Slides from Isolation Segments overview at CF Summit EU 2016

1. Update on Cloud Foundry
Isolation Segments
(formerly Elastic Clusters)
Dieu Cao, Pivotal Software
27 September 2016

2. LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
api.a.example.com
Start with 1 Cloud Foundry

3. LB
GoRouter
Cloud Controller
BBS
Cells
Logging
api.a.example.com
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
api.b.example.com
api.c.example.com api.d.example.com
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging

4. LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF
LB
GoRoute
r
Full CF

5. Operational Concerns
• Keeping roles/permissions in sync
across each deployment
• VM costs
• Deployment complexity
• Maintenance costs

6. Can we reduce the overhead?
• Shared cf management tier okay?
• Yes
• Low latency between cf deployments?
• Yes

7. What’s an Isolation Segment?
• Isolation Segment
• a group of Cloud Foundry
resources (compute, network, and/
or logging) to which applications
can be directed for deployment.

8. What’s in a name?
• Placement Pools
• Isolation Groups
• Elastic Clusters
• Isolation Segments!

9. LB
GoRouter
Cloud Controller
BBS
Cells
Logging
api.a.example.com
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
api.b.example.com
api.c.example.com api.d.example.com
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging

10. Compute LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
Red
Isolation
Segment
LB
GoRouter
Cells
Blue
Isolation
Segment
Cells
Green
Isolation
Segment
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
Cells
LB
GoRouter
CellsCells
api.a.example.com
CellsCells

11. Possible UX - Milestone 1
• As a cloud controller admin:
cf create-isolation-segment blue
cf bind-isolation-segment blue
-o MyOrg -s development
• As a space developer:
cf push

12. Possible UX - Milestone 3
• As a cloud controller admin:
cf create-isolation-segment blue
cf associate-isolation-segment blue
-o MyOrg
cf associate-isolation-segment green
-o MyOrg
• As an org manager:
cf bind-isolation-segment blue -s development
• As a space developer:
cf push

13. Routing &
Compute
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
Red
Isolation
Segment
LB
GoRouter
Cells
Blue
Isolation
Segment
Cells
Green
Isolation
Segment
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
LB
GoRouter
Cells
LB
GoRouter
Cells
LB
GoRouter
Cells
api.a.example.com
CellsCells

14. Routing &
Compute
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
Red
Isolation
Segment
LB
GoRouter
Cells
Blue
Isolation
Segment
Cells
Green
Isolation
Segment
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
LB
GoRouter
Cells
LB
GoRouter
Cells
LB
GoRouter
Cells
api.a.example.com
CellsCells

15. Routing,
Compute,
& Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
Red
Isolation
Segment
LB
GoRouter
Cells
Blue
Isolation
Segment
Cells
Green
Isolation
Segment
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cloud Controller
BBS
Cells
Logging
LB
GoRouter
Cells
Logging
LB
GoRouter
Cells
Logging
LB
GoRouter
Cells
LB
GoRouter
Cells
api.a.example.com
CellsCells

16. Trust between components
• The management plane
authenticates/authorizes
components in a segment for
particular workloads

17. Current progress
• Proposal for Isolation Segments
• Your feedback needed!
• https://goo.gl/1Tnpdz
• Milestone 1, before end of the year!
• Additional proposals coming
• Routing & Domains
• Logging
• Trust between components

18. Questions?
Thank you.
dcao@pivotal.io · @dieu, in CF OSS Slack