Next gen software operations models in the cloud

VSHN - The DevOps Company
Glenﬁs Cloud Talk
NEXT GEN Betriebsmodelle
Aarno Aukia, CTO @ VSHN - The DevOps Company
Zürich, 20.11.2019

@aarnoaukia http://about.me/aarno aarno.aukia@vshn.ch
ETH → Google → Atrila → VSHN
Since 2014, currently 42 VSHNeers in Zürich, Switzerland
Helping Developers run applications on any infrastructure making both visitors
happy with stability and developers happy with agility
22
About Aarno & VSHN.ch

VSHN - The DevOps Company 3
OPS = Fireﬁghting-as-a-Service ?
3

Capability Maturity Model Integration (CMMI)
44
Operations
2014
How to get to
this level?

DevOps: CMMI Level 5:
People, Processes & Tools
55

● CMMI Level 5
● Why?
● Challenges for traditional IT-organizations
● DevOps / DevSecOps
● Software-Container (Docker), Container-orchestration (Kubernetes)
● Cloud Native Computing
● Cloud Migration
● IT Governance: traditional vs. cloud native
Agenda

● Self-service on usage demand, no back and forth with the provider
● Accessing services using standard protocols (e.g. over the internet)
● Resource scaling within a large pool, provisioning of resources anytime and
in any quantity (SLA)
● Billing according to transparent KPI, based on usage & time (e.g. hours of
computing resources, number of users per month, etc)
● management/ordering/scaling of the services using API
○ enables automation
○ enables ready-to-use integrations with other services
1010
Capability Maturity in the cloud

● Self-service provisioning
○ IaaS: VM, storage, network
○ PaaS: Application Runtime/container
○ DBaaS: DB instance
○ SaaS: Application
● Automatable -> API
● Usage based billing -> incentive for
just-in-time provisioning
1111
CMMI Level 5 services
Infrastructure
IaaS
Platform
PaaS
Application
SaaS

● Highly standardized, highly automated -> economies of scale
○ Eﬃciency, focus and expert knowledge of the provider
○ Lots of pre-integrated services -> low barrier for adoption
○ Large number of new innovative services available
● (low CAPEX), less over-provisioning for many years in advance
● Billing: agility, elasticity, focus on Business-KPI (e.g. number of users for
SaaS)
● Cost of personnel, training, opportunity cost, redundancy (24/7)
○ Is providing commodity services a core-competency of your company?
Why cloud services?

● Transformation from (internal) infrastructure to service provider
○ Procurement instead of production of standard services
● Combining and enriching services with IT governance
○ Security: authentication, logging, network-access to other services
○ Controlling: procurement, billing, budgeting, cost control
● Automation and self-service
○ Optimizing time-to-market: provide agility and proactivity to internal stakeholders
1313
Challenges for traditional IT

Collaboration between Software Development (Dev) and IT-Operations (Ops)
● Automate as much as possible (“Infrastructure as code”)
● use standard services (layers of abstractions with clear API) to abstract
complexity
● Cost eﬃcient and lean way of working
● Agility: ability to react to new/changing requirements
● One team with a common goal: ship stable features
● Continuous improvement
●
1414
DevOps

DevOps + Security Engineering = DevSecOps
1515

● “Docker”
○ Kernel-based process isolation based on lxc/libcontainer/runc (CNCF open standard)
○ Open Source Tools for container image creation and management (“Docker CE”)
○ Company based in San Francisco (“Docker inc”)
○ Enterprise software product (“Docker EE”)
○ Online portal for public docker containers (“Dockerhub” hub.docker.com)
● “Dockerﬁle”
○ Text ﬁle containing all the instructions to build and assemble the application into a container
including application code, appserver, plugins, modules, libraries down to libc
○ Goal: document & automate the build process
○ Usually in the application GIT repository
○ References a base image to incrementally add the application to
2121
Container technology: Docker

● Use declarative formats for setup automation
● Have a clean, portable contract with the underlying operating system
● Are suitable for deployment on modern cloud platforms, obviating the need
for servers and systems administration;
● Minimize divergence between development and production, enabling
continuous deployment for maximum agility;
● And can scale up without signiﬁcant changes to tooling, architecture, or
development practices.
2222
12 Factor App Patterns: https://12factor.net/

From container
to production?
2323

● How many container instances should be running per service?
● On which IP/port/server are they running on?
● Service discovery
● What happens if a container/server goes away?
● scaling, load balancing, rolling deployments, persistent storage, networking
2424
Container orchestration: Kubernetes

Docker
Kubernetes
3131
Layers of abstraction
Hardware Infrastructure
Operating System
Service discovery & Load
balancing
Application Server
Application
Cloud/Onprem

● Free & open standard
● Adopted by all major vendors (Google, AWS, MS, Redhat, Suse, IBM, etc)
● available as managed service both on-premises and (private) cloud based
● Provides integration in infrastructure (compute, storage, networking)
● Provides optional integration in plattform (e.g. DBaaS, S3) services
● Infrastructure as code, automation, tools for DevOps processes
● Large ecosystem of auxiliary tooling & integration available
● Is being adopted as standard runtime by ISVs (Avaloq, Finnova, Abacus,
Adcubum, Ergon, etc)
3232
Beneﬁts of Kubernetes as abstraction

VSHN - The DevOps Company 3333
Global reach through
standardization & Automation

● platform technology based on open standards and open source software
implementations
● Abstraction layer on infrastructure
● Cloud Native Computing Foundation (CNCF)
○ Daughter-foundation of the Linux Foundation
● Projects: Kubernetes and many more
3434
Cloud Native Computing

The CNCF Landscape
3535

Cloud Migration

● “Full Stack Audit”
● Review design document
● Every layer was custom built
○ physical hardware
○ handcrafted servers
○ manual application deployment
● Review each layer
● Review each layer again next year...
3737
Traditional IT governance

● Standardized components
○ already audited, some even externally certified
○ re-used, economies of scale, CMMI level 5
○ tech controls (AAI, RBAC, logs/SIEM) implemented once
○ financial controls implemented once
● Infrastructure: private/public cloud
● Ops: Container orchestration platform
● Review design document & platform
configuration
3838
Cloud native IT governance

● prevent conﬁguration drift
○ immutable (application) infrastructure using containers
○ deploy dev/test/stage/prod envs from CI/CD
● prevent manual errors
○ validate conﬁguration in CI/CD before deployment
○ standardization on (minimal, hardened) OS and container orchestrator
○ deployment automation removes need for (most) root prod access
● security by default
○ image scanning, dependency vulnerability management
○ process/storage/network separation of applications/environments
○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF)
○ AAI for admin & application, audit trail logging of CI/CD, control & application planes
○ key & secrets management
● 3939
IT governance controls in container platforms

● compute resources billable by project
● self-service-onboarding possible
● autoscaling, scale-down dev envs outside office hours
● vendor procurement/due diligence/certification management
● SLA, 24x7, service process, escalation management clearly defined
4040
IT governance financial/compliance controlling

Come visit us for a coﬀee!
VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch
https://vshn.ch/kontakt/
Follow us on Twitter!
@vshn_ch
41

Next gen software operations models in the cloud

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Next gen software operations models in the cloud

Semelhante a Next gen software operations models in the cloud (20)

Mais de Aarno Aukia

Mais de Aarno Aukia (20)

Último

Último (20)

Next gen software operations models in the cloud