施耐德中國Infra As code平臺PaaS平臺解決方案

施耐德中國InfraAscode平臺解決方案項目需求分析-ConsolidationInfraascodePOC過程回顧Infraascode方案綜述后續(xù)項目響應(yīng)總體計劃CONTENTSPage2項目需求分析POC要求分析/01ResourcePoolPage4AutoOpsFullscopeautomationoperationelementsAutomationoperationorchestrationCMDBMonitorDatacenterHypervisorHardwareCloudAWS(BJ/NX)AliLBDockerPlatformApp1App2AppNApp…OSCloudServiceLogPlatformStandardFunctionCMDBlayereddatamodelDetailsinglecomponentCMDBCrosscomponentCMDBAutodiscoveryforCMDBallianceStandardFunctionHardwareOS&SystemsCloudintegrationDB(SQL/NoSQL)/AppsAlertingandstagingCapacitymanagementWebchat/Mobile/SMSalertCI/CDCollectionSearchAnalysisAdditionalFunctionCMDBIntegrationAutodiscoveryandaligned(HW,OS,Service)TrustedAppsoverallstatuswithsubcomponentalertingconstrictionandintegration.SecurityAuditCIAlertAdditionalFunctionDatahealthandcertificationVirtualizationandreportingineverylayerIntegrationwithmonitoringandCI/CDcomponentReverseProxyApps(Interface+version)AppsDB(SQL/NoSQL)Sharecomponents(ESB/API/Mail/NFS……)ShardServicesConnectivityManagedComponentsBuildTestCDDeploytoStagingAcceptancetestingDeploytoPRDAccessLayer(DNS/CDN/GSLB/LB)E2Eoperationsolutions項目整體需求–架構(gòu)說明-構(gòu)建Infra級的CI/CD平臺POC過程描述IaCDockerManagementCICDProcess/02Page6POC主要工作–對于POC需求的響應(yīng)對于所有的功能在項目實施階段均能實現(xiàn)，POC階段從時間和環(huán)境考慮僅演示標(biāo)記為綠色的部分。ResourcePoolAutoOpsFullscopeautomationoperationelementsAutomationoperationorchestrationCMDBMonitorDatacenterHypervisorHardwareCloudAWS(BJ/NX)AliLBDockerPlatformApp1App2AppNApp…OSCloudServiceLogPlatformStandardFunctionCMDBlayereddatamodelDetailsinglecomponentCMDBCrosscomponentCMDBAutodiscoveryforCMDBallianceStandardFunctionHardwareOS&SystemsCloudintegrationDB(SQL/NoSQL)/AppsAlertingandstagingCapacitymanagementWebchat/Mobile/SMSalertCI/CDCollectionSearchAnalysisAdditionalFunctionCMDBIntegrationAutodiscoveryandaligned(HW,OS,Service)TrustedAppsoverallstatuswithsubcomponentalertingconstrictionandintegration.SecurityAuditCIAlertAdditionalFunctionDatahealthandcertificationVirtualizationandreportingineverylayerIntegrationwithmonitoringandCI/CDcomponentReverseProxyApps(Interface+version)AppsDB(SQL/NoSQL)Sharecomponents(ESB/API/Mail/NFS……)ShardServicesConnectivityManagedComponentsBuildTestCDDeploytoStagingAcceptancetestingDeploytoPRDAccessLayer(DNS/CDN/GSLB/LB)E2Eoperationsolutions基于VMware完成POC：自動完成以下工作：自動化運(yùn)維工具：自動建虛機(jī)（VMWare，OS，加監(jiān)控）安裝中間件或者其他發(fā)布應(yīng)用（gitlab，源碼）OS(DB)監(jiān)控：日志(APP)加到ELK監(jiān)控：實現(xiàn)所有工具的監(jiān)控兩個應(yīng)用的監(jiān)控(OS,數(shù)據(jù)庫，中間件)報警(微信+郵件)監(jiān)控的界面圖示：使用Itop實現(xiàn)CMDB：工具和應(yīng)用的信息導(dǎo)入Itop，手動拓?fù)浜完P(guān)聯(lián)性的展示ConnextDevOps平臺：演示CICD，docker：演示平臺功能可看見demosite的發(fā)布過程Docker信息讀取出來并生成CSV文件（后續(xù)可以導(dǎo)入CMDB）日志：Graylog系統(tǒng)搭建POC主要工作–綜述Page7Page8POC主要工作–CMDB部署和功能展示導(dǎo)入ItopETDC導(dǎo)出CronJob定期任務(wù)DC/Cloud自動發(fā)現(xiàn)+手動導(dǎo)入Page9POC主要工作–基于Ansible的應(yīng)用自動化安裝部署截圖Ansible腳本和劇本編排，實現(xiàn)自動化實施和運(yùn)維相關(guān)工作包括VM資源創(chuàng)建，應(yīng)用編譯和部署，監(jiān)控系統(tǒng)關(guān)聯(lián)，CMDB寫入，日志系統(tǒng)關(guān)聯(lián)Page10POC主要工作–基于Terraform的基礎(chǔ)架構(gòu)資源部署（VM，Network）通過Terraform實現(xiàn)在Vmware，Azure環(huán)境下虛機(jī)，網(wǎng)絡(luò)的自動化部署和批量部署。Terraform自動化建立虛機(jī)Page11POC主要工作–堡壘機(jī)（用戶和行為管理）通過堡壘機(jī)實現(xiàn)：用戶管理：添加刪除，權(quán)限管理用戶行為審計：登陸信息（后期可加上錄屏等功能）Page12POC主要工作–DevOps平臺演示Infraascode方案綜述方案綜述及典型場景描述/03ResourcePoolPage14AutoOpsFullscopeautomationoperationelementsAutomationoperationorchestrationCMDBMonitorDatacenterHypervisorHardwareCloudAWS(BJ/NX)AliLBDockerPlatformApp1App2AppNApp…OSCloudServiceLogPlatformStandardFunctionCMDBlayereddatamodelDetailsinglecomponentCMDBCrosscomponentCMDBAutodiscoveryforCMDBallianceStandardFunctionHardwareOS&SystemsCloudintegrationDB(SQL/NoSQL)/AppsAlertingandstagingCapacitymanagementWebchat/Mobile/SMSalertCI/CDCollectionSearchAnalysisAdditionalFunctionCMDBIntegrationAutodiscoveryandaligned(HW,OS,Service)TrustedAppsoverallstatuswithsubcomponentalertingconstrictionandintegration.SecurityAuditCIAlertAdditionalFunctionDatahealthandcertificationVirtualizationandreportingineverylayerIntegrationwithmonitoringandCI/CDcomponentReverseProxyApps(Interface+version)AppsDB(SQL/NoSQL)Sharecomponents(ESB/API/Mail/NFS……)ShardServicesConnectivityManagedComponentsBuildTestCDDeploytoStagingAcceptancetestingDeploytoPRDAccessLayer(DNS/CDN/GSLB/LB)E2Eoperationsolutions綠色框直接可以部署實現(xiàn)，紅色框需要二次開發(fā)CICD和自動化集成后續(xù)項目響應(yīng)計劃Page15方案綜述–打造Infra級自動化部署，運(yùn)維和CI/CD平臺展示層：CI:CD:OS&MiddlewareVM&NetworkApplication監(jiān)控：CMDB：日志：Components：配置管理：代碼管理：AlertManager原子化操作庫IaaSResourceMiddlewareUIContainerAPPCIAPPSupportResourceMgmtTerraformResourceEngineResourceCITerraformResourceCDTerraformCMDBAnsibleMiddlewareReleaseAnsiblePatch&configurationAnsibleVMReleaseAnsibleLibraryPlatformServicePublicCloudVMandMiddlewarePrivate/publicCloudMonitoringEnginePrometheusAlarmingAlert

ManagerLogEngineELK+BeatsFamilyAuthorityMgmtLDAPPlaybookLibraryGitLabIntegrationEngineJenkinsContainerMgmtKubernetesContainerResourceVMPrivate/publicCloudDockerPrivateCloudDockerAzureContainerizedService-MySQL,

Redis,RabbitMQ,Zuul,erakaPrivateCloudResourceMgmtEngineBuildEngineMavenVMImageLibraryPrivate/publicCloudContainerImageLibraryHarborAPPCodeLibraryGitLabAPPcomponentsNexusContainerAPPCDVMAPPCDVMAPPCIVMReleaseRollbackMonitoringPresentationGrafanaContainerReleaseRollbackContainerAutoscalingContainerizedServiceContainerABReleaseProjectMgmtAPPCIAPPCDResourceCIResourceCDResourceMgmtNetworkMgmtUserMgmtBillingMgmtServiceMgmtLogPresentationGreyLogFunctionalOrchestrationEngineSecurityDockerAWSDockerAliDevopsFlowAccessControlJump

serverOperationMgmtIncidentEngineDailyCheckEngineTaskMgmtOp

ManagerSecurityScanningNiktoMicroserviceMonitoringHystrix+TurbineServiceChainMonitoringZipkin平臺整體架構(gòu)設(shè)計Page17自動化運(yùn)維場景分析#1項目資源交付：Step1:創(chuàng)建VM，關(guān)聯(lián)LB調(diào)用Step2:完成系統(tǒng)初始化部署監(jiān)控，日志系統(tǒng)安全加固加域，配置AD配置登陸權(quán)限#2中間件部署-生命周期管理：Step1:完成資源部署更新CMDBStep2:部署中間配置文件Daily:每天自動巡檢變更:運(yùn)行changedeployPage18自動化運(yùn)維場景分析#3VM資源創(chuàng)建和銷毀：Step:VM配置和資源生命周期管理根據(jù)模板創(chuàng)建VM配置VMsize配置LB，NSG等策略定期維護(hù)資源標(biāo)準(zhǔn)#4OS配置標(biāo)準(zhǔn)化：Windows:定期更新OS本地組策略Linux:定期維護(hù)文件一致性更新Step:執(zhí)行資源銷毀銷毀監(jiān)控信息銷毀VM，根據(jù)需求是否保留磁盤CreationRequestDeleteRequest更新定義策略Page19自動化運(yùn)維場景分析#5補(bǔ)丁、漏洞管理：Step:完成補(bǔ)丁安裝完成補(bǔ)丁安裝驗證工作#6DB運(yùn)維關(guān)注的不是QPS最高的數(shù)據(jù)庫，反而是繁忙度升高、響應(yīng)度變差的數(shù)據(jù)庫SQL語句語句執(zhí)行日志收集分析，方便時段執(zhí)行回溯更新Step:基于satellite系統(tǒng)補(bǔ)丁掃描系統(tǒng)補(bǔ)丁更新Windows補(bǔ)丁更新Linux補(bǔ)丁更新更新配置補(bǔ)丁策略補(bǔ)丁安裝情況視圖安全漏洞DBA操作規(guī)范建設(shè)/news-21-1106-1.htmlAlertManagerPage20典型場景--監(jiān)控與展現(xiàn)顯示所有的應(yīng)用的狀態(tài)點擊應(yīng)用查看拓?fù)湟约坝袉栴}的節(jié)點點擊節(jié)點查看具體監(jiān)控信息，排查問題點擊Host查看物理宿主機(jī)的狀態(tài)Page21AutomaticBuildingDocker

ImageAutomaticTestingReleasePackageCodeLibraryVMsDockersReleaserProjectReleaseonCONNEXTCaaSSonarTestingManageVirtualMachinesonAzureorPrivateCloudMiddlewareDockerMiddlewareDocker…………HARBORProject

MGMTResource

MGMTConfig

MGMTUser

MGMTRelease

MGMTOperation

MGMTStorage

MGMTDashboardLog

MGMTKubernetesETCDCALICOConnextPaaSGitLabJenkins/Marven(Pipeline)NexusSonarQubeSharedPlatformReleaseCallTheVM-basedCodeofCI/CDDocker-basedCI/CDFlowcontrolPrometheus典型場景–CD部署（基于容器應(yīng)用、基于虛機(jī)環(huán)境應(yīng)用）CICD工作流程實現(xiàn)基于VM和Docker的CICD流程演示后續(xù)項目響應(yīng)總體計劃后續(xù)項目響應(yīng)計劃/04Page23后續(xù)響應(yīng)安排由于時間原因，具體的詳細(xì)場景和SOW在后續(xù)溝通中提供?！獭獭獭獭獭獭獭獭獭獭獭獭獭獭獭獭獭獭獭獭蘌age24NameExperienceRoleServicemodeSunnyGaoSeniorDeliveryDirectorofCONNEXTDeliveryDirectorRemoteJoeWangAccountDirectorofCONNEXTAccountDirectorOn-DemandApplicationandinfrastructurebusinessaccountdirector.MarshalJiangOver8yearsofITindustryexperience,morethan4yearsofIDCconsultingplanningorIDCoperatingexperience;Richsolutionarchitectureexperience;Befamiliarwithpubliccloudbusinessmodeconsultingmethodology,orkeybusinessmixandbusinessmodedesigninpubliccloudarea.SeniorManagedServiceConsultantManagerOn-DemandTerryChenDeliverymanagerofCONNEXTInfraDeliveryManagerOn-Site11yearsprojectmanagerforITprojectMarkLiuSeniorSystemEngineerofCONNEXT

6yearsOperationforITprojectProjectManagerOn-SitePengYuanSeniorDevOps&IaCmanagerSeniorDevOps&IaCManagerOn-SiteJ