Connect with us


Internet inside out: Kubernetes becomes the service delivery engine of the data center



VMware embraces Kubernetes a little more: Why this time it matters
The open source workload orchestration system that has already remade the data center could soon be at the center of the biggest virtualization platform that enterprises already use today. The seed for a new industry may be planted whether enterprises know it or not. ZDNet’s Scott Fulton tells Karen Roby this could be the foundational move for a new and better way for people everywhere to use applications on their computers and devices – that is, if the third time is really the charm for VMware. Read more:

When a smartphone manufacturer reveals a new model to a captivated audience, what it’s trying to do is leverage the tools of fashion marketing to make subtle, and often semi-relevant, changes to its product line exciting and motivating. Look, the manufacturer beckons, we changed the way our corners are rounded, we relocated the button you don’t want to a place you won’t notice it, and we removed the one button you do want because, hey, it’s fashion!

Smartphones succeed or fail not because of the placement of their buttons or the smoothness of their corners, but as a result of how their operating platforms deliver services their users want. Windows Phone failed not because it was a bad phone (it wasn’t). It could not deliver the services users wanted, in the way they wanted them.

Service delivery is the make-or-break issue in the technology business. If your service fails to be both innovative and efficient — a pairing that’s much harder to achieve than it too often seems — it will fail in the market. Every successful technology product was built on a successful technology platform. The product that fails is the one whose platform was left behind when the service delivery model moved beyond it. Just ask BlackBerry.

Kubernetes is a service delivery engine. It takes a workload that produces a service engineered for people to use simply and methodically, and distributes it to the locations where that workload may be used most efficiently. And now, just as importantly, Kubernetes supports methods that make that workload more discoverable, both to the people whose applications are looking for them, as well as to other workloads that may cooperate with them. The way these methods are being implemented, DNS — the system that resolves names to addresses on the Internet — may be rendered redundant or even unnecessary.


The new definition of network automation

Brendan Burns, distinguished engineer at Microsoft and Kubernetes’ co-creator, believes that developers of software and services will now begin paying attention to the ideal that the services everyone is building will need to play nicely with one another.


Microsoft Distinguished Engineer Brendan Burns.

“I think a lot of what people are going to start automating is the ways in which services work together,” Burns told ZDNet.  “Even just mundane things like access control — if you think about how you authenticate one service to another service, there’s a lot of very mechanistic stuff today in order to make that work, be it issuing and rolling certificates, or using an identity system. Those things are conceptually very easy. You say, ‘I want to have a new user named Scott, and I want him to be able to call this service.’  Actually putting that into an operable, managed system is not simple.

“That’s an example of the kind of stuff that’s required,” he continued, “but doesn’t get done because it’s too hard. Developers say, ‘Well, they’re all my systems, and we’re all friends, so we’re going to have one token and I’m not going to differentiate.’  And then somebody spins up a development mode test, they send it to production, and they take down production because they doubled the traffic on the production endpoint. Whereas if they’d had access controls to differentiate between production traffic and developer traffic, they could very easily shunt off that developer traffic.”

Burns’ example points to a problem with most network automation today, especially with a first-generation virtualization platform. Software developers need the means to test the efficacy of their services before making them available to general customers (“sending them to production”). Most organizations don’t have the resources to give developers their own fully isolated, scale-model networks with which to test their works in progress. So test traffic has to cohabit the same network as production traffic.

VMware has tried to implement a way to segregate network traffic by workload class, using a methodology it introduced called microsegmentation. Think of it as a system of software-based firewalls on the server side, applying access control policies and behavior management rules that apply to specifically identified services. Firewalls enforce behavioral policies on communications systems that may not have “good behavior,” however that may be defined, built in — but they typically do so after the fact, once the services they marshal have already been deployed.

The more evolved system that Burns envisions is one where rules of a sort are capable of specifying how the orchestrator should respond to these requests, fulfilling a role not unlike VMware’s microsegmentation. He points to Microsoft’s Azure Functions mechanism as a way of developing orchestrated responses to certain events, such as an increase in size for an online storage bucket, or an incoming request for data. But he envisions less code, not more. The result would be an orchestration platform that’s capable of moving a service, even while it’s running, to an area of the platform whose importance is sufficient for the quantity and priority of the work it’s performing.

The culmination of Burns’ ideal system includes this concept of the service mesh. If you’re familiar with the idea of software-defined networking (SDN), you know that inside a data center, addresses can be applied to services and other workloads, not just servers and hardware. This is perhaps the catalyst for the entire containerization movement: the fact that a workload has its own address.

When the Internet first became the backbone of a commercial market, servers were given domains, and those domains were mapped to IP addresses. Those domain names typically identified the corporate owners of the servers, and subdomains identified the departments in charge of those servers. So addresses reflected the budgets of their corporate owners, not the work they did.

Up until recently, the destination point for a request from a service over an enterprise network, happened to be the address of a virtual machine (VM) where that service was being hosted. Containerization changed that relationship. In enterprises where Kubernetes oversees this level of infrastructure, the orchestrator can direct that request toward the service itself. There may actually be many copies of that service running simultaneously, so this re-routing process now incorporates what older architectures still call load balancing.

What could replace DNS

The Domain Name System (DNS) of the Internet translates URLs — the names for the owners of network space — into the numeric addresses to which data packets are routed. Enterprises that conduct business and commerce online use these addresses as gateways, which are transfer points between the outside Internet and inside the data center. There, machines still have IP addresses, but they use a different logic than the system that supports the Web. In fact, many enterprise networks use overlays, which map one set of addresses onto another. The overlay map can be changed pretty much as necessary, enabling a system where a service or an address may be reliably called using one address, and the request can be relayed to wherever the other one happens to be today. This is one of the methods required to enable workloads to be relocated from one server to another, physical or virtual.

Using DNS to resolve which function belonged in what domain has always been a performance bottleneck. Containerization takes the first step in breaking that bottleneck. Service mesh takes a giant leap further. Because microservices are both highly portable and highly volatile, a service mesh employs active agents to locate where workloads have moved. Think of how the wireless telephone network must use logic to resolve where a customer’s device is located — logic the wireline network could never have employed — and you’ll get the basic idea.

Here’s where the revolution begins to do real damage to the old system. The way services on the Internet have traditionally worked required a sophisticated method of location called service discovery. (I’d compare it to a kind of telephone directory that had pages that were yellow, but I can’t just say “yellow pages” without potentially getting into a trademark dispute.)  It was a way of leveraging DNS to resolve the issue of which IP address represents what service. In 2015, when containerization first caught fire, before the advent of Kubernetes, it seemed service discovery could be its ultimate, unresolvable bottleneck, the point where connecting the new world to the old world would prove impractical or even impossible.

As happens surprisingly frequently in the history of technology, service mesh architecture was created by a handful of different engineers simultaneously. At its outset, service mesh was a way for services distributed within a network to find each other and to make use of one another, especially so applications that essentially use the same library functions wouldn’t have to maintain duplicates of the same code. When a function inside a container has a dependency linking it to library code, that code need not be contained within the same unit at the same address — the service mesh can resolve dependencies such as this in real-time. With Istio and other service mesh platforms, each service’s identity and access policies are maintained in an exclusive service registry, which is used instead of the conventional DNS lookup function. This way, in a perfectly meshed data center, all functions can be interoperable with one another. And if each service can find a way of declaring its own purpose, the service discovery problem could be solved — at least within the enterprise network boundaries.


Avi Networks service mesh architecture.

Avi Networks

Originally, the service mesh’s purpose was to help workloads inside a network make contact with one another. But communications networks throughout history rarely stay bottled up for long. Late last year, SDN tools provider Avi Networks began promoting the idea of leveraging its existing service platform, called Vantage, as a mechanism for extending service meshes such as Istio beyond customer premises and into multiple public cloud spaces. This architecture could enable cross-platform service discovery, which would arguably preclude the need for DNS — one of the defining services of the Internet — in many cases if not all.

If you recall the name “Avi Networks,” you’re a regular ZDNet reader. VMware acquired Avi last June, and announced the following August it had already integrated a good chunk of Avi’s engineering into its NSX network virtualization platform.

Like all technologies born from service-defined networking SDN, a service mesh has a control plane kept separately from the data plane. This way, the controlling functions of the mesh are bound tightly together, giving applications their own address space and their own traffic flow. Think of service mesh as the evolved form of a network overlay: a system where the routes are developed organically, and the policies for using those routes are determined and enforced along the way.

The Service Mesh Interface

VMware’s work follows up on innovations completed just weeks earlier at Microsoft. Last May, Microsoft’s Burns, along with colleague Gabe Monroy, announced their introduction into the community of a concept called the Service Mesh Interface (SMI), which is a way for different mesh platforms built around Kubernetes (there are quite a few) to connect with one another and share accessibility.

Monroy’s explanation at that time speaks to the tremendous implications for the evolution not only of data center networks, but network security: 

“Today with the explosion of micro-services, containers, and orchestration systems like Kubernetes, engineering teams are faced with securing, managing, and monitoring an increasing number of network endpoints,” he wrote.  “Service mesh technology provides a solution to this problem by making the network smarter, much smarter. Instead of teaching all your services to encrypt sessions, authorize clients, emit reasonable telemetry, and seamlessly shift traffic between application versions, service mesh technology pushes this logic into the network, controlled by a separate set of management APIs.”

It would turn the Internet inside out, at least insofar as its job as a provider of services is concerned.

Brendan Burns explained it this way: “The Service Mesh Interface is really more about interoperability and building an ecosystem than anything else. There’s two different personas in any ecosystem: tool vendors or utility vendors, and end users. In both cases, having an abstraction between those two makes sense. You see this all over computing: We have standards so that multiple vendors can sell the same thing, and they work with the user. A good example would be USB. Every single person who makes a Bluetooth headset or keyboard can build a USB connector, and know it will work for the user. For service mesh, that’s really important, because if you’re building a tool that, say, knows how to do canary releases, if you have to tightly bind it to a specific service mesh implementation, then you’re limiting your available customers to only those people using that service mesh. If you write a really great tool, but it only works with Linkerd, then everybody who uses Istio can’t use your tool, even if they love it.

“If I’m a user, especially in a new technology world, and buying something new, it’s scary if I’m wedding myself deeply to the implementation,” continued Burns.

So in the near term, SMI will enable service mesh implementations to be interchangeable, making services independent from their implementations. In the longer term, it could pave a route for a universal service mesh concept to bridge the gaps between these implementations, producing a kind of network of networks. . . which is coincidentally the image Vint Cerf had in his mind when he first tried to explain his idea of Internet Protocol.

With this, a big chunk of the 20th century Web could find itself escorted out the back door.

Learn more — From the CBS Interactive Network


Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


2021 Audi RS7 Sportback Review – When you can only choose one



If your dream garage only has space for one car, you could do a lot worse than fill it with the 2021 Audi RS7 Sportback. Not for nothing has the A7 carved out a space at the top of luxury four-door fastback list. Mercedes’ CLS may have got there first, but Audi’s pared-back styling refined it, and the A7 has arguably come to epitomize the “four-door coupe” category.

The RS7 takes that pretty base and packs it off to Marine bootcamp. With an even crisper body kit, more aggressive wheels, and of course a burly twin-turbo V8, the $114,000 Sportback will still cosset just as neatly as an A7 can, but now you get 591 horsepower and 590 lb-ft of torque to play with. 0-60 mph arrives in 3.5 seconds, the 4.0-liter engine keeping things going to a top speed of 174 mph or – with the $8,500 ceramic brakes package – 190 mph.

Even among Audi’s handsome line-up, the RS7 stands out. My Tango Red Metallic review car was hardly a surreptitious shade, though the $1,000 sport exhaust’s burble turned heads even before the bright red paint job came into view. It’s wider and sharper in the detailing than the regular A7, trading some of the timeless elegance of that car’s curves and strakes in favor of aggressively gaping grilles and vents.

The $2,750 Black Optic package throws on black exterior trim and gets you the glorious 22-inch V-spoke matte titanium wheels. 21-inchers are standard and would probably help smooth out some of the rumbles over lesser asphalt, though with its standard RS-tuned adaptive air suspension in Comfort mode it’s surprisingly compliant.

Though you could cruise around like that, better to switch to Dynamic mode where the RS7 has the goods to back up its looks. Quattro all-wheel drive is standard, as is a sport rear differential and electromechanical progressive steering. You also get four-wheel steering. The combination of raw power and tech means it’s exceedingly easy to make the RS7 go very, very fast.

Some recent S-badged Audi models have been dinged by virtue of being a little too restrained in their sportiness. The RS7 makes no such stumbles. Wet roads, snow, slush, tight turns or lengthy straights, nothing seems to make a difference to how willing the Sportback is when it comes to throwing itself forward and gripping until it’s your nerves, not the adhesion, that gives.

The 3.5 seconds to sixty sounds, frankly, conservative: the RS7 snarling through its achingly rapid 8-speed Tiptronic transmission. But don’t go thinking this red rocket is a one-trick pony for the straight line: the addition of rear-wheel steering and that trick differential swings the power around predictably and potently. It’s a sweet balance of the reassurance of Quattro and the purist pleasure of rear-wheel drive.

I didn’t have the carbon brakes and I can’t say I felt I needed them. The standard steel versions – comprising ventilated 16.5-inch front discs and 14.6-inch rear discs – don’t lack in bite. As for the 48v mild hybrid system, it’s more there to smooth out the stop/start system and keep the electronics running.

As a result, thirst can be an issue. The 2021 RS7 is rated for 15 mpg in the city, 22 mpg on the highway, and 17 mpg combined. They’re about realistic, if you drive it as you might an A7 but, of course, you won’t.

Inside, the A7’s cabin gets a makeover to leave it feeling suitably special. The core niceties remain: a dual touchscreen infotainment system, with Bang & Olufsen 3D Premium sound, four-zone climate control, power sunroof, and Sirius XM. Audi’s MMI keeps getting refinements: it’s clean and crisp, easy to navigate, and the lower display keeps things like HVAC controls available persistently even if you’re projecting Apple CarPlay or Android Auto up top. Dedicated buttons for the drive modes are joined by an RS button on the wheel, which you can configure to your choice of settings for one-touch access.

The $2,500 Executive Package extends the leather and adds heated rear seats, power soft-closing doors, and a head-up display. There’s a surprising amount of space in the rear, too, even for taller folks, while the 24.9 cu-ft of cargo space is almost the same as you get in an Q5 SUV.

In fact the only frustration, really, is that the Driver Assistance Package is a $2,250 option. That adds adaptive cruise control with lane-assistance, upgrades the active safety tech to include Audi side assist, rear cross traffic, and pre-sense rear, plus intersection assistance. I can’t help but feel like it should come standard, as the parking sensors, 360 camera, forward collision warning and assistance, and lane departure warnings do.

All-in, including $1,045 destination, my review car totaled up to $125,140. Not cheap, certainly, but still less than the starting price of Porsche’s Panamera GTS, and for more power and arguably cleaner looks.

2021 Audi RS7 Sportback Verdict

What drives the RS7 Sportback’s charm is the absence of compromise. Need a luxury ride? Switch to Comfort and waft along. Want to make the most of driver-friendly roads? Hit the RS button on the wheel and get ready for some fun. Need to stock up on a month’s groceries in one go? That big trunk is surprisingly capacious.

For me, that adds up to a worthy candidate for the one-car-dream-garage crown. Indeed if there’s a competitor, it may very well be coming from inside the house. The 2022 Audi RS e-tron GT quattro will have 589 horsepower and 612 pound-feet of torque and do 0-60 in 3.1 seconds; it’s also all-electric so as well as the everyday flexibility you’ll be able to avoid the gas station, too.

Perhaps, then, the EV is the future. For now, though, the 2021 RS7 Sportback is the sports car of choice for all seasons.

Continue Reading


2021 Ford Explorer King Ranch gets brown leather and a Western charm



For the first time ever, the 2021 Ford Explorer is getting a King Ranch version this spring. The King Ranch name is derived from a ranch in Texas and has been offered in previous generations of the F-series pickup trucks for the past 20 years. As expected from a King Ranch Ford SUV, the newest Explorer is brimming with Western vibes.

“In 1853, Captain Richard King bootstrapped the King Ranch in the harsh landscape of southern Texas until it became a shining example of agricultural and livestock innovation and success, said Lee Newcombe, Ford Explorer marketing manager. “Ford Explorer families can now enjoy a piece of the King Ranch’s renowned craftsmanship and the multigeneration legacy that still thrives 168 years after its founding.”

According to Ford, customers want an Explorer with a more luxurious interior. The newest Explorer King Ranch has standard mahogany Mesa Del Rio leather seats. The front and second-row seats are perforated to add a premium touch, while all seats bear the illustrious ‘Running W’ King Ranch logo. Meanwhile, it also gets a Mesa Del Rio leather armrest with a King Ranch logo insert in the center console.

“Introducing King Ranch’s specialty leather, genuine wood, crafted details, and signature colors to Ford Explorer elevates the SUV’s brand,” said Janet Seymour, Ford color and materials manager. The newest Explorer King Ranch has leather door trim rollovers, a leather-wrapped instrument panel and steering wheel, and various Sapele wood appliques throughout the cabin.

Meanwhile, King Ranch Explorers have a Stone Gray mesh grille insert, bespoke 20-inch aluminum wheels with a Running W center cap, King Ranch badging, quad chrome exhaust tips, and a liftgate scuff plate. The Premium Technology package throws in massaging front seats, a larger 10.1-inch vertical touchscreen infotainment system, and a premium Bang & Olufsen audio system.

The newest 2021 Explorer King Ranch is powered by Ford’s twin-turbocharged EcoBoost V6 engine pumping out 365 horsepower and 380 pound-feet of torque. Here’s some trivia for you: Explorer King Ranch RWD is the first time a real-wheel drivetrain is available with Ford’s 3.0-liter EcoBoost V6.The engine sends power to the rear wheels (4WD is available) via a standard 10-speed automatic gearbox. The Explorer King Ranch can tow up to 5600 pounds, just right for the segment.

Safety features are aplenty in a King Ranch. Ford’s Co-Pilot 360 is standard on all Explorer trims. Still, King Ranch gets Ford Co-Pilot360 Assist+ which comes with adaptive cruise control with lane-centering and Stop-and-Go, evasive steering assist, a voice-activated navigation system, Sirius XM, and speed sign recognition, among many others.

The 2021 Ford Explorer King Ranch arrives at dealerships this spring. Base prices start at $53,595 for RWD and $55,595 for AWD.

Continue Reading


Polestar 2 OTA update improves range & charging and adds V2V safety



Polestar 2 owners will find an over-the-air software surprise waiting for them over the next few weeks, with the electric car getting one of its first major firmware updates to improve range and upgrade Android Automotive OS, among other changes. The ability to push out OTA updates that affect not only the infotainment system but active safety systems, the powertrain, and more was one of the key selling points for the Polestar 2 when it launched last year.

It means – as Tesla owners have come to enjoy in their EVs – fewer visits to service centers, particularly to install software patches that would previously have required a technician physically plugging a computer into the car to load. Instead, most of the Polestar 2’s systems can be remotely updated.

According to the automaker, the changes with this new software include the addition of Connected Safety. It’s a V2V (or C2C) system, which effectively allows Polestar and Volvo vehicles to collectively pool their data about road conditions. For example, if a connected Volvo reports that its traction control had to weigh in because of ice on the road, or if another Polestar is involved in a crash that could represent a hazard to other vehicles, that data will be uploaded to the cloud and then shared as a dashboard alert with Polestar 2 drivers.

It’s not the only potentially meaningful change which could make a difference in everyday driving. Polestar says the new Polestar 2 software includes “range improvements” along with “incremental speed improvements for DC charging.”

The automaker doesn’t specify just how much range might have improved, or how fast the charging is now; we’ve got a request in for more information on that front. It could be that, though the peak DC charging rate of 150 kW doesn’t change, the EV’s ability to sustain higher charging rates has improved. Currently, the Polestar 2 is rated for 233 miles of EPA range on a full battery.

Other changes include improvements to Bluetooth connectivity, climate timers, and the 360 degree camera. Unspecified changes to Android Automotive OS have been made too, “and a safety-related bug fix.” Finally, the digital owner’s manual – accessed through the large dashboard touchscreen – has also been updated.

The changes are really just the tip of the iceberg in terms of what OTA updates could adjust, mind. Future upgrades could cover anything including “stability improvements, charging speed increases, range improvements and new base software,” Polestar suggests, delivered via the 4G LTE modem that also connects the EV to Google’s cloud. They could even enable hardware features currently present on the cars, but not available to US owners, such as the clever adaptive headlamps which the Polestar 2 is fitted with but cannot use due to American regulations.

Continue Reading