posted

0 Comments

CNA_cloud-logo

Cloud Native Applications are getting some momentum. Still there is some reticence to run these in production on premise, particularly for the applications that could become business critical.
VMware mission is to be here to help. As part of our container portfolio we do have Photon OS to run containers, enterprise-class features with vSphere Integrated Containers (VIC) and a  secure and scalable Platform as a Service with Cloud Foundry.

In the case there is a requirement for managing the life cycle of the container infrastructure as often the case for other IaaS applications vRealize Automation has some features that can help extend Photon OS availability in production.

If you are in charge of the infrastructure and have to make critical cloud native applications available in production on vSphere you may start with deploying a Photon Blueprint. Still your application may be very vulnerable. Even if Photon OS does include swarm, a Docker native clustering it still need to be managed to provide high availability and scalability. Also access to the Docker APIs is not secured.

In this blog post I will leverage vRealize Automation features to create blueprints for highly available and scalable Cloud Native Applications.

 

How I designed my HA, scalable Photon blueprint.

To make the application deployment highly available I did set the cluster option on the blueprint VM. This also provide VM based scale out and scale in day 2 operations.
To make the application cluster aware I have created a “Create docker Node” vRealize Orchestrator workflow calling the swarm API to enable swarm and join new photon hosts. I also have a “Scale in node” workflow for removing a node from the swarm or all of them when decommissioning the deployment.

While this automation gives some great flexibility. I wanted to manage individual swarm nodes from the vRealize Automation user interface:

  • Request a swarm with 2 to 8 nodes
Picture1
  • See in the vRA user self service portal the swarm nodes as distinct component running in a deployment and be able to check their properties
Screen Shot 2017-05-15 at 21.44.31
  • Scale out / Scale in Photon swarm deployment
Screen Shot 2017-05-15 at 21.46.59
  • Contextually  run node specific day 2 operations in vRA without having to switch to a CLI or third party interface
  • Manage who has access to these day 2 operations using vRA entitlements and optionally approve some operations
  • Monitor the full life cycle of the app including day 2 operations

 

vRealize Automation 7.2 XaaS scalable components as a solution for managing Photon Swarms

An XaaS scalable component is a blueprint XaaS component that can be scaled independently from the blueprint VMs. I created my own “Docker node” resource using vRO Dynamic Types and could reuse the Create and Scale in workflows to leverage this new resource type.

Picture2

A benefit from this design is that I can scale out in almost real time since I can pre-provision the VM used to scale out and just start it / join it to the swarm on node scale out.

Picture3

Then to secure the application access to the API I had two options:

  • Via a certificate
  • Using an NSX virtual Firewall Rule which is one of the vRA blueprint component

This way each swarm can only be managed by the vRO server which in turn is used by vRA end users that can only operate the applications they own.

As you can see reading this post we managed to enable, manage and combine vRealize Automation and Photon scalability and security features providing a very flexible, as a service on premise enterprise ready Cloud Native app solution.