Cloud-native is a bit of a 'Lego' market right now, with all kinds of building blocks being created by all kinds of interested groups and individual entities. This report takes a look at some of the 'cloud-native' building blocks that we saw during the recent KubeCon + CloudNativeCon Europe in Copenhagen.
The 451 Take
So-called cloud-native is a bit of a Lego market right now, with all kinds of building blocks being created by all kinds of interested groups and individual entities. Cloud Native Computing Foundation (CNCF) projects are effectively recreating or newly building technology categories by building them on Kubernetes and micro-services and delivering capabilities to Kubernetes-based micro-services environments. What's clear is that new stacks and platforms that use these blocks will emerge, and anyone not paying attention to the opportunities and challenges risks becoming irrelevant.
Alcide
Alcide provides real-time, single-pane visibility into the network infrastructure and deployed services – what it calls full-stack, cloud ops security platform for security, DevOps and network engineers. Customers can toggle between aerial and granular views to examine hidden security blind spots across containers, serverless, VMs, bare metal, and third-party services.
Its agents run on bare metal, VMsand containers. Provider Monitors run on orchestrators and cloud platforms, feeding management tools, dashboards and SIEM/identity tools. Alcide believes it fills a gap between DevOps and security. The 25-person Israeli firm has raised $11.2m from Intel capital, Elron and CE Ventures since its founding in 2016. The platform became available last month.
A number of firms are coming into view thatprovide innovative services for securing cloud-native environments. In addition to Alcide, these include Aqua Security Software, StackRox, Capsule8, Twistlock and Sysdig. However, Alcide is reaching for a more expansive opportunity; it believes that while most are focused only on container security/monitoring, it focuses on a broader range of containers, VMs, serverless computing and service mesh and, therefore, considers itself a cloud-native or cloud workload security company.
Its agents run on bare metal, VMs
A number of firms are coming into view that
Aspen Mesh
Aspen Mesh is one of F5 Networks' 'incubation' businesses, and offers a packaged and supported SaaS service for managing and securing micro-services code (rather than infrastructure). Aspen Mesh is aimed at removing some of the complexity of micro-services. It uses the Istio service mesh and provides a dashboard or control pane to visualize and map micro-services relationships, get insights and error reports, debug clusters and set policies. These, it believes, differentiates it from other Istio or Linkerd service meshes.
Cisco
Cisco used Kubecon to introduce support for Kubernetes in its CloudCenter and AppDynamics environments. A new 4.9 release of Cisco CloudCenter introduces support for Kubernetes, and is an element of the hybrid cloud offering from Cisco and Google, announced in October 2017 and planned for availability later this year. Cisco says customers will be able to deploy production-grade Kubernetes on-premises using the Cisco Container Platform, then use Cisco CloudCenter 4.9 to deploy containerized workloads on-premises or to Google Kubernetes Engine (GKE).
It says IT operations teams can also deploy blueprints that include container-based services as well as virtual machine-based or cloud-based services to a hybrid mix of Kubernetes and traditional virtual machine or cloud environments. AppDynamics for Kubernetes will provide granular-level details on application, Kubernetes and Docker container performance metrics, which it says will give organizations a deeper end-to-end visibility into application and business performance.
Cisco CloudCenter and AppDynamics are available as stand-alone subscription-basedsoftware, or bundled together through the Cisco Multicloud Portfolio as Cloud Consume. They also are available with Cisco HyperFlex through Cisco SmartPlay bundles. Cisco customers are interested in the pay-per-use model for consuming software and services, but when it comes down to the deal, they inevitably opt for term licenses. Why? Because they want visibility and a predictable spending model rather than the invariability of opex .
Moreover, the margin built into consumption models to offset risk (of the customer canceling or reducing its subscription spend) means that pay-per-use can work out to be more expensive thanterm or perpetual deals. While Cisco does not operate its own serverless environment – given its business is mostly on-premises, and it has capable partners here like Google – it nevertheless envisages a highly disruptive impact on the market, especially for PaaS and the traditional PaaS vendors.
It says IT operations teams can also deploy blueprints that include container-based services as well as virtual machine-based or cloud-based services to a hybrid mix of Kubernetes and traditional virtual machine or cloud environments. AppDynamics for Kubernetes will provide granular-level details on application, Kubernetes and Docker container performance metrics, which it says will give organizations a deeper end-to-end visibility into application and business performance.
Cisco CloudCenter and AppDynamics are available as stand-alone subscription-based
Moreover, the margin built into consumption models to offset risk (of the customer canceling or reducing its subscription spend) means that pay-per-use can work out to be more expensive than
Google is heavily invested in containers and the open source community at large. Even the term Kubernetes is associated with Google (which it originated and gave to CNCF), and the Google Cloud Platform (GCP) is itself based on containers that run underneath all of its cloud services. Announcements at Kubecon included monitoring of Kubernetes as an addition to GCP's Stackdriver, and the open-sourcing of gVizor , a sandbox for container isolation. In all our conversations with Google, it was clear the company is betting that its ongoing involvement in projects like Kubernetes, plus the release of new open source technologies such as gVisor, will increase its brand as the provider of choice for those seeking open source standardization and portability.
Container and cloud-native security were also ongoing themes of those conversations, with Google wanting to show it has a leading edge in technology that isn't just new and open, but suitable for enterprise production too. The company aim is that its Cloud Platform become the destination for those with an open source culture and ethos. There is little doubt that Google is popular with developers, and focusing on this broad differentiation is a good way of increasing interest in its cloud platform – of course, this is a balancing act against making direct revenue off its innovations.
Container and cloud-native security were also ongoing themes of those conversations, with Google wanting to show it has a leading edge in technology that isn't just new and open, but suitable for enterprise production too. The company aim is that its Cloud Platform become the destination for those with an open source culture and ethos. There is little doubt that Google is popular with developers, and focusing on this broad differentiation is a good way of increasing interest in its cloud platform – of course, this is a balancing act against making direct revenue off its innovations.
Kasten
Addressing what it believes to be a significant gap in the cloud-native sector, Los Altos, California, startup Kasten offers data management for cloud-native applications. Founded in 2017, the company is specifically targeting enterprises that need to build, deploy and manage stateful cloud-native applications. It is initially targeting the application layer (rather than infrastructure), and offers the K10 platform, which can provide policy-driven automation, data mobility, data protection and compliance monitoring of data.
Customer use cases include data protection and recovery with test/dev data migration (Google Kubernetes Engine, MongoDB, Elastic, JIRA, Prometheus) and cluster migration data protection and DR (Kubernetes on AWS,Posygres , Elastic and Mongo). It uses the Kanister open source framework (which enables framework application-level data management on Kubernetes) to extend to third-party environments. It sees cloud-based managed data services and enterprise database-as-a-service as key drivers.
Customer use cases include data protection and recovery with test/dev data migration (Google Kubernetes Engine, MongoDB, Elastic, JIRA, Prometheus) and cluster migration data protection and DR (Kubernetes on AWS,
Kublr
EastBanc Technologies' Kublr offers software designed to enable customers to create Kubernetes clusters for specific use cases. The Kublr v1.9 Control Plane gives users a dashboard for creating Kubernetes deployments tailored for GPU-enabled nodes for data science applications, hybrid clusters spanning datacenters and clouds, and systems requiring custom Kubernetes tuning parameters. Users customize the default configuration that Kublr provides while maintaining those preconfigured features that are needed, such as multifactor security; built-in multi-cluster, centralized log collection and monitoring; backup and disaster recovery; audit; and automated configuration management across multiple environments. It configures both infrastructure and Kubernetes.
MayaData
MayaData is the company behind OpenEBS and one of the protagonists that envisages a 'container attached storage' market. Formerly known as CloudByte when it emerged in 2013, MayaData has some 51 engineers and five other employees. It is seeking to raise a significant series A to accelerate market momentum. OpenEBS provides persistent and containerized block storage for DevOps and container environments. MayaData has production DevOps users of OpenEBS since late last year.
The next phase of the company's development isMayaOnline , targeting cross-cloud data management and due for release in Q3. It adds visibility and control for the data layer, and adds machine learning for suggestions. Together, MayaData believes, they deliver container attached storage (CAS) software that includes micro-services-based storage controllers that are orchestrated by Kubernetes. They can run anywhere that Kubernetes can, and there is a controller per workload. The data itself is accessed via containers as opposed to being stored in an off-platform, shared scale-out storage system (although CAS can run on SANs). Other approaches here include Portworx (which has raised $25m) and StorageOS.
The next phase of the company's development is
Mesosphere
The DC/OS 1.11 release enables users to create clusters and run containers – now across multiple clouds and on edge devices. In addition to its own container manager, the company is adding DC/OS Kubernetes as a service. A few days after Kubecon, the 300-person company raised a $125m D round taking total funding to some $250m. The round was co-led by funds and accounts advised by T. Rowe Price Associates and Koch Disruptive Technologies, with participation from ZWC Ventures, Qatar Investment Authority
Mirantis
Mirantis was exhibiting at Kubecon, primarily promoting its new Cloud Application Platform (currently in beta) alongside its other container-based capability. Based on the open source cloud delivery platform Spinnaker, the company provides installation and configuration of a dedicated Application Platform instance, including Spinnaker, Jenkins, Gerrit and Terraform on a private or public cloud. This includes its own Cloud Platform (based on OpenStack and/or Kubernetes).
Spinnaker provides tools to build and manage CD pipelines – the aim being able to reduce release cycle time while preserving security and removing lock-in. The company's Build-Operate-Transfer model lets enterprises get started with the cloud and/or Spinnaker via a managed build and operationsservice, until the enterprise is ready to manage it as their own service.
Spinnaker provides tools to build and manage CD pipelines – the aim being able to reduce release cycle time while preserving security and removing lock-in. The company's Build-Operate-Transfer model lets enterprises get started with the cloud and/or Spinnaker via a managed build and operations
Turbonomic
Turbonomic is building out its workload automation platform, which matches workload demand to infrastructure supply to help deliver a self-managing Kubernetes environment for customers. It is working on a number of projects to add SLA KPIs (response time, transaction throughput) and understand service-to-service dependencies, and to drive actions to assure performance by also reducing risk of network latency.
It is using Istio telemetry data to add these dimensions to itsenvironment analysis. Istio's Envoy calls the control plane (Mixer function) before each request to perform precondition checks – after each request, the telemetry is reported into Turbonomic for analysis, such as examining why a service has a slow response time. It then continuously provides performance improvements via preventative recommendations, particularly East-West environments, and especially around continuous placement and continuous scaling.
It is using Istio telemetry data to add these dimensions to its
VMware
VMware was demonstrating the turnkey Pivotal Container Service (PKS) that maintains compatibility with GKE and GCP service broker, is integrated with VMware's NSX-T, and is supported in vSphere and GCP. Workloads are portable between vSphere and GKE. In fact, because PKS is CNCF-certified, workloads can run on any certified Kubernetes distribution. It includes the Harbor registry mechanism.
NSX-T integration in PKS enables enterprises to deploy networks with micro-segmentation and on-demand network virtualization. Customers get the networking functions required for Kubernetes such as pod-level networking, ingress to services, and load balancing across multiple replica sets, as well as advanced functions, such as network security policies and tenant-level isolation using the NSX-T multi-tiered routing model.
A unique logical switch is provided to each Kubernetes namespace in order to segment the traffic of each namespace within a given Kubernetes cluster. Kubernetes clusters can be monitored and managed by VMware vRealize Ops. PKS integrates with VMware Wavefront to provide application performance management. PKS runs on vSphere and GCP initially, then VMware on AWS.
NSX-T integration in PKS enables enterprises to deploy networks with micro-segmentation and on-demand network virtualization. Customers get the networking functions required for Kubernetes such as pod-level networking, ingress to services, and load balancing across multiple replica sets, as well as advanced functions, such as network security policies and tenant-level isolation using the NSX-T multi-tiered routing model.
A unique logical switch is provided to each Kubernetes namespace in order to segment the traffic of each namespace within a given Kubernetes cluster. Kubernetes clusters can be monitored and managed by VMware vRealize Ops. PKS integrates with VMware Wavefront to provide application performance management. PKS runs on vSphere and GCP initially, then VMware on AWS.
Weaveworks
Weaveworks announced that it is extending its business model to deliver Kubernetes support subscription and consulting services for enterprises. The move doubles down on Weaveworks' experience with cloud-native technologies (CEO Alexis Richardson is chair of the CNCF technical committee). It believes traditional distribution models (e.g., Red Hat, SUSE, Canonical) are not fit for the next phase of innovation around cloud-native.
Weaveworks has a global team of site-reliability engineers who have operated Kubernetes as a production service since 2015. The company has been using the term GitOps to describe this team's best practices (DevOps for Kubernetes), and is using this as a methodology within the service to help organizations move from Kubernetes adoption to implementation. As previously described, it is seeking to establish GitOps as an industry-wide approach. The Kubernetes Support Subscription provides 24/7 support, fixes and patches for production-grade deployments of Kubernetes, including Kubeadm, Kops and other components.
Weaveworks began offering its first product in September2014, and has raised $20m total. Weaveworks says it is generating revenue, and customers typically are ones trying out Kubernetes or Docker; those working on monitoring, observability and Prometheus; CI/CD and GitOps; and Istio, Tensorflow and serverless users.
Weaveworks has a global team of site-reliability engineers who have operated Kubernetes as a production service since 2015. The company has been using the term GitOps to describe this team's best practices (DevOps for Kubernetes
Weaveworks began offering its first product in September
William Fellows
Research Vice President
William Fellows is a cofounder of The 451 Group. As VP of Research, he is responsible for the Cloud Transformation Channel at 451 Research. This Channel provides a point of intellectual convergence for 451 Research around cloud computing, in much the same way that the industry is converging on cloud from all points. In addition to keeping tabs on players entering the cloud and IT services space with disruptive business models, new technology and innovations in service delivery, William has also created 451 Research's Digital Economics unit.
Owen Rogers
Research Director, Digital Economics Unit
As Research Director, Owen Rogers leads the firm's Digital Economics Unit, which serves to help customers understand the economics behind digital and cloud technologies so they can make informed choices when costing and pricing their own products and services, as well as those from their vendors, suppliers and competitors. Owen is the architect of the Cloud Price Index, 451 Research's benchmark indicator of the costs of public, private and managed clouds, and the Cloud Price Codex, our global survey of cloud pricing methods and mechanisms.
Jean Atelsek
Analyst, Cloud Price Index
Jean Atelsek is an analyst for 451 Research’s Digital Economics Unit, focusing on cloud pricing in the US and Europe. Prior to joining 451 Research, she was an editor at Ovum, spiffing up reports, forecasts and data tools covering telecoms and service providers, fixed and wireless networks, and consumer technology among other topics.