How TOSCA Adds Value and Portability in a Container-Centric World Topology and Orchestration Specification for Cloud Applications (TOSCA) Standard How TOSCA Adds Value and Portability in a Container-Centric World

Agenda What and why TOSCA? Definition & Mission How TOSCA addresses critical Cloud challenges for different roles (DevOps), e.g., Cloud provider/platform, Architect, Developer, Tester, etc. Update: TOSCA eco-system and status How: a use case driven technical walk-thru of TOSCA Q&A and open discussion

What is TOSCA? TOSCA is an important new open cloud standard, that is enabling a unique eco-system, supported by a large and growing number of international industry leaders… TOSCA is a machine and human readable, domain specific language, that defines the interoperable description of applications; including their components, relationships, dependencies, requirements, and capabilities…. …thereby enabling portability and automated management across cloud providers regardless of underlying platform or infrastructure thus expanding customer choice, improving reliability, and reducing cost and time-to-value.

Containment and Connectivity concepts support Composition & Reuse The collective knowledge of application and infrastructure experts are captured as reusable TOSCA models TOSCA Application Model Web Server Tier Database Server Tier Web Server DB Server Containment Web App Database PHP Module Connectivity Containment and Connectivity concepts support Composition & Reuse These concepts lead to an application-centric, holistic, unified model Reusable models extend investments by making it easy to compose more valuable and complex apps from existing apps Models can be validated by automation to ensure app-aware, policy-aligned configuration, deployment and operational semantics

“best fits” your application TOSCA enables an eco-system where service providers can Compete and Differentiate to add value to Your Applications Cloud Provider B TOSCA supports automated matching of application requirements to provider capabilities Best Fit TOSCA Apps can be designed to be portable to any cloud (including hybrid) that meets the application’s requirements Choice TOSCA App Cloud Provider C Cloud Provider A Choice of Provider that “best fits” your application Portable Avoid the “lowest-common denominator” approach… Each cloud provider competes by offering their “best fit” of unique capabilities, features, and services that match the application’s requirements

TOSCA enables holistic application lifecycle automation while ensuring integrity, security and compliance Infrastructure Changes Hot Packs Strategic Requests Operational Requests External Influences Business Conditions Development Teams Develop, unit test scripts, plans & artifacts for planned releases, patches, fixes Cloud Application Lifecycle with TOSCA Architects Model services, policies & requirements TOSCA Template Develop Design TOSCA Template Cloud Provider A Cloud Provider C Cloud Provider B TOSCA Template Test Build Operations Deploy, manage & monitor application lifecycle TOSCA Template Deploy QA Teams Build & Test releases, updates & configurations TOSCA Templates Agnostic to Cloud Infrastructure Changes TOSCA templates communicate and drive app-centric Dev-Ops and continuous delivery

TOSCA reduces application complexity independently from cloud provider Capabilities… by expressing application requirements… TOSCA Portable Cloud Application TOSCA Service Template Storage Compute1 DB Compute2 App Network Scaling Policy Application Requirements TOSCA Orchestration & Optimization Automatic Matching Infrastructure Capabilities Ring Network KVM Cloud Provider C Cloud Provider B PowerVM SSD RDMA Network Cloud Provider A 10 Gb Network X86 VM HDD Enabling TOSCA applications to be portable to different infrastructures

TOSCA eco-system is rapidly growing with support from industry leaders … and open source partners TOSCA Version 1.0 Specification approved as an OASIS Standard (Nov 2013) Government and Corporate Awareness: OASIS: 600+ participant organizations. 5000+ participants spanning 65+ countries TOSCA Committee: 170+ people 45+ companies/orgs International Standards & Research: ETSI NFV liaison, EU FP7, etc. Industry Analysts: Forrester names TOSCA as a top four cloud open standard (Mar 2014) Multi-company Interoperability Demonstrated: EuroCloud 2013 (Oct 2013): IBM, SAP, Fujitsu, Huawei, HP, Vnomic, Zenoss and others Open Data Center Alliance: TOSCA Application Portability in the Enterprise Cloud PoC (Jan 2014) Open Source: OpenStack, Eclipse, getcloudify.org, celar Associated Companies Open Source Projects

We Covered the What and Why… How: A Use Case Driven Technical Walk-Thru of TOSCA

TOSCA Application Example: Nodejs, Mongo DB on Abstract IaaS PayPal Sample App Application Tier Database Tier Node MongoDB paypal_pizzastore mongo_db WebApplication ConnectsTo Requirements Endpoint DB Database Requirements Capabilities Requirements Capabilities Endpoint DB Endpoint.DB Endpoint.DB Container Requirements Container Container Relationship ConnectsTo (can be orchestrated in parallel) mongo_dbms HostedOn Node Node.js nodejs HostedOn DBMS Node Mongo DBMS WebServer Capabilities Capabilities Container Capabilities Container Container Requirements Requirements Container Container Relationship HostedOn Requirements Container Node Compute mongo_server HostedOn app_server HostedOn Node Compute Compute Compute Capabilities Relationship HostedOn Capabilities Container Container Capabilities Container Enabled by: TOSCA Nodes, Relationships, Requirements, and Capabilities

TOSCA Model for a Complex Multi-Tier Cloud Service Database Tier mongo_dbms DBMS mongo_server Compute mongo_db Application Tier Logging/Monitoring Tier (ELK) logstash elasticsearch kibana paypal_pizza store WebApplication SoftwareComponent SoftwareComponent SoftwareComponent Artifacts Create Config Start Artifacts Create Config Start Artifacts Create Config Start Capabilities ConnectsTo Capabilities ConnectsTo nodejs WebServer log_endpoint search_endpoint Requirements Requirements search_endpoint search_endpoint Requirements Container Container Container logstash_server elasticsearch _server kibana_server ConnectsTo HostedOn HostedOn HostedOn app_server Compute Compute Compute Compute Capabilities Capabilities Capabilities collectd Container Container Container rsyslog Example: Logging/Monitoring Service for the Webshop using Kibana

TOSCA Model for Block & Object Cloud Storage Create new volume and attach to server_1 my_web_server_1 (Compute) storage_attach_1 (AttachesTo) location: /some_location my_storage (BlockStorage) my_web_server_1 Compute Attributes private_address public_address networks ports Capabilities Container OperatingSystem Requirements Attachment ... storage_attach_1 Properties location: /some_location AttachesTo my_storage BlockStorage Capabilities Attachment Properties size volume_id snapshot_id my_web_server_2 Compute Attributes private_address public_address networks ports Capabilities Container OperatingSystem Requirements Attachment ... storage_attach_2 Properties location: /another_location AttachesTo Attach same volume to server_2 my_web_server_2 (Compute) storage_attach_2 (AttachesTo) volume_id for my_storage location: /another_location NOTE: animmatted: no volume id on first server (his model has a block storage nodes without a volume id (generated for him)), 2nd server uses volume id. Able to attach to block storage consistently (pattern is always available and portable). The template has model (desired state) and orchestrator works to achieve desired state See highlighted in red (how you specify mount points) Scenario: different servers use the same storage at different mount points 12 12

TOSCA Model for Logical Public & Private Cloud Networks my_app_1 Compute Attributes private_address public_address networks ports Capabilities Container ... Bindable Connected via logical Ports nodes (via LinksTo and BindsTo) port_1 Port Capabilities Linkable Requirements Bindable BindsTo LinksTo private_net_1 Network Capabilities Linkable port_2 Port Capabilities Linkable Requirements Bindable Application Model separate from Network Model BindsTo LinksTo public_net_1 Network Capabilities Linkable Allows developers to model JUST the application bind to existing tenant networks 13 13

TOSCA Model for Containers leveraging Repositories PaaS Modeling Template author chooses to expose or hide runtime topology & implementation Container Application Modeling Agnostic of PaaS Cloud Provider PaaS on OpenStack, Cloud Foundry, Azure, etc. PaaS Subsystem (hidden) docker_mysql my_PaaS_platform Docker Hub (Repository) Container.App.Docker Container.Runtime Artifacts - my_image: type: Image.Docker URI: mysql repository: docker Capabilities Container Docker Image for mysql Runtime.Docker Hosted On Requirements Runtime.Nodejs ... Container Runtime.Docker ... Runtime.J2EE PaaS Layer exposes “runtimes” as TOSCA Capabilities Docker, Nodejs, JSP, J2EE, etc. Orchestrators could automatically retrieve and deploy a Docker image from a declared Repository TOSCA Templates can model repositories Orchestrators could dynamically “pull” from multiple repositories 14 14

TOSCA Direction to model Policies Supported areas: Placement (Affinity), Scaling and Performance with Rules that are evaluated to execute Automatic and Imperative Triggers 2 Policy Type Rule Trigger my_scaling_group 1 Policy Type Rule Trigger my_app_1 Compute Capabilities Container ... Lifecycle create configure backend_app Compute 3 web-app Compute my_database Compute Policy Type Rule Trigger Policies modeled as Requirements using Capability Types that can be attached to Interfaces or specific Operations Nodes and Groups of Nodes Abstract A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes. In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard. We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance. We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers. 15 15

TOSCA Direction to model Network Functions Virtualization Planning work with OpenStack Neutron related OpenNFV projects TOSCA liaising with ETSI NFV and OpenNFV standards work groups Support for NFV graph constructs: TOSCA Profile Drafts model SDN on OpenStack Network Service Descriptors (NSD) Virtual Network Function Descriptors (VNFD) Forwarding Graphs as sequences of Connection Points (CPs) Abstract A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes. In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard. We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance. We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers. 16 16

Automated TOSCA-based Orchestration Now Part of OpenStack Template HOT - Heat Orchestration Template TOSCA Types TOSCA Nodes Map Generate Validation Tests Validation Tests TOSCA Parser HOT Generator Deploy TOSCA-to-Heat-Translator now part of OpenStack Heat Latest TOSCA features integrated: Networking, Block & Object Storage... Implemented TOSCA relationship templates, custom types Availability to use on command line & user input param support Plans for next OpenStack release (“Liberty”) include Murano (Application catalog integration) with OpenStack client TOSCA parser available as independent Python library TOSCA Policy schema and Group schema Heat Orch OpenStack Services

TOSCA templates rendered in YAML Both TOSCA Templates and Heat HOT Templates use YAML as DSL Human readable and crisp Popular in open source projects Easy to integrate KB proposals Title: TOSCA-to-Heat-Translator in Action some key messages: TBD TOSCA YAML HOT YAML

TOSCA Benefits Summary Human readable and easy to integrate Domain Specific Language An Open Standard that models the right application abstractions Manipulate the orchestration declaratively instead of dealing with disparate cloud APIs (leave that to the TOSCA Orchestrator) Covers the full complexity of applications   All levels and tiers: Application, Middleware, Container, Infrastructure Group software components and attach TOSCA policies to convey important QoS & placement requirements Aligns with future work on monitoring Leverage pre-built TOSCA Templates, models, and definitions from distributed repositories Portable automatic orchestration (works with OpenStack now)

TOSCA Resources – Learn More TOSCA Technical Committee Public Page (latest documents, updates, and more) https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca OASIS Channel (all standards) or TOSCA YouTube Playlist https://www.youtube.com/user/OASISopen or http://bit.ly/1BQGGHm TOSCA Simple Profile in YAML v1.0 (latest committee approved draft) http://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-YAML/v1.0/TOSCA-Simple-Profile- YAML-v1.0.pdf TOSCA Simple Profile for NFV v1.0 (latest committee approved draft) http://docs.oasis-open.org/tosca/tosca-nfv/v1.0/csd01/tosca-nfv-v1.0-csd01.pdf TOSCA v1.0 Specification (2013) http://docs.oasis-open.org/tosca/TOSCA/v1.0/TOSCA-v1.0.pdf TOSCA v1.0 Primer http://docs.oasis-open.org/tosca/tosca-primer/v1.0/tosca-primer-v1.0.pdf Contact the Technical Committee Co-Chairs: Paul Lipton, paul.lipton@ca.com Simon Moser, smoser@de.ibm.com Find out more about TOSCA through these links and contacts.

Start Blueprinting Your Cloud Apps in TOSCA now! An Open Standard for Business Application Agility and Portability in the Cloud Q&A Start Blueprinting Your Cloud Apps in TOSCA now!