cloud foundry summit frankfurt 2016 isolation segments

Update on Cloud Foundry Isolation Segments

(formerly Elastic Clusters)Dieu Cao, Pivotal Software

27 September 2016

LBGoRouter

Cloud ControllerBBSCells

Logging

LBGoRouter


Logging

LBGoRouter


Logging

api.a.example.com

Start with 1 Cloud Foundry

LBGoRouter


Logging

api.a.example.com

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

api.b.example.com

api.c.example.com api.d.example.com

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

LBGoRoute

rFull CF

Operational Concerns

• Keeping roles/permissions in sync across each deployment

• VM costs • Deployment complexity • Maintenance costs

Can we reduce the overhead?

• Shared cf management tier okay? • Yes

• Low latency between cf deployments? • Yes

What’s an Isolation Segment?

• Isolation Segment • a group of Cloud Foundry

resources (compute, network, and/or logging) to which applications can be directed for deployment.

What’s in a name?

• Placement Pools • Isolation Groups • Elastic Clusters • Isolation Segments!

LBGoRouter


Logging

api.a.example.com

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

api.b.example.com

api.c.example.com api.d.example.com

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter


Logging

Compute LBGoRouter


Logging

LBGoRouter

CellsLogging

RedIsolation Segment

LBGoRouter

Cells

BlueIsolation Segment

Cells

GreenIsolation Segment

LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter

CellsLogging

Cells

LBGoRouter

CellsCells

api.a.example.com

CellsCells

Possible UX - Milestone 1

• As a cloud controller admin: cf create-isolation-segment blue cf bind-isolation-segment blue

-o MyOrg -s development • As a space developer:

cf push

Possible UX - Milestone 3

• As a cloud controller admin: cf create-isolation-segment blue cf associate-isolation-segment blue

-o MyOrg cf associate-isolation-segment green

-o MyOrg • As an org manager:

cf bind-isolation-segment blue -s development • As a space developer:

cf push

Routing & Compute

LBGoRouter


Logging

LBGoRouter

CellsLogging


LBGoRouter

Cells


Cells


LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter

CellsLogging

LBGoRouter

Cells

LBGoRouter

CellsLB

GoRouterCells

api.a.example.com

CellsCells

Routing, Compute, & Logging

LBGoRouter


Logging

LBGoRouter

CellsLogging


LBGoRouter

Cells


Cells


LBGoRouter


Logging

LBGoRouter


Logging

LBGoRouter

CellsLogging

LBGoRouter

CellsLogging

LBGoRouter

CellsLB

GoRouterCells

api.a.example.com

CellsCells

Trust between components

• The management plane authenticates/authorizes components in a segment for particular workloads

Current progress

• Proposal for Isolation Segments • Your feedback needed! • https://goo.gl/1Tnpdz

• Milestone 1, before end of the year!

• Additional proposals coming • Routing & Domains • Logging • Trust between components

Questions?

Thank you. [email protected] · @dieu, in CF OSS Slack

cloud foundry summit frankfurt 2016 isolation segments

Technology