Going from Open Shift Po C to Production

Going from Open. Shift Po. C to Production Accelerate your path with HPE Red Hat Summit | May 2018

Presenters KA WAI LEUNG HPE Solutions Product Management MICHAEL MATTSSON HPE Nimble Storage Product Management 2

Agenda – Bringing containers to production—different adoption paths – Impact on people, process, and governance – Technology considerations (including data management and protection) – HPE Pointnext Services for Open. Shift – Planning for success 3

Open. Shift adoptions 4

Four options for container adoption 1 Deploy containerized commercial apps 2 Containerize monoliths 3 Containerize monolith; transform to microservices 4 Enable new microservices and apps Up in days, not months; verified and secure Migrate to hybrid cloud or bare metal; get better CAPEX/OPEX versus VM Look for shared services to transform agility, Dev. Ops, distributed architecture Greenfield cloud native or containers as a service (Caa. S) 5

Moving from Po. C to production Key considerations People and organization Dev and release process Governance Technology and platform Complete Po. C Often a minimal viable product (MVP) Production 6

People, organization, governance 7

People and organization Traditional waterfall development model Agile and Dev. Ops model CAPEX vs OPEX model? Customer or BU Dev & QA 1 -3 releases/year 4 -12 month cycles IT Ops Integrated teams 4 -12+ releases/year 1 -3 month cycles 8

Dev/release process and governance Command control Integrated and empowered Request for change, change control board Change record as part of CI/CD pipeline Dev controls app stack Dev controls app image, Ops controls standardized base image via catalogs Waterfall model Continuous delivery model Ops owns security and monitoring Dev assumes more control on security and apps performance monitoring 9

Technology considerations 10

Open. Shift in production High availability Lifecycle management Orchestration Monitoring The Open. Shift production ecosystem Scaling Resource management Security Data protection and management 11

Technology considerations Security Securing the stack – Safe images: Security for private registry (scanning, access control) – Open. SCAP scanning (integrate into CI/CD) – Detailed audit trail for compliance, regulation, and forensics – Safeguarding sensitive data – Run-time protection and continuous monitoring Container images – Harden OS (SELinux mandatory for Open. Shift) Container registry – Leverage security context constraints (SCC) – Strong remediation and alerting Red Hat® Linux® Hardware firmware and BIOS Lack of education/training for those involved in software development 12

Technology considerations Monitoring Top five layers to monitor – Host, container, and application monitoring – Root cause analysis and remediation – Data store for trending and archival analysis – Canned metrics and dashboards – Software as a service (Saa. S) versus an on-premises monitoring approach – Open source versus pay-for products – Monitoring tools: Cloud. Forms, Sys. Dig, Datadog, Co. Scale, Prometheus/Grafana Application Services Kubernetes deployment Kubernetes internals Host nodes (Source: Sys. Dig) 13

Technology considerations Resource management – Developers are not good at sizing estimates – Tendency to overcommit resources – Overprovision for “safety” – Leads to inefficient CPU and memory usage – Magnified exponentially with thousands of pods – Analyser tools: c. Advisor, Prometheus/Grafana, Densify, Turbonomics 14

Po. C to production configuration considerations Po. C, Dev/QA, or SMB deployment Mid-range production configuration Enterprise production starter configuration (bare metal) Deployment scenario All services, masters, workers on VM (with persistent storage supported), HA supported VM or bare metal workers with persistent storage All services, masters, workers on bare metal Total physical nodes 3 nodes 6+ nodes 8+ nodes Number of instances All on VMs: – 3 masters/etcd, infrastructure, HA proxy on VMs over 3 physical nodes – 3 nodes— 3 master, 3 etcd – 3+ physical nodes for N number workers on VMs or bare metal – 3 infrastructure – 2 high availability (HA) proxy – 3+ nodes—k 8 s workers on bare metal – 3 workers Key SW – Open. Shift – Red Hat Hyperconverged Infrastructure (RHHI) – 2 nodes—infrastructure, HA load balancer, and HA registry management tools, such as Ansible Tower – Open. Shift, RHV + external storage array – Or Open. Shift, RHHI (for SW defined storage) – Open. Shift – Monitoring, logging, billing apps – Persistent storage plugin 15

Accelerate Open. Shift adoption with HPE Reference architectures HPE Open. Shift solutions (Services component, ecosystem, deployment guide, and automation) Deployment scale Consistent platform from DEV to OPs Development Accelerate developer productivity Production Simplify the IT experience Operations optimized 16

HPE Composable Systems: the ideal container platform Solution for enterprise scale container deployment Deploy containers at cloud-like speed Flex container resources up and down Improve application time to value Efficient resource allocation by business demands Centralize container life cycle management Advanced container data management Data protection and storage efficiency for containers Reduce updates from hours to minutes HPE Synergy and 3 PAR/Nimble 17

Data management and protection 18

Use cases for persistent storage with Red Hat Open. Shift Dev. Ops CI/CD pipelines Build Lift and shift Run Ship – Jenkins, Microsoft® VSTS, Circle. CI – Release more, faster, and better – LAMP apps, ERP systems – From VMs or bare-metal IT operations Caa. S Apps – Atlassian Tools, ELK stack, LAMP apps – Simplified security—easy to manage – Self-service for developers – Secure and predictable ABC XYZ 19

Hardware versus software VFS SDS SDS VFS VFS Kernel App Open. Shift Capability External storage Software-defined storage Consistency model Synchronous Eventually consistent/tunable Data services Snapshot, clone, async/sync replication Varies Performance Sized to workload Limited – server bound Storage reduction Dedupe, compress, thin Requires multiple copies (replicas) Scale and grow As needed Need storage – add compute Efficiency Data processed externally Compromised app latency CAPEX/OPEX/TCO High / Low Low to Extremely High / High Protocol FC / i. SCSI / NFS Container only, block, object, NFS Security Granular encryption Varies Backup, recovery, archive Strong, built-in Weak – varies, high impact RTO Reliability, availability, serviceability Unmatched – fully integrated Questionable Cloud native Storage-as-a-Service Self-hosted 20

Solution: HPE Persistent Storage platform for containers Speed up Dev. Ops Lift and shift data with applications Simplify container operations Container Qo. S, security IOPS, encryption HPE Cloud Volumes Self-service automation rich container platform integration Multicloud onramp for data using HPE Cloud Volumes Comprehensive REST APIs plug into Ansible, Puppet, Chef Onboard data easily by instantly converting legacy volumes to persistent volumes Container data protection: clean up and retention for snaps and clones Simple, fast, efficient: predictive flash for six-nines availability, support 21

HPE Persistent Storage platform for Red Hat Open. Shift Container Platform 3. 5 to 3. 9 Open. Shift Origin Flex. Volume plugin Flex. Volume Driver Provisioner Open APIs + HPE Storage open-source software* Docker Volume API Plugin Unix Socket HPE Docker Volume plugins HPE Cloud Volumes 3 PAR *https: //github. com/hpe-storage/dory Nimble Storage Coming soon: HPE Cloud Volumes 22

HPE Nimble Kube Storage Controller overview Features Parameters Lifecycle description: "My Description" Highly-available, volume scoping, user-defined destroy. On. Rm: "true" descriptions, control remove and detach behavior. --kind: Storage. Class api. Version: storage. k 8 s. io/v 1 metadata: name: my-storage-class provisioner: hpe. com/nimble parameters: description: "My Description" encryption: "true" limit. IOPS: "1000" perf. Policy: "My Policy" protection. Template: "my-prot-1" perf. Policy: "SQL Server" Performance Controls limit. IOPS: "32000" Performance Polices limit. MBPS: Qo. S Limits "512" – IOPS and Throughput Volume Placement pool: "allflash" Pools and folder: "My Folders Tenant" Protection Templates protection. Template: Snapshot schedules"local-cloud" and retention Array-to-array and HPE Cloud Volumes encryption: Security "true" fs. Owner: "8192: 500" Encrypt data at rest fs. Mode: "0755" Set mount point UNIX permissions --kind: Persistent. Volume. Claim api. Version: v 1 metadata: name: my-pvc spec: access. Modes: - Read. Write. Once resources: requests: storage: 500 Gi storage. Class. Name: my-storage-class Provisioning thick: "true" Specify thin or thick provisioning size. In. Gi. B: "4000" Up to 127 TB Volumes – default size 10 GB Dedupe & Compression dedupe: Variable"true" block size clone. Of: "My. Docker. Vol 1" Zero-Copy Clones snapshot: "My. Snapshot" Reuse data from production containers create. Snapshot: "true" Legacy Docker import. Vol: "My. Nimble. Vol 1" Volume Import import. Vol. As. Clone: "My. Nimble. Vol 1" Seamless data migration snapshot: "My. Snapshot" Clone Nimble volume in a Docker Volume 23

HPE Pointnext Services for Open. Shift 24

Open. Shift container service considerations Container and cloud adoption is not trivial Dev – Overall business objectives Build and test Package and archive Release and deploy – Determine application migration strategy – Review networking, security, and storage requirements – Define system architecture – Define and implement Po. C – How best to containerize app Discovery Continuous integration and deployment pipeline Design Deployment Pilot 25

Announcing HPE cloud native container service for Open. Shift – Review application requirements – 2– 3 day workshop to gather requirements and define integrations – Create design – Deploy container platform environment – Pilot containerized applications – Move to production Discovery Design Deployment Test and evaluate Pilot or trial workload Production 26

Plan for success 27

Move from Po. C to production—Key success factors – Implement best practices and address issues/learnings from Po. C (people, process, technology) – Have a complete Open. Shift container ecosystem in place: HA, security, monitoring, data management, etc. – Determine CAPEX vs OPEX; plan whether to do it yourself or partner Accelerate this path with HPE + Red Hat 28

Resources and key contacts Reference configuration for Red Hat Open. Shift Container Platform on HPE Synergy Composable Infrastructure – hpe. com/V 2/Get. Document. aspx? docname=a 00 038916 enw – Video: hpedemoportal. ext. hpe. com/search/Automated deployment of Red Hat Open. Shift on HPE Synergy HPE platform – hpe. com/info/composableprogram – hpe. com/us/en/storage/containers. html Red Hat Open. Shift Container Platform datasheet HPE contacts – redhat. com/en/resources/openshift-containerplatform-datasheet Ka Wai Leung Containers Solutions Product Management kawai@hpe. com Git. Hub repositories – github. com/RHsyseng/ocp-on-synergy – github. com/Hewlett. Packard/image-streamerreference-architectures/ tree/master/RC-RHEL-Open. Shift Gary Lee Harris Pointnext Container Consulting glh@hpe. com Michael Mattsson HPE Storage Tech Marketing michael. mattsson@hpe. com Bob Zepf HPE Strategic Alliances bob. zepf@hpe. com 29

Thank you 30