Cloudify 4.2 Webinar

Agility & Control

User-Roles Mechanism

New Roles

● Roles are now supported in the context of a tenant, allowing for better-defined resources separation and management.

● Roles are implemented as sets of permissions to the Cloudify APIs.

● To the existing roles of Sys-Admin and Tenant-User we’ve added:

○ Tenant-Manager

Manages all resources in specific tenant(s)

○ Tenant-Viewer

View-only permissions to tenant-wide resources in specific tenant(s)

○ Tenant-Operations

Deploy/execute permissions in specific tenant(s)

Role = Set of permissions

The new roles allow

users to have

different

permissions in

different tenants.

Group Roles

● Upon assigning a group to a tenant, a tenant-role is required and the role applies to all users in this group.

● This mechanism allows users who belong to more than one group to have more than one role in a specific

tenant. In this case, the permissions will be aggregated.

UI Page-Templates

UI Templates Management

● UI Templates are the

pre-defined sets of

pages which the users

will see upon login

into the system.

● Administrators can

now define templates

according to users

roles and tenants.

Global Resources

Global Resources

● Resource availability has been enhanced, and we added the new ‘Global’

option to the existing statuses of ‘Private’ and ‘Tenant’(=’Public’).

● A Global Resource is a Blueprint/Plugin/Secret that was created as either

Private or Tenant, and was set to be Global by the admin.

● The Global Resources are available to all tenants on the manager, and can be

used by all users who have access to at least one tenant.

Usability Enhancements

Graphs Improvements

More UI Improvements

Blueprint Modeling

Composer 4.2

Composer 4.2

Security Enhancements

Okta Authentication (SSO)

• Supporting Okta authentication via SAML

• Requires configuring the manager by admin

• http://docs.getcloudify.org/4.2.0/manager/okta_authentication/

Management Networks

• Supporting multiple management networks

• Enables network selection per node at blueprint modeling/deployment time:

• Segregation

• Multi-cloud multi-zone configurations

Agent Installation

• Secure method for installing agents via user data without leaving traces of the certificate in the log.

Includes capability to use a proxy for agents communication to the manager

• Direct all agents installation communication to manager through port 53333 only and only over SSL

ECOSYSTEM

1 2 3

Cloudify with Kubernetes

Kubernetes BlueprintsDeploys and scales

Kubernetes Clusters on OpenStack, AWS, GCP, Azure

Kubernetes PluginDeploys containerized

applications on K8ns and allows integration with non-containerized apps

OpenStack

Deploy

Kubernetes

ClusterKubernetes

Deploy

Kuberneres

Applications

VM App

Cloudify ProviderDeploys open cloud

infrastructure providers for Kubernetes, such as networks, load balancers

Kubernetes

Use

IaaS Resources

as Providers

App

https://github.com/cloudify-examples/simple-

kubernetes-blueprint

https://github.com/cloudify-incubator/cloudify-

kubernetes-plugin

https://github.com/cloudify-incubator/cloudify-

kubernetes-provider

API API

API

Kubernetes Integration

● cfy-go

○ Cloudify Rest Client

○ Cloudify CLI

○ https://godoc.org/github.com/cloudify-incubator/cloudify-rest-go-client

● CFY-Kubernetes (Cloud Provider)

○ CFY-Autoscale (Kubernetes Modification) - Currently early stage

○ Kubernetes Cluster Blueprint

○ https://github.com/cloudify-incubator/cloudify-kubernetes-

provider/releases/tag/0.0.0%2B7

● Cloudify Kubernetes Plugin

Plugins

● Openstack Plugin (2.3.0)

○ No Management Network Name property

● Cloudify GCP Plugin (1.1.0)

○ Install Agents via Init Script

● Cloudify Utilities Plugin (1.4.0)

○ File handling

● Cloudify Kubernetes Plugin (1.3.0)

○ State Verification (Delete)

○ Pod State Verification (Start)

Thank you

Roadmap

Roadmap

Cloudify Manager

● Service Composition: Consume existing, running deployed services with new application blueprints for service composition and building microservices architecture.

● Application Blueprint Versioning: The ability to upload new versions of application blueprints, and apply them selectively to running deployments

● Secrets Enhancement● Resuming Failed Workflows: Built-in ability for Cloudify Manager to resume from the last successful

execution point. This is useful when the workflow fails due to infrastructure allocation error, quotas, etc.● Scheduled Workflow Execution: The ability to schedule a workflow execution at a future time, such as

scaling the number of web server VMs at a certain time of the day.● Edge Orchestration: support for large distributed environments, and enablement of orchestration close

to the workload itself (federated management architecture)● Full TOSCA support and advanced orchestration capabilities via ARIA engine

Roadmap

Cloudify UI Framework

● Notifications Handling● Unified view for a multi-manager environment

Cloudify Composer

● Easy, graphical Service Composition creation ● Built-In templates and examples ● Enhanced integration with the Cloudify Manager