Manufacturing Polkadot Warplanes Shawn Wells | shawn@redhat.com

http://www.npr.org/2011/09/07/140256967/shipping-container-inventor-transformed-world-trade

IaaS PaaS SaaS APPLICATION APPLICATION PLATFORM (JBOSS, PHP, RUBY, ETC) OPERATING SYSTEM (RHEL) VIRTUALIZATION (RHEV) HARDWARE (x86) STORAGE (RHS) Managed and Controlled by Customer Provider Managed Increased Control Increased Automation

IaaS PaaS SaaS APPLICATION APPLICATION PLATFORM (JBOSS, PHP, RUBY, ETC) OPERATING SYSTEM (RHEL) VIRTUALIZATION (RHEV) HARDWARE (x86) STORAGE (RHS) Managed and Controlled by Customer Provider Managed Increased Control Increased Automation

IaaS PaaS SaaS APPLICATION APPLICATION PLATFORM (JBOSS, PHP, RUBY, ETC) OPERATING SYSTEM (RHEL) VIRTUALIZATION (RHEV) HARDWARE (x86) STORAGE (RHS) Managed and Controlled by Customer Provider Managed Increased Control Increased Automation

CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… Virtualized With PaaS

CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… Virtualized How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Have Idea Get Budget Submit VM Request request Wait Deploy framework/appserver Deploy testing tools Code Test Configure Prod VMs Push to Prod Launch Request More Prod VMs to meet demand Wait Deploy app to new VMs Etc. With PaaS

CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… With PaaS Virtualized How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Have Idea Get Budget Submit VM Request request Wait Deploy framework/appserver Deploy testing tools Code Test Configure Prod VMs Push to Prod Launch Request More Prod VMs to meet demand Wait Deploy app to new VMs Etc. How to Build an App: 1. 2. 3. 4. 5. 6. Have Idea Get Budget Code Test Launch Automatically Scale

12 10 8 MANUFACTURING FOUNDATIONS (for IaaS) Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT INVOLVEMENT - Be to OpenStack what Red Hat is to Linux - Create Enterprise Distribution * Supportability * Stability * Enterprise Features (e.g. security, performance) * Certified Ecosystem * Lifecycle

OPENSTACK RELEASE CADENCE - Upstream * Source code only * Releases every 6 months * No bugfixes / snapshots after next release - RDO (e.g. “Fedora” of OpenStack) * Follows upstream cadence * Delivers binaries

OPENSTACK RELEASE CADENCE - Red Hat OpenStack * Initially 1 year lifecycle (e.g. support for Folsum ends after Grizzly) * Will increase lifecycle over time (likely to move to 2 years) * Ecosystem of Support * Government Ready

12 SOLUTION ENABLEMENT: CORNERSTONE 10 8 Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4

CORNERSTONE Open, unified, and extensible scale-out object storage solution for on-premise, virtualized and cloud environments Which includes Pervasive, flexible encryption with an innovative approach to unified symmetrical key management

CORNERSTONE

CORNERSTONE

PANDORA RADIO

DESIGN CONSIDERATIONS - Consistent, global information accessibility through REST API - Consistent access through high and low-latency networks - Cost effectiveness and scalability for big data growth - Open system, empowering developers

DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP -

DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP - Data retains encryption across backup and disaster recovery -

DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP - Data retains encryption across backup and disaster recovery - Encrypted files do not require significant additional space; storage requirements change non perceptibly

DESIGN CONSIDERATIONS ADMINISTRATION - Role Based Access Control (RBAC), augmented with Mandatory (MAC) and discretionary (DAC) granularity - Real-time modification to access control policies, to include time limits, number of accesses, etc - All operations, including key access, are audited

DESIGN CONSIDERATIONS END-USER - De-identify sources & methods: Expand data encryption options to protecting relationships - Anonymize Datasets: Replace sensitive portions of data records with cryptographic pseudonyms - Protect and control access to multiple data sources from a query device (e.g. remote wireless tablet vs physical desk at DIA)

SECURITY - FIPS VALIDATION

  • Federal Information Processing Standard 140-2
  • COMMON CRITERIA CERTIFIED FOUNDATIONS * Operating System: EAL4+, CAPP/RBAC/LSPP * Crypto: EAL2+
  • MULTIPLE ALGORITHM SUPPORT
  • AES (256 bits, 196 bits, 128 bits) * TripleDES (168) * SHA-2 hash functions (SHA-224, -256, -384, -512) * ECC and RSA TLS protocols

HDFS vs CORNERSTONE

12 10 8 MANUFACTURING FOUNDATIONS (for PaaS) Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4

PaaS = Platform as a Service Code Deploy Run

OPENSHIFT STRATEGY Public Cloud Service

OPENSHIFT STRATEGY Public Cloud Service Onpremise or Private Cloud Software

OPENSHIFT STRATEGY Open Source Project Public Cloud Service origin Onpremise or Private Cloud Software

WEB CONSOLE

CLI? OF COURSE Create Apps rhc app create -a javasample -t jbossas-7 Add MongoDB rhc app cartridge add -a javasample –c mongodb-2.0 Add add EAR file to your deployments directory cd javasample cp /path/to/ear/earfilename.ear ./deployments Add the EAR file to git git add ./deployments/earfilename.ear Push your code git push Done

ECLIPSE, TOO.

HOW IT WORKS

YES, WE STILL HAVE INFRASTRUCTURE AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

RHEL IS THE FOUNDATION OpenShift is Built on Instances of Red Hat Enterprise Linux (RHEL) RHEL RHEL RHEL RHEL AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

RHEL GIVES US MULTI-TENANCY SELinux Policies securely subdivide the Node instances. RHEL RHEL RHEL AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

RHEL GIVES US MULTI-TENANCY JBoss CARTRIDGES are how SELinux Policies securely subdivide OpenShift installs the Node MySQL instances. Languages & Middleware RHEL Broker Node RHEL RHEL Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

CARTRIDGES

EVERYTHING DEVELOPERS ALREADY USE

YES, YOU CAN BUILD YOUR OWN Java CARTRIDGES are how SELinux Policies securely subdivide OpenShift installs Postgres theEtc. Node CUSTOM MySQL instances. Languages & Middleware MySQL PHP JBoss Python Ruby Etc. RHEL Broker OpenShift Default Cartridges Node Developers can add custom RHEL RHEL language, data-store, or middleware with with a custom Node Cartridge. Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

Established New