Manufacturing Polkadot Warplanes

Manufacturing Polkadot Warplanes Shawn Wells | shawn@redhat.com

http://www.npr.org/2011/09/07/140256967/shipping-container-inventor-transformed-world-trade

IaaS PaaS SaaS APPLICATION APPLICATION PLATFORM (JBOSS, PHP, RUBY, ETC) OPERATING SYSTEM (RHEL) VIRTUALIZATION (RHEV) HARDWARE (x86) STORAGE (RHS) Managed and Controlled by Customer Provider Managed Increased Control Increased Automation

CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… Virtualized With PaaS

CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… Virtualized How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Have Idea Get Budget Submit VM Request request Wait Deploy framework/appserver Deploy testing tools Code Test Configure Prod VMs Push to Prod Launch Request More Prod VMs to meet demand Wait Deploy app to new VMs Etc. With PaaS

CRAFTWORK → MASS PRODUCTION Physical How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. Have Idea Get Budget Submit hardware acquisition request Wait Get Hardware Rack and Stack Hardware Install Operating System Install Operating System Patches/Fix-Packs Create user Accounts Deploy framework/appserver Deploy testing tools Code Test Configure Prod servers (and buy them if needed) Push to Prod Launch Order more servers to meet demand Wait… With PaaS Virtualized How to Build an App: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Have Idea Get Budget Submit VM Request request Wait Deploy framework/appserver Deploy testing tools Code Test Configure Prod VMs Push to Prod Launch Request More Prod VMs to meet demand Wait Deploy app to new VMs Etc. How to Build an App: 1. 2. 3. 4. 5. 6. Have Idea Get Budget Code Test Launch Automatically Scale

12 10 8 MANUFACTURING FOUNDATIONS (for IaaS) Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4

RED HAT OPENSTACK - MODULAR ARCHITECTURE - DESIGNED TO SCALE OUT - BASED ON (GROWING) SET OF CORE SERVICES

RED HAT INVOLVEMENT - Be to OpenStack what Red Hat is to Linux - Create Enterprise Distribution * Supportability * Stability * Enterprise Features (e.g. security, performance) * Certified Ecosystem * Lifecycle

OPENSTACK RELEASE CADENCE - Upstream * Source code only * Releases every 6 months * No bugfixes / snapshots after next release - RDO (e.g. “Fedora” of OpenStack) * Follows upstream cadence * Delivers binaries

OPENSTACK RELEASE CADENCE - Red Hat OpenStack * Initially 1 year lifecycle (e.g. support for Folsum ends after Grizzly) * Will increase lifecycle over time (likely to move to 2 years) * Ecosystem of Support * Government Ready

12 SOLUTION ENABLEMENT: CORNERSTONE 10 8 Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4

CORNERSTONE Open, unified, and extensible scale-out object storage solution for on-premise, virtualized and cloud environments Which includes Pervasive, flexible encryption with an innovative approach to unified symmetrical key management

CORNERSTONE

PANDORA RADIO

DESIGN CONSIDERATIONS - Consistent, global information accessibility through REST API - Consistent access through high and low-latency networks - Cost effectiveness and scalability for big data growth - Open system, empowering developers

DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP -

DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP - Data retains encryption across backup and disaster recovery -

DESIGN CONSIDERATIONS INFRASTRUCTURE - Integration with PKI (NSA CASPORT), Active Directory, LDAP - Data retains encryption across backup and disaster recovery - Encrypted files do not require significant additional space; storage requirements change non perceptibly

DESIGN CONSIDERATIONS ADMINISTRATION - Role Based Access Control (RBAC), augmented with Mandatory (MAC) and discretionary (DAC) granularity - Real-time modification to access control policies, to include time limits, number of accesses, etc - All operations, including key access, are audited

DESIGN CONSIDERATIONS END-USER - De-identify sources & methods: Expand data encryption options to protecting relationships - Anonymize Datasets: Replace sensitive portions of data records with cryptographic pseudonyms - Protect and control access to multiple data sources from a query device (e.g. remote wireless tablet vs physical desk at DIA)

SECURITY - FIPS VALIDATION

Federal Information Processing Standard 140-2

COMMON CRITERIA CERTIFIED FOUNDATIONS * Operating System: EAL4+, CAPP/RBAC/LSPP * Crypto: EAL2+
MULTIPLE ALGORITHM SUPPORT

AES (256 bits, 196 bits, 128 bits) * TripleDES (168) * SHA-2 hash functions (SHA-224, -256, -384, -512) * ECC and RSA TLS protocols

HDFS vs CORNERSTONE

12 10 8 MANUFACTURING FOUNDATIONS (for PaaS) Column 1 Column 2 Column 3 6 4 2 0 Row 1 Row 2 Row 3 Row 4

PaaS = Platform as a Service Code Deploy Run

OPENSHIFT STRATEGY Public Cloud Service

OPENSHIFT STRATEGY Public Cloud Service Onpremise or Private Cloud Software

OPENSHIFT STRATEGY Open Source Project Public Cloud Service origin Onpremise or Private Cloud Software

WEB CONSOLE

CLI? OF COURSE Create Apps rhc app create -a javasample -t jbossas-7 Add MongoDB rhc app cartridge add -a javasample –c mongodb-2.0 Add add EAR file to your deployments directory cd javasample cp /path/to/ear/earfilename.ear ./deployments Add the EAR file to git git add ./deployments/earfilename.ear Push your code git push Done

ECLIPSE, TOO.

HOW IT WORKS

YES, WE STILL HAVE INFRASTRUCTURE AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

RHEL IS THE FOUNDATION OpenShift is Built on Instances of Red Hat Enterprise Linux (RHEL) RHEL RHEL RHEL RHEL AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

RHEL GIVES US MULTI-TENANCY SELinux Policies securely subdivide the Node instances. RHEL RHEL RHEL AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

RHEL GIVES US MULTI-TENANCY JBoss CARTRIDGES are how SELinux Policies securely subdivide OpenShift installs the Node MySQL instances. Languages & Middleware RHEL Broker Node RHEL RHEL Node Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

CARTRIDGES

EVERYTHING DEVELOPERS ALREADY USE

YES, YOU CAN BUILD YOUR OWN Java CARTRIDGES are how SELinux Policies securely subdivide OpenShift installs Postgres theEtc. Node CUSTOM MySQL instances. Languages & Middleware MySQL PHP JBoss Python Ruby Etc. RHEL Broker OpenShift Default Cartridges Node Developers can add custom RHEL RHEL language, data-store, or middleware with with a custom Node Cartridge. Node AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal

Established New

Manufacturing Polkadot Warplanes

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59