[PPT] - Immut able Infrastructure Rise of the Machine Images About Axel PowerPoint Presentation

SLIDE 1

Rise of the Machine Images

Immut able Infrastructure

@axelfontaine

SLIDE 2

About Axel Fontaine

Founder and CEO of Boxfuse
Over 15 years industry experience
Continuous Delivery expert
Regular speaker at tech conferences
JavaOne RockStar

@axelfontaine

SLIDE 3

flywaydb.org

SLIDE 4

boxfuse.com

SLIDE 5

about

questions

SLIDE 6

sometime in the 20th century …

SLIDE 7

SLIDE 8

http://en.wikipedia.org/wiki/File:Tdkc60cassette.jpg

SLIDE 9

SLIDE 10

+ =

ON PREM

+

Challenges

 Power  Network  Cooling  Phys. Security  Phys. Space  OS Install  OS Patching  App Install  App Updates  Procurement  Vendor Mgmt  Capacity Plan.  Financing

SLIDE 11

+ =

ON PREM

+

Challenges

 Power  Network  Cooling  Phys. Security  Phys. Space  OS Install  OS Patching  App Install  App Updates  Procurement  Vendor Mgmt  Capacity Plan.  Financing

SLIDE 12

SLIDE 13

+ =

ON PREM

+

Challenges

 Power  Network  Cooling  Phys. Security  Phys. Space  OS Install  OS Patching  App Install  App Updates  Procurement  Vendor Mgmt  Capacity Plan.  Financing Months Hours Days or Weeks

SLIDE 14

+ = +

Challenges

 Power  Network  Cooling  Phys. Security  Phys. Space  OS Install  OS Patching  App Install  App Updates  Procurement  Vendor Mgmt  Capacity Plan.  Financing Months Hours Days or Weeks

COLO

SLIDE 15

+ = +

Challenges

 OS Install  OS Patching  App Install  App Updates  Procurement  Vendor Mgmt  Capacity Plan.  Financing Hours Days or Weeks

ROOT SERVER

SLIDE 16

 OS Install  OS Patching  App Install  App Updates

Let’s talk about software

SLIDE 17

POLL: which level of automation are you at?

 Build  Unit Tests  Continuous Integration  Acceptance Tests  Continuous Deployment (Code)  Continuous Deployment (Code + DB + Configuration)  Infrastructure

SLIDE 18

Build Test

SLIDE 19

Build Test

SLIDE 20

One immutable unit
Regenerated after every change
Promoted from Environment to Environment

Classic Mis istake: Build per Environment

SLIDE 21

OS Kernel Libraries Language App Server App

SLIDE 22

OS Kernel Libraries Language App Server App

SLIDE 23

why aren’t we doing the same for the layers this is running on ???

SLIDE 24

SLIDE 25

OS Kernel Libraries Language App Server App

Build Test

SLIDE 26

OS Kernel Libraries Language App Server App

Build Test

App

SLIDE 27

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App

Any difference is a potential source of errors

SLIDE 28

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App

Updates Updates Updates

Sysadmin

SLIDE 29

If I had asked my customers what they wanted they would have said a faster horse.

Henry Ford

SLIDE 30

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App

Updates Updates Updates

Sysadmin

SLIDE 31

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App

Updates Updates Updates

Automated Sysadmin

SLIDE 32

fast forward to 2016 …

SLIDE 33

Every day, AWS adds enough server capacity to power the whole $7B enterprise Amazon.com was in 2004. Weekends included.

SLIDE 34

Shift to a world of abundance (no more resource scarcity)

SLIDE 35

"Advanced Test Reactor" by Argonne National Laboratory -

riginally posted to Flickr as Advanced Test Reactor core,

Idaho National LaboratoryUploaded using F2ComButton. Licensed under CC BY-SA 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Advanced_Test_Reac tor.jpg#mediaviewer/File:Advanced_Test_Reactor.jpg "RIAN archive 341194 Kursk Nuclear Power Plant" by RIA Novosti archive, image #341194 / Sergey Pyatakov / CC-BY-SA 3.0. Licensed under CC BY-SA 3.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:RIAN_archive_341194_ Kursk_Nuclear_Power_Plant.jpg#mediaviewer/File:RIAN_archi ve_341194_Kursk_Nuclear_Power_Plant.jpg

Control Plane Data Plane

SLIDE 36

Control Plane Data Plane

SLIDE 37

Automated Provisioning Cost-driven Architectures

SLIDE 38

it is time to rethink the faster horse

SLIDE 39

App OS Kernel Libraries Language App Server

Build Test

SLIDE 40

App OS Kernel Libraries Language App Server

Build Test

Undifferentiated Heavy lifting

SLIDE 41

App OS Kernel Libraries Language App Server

Build Test

SLIDE 42

App

Machine Image

OS Kernel Libraries Language App Server

Build Test

Machine Image

SLIDE 43

OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App OS Kernel Libraries Language App Server App

Machine Image Machine Image Machine Image

SLIDE 44

Machine Image Machine Image Machine Image

Updates

SLIDE 45

but there is one big problem left …

SLIDE 46

Machine Image

Network Cable

SLIDE 47

Machine Image

Network Cable

Multiple GB

SLIDE 48

Running servers in production should be like going backpacking. You take the bare minimum with you. Anything else is going to hurt.

A Wise Man

SLIDE 49

what is really adding business value ???

SLIDE 50

Machine Image

Network Cable

SLIDE 51

Editors Daemons OS Kernel Libraries Utilities Drivers App App Server Package Mgr Compilers SSH Firewall Compatibility Man Pages Language Log Files Users Shells

Machine Image

Network Cable

SLIDE 52

OS Kernel Libraries App App Server Language Bootable App

SLIDE 53

15 MB

SLIDE 54

Multiple GB

15 MB

SLIDE 55

Network Cable

Bootable App

SLIDE 56

who is this for ???

SLIDE 57

OS Kernel Libraries Language App Server App

12-factor app

SLIDE 58

demo

SLIDE 59

What are the implications ???

SLIDE 60

Focus shift Individual instances become disposable Instance Service

SLIDE 61

Treat servers like cattle instead of pets

SLIDE 62

for servers is dead!

SLIDE 63

high uptime is a liability

The longer an instance is up, the harder it becomes to recreate exactly (and it will fail eventually!)

SLIDE 64

How to solve service discovery ?

Use a stable entry point with an internal registry

?

Elastic Load Balancer

Instance Instance Instance

SLIDE 65

What about security ?

When was the last time your toaster got hacked?

SLIDE 66

What about security ?

Complexity is the Enemy of Security

SLIDE 67

What about security ?

Smallest possible attack surface
Vastly reduced implications due to low

uptime and transient nature of instances

Very difficult to exploit other systems

because essential tooling is missing

Bootable App

SLIDE 68

Bake as much configuration as

possible for all environments directly in the Bootable App

Use environment detection

and auto-configuration

what about configuration ???

SLIDE 69

Bootable App

Key Value JDBC_URL jdbc:… ENV prod

what about configuration ???

Bake as much configuration as

possible for all environments directly in the Bootable App

Use environment detection

and auto-configuration

Pass remaining configuration

at startup and expose it as environment variables

SLIDE 70

Instance

what about the database ???

Keep all persistent state out of the instance,

including the database

Use one of the many good hosted solutions

available like Amazon RDS or Google Cloud SQL

Use a database migration tool to update the

schema on application startup

SLIDE 71

what about the logs ???

LOG file LOG file LOG file

ssh me@myserver1 tail -f server.log ssh me@myserver2 tail -f server.log ssh me@myserver3 tail -f server.log

SLIDE 72

LOG file LOG file LOG file

log server

where logs can be

aggregated
stored and backuped
indexed
searched

SLIDE 73

what about sessions ???

Keep session in an encrypted and signed cookie

avoids session timeouts
avoids server clustering & session replication
avoids sticky sessions & server affinity

Instance

SLIDE 74

what about rolling out new versions ???

SLIDE 75

Availability Zone 2

Load Balancer

Logs

Availability Zone 1 App V1 App V1

SLIDE 76

Load Balancer

Logs

Availability Zone 1 App V1 App V1 Availability Zone 2

SLIDE 77

Load Balancer

Logs

Availability Zone 1 App V1 App V1 App V2 App V2 Availability Zone 2

SLIDE 78

Load Balancer

Logs

Availability Zone 1 Availability Zone 2 App V1 App V1 App V2 App V2

SLIDE 79

what about containers ???

(as in OS-level virtualization)

SLIDE 80

understanding modern CPUs

Both Intel and AMD have hardware support for virtualization

isolation
performance penalty

SLIDE 81

Image Hardware Hypervisor Image Hardware OS+Container Runtime

Container VM

n prem

your responsibility

SLIDE 82

Image Hardware Hypervisor Image Hardware OS+Container Runtime

Container VM

cloud

Hypervisor

SLIDE 83

cloud your responsibility clo loud responsibility

instance scheduling machine images instances instance volumes instance networking container scheduling container images containers container volumes container networking

SLIDE 84

1.5 months of t2.nano

SLIDE 85

1 hour of t2.nano

SLIDE 86

cloud your responsibility clo loud responsibility

instance scheduling machine images instances instance volumes instance networking container scheduling container images containers container volumes container networking

Only makes sense if you cannot afford 0.5 .5p/hour granularity

SLIDE 87

summary

SLIDE 88

One immutable unit
Regenerated after every change
Promoted from Environment to Environment

Classic Mis istake: Build per Environment

SLIDE 89

Bootable App

One immutable unit
Regenerated after every change
Promoted from Environment to Environment
Use Minimal Images
Focus on Cost in your architecture

Classic Mis istake: Build per Environment

SLIDE 90

boxfuse.com

SLIDE 91

Thanks

SLIDE 92

AXEL FONTAINE @axelfontaine

boxfuse.com

Immut able Infrastructure

About Axel Fontaine

about

questions

sometime in the 20th century …

+ =

ON PREM

+

Challenges

+ =

ON PREM

+

Challenges

+ =

ON PREM

+

Challenges

+ = +

Challenges

COLO

+ = +

Challenges

ROOT SERVER

Let’s talk about software

POLL: which level of automation are you at?

why aren’t we doing the same for the layers this is running on ???

Any difference is a potential source of errors

If I had asked my customers what they wanted they would have said a faster horse.

fast forward to 2016 …

Every day, AWS adds enough server capacity to power the whole $7B enterprise Amazon.com was in 2004. Weekends included.

Shift to a world of abundance (no more resource scarcity)

Control Plane Data Plane

Control Plane Data Plane

Automated Provisioning Cost-driven Architectures

it is time to rethink the faster horse

but there is one big problem left …

Machine Image

Machine Image

Multiple GB

Running servers in production should be like going backpacking. You take the bare minimum with you. Anything else is going to hurt.

what is really adding business value ???

Machine Image

Machine Image

Multiple GB

who is this for ???

demo

What are the implications ???

Focus shift Individual instances become disposable Instance Service

Treat servers like cattle instead of pets

for servers is dead!

high uptime is a liability

How to solve service discovery ?

?

What about security ?

What about security ?

What about security ?

what about configuration ???

what about configuration ???

what about the database ???

what about the logs ???

log server

what about sessions ???

what about rolling out new versions ???

what about containers ???

understanding modern CPUs

your responsibility

cloud

cloud your responsibility clo loud responsibility

1.5 months of t2.nano

1 hour of t2.nano

cloud your responsibility clo loud responsibility

summary

Thanks

I'LL BE BACK