Mesosphere DC/OS has always helped organizations run containers, legacy apps, and data services consistently on any infrastructure, while reducing operational overhead and infrastructure cost.
Industry leaders such as athenahealth, Royal Caribbean Cruise Line, Deutsche Telekom and many others rely on DC/OS to power their ground-breaking machine learning, IoT, and edge computing initiatives.
DC/OS 1.11, the latest release, introduces many exciting capabilities such as:
1. Seamless Hybrid Cloud Operations — Hybrid cloud use cases such as edge computing, cross-cloud business continuity / disaster recovery and cloud bursting become real. Combine public cloud, private datacenter, and edge compute resources into a single logical computer.
2. Production Kubernetes-as-a-Service — Deploy, scale, and upgrade pure Kubernetes for all of the teams in an organization with one click.
3. Enhanced Data Security — Protect sensitive data in transit and simplify regulatory compliance for distributed data services. DC/OS allows one-click configuration for transport level encryption and integrated authentication, authorization and access control.
6. PHYSICAL INFRASTRUCTURE
MICROSERVICES, CONTAINERS, & DEV TOOLS
VIRTUAL MACHINES PUBLIC CLOUDS
DATA SERVICES, MACHINE LEARNING, & AI
Security &
Compliance
Application-Aware
Automation
Multitenancy
Hybrid Cloud
Management
100+
MORE
DatacenterEdge
Datacenter and Cloud as a Single Computing Resource
Powered by Apache Mesos
20+
MORE
Unified hybrid cloud operations
Securely manage cloud, datacenter, and edge
infrastructures from a single control plane
4
Mesosphere DC/OS: The Premier Platform For Data Rich Applications
Intelligent resource pooling
Optimize workload density for highest utilization with
resource guarantees
3
Broad workload coverage
Run today & tomorrow’s applications including traditional
J2EE, containers, analytics & ML
1
Application-aware automation
Automate workload-specific operating procedures to “as-a-
Service” anything from Kubernetes to data services
2
7. DC/OS Approach Compared to Traditional Approach
DC/OS Approach:
Datacenter-cloud as a single computer
Datacenter-Cloud Operating System
• Workload pooling and density optimization
• Complete lifecycle automation of platform
services
• Multitenancy, high availability, multi-cloud
portability
Data
Analytics
Cluster
Message
Queue
Cluster
Data
Persistence
Cluster
Container
Orchestratio
n
Cluster
CI/CD
Cluster
Traditional Approach:
Slow, Expensive, Hard
Data
Analytics
Message
Queue
Data
Persistence
Container
Orchestratio
n
Continuous
Integration
& Delivery
Platform
Services
Infra-
structure
8. Mesos Two-Level Scheduler Architecture
Mesos
Master
Cassandra
Scheduler
Container
Scheduler
Spark
Scheduler
Two-level Scheduling
1
1
Mesos Master and Agent
● Abstracts data center resources (CPU, MEM,
GPU, network, storage) into one pool
● Offers & tracks resources to all workloads &
guarantees isolation
● Restarts workloads on node or task failure
2 Application-Aware Scheduler
● Application-specific operational runbooks in
code
● Handles deployment, scaling, HA, recovery,
upgrade that are unique to each service. Eg.,
Spark, Kafka, Cassandra
2
Mesos Agent
Docker
Task
Spark
Task
Docker
Task
Cassandra
Task
Mesos Agent
Docker
Task
Docker
Task
Docker
Task
Cassandra
Task
9. Container
Orchestrator
(K8s or Marathon)
Data Services
Lifecycle Mgmt
Mesosphere DC/OS approach compared to Container-as-a-Service
Microservices
(in containers)
DC/OS (Apache Mesos) Approach
Backing data
services
Container Orchestrator
Approach
Microservices
(in containers)
Container
Orchestration
+
Resourcing Data service
operations
(manual & static silos)
Monolithic
scheduling
Backing data
services
Data ServicesApplications
Platform
Services
Kernel
(DC or
Cloud)
Two-level
scheduling
Infrastructure
Resource Management (Apache Mesos)
Infrastructure
12. ● Brief Overview of Mesosphere DC/OS
● What’s New in DC/OS 1.11 & Demos
● Mesosphere DC/OS vs. Other Technologies
● Q&A
Agenda
13. New With Mesosphere DC/OS
1.11
Seamless Hybrid
Cloud Operations
Simplified management of multi-cloud,
edge cloud, and remote office
infrastructures, enabling multi-region
BCDR, and bursting
Production Kubernetes-
as-a-Service
Deploy, scale, and upgrade pure Kubernetes
for multiple organizations, with one click,
along with data services and CI/CD pipeline
tools.
Enhanced Data
Security
Encryption of information in transit over
the network, and integration with
authentication, authorization, and
access control mechanisms.
14. Hybrid Cloud Use Cases with Mesosphere DC/OS
● Minimize footprint at edge or
remote infrastructures
● Consistent operations across
clouds
● Deploy applications to multiple clouds
simultaneously
● Workloads automatically deployed
across fault domains (Racks or Cloud
Availability Zones)
Edge and Multi-Cloud Federation
● Easily add and remove cloud
capacity to on-premise clusters
Business Continuity & Disaster
Recovery
Cloud Bursting
17. DC/OS Kubernetes-as-a-Service - Production-
Ready
Simple HA Cluster
Provisioning
Robust API
Server Auth
Non-disruptive
Upgrades
Zero touch self-healing
& Disaster Recovery
Scalable
Kubernetes
Transport Layer
Security
Choice of Ingress
and CNI*
* Container Network Interface
18. DC/OS Kubernetes-as-a-Service:
Cloud-like experience to deploy production-ready K8s
1. Prerequisites
2. Installing the Client Tools
3. Provisioning Compute Resources
4. Provisioning the CA and Generating TLS Certificates
5. Generating Kubernetes Configuration Files for Authentication
6. Generating the Data Encryption Config and Key
7. Bootstrapping the etcd Cluster… 3x for HA
10. Bootstrapping the Kubernetes Control Plane… 3x for HA
13. Bootstrapping the Kubernetes Worker Nodes
14. Configuring kubectl for Remote Access
15. Provisioning Pod Network Routes
16. Deploying the DNS Cluster Add-on… Deploying other Add-ons
20. Smoke Test
21. Cleaning Up
Running on your own
$ dcos package install kubernetes
on
20. Enhanced Data Services Security
● Secure Authentication, Authorization
and In-Transit Data Encryption
● Enable Authentication of Users, Apps
(Client-Server) & Inter-Service
Communication (Server to Server)
● One-Click Configuration of Transport
Security (TLS)
● Significantly Reduce Operational
Overhead
21. Automating Data Services Security (Behind the Scenes)
1. Generate certificates and keys using DC/OS PKI
2. Store certificates in DC/OS Secret Store
3. Distribute certificates and keys to data services
4. Apply security configuration
5. Perform rolling restart of the service
Each data service has its own distinct security procedure, which sometimes change per version
Kafka Cassandra Elastic Spark HDFS
22. Data services can
be easily
configured for
secure operations
(DC/OS Kafka
service shown)
23. Full List of 1.11 Features
Platform
Capabilities
HYBRID CLOUDDATA SERVICES
● Prometheus Metrics
● Logging API update
● Edge-LB update*
● UCR GC - GA!
● Persistent Volumes for Pods
(beta)
● DC/OS Storage Service with
CSI & Volume Profile* (beta)
● UI & other Enhancements...
● Hybrid Cloud*
○ Linked Clusters
○ Fault Domains (Zones)
○ Multiple Clouds (Regions)
● Simplified Node Decommission
● Kubernetes
● Securing Data Services*
● Data Services Availability Zone /
Rack Support*
● ZooKeeper for Kafka
● Private Catalog (beta)*
* Mesosphere DC/OS Enterprise Only
24. ● Brief Overview of Mesosphere DC/OS
● What’s New in DC/OS 1.11 & Demos
● Mesosphere DC/OS vs. Other Technologies
● Q&A
Agenda
26. RHEL required for public cloud,
bare-metal or VM
No data services portability
No hybrid, multi, or edge-cloud
support
Mesosphere DC/OS vs. Other Technologies
Broad Workload
Coverage
Application-Aware
Automation
Hybrid Cloud
Operations
Intelligent
Resource Pooling
Mesosphere DC/OS Red Hat OpenShift Pivotal (PCF/PKS) Amazon AWS
Runs only K8s (Docker) & JBoss
apps w/proprietary interface
No support for production data
services (dev/test only)
Runs K8s (Docker), legacy apps
(Java EE, C++), data services &
dev tools such as Spark, Kafka,
Cassandra, Elastic, TensorFlow,
etc.
Production services with OSS &
commercial support options
Cloud Foundry for (limited) legacy
apps, PKS (K8s) for Docker
Limited support for production
data services (dev/test only)
except proprietary (Gemfire &
Greenplum)
Runs K8S, Docker, legacy
apps (Java EE, C++), data
services & dev tools
Advanced services have
proprietary interfaces (e.g.,
Lambda, Kinesis,
DynamoDB)
Lifecycle management limited to
stateless apps only
Lifecycle management limited to
stateless apps only
Similar to DC/OS with
additional cost
Workload-specific automation for
cloud-like experience including
install, upgrade, scale & failure
recovery
Siloed clusters for containers,
legacy apps & data services,
lowering utilization & driving up
cost
Siloed cluster for PCF, PKS &
data services, lowering utilization
& driving up cost
Dedicated cluster for each
service, lowering utilization
and driving up cost
Proprietary AWS services
cause cloud lock-in
No data services portability
No on-premise, hybrid, multi,
or edge-cloud support
VMware only on-premise, options
for public cloud
No data services portability
No hybrid, multi, or edge-cloud
support
Cloud portability across any public
cloud, bare-metal or VM; enabling
edge computing, cloud bursting &
BC/DR
One infrastructure pool securely
shared across apps and data
services, increasing utilization,
reducing cost
27. ● Brief Overview of Mesosphere DC/OS
● What’s New in DC/OS 1.11 & Demos
● Mesosphere DC/OS vs. Other Technologies
● Q&A
Agenda
29. Hybrid Clouds: Fault Domains (Zones) & Multi-Cloud (Regions)
● Easily deploy workloads to
multiple regions (e.g., to
AWS, and also on Azure), to
facilitate multi-cloud high
availability
● Intelligently define fault
domains to recover against
this hierarchy to maximize
service survivability
● Example:
Within a region, stateless
services recover
automatically from failures at
the node, cluster, rack, or
even site level
31. East-1a East-1b East-1c
AWS US-East-1 Region (N-Virginia)
Internet
Hybrid Demo Architecture : Part 1 High Availability & Fault Domains (Zones)
Cluster Name : Hybrid-Cluster
32. East-1a East-1b East-1c
Cisco CSR 1000V
IPSEC VPN Over
Internet
Microsoft Azure (UK South)AWS US-East-1 Region (N-Virginia)
Cisco CSR 1000V
UK-S0 UK-S1
Internet
Hybrid Demo Architecture : Part 2 Multi-Cloud Bursting/BCDR (Regions)
Cluster Name : Hybrid-Cluster
33. East-1a East-1b East-1c
Cisco CSR 1000V
IPSEC VPN Over
Internet
Microsoft Azure (UK South)AWS US-East-1 Region (N-Virginia)
Cisco CSR 1000V
UK-S0 UK-S1
Internet
Hybrid Demo Architecture : Part 3 Edge Cloud Management (Cluster Linker)
Cluster Name : Hybrid-Cluster Cluster Name : GCP-Japan
Internet
Japan
Japan-1
34. East-1a East-1b East-1c
Cisco CSR 1000V
IPSEC VPN Over
Internet
Microsoft Azure (UK South)AWS US-East-1 Region (N-Virginia)
Cisco CSR 1000V
UK-S0 UK-S1
Internet
Hybrid Demo Architecture
Cluster Name : Hybrid-Cluster Cluster Name : GCP-Japan
Internet
Japan
Japan-1
35. Apache Mesos Design Criteria
• Abstract the entire resources of the data center
into one giant resource pool
Distributed systems kernel, built to solve 3 (Hard) problems
• Engineered for small to very large scale from day 1
• Support existing and future workloads
1
2
3