VMware Lightboards - VMware Enterprise PKS, 21 Nov 2018

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: Why Bosh? Part 1: BOSH Unique Capabilities

Description

In this two part video series, James Watters, SVP Products at Pivotal, talks about the benefits and capabilities of BOSH, a key component of VMware PKS.

In this first video, James explains how BOSH changed the game in the open source community with embedded OS management, API provision, and a rolling update frame to eliminate application downtime.

Link to part 2: https://youtu.be/HoY5KgYcx0I

For more information, please visit the VMware PKS website: https://cloud.vmware.com/pivotal-container-service

A

Hi I'm James and thanks for tuning in I, want to talk a little bit today about the history of this very important project that originally was built at VMware. Now the core of pivotal x' platform called Bosh.

A

It was started back in 2010 right here in VMware's headquarters, when a couple of really great Google engineers came to VMware to build cloud scale, automation and that's the that's the backstory to Bosh we're gonna talk a little bit about how some of that Google scale, Google purity cloud native thinking, made Bosh I think one of the most underappreciated but powerful pieces of technology the enterprise's are using today.

A

So the name Bosh was a reference to google borg, the next two letters in the alphabet after orangey or S&H and start from the start. The idea was to build the plus plus version of borg for enterprise users and with an idea of doing it on any cloud. Now. What are some of the design thinking that went into that? The first debate that was had was, should this kind of declarative automation, the scheduler at the heart of Cloud Foundry in the platform support any operating system or a more rarefied list of operating systems.

A

One of the really brilliant decisions that was made by the original Google core engineering team at VMware around Bosh, was limiting Bosh to have one embedded operating system. I like to ask every enterprise organization: I mean how many operating systems does your ex Fortune 1000 company have almost always there's a pause. People start to consider and I've rarely left the room without at least 50 to 60 different versions, let alone patch levels of operating systems now I.

A

How many did these engineers we were working with to build Bosch deal with at Google at Google scale of millions of servers and answers? One something called the Prada image is the only operating system that almost everything at Google runs on and so from the start. By embedding the operating system into Bosch, it really changed the game on how enterprises consume an automated infrastructure.

A

It raised that abstraction such that the embedded OS was managed by the platform, and so, as you go to patch things, that's built in and a lot of organizations are looking at Bosch purely from an OS automated patching perspective, because that's just so painful for them today. But I want to talk about a few other, really critical design decisions that went into making this powerful, because these three features really work together.

A

The next decision that was made is that it would have API only infrastructure, provisioning and so in some organizations a virtual machine is provision and then a series of scripts or hand tasks kick off to start configuring, that operating system or installing the operating system to exactly what it needs to do, the jobs that it needs to run in Bosch, that's called the CPI or the cloud provider interface and it's a series of 15 api's that make provisioning virtual machines, disks and networks.

A

Calm in across both VMware infrastructure and api's and public cloud.

A

Now why does this matter so much to getting to high scale automation, if you think about how these two features work together, now there's an embedded operating system in every virtual machine that is created by Bosch, so Bosch knows exactly what it's starting with the second thing. It knows that it's created that virtual machine only through an API, and it knows exactly how everything is running on it. That virtual machine created by Bosch then has a Bosch agent, which knows every job that needs to run.

A

This is very different than what I would call the random VM chaos that some organizations battle with, where they provision a virtual machine for a business union or user and a unit, and then that virtual machine is configured by the business unit with a series of operational scripts and then, if anything goes wrong, they still call the operations team to say: hey this isn't working and the Bosch world. We know exactly what the operating system configuration is, and we know exactly all of the jobs that have been configured to run in that virtual machine.

A

If any of these processes in any way malfunctions or needs restarted, Bosch the Bosch agent knows how to do that, and so it can constantly keep everything that it has in that declared state and healthy. We'll talk a little bit more about that, but that's sort of step, two in the magic of Bosch and again, that's google scale like thinking and control when you're at Google scale and a process dies on 1/2 of 1% of the system's.

A

That's still a massive amount of workload that you've lost, and so this kind of low level high availability thinking has been designed into Bosch from the start. The real final piece of magic, though, is it brings together that embedded operating system and the API only provisioning to say I not only know how to run these jobs. I know how to upgrade them all to version 2 from version under version 2, in a rolling update.

A

This is powerful because it allows boss should be one of the only systems on earth right now that is upgrading many enterprises on a daily basis between version 1 version, 2 and version 3 of anything running on the platform. A really critical example of this might be version. 1.1 is a CV, II, think, Specter or meltdown when Intel discovered that vulnerability. How are you going to apply tens of thousands of updates with Bosch?

A

Our users were able to push a single button, Bosch update with PCF and that embedded operating system that we're managed was updated in a rolling way through api's. Through this approach, these three features working together, have changed the entire way organizations run. Wells Fargo presented its spring one platform that they're able to completely rebuild everything they have from scratch with Bosch every three days and what this gives them from a security perspective is a new way of playing the game. Every virtual machine has a time to live of three days in their example.

A

That means, if there's malware on this system, its recreated every time there's a Bosch update. So malware is much harder to be a threat. The cv ease of the virtual machines are updated every three days as well. A major CVE comes out, we've tracked on average once a week that needs to be applied by our clients. Some users before would wait months and months and months to apply those critical updates now with Bosch their pre tested and API, driven to be rolled out again.

A

That comes back to knowing exactly the state of the operating system, the virtual machine that we're updating we're able to make those updates with confidence. You know I was just talking with a client today, and they said that sounds great. But how do you do it with confidence? It's really. These features working together into the design of Bosch. Inspired by that google scale and control the final thing that Bosch does every time it does an upgrade. Is that secrets and credentials.

A

Are all recreated so now you have a time to live on secrets and credentials running in the platform of only three days or classically called password and secret rotation. So all of those things are core features inspired by Google, but now proven to run you know, half a million or a million or more containers in production in enterprises with PCF.