Manufacturing Polkadot Warplanes
A presentation at Red Hat Partner Offsite in in Vienna, VA 22180, USA by Shawn Wells
Manufacturing Polkadot Warplanes Shawn Wells | shawn@redhat.com
http://www.npr.org/2011/09/07/140256967/shipping-container-inventor-transformed-world-trade
IaaS PaaS SaaS APPLICATION APPLICATION PLATFORM (JBOSS, PHP, RUBY, ETC) OPERATING SYSTEM (RHEL) VIRTUALIZATION (RHEV) HARDWARE (x86) STORAGE (RHS) Managed and Controlled by Customer Provider Managed Increased Control Increased Automation
IaaS PaaS SaaS APPLICATION APPLICATION PLATFORM (JBOSS, PHP, RUBY, ETC) OPERATING SYSTEM (RHEL) VIRTUALIZATION (RHEV) HARDWARE (x86) STORAGE (RHS) Managed and Controlled by Customer Provider Managed Increased Control Increased Automation
IaaS PaaS SaaS APPLICATION APPLICATION PLATFORM (JBOSS, PHP, RUBY, ETC) OPERATING SYSTEM (RHEL) VIRTUALIZATION (RHEV) HARDWARE (x86) STORAGE (RHS) Managed and Controlled by Customer Provider Managed Increased Control Increased Automation
CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… Virtualized With PaaS
CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… Virtualized How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Have Idea Get Budget Submit VM Request request Wait Deploy framework/appserver Deploy testing tools Code Test Configure Prod VMs Push to Prod Launch Request More Prod VMs to meet demand Wait Deploy app to new VMs Etc. With PaaS
CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… With PaaS Virtualized How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Have Idea Get Budget Submit VM Request request Wait Deploy framework/appserver Deploy testing tools Code Test Configure Prod VMs Push to Prod Launch Request More Prod VMs to meet demand Wait Deploy app to new VMs Etc. How to Build an App: 1. 2. 3. 4. 5. 6. Have Idea Get Budget Code Test Launch Automatically Scale
12 10 8 MANUFACTURING FOUNDATIONS (for IaaS) Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES
RED HAT INVOLVEMENT - Be to OpenStack what Red Hat is to Linux - Create Enterprise Distribution * Supportability * Stability * Enterprise Features (e.g. security, performance) * Certified Ecosystem * Lifecycle
OPENSTACK RELEASE CADENCE - Upstream * Source code only * Releases every 6 months * No bugfixes / snapshots after next release - RDO (e.g. “Fedora” of OpenStack) * Follows upstream cadence * Delivers binaries
OPENSTACK RELEASE CADENCE - Red Hat OpenStack * Initially 1 year lifecycle (e.g. support for Folsum ends after Grizzly) * Will increase lifecycle over time (likely to move to 2 years) * Ecosystem of Support * Government Ready
12 SOLUTION ENABLEMENT: CORNERSTONE 10 8 Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4
CORNERSTONE Open, unified, and extensible scale-out object storage solution for on-premise, virtualized and cloud environments Which includes Pervasive, flexible encryption with an innovative approach to unified symmetrical key management
CORNERSTONE
CORNERSTONE
PANDORA RADIO
DESIGN CONSIDERATIONS - Consistent, global information accessibility through REST API - Consistent access through high and low-latency networks - Cost effectiveness and scalability for big data growth - Open system, empowering developers
DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP -
DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP - Data retains encryption across backup and disaster recovery -
DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP - Data retains encryption across backup and disaster recovery - Encrypted files do not require significant additional space; storage requirements change non perceptibly
DESIGN CONSIDERATIONS ADMINISTRATION - Role Based Access Control (RBAC), augmented with Mandatory (MAC) and discretionary (DAC) granularity - Real-time modification to access control policies, to include time limits, number of accesses, etc - All operations, including key access, are audited
DESIGN CONSIDERATIONS END-USER - De-identify sources & methods: Expand data encryption options to protecting relationships - Anonymize Datasets: Replace sensitive portions of data records with cryptographic pseudonyms - Protect and control access to multiple data sources from a query device (e.g. remote wireless tablet vs physical desk at DIA)
SECURITY - FIPS VALIDATION
- Federal Information Processing Standard 140-2
- COMMON CRITERIA CERTIFIED FOUNDATIONS * Operating System: EAL4+, CAPP/RBAC/LSPP * Crypto: EAL2+
- MULTIPLE ALGORITHM SUPPORT
- AES (256 bits, 196 bits, 128 bits) * TripleDES (168) * SHA-2 hash functions (SHA-224, -256, -384, -512) * ECC and RSA TLS protocols
HDFS vs CORNERSTONE
12 10 8 MANUFACTURING FOUNDATIONS (for PaaS) Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4
PaaS = Platform as a Service Code Deploy Run
OPENSHIFT STRATEGY Public Cloud Service
OPENSHIFT STRATEGY Public Cloud Service Onpremise or Private Cloud Software
OPENSHIFT STRATEGY Open Source Project Public Cloud Service origin Onpremise or Private Cloud Software
WEB CONSOLE
CLI? OF COURSE Create Apps rhc app create -a javasample -t jbossas-7 Add MongoDB rhc app cartridge add -a javasample –c mongodb-2.0 Add add EAR file to your deployments directory cd javasample cp /path/to/ear/earfilename.ear ./deployments Add the EAR file to git git add ./deployments/earfilename.ear Push your code git push Done
ECLIPSE, TOO.
HOW IT WORKS
YES, WE STILL HAVE INFRASTRUCTURE AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal
RHEL IS THE FOUNDATION OpenShift is Built on Instances of Red Hat Enterprise Linux (RHEL) RHEL RHEL RHEL RHEL AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal
RHEL GIVES US MULTI-TENANCY SELinux Policies securely subdivide the Node instances. RHEL RHEL RHEL AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal
RHEL GIVES US MULTI-TENANCY JBoss CARTRIDGES are how SELinux Policies securely subdivide OpenShift installs the Node MySQL instances. Languages & Middleware RHEL Broker Node RHEL RHEL Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal
CARTRIDGES
EVERYTHING DEVELOPERS ALREADY USE
YES, YOU CAN BUILD YOUR OWN Java CARTRIDGES are how SELinux Policies securely subdivide OpenShift installs Postgres theEtc. Node CUSTOM MySQL instances. Languages & Middleware MySQL PHP JBoss Python Ruby Etc. RHEL Broker OpenShift Default Cartridges Node Developers can add custom RHEL RHEL language, data-store, or middleware with with a custom Node Cartridge. Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal
Established New
Slides from the afternoon session at the May 2013 Red Hat Partner offsite.
