© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Nicholas Gerasimatos, Red Hat CCSP Cloud Evangelist

November 1, 2016

Develop, Build, Deploy, and Manage

Containerized Services and Applications on

the AWS Cloud

DEV404

A little bit about Red Hat and AWS…

TRUSTED IN THE INDUSTRY

Collaborating with AWS

9years

Had a fix within 1 calendar day of being public

98%of critical vulnerabilities

THE OPEN ORGANIZATION

Of Fortune 500 companies trust Red Hat

90%More thanOver

To enterprise users

99.999%uptime

Red Hat

CLOUD LEADERSHIP

Delivering cloud services

10years

Service improvements in 2015

700Over

RELIABLE, HIGH-PERFORMANCE

INFRASTRUCTURE

Spanning 13 geographic regions

35Availability Zones

With consistency

48,000IOPS/instance

Capable of delivering

Amazon Web Services

AWS Direct Connect Amazon VPC

VM Import/Export AWS CloudFormation

AWS Identity and Access Management AWS CLOUDYOUR DATA CENTER

Red Hat and AWS Extend Your Existing Data Center

Red Hat OpenShift on AWS

Containers - Transform Apps, Infrastructure, &

Process

Enterprise grade

Built for both traditional (legacy) and cloud-

native applications

Integrated hybrid cloud application platform

for application development and deployment

Portable platform designed to develop, build,

and manage container-based applications

across different environments

Easily turn source code into running

applications

Multi-language

OpenShift Is Red Hat’s Container Application Platform

SECURITY

SCALABILITY

INTEGRATION

MANAGEMENT

CERTIFICATION

Red Hat Addresses Container Adoption

Benefits for Developers

● Access a broad selection of application components

● Deploy application environments ondemand

● Leverage your choice of interface & integrate with existing tools

● Automate application deployments, builds,and source-to-image

● Enable collaboration across users, teams, & projects

Benefits for IT Operations

● Deploy a secure, enterprise-grade container-based application platform

● Enable application developers while improving operational efficiency & infrastructure utilization

● Utilize advanced scheduling and automated placement with regions and zones for HA

● Leverage powerful declarative management for application services

● Manage user & team access and integrate with enterprise authentication systems

UNTRUSTED

Will what’s inside the containers

compromise your infrastructure?

How and when will apps and libraries be

updated?

Will it work from host to host?

Can I use the same solution on-premises

and in the Cloud?

DIY Container Platform vs. Red Hat OpenShift

RED HAT CERTIFIED

Trusted source for the host and the containers

Trusted content inside the container with security fixes

available as part of an enterprise lifecycle

Portability across hosts

OpenShift can be deployed on premises or on AWS

Certified Container Images

Certification Middleware

Red Hat Container Registry

Container Development Kit

Certification as a Service

● A better developer experience

● A bigger selection of fully supported services

● A more powerful, standards-based orchestration engine

● A more secure, standards-based container model

● A more reliable, trusted,and fully supported Linux OS foundation

OpenShift Compared to Other Platforms

Others

X

X

X

X

X

Red Hat and AWS provide a complete, enterprise-class computing

environment that is simple and scalable

Red Hat gives your organization access to a secure and easy-to-manage

platform that meets the changing needs of your business

OpenShift on Amazon Web Services provides the power and flexibility of

your own OpenShift Container Platform Cluster backed by Red Hat

engineering, operations, and support!

Hosting OpenShift on AWS enables cost-effective security, reliability,

and performance

Benefits of Red Hat OpenShift on AWS

Your Red Hat subscription provides access to technical experts and

support services to help you successfully build, deploy, and manage

your enterprise solutions

Access OpenShift through your Red Hat subscription

When you use Red Hat Enterprise Linux on demand, you’re only

paying for what you use on Amazon EC2

Pre-existing Red Hat subscriptions can be moved easily to AWS

using Cloud Access

Flexibility to run Red Hat’s entire portfolio of software offerings

including full stack Jboss on OpenShift

Benefits of Red Hat OpenShift on AWS

OpenShift Architecture

OpenShift Runs on Your Choice of Infrastructure

Nodes Are Instances of RHEL Where Apps Will Run

Apps and Components Run in Containers

Container Image

Container

Pod

Pods Are the Orchestrated Unit in OpenShift

Masters Are the Control Plane

API and Authentication

Desired and Current State

Scheduler Pulls from the Registry

Orchestration and Scheduling

Placement by Policy

Services Connect Application Components

Health and Scaling

What About Unhealthy Pods?

The Master Remediates Pod Failures

What About App Data?

Routing Layer for External Accessibility

Access via Web UI, CLI, IDE, API

Interacting with OpenShift

OpenShift Architecture/Application

CA–OpenShift Deployment

Ganesh JanakiramanSr. Director – SaaS Ops and Delivery

SaaS @CA

• Market leading SaaS solutions in:• Project and portfolio management• Agile management• Online payment authentication• Performance testing• Identity security

• Global customer base accessing 24x7x365 mission-critical applications• FedRAMP/PCI/SOC 2 compliance certification• Global footprint for redundancy and data residency

CNN Politics App

The Problem

Let’s consider an application with a back-end web service.

HTTP

Service

The service could be Tomcat serving HTML, Jetty

serving OData, Node.js serving plain REST APIs, an

instance of Ruby on Rails—doesn’t matter for this

argument.

How can we deploy this service?

4

The Problem

Let’s say 1 instance of that service can handle 100 users and

requires 1 CPU core.

And let’s say we have 100 users. We could simply run 1 service

on 1 physical server (or VM) with 1 core. No problem.

But what if we have 100,000 users?

HTTP

Server (1 core)

OS

100 users

4

The Problem

With 100,000 users, we need 1,000 service instances,

which need at least 1,000 cores.

How can we deploy an application with 1,000 Tomcats or 1,000

RoR instances?

That’s a complex problem, and good solutions must meet many criteria.

But here are four key criteria for CA Platform.

100,000 users 1,000

4

Four Key Criteria

4

So what are some approaches to this problem?

Capex We’re going large scale in the first place because we are

delivering SaaS, and SaaS profitability calls for the most cost-

efficient hardware, software, and operations labor that can do

the job.Opex

Isolation

To achieve sufficient reliability, we need resource isolation

between service instances—we can’t let one misbehaving

instance take down hundreds of others.

Flexibility

We need to efficiently add, remove, grow, and shrink services. In real life, that hypothetical set of 1,000 service instances isn’t static, isn’t uniform, and isn’t the only set of services.

Putting all 1,000 services on a small

number of very large servers is a

nonstarter.

Biggest problem in general: Large

servers are dramatically less cost-

effective than small servers. Large

servers make sense only for

specialized workloads that can’t run

on small servers.

1000-core server

Bad Approach: Humongous Servers

OS

1,000

44

Capex Awful

Opex OK,but doesn’t matter

Isolation Awful

Flexibility Awful

Bad Approach: Horde of Tiny Servers

... 1,000 total

Putting each service on its own just-big-enough server

doesn’t work either. Even if that server size happens to

be cost-efficient in cores-per-dollar, opex and flexibility

are unacceptable.

CapexBad. Cost-optimal server size is usually bigger than 1 service, and some of our cost (such as OS licensing) scales with the number ofservers.

OpexAwful because we have 1,000 independent OS instances to manage. (The data center automation business from 10 years ago would love to help you try to fix this.)

Isolation Good. (Actually, total overkill for web apps.)

Flexibility Awful, especially if our service outgrows our server!

4

Common Approach: VirtualizationLet’s say the cost-optimal server has 8 cores—enough raw capacity for 8

services (ignoring overhead). To isolate those 8 services from each other,

we need some way to subdivide our physical servers. Enter

virtualization.8-core server

× 125 ...?

4

CapexJust OK, because those 1,000 OS instances impose significant

additional overhead—we actually need way more than 125 servers.

OpexStill awful because we still have 1,000 independent OS instances tomanage. (Plus an additional ton of virtualization software to buy and operate—which is why VMware loves this approach.)

Isolation Good.(Still overkill.)

Flexibility OK. We can change deployment sizing virtually, though not dynamically.

8-core server

OS with 8 containers

Common Approach: OS Containers

× 125

Capex Good. Cost-optimal hardware. OS (and virtualization) overhead is at a minimum.

Opex

OK. Reasonable number of OS instances to manage, but we haven’t

addressed how to manage thousands of services or how to route application

traffic. Typically, that’s a ton of custom automation.

Isolation Goodenough for web services.

FlexibilityOK. Containers are easier to manage than full VMs, but they are stillindividually configurable objects that must be externally automated or manuallymaintained.

Container

Service

47

OpenShift at CA

• One of the initial adopters of Red Hat OpenShift since 2012

• CA and Red Hat partnership in building internal PaaS

• OpenShift 3 adopts Docker and Kubernetes:

• Docker brings de facto standard container technology

• Kubernetes is a proven container orchestration platform

• Red Hat provided web console, RBAC, self- service templates, security, and more

• OpenShift in AWS and on VMWare

OpenShift – How Do We Use It Today?

• Multitenancy using projects provides right isolation

• Autoscaling pods with CPU

• Different deployment strategies (A/B , rolling) based on project

• Resource allocation caps and workload sharing

• Integrated Docker Registry

• Source-to-Image

Presentation

Q&A

Red Hat Quick Start has been built in collaboration with Red Hat and features OpenShift by Red

Hat on AWS

Quick Starts are automated reference deployments that use AWS CloudFormation templates to

launch, configure, and run the AWS compute, network, storage, and other services required to

deploy a specific workload on AWS

Request a $2000 credit from AWS to deploy Red Hat OpenShift on AWS as a Proof of Concept

with a comprehensive suite of services.

Please visit https://aws.amazon.com/partners/redhat/ to request the POC credits

Overview of the POC Program

Red Hat Products on AWS

https://aws.amazon.com/partners/redhat/

Quick Start Guide Red Hat OpenShift

https://s3.amazonaws.com/quickstart-

reference/openshift/doc/red-hat-openshift-on-the-aws-

cloud.pdf

Evaluate OpenShift Enterprise

https://access.redhat.com/products/openshift-enterprise-

red-hat/evaluation

Sign up for AWS for free

http://aws.amazon.com/getting-started

Red Hat on AWS

https://aws.amazon.com/partners/redhat/

Red Hat

https://www.redhat.com/en

OpenShift

https://www.openshift.com/

OpenShift Dedicated

https://www.openshift.com/dedicated/

OpenShift on AWS

https://aws.amazon.com/blogs/apn/deploy-red-hat-

openshift-on-amazon-web-services/

Resources

Thank you!

Nicholas Gerasimatos - Twitter: @N_Gerasimatos

Remember to complete

your evaluations!