CloudConf 2017

News coming these days about cloud solutions and devops sees Amazon, Google, Microsoft like the biggest players of the world providing a better place to devops. More and more applications now are cloud native and get its power from the cloud platform.

image

CloudConf is one of the important European event, to take stock of the situation about what the major player of the world are doing. This year the event marks 500 Attendees: all people interested and involved in what is going on in the development using the public cloud world. Let’s see in depth

Keynote about Docker by Diogo Mònica

Doigo, security lead at Docker (https://twitter.com/diogomonica), introduces security concepts behind docker swarm taking “the Orchestra” as an example of the orchestrating elements and processes. In fact this concept stays on top of microservices because the growth of the element of a cloud native application (3rd app generation) requires a secure way to govern all its parts.

Talking deeply inside the security under cluster runtime, these are the things you should be worried:

  • Mitigate external attacker: is important to explicit all access in and out from container, by using ports and authentication/authorization
  • Mitigate internal attacker: allow and disallow access between containers setting correct permissions and authorization
  • Mitigate MiTM (Man in the middle) Attacker –> Encrypt all control and data plane
  • Mitigate Malicious Worker: Only one manager must authorize/push a Worker in its cluster. No cross pulling/pushing from any other cluster.
  • Mitigate Malicious Manager: No way to run arbitrary code in worker and deny access from to secret material and no ability to spin up unauthorized nodes/impersonate existing nodes and service-service communication.

image

Soon I’ll link slide and further info about this speech.

Keynote Machine are Learning by Danilo Poccia (AWS)

Danilo Poccia, Technical Evangelist at AWS, holds a “lectio magistralis” about artificial intelligence and machine learning, taking also about the historical example of the first machine learning model to take prediction: Arthur Samuel (https://en.wikipedia.org/wiki/Arthur_Samuel)

The ability to make models and reinforce them, making changes during the time, is one of the feature of the machine learning engine in AWS services like:

  • Amazon Rekognition: Face Recognition
  • Amazon Polly:  a voice recognition
  • Amazon Alex: a LEX to build voice

image[7]

Soon I’ll link slide and further info about this speech.

What’s cool

Microsoft with Azure for Iot and data ingestion, provides a cloud platform to build a solution using a platform as-a-service called “Analytics & Iot”.

image

In depth, Azure Iot Hub is a great solution for handling device life cycle in IoT implementations, simply integrating the ability to develop a solution using HTTP, MQTT and AMQP to handle device communications.

CloudItalia (http://www.clouditalia.com), a cloud/telco provider, represents the foundation where applications could be developed and resident in Italy. With a big network infrastructure and converged/hyper-converged solutions, this provider enters in the top 10 of biggest Italian provider. The speech in depth talks about software defined storage with Tintri. SDS near SDN and computing represent only 1/4 of the cloud resource pool but in 90% of cases determines the success of an IaaS solution. Thinking about storage and the other elements, HCI represent the best solution for the cloud oriented market, but in some cases storage consumption doesn’t follows computing consumption and this often happens for providers which sell DRaaS and Storage as a Service. In this scenario Tintri is a solution build around the concepts of scaling up simply adding a block and no more storage administrator skill is needed during deploy and operations.

Another interesting fact comes from some system integrators that are now evangelizing cloud native applications and its platform where deploy and scale (eg: Docker).

My thought: where to start choosing cloud?

The first though that bring companies to cloud adoption is: << Cloud will save money!>> and suddenly a big fear comes in their mind: << What about my data?>>. Just to demistify and isolate cloud providers from all “fakes” let’s say that data are located in a defined region/place/datacenter and a real cloud provider is notifying you in every moment.

Another worry comes from the question: how to move in and out data/services from the cloud provider? In that sense, cloud is not a way to save money; cloud is a way to bring a money investment more efficient. For this reason you should consider cloud as a starting and an endpoint of your final environment, keeping the governance out of these boxes. And that’s always what system integrators recommend for public and hybrid cloud adoption: keep data and service governance in your company and use public cloud only to consume computing/network and storage.

But before start building my application:

  • what as-a-service model buy?
  • what cloud be a risk and not in a “full” cloud adoption?
  • what happens if my application needs more and more computing power during the time?

Well, answering to this question the first thing to do is create you app building block, draw a line where and place every block:

  • region up: if there are cloud services able to do it and you must do it now and/or with no available developers
  • region middle: if some pieces must reside inside the company and scaling is admitted only for scaling purpose
  • region down: all pieces must be developed and resident inside.

If all pieces are placed down you’re not developing a cloud native application or you’re the owner of many datacenter spread across the world. If all goes in region up you’ve to pay attention to choose multiple cloud provider.