Anthos, a modern application platform for enterprises
The previous blog of this two part series provided readers with a conceptual overview of a modern application platform. In this second part we will look at Google Cloud’s Anthos, a modern application platform and the features we offer with this platform.
Anthos, a Google Cloud’s implementation of a modern application platform, eliminates inconsistencies across on-prem, multiple cloud and hybrid infrastructures. With an open source foundation based on the Kubernetes Resource Model and native integrations with the environments it runs in, Anthos makes it easier to build systems that are portable across infrastructures or specialized to a given cloud.
Hybrid and Multicloud Infrastructure
As we discussed in our first post, a modern application platform refers to a multi-cluster, multi-datacenter, cross-geographical hybrid application hosting environment. Anthos provides a supported and enterprise-ready solution to meet these hybrid and multicloud needs.
With a fully managed control plane, auto-scaling capabilities, and seamless integration with Google’s global infrastructure, GKE provides the best experience for managed Kubernetes. With Anthos clusters on VMWare and bare metal, Anthos brings that GKE experience to your enterprise data center. In addition, it stretches across your multicloud investment by running on both AWS and Azure. Anthos even allows you to attach existing Kubernetes clusters and bring them under centralized management.
In my previous post, we discussed the importance of a single-pane view across multiple kubernetes clusters to manage cluster installation, upgrades and to monitor cluster performance for a modern application platform.
Anthos brings a single-pane view for a multi-cluster environment by design. Anthos clusters are registered as part of a Google Cloud environ using Connect, allowing multiple clusters to be viewed and managed together in the Anthos dashboard. With the environs concept, Anthos allows you to manage multi-cluster capabilities and apply consistent policies across your systems. Google’s Cloud Logging and Monitoring offers a fully managed logging solution, metrics collection, monitoring, dashboarding, and alerting. Cloud Monitoring monitors Google Kubernetes Engine (GKE) on-prem clusters in a similar way as cloud-based GKE clusters. In addition, open source on-prem options with Prometheus and Grafana can be used for setting up clusters for disconnected usage. Integrations with third party solutions such as Elastic Stack, Datadog, Splunk are also validated for consolidating logs and metrics.
As discussed in part 1, centralized policy management, configuration management and auditability are key features of a modern application platform to improve manageability, prevent drift and for consistent application of policies and configurations across the application hosting environments. Anthos offers best-of-class security solutions and integrations with third party vendors for enterprise needs.
Configuration and Policy Management
Anthos Configuration Management manages configurations and policies across the clusters. Config Sync continuously reconciles the state of your clusters with a central set of configurations stored in one or more Git repositories with an auditable, transactional, and version-controlled deployment process that can span hybrid or multicloud environments.
Anthos Policy Controller based on the Open Policy Agent Gatekeeper project comes with a full library of pre-built policies for common security and compliance controls and enables the enforcement of fully programmable policies.
Optimized Images and Secrets
Anthos is built with enterprise security requirements in mind. For on-prem installations, the optimized Ubuntu Images are preconfigured to meet PCI DSS, NIST Baseline High, and DoD Cloud Computing SRG Impact Level 2 standards. You can use Cloud KMS to protect Secrets and other sensitive data that you need to store. Integrations with Hashicorp Vault and Hardware Security Module (HSM) are also validated to manage secrets.
Secure Supply Chain
For enabling secure supply chain, Anthos includes Binary Authorization which requires images to be signed by trusted authorities during the development process and then enforcing signature validation when deploying.
Applications and Services
We discussed the importance of serverless and service management capabilities, integrations with cloud services and third party solutions and global load balancing capabilities for a modern application platform. Anthos combines supported open source solutions, third party integrations and Google’s world-class network capabilities to support applications and services.
Anthos Service Mesh, a tested and supported Istio, is a suite of tools that helps you monitor and manage a reliable service mesh on-premises or on Google Cloud. In addition to traffic management, ASM enhances observability of the mesh with in-depth telemetry—powered by Cloud Monitoring, Cloud Logging, and Cloud Trace and allows you to easily define an SLO and alerts on your own standards of service health.
Cloud Run for Anthos is powered by Knative, an open source project that supports serverless workloads on Kubernetes. Cloud Run is also available as a fully managed serverless platform on Google Cloud.
Cloud provider services
With the Config Connector addon you can manage your Google Cloud infrastructure the same way you manage your Kubernetes applications, enabling easy consumption of cloud services from GKE.
Third party services
Google Cloud Marketplace offers commercial solutions fully supported by each vendor, with containerized applications available for big data, analytics, networking, security, databases, developer tools, and more, all built to run in Kubernetes environments. All solutions deployed from Google Cloud Marketplace are billed by Google, eliminating the need to set up contracts with multiple vendors.
Networking and Global Load Balancers
With GKE, ingress integration with Google Global Load Balancer opens access to tools like Cloud Armor for DoS defence, Identity-aware proxy for identity and access control, CloudCDN for global caching, and Google managed certificates. Additional capabilities include multi-cluster ingress and optimal routing of traffic to globally distributed applications on different clusters and regions.
Traffic Director is a fully managed traffic control plane for service mesh. With Traffic Director, you can easily deploy global load balancing across clusters and VM instances in multiple regions, offload health checking from service proxies, and configure sophisticated traffic control policies.
Application Lifecycle Management
In addition to offering Anthos as a modern application platform, Google also offers tools that help improve developer productivity. Developers can build apps directly from a browser with the Cloud Shell Editor, that offers features such as Go, Java, Node.js, Python, and C# language support, an integrated debugger, source control, refactoring, and a customizable interface. It also offers a complete inner loop experience to run an app on the Cloud Shell VM or in a minikube Kubernetes emulator, preview it directly in the browser, then commit changes back to git repo.
Google Cloud Code provides IDE support for the full development cycle of Kubernetes and Cloud Run applications, from creating and customizing a new application from sample templates to running your finished application. Cloud Build is a CI/CD tool that allows users to define pipelines that can import source code from a source control repositories or cloud storage spaces, execute a build to your specifications, and produce artifacts such as containers or Java archives. Google Container Registry is a private registry to manage container images, perform vulnerability analysis, and automation to build images when the source code is committed.
With a complete set of technologies and tools fully integrated and validated, Anthos is the best implementation of a modern application platform available in the market.
As enterprises adopt Google Cloud’s Anthos as a modern application platform, Google believes in taking a “solutions” approach to solve our customer problems. The Google Cloud solutions enable enterprises to adopt these platforms (like Anthos) with a customer problem first approach - starting with an assessment of the customer environment and then using specific pointed solutions that could include a combination of platforms, ROI/TCO calculators, blueprints, reference architectures, best practices, workshops and guidance all packaged to help them in their modernization journey.
Modern application platform is a Kubernetes based container platform that enables hybrid, multicloud and multi-cluster capabilities for enterprise application workloads. Google’s Anthos is a complete implementation of this platform. Application modernization solutions are offered to help enterprises with guidance, reference architectures and tools for modernizing applications.