OPENSHIFT VS PIVOTAL CLOUD FOUNDRY COMPARISON

Transcription

OPENSHIFT VSPIVOTAL CLOUD FOUNDRYCOMPARISONOPENSHIFT VS PIVOTAL CLOUD FOUNDRY1

THE COMPARISON POINTS INTRODUCTIONRED HAT OPENSHIFTCONTAINERPLATFORMPIVOTALCLOUD FOUNDRY A platform-as-a-service for cloud-An integrated application platformnative applications (PaaS)to run, orchestrate, monitor andscale containers(CaaS and PaaS)PIVOTAL CLOUD FOUNDRY Pivotal spun off out of EMC and VMWare Based on open source Cloud Foundry Products Pivotal Cloud Foundry: on-premise PaaS Pivotal Web Services: hosted PaaS on Amazon Web Services (AWS) PCF Dev: local instance on dev machines Pivotal Labs: consulting methodOPENSHIFT VS PIVOTAL CLOUD FOUNDRY2

RED HAT CONTAINER STACK - PIVOTAL CLOUDFOUNDRY STACKOPENSHIFT VS PIVOTAL CLOUD FOUNDRY3

KEY OPENSHIFT ADVANTAGES Enterprise grade security Built on top of RHEL and uses industry-standard SELinux isolation Full stack support Single vendor supporting OS, platform, containers and middleware Enterprise middleware services including full Java EE support Red Hat JBoss EAP, JWS, A-MQ, Fuse, BRMS, BPMS, JDG, Mobile, API and SSO Standard containers and orchestration Linux containers and orchestration with Docker and Kubernetes Built-in operational management Infrastructure provisioning, policy-management and vulnerability scanning Supported by Red Hat Trusted open source leader 100% Open SourceCOMMUNITY AND VENDORSOpenShift community vs Cloud Foundry community Cloud Foundry community is polarized with 80% contributions by Pivotal and IBM OpenShift community is democratized by many contributors and is 5x more activeOpenShift vendors vs Cloud Foundry vendors Authentication, app lifecycle, storage, networking, app services and messaging are proprietary anddiffer across certified Cloud Foundry vendors (no portability) All OpenShift vendors’ solutions are open source and identical (portability)OpenShift vendors vs Cloud Foundry vendors Only Cloud Native applications run on Cloud Foundry Any application stack runs on OpenShift and OpenShift runs on any infrastructureOPENSHIFT VS PIVOTAL CLOUD FOUNDRY4

FROM CODE TO DEPLOYED CONTAINERSDockerGardenOPENSHIFT VS PIVOTAL CLOUD FOUNDRYKubernetesDiego SwarmMesos5

OPENSHIFT VS PIVOTAL CLOUD FOUNDRY6

ARE YOU LOCKED IN?COMMUNITY AND VENDORSCan you switch vendor withoutswitching technology?Can you switch technology withoutswitching vendor?CLOUD FOUNDRY PLATFORMS Small set of core services in the open source Cloud Foundry Large set of proprietary services on top in each vendor distribution Apps are not portable across platforms due the proprietary services (techlock-in) Migration involves cut and replace vendor-specific proprietary services Not possible to go from vendor solution to a self-maintained (vendor lock-in)OPENSHIFT VS PIVOTAL CLOUD FOUNDRY7

CLOUD FOUNDRY ARCHITECTURERequired Elements for a Certified Provider:Cloud Controller, Router, Diego and Garden, UAA, Logging and MetricsCLOUD FOUNDRY ARCHITECTUREAuthentication, App Lifecycle, Storage, Networking, App Services, Messagingcan all be different between various Cloud Foundry providersOPENSHIFT VS PIVOTAL CLOUD FOUNDRY8

With Cloud Foundry, every vendor switch involvessizable application migration between CloudFoundry providersKUBERNETES PLATFORMS Many platforms have adopted Docker and Kubernetes App containers are fully portable across platforms App migration might involve cut and replace vendor-specific services This is essentially the Cloud Foundry modelWith Kubernetes, vendor switch might involveapplication migration between KubernetesprovidersOPENSHIFT VS PIVOTAL CLOUD FOUNDRY9

OPENSHIFT PLATFORMS Based on docker containers and Kubernetes 100% open-source App containers are fully portable across docker platforms Apps are fully portable across vendorsNo Tech Lock-in Zero-effort application migration between vendors Vendor solution can be self-maintained by customerNo Vendor Lock-inWith OpenShift, vendor switch involveszero application migration between OpenShiftprovidersSWITCH COSTS IS NOT JUST ABOUT THE CONTAINER PLATFORMOPENSHIFT VS PIVOTAL CLOUD FOUNDRY10

AT A GLANCEPIVOTAL CFOPENSHIFT Garden and Diego Docker and Kubernetes .NET and Spring .NET, Spring and JBoss Middleware Only Cloud-native apps(including full Java EE) Container security on Ubuntu Cloud-native and stateful apps Deployment automation Enterprise-grade security on Open CoreRed Hat Enterprise Linux Pivotal Labs consulting method Complete Ops Management 100% Open Source5X PRICE Red Hat Innovation Labs consulting methodBRIEF COMPARISONPIVOTAL CFOPENSHIFTGARDEN & DIEGODOCKER & KUBERNETES Garden uses OCI runC backend Portable across all docker platforms Not portable across Cloud Foundry distros IP per container Containers share host IP Integrated image registry No image registry Image build from source and binary Private registries are not supported Adoption in many solutions No image build Adoption only in Cloud FoundryOPENSHIFT VS PIVOTAL CLOUD FOUNDRY11

NO NATIVE DOCKER IN CLOUD FOUNDRYConverters Are TerribleCloud Foundry is based on the Garden container runtime, not Docker, and then has RunC and Windowsbackends. RunC is not Docker, just the lowest runtime layerDocker Developer Experience Does Not Exist in PCFPCF “cf push” Dev Experience does not exist for Docker. In Openshift v3 we built S2I to provide that sameexperience on top of native Docker images/containersDiego Is Not KubernetesKubernetes has become the defacto standard for orchestrating docker containers. Diego orchestratesGarden containers and is used only by Cloud Foundry usersKUBERNETES PLATFORMSPIVOTAL CFOPENSHIFT.NET AND SPRING.NET AND JBOSS MIDDLEWARE Small buildpack service community Large docker service community Java, .NET Framework Full Java EE, .NET Core Spring Boot and Spring Cloud Spring and JBoss middleware portfolio Community CI/CD Certified Jenkins and Deployment PipelinesONLY CLOUD-NATIVE APPS No persistent storageOPENSHIFT VS PIVOTAL CLOUD FOUNDRYCLOUD-NATIVE AND STATEFUL APPS Persistent storage support12

SECURITY AND OPERATIONSPIVOTAL CFOPENSHIFTBASIC SECURITY ON UBUNTUENTERPRISE-GRADE SECURITY ON REDHAT ENTERPRISE LINUX Container traffic rules SELinux and OpenScap AppArmor integration Unprivileged containers (no root) Unprivileged containers (no root)DEPLOYMENT AUTOMATIONCOMPLETE OPS MANAGEMENT Deployment via BOSH and Ops Manager Deployment via Ansible No ops management Ops management with Red Hat CloudForms No bare-metal Built-in log management (Elasticsearch/Kibana)ECO SYSTEMPIVOTAL CFOPENSHIFTOPEN CORE100% OPEN SOURCE Proprietary (based on open source) 100% Open Source CF Foundation with 65 members Active open-source community OpenShift Commons with 200 membersPIVOTAL LABS CONSULTING METHODOPENSHIFT VS PIVOTAL CLOUD FOUNDRYRED HAT INNOVATION LABS CONSULTINGMETHOD13

CONTAINERPIVOTAL CF OPENSHIFTGarden linux container and buildpacks Native Docker linux containerbased on OCI runC backend Widespread commercial adoption Adopted only in Cloud Foundry Portable across platforms Runs Docker by converting to Garden Not portable across platforms (e.g Bluemix) No image registry Integrated image registry Private registries not supported Built-in SDN Containers share host IP IP per container All communication through load-balancer Inter-container communicationORCHESTRATIONPIVOTAL CFOPENSHIFT Diego orchestrator Kubernetes orchestrator Adoption only in Cloud Foundry Adoption in many solutions No distributed and cron jobs Distributed and cron* job support Custom scheduling Resource limits and quotas with QoS tiering Multi-cluster orchestration* Service registry only for Spring apps Service discovery for all containers Service catalog Service catalog* Config Server for Spring apps Loosely-coupled application configuration* coming soonOPENSHIFT VS PIVOTAL CLOUD FOUNDRY14

APPLICATION SERVICESPIVOTAL CFOPENSHIFT Few community buildpacks Many community Docker images Supported runtimes: Java, Ruby, Supported runtimes: Full Java EE, Java, Ruby, .NET support .NET Core support Compelling Big Data services Red Hat JBoss Middleware Spring Boot and Spring Cloud Services Microservices with JBoss and Spring Microservices with Spring Boot Third-party services Third-party services Stateful and legacy apps not supported Stateful and legacy apps not supported No persistent storage No persistent storageAPPLICATION LIFECYCLEPIVOTAL CFOPENSHIFT No container images Image build from source and binary No Docker build Automated redeploy on image update Containers run from source and binary Docker build support CI/CD Integration Spinnaker and Concourse CI Certified Jenkins CloudBees Jenkins integration Support for Jenkins slaves Built-in CI/CD and Pipeline CloudBees Jenkins integrationOPENSHIFT VS PIVOTAL CLOUD FOUNDRY15

SECURITYPIVOTAL CFOPENSHIFT Container traffic rules (in- and outbound) Containers jailed with SELinux AppArmor integration Unprivileged containers (no root) Seccomp integration End-to-end cluster security with TLS Unprivileged containers (no root) Fine-grained role-based policies Container vulnerability scanning through RedHat CloudForms and BlackDuck (partner)OPERATIONS & MANAGEMENTPIVOTAL CFOPENSHIFT Ubuntu (support partnership with Canonical) Red Hat Enterprise Linux and Atomic Host Virtual, private and public cloud Physical, virtual, private and public cloud Container metrics Container metrics Basic log aggregation Container log aggregation and management Built-in ElasticSearch and Kibana Deployment via BOSH and OpsManager Deployment via Red Hat CloudForms No operational management Complete operational management (capacity, audit, policy, forensic, etc)ECOSYSTEMPIVOTAL CFOPENSHIFT Proprietary (open core) 100% Open Source Cloud Foundry Foundation with 65 members OpenShift Commons with 200 members OCI member OCI and Platinum CNCF member Kubernetes adopted in CNCF Vibrant partner community Active open-source community Vibrant partner community Pivotal Labs consulting method for enabling Red Hat Innovation Labs consulting methodAgile and DevOpsOPENSHIFT VS PIVOTAL CLOUD FOUNDRY16

OPENSHIFT AWARDSOPENSHIFT CUSTOMERSOPENSHIFT VS PIVOTAL CLOUD FOUNDRY17

OPENSHIFT COMMONSAn interactive community for all OpenShiftPaaS Users, Customers, Contributors, Partners,Service Providers and Developers to share ideas,code, best practices, and experiences.More at http://commons.openshift.orgSpeak to a consultant and learn how we make Openshift work for you:770-546-0077shadow-soft.com or email contact@shadow-soft.comSince 2008, Shadow-Soft has been evangelizing and deploying open source software and open standardsto help customers “take the power back” from their technology vendors. Shadow-Soft provides consultingand managed services across three specialties: DevOps, Application Infrastructure, and Cloud.Atlanta, GA 770-546-0077 www.shadow-soft.com

OPENSHIFT VS PIVOTAL CLOUD FOUNDRY 8 CLOUD FOUNDRY ARCHITECTURE Required Elements for a Certified Provider: Cloud Controller, Router, Diego and Garden, UAA, Logging and Metrics CLOUD FOUNDRY ARCHITECTURE Authentication, App Lifecycle, Storage, Networking, App Services, Messaging can all be different between various Cloud Foundry providers