We started in an automation nightmare, proprietary cloud API's everywhere and awful on-premise user experience; The foundations for hybrid were quicksand! Now, we live in a world of Kubernetes; Consistent APIs for workloads, better solutions for on-prem infrastructure, and service brokers which abstract service management. Better foundations! The building has stopped shaking, build some stairs! Where are we on realising this hybrid vision? One guys take on where we are, based on success and failure towards "true hybrid cloud". What works, what doesn't, and lots of "why isn't this a thing yet?"
4. /usr
SERVER ONE
/
/bin etc
A Brief History Lesson One
Old School App Deployments.
APP 1 APP 1 APP 1
APP 2 APP 2 APP 2
5. /usr
SERVER ONE
/
/bin etc
A Brief History Lesson One
Old School App Deployments.
APP 1 APP 1 APP 1
APP 2 APP 2 APP 2
APP 3 APP 3APP 3
6. VM One
SERVER ONE
HYPERVISOR
VM Two VM Three
All Applications Happy. More “Servers” to manage.
A Brief History Lesson One
Virtual Machines
/
usr
/
/
bin
/
etc
/
usr
/
/
bin
/
etc
/
usr
/
/
bin
/
etc
APP 1 APP 1 APP 1 APP 2 APP 2 APP 2 APP 3 APP 3 APP 3
7. VM One
SERVER ONE
HYPERVISOR
VM Two VM Three
Configuration Management – Great until it isn’t.
A Brief History Lesson One
Virtual Machines
/
usr
/
/
bin
/
etc
/
usr
/
/
bin
/
etc
/
usr
/
/
bin
/
etc
APP 1 APP 1 APP 1 APP 2 APP 2 APP 2 APP 3 APP 3 APP 3
Config
Management
8. VM One
SERVER ONE
HYPERVISOR
LOCATION B
Known good images.
Things don’t change. New versions replace them.
/
usr
/
/
bin
/
etc
VM Image
/
usr
/
/
bin
/
etc
SNAPSHOT
SERVER X
HYPERVISOR
DEPLOY
LOCATION A
VM Y
/
usr
/
/
bin
/
etc
9. Dockerfile
SERVER ONE
CONTAINERD
LOCATION B
Known good images: Take Two.
Things don’t change. New versions replace them.
Container
Image
/
usr
/
/
bin
/
etc
BUILD
SERVER X
CONTAINERD
DEPLOY
LOCATION A
Container
Y
/
usr
/
/
bin
/
etc
10. So Why not VM’s?
Not all VM’s are created equal.
VM Image
/
usr
/
/
bin
/
etc
Built as..
Openstack Image?
VMWare Image?
Virtualbox Image?
Xen Image?
KVM Image?
Deployment Automation: O(n)
Europe On-Premise Americas On-
Premise
Pick a Cloud
Provider
11. Example: Terraform Managed VM Compute
Your tool is the same, but plugins are completely different.
• That’s a lot of duplicate and change if each of your instances are virtual machines.
12. Containers could have missed the boat too..
VM Image
/
usr
/
/
bin
/
etc
Built as.. ONE
Deployment Automation: O(n)
Deployed to
Mesos / Marathon? Kubernetes? DCOS? Docker Enterprise Edition?
Native LXC?
13. Google Kubernetes Engine
Amazon Elastic Kubernetes Service
Azure Kubernetes Service
Docker Enterprise Edition 2.0
Cisco Container Platform
Mesosphere Kubernetes Engine
14. Imagine a world
Where VSPHERE spoke
the OPENSTACK API.
And Vice Versa.
Where automating
deployments on them
was one and the same
thing.
15. One Definition per App. Globally.
Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US
Environment settings may
change.
But the app is described
once.
17. KUBERNETES SERVICE
ACCOUNT SETUP
PROVIDER
X
TERRAFORM GIT
PROVIDER
Y
PROVIDER
Z
ACCOUNT SETUP
PROVIDER
X
TERRAFORM GIT
PROVIDER
Y
PROVIDER
Z
MANAGING K8S OBJETS
COMPUTE
COMPUTE ACCESS
COMPUTE OS IMAGES
LOGGING / MONITORING
Minimum bootstrap to get away from proprietary API’s.
Allows reduction of automation overhead.
MISC PROVIDER SPECIFIC OBJECTS
You still need to request Kubernetes.
And hopefully you’re going to automate that.
18. A sidebar with on-premise.
“Get to a layer that’s
the same everywhere,
ASAP, and let someone
else manage the
underlying complexity”
20. Historically hard to offer the same on-premise.
RACK & CABLE
MULTIPLETEAMS
COMPUTE STORAGE NETWORK
DESIGN
REQUIREMENTS
OPERATING SYSTEMS
LICENCING
OPEN
STACK
VMWARE CUSTOM
SECURITY TOOLING
ORCHESTRATION
MONITORING & LOGGING
21. Private Cloud should feel like public cloud.
Assured, Instant, API-Accessible, A Known Quantity.
Cisco Container
Platform
26. Feel like one Environment
- For Deployments
- For Access
- For Security and Visibility
Increase complexity (Linear).
Require completely new tooling.
“True Hybrid/MultiCloud”
(In my personal opinion)
SHOULD SHOULD NOT
27. Deployments Services IngressPersistence
Feel like one Environment
- For Deployments
Where does Kubernetes get us too?
Checking things off the wish list.
Same deployment definition everywhere.
Describing an App is more than just “this container”.
29. What else can we do?
To move us closer?
CI/CD
Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US
30. What else can we do?
To move us closer?
DATA SERVICES
31. Consumed Kubernetes…
To land back in the same issue with services.
DATA SERVICE VM
/
usr
/
/
bin
/
etc
Built as..
Openstack Image?
VMWare Image?
Virtualbox Image?
Xen Image?
KVM Image?
Deployment Automation: O(n)
Europe On-Premise Americas On-
Premise
Pick a Cloud
Provider
32. Consumed Kubernetes…
To land back in the same issue with services.
DATA AS A
SERVICE
Deployment Automation: O(n)
Cloud Provider A Cloud Provider B Cloud Provider C
33. Enter the Open Service Broker
Doing for services what K8s does for apps.
DATA SERVICES
34. Enter the Open Service Broker
Doing for services what K8s does for apps.
DATA SERVICES
App Definition:
Needs:
20GB Relational DB
OpenServiceBroker
Specific logic for
creation of
MySQL Instance
OpenServiceBroker
Specific logic for
creation of
Amazon Aurora
instance
No increase in complexity
for defining app/service for
multiple environments
35. Enter the Open Service Broker
Doing for services what K8s does for apps.
DATA SERVICES
“AWS Service Broker supports a subset of AWS services,
including Amazon Relational Database Service (Amazon
RDS), Amazon EMR, Amazon DynamoDB, Amazon Simple
Storage Service (Amazon S3), and Amazon Simple Queue
Service (Amazon SQS); for a full list, see the AWS
Service Broker documentation.”
“GCP services available via Service Broker are:
BigQuery, Cloud Bigtable, Cloud Pub/Sub, Cloud Spanner,
Cloud SQL, Cloud Storage, Cloud IAM”
36. What else can we do?
To move us closer?
SECURITY
VISIBILITY
39. What else can we do?
Cloud Security enables automated response to compromise.
SECURITY
Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US
41. What else can we do?
Historically one “Mesh” per cluster
SERVICE MESH
Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US
42. Extra
Requirements
What else can we do?
Istio 0.8+ Multi Cluster control plane.
SERVICE MESH
Cloud Provider A Cloud Provider B Branch Retail
43. What else can we do?
Istio as a policy-based CDN.
SERVICE MESH
Closest Entrypoint
Remote Cluster C
via TLS to
endpoint a.b.c.d
using certs
44. Join our AppDev community, Cisco DEVNET and talk to our mentors
available at the Cisco Codemotion Milan booth!
THOUGHTS AND
FEEDBACK
WELCOMED