This article is in continuation of previous two articles where in I have discussed about creating docker Images with IBM Containers and using Bluemix delivery pipeline to bind bluemix services to IBM Containers. This article more focusses on porting applications and their middleware runtimes to IBM Bluemix in a containerised fashion.This article is applicable to all the Industry verticals keeping in mind the fact that these are just applications Implementing the functionality of these verticals from a Infrastructure perspective. The use cases are wrapped as an application archive file which is deployed onto suitable runtime.
Application Porting Benefits
There are multiple benefits attached to porting application Infrastructure to Bluemix PAAS, few of which are as below:
a) It helps reducing the hardware cost of running middleware infrastructure in localized data centers.
b) Benefits of leveraging run-times in data centers across regions (US,UK and AUS) for high availability.
c) Easy to meet NFR such as scalability and high availability.
d) Quick Integration with new Innovative and value add IBM and third party services available on platform which helps understand the behaviour and result of their Integration with application. This helps in quick capability enhancement of application and add value to business.
e) With the availability of DevOps capabilities, management of application Infrastructure is quick and easy.
When to go for container based approach
It is better to go by container based approach primarily when the application runtime needs middeware (e.g Java/J2EE) with flexible memory and performance requirements.
There are several benefits attached to containers as mentioned below:
a) Availability of variable memory and storage models.
b) Public/Private IP.
c) Multiple Ports assignments in single container.
d) Scalability and High Availability through Scalable Groups.
e) Auto-scaling container groups
f) AppScan Vulnerability Assessment
g) Easy Integration with existing Bluemix Services.
Availability of variable memory helps in sizing application server and database runtimes memory maps to increase the performance for production by tuning the heap memory etc.
One can publically expose the application using Public IP and for the components which doesn;t needs to be expose private IP could be allocated for Internal calls. One also has the flexibility to expose multiple ports for the application benefit. By binding Bluemix services to current docker container one can call these services from their applications.One can refer below recipe for details:
Scalable groups helps in achieving high availability in same space, same organization and across Bluemix regions. The containers are automatically front ended by a High-Availability (HA) Proxy Load Balancer to distribute the load across multiple instances. Just including the containers in a group made this possible without any need to explicitly request the HA Proxy Load Balancer. In autotrecovery mode (if enabled), If a container goes down for whatever reason, its automatically restarted. Bluemix is responsible for monitoring the state of the container and taking corrective action whenever the actual state does not match the desired state. This way one can ensure scalabillity, high availability and failure recovery with containers which are one of the Important NFR for any Infrastructure.
Identify Components and Services
Before starting the migration activity one needs to identify the various Infrastructure components and services Involved in overall application architecture in current in-premise setup to containerize. This will not Include the hardware infrastructure as this will be taken care of on PAAS. The middleware runtime Infrastructure aspects will Involve:
a) Application Server run-time.
b) Database run-time.
c) Integrations (Both Internal and External Services). e.g IOT, Cognitive, Hybrid etc.
d) Security (AAA and TLS) configurations.
Where in performance could be a secondary aspect and could be dealt on later once the end-end topology and other NFR’s such as security has been established. As a best practise one should follow 12 factor rules for application code.
Identify Pattern to be used for API calls
It is Important to define patterns to call application API from external services as this will help throttle API calls and exposing this containerized application as a microservice to other applications running on PAAS going forward.One of the approach is to use API Gateway in front of this application and controlling or managing the API calls. This approach will also help in adding security and auding to the API calls apart from other benefits such as exposing application as microservice for other services to consume.
Bind and Integrate Bluemix Services
One can Bind and Integrate existing Bluemix services to their container instances so as to leverage their capabilities in their application. This will not only help modularize the application but also help in leveraging microservice based approach.
Database and Middleware Integration
Integration with External Services
One can Integrate with external services by exposing the middleware port in the docker image, the port can be secured using SSL configuration in middleware.
Create Docker Instances
Once application components have been identified one can go for creating or using existing docker Images to create IBM container Instrances to run applications. For application server run-time one could go for Liberty container which is readily available or could search in Docker hub to match their specific requirements. If one need to create a fresh docker Image one could refer the below recipe for details if it helps:
and write Dockerfile meeting their specific middleware or database requirements. One can refer below article to make use of Bluemix delivery pipeline to deploy multiple docker Images and Instances with ease.
Once the application server and database run-times have been created one can associate the data volume to this database.
The Integration between middleware and database docker Image could be established by linking the containers togather. The linking of Images is done and supported at the time of Instance creation as per design. When a container is linked to another container in the same space, IBM Containers create a host entry on the recipient container for the source container. One can use an alias to refer to source container, rather than a specific IP address that might change frequently. Whenever one want a single container to communicate with another container that is running an image, such as dbimage,one can address the container by using an alias for the host name, such as dbserver. With this capability, one can create a webserver image that refers to the database server image by using the dbserver host name, regardless of what its IP address or actual name is. One can run many instances of the pair in the same image without having to hand-off configuration or IP information. One can always refer to the database server as dbserver.
sudo docker run –name wildfly –link mysqldb:db -p 8080: 8080 -p 9990: 9990 -d wildfly-mysql
The value provided to the –link flag is sourcecontainername:containeraliasname.
The Bluemix platform secures data-in-transit by securing the end-user access to the application by using SSL, through the network until the data reaches IBM DataPower Gateway at the boundary of the Bluemix internal network. IBM DataPower Gateway acts as a reverse proxy and provides SSL termination
Security for both data-in-use and data-at-rest is your responsibility as you develop your application. One can take advantage of several data-related services available in the Bluemix Catalog to help with these concerns.
Configuration of security is one of the Important aspect of any Infrastructure. Transport level security (TLS) plays an important role when it comes to data in motion security. One needs to configure security in underlying middleware end-points to secure (encrypt) data orginating and ending at application. These end points are some times referred to as Web container threads. Each middleware has different steps to configure TLS and one can refer corrosponding manuals for details.
For authentication, authorization and access control (AAA) one can either connect with organization’s directory server through secure channel or security server options available on Bluemix i.e
a) SAML Enterprise
b) Cloud Directory
c) Social Identity
Flexible Memory Model
IBM containers provides flexible memory models which provides choices among native memory and local storage to help host applications.
If heap or native memory requirement is high for certain middleware application, one can select the models appropriately and tune the Java based application or database run-time accordingly.
CPU and Memory Scaling
One can scale containers within container groups based on CPU regression as container groups offer the possibility to auto-scale container group instances based on the CPU and memory that is used by the app. You can define auto-scale policies that determine when a container instance is added to, or removed from the group. In this way, one can automatically scale your container group based on your app’s workload. The auto-scaling options will appear when you create your container group.
Note: Currently, the Auto-Scaling beta is available for the London region in the new Bluemix console.
Porting Infrastructure by Containerization to Bluemix is quite beneficial and helps customer in terms of manageability and reducing cost.
Multiple environments could be created on Bluemix platform by optionally leveraging capabilities mentioned in above sections. Delivery Pipeline capabilities of Bluemix DevOps could help replicate environments in minutes for different purposes such as dev, test or uat. Similary one can have separate customer environments etc. There are multiford benefits associated with this such as quick environement setup which could help immediate development or testing application capabilities to acclerate goto market, one can also lower local Infrastructure cost by leveraging Bluemix resources.