Conversations in the Cloud

Conversations
IN THE CLOUD
• Cloud for Smart Speed
• Multi-cloud is the Platform
• Embracing DevOps and #GIFEE
• Cloud-grade Networking: DevNetOps

PRESENTERS
James Kelly
Lead Cloud Architect
Juniper Networks
• Engineer
• Marketer
• Continual Learner (Kaizen Jedi)
connect

IT VALUES > IT TRENDS > CLOUD TRENDS
Add & accelerate value to the business
CUSTOMER’S
Top-of-mind
Application Innovation
drives business value, information & agility
Automation
drives IT agility, quality, speeds application
iteration and abstracts infrastructure
Multi-cloud platform
enables automation, scale and flexibility
Business
Software
Hardware
IT VALUE CHAIN
…
CLOUD
• Golden infrastructure model to support the above
CIOs & CTOs
• No longer partnered with the business, they are the
business; Every company is a software company
APPLICATIONS
• The interface to lines of business and customers
AUTOMATION
• The future belongs to the fast

FIRST…
FORGET THE CLOUD
CLOUD IS JUST THE VEHICLE, NOT THE DESTINATION

CLOUD IS THE WAY TO…
Big
Data
& AI
Orch.
&
Arch.
DevOps
TCO
&
Open
Public
Cloud
& IOT
Secure
SRE

IT Today
TECHNOLOGY GEEKS
SERVICE PROVIDERS
BUSINESS “PARTNER”
BUSINESS SHAPERS
-1980s
90s-2000s
00s-2010s
TODAY
A brief history of highly effective IT
LINES BLUR BETWEEN IT AND BUSINESS
• IT leaders shape the future of the business innovation
• IT owns most of the customer experience
INNOVATION IS AN IMPERATIVE
• As disruption impacts every industry: The choice is in between predator or prey.
• Focus is on technology that is differentiating. Drab tech is kicked is SaaS
SECURITY IS A MUST
• More threatening than competitors, breaches are devastating
• Must be pervasive in culture, processes, applications and infrastructure
AI IS HIGHLY ANTICIPATED, AND NEEDS PLANNING
• Business plans for AI are well defined: 23%, Technology plans for AI: 20%*
• New levels of market, business, and operations awareness
THE STATE OF IT TODAY
* State of the IT 2017

The mind of a CIO
PREDICTABILITY
(Smooth running IT team today)
FUTURE-PROOF
INNOVATION
(Strengthen and protect IT team for future)
ADD & ACCELERATE
BUSINESS VALUE
(Happy CEO & lines of business)
REDUCE TCO
(Happy CFO)
AGILE
STEADY
BUSINESSTECHNOLOGY

STANDARDIZE & CONSOLIDATE THE OLD
(and anything not business differentiated or advantageous)
+
CLOUD-FIRST & CLOUD-NATIVE THE NEW
(and refactor anything business differentiated or advantageous)
BIMODAL IT
it’s not about here or there… it is about
An at-scale computing platform for
• DevOps
• Digital Ops
• Internet of Things
• Big Data- and AI-driven Research and Insights
CLOUD
IS THE NEW COMPUTER

MULTI-CLOUD: REALITY, NOT A STRATEGY
AIMING FOR MULTI-CLOUD
AS THE INFRASTRCTURE IDEAL
State of the Cloud Survey ‘17
MULTIPLE AZs MULTIPLE ACCOUNTS MULTIPLE REGIONS MULTIPLE VENDORS
THE STRATEGY: HOW TO CHOOSE & CONSUME WISELY
85% ofenterprises

MULTI-CLOUD OVERVIEW
Clouds provide services and IaaS
(elastic programmable infrastructure)
1
Clouds are inter-connected2
Clouds run cloud-native app stacks3
1
2
3
----- IaaS abstraction -----

MULTI-CLOUD DECODER RING
Clouds provide IaaS
(elastic programmable infrastructure)
1
Clouds are inter-connected2
Clouds run cloud-native app stacks3
1
2
3• App/DevOps stack, Middleware, API Gateway
• CNCF, SaaP, CaaS, PaaS, FaaS
• Containers, Micro-services, Immutable Infra.
• ML, ETL and Big-data Pipelines and Stacks
• Gateways, Direct Connect
• Transit VPC, Shared VPC, VPC Peering
• SD-WAN
• Firewalling, VPNs, IPSec
• (Real) Infrastructure as Code
• DevSecOps or DevNetOps Network as Code
• Servers, Hypervisors
• SDDC, (Bare)Metal-aaS, IaaS, Data Centers
Sitereliabilityengineering
----- IaaS abstraction -----
TERMS TECH

WHAT IS IT?
WHAT ABOUT HYBRID CLOUD

BUSINESS MOTIVATIONS FOR CLOUD CHOICE
Defn. HYBRID CLOUD:
Hybrid cloud spans at least one public and one private cloud
Better modern use: A unified platform that spans multiple clouds
HYBRID CLOUD IS THE NEW IT – WHY?
VENUE:
• Geography for reach, migration, compliance or sovereignty
• Cost advantages
• Feature advantages
RESILIENCE:
• Disaster recovery and avoidance site
• Active-active setups for high availability
AGILITY:
• Speed of abstracting away infrastructure for developers
• Circumvent challenges: budget, staff, experience
• Hardware & software innovation pace of hyper-scale clouds
FLEXIBILITY:
• Design split-tier applications for best of both worlds
• Lifecycle / environment for dev, test, staging, production
• Bursting (seasonal, occasional etc. spiky usage vs. steady usage)

LUCK FAVORS THE PREPARED
Hybrid cloud prepares enterprise IT by design for infinite scale and choice
HYBRID CLOUD IS THE NEW IT – WHY?
THE GOOD:
• Global infrastructure platform
• Ecosystem: Big Data, Machine Learning, IoT Platforms
• Economic flexibility and alignment with value
• Instant and elastic scale and failover possibilities
• YES! Security – expert SecOps in large clouds
THE BAD:
• No end of amortization – A perpetual investment
• Platform and data locality lock-in
• Aspects of unpredictability
PUBLIC CLOUD
THE GOOD:
• Control and compliance over location and systems
• Data sovereignty and locality
• Custom SLAs, platforms and hardware
• Trust for mission-critical workloads and security
THE BAD:
• Time and skill to build/maintain/scale the platform
• Reserves and CapEx beyond current needs
• Aspects of inflexibility
PRIVATE CLOUD

LUCK FAVORS THE PREPARED
Hybrid cloud prepares enterprise IT by design for infinite scale and choice
HYBRID CLOUD IS THE NEW IT – HOW?
THE GOOD:
• Global infrastructure platform
• Ecosystem: Big Data, Machine Learning, IoT Platforms
• Economic flexibility and alignment with value
• Instant and elastic scale
• YES! Security
THE BAD:
• No end of amortization – A perpetual investment
• Platform and data locality lock-in
• Unpredictable
PUBLIC CLOUD
THE GOOD:
• Control and compliance
• Data sovereignty and locality
• Custom SLAs, platforms and hardware
• Trust for mission-critical workloads and security
THE BAD:
• Time and skill to build and maintain the platform
• Reserves and CapEx beyond current needs
PRIVATE CLOUD
A HYBRID CLOUD UNIFIED PLATFORM REQUIRES SOME PARITY…
• Functionally compatible: APIs, infrastructure and platform primitives, config behavior
• Non-functionally compatible: availability, performance, QoS
• Economically compatible: no prohibitively drastic cost differences

HYBRID CLOUD PLATFORM
Unified Cloud Platform
• Application and DevOps pipeline portability and mobility
• Multi-cloud I&O management and orchestration
• Consistency and parity of core experience
• Economic optimization with flexibility
HYBRID CLOUD PLATFORM
Doing everything, all at once!
• Context switching efficiency loses
• Poor portability of DevOps automations and apps
• Cloud data and services lock-in
• Long-term management and cost control nightmare
DISPARATE PRIVATE + PUBLIC CLOUD
UNIFIED PLATFORM
VS.

CLOUD LOCK-IN
Data Gravity
• Data is expensive and slow to move out or port
Developer / Application SaaP Lock-in
• Application services coupled to cloud service APIs
Infrastructure / IaaS Lock-in
• VM / security / networking / storage coupled to IaaS
EXAMPLES OF LOCK-IN
• Variable reliability: e.g. AWS Feb 2017 S3 outage
• Rising costs: vendor has you over a barrel
• Services gap: cannot use other vendors’ innovations
• Business slowdown: Wasted time to re-implement
• Partner and talent pool: narrower selection pool
LOCK-IN RISKS
PAINTING YOURSELF INTO A CORNER?

Portable infrastructure as code
• Use IaC/CfgMgmt like Digital Rebar, Terraform, Docker
• Minimize DSL lock-ins like AWS CloudFormations
• Resiliency drills: chaos monkey, phoenix servers, etc.
Software-defined networking, security, storage
• Portable across any cloud, any IP network underlay
• Overlays to provide addressing/naming portability
• Collapsible overlays to improve performance & mgmt
• Scales in software and optional hardware variants
Operations
• Harmonized policy as code across tools
• Unified policy can widen blast radius of bad changes
• Portable management/monitoring for infrastructure/apps
• It should all integrate with a portable DevOps stack
MITIGATING INFRASTRUCTURE LOCK-IN
Prefer tools that aren’t single-minded
• Bimodal tools that work with legacy AND cloud are best
• One tool that can do / integrate a few related things is
simpler than many narrowly focused tools
• A tool that integrates with multiple vendors / clouds and
uses open APIs / interoperability standards is best
UNIVERSAL TOOLSINFRASTRUCTURE CONSIDERATIONS

MITIGATING INFRASTRUCTURE LOCK-IN
Use OpenStack as an IaaS base
• Parity with AWS and most new cloud IaaS vendors
• Multiple vendors to support you
• VMware can serve the same purpose but is less portable,
less open, more expensive, and HA-feature overkill
FOR PRIVATE CLOUD
A cloud management platform can provide
• ITaaS workflows for infrastructure self-service
• Single pane of glass high-level monitoring and policy
• Easier economic comparison
Examples:
• RightScale
• Scalr
• Red Hat CloudForms
• Google Stackdriver
• CloudHelm
• Platform9
FOR HYBRID CLOUD MANAGEMENT

Developer strategy
• Don’t use custom cloud services when you can BYO
(e.g. API gateway, auth, DB, message queue, etc.)
• Easily run open source tools and vendors supporting
multiple clouds with package managers like K8s Helm
• Find multi-cloud shims like Minio for S3-like obj. storage
• Avoid API lock-in with OSS-based managed service
offerings if you cannot BYO
• CNCF is a good source of many cloud-native OSS tools
• Lock-in carefully for advantages of unique offerings
• See ThoughtWorks principles of Evolvable Architecture
MITIGATING DEVELOPER LOCK-IN
APPLICATION CONSIDERATIONS
BYO App/DevOps Stack
• Portable tools like Jenkins, Spinnaker, etc.
• Minimize DSL lock-ins like AWS CodeStar
• Enable CD/CR flows like blue / green across cloud
vendors or at least regions to minimize MTTR
FOR DEVOPS

SUMMARY: AVOIDING CLOUD LOCK-IN
Start with 2 clouds instead of one…
• Hedge bet on a partner for cloud innovation & economics
• Force the application cluster / stack to be portable
• Force the DevOps workflows to be portable
• Force designing for resiliency and scale early on
PLAN FOR A DIFFERENT FUTURE
Embrace IaaS as a base, but cloud services sparingly
• Bring your own IaaS automation (IaC)
• Lock in to cloud services by choice when they are
differentiated and necessary for business advantage
• For services that have open source equivalents,
bring your own or use a managed service
ONLY LOCK-IN CONSIOUSLY
THIS CLOUD HAD GOOD INTENTIONS

Don’t be a cloud tourist…
BUILD CLOUD-NATIVE

“Google is living a few years in the future
and sending the rest of us a message”
- Doug Cutting

“Google is living a few years in the future
and sending the rest of us a message”
CI / CD / CR
MICROSERVICES ARCH.
& CONTAINERS
RELIABILITY ENGINEERING
& IaC
DEVOPS

CI / CD / CR
MICROSERVICES ARCH.
& CONTAINERS
RELIABILITY ENGINEERING
& IaC
DEVOPS
MORE APP DEVELOPER IMPACT
MORE INFRASTRUCTURE & OPS IMPACT

LEARNING DevOps
DevOps brings together development and operations:
- PEOPLE and cultural principles and behavior through the entire business-level service lifecycle
- PROCESSES from design to production to maintenance reliability, scale, performance, security
- TOOLS to scale architecture, automate, collaborate, measure and thus improve quality and speed
CORE VALUES
“CA(L)MS”
CULTURE
AUTOMATION
MEAMUREMENT
SHARING
1
2
3
4
1. Holistic Systems Thinking: Concept to Cash
2. Amplify Feedback Loops: Short effective feedback to business service
3. Culture of continuous experimentation & learning: Try over talk & Fail fast
principles

DevOps: TOOLS ECOSYSTEM
Continuous integration means development happens in small, frequent (often daily)
commits into the automated build/test pipeline to quickly, automatically catch problems and
resolve them. Continuous delivery further extends the automation, making sure the
software is always packaged in a state that can be deployed. Continuous deployment is
orchestration of automatic upgrades and teardowns.
DevOps encompasses CI/CD automation tooling + culture shift of
● Developers responsible for operations (“you build it, you run it”) ● Infrastructure as code
● Inherent and automated security ● Measuring efficiency and performance
Defn. CI / CD:
CI/CD T LS

BEST OF BOTH WORLDS
PROMISING DELIVERY
PREDICTABLE DELIVERY
FREQUENT DELIVERY
DELIVERING PROMISE
GREATER QUALITY
FEATURE CONSISTENCY
DEVOPS: AT THE HEART OF DIGITAL TRANFORMATION
CONTINUOUS INTEGRATION
&
CONTINUOUS DELIVERY
(CI / CD)

MOVING FASTER FOR THE BUSINESS
FASTER
TO INCORPORATE FEEDBACK
& ENHANCEMENT REQUESTS
FASTER
CUSTOMER
TIME-TO-DEPLOY
ADAPTIVE AGILE
a key to business digital transformation
IT VELOCITY = BUSINESS VELOCITY

MISSING LINK IN DEVOPS
REAL-TIME RESPONSE INSIGHTFUL ANALYTICS PREDICTIVE

Continuous response is a practice where developers and operators instrument, measure, observe,
and manage their deployed software looking for changes in performance, resiliency, end-user
behavior, security posture, and take corrective actions as necessary. Actions vary from real-time
autonomic responses to using analytics data as feedback to the product function and feature pipeline.
http://cloudscaling.com/blog/devops/the-essential-devops-process-were-ignoring-continuous-response/
CI + CD + CR: CONTINUOUS RESPONSE
Feature / fix pipeline
Examples:
• A/B testing
• Measuring response times
• Customer interaction models
Defn. CR
Autonomics for availability and reliability
Examples:
• Auto-scaling
• Auto-healing
• Anomaly detection
History-based planning
Examples:
• Capacity planning
• Hardware failure prediction
• ROI / cost-basis analysis
REAL-TIME CR ANALYTIC CR PREDICTIVE CR
Big Data and machine learning/AI have an important role in improving CR, as does the Serverless model for its event handling

MATCHING AGILE
WITH ARCHITECTURE

AGILE W/O MICROSERVICES MICROSERVICES W/O AGILE AGILE + MICROSERVICES
THE RIGHT ARCHITECTURE FOR AGILE
“A clumsy ninja” “Brilliantly bottlenecked” “Lean and mean”

Small Teams
Clean Interfaces
Innovation and Upgrade Velocity
Scale Out
Reusable Components
MICROSERVICES
Large applications are broken
down into small, loosely coupled
and composable autonomous
pieces packaged into containers
BENEFITS
MICRO-SERVICES (as containers)
BIG impact projects come from many SMALL teams and tasks
Fault Tolerance

Out of the box, into the cloud
• Isolation
• Composition
• Scheduling
• Lifecycle
• Discover
• Constituency
• Scaling
• AAA
• Monitoring
• Health
BEYOND CONTAINERS

ECOSYSTEM AT A GLANCE
ECOSYSTEM AT A GLANCEPublic Container Orchestration Private Container Orchestration/PaaS
+ BYO solution on IaaS

RELIABILITY ENGINEERING & IaC
(Site) Reliability Engineering (SRE) is about further automating, especially infrastructure, to
improve business and technology levels of reliability: availability, performance, security
To fully realize DevOps, we need SRE, thus we need Infrastructure as Code (IaC)
Infrastructure as Code means we can extend practices of
CI/CD/CR from applications to also automate physical and
virtual infrastructure… How?... Programmability…
Dynamic API-driven cloud infrastructure is the foundation
Lower MTTR: Blue/Green upgrades; Self-healing (etc. with chaos monkey reliability tests),
UX and Security are first-class requirements: Micro-segmented security; Performance assuranceBENEFIT

Serverless computing or Function as a service (FaaS), is a code execution model in which a cloud
system manages starting a code function to serve events (e.g. HTTP requests, AWS events, or any
event that the system integrates with. Computing is billed by an abstract measure of the resources
required to satisfy the request. Despite the name, it does not actually involve running code without
servers, but they’re abstracted away from developers.
1 MORE THING… SERVERLESS
Serverless is yet another paradigm shift for developers,
but doesn’t cover all application use cases well
● HTTP webserver-less endpoint ● Short-lived event or ETL processing
● Reactivity in self-driving systems ● Recurring calendared functions like backups
Defn. Serverless
AWS Lambda GCP
Functions
Azure
Functions
ECOSYSTEM

From Automation to DevNetOps to Self-Driving
CLOUD-GRADE NETWORKING

EVOLUTION OF NETWORKING
Enabling automation:
• Open API programmability
• Config management
• Telemetry interfaces
• Disaggregation
• System extensibility
• SDN
• VNFs
AUTOMATION
Enable intent-based designs:
• Declarative configs
• Abstraction layers in systems and APIs
• Continuous feedback and response
• Narrow-AI networking decisions
SELF-DRIVING NETWORK
Enable agility and quality:
• Network as Code and agile change mgmt
Config + Templates + Artifacts + OS
• Pipeline of continuous integration, testing,
staging simulation and delivery
• Micro-service immutable infrastructure
• Orchestrated deployments, rolling
upgrades, and traffic management
• Resiliency testing drills (chaos monkey)
DevNetOps

WHY WE AUTOMATE
CONSISTENCY
Improve reliability
SPEED
The future belongs to the fast
SCALE
Optimized capacity for demand
DIGITAL
OPERATIONSINSTRUMENTATION
Handle complexity and improve human interaction

COEFFICIENTS OF AUTOMATION
space – architecture
time – processes
AGILE CONTINUOUS PROCESSES
API-ARCHITECTURE – X-aaS & as Code CLOUD
&
DEVOPS

NEW HEROS IN THE DEVOPS SAGA
DevNetOps & DevSecOps

DEFINING TERMS
For application development ops DevOps mentality around security ops DevOps mentality around network ops
DevOps DevSecOps DevNetOps
In classic DevOps, traditional ops concerns like security and infrastructure are shifting left, moving earlier on the
code-to-cash timeline. These alter egos are part of classic DevOps and app development + operations:
• SecDevOps aka Rugged DevOps propels security earlier in considerations of DevOps
• NetDevOps (less popular term) propels networking into considerations of DevOps (eg. apps controlling the network)
The Shift Left
Software is crafted, built and run in the
same organization
Silos are internal to IT department
Security and networking solutions are mostly bought and assembled
Silos are vendor-customer so co-creation is required

DEFINING TERMS… and ROLES
For application development ops DevOps mentality around security ops DevOps mentality around network ops
DevOps DevSecOps DevNetOps
In classic DevOps, traditional ops concerns like security and infrastructure are shifting left, moving earlier on the
code-to-cash timeline. These alter egos are part of classic DevOps and app development + operations:
• SecDevOps aka Rugged DevOps propels security earlier in considerations of DevOps
• NetDevOps (less popular term) propels networking into considerations of DevOps (eg. apps controlling the network)
The Shift Left
Software is crafted, built and run in the
same organization
Silos are internal to IT department
NRE: Network Reliability Engineer

Resiliency Design and Drills
Orchestrated Upgrades
Pipeline Orchestration
Network as Code
Micro Immutable Architecture
STEPS TOWARD DevNetOps
TOOLING PROCESSES PEOPLE
•Git, GitLab/Hub, Gerrit, Specs
•IaC tooling for cloud / SDN
•Declarative config as code (YAML)
•Real code: programmed extensions
•Agile, sprints, reactive changes
•Reviewing, branching
•Design templates and abstractions
•“DevNet” simulation checking
•Code, Developer and SCM skills
•Fearless/blameless post-mortems
•Bug scrubbing
•Culture of projects as feature dev

Network as Code
•Bug scrubbing
•Baking (eg. Aminator/Packer)
•Testing (eg. Jenkins)
•Pipeline as code (eg. Spinnaker)
•Orchestrate deployments
•Continuous integration/delivery
•Automatic and manual judgements
•“Continuous” deployment under
supervision with traffic management
•Adapt to test failures
•Test-driven development
•Pipeline ops specialist teams

Network as Code
•Bug scrubbing
•Containers & functions (from baking)
•CaaS and FaaS to run SDN systems
•ZTP minimal network OS
•Secrets, configs, volumes ”mounting”
•Design/package software into single-
purpose services
•CD as a vendor GTM model
•Design read-only CLI / GUIs
•Vendor-led re-architecting software
and systems for micro-upgradability
•Customer-led network architecture /
traffic management with redundancy

Network as Code
•Bug scrubbing
purpose services
• If in-place cutovers won’t do, traffic
balancing/draining orchestration as
code (across systems or ports) and
orchestrate deploys (eg. Spinnaker)
• Deployment step in the pipeline
• Staging simulation environments
• Blue/green or canary failure
rollbacks
• Frequent small updates/upgrades
• Hands-off deployment mindset
• Roll-forward determinations

Network as Code
•Bug scrubbing
purpose services
• If in-place cutovers won’t do, traffic
balancing/draining orchestration as
code (across systems or ports) and
orchestrate deploys (eg. Spinnaker)
• Deployment step in the pipeline
• Staging simulation environments
• Blue/green or canary failure
rollbacks
• Frequent small updates/upgrades
• Hands-off deployment mindset
• Roll-forward determinations
• Net-chaos monkey and watchdogs
• kill -9, unplug or cut cables, etc.
• DoS and traffic generators
• BFD, re-convergence optimization
• Develop drills for staging
• Run periodically in production
if/when possible (the new
“maintenance” window)
• Active open mindedness
• Design for security and resiliency
• Force failures to avoid black swans
• Sadistic practices of tech killing ;)

SELF-DRIVING NETWORKS: Apply big data collection and narrow-AI to networking
- Optimize and self-heal resources
- Anticipate problems and avoid them
- Scale
•Drill-down dashboards
•KPIs through technicals
•Real-time & historical telemetry
•IT ops integrations (eg. PagerDuty)
•Incident and anomaly playbooks
•Data science-led planning and
optimization
•Management by metrics
•Start with the important questions not
the data you have
•Shift to read-only GUIs
Continuous Response
Continuous Measurement

SELF-DRIVING NETWORKS: Apply big data collection and narrow-AI to networking
- Optimize and self-heal resources
- Anticipate problems and avoid them
- Scale
•Drill-down dashboards
•KPIs through technicals
•Real-time & historical telemetry
•IT ops integrations (eg. PagerDuty)
•Incident and anomaly playbooks
•Data science-led planning and
optimization
•Management by metrics
•Start with the important questions not
the data you have
•Shift to read-only GUIs
Continuous Response
Continuous Measurement
•Infrastructure lifecycle APIs
•Scaling/healing “operator” policy and
ML and event frameworks from node
auto-repair to full-blown FaaS
•AI operator and analytics for expert
system learning
•Workflows for supervised self-driving
•Pattern searching and reinvention
•Continual reinvention operational
stability/performance automation
•Optimize economics and capacity

Conversations in the Cloud

More Related Content

What's hot (20)

Similar to Conversations in the Cloud (20)

Recently uploaded (20)

Conversations in the Cloud

Editor's Notes