It amazes me how something so innovative and compelling can confound even the most ardent kubernetes developers out there. I am here to separate the facts from fluff and will attempt to break down the essence of Anthos into the stream of consciousness that folks can understand. This article is not an overview of Anthos, but rather a synthesis of critical underpinnings of what Anthos is really about. It’s an attempt to reduce the complex aural that is Anthos into something that’s tangible & easy to understand. Think of this as an excursion into building an “elevator pitch” for the stake holders.
The Big Picture
Google has a vision that bridges the gap of developing containerized applications into a uniform & coherent message. Selling the idea that Google’s Anthos is the best path forward to address an end-to-end multi-cloud service experience, period — even daring to consolidate on-ramping AWS, and Azure cloud native solutions into GCP’s ecosystem.
It the world of modernized application you will often hear the need to migrate monolithic applications (code word for legacy, dinosaur, old fart apps ) that’s likely to require a major overhaul. These applications assuredly live in virtualized environments. Containers are the rage these days simply because they offer enriched experience and optimize resourcing that VMs cannot match. Gotta love innovation. Good bye VMs, and hello kubernetes!
During the last decade, enterprise IT faced a challenge with virtual machines (VM) sprawl. Any users, developers or administrators with access to the VMware environment could launch new virtual machines. Soon, the enterprise IT realized that there are hundreds if not thousands of VMs running across multiple departments that are not visible to IT personnels. This lost of control and observability can often create havoc for the entire organization. Costs spiraled out of control and manageability became a problem. This led to the loss of control and fragmentation of resources. Enterprise IT introduced workflows that required approval from departmental IT admins to launch VMs. It also enforced a policy to make sure that the VMs are to be created from pre-approved images that are centrally managed by IT. The pre-approved images acted as templates that contained the mandatory security policies and patches ensuring that every VM is based on a hardened, tested, and trusted image.
Enter the new era of infrastructure and application modernization. Allocations of VMs and containers are better managed and controlled via IT governance. We now have managed containers running everywhere. Clearly Kubernetes has won the war of words for containerized applications. There are some great choices out there, but Anthos makes this separation much clearer and distinct in terms of technical value proposition.
The Evaluator Pitch
Now, let’s imagine you enter the elevator with Thomas Kurian (CTO of Google). TK smiles at you, and says - “Hi there, you look wise. Can you explain Google Anthos in a single sentence. People are tired of my slides, and I can’t seem to get the narrative through.”
What Google wants to deliver is multi-cloud platform that provide a defense in-depth security level playing field, observable, and unified communication layer for container applications
— yours truly
I can’t say it any plainer than that. Write your application containers, and literally deploy it any where with Anthos! Best of all, get the beyond-corp security, and unified manageability & observability, along with cloud-native service-to-service foundations.
The choice is yours …:
- Configure your container services on premises (bare metal, VM sphere ecosystem), Amazon Kubernetes, Azure Kubernetes, or Google Kubernetes, use Anthos!
- Connect to the container environments & manage or configure them with consistency, use Anthos!
- Deploy to your containers in hybrid clouds, use Anthos!
- Apply CI/CD in a uniform and IT-based controls across all Kubernetes environment independent of cloud scenarios, use Anthos!
Seriously dude! It can’t be that simple, can it? Actually from the business and technology sales pitch, it is. That’s the brilliance of Google’s unveil for 2020.
Anthos is really nothing more than a meta-control plane that delivers container applications into a consistent unified service experience. Container applications truly gets its advances from a clean architecture pattern using control planes anchored by the single pane of glass (“SPoG”). In the ecosystem of k8s, we have data and control planes. Control plane is “code word” for restricted and secure controls only accessible by trusted services and application that require them. Data planes, on the other hand, are where the application containers truly reside. Everything is managed and orchestrated by the infrastructure runtime aka kubernetes — the sandbox that implements a lot of the behaviors of traditional hypervisor architectures.
The problem with Anthos mantra
Google’s Anthos messaging is conflated with its marketing bombardment of technical jargons. Anthos is presented as an architecture of sorts combined with powerful collection of key product solutions that enables modern applications development. What the hell does this mean? Hit the google page, and the first thing Google will pitch to you is:
“Anthos: a modern application platform for your business.” — Google
The problem with this mantra is the munging of words using modern, application platform which are all subjective; when in reality, Anthos lives and shines at the infrastructure level, providing key services such as configuration, policy management, service-to-service orchestration, zero trust security enforcement, scaling, and much more. Personally, I don’t view it as an application platform at all. Container applications operate within the infrastructure, allowing it to extract business value to end users by way of security enforcement, lower TCO (lower resource utilization) and scaling for decreased latencies and workload demands. The underlying values stem from the very premise of orchestration, configurability and observable behaviors across all services running in the kubernetes environments. The technology enablers therefore include:
- Anthos GKE — a collection of managed k8 clusters; GKE, EKS, AKS, on-premises — container orchestration (vendor neutral)
- Anthos Connect — ubiquitous connected defense in-depth environments
- Service Mesh (Istio) — Observability, and Zero Trust Networks enforcement
- Configuration & Policy Management
Anthos — Reference Architecture
The system flow is one of many examples of Anthos ecosystem, illustrative of key infrastructure components that enables hybrid service-to-service transactions across the cloud space.
That’s quite a bit to swallow and digest, especially when the first thing you’ll have to do is to “google” on each of the key words just to distill what the technology is about — all in the name of modernized application platform. Good luck with that! Just kidding. It does make for good bedtime reading, but once you put it all together, Anthos becomes easy as counting one, two, three..
Making Sense of Anthos
Ok, bare with me. The lynchpin of Anthos is simply the interweaving of four critical business values:
- Managed connectivity across any container environment.
- Uniform way of configuring and managing the containerized applications using a single pane of glass aka Cloud Console.
- Service-to-Service enforcement via Service Mesh — This is a fancy way of saying, you can plug in your service mesh of choice (istio, consul, etc) that complies with defense in-depth and zero trust networks protocols.
- Portable container application runtime engines — You make the choice. Use Amazon’s implementation, Azure’s implementation, Google’s or roll your own on-premises variants.
Obviously, you’ll need to digest the technical underpinnings for each of the four pillars. Unfortunately, that’s beyond the scope of this document. If I get inspired, I’ll dissect each of the pieces that comprise Anthos framework as a follow on exercise.
So the next time someone asks you what Anthos is, simply re-phrase as this:
Anthos allows for a coherence of uniformity in connected kubernetes environments expressly designed for hybrid cloud scenarios. The end-to-end processes of service orchestration and configurability of network, security and service policy layers are managed through a single pane of abstraction called Anthos.
Akin to the Java mantra of old, “write once, run anywhere,” this is truly act 2 of SOA. Develop your container applications once and have it managed & deployed on AWS Kubernetes environment, on-premises, Google Kubernetes, Azure kubernetes, or whatever the hell you want.
In brief, Google doesn’t just want you to develop containerized application in Google Kubernetes environments. Instead, Google offers you the possibility to extend this boundary by stitching & orchestrating your containerized application services in any matter you see fit. Confine your solutions to private or pubic data centers, or broaden your reaches that span across plethora of cloud solutions out there including Google’s key competitors. It’s simply that portable.
Now, that’s forward thinking, and industry leading fodder for adoption of such great technology. No wonder, everyone is a-buzzed for Anthos.
Check out SADA’s CTO Miles Ward as he provides a high level use case of Anthos leveraging our in-house proof-of-concept bare-metal implementation. We call it the Toaster! How cool is that! Our next challenge would be to get Anthos running on a Raspberry Pi contraption. I am definitely ordering one now as we speak…be right back!
I hope to blog more on topics specific to the Anthos ecosystem.
- Service Mesh
- Anthos Connect
- GKE Anthos under the hood
- CI/CD in the world of Anthos
Blogs & Articles I enjoy reading.