5. 개발자의 속도와 운영상의 안정성을 모두 만족하는 플랫폼
운 영 자 의 안 정 성
● AZ, VM 에 서 App까 지 모 든 레 이 어 의
실 패 에 대 비
● 플 랫 폼 의 무 중 단 업 데 이 트
● 플 랫 폼 CI/CD 파 이 프 라 인
● Platform as Product
● 모 니 터 링
● 멀 티 클 라 우 드
보 안 관 리 자 의 보 안
● CVE 48시 간 내 업 데 이 트
● Repair, Repave, Rotate
● 다 운 타 임 없 는 보 안 패 치
● Credential 관 리 및 Rotate
● 컨 테 이 너 보 안
개 발 자 의 속 도
● 빌 드 팩 기 반 의 컨 테 이 너 배 포
● 무 중 단 /자 동 화 배 포 (A/B, Blue/Green,
Canary)
● M SA 컴 포 넌 트 지 원 (Circuit Breaker,
Broker, Registry, GW )
● 실 시 간 로 그 /모 니 터 링
● 무 중 단 스 케 일 업 , 스 케 일 아 웃
● 오 토 스 케 일 링
● Native W indows + .NET 지 원
● 모 놀 리 틱 구 조 의 분 해 와 마 이 크 로
서 비 스 화 (App tx)
● Spring Boot 의 지 원
Agile Platform
6. The platform can deliver on all of these outcomes as efficiently on day 1000 as it does on day 1.
Operators can serve
thousands of devs
within tight budget
constraints.
Operators have choice
around which cloud to
run on.
Developers reduce
waste through small
batch delivery and fast
feedback.
Operators can trust a
secure-by-default
platform that solves
their security needs
without introducing toil.
Developers experience
the safety to
experiment and iterate
rapidly..
Operators can provide
a platform that meets
their scale needs.
Developers can ramp
productivity linearly
with personnel.
Developers can run
applications that handle
large-scale loads.
Operators can reason
about the stability of
the platform and
provide well-
understood SLOs.
Developers can rely on
the platform to allow
them to deliver
outcomes with low
volatility.
Operators can
efficiently manage the
platform and onboard
new teams.
Developers can iterate
on delivering consumer
value rapidly.
성공 척도 – 지속 가능한 5S
Speed Stability Scalability Security Savings
Sustained
7. Embedded OS
(W in d o w s & L in u x )
NSX-T
CPI (15 methods)
v1
v2
v3 ...
CVEs
ProductUpdates
Pivotal Application
Service(PAS)
Pivotal Container
Service(PKS)
v S p h e r e
A z u r e &
A z u r e S ta c kG o o g le C lo u dA W SO p e n s ta c k
Pivotal
Network
“3Rs”
Github
C o n c o u r s e
C o n c o u r s e
Pivotal Services
Marketplace
Pivotal and
PartnerProducts
Continuous
delivery
PublicCloudServices
Customer
Managed
Services
OpenServiceBrokerAPI
Repair— C V E s
Repave Rotate— C r e d h u b
Pivotal Cloud Foundry
PCF Ops Manager(플랫폼 관리도구)
Cloud-native app,
(Dependency 약함)
…
COTS app
(Dependency 강함)
Managed
Service
11. IaaS Paving
● Automation of IaaS paving for PAS
● We now publish Terraform templates + instructions
for using them for each IaaS
○ New in PCF 2.2: vSphere + NSX-T! [docs
forthcoming]
○ Current templates: AWS, GCP, Azure
● Customers can prepare the load balancers, networks
and databases needed by PAS in a way that is
reproducible, automatable, accurate and extensible.
● This working example supports our efforts to
transform IT Operations through the application of
SRE principles.
Scalability
12. Release Target: June 2018
PCF Operations
Manager 2.2
Scalability
OM now supports Azure Stack [blog]
13. PCF Operations
Manager 2.2
Speed
● Operators can specify a single set of tags to apply to
all VMs, including the Director VM
○ More easily identify PCF-related IaaS
resources
● When operators specify tags for identifying PCF-
related IaaS resources, those tag should be applied
to all disks (in addition to VMs)
14. PCF Operations
Manager 2.2
Stability
● Ops Manager supports multiple
regions/datacenters/tenants for vSphere
○ Add multiple vCenter configs & map those
configs to specific AZs. At that point, an AZ
becomes an abstraction for a given tile so a
single PAS (i.e. foundation) can use two AZs in
different locations.
○ Note that latency guarantees are operator’s
responsibility.
● Operator should be able to access all past deployed
manifests after upgrade
20. PCF Operations
Manager 2.2
Stability
Speed
● Operators can selectively deploy tiles
○ Operators can deploy individual tiles and opt
out of deploying “the whole world”
○ More control over the impact of a given “Apply
Changes” command
○ Protections are in place to safeguard against
incompatibility and other possible issues
24. 플랫폼 데이터 보안개선 CredHub는 플랫폼 및 어플리케이션
크리덴셜을 중앙 관리
● 크리덴셜은클라우드에서신뢰할수있는
기반
● CredHub의목적: 크리덴셜에대한
전반적인관리(생성, 접근제어, 분배, 회전,
로깅)
● 암호, 인증서, ssh 키, RSA 키, 임의의
값(문자열및JSON blob) 관리
● 모든크리덴셜은회전(rotate)되는키로
암호화됨(OSS에서HSM 지원, 곧
PCF로도제공됨)
Hardware Security Modules (HSMs)
25. PCF Operations
Manager 2.2
Security
● BOSH deployment manifests generated by Ops
Manager do not contain sensitive credentials
(except for the Director's own deployment manifest)
● A OM Director may connect to a remote database
via TLS (using a custom CA to trust)
● A OM Director and all agents may communicate to a
blobstore via TLS
● /credentials endpoints include secrets listed
under selectors and collections
28. PCF HealthWatch 1.3
Stability
● Syslog Drain Available for Tile VM BOSH Logs.
● Configure what app the Canary Health Check pings.
● UI/UX Improvements to Side Navigation & Page
Orientation.
29. PCF Healthwatch 1.3
Configure what app the Canary Health
Check pings
Out-of-the-box config still pings Apps Manager, but
Customers can now point this Service Level Indicator
test at another PCF app they believe is a better canary
for them.
35. Circuit Breaker
Dashboard for PCF
마 이 크 로 서 비 스 나
애 플 리 케 이 션 내 부 의
회 로 차 단 기 에 서 Turbine
상 태 및
메 트 릭 데 이 터 스 트 림 을
시 각 화
Service Registry for
PCF
NetflixOSS Eureka Service
Discovery 패 턴 의 구 현 을
서 비 스 로 제 공
Config Server for PCF
전 환 경 에 걸 쳐
애 플 리 케 이 션 의
외 부 프 로 퍼 티 를
관 리 하 는
동 적 중 앙 설 정 서 비 스
제 공
마이크로서비스를 위한 기반 서비스를 플랫폼에서 관리형으로 제공 PAS
38. PCF Metrics 1.5
App Metrics and Events Monitors and Alerting
● Create and manage app monitors:
○ for standard gauge metrics, including CPU, disk, memory,
average request latency, requests per minute, request
errors per minute
○ for spring boot app metrics, including JVM and HTTP route
metrics
○ for app events, including app starts, stops, updates,
crashes, stage fail, and SSH
● Define Warn and Critical alerting thresholds
● Webhook support for alerting
● All this, and more, available on PWS now
Speed
Stability
42. Log Cache
A new API that allows both
operators and app developers to
explore and create automation
using a simple restful interface.
Stability
Scalability
Powerful New Restful Interface
● Integrate via a pull model rather than receiving a
stream
● Install the log-cache cli to get new commands
○ cf-tail - supports both logs and metrics, and most
unix tail flags
○ Log-meta - inspect what logs and metrics you
have access to (works for both app devs +
Operators)
● Simple restful / JSON interface is easy to integrate with
● Restful API’s allow for more complete view by app
developers
○ App developers can now see service instance
metrics from supported services
44. PCF App
Autoscaler
Scalability
Stability
New Autoscaling Rule Types: Custom & Compare Rules
● Autoscaler now consumes Log Cache, allowing users to
create scaling rules on any metrics emitted by an app
● Available via CLI / API only for PCF 2.2.0
46. PCF App
Autoscaler
Speed
New Autoscaler UI in Apps Manager
● Fully-integrated Autoscaler UI in AppsMan for seamless user
experience
● Consumes the new v2 Autoscaler API that was released in
PCF 2.1, allowing for deprecation of outdated v1 Autoscaler
API
47. Service Discovery
Container
Networking
Speed
Security
Savings
Polyglot Service Discovery for Container Networking
[cf.org blog]
● Application Developers who want to use C2C have DNS-
based service discovery built into the platform
● Operators can opt-in to enable this feature on the PAS tile
(it is not enabled by default in 2.2)
● A new shared domain called apps.internal is created when
the feature is enabled
● App developers can configure internal routes using create-
route and map-route with the apps.internal domain
● Container networking policy is still required to enable
communication between apps
● Reduce F5 license costs, because you don’t go through the
router
53. Dotnet framework 지원 개선
- Container to container
networking 지원
MS와 공동으로 새로운
native container기술
개발로 기존 IronFrame
Library의 virtual
container한계 극복
- cf ssh지원
windows 2012의
파일시스템의 한계 극복
- Volume service지원
SMB volume
57. Spring Cloud
Services 2.0
● Spring Cloud Finchley and Spring Boot 2 support
○ Service Instance backing applications
○ Service Broker
○ Spring Cloud Services Connectors for client
applications
● Custom Domain configuration support
● Target deployment to PCF 2.0+
Speed
58. MySQL 2.3 for PCF
Security
Speed
● All service instance network traffic is encrypted via TLS
● Synchronous replication between leader and follower
● Secure storage of service instance binding credentials in
Credhub
● Faster upgrades of the MySQL tile with parallel service
instance upgrades
● Developers can specify a custom charset & collation when
creating/updating a service instance [docs]
● Developers now have permissions in their service
instances, such as the ability to create multiple schemas
59. Release Target: June 2018
Pivotal Cloud
Cache v1.4 for PCF
Speed
Stability
● Support for more than one WAN connected cluster
● Create memory usage statistics
● Operator can make safer, more informed decisions on
VM and disk types
● Compatible with PAS 2.1 (PCC v1.5, late June release will
be compatible with PAS 2.2)