PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand

Sandeep Puri Engineering Architect, Cisco

Michael White Domain Architect, Cisco

Mike Barrett OpenShift Product Manager, Red Hat

Cisco IT added OpenShift by Red Hat to its technology mix to rapidly expose development staff to a rich set of web-scale application frameworks and runtimes. Deploying Platform-as-a-Service (PaaS) architectures, like OpenShift, bring with it: - A Focus on the Developer Experience - Container Technology - Network Security and User Isolation - Acceleration of DevOps Models without Negatively Impacting Business In this session, Cisco and Red Hat will take you through: - The problems Cisco set out to solve with PaaS. - How OpenShift aligned with their needs. - Key lessons learned during the process.

Business & IT Strategy Alignment:This track targets the juncture of business and IT considerations necessary to create competitive advantage. Example topics include: new architecture deployments, competitive differentiators, long-term and hidden costs, and security. Attendees will learn how to align architecture and technology decisions with their specific business needs and how and when IT departments can provide competitive advantage.

Abstract

Agenda

Cisco IT Infrastructure Services

Our PaaS Journey

Lightweight App Environment – Arch Tenets

LAE Technical Architecture (and OpenShift)

Roadmap

Capability Introduction Model

Takeaways

Cisco IT Infrastructure Services Who we are, what we do

Cisco IT Cloud Services Stack CITEIS – Cisco IT Elastic Infrastructure Services

Cloud Delivery Models

SaaS Software as a Service

PaaS Platform as a Service Total application hosting, development, testing, and deployment environment

IaaS Infrastructure as a Service Compute, storage, networking

Data Center as a Service Data center facilities, power, cooling DCaaS

CIT

EIS

CITEIS Components

5,000+ Developers

30,000+ JVM Instances

Applications that range from custom apps to packaged ERP

All deployments and environments (Dev, Test, Stage, Prod)

Over �$30B+ dollars worth of transactions

24/7 Globally

Responsibilities

Our PaaS Journey

What do the clients want from the infrastructure providers?

Client #3 (requires IaaS services only)

“Give me the VMs and Storage and I’ll manage everything above the OS to build my application”

Clients order higher order services. E.g. app. development stack, databases, etc. These internally use infrastructure APIs to provision compute/storage/network.

Client #2 (requires IaaS & PaaS services)

“My needs are mixed. I’ll take all the goodies I can get, and build the ones that I can’t”

Client #1 (requires PaaS services only)

“Give me all the standard goodies, and leave me just to manage my application”

Same as use case #1

Same as use case #3

“builder” of SaaS services

What What

Lightweight Application Environment What business problems does it solve?

Quality / Cost

Flexibility

Auditability / Security

Interoperability

Artifact Repository

Reusable Components

Business Viability

Public / Hybrid Cloud

Cloud Scale

Configuration Management

SLA Management

Costing / Metering

Portability

Crowd Sourcing

Extensible

Capacity Management

App Frameworks

Database engines

Languages

LAE (PaaS) Capabilities

Builder OpenSource Provider Subscriber Polyglot OnPrem Hosted

(offprem)

Introspection

Customizable

Simple / Intuitive

Transparency

Full ALM

Integration

(with Existing Enterprise

Systems)

Defined Vendor Support

Private Cloud

Multi-tenancy

IaaS Agnostic

Lightweight Application Environment Architectural Tenets and Aspirations

Source: Cisco IT GIS–August 2013

Q2 CY12 Q2 CY13 Q2 CY14 Circa 2009

Virt. Rate (%)

25%

50%

75%

95%

0%

E2E Prov. (Days)

15

30

45

60

0

E2E = 45 days

E2E = 17 days E2E = 5 days VM = 15 mins. Fully Self

Provisioned 5%

70%

85%

Virtualization 95%

TC

O (

$/Q

tr.)

-33%

-23%

-15%

Legacy Bare Metal-Based Datacenter

70% Vistualized - on Cisco UCS

Workflow automation PaaS enablement

Storage optimization

Process transform I/PaaS Optimization

Data Center Transformation Continue / Accelerate Trend

Virtual LAE

DC1 DC2 DC3

App A App A

Lifecycle 1 Lifecycle 2 Lifecycle 3 Lifecycle 4.1 Lifecycle 5

App B

Lifecycle 3

App A

Lifecycle 4.2

CPU/Memory/Storage reservation

Datacenter allocation

Application logic container

Application resource allocation

App B

Lifecycle 1 Lifecycle 2

App C

Lifecycle 1

App C

Lifecycle 2

`

Flexibility in • Defining lifecycles • Distribution across DCs • Composition of applications • Defining resiliency posture

(e.g. Mulit-Data Center)

• Application grouping • Application build and deploy

(continuous integration)

Virtual LAE Resource Model Virtualized Resource Allocation for Applications

Virtual Machine – A portable Container Rather bulky. But, yet the (current) industry standard

App Server

Guest OS

Hypervisor

Host OS

Server

VM Virtual Machine Operating System (de-facto industry standard for a container)

Can be imaged (snapshot) and Relocated (e.g. VMotion)

Network Addressable Interface. (No visibility to components inside the container)

Public IP

Application components installed within the container

myCode

myCode

VM VM

Addressable IP Addressable IP Addressable IP

Public IP

Addressable IP

Public IP Public IP

Do IT Yourself (DIY) Cartridge. Container Spec

Client Defined Spec for building applications on top of traditional IaaS

1. Portable containers with Just enough OS (JEOS) for disparate workload types.

2. What’s needed to run the application = what the developer has control over = what’s packaged, shipped and run

3. Network addressable containers, with access policies applicable per container.

Note: VM sizes not drawn to scale.

Fine Grained Portable Containers – Future State Bringing Applications Closer to the Network

Continuous Delivery Development + Quality End to End Workflow

TBD

Client Involvement Viable Product

Cloud, ERP, and Mobile Application Development

Prioritized Sprint

Commit & Push Code Review, Merge

Static / Dynamic, Progression / Regression Unit / Integration, Functional / Performance / Security

Build, Test, Report On-demand, Scheduled

Product Mgr.

Scrum Master

Developers

Plan Develop Source Control Management

Continuous Build

Deploy & Release

Adapt & Scale

Automated Testing Group components Application Snapshot

Group Applications Release Control Gates

Development

Staging

Production

Deployable Artifact

LAE Technical Architecture with Openshift

Cisco IT

Enterprise Integration Highlights

Integrated Ordering / Provisioning Experience

Enterprise Single Sign-On

Internal / External Application support (Network Zones)

Enterprise Database support

Logging Analytics (Splunk)

Message Bus Integration (WSG / Tibco Bus)

Code Delivery Integration

Logical Architecture Diagram OpenShift + Cisco = LAE

Time Saved with OpenShift Enterprise (OSE)

Able to leverage the existing yum updating mechanisms for security of both the framework and the content provided on it

Variety of REST APIs for both network and self service integration

Cartridge specification was completely open to content needs

OSE Architecture integrated well with larger solution

Higher level of density on nodes with SELinux enabled multi-tenancy that we did not have to invest in

Scale and idling

Deployment options for source or artifact payloads

Out of the Box understanding of jenkins and git

eStore Service Ordering and Provisioning

• Installed at platform level • Cartridge Specific Collection Definitions • Automatically collects and categorizes logs as

apps are deployed

Splunk Integration Integrated Log Collection and Analytics

Roadmap Future Items

Cisco IT

Roadmap

Availability Zones

Regional Data Center Orderability

Application Migrations from Legacy Platforms

Puppet Automation

OpenStack HEAT Integration

Enable Custom Cartridges

Customizable Code Release Pipelines

Capability Introduction Model

New

Capability

Open source

OpenShift

Enterprise

Custom

(IT built)

LAE Express Environment

LAE (GA) Environment

Self Managed

What’s Included? - OOB Cartridges included in OpenShift product

Specific Interest Cartridges? - Crowd Sourcing – Any ‘builder’ can package and release a custom built cartridges.

Community Support

Criteria- based on usage in Express, and/or explicit client need

Timeframe - 3 to 6 months after Express

Support - Subject matter expertise (and support) spread across early adopters.

IT Managed

Criteria– Service Provider defined based on enterprise needs, and support readiness

Timeframe - 3 to 6 months after Express

Support – Full IT support for all application priorities. Might be in phases.

LAE Capability Introduction Support Criteria

Adoption

• MySQL, Tomcat and PHP - Most popular

• Leverage adoption

metrics as criteria for providing IT support for popular cartridges

• 242 Applications deployed to-date

0

10

20

30

40

50

60

56

48

31

22

18 17

9 8

6 6 6 5

4 4

Apps by Cartridge

LAE – Adoption Metrics

Takeaways

Takeaways

Availability (turtles all the way down)

Routing / Network Security

Application Lifecycle Management (Hooks vs capabilities)

Openshift in a Box (micro openshift)

Non-Scaleable / add-on cartridges

Region Awareness

Platform Events

Logging

Utility of Custom Cartridges?

Thank You

Sandeep Puri sapuri@cisco.com @lapax

Michael White micwhite@cisco.com

Mike Barrett mbarrett@redhat.com @gadfly_io