VMworld 2014: The Software-Defined Datacenter, VMs, and Containers

The Software-defined Datacenter, VMs, and Containers: A “Better Together” Story

SDDC3327

Kit Colbert, VMware, Inc

Disclaimer •  This presentation may contain product features that are currently under development. •  This overview of new technology represents no commitment from VMware to deliver these

features in any generally available product. •  Features are subject to change, and must not be included in contracts, purchase orders, or

sales agreements of any kind.

•  Technical feasibility and market demand will affect final delivery. •  Pricing and packaging for any new technologies or features discussed or presented have not

been determined.

CONFIDENTIAL 2

Agenda

CONFIDENTIAL 3

1 Context

2 Unified Infrastructure Fabric

3 Unified Cloud Management

4 3rd Platform Application Stack

5 Summary

Section 1: Context

Hardware

OS Kernel

OS File system

Use

rspa

ce

Container

App

pro

cess

App

pro

cess

App

pro

cess

App

pro

cess

App

pro

cess

Container

App

pro

cess

App

pro

cess

Linux Containers

5 5

OS-level Isolation •  Isolation at individual kernel subsystem

level (e.g. filesystem, process table, etc) •  User-level process (LXC, libcontainer)

orchestrates these subsystems to create a container

Existed for Many Years •  Solaris Zones, FreeBSD Jails, OpenVZ

Why? •  Process isolation

•  Reproducible environment •  Enables management at scale

The Problem in 2014

Sta$c website

Web frontend

User DB Queue Analy$cs DB

Background workers API endpoint

nginx 1.5 + modsecurity + openssl + bootstrap 2

postgresql + pgv8 + v8 hadoop + hive + thriJ + OpenJDK

Ruby + Rails + sass + Unicorn

Redis + redis-‐sen$nel

Python 3.0 + celery + pyredis + libcurl + ffmpeg + libopencv + nodejs + phantomjs

Python 2.7 + Flask + pyredis + celery + psycopg + postgresql-‐client

Development VM

QA Server Public Cloud

Disaster Recovery

Contributor’s Laptop Produc$on Servers

Multiplicity of Stacks

Multiplicity of hardware

environments

Produc$on VM Cluster

Customer Data Center

Do services and apps interact

appropriately?

Can I migrate

smoothly and quickly?

6 6

Let’s create a shipping container system for applications

Multiplicity of Stacks

Multiplicity of hardware

environments

Do services and apps interact

appropriately?

Can I migrate

smoothly and quickly?

Sta$c website Web frontend User DB Queue Analy$cs DB

Development VM QA Server Public Cloud Contributor’s Laptop

Produc$on VM Cluster

Customer Data Center

An engine that enables any payload to be encapsulated as a lightweight, portable, self-sufficient container…

…that can be manipulated using standard operations and run consistently on virtually any hardware platform

7 7

Container Fits Well with DevOps Lifecycle

8

Development

Package & Repository

Test Automation

Integrated Dev. Env.

Continuous Integration

UAT

Continuous Delivery Platform

Production Sys. Int. Test

Code Dev & Check-in

Build, Integration and Testing

Repository Mgmt

Deployment & Testing

Promotion & Governance

Production Deployment

Build & Integration

is a “Shipping Container” for Code

9

Ops ♥ Consistent operations on code Uniform start, stop, logging, monitoring

Devs ♥ Consistent environment OS, libs, layering on other containers

9

ü  On-premise

ü  Client-server, stateful, scaleup

ü  Tier 1/Converged HW

ü  Classic NAS & SAN

ü  Relies on infrastructure availability

ü  Human-driven

The Rise of Third Platform Applications

10

ü  On/Off premise

ü  Elastic, stateless, scale-out

ü  Commodity/disaggregated HW

ü  DAS, HDFS, Object, Flash, NVM

ü  Built-in application resiliency

ü  API-Driven/DevOps infrastructure

One School of Thought: Containers or VMs?

11

VMs Containers

Implication: Separate Stacks, Higher CapEx & OpEx

12

Management Management

Infrastructure Infrastructure

VMs Containers

Instead, Containers AND VMs!

13

Unified Cloud Management

Unified Infrastructure Fabric

VMs Containers

Unified Infrastructure Fabric (ex. ESX, NSX, SDS)

Unified Cloud Management (ex. vCAC, vCOps, Log Insight)

Containers VMs

Containers Without Compromise

14

Open Containers API

Single Platform for VMs and Containers

Consistent developer & deployment experience

Common management, monitoring, compliance across all applications

•  ‘Better-than-physical’ compute layer •  Network & security controls for containers •  SDS: data persistence, backup, SLA

management

Enable 2-tier scheduler model; integration with Kubernetes, Pivotal CF, and other schedulers

Section 2: Unified Infrastructure Fabric

15



VMs Containers

VM and Container Isolation are Better Together

16

VMs Containers

•  Hardware level isolation •  Focused on security and

multi-tenancy •  15 years in production,

battle tested

•  OS level isolation •  Focused on environmental

consistency •  Emerging, still maturing

Great for security Great for reproducibility

VMs rs

Best of both worlds

VMs are Lightweight and Efficient

17

Forking

Fast Sub-second VM provisioning time

Ready to Go Clone a running container in warmed up state

Efficient Lower resource usage through sharing

Binaries & Libraries

App A

OS

VM Debunk the Myth •  VM overhead < 5% •  VM is lightweight • OS tends to be heavier Looking ahead •  Thinner OS emerging •  Project Fargo

Containers & VMware NSX

•  Unified operational model for VMs & containers

•  Programmable, datacenter-wide connectivity

•  Enterprise-grade security with micro-segmentation.

•  Native Open vSwitch support for containers

18

Any Application (without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2

Any Network Hardware

Any Cloud Management Platform

Logical Firewall

Logical Load Balancer

Logical L3

Logical VPN

Any Hypervisor

Distributed and Reliable Storage for Container

HOST

Stateless Container

HOST HOST HOST

Stateless Container

HOST

VSAN Distribute, Reliable Storage Snapshots, Clones, QoS, Remote Replication

Boot Image

Boot Image

Boot Image

Container PROVISIONING AND MANAGEMENT •  Simple data persistence

•  Easy deployment of containers on cluster

•  Reliable, high performance storage

•  Tolerant of host/disk failures

•  Fast container create leveraging snapshots and clones in VSAN

•  Quality of Service Controls

Stateless Container

Boot Image

Stateless Container

Boot Image

DBs Traditional Apps

Sharing Infrastructure Efficiently

20

Container cluster

•  Unified platform to run all your apps •  Dynamically allocate resource based on demands and SLA •  Strong security and performance isolation

Database cluster Traditional Apps

Silo’ed cluster leads to server/cluster sprawling, increases cost

Scenario 1: Multiple workloads Scenario 2: Multiple tenants

Containerized apps Tenant/LOB 1

Tenant 1 Tenant 2 Tenant 3

Data Center Virtualization SDDC Platform

Hybrid Platform

21

vCloud Air Data Centers

On-premises Data Centers

Data

vCloud Plug-in

Security

Apps, Tools, Services Multi- tenant

Secure Connectivity

Management

Dedicated

Software-Defined Data Center

Section 3: Unified Cloud Management

22



VMs Containers

Container Fits Well with Devops Lifecycle

23

Development

Package & Repository

Test Automation

Integrated Dev. Env.

Continuous Integration

UAT

Continuous Delivery Platform

Production Sys. Int. Test

Code Dev & Check-in

Build, Integration and Testing

Repository Mgmt

Deployment & Testing

Promotion & Governance

Production Deployment

Build & Integration

Manage VMs and Containers at Scale is Key

24

ü  On-premise





ü  Human-driven







Web tier

App tier

DB tier

Load Balancer Authentication Session

Store Licensing

Monitoring Provisioning

DNS Content Database x3

Web Server

x3

…

Separation of Infrastructure and Apps Concerns

25

Developers “Write code, not tickets”

Infrastructure Team “IT as a service provider”

Focus Deliver IT resources to rest of company

Challenge Agility for devs, while maintaining control

Role Enable rapid delivery of dev sandboxes, pre-provision

3rd Platform Services (Kubernetes, Pivotal CF, etc)

Focus Frictionless development, rapid innovation

Challenge Write code, without worrying about infrastructure details

Role Self-service access to new resources (i.e. new cluster),

comply with company policies and regulations

Separation of Infrastructure and Apps Concerns

Developers “Write code, not tickets”

Infrastructure Team “IT as a service provider”

Focus Deliver IT resources to rest of company

Challenge Agility for devs, while maintaining control

Role Enable rapid delivery of dev sandboxes, pre-provision

3rd Platform Services (Kubernetes, Pivotal CF, etc)

Focus Frictionless development, rapid innovation

Challenge Write code, without worrying about infrastructure details

Role Self-service access to new resources (i.e. new cluster),

comply with company policies and regulations

Architecturally, makes sense to separate infrastructure and app management

Infrastructure Management

Infrequent/no access by developers; devs

shouldn’t care

Application Management

Lightweight, fast; call infrastructure manager

when needed

26

Lifecycle: Self-service, Governance, Automation

27


Benefit: Common portal, catalog, permissions for developers and LOB Self-Service

Benefit: Compliance consistently enforced across entire datacenter Governance

Benefit: Same tools for automating traditional and new app lifecycles Automation

DBs Traditional Apps Containerized apps Tenant/LOB 1

Operations: Service Availability and Traceability

28

Hardware

vSphere, NSX, vSAN/vVOL

OS

App

Virtual HW

OS Virtual HW

App

Lib

App

Lib

App

Lib

App

Lib

Performance monitoring

Capacity management

Log management …

Instrument all layers of stack

Inputs: Metrics and log data

Delivering better service levels,

availability, root cause analysis, …

L i n u x O S

Ap p

Lib

Ap p

Lib

Ap p

Lib

Section 4: 3rd Platform Application Stack

29



VMs Containers

The Rise of Third Platform Applications

30

ü  On-premise





ü  Human-driven







Management vCloud Automation Center,

vCenter Operations, Log Insight

Container Repositories

3rd Platform Apps Stack & DevOps Process

31

Container-optimized Linux

Container Packaging

Container Cluster Scheduler

App Definition, Policies, and Provisioning

Infrastructure ESXi, NSX, Virtual SAN vCloud Hybrid Service

Developer Production

Dev’s Laptop

Optional: Type 2 Hypervisor

Linux

Developer Tools

Container Packaging

Open Ecosystem: 3rd Platform Developer Stack

32




Container Packaging






Dev’s Laptop


Linux

Developer Tools

Container Packaging

E.g. Hashicorp Vagrant, Jenkins, github, etc

E.g. Docker/Docker Hub

E.g. RedHat, Ubuntu, Boot2Docker

E.g. Fusion, Workstation, Player, VirtualBox



Dev’s Laptop


Linux

Developer Tools

Container Packaging

Open Ecosystem: 3rd Platform Production Stack

E.g. Pivotal CF, Fig Terraform, Shipyard

E.g. Kubernetes, libswarm, Mesos, Fleet

E.g. CoreOS, Atomic, Ubuntu




Container Packaging




E.g. Docker

33

Craig Mcluckie Google

Containers at Google

•  Everything at Google runs in Linux application containers •  A decade of production container experience •  We start more than 2 billion a week

•  Containers have changed the game •  Separation of infra and applications ops •  Increased efficiency

35

A few lessons learned... 1: Declarative trumps imperative Imperative: run this container on this server Declarative: run between 2 and 100 copies; keep latency < 2ms

Pros •  Repeatable and eventually consistent deployment and update •  Fire-and-forget app management (self scaling, self healing) •  Dynamic scheduling yields better efficiency

Cons •  Tracing action/reaction can be hard (“is it done?”) •  Diagnostics can be tough (“what happened?”)

So •  We need a cluster manager •  Strong integration with container metrics, logging, etc helps

36

A few things we have learned... 2: Prepare for more production services

The system known as Borg made it easier to run production services at scale...so our engineers wrote a lot more

Pros •  Strong shift to dev and away from ops •  Radically simpler infrastructure operations

But… •  Governance gets harder as service number increases •  Managing, finding, versioning

So… •  We need a cluster manager •  It needs mechanism to deal with large numbers of services

37

So we created Kubernetes...

•  OSS project created by Google, but owned by the community

•  Google style cluster management •  Move from static containers to dynamic management

lightweight modular/ extensible portable

: 38

And where do VMs fit in?

•  Needed to run untrusted and unconstrained workloads •  Linux syscall layer is large and difficult to defend •  VMs surface can be aggressively defended •  VMware has been doing this for 15 years •  Critical for multi-tenant cloud use with untrusted tenants •  E.g. VMware vCloud Air

•  In Google Cloud Platform •  VMs create ‘idealized’ infrastructure •  Containers package and run applications

•  Kubernetes stitched together VMs to create a mini-Google cluster

39

What is next?

•  Make it work everywhere •  Operationalize •  Extend services for distributed systems development

40

James Watters Pivotal

42 © Copyright 2014 Pivotal. All rights reserved.

Core Application Patterns Are Changing Pick 2 of the next 5 slides and delete the rest.


To Do List � Application and Data Services Centric Platform –  Transform human centric data center processes into a software

factory

� Move towards real time deployment scaling and operations; final step in virtual revolution…

� Focus on ease of deployment, but deliver exceptional operational benefits


Why Containers are Essential � Speed: seconds vs. minutes –  Seconds to health management –  Seconds to deployment –  Seconds to scaling

� Units of currency –  Leverage Docker popularity and simplicity for apps and data

services –  Push and application artifact (.WAR) or a Docker image


From Data Center to Software Factory Application

Containerization & Cluster Scheduling

Native and Extended Data

Services

Automatic App Server & OS Configuration with

Buildpacks

Policy, Identity and Roles Management

App Health Management, Load Balancing, Rapid Scaling, Availability Zones

IaaS Provisioning, Scaling & Configuration

Application Network Security

Groups

Application to Services

Binding and Access

Logging as a service, Application metrics & performance, Metric based scaling


Already Strong in the Enterprise


Demo Video Diego Sneak Peak

Summary

Case study: ITBM leveraging containers on SDDC and vCloud Air

49

In our front-end, over dozen micro-services run in Docker containers on CoreOS VMs: •  Web Server x3 •  Database x3 •  Content •  Load Balancer •  Session Store •  Authentication •  Licensing •  DNS •  Provisioning •  Monitoring •  …

Registry

Cluster Cluster

DNS

•  Our backend is processing customer data, acquiring more data from online sources, and generating content for the front-end

•  It is also validating the content and serves as staging environment

•  Some services use fleet and some are managed by Mesos

fleet & etcd

Cluster Cluster

Mesos

HDFS

Cluster

Registry Jenkins

Binaries and content are packaged in Docker containers during build and moved to staging and pro-duction using Jenkins Pipeline

vCloud Air Data Center Virtualization

SDDC Platform


Case Study: ITBM Leveraging Containers on SDDC & vCloud Air

50

fleet & etcd

Cluster Cluster

Mesos

HDFS

Registry

Cluster Cluster

DNS

Registry

IT Benchmarking Service (ITBM) SaaS application to measure IT process against peers or common recognized patterns •  Build and content generation on private cloud (SDDC), Customer-facing modules on vCloud Air •  All services running in Dockers on CoreOS VMs

vCloud Air


•  Single platform for running and managing traditional + modern apps

•  Enterprise grade: security, performance, operational efficiency

•  Ability to extend applications to the hybrid cloud

•  Support for community-led projects (Big Data, OpenStack, containers)

51

The Open Platform for Modern Applications

VMware Bridges These Two Worlds

Resilience Security

QoS

Openness Portability

Agility

Traditional Apps Modern Apps

OS App

Virt. HW OS App

Virt. HW OS App

Virt. HW OS App

Virt. HW

App

Container OS

App

OpenStack API Open Container API


ESXi, NSX, VSAN

On-premise Off-premise

IT Faces Conflicting Demands

In Summary •  VMware is focused on helping companies run and manage their applications,

whether they are packaged in VMs or containers

•  A software-defined datacenter is the best place to run and manage all application types

•  Docker, Google, Pivotal, VMware are working together to help companies efficiently run and operationalize containerized applications

52

Q & A

Unified Infrastructure Fabric (ex. ESXi, NSX, Software-Defined Storage)

Unified Cloud Management (ex. vCloud Automation Center, vCenter Operations, Log Insight)

Extends to management of

containers running on physical hosts

2nd Platform App Stack Infrastructure Control

•  vSphere (VCenter/HA/DRS/…) •  SRM (DR) •  3rd-party integrations w.

vSphere

3rd Platform App Stack Infrastructure Control

•  Kubernetes, Yarn, Mesos, … •  Pivotal, BOSH

2nd vs 3rd Platform Apps: The Value Prop Changes

54

Open Containers API 2nd Platform App Stack Infrastructure

Control Plane •  Scheduling &

placement (DRS) •  Resource controls

(SIOC, NIOC) •  High availability (HA,

FT) •  Mobility (vMotion) •  Disaster recovery

(SRM) •  Authentication •  Logging/Audit •  Etc…

3rd Platform App Stack

Infrastructure Control •  Scheduling •  Resource Controls •  Load balancing,

routing •  Service registration •  Service discovery •  Availability •  Authentication •  Logging/auditing •  Data persistence

Thank You

Fill out a survey Every completed survey is entered into a

drawing for a $25 VMware company store gift certificate

The Software-defined Datacenter, VMs, and Containers: A “Better Together” Story

SDDC3327

Kit Colbert, VMware, Inc

VMworld 2014: The Software-Defined Datacenter, VMs, and Containers

Technology

hardware platform

container fits

selfsufficient container

shipping container system

oslevel isolation isolation

product features

userlevel process lxc

unified cloud management