Transforming Application Delivery with PaaS and Linux Containers
1. Red Hat OpenShift Enterprise
Giovanni Galloro
Cloud Solution Architect – Red Hat
ggalloro@redhat.com
Transforming Application Delivery
with PaaS and Linux Containers
2. PaaS and Linux Containers
Agenda
● Platform as a Service Capabilities
● OpenShift Enterprise Architecture
– Linux Containers
– Docker
– Kubernetes
– RHEL Atomic Host
● OpenShift Application Deployment Flow
● OpenShift Adoption
● Containers Adoption Challenges and Red Hat Strategy
11. RED HAT CONFIDENTIAL | NDA ONLY11
CREATING DEFACTO STANDARDS
REGISTRY /
CONTAINER
DISCOVERY
CONTAINER FORMAT
WITH DOCKER
ISOLATION WITH
LINUX CONTAINERS
ORCHESTRATION
WITH
KUBERNETES
Red Hat works with the open source community to drive standards for containerization.
12. WHAT ARE LINUX CONTAINERS?
Software packaging concept that typically includes an application and
all of its runtime dependencies.
● Easy to deploy and portable
across host systems
● Isolates applications on a
host operating system
● In RHEL, this is done through:
– Control Groups (cgroups)
– kernel namespaces
– SELinux, sVirt
– Docker
HOST OS
SERVER
CONTAINER
LIBS
APP
13. 13
Traditional OS Containers
TRADITIONAL OS VS. CONTAINERS
HARDWARE
HOST OS
HARDWARE
HOST OS
CONTAINER
LIBS
APP A
LIBS A LIBS B LIBS LIBS
APP A APP B
CONTAINER
LIBS
APP B
14. WHAT DOCKER PROVIDES
● Multi-version packaging format
and isolation
● Simplified container API
(Docker libcontainer)
● Easy to create (Dockerfile)
● Atomic deployment (Docker
images)
● Large ecosystem (Docker Hub)
17. LINUX DOCKER CONTAINER
LAYERING
● New images can be created by
adding layers
● Layering model allows for
specialization
● Base image and select number of
platform layers provided by Red Hat
● ISV images form the base of the
RHEL ecosystem
● Stack optimized for individual
application with minimal packaging
per layer
18. CONTAINERS DELIVER MANY
BENEFITS
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA
Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
Faster provisioning
Greater deployment flexibility
Ability to deliver/deploy applications faster
Greater application mobility/portability
69%
70%
72%
73%
How important are the following benefits of containers to your organization?
Critically or Very Important
73%
72%
70%
69%
19. KUBERNETES FOR CONTAINER
ORCHESTRATION
● Container orchestration at
scale
● Wiring of multi-container,
multi-host application
topologies
● Scheduling / placement
● Manage container health
20. RED HAT ENTERPRISE LINUX ATOMIC
HOST
IT IS RED HAT ENTERPRISE
LINUX
OPTIMIZED FOR CONTAINERS
Minimized host
environment
tuned for running
Linux containers
while maintaining
compatibility with
Red Hat
Enterprise Linux.
Inherits the complete hardware
ecosystem, military-grade security,
stability and reliability for which Red
Hat Enterprise Linux is known.
MINIMIZED
FOOTPRINT
SIMPLIFIED
MAINTENANCE
ORCHESTRATION
AT SCALE
Atomic updating
and rollback
means it’s easy to
deploy, update,
and rollback using
imaged-based
technology.
Build composite
applications by
orchestrating
multiple
containers as
microservices on
a single host
instance.
50. "Once we actually looked at and had all of
the conversations with all the various
people, there was really only one choice
and that was OpenShift".
The only people that actually understood
what it was that we were talking about was
the Red Hat guys. The Cloud Foundry guys
were good about talking about deploying
Spring-based frameworks and, you know,
that sort of stuff, but once we ran the PoCs
and had deeper conversations, there was
really only one choice."
Tony McGivern - CIO
OPENSHIFT ADOPTION @
LEADING ISV IN FINANCIAL SERVICES has built and
Analytic cloud based platform on Openshift
70% Reduction in Apps Development
time
60% Reduction in Maintenance Costs
(simpler, faster and easier)
90% reduction in Time to Deploy
models
6 Months running live in Production
5% - 40% increased decision accuracy
http://gartner.mediasite.com/Mediasite/Play/4c29e2287c7949cea4b4f8d0367410b01d?sc_cid=
70160000000eGEFAA2&elq=997abd3fad6a49d4ae23e1c7136994bb
52. TOP CURRENT CONTAINER
CHALLENGES
Training and Education (lack of skills)
Consistency (lack of standards)
Scalability
Lack of certification or digital structure
Management
Integration with existing development tools and processes
Variable performance
Security
29%
31%
32%
35%
35%
41%
44%
53%
What are the top three challenges your organization
has experienced so far in its use of containers?
Base: 171 IT and Developer/programmer decision-makers at companies with 500+ employees in APAC, EMEA, and NA
Source: A commissioned study conducted by Forrester Consulting on behalf of Red Hat, January, 2015
53. ● Who built this image?
● What’s its purpose?
Was it created to
support a demo?
● Is it safe to consume?
● Who maintains it?
NEED FOR A “CHAIN OF TRUST”
DOCKER HUB
docker search mongodb
54. RED HAT CONFIDENTIAL | NDA ONLY57
WHAT'S INSIDE THE CONTAINER
MATTERS
36% of official images in Docker Hub contain high priority
security vulnerabilities
● High vulnerabilities: ShellShock
(bash), Heartbleed (OpenSSL), etc.
● Medium vulnerabilities: Poodle
(OpenSSL), etc.
● Low vulnerabilities: gcc: array
memory allocations could cause
integer overflow
All Images (n=962)
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
36%
28%
Medium priority
High priority
Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and
Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)
56. RED HAT CONFIDENTIAL | NDA ONLY59
RED HAT CONTAINER CERTIFICATION
UNTRUSTED
● Will what’s inside the containers
compromise your infrastructure?
● How and when will apps and libraries be
updated?
● Will it work from host to host?
RED HAT CERTIFIED
● Trusted source for the host and the
containers
● Trusted content inside the container with
security fixes available as part of an
enterprise lifecycle
● Portability across hosts
58. RED HAT CONFIDENTIAL | NDA ONLY65
TRUSTED
CONTAINER
CONTENT
PROVEN
CONTAINER
PORTABILITY
INTEGRATED
APPLICATION
DELIVERY
CONTAINERS FOR THE ENTERPRISE