tools and solutions but this can cause confusion – what do I

pick?

Some DevOps Challenges …


Merging of DevOps and Enterprise Requirements

Cloud DevOps

Flexible

Tooling

Quick Release Cycle

Open Standards

Enterprise

Secure

Highly Available

Efficient

Compliant


• Secure and Compliant: Up, down and across the datacenter

• Simple: sub-systems seamlessly integrated together

• Efficient: resources used in the most efficient way, total control, eliminate downtime

• Open: integrations with key tools and open APIs like (Docker and Openstack)

• Affordable: no waste, applications use what they need

Ops

Dev

Oracle Solaris the Secure Choice for DevOps


Domains

• Hardware Partitioning

Hypervisor

• Software Partitioning

Containers

• OS Virtualization

Physical Domain


OVM Server for SPARC


Native Zones


Virtualization Options for DevOps/Cloud Today

8

Kernel Zones

• Hybrid Hypervisor


Isolation

Physical Domain


Sharing

Virtualization Personalities

9

OVM Server for SPARC


Efficient

Mobile

Native Zones


Kernel Zones

• Hybrid Hypervisor


Application Requirements Drive Choices

10

Native Zone

SPARC & x86

Lightweight

Instant resource sharing

Kernel Zone

SPARC & x86

Memory Isolation

Independent kernel

Live Migration

Instant resource sharing

Suspend/Resume

Zone in LDom

SPARC only

Memory isolation

Independent kernel

Live Migration

Resilience to control domain failure

Dual I/O domains


• Security

– Co-location of tenants, moving environments, prevent mistakes

• Flexibility

– Create and destroy quickly, move resources around

• Efficiency – No wasted resources, cost effective

• Cloud

– Manage and monitor the environment

Selected Key Parts of a DevOps/Enterprise Solution


• Protect at every level:

– Environment: Unique Read Only virtualization

– Memory: Silicon Secured Memory on chip

– Network: Embedded network protection

– Data at rest: ZFS encryption

– Data in motion: End to End Encryption

• No performance impact: Auto-offloading of CPU-intensive security functions

• Protect against malicious and unintentional acts

12

Most Advanced Security Platform Defense in Depth

Oracle Solaris

Solaris Zone

DATABASE

Solaris Zone

WEBLOGIC SERVER

VNIC VNIC

ZFS

PNIC PNIC


Oracle Solaris

Immutable Guest

#

Immutable Guest

Firewall

• Locked down hypervisor and guests

• Stop malware before it gets in

• Prevent administrator mistakes

• Update and patch but unwritable by users, applications, or hackers

• Simple on/off with ready made security levels

13

Protects Hypervisor and Guest Environments


Integrated Virtualization, Engineered for DevOps

• Built-in virtualization at the core

• Tight integration with

– Compute

– Network

– Storage

– Lifecycle Management

– Security and Compliance

• Less to manage, best practice built-in – more efficiencies

14

Oracle Solaris Virtualization


Secure Live Migration with Kernel Zones

• Move Kernel Zones without outage

–Live migrate on SPARC and x86

–No downtime host maintenance

–Perform load balancing across infrastructure

–Forward compatibility for Live Migration moves

–Oracle Solaris 11.3 or later required

15

Oracle Solaris Oracle Solaris

SAN

iSCSI NFS

Solaris 11.3 Zone Solaris 11.3 Zone


Eliminates Vulnerability During Live Migration

• Encryption by default

• No performance impact hardware cryptographic offload

• Access via RESTful APIs

16


Solaris Zone Solaris Zone




Moving from Virtualization to Self-Service Cloud • Kernel Zones and live migration

improve application uptime

• Saved €1M or 3.3x on storage space with ZFS compression

• Centralized OpenStack management

– Time to market reduced from days to minutes

– Optimized application clouds run side by side

• Solaris Integrated Load Balancer improves agility and €€€ savings

17

European Auto Manufacturer




• Share – Dynamic CPU, Memory, I/O

– Resources available everywhere, instantly

– “Automatic” assignment

– No need to partition I/O domains from compute domains

– Maximum efficiency for dynamic environments

– Share licenses across VMs

• Isolate – Where necessary, control applications with

isolated resources

CPU

Memory

Network IO

Storage IO

CPU

Memory

Network IO

Ultimate Resource Flexibility and Efficiency

18

CPU

Memory

Network IO

Storage IO

Solaris Zone

DATABASE

Solaris Zone

WEBLOGIC SERVER

Solaris Zone

FUSION APPLICATIONS


Adjust Without Service Interruptions

• Dynamic resource rebalancing

– Live reconfiguration changes active instances

– Respond instantly to growth

– Add devices “on the fly”

– Also available for Kernel Zones

• Independent Zone versions with Kernel Zones

– In place updates on single system

– Simpler to co-ordinate outage windows

19

50% REDUCTION IN

PLANNED OUTAGES


Oracle OpenStack for Oracle Solaris

Horizon Centralized Cloud Management

Zones and Kernel Zones

Nova / Ironic Self-Service Compute

and Bare Metal

Elastic Virtual Switch and Open vSwitch

Neutron Software Defined

Networking

ZFS File System

Cinder / Swift Cloud Scale Storage

Unified Archives

Heat / Glance Murano / Trove

Platform as a Service

Integrated with the Infrastructure

20

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 21

Secure OpenStack-Based IaaS

• Secure services

– Minimum privileges

• Data at Rest

– ZFS Encryption

• Data in Motion

– Secure Migration

• Network

– Data link Protection

• Application

– Read only VM

Oracle Solaris Oracle Solaris Oracle Solaris

Zone Zone

Zone Zone

Zone

Zone

Zone

Zone


• Docker open platform being brought to Oracle Solaris Zones

• Oracle joins Open Container Initiative – create open industry standards

• Access to enterprise class security, resource isolation and analytics

Docker for Oracle Solaris Zones

22

OCI

“Integrating Docker with Oracle Solaris Zones will bring a mature and proven container technology to Docker environments running in enterprise class clouds” - Nick Stinemates, Vice President of Business Development & Technical Alliances for Docker


Docker and Oracle Solaris Combined – Perfect Partnership • Familiar Docker Experience

– Fast application dev lifecycle

– Huge ecosystem with proven benefits

• Leverage Oracle Solaris Key Features – Secure, mature, built-in virtualization

– Secure virtual storage & network

– Zero downtime patching, instant rollback

– Secure remote administration & role-based access control

– Observability, configuration management & audit

Security

ZFS

BEs

IPS

RAD

SMF

DTrace

N/work V12N

SOLARIS


DevOps for the Enterprise

Agile Development Continuous Integration Continuous Deployment

Monitoring and Measurement

24


Develop Faster Applications Faster

• Up to 5x faster SPARC and x86 code

• Up to 50% higher developer efficiency

• Powerful observability tools for Java, C/C++

– Java Mission Control

– HW counter overflow and clock-based profiling

– Rich set of performance data

– Low overhead, accurate

• Remote development and analysis from your laptop

With Oracle Solaris Studio

Monitor CPU, Memory and Thread usage in IDE

Feature-rich language aware code editor

25


DevOps for the Enterprise

26

Continuous Deployment

Continuous Integration

• Correlation of app and HW interactions, DTrace

• Memory protection in HW

• Optimized, remote IDE

Agile Development

• Rich performance monitoring tool • Scalable

• Secure

• Multi-level fault-tolerant

YOUR APP

YOUR APP


✓Secure and Compliant

✓Simple

✓Efficient

✓Open

✓Affordable

Your Enterprise Cloud

Oracle Solaris 11.3 – Security. Speed. Simplicity.

27

YOUR APP


More Information

• oracle.com/solaris

• @ORCL_Solaris

• facebook.com/oraclesolaris

• Oracle Solaris Insider

• blogs.oracle.com/solaris

• youtube.com/oraclesolaris

Oracle Solaris resources

28


Documents

Oracle Solaris Virtualization: From DevOps to Enterprise · The development, release, ... Oracle Solaris the Secure Choice for DevOps . ... Embedded network protection –Data at