recommended strategy for hybrid cloud infrastructure · azure dns external dns azure integration...

RECOMMENDED STRATEGY FOR HYBRID CLOUD INFRASTRUCTURE

Step-by-step adoption

Marcos Garcia Ron MarshallSenior Cloud Solutions Architect Senior Solutions Architect

June 2018

WHAT YOU’LL LEARN TODAY

1. Hybrid Cloud means Containers everywhere

2. Manage every cloud with Cloudforms

3. Standardize on Ansible for Cloud Automation

4. Interconnect Data Silos

5. OpenShift on OpenStack works great

A Red Hat perspectiveWHAT IS MULTICLOUD?

Using multiple clouds from multiple private OR public providers, for multiple workloads/tasks, without interconnectivity between clouds.

A combination of one or more public AND private clouds, with some degree of workload portability, integration, orchestration, and unified management across clouds.

noun • \ muhl-tee \ klaud \ noun • \ hī-bred \ klaud \

Source:https://www.redhat.com/en/topics/cloud-computing/what-is-multicloudhttps://www.redhat.com/en/topics/cloud-computing/what-is-hybrid-cloud

MULTICLOUD HYBRID CLOUD

Exposition of resources

Provide necessary environments to operations in minutes, not weeks or months

CLOUDDefinitions

APPLICATION PLATFORM

Consumption of resources

Able to easily access new developer environments to quickly build new apps and

move on

INFRASTRUCTURE PLATFORM

TOP DRIVERS OF PUBLIC CLOUD ADOPTIONAgility, security, and productivity

[n=6,084 respondents weighted by country]Source: IDC, Top Drivers of Cloud Adoption by Type of Cloud Deployment. Doc # US42829717, Jun 2017.

PERCENTAGE OF RESPONDENTS

IMPROVE AGILITYIMPROVE SECURITY

IMPROVE STAFF PRODUCTIVITY

Reduce budget

Simplify or standardize IT

Shift from CapEx to OpExMore control to business units

Faster access to toolsReassign IT personnel

Improve time to market

50%30% 40%20%

WHY ENTERPRISES CHOOSE PRIVATE CLOUDSecurity, compliance, control, and flexibility are top benefits

of user organizations surveyed cited increased security as the top benefit of private cloud.

of these organizations cited global compliance, enhanced IT control, flexibility, and data management as further benefits.

75%

70%

Source 451 Research for Red Hat, OpenStack Platform Delivers for Private Cloud Users, Dec 2016. :

BENEFITS OF PRIVATE CLOUDComplete control over data, cost, and location

Source: Corina Marcuti for Luminus, 7 benefits of choosing a private cloud solution, Jan 2017. http://luminus.tech/2017/01/13/7-benefits-of-choosing-a-private-cloud-solution/

Create and customize to meet business

needs

CONTROLReduce cost of

infrastructure and operations over time

COSTSecure your info on your servers in your

datacenter

PRIVACYAvoid concerns about

vendor stability or longevity

NO LOCK-INAPI’s available 24x7,

to multiple teams

SELF-SERVICE

USES both on-premise and public cloud infrastructure

UNIFIES management across all environments

SHARES resources across infrastructure platforms

PROVIDES a container environment with orchestration

ADHERES to open, common industry standards and APIs

OPEN HYBRID CLOUD PLATFORMA modern platform that takes advantage of all environments

A COMMON FOUNDATION FOR HYBRID CLOUD INFRASTRUCTURE

PUBLICPHYSICAL VIRTUAL PRIVATE

RED HAT ENTERPRISE LINUX

A MULTICLOUD APPLICATION PLATFORM

STANDARD MANAGEMENT

STANDARD WORKLOADS

MULTIPLE INFRASTRUCTURE

SAME USER EXPERIENCEOCP on Amazon Public Cloud or on OpenStack Private Cloud

DIVERSE INFRA CAN BE CHALLENGINGSILOS BLOCK BUSINESS INNOVATION AND VALUE

SILOED TOOLSETS

SILOEDTEAMS

BUSINESS VALUE

SILOED WORKLOADS

THIS IS BAD FOR YOUR TEAM’S CULTURE AND SUCCESS!

DIVERSE INFRA CAN BE CHALLENGINGRED HAT MULTICLOUD UNLOCKS BUSINESS INNOVATION AND VALUE

SHARED TOOLSETS

SHARED MANAGEMENT

BUSINESS VALUE

MULTICLOUDCONTAINER WORKLOADS

Red Hat multicloud is the evolution of digital transformation.

WHY SHOULD MANAGEMENT BE HYBRID? TO ELIMINATE DISPARATE SYSTEMS & DUPLICATION OF EFFORT

● Different management systems

● Different automation and policies

VIRTUALIZATION PUBLICCLOUD

CONTAINERSPRIVATECLOUD

HYBRID CLOUD MANAGEMENT EFFICIENCY COMMON SYSTEM ELIMINATES DUPLICATION OF EFFORT

● One management system

● Consistent automation & policies

VIRTUALIZATION PRIVATECLOUD

PUBLIC CLOUD

CONTAINERS

HYBRID MANAGEMENT

HYBRID CLOUD MANAGEMENTSELF-SERVICE, SYSTEM DEPLOYMENT, CONFIGURATION, & REMEDIATION

Order a service in a self-service

portal

Deploy instanceson VMs, in an

OpenStack private cloud, or public cloud

Automated OS deployment,

configuration, and errata updates

Infrastructure orchestration, application deployment, & automated remediation of

critical issues

Proactively monitor & identify issues

Monitor progress and inform the user when actions are completed

ONE STEP FURTHER: HYBRID NETWORKINGConnect multiple clouds with your own VPNs or 3rd party SDN / SDWAN

VIRTUALIZATION PRIVATECLOUD

PUBLIC CLOUD

CONTAINERS

HYBRID NETWORK

● OVN● Contrail● Tigera● NSX-T● Cisco CSR1000v● Viptela, etc

ONE STEP FURTHER: HYBRID STORAGEConnecting silos allows application portability and lower costs

VIRTUALIZATION PRIVATECLOUD

PUBLIC CLOUD

CONTAINERS

HYBRID STORAGE

Using

● Gluster

● Ceph

Expose common interfaces

● S3/Swift object APIs

● NFS/Samba POSIX folders

With geo-replication across clouds

#1: Visibility and Policies

(MULTI)CLOUDFORMSMANAGE CONTAINER, VIRTUAL, PRIVATE, AND PUBLIC CLOUD INFRASTRUCTURES

CLOUDFORMS MULTICLOUD INTEGRATIONSCLOUDFORMS 4.6 DOES MULTICLOUD

Smart-State Analysis on Azure-managed disks

User data for GCE instance provisioning

Smart-State Analysis on EC2

Template provisioning from Service Catalogue

Reporting: Metering and Chargeback improvements

User experience: Security, dashboards, and filters

Security groups, flavors, and Smart-State for boot from vol.

OSP and CloudForms tenant synchronisation (on-demand)

Assign Chargeback Rate by Storage Volume Type.

CloudForms containerised deployment.

Transform VMware VM into a RHV VM + all the plumbing.

Bare metal management: introspect and manage, physical! (Lenovo Xclarity)

PUBLIC CLOUDOPENSHIFTCONTAINER PLATFORM

RED HATOPENSTACK PLATFORM

CLOUDFORMSVMware | RHV | Bare Metal

Demo: Dashboard and Reports

Demo: Topology view & OCP Dependencies

DEMO: Smart State Analysis

DEMO: Control Policies

#2: Cloud Services Catalog

CLOUDFORMS SERVICE CATALOG

TASK TIME MINS

Create virtual machine

Add storage and networking

Queue between teams

Install operating system

Wait after install

Configure operating system

Install application platforms

Configure application platforms

Queue between teams

Security configuration and scan

2

3

120

2

60

1

2

1

120

2

ACTI(E )ORK TIME 13 minutes

13 minsTOTAL TIME

ACCELERATE SERVICE DELIVERYREQUEST

DEVELOPER

EN(IRONMENT

Cloudforms Native Provisioning Existing Tools (via Ansible)

Ansible Cloud ModulesOrchestration Templates

FOUR WAYS TO PROVISION CLOUD SERVICESFrom Cloudforms

EXAMPLEYour applications and systems are more than just collections of configurations. They’re a finely tuned and ordered list of tasks and processes that result in your working application. Ansible can do it all: • Provisioning

• App Deployment

• Configuration Management

• Multi-tier Orchestration

DEMO: Deploy Cloud Service

x2 Ticket Monster

DB

EAP+++

DBInstance

JBossInstances

DBDeploy.

Playbook

J(M + JBoss Deploy. + ELB

Playbook

Ansible Playbook

+

ELB

Playbook: https://github.com/marcosgm/workflow-demo/blob/master/plays/ticket-monster-aws.yml

#3: Cloud Interconnect

Multiple VPN Options:

● AWS Virtual Private Gateway● Azure VPN Gateway● GCE Cloud VPN

Multiple peering options:

● AWS Direct Connect● Azure ExpressRoute● GCE Dedicated Interconnect

They cannot even agree on the icons! Corporate DC

Public Internet

EACH CLOUD HAS ITS NETWORKHow to connect the silos?

resources:- type: Microsoft.Network/virtualNetworks/subnets name: "site2.scarter/outside" apiVersion: '2017-06-01' properties: addressPrefix: "10.2.1.0/24"

Resources: outsidesite2scarter: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.2.1.0/24 AvailabilityZone: us-east-1a VpcId: Ref: site2scarter

Tags: - Key: Name Value: outside.site2.scarter

SO MANY WORDS… but only a few things matter

AWS CloudFormation Azure Resource Manager Template

SILOED AUTOMATION

AWS CloudFormation

Azure Resource Manager Template

resources:- type: Microsoft.Network/virtualNetworks/subnets name: "site2.scarter/outside" apiVersion: '2017-06-01' properties: addressPrefix: "10.2.1.0/24"

Resources: outsidesite2scarter: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.2.1.0/24 AvailabilityZone: us-east-1a VpcId: Ref: site2scarter

Tags: - Key: Name Value: outside.site2.scarter

vpc_list:- name: site2.scarter cidr: 10.2.0.0/16 networks: - name: mgmt.site2.scarter cidr: 10.2.0.0/24 - name: outside.site2.scarter cidr: 10.2.1.0/24 - name: inside.site2.scarter cidr: 10.2.2.0/24

DATA MODELSBetter Living Through Abstraction

Abstraction Through Automation

BGP OSPF VLAN ACL QOS EVPN AAALB

NETWORK AUTOMATION WITH ANSIBLE

Time to ValueConfiguration & Change Automation

Faster Customer Service

On-boarding

Time to RemediationAutomated Fault Remediation

Faster Execution of Change Requests

Faster Execution of Maintenance

Faster Troubleshooting and Remediation

IMPROVED OUTCOMES WITH AUTOMATION

CONSISTENT ONBOARDING ACROSS CLOUDS

Provision Cloud Instance

Provision Cloud Network Services

Connect Cloud Router to DC

Establish VPN Tunnels

Provision Cloud Instance

Provision Cloud Network Services

Connect Cloud Router to DC

Establish VPN Tunnels

Establish VPN Tunnels

Establish VPN Tunnels

Connect DC Router to Cloud Router

Connect DC Router to Cloud Router

Cloud Model

Playbook ON-PREM

Provision Local Network Services

Provision Local Network Services

control10.0.2.10

DC

host110.2.2.10

10.2.2.0/24

Site2

10.0.2.0/24

10.0.0.0/16

10.2.0.0/16

Scenario: Provision new cloud capacity using template and add to corporate SD-WAN

1. Provision the new Cloud node2. Configure remote router

a. Set Hostname, DNS, Banners, etc.b. Harden routerc. Configure Interfacesd. Backup

3. Add remote router to VPNa. Checkpoint Stateb. Create IPSEC VPNc. Configure BGPd. Check connectivitye. Rollback on failure

MULTI-SITE/CLOUD EXAMPLE

Public Internet

host110.1.2.10

10.1.2.0/24

Site1

10.1.0.0/16

https://github.com/network-automation/an-cloud-builder

HYBRID STORAGE: FROM SILOS

HYBRID STORAGE: TO COMMON DATA SETS

Offers both

● Data Locality● Geo Replication

SAME STORAGE EXPERIENCE

Container-native Storage

EBS gp2

EBS gp2

EBS st1

EBS io1

vs.EBS sc1

STORAGE CAPACITY CONSOLIDATION

SIMPLIFY CONTAINER AVAILABILITY

AVAILABILITYZONE A

AVAILABILITYZONE B

AVAILABILITYZONE C

Node Node Node Node Node Node

GLOBAL STORAGE NAMESPACE

#4: OpenShift everywhere

External DNSRoute 53 (R53)

ProvisioningCloudFormations

AWS INTEGRATION POINTS

AWS Logging, Metrics, etcLimited support…

Registry StorageSimple Storage Service (S3)

VM Storage and persistent container storageElastic Block Storage (EBS), S3

Master LB and App LBElastic Load Balancer (ELB)

OpenShift Virtual Machines10x EC2 in the RA

AuthenticationNo native provider

Ext ServicesService BrokerCheckout the summit demo!

Azure DNSExternal DNS

AZURE INTEGRATION POINTS

Azure Logging, Metrics, etc

Azure Active DirectoryUser Authentication

Azure Storage AccountVM storage, registry and persistant Container Storage

Azure Load BalancerIngress Traffic

Azure Virtual Machines(10x in the Reference Architecture

Registry storageNo native provider (use VHDs)

Ext ServicesService Broker

GCP INTEGRATION POINTS

External DNSGoogle DNS

ProvisioningDeployment Manager

GCP Logging, Metrics, etcLimited support…

Registry StorageGoogle Virtual Disks

VM Storage and persistent container storageGoogle volumes and virtual disks

Master LB and App LBCloud Load Balancer

OpenShift Virtual MachinesGoogle Virtual Machines

AuthenticationNo native provider

Ext ServicesService Broker

OPENSTACK INTEGRATIONNative networking and storage plugins

ANSIBLE

NETWORKING IN THE PRIVATE CLOUDIMPROVE PERFORMANCE ON OPENSTACK AVOIDING DOUBLE ENCAPSULATION

VXLAN 1 - Tenant X VXLAN 2 - Tenant OCP

VM Tenant X VM - OCP Node

VXLAN 8 - Pod 1 VXLAN 9 - Pod 2

Pod 1 Containers

Pod 2 Containers

VXLAN 1 - Tenant X

VM Tenant X VM - OCP Node

VXLAN 3 - Pod 1 VXLAN 4 - Pod 2

Pod 1 Containers

Pod 2 Containers

OpenStack Kuryr

Any other cloud

BEFORE NOW

STORAGE IN THE PRIVATE CLOUDSAVE TIME BY HAVING OPENSTACK MANAGE YOUR CONTAINER’S STORAGE NEEDS

OPENSHIFT SER(ICE CATALOG

OpenShiftAnsibleBroker

OpenShiftTemplateBroker

AWSServiceBroker

IaaSServiceBrokers

ANSIBLE

OPENSHIFT

AMAZON WEB SERVICES

CLOUDFORMS SERVICES

Ansible Playbook Bundles

OpenShiftTemplates

PublicCloudServices

IaaSServices

SERVICE BROKER

SER(ICE BROKERS

Expose and Provision Services

Ansible Playbook Bundle (APB) for AWSWhen an OpenShift user requests an AWS service, an APB container runs to complete the task

Start with us

GLOBAL SERVICES ARE HERE TO HELP!

Identify potential technologies and

solutions

Identify business drivers, use cases, and

challenges

Create an action plan to address opportunities

START WITH DISCOVERY SESSIONHYBRID CLOUDINFRASTRUCTURE

CLOUD MIGRATION »

CONTAINER ADOPTION PROGRAM »

NFV ADOPTION »

OPEN MANAGEMENT FOR VIRTUALIZATION »

STORAGE »

CLOUD ADOPTION WITH RED HATMove from traditional to cloud in 3 steps

DISCOVERReview and capture:

Infrastructure requirements

Processes

Workload/apps

Environment details

Develop a cloud migration strategy that is right for your business.

DESIGNIdentify target architecture:

Level of effort

Timelines

Organizational adoption

Critical and suitable apps

Build your implementation roadmap.

DEPLOYDeploy your environment(s):

Develop

Test

Deploy

Automated migration

Implementing cloud management and training and mentoring for IT staff.

www.redhat.com/en/resources/

hybrid-cloud-strategy-for-dummies-ebook

KEY TAKEAWAYS

1. Hybrid Cloud means Containers everywhere

2. Manage every cloud with Cloudforms

3. Standardize on Ansible for Cloud Automation

4. Interconnect Data Silos

5. OpenShift on OpenStack works great

THANK YOUplus.google.com/+RedHat

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHat