Software dominates the world. Everywhere organizations are writing software to automate manual business processes and gain advantage through speed to market, speed to transact business, making it easy to do business, and providing rich capabilities sooner than their competition.
Since software is so important to the lives of modern businesses, why do we still think it’s hard to deliver software people like to use?
For more on this topic, see Richard Seroter’s PCF message at VMWorld 2017: https://www.youtube.com/watch?v=oi1E36jLQNE
First, it’s hard to quickly write a bit of functional software, experiment on real people for real feedback, and incorporate that feedback quickly into the next version. We’re stuck in outdated processes and procedures that makes shipping the next version of software painful and slow. We can’t iterate fast enough due to these legacy processes, but also due to the outdated platforms we use. It takes time to spin up VM’s, build test environments, engage with silos of IT excellence to get a full stack available for developers to use. And often various silos within the organization have competing interests that don’t always align to shipping working software quickly and iterating quickly.
However, not every organization is suffering from these problems. T-mobile migrated to running 40m users / day on a new platform in 3 months. Home Depot is shipping code many times during the business day every day to production. Liberty Mutual went from 30 day minimum viable product to full production software in 6 months. Comcast experienced no burning IT fires 90 days after deploying a new development platform, doing platform upgrades during production business hours.
Pivotal Cloud Foundry helps ship and run all kinds of modern applications in a consistent way on any cloud public or private. It does this by integrating to and leveraging all of the cloud IaaS providers, including orchestration of the cloud components and cluster management, and embedding the OS images of windows and linux so that you don’t have to!. All of these components come with the foundry, and do not have to be pieced together later.
Services that make up the platform include all of the primary operational runtime issues that are required. Managing and orchestrating container runtimes, creating a CI/CD build pipeline, autoscaling and HA of apps, performance metrics and monitoring, security and key management are all built into the platform. Then there is an Open Service Broker API that is an industry standard way to incorporate third party services into the platform in a consistent manner. Ultimately all of this is for the purpose of enabling developers, not just providing a blinking cursor prompt. So the application development services are also present including Spring Boot, Steeltoe, caching, queueing, databases and more as a service, all underneath a dynamic routing layer that connects to these services as they come and go.
Let’s look at some of the stakeholders involved in building, maintaining, and using a platform such as Pivotal Cloud Foundry and how it meets their goals.
Operators / Operations Team
Ops needs an infrastructure installed quickly, repeatedly, and consistently every time. The issue is that many solutions require heavy pre-requisites of hardware or software that make deployments harder than necessary. In many cases too there is immature tooling associated with the platform or highly customized and fragile tooling that prevent easy integration into the management services already in place in the environment.
Pivotal Cloud Foundry setup is straightforward. The value of a commercial provider is the packaging and simplification of the platform on top of the open source package. There is a cloud provider interface for each major IaaS, in the public cloud or private cloud, Amazon, Google, Azure, VMware, OpenStack, etc. PCF is packaged with the embedded OS (linux or windows) needed to build and execute applications. You don’t want to be forced to maintain OS templates over time, and these are maintained for you. PCF will build the VM’s lay down the services that run the cluster and monitor the system. You don’t have a tenant cluster to build. It’s built for you. There is no wild collection of products left to integrate. It’s whole in and of itself, able to be extended if needed. It takes hours to get up and running, not days or weeks.
Ops needs to keep the environment secure and up to date. The problem is often that security products are built to be reactionary, not proactive. Detection of issues and subsequent patching of the infrastructure is a painful exercise in triaging, building, and scheduling the outages needed to upgrade the stack.
Pivotal Cloud Foundry is made safer by going faster. The infrastructure uses an immutable model where we replace components, we don’t patch as that leads to configuration drift. With a canary model of detecting issues quickly, the infrastructure can be replaced online component by component and be trusted to be secure and 100% available. 80+ hardening configurations for the linux stem cells that form the basis of the images used. These images come with PCF and are taken care of for you. It uses a fully encrypted network with Credhub for key management. Security is on by default for containers. It has policy based enforcement of security policies, and role based access to the platform. Monitoring is built in to allow for after-the-fact analysis. You have full control of the SW supply chain with buildpacks that are good by default and customizeable as you need. All this leads to an outcome that the full stack is current, “patched” and always available for you.
Ops needs to keep the platform available and online at all times. Nobody wants to have weekend outages, as global regional access is required in todays world. There are so many single points of failure that it is exhausting to create H/A constructs for each and every component of the platform.
Pivotal Cloud Foundry is highly available by default and is built with resilience in mind. There are four layers of availabiliity built into PCF. If a container fails, PCF creates another and starts it up automatically. If a server process fails, PCF restarts it. If a Host VM fails, PCF deletes it and recreates it, having already restarted container components it was hosting. If an entire Availability Zone fails? Traffic flows to a secondary site automatically. PCF allows for upgrades of each layer with no downtime using fully tested BOSH releases. PCF releases are tested at massive scale for sustained periods.
Ops needs to offer a relevant service catalog to developers instead of a blank VM to force them to build their own stacks. There are so many products that an enterprise developer can choose from, a network complexity issue emerges where products do or don’t work well together, have a consistent H/A model, that have security turned on by default, etc. In short the tools may not fit the standards required by the enterprise.
Pivotal Cloud Foundry’s service broker model is a friendly one that provides consistently delivered managed services. The broker API provides catalog management, provisioning, binding, unbinding, and de-provisioning. You can have brokered, managed, and on-demand services to developers shared or for individual instances. A robust partner ecosystem contains enormous number of partner offerings in the PCF Marketplace accessible to the developer directly from the GUI or CLI. Cloud IaaS provider brokers bring best of breed capabilities from the underlying IaaS.
Ops needs to be able to isolate tenants and workloads. the problem becomes unique environments create maintenance headaches, but colocation adds risk.
Pivotal Cloud Foundry offers multi-tenancy and isolation built-in. PCF has native support for organizations (tenants) and spaces (workloads) with role-based access controls and quotas. Backing services can be shared or single tenant. Isolation segments create separate compute and network pools to keep workloads segregated and performant. Automated upgrades allow Ops to manage multiple Foundries easily.
Developers
Devs need to use modern tools and frameworks. This helps get their jobs done easier, but also helps recruit and retain the best talent. Often te problem is that Ops doesn’t want to set up and maintain lots of permutations of one-off languages and environments.
Pivotal Cloud Foundry supports all major languages and runtimes, and is extensible to edge use cases. There are Buildpacks for the most common languages. Windows and linux hosts environments are supported. Docker images are supported, and apps may be deployed based on that container type. Either the platform builds the container for you or your provide one. All apps get the same auto-scaling, log aggregation, metrics, and environment variable behavior no matter the abstraction used to run them on the cluster.
Devs want to use a wide variety of application types to solve business needs. Sometimes devs create server services, stateful or stateless, or monoliths to solve businiess challenges.\
Pivotal Cloud Foyndry runs all types of apps in one place. PCF is equally capable of running horizontally scaled web applications as it is deploying internet facing API services. Background jobs are fine, apps don’t need to run all the time, but can be spun up just in time. One off tasks are ok, as well as stream processing apps. PCF has capability for volume services to connect persistent storage to run stateful filesystems or DB instances. All kinds of backing stores are supported including DB’s whether they are SQL or no, scalable, filesystems, etc. Come one, come all.
Devs want to ship software early and often to create a fast feedback loop between users, devs, and feature releases. This is typicially a hard task that traverses a maze of stakeholders, processes, and gating teams all with differing priorities.
Pivotal Cloud Foundry makes deploying software boring and commonplace. CF push makes it simple to find hosts upon which to execute, configure the runtime executable, installs and configures middleware, retrieves code dependencies, creates and stores the package blob, configures dependent independent services, deploys containers to hosts, sets environment variables, configures load balancers and firewalls, starts service monitoring and log collection. PCF transforms the software deployment infrastructure stack deployment from 30 days to 30 seconds. When you can experiment deployments for free, then this fundamentally changes how you run your business.
Devs want to configure apps in a self sevice fashion rather than creating tickets to work through process. The issue is that the configuration surface is so wide as to be complex, or rather it’s too narrow to make changes post deployment.
Pivotal Cloud Foundry makes it easy to adjust configurations as needed post deployment. Apps can be scaled using the API, CLI, or GUI. Autoscale policies can be changed any time. Loggin levels can be changed for Spring Boot apps. Environment variables can be changed. New services can be bound or unbound to service instances, and container to container network polices can be modified to allow containers of one app talk directly to apps of another container without having to go through a load balancer (if desired for low latency).
Finally if something does go wrong, devs in a dev ops model want to keep the Mean Time To Resolution of problems that occur as short as possible. Nobody wants to get paged all the time, especially after hours. The challenge is that typically logs are strewn everywhere and everyone has a different narrow view of some of the facts, but not enough to solve the problem.
Pivotal Cloud Foundry correlates logs and metrics together for easier troubleshooting. Application logs are stored centrally, and get correlated with host metrics and platform events. This firehose of logs can be tapped by nozzels into specific logging tools. Trace Explorer provides a visualization of latency between microservices by looking at the call graph.
Ultimately Pivotal Cloud Foundry provides a platform of integrated services by which all kinds of modern applications can run in a consistent way on any cloud public or private.