what's beyond virtualization - the future of cloud platforms
DESCRIPTION
My updated talk om the future of IT at QCon NY What lies beyond virtualization? How do we start the journey to a secure, composeable, and trusted hybrid platform that truly delivers the business value and velocity we all want? In the era of software-defined everything, one goal is to reach a fluid infrastructure that has the level of plasticity needed to self heal itself and provide higher level SLAs for applications and services. Adding value to existing applications and services in a transparent fashion requires a rethinking of core technologies in the platform space. In this talk we will take a look at some low level technologies and approaches to achieving this goal. Topics will range from Intelligent layer 7 SDN with semantic awareness, distributed scheduling algorithms, policy distribution and invalidation, health monitoring and management, self healing techniques, and the role of unsupervised deep machine learning and anomaly detection.TRANSCRIPT
Derek Collison - Apcera, Inc.!@derekcollison!!June 12, 2014 - QCon New York
Beyond Virtualization
@derekcollison QCon NY: “Beyond Virtualization”
About!
!
• Architected and built TIBCO Rendezvous and EMS Messaging Systems!
• Co-founded AJAX APIs group at Google!• Designed and built Cloud Foundry!• Founder and CEO at Apcera!• Inspiration: Fast Distributed Systems
2
Derek Collison
@derekcollison QCon NY: “Beyond Virtualization”
The future of enterprise IT lies beyond virtualization
3
@derekcollison QCon NY: “Beyond Virtualization”
Virtualization ==
4
@derekcollison QCon NY: “Beyond Virtualization”
EVERYTHING is a distributed system these days
5
@derekcollison QCon NY: “Beyond Virtualization”
So orchestration and composing systems will define the future
6
@derekcollison QCon NY: “Beyond Virtualization”
To look into the future Let’s see where we are
7
@derekcollison QCon NY: “Beyond Virtualization”
IT Today
8
Old school Virtualization IaaS IaaS, SaaS, PaaS Cloud
?
@derekcollison QCon NY: “Beyond Virtualization”
We care about what’s next
9
?
@derekcollison QCon NY: “Beyond Virtualization”
Automate undifferentiated heavy lifting, speed up the mundane
10
@derekcollison QCon NY: “Beyond Virtualization”
Orchestrate Secure and Compliant Composeable Systems
11
@derekcollison QCon NY: “Beyond Virtualization”
Align the value to you with the value to your organization
12
@derekcollison QCon NY: “Beyond Virtualization”
Build what you need..
13
@derekcollison QCon NY: “Beyond Virtualization”
Assemble the rest
14
@derekcollison QCon NY: “Beyond Virtualization”
PaaS helps
15
@derekcollison QCon NY: “Beyond Virtualization”
PaaS Helps
16
• Tries to speed up deployment!• Preset, biased approach!• Only a small piece of the puzzle!
- Enterprises need lifecycle management, security, compliance, governance, etc.
@derekcollison QCon NY: “Beyond Virtualization”
PaaS is Not Enough http://apcera.com/blog/paas-is-not-enough/
17
@derekcollison QCon NY: “Beyond Virtualization”
Docker helps
18
@derekcollison QCon NY: “Beyond Virtualization”
Docker Helps
19
• The dawn of the composeable enterprise!
• More control over the pieces!• Great Ecosystem!
@derekcollison QCon NY: “Beyond Virtualization”
DockerCon Initiatives
20
• libSwarm!• libContainer!• libChan
@derekcollison QCon NY: “Beyond Virtualization”
Docker The Future
21
• Identity!• Authorization!• Trust
@derekcollison QCon NY: “Beyond Virtualization”
Docker TBDs
22
• How to compose and orchestrate the system?!• etcd? confd?!• Make it transparent!• Don’t make me rewrite!• libSwarm, libChan?!
• What about compliance?!• Heartbleed?!• Linux zero-day exploit?!• Tell me if I am compliant!• Tell me what is at risk
@derekcollison QCon NY: “Beyond Virtualization”
We Want Things to Just Work
23
• Self Service!• Composeable Systems (legos)!• Faster Iterative Development!• Faster Deployments!• Fault Tolerance!• High Availability!• Guaranteed SLAs
@derekcollison QCon NY: “Beyond Virtualization”
We’re getting there
24
@derekcollison QCon NY: “Beyond Virtualization”
The Future of IT
25
• Declarative!• Composeable!• Extreme Agility!• Security and Compliance -
Transparently!• Fluid and Abstracted
Infrastructure and Services!• Multiple delivery models in one
system
@derekcollison QCon NY: “Beyond Virtualization”
Declarative
CCB
26
• App A needs: !- X memory and Y CPU!- N storage!- I/O SLAs for talking to B and C!- available URL for trusted
identities!- run on premise, co-located
near B
App A
B C
talks
to talks to
@derekcollison QCon NY: “Beyond Virtualization”
Intelligent workloads
27
App A
@derekcollison QCon NY: “Beyond Virtualization”
Intelligent systems
28
App A
@derekcollison QCon NY: “Beyond Virtualization”
Where do we start?
29
@derekcollison QCon NY: “Beyond Virtualization”
Required Functionality
30
• What App A needs!!
• Where App A runs!!
• How App A finds B and C!!
• How others find App A!!
• What happens on failures
@derekcollison QCon NY: “Beyond Virtualization”
Required Functionality
31
• What App A needsPackaging & Dependencies!
• Where App A runs Provisioning & Scheduling!
• How App A finds B and C Addressing & Discovery!
• How others find App A External Mapping!
• What happens on failures Monitoring & Management
@derekcollison QCon NY: “Beyond Virtualization”
Packaging & Dependencies
32
• What the job needs to run!• Changes from Dev to Prod!• Runtimes, OS, libraries!• Who defines what these are!• Whether existing tools are
sufficient for consistency, compliance, auditing!- SCCS and Chef / Puppet!- AMIs or VMDKs!- Docker Images
App A
DEV PROD
runtimes!OS!libraries
runtimes!OS!libraries
@derekcollison QCon NY: “Beyond Virtualization”
Provisioning & Scheduling
33
• Where workloads run!• Network perimeter security
models!• Unit of work: VM, App, Image!• Automatic, instantaneous and
transparent policy compliance!• Compliance and deployment
handled independently!• New tools: Mesos, Fleet, Diego
500ms10 weeks 2 min.
human!behavior !change
Speed
@derekcollison QCon NY: “Beyond Virtualization”
Addressing & Discovery
34
• DNS is insufficient - inside!• Needs to fit what we have,
without changing apps!• System reacts as things move!• Load balancing!• Scaling up and down
ETCD / CONFD
External Internal
X✓✓
✓
✓
Rou
ter
Rou
ter
@derekcollison QCon NY: “Beyond Virtualization”
External Mapping• HTTP/TCP connectivity!• How do you find something? !• Load balancing!• Rapid scaling!• Health monitoring and repair!• DNS sufficient for external, but
not internal
35
External Internal
X✓✓
✓
✓
Rou
ter
Rou
ter
@derekcollison QCon NY: “Beyond Virtualization”
Monitoring & Management
36
• What happens when something fails?!
• Manual or Automatic?!• Who determines failure and
whether we trust the system!• Its sick, not dead!
- Latency vs. Chaos monkey!• Measure the effect of change
beforehand?!• Extensible & Pluggable
BORG / Omega
LatencyChaos
@derekcollison QCon NY: “Beyond Virtualization”
Bolt-on is not the way to get there
37
@derekcollison QCon NY: “Beyond Virtualization”
What we need is a platform OS
38
@derekcollison QCon NY: “Beyond Virtualization”
Programmable, pluggable, and composeable from the inside out
39
@derekcollison QCon NY: “Beyond Virtualization”
The secure, hybrid, trusted platform OS for multi-datacenter
40
@derekcollison QCon NY: “Beyond Virtualization”
A Platform OS
41
• All resources in a common pool!• Real-time networking,
addressing, and discovery!• Awareness of ontologies AND
communication semantics!• Contextual security and policy
just work!• Built for rapid change - all change!• Policy-compliant resource
isolation, connectivity, and SLAs
CC
App A
C
talks topattern data
behavior policy!on the fly
@derekcollison QCon NY: “Beyond Virtualization”
We Have the Right Pieces
42
• Isolation Contexts - Docker!• SDN - Software-Defined
Networking!• Management and Resource
Pooling (CMPs)!• Intelligent and Compliant Job
Scheduling!• Intelligent Canarying, A/B
rollouts and testing
Just not in one place
@derekcollison QCon NY: “Beyond Virtualization”
Isolation Context• Isolation Context: isolated, insulated, autonomous!• Speed and weight!
- Hypervisors for virtualization!- LXC, libContainer (containers) - Docker!- Micro-task virtualization!
• Google chargeback diversion
43
Faster, more lightweight and purpose-built
Virtualization Containerization Micro-task Virtualization
@derekcollison QCon NY: “Beyond Virtualization”
SDN - Software-Defined Networking
44
• Network perimeter security!• Application-level changes!• Layer 7 semantics!
- How many INSERTS per second from all of App A?!
- Can I disallow DROP and DELETE calls between 1-3AM?!
• Compliant and transparent network!- It just works, e.g. mobile
@derekcollison QCon NY: “Beyond Virtualization”
Intelligent, Compliant Job Scheduling• Pick the best place to run for a
given job and policy!• How the system rebalances
and utilizes new resources!• Centralized or Distributed
algorithms!• How policy affects decision-
making (e.g., geography)!• New tools: Mesos, Fleet, Diego
45
@derekcollison QCon NY: “Beyond Virtualization”
Intelligent Canarying
Prod
• Measured rollout success!• A/B testing!• Blue-green deployments !• Automated rollout and rollback
46
10% traffic
Dev90% traffic
App Av1
App Av2
Rollout Rollback
@derekcollison QCon NY: “Beyond Virtualization”
Intelligent Canarying• A lot of data needed!
- resource utilizations: CPU, Mem, Storage!
- communication patterns: cascading effects!
- temporal awareness!• All data will feed into
automated, anomaly detection services!- Utilizing unsupervised deep
machine learning
47
@derekcollison QCon NY: “Beyond Virtualization”
The Future of IT - Platform OS
48
Hardware
IaaS
Diverse Workloads!(e.g., apps, services)
Provisioning!Scheduling!
Health Monitoring!Addressing!Discovery
Governance!Compliance!
Security!Automation!
Orchestration
Internal Services
External Services
One Platform
@derekcollison QCon NY: “Beyond Virtualization”
Summary
49
@derekcollison QCon NY: “Beyond Virtualization”
Summary
50
• Composeable platforms!• Intelligent workloads sans code
changes!• Policy aware...!
- Packaging and Dependency Management !
- Job Scheduling and Provisioning!- Addressing, Discovery, Networking!- Monitoring and Management!- Lifecycle Management and
Intelligent Canarying
A POLICY OF INNOVATION
@derekcollison QCon NY: “Beyond Virtualization”
Resources
51
• Docker - https://www.docker.io!• Mesos - http://mesos.apache.org!• CoreOS - https://coreos.com!• Fleet, Etcd - https://coreos.com/using-coreos/etcd!• Consul - http://www.consul.io!• Continuum - http://apcera.com/continuum
Derek Collison - Apcera, Inc.!@derekcollison!!June 12, 2014 - QCon New York
Thank You