Cloudify 4.2 Webinar - Agility & Control
Download as PPTX, PDF1 like372 views
The Cloudify 4.2 webinar introduced a new user-role mechanism allowing better resource management within tenants by defining roles with specific permissions. Enhancements include global resources accessible across tenants, usability improvements, and security updates like Okta authentication. Future roadmap features involve service composition, blueprint versioning, scheduled executions, and edge orchestration support.
Cloudify 4.2 Webinar - Agility & Control
- 1. Cloudify 4.2 Webinar Agility & Control
- 3. New Roles ● Roles are now supported in the context of a tenant, allowing for better-defined resources separation and management. ● Roles are implemented as sets of permissions to the Cloudify APIs. ● To the existing roles of Sys-Admin and Tenant-User we’ve added: ○ Tenant-Manager Manages all resources in specific tenant(s) ○ Tenant-Viewer View-only permissions to tenant-wide resources in specific tenant(s) ○ Tenant-Operations Deploy/execute permissions in specific tenant(s)
- 4. Role = Set of permissions
- 5. The new roles allow users to have different permissions in different tenants.
- 6. Group Roles ● Upon assigning a group to a tenant, a tenant-role is required and the role applies to all users in this group. ● This mechanism allows users who belong to more than one group to have more than one role in a specific tenant. In this case, the permissions will be aggregated.
- 8. UI Templates Management ● UI Templates are the pre-defined sets of pages which the users will see upon login into the system. ● Administrators can now define templates according to users roles and tenants.
- 10. Global Resources ● Resource availability has been enhanced, and we added the new ‘Global’ option to the existing statuses of ‘Private’ and ‘Tenant’(=’Public’). ● A Global Resource is a Blueprint/Plugin/Secret that was created as either Private or Tenant, and was set to be Global by the admin. ● The Global Resources are available to all tenants on the manager, and can be used by all users who have access to at least one tenant.
- 15. Composer 4.2
- 16. Composer 4.2
- 18. Okta Authentication (SSO) • Supporting Okta authentication via SAML • Requires configuring the manager by admin • http://docs.getcloudify.org/4.2.0/manager/okta_authentication/
- 19. Management Networks • Supporting multiple management networks • Enables network selection per node at blueprint modeling/deployment time: • Segregation • Multi-cloud multi-zone configurations
- 20. Agent Installation • Secure method for installing agents via user data without leaving traces of the certificate in the log. Includes capability to use a proxy for agents communication to the manager • Direct all agents installation communication to manager through port 53333 only and only over SSL
- 21. ECOSYSTEM
- 22. 1 2 3 Cloudify with Kubernetes Kubernetes Blueprints Deploys and scales Kubernetes Clusters on OpenStack, AWS, GCP, Azure Kubernetes Plugin Deploys containerized applications on K8ns and allows integration with non-containerized apps OpenStack Deploy Kubernetes Cluster Kubernetes Deploy Kuberneres Applications VM App Cloudify Provider Deploys open cloud infrastructure providers for Kubernetes, such as networks, load balancers Kubernetes Use IaaS Resources as Providers App https://github.com/cloudify-examples/simple- kubernetes-blueprint https://github.com/cloudify-incubator/cloudify- kubernetes-plugin https://github.com/cloudify-incubator/cloudify- kubernetes-provider API API API
- 23. Kubernetes Integration ● cfy-go ○ Cloudify Rest Client ○ Cloudify CLI ○ https://godoc.org/github.com/cloudify-incubator/cloudify-rest-go-client ● CFY-Kubernetes (Cloud Provider) ○ CFY-Autoscale (Kubernetes Modification) - Currently early stage ○ Kubernetes Cluster Blueprint ○ https://github.com/cloudify-incubator/cloudify-kubernetes- provider/releases/tag/0.0.0%2B7 ● Cloudify Kubernetes Plugin
- 24. Plugins ● Openstack Plugin (2.3.0) ○ No Management Network Name property ● Cloudify GCP Plugin (1.1.0) ○ Install Agents via Init Script ● Cloudify Utilities Plugin (1.4.0) ○ File handling ● Cloudify Kubernetes Plugin (1.3.0) ○ State Verification (Delete) ○ Pod State Verification (Start)
- 25. Thank you
- 26. Roadmap
- 27. Roadmap Cloudify Manager ● Service Composition: Consume existing, running deployed services with new application blueprints for service composition and building microservices architecture. ● Application Blueprint Versioning: The ability to upload new versions of application blueprints, and apply them selectively to running deployments ● Secrets Enhancement ● Resuming Failed Workflows: Built-in ability for Cloudify Manager to resume from the last successful execution point. This is useful when the workflow fails due to infrastructure allocation error, quotas, etc. ● Scheduled Workflow Execution: The ability to schedule a workflow execution at a future time, such as scaling the number of web server VMs at a certain time of the day. ● Edge Orchestration: support for large distributed environments, and enablement of orchestration close to the workload itself (federated management architecture) ● Full TOSCA support and advanced orchestration capabilities via ARIA engine
- 28. Roadmap Cloudify UI Framework ● Notifications Handling ● Unified view for a multi-manager environment Cloudify Composer ● Easy, graphical Service Composition creation ● Built-In templates and examples ● Enhanced integration with the Cloudify Manager