Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services

Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services

by Silvano Gai
Released January 2020
Publisher(s): Addison-Wesley Professional
ISBN: 9780136624226

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Prepare for the future of cloud infrastructure: Distributed Services Platforms

By moving service modules closer to applications, Distributed Services (DS) Platforms will future-proof cloud architectures–improving performance, responsiveness, observability, and troubleshooting. Network pioneer Silvano Gai demonstrates DS Platforms’ remarkable capabilities and guides you through implementing them in diverse hardware.

Focusing on business benefits throughout, Gai shows how to provide essential shared services such as segment routing, NAT, firewall, micro-segmentation, load balancing, SSL/TLS termination, VPNs, RDMA, and storage–including storage compression and encryption. He also compares three leading hardware-based approaches–Sea of Processors, FPGAs, and ASICs–preparing you to evaluate solutions, ask the right questions, and plan strategies for your environment.

  • Understand the business drivers behind DS Platforms, and the value they offer

  • See how modern network design and virtualization create a foundation for DS Platforms

  • Achieve unprecedented scale through domain-specific hardware, standardized functionalities, and granular distribution

  • Compare advantages and disadvantages of each leading hardware approach to DS Platforms

  • Learn how P4 Domain-Specific Language and architecture enable high-performance, low-power ASICs that are data-plane-programmable at runtime

  • Distribute cloud security services, including firewalls, encryption, key management, and VPNs

  • Implement distributed storage and RDMA services in large-scale cloud networks

  • Utilize Distributed Services Cards to offload networking processing from host CPUs

  • Explore the newest DS Platform management architectures

Building a Future-Proof Cloud Architecture is for network, cloud, application, and storage engineers, security experts, and every technology professional who wants to succeed with tomorrow’s most advanced service architectures.

Table of contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Dedication Page
  6. Contents at a Glance
  7. Contents
  8. List of Figures
  9. Figure Credits
  10. Preface
    1. The Motivation for Writing this Book
    2. Who Should Read This Book
    3. Chapter Organization
    4. Help Improve This Book
    5. With Contributions by
  11. About the Authors
  12. Acknowledgments
  13. Chapter 1. Introduction to Distributed Platforms
    1. 1.1 The Need for a Distributed Services Platform
    2. 1.2 The Precious CPU Cycles
    3. 1.3 The Case for Domain-Specific Hardware
    4. 1.4 Using Appliances
    5. 1.5 Attempts at Defining a Distributed Services Platform
    6. 1.6 Requirements for a Distributed Services Platform
    7. 1.7 Summary
  14. Chapter 2. Network Design
    1. 2.1 Bridging and Routing
    2. 2.2 Clos Topology
    3. 2.3 Overlays
    4. 2.4 Secure Tunnels
    5. 2.5 Where to Terminate the Encapsulation
    6. 2.6 Segment Routing
    7. 2.7 Using Discrete Appliance for Services
    8. 2.8 Cache-Based Forwarding
    9. 2.9 Generic Forwarding Table
    10. 2.10 Summary
    11. 2.11 Bibliography
  15. Chapter 3. Virtualization
    1. 3.1 Virtualization and Clouds
    2. 3.2 Virtual Machines and Hypervisors
    3. 3.3 Containers
    4. 3.4 The Microservice Architecture
    5. 3.5 OpenStack
    6. 3.6 NFV57
    7. 3.7 Summary
    8. 3.8 Bibliography
  16. Chapter 4. Network Virtualization Services
    1. 4.1 Introduction to Networking Services
    2. 4.2 Software-Defined Networking
    3. 4.3 Virtual Switches
    4. 4.4 Stateful NAT
    5. 4.5 Load Balancing
    6. 4.6 Troubleshooting and Telemetry
    7. 4.7 Summary
    8. 4.8 Bibliography
  17. Chapter 5. Security Services
    1. 5.1 Distributed Firewalls
    2. 5.2 Microsegmentation
    3. 5.3 TLS Everywhere
    4. 5.4 Symmetric Encryption
    5. 5.5 Asymmetric Encryption
    6. 5.6 Digital Certificates
    7. 5.7 Hashing
    8. 5.8 Secure Key Storage
    9. 5.9 PUF91
    10. 5.10 TCP/TLS/HTTP Implementation
    11. 5.11 Secure Tunnels
    12. 5.12 VPNs94
    13. 5.13 Secure Boot
    14. 5.14 Summary
    15. 5.15 Bibliography
  18. Chapter 6. Distributed Storage and RDMA Services
    1. 6.1 RDMA and RoCE
    2. 6.2 Storage
    3. 6.3 Summary
    4. 6.4 Bibliography
  19. Chapter 7. CPUs and Domain-Specific Hardware
    1. 7.1 42 Years of Microprocessor Trend Data
    2. 7.2 Moore’s Law
    3. 7.3 Dennard Scaling
    4. 7.4 Amdahl’s Law
    5. 7.5 Other Technical Factors
    6. 7.6 Putting It All Together
    7. 7.7 Is Moore’s Law Dead or Not?
    8. 7.8 Domain-specific Hardware
    9. 7.9 Economics of the Server
    10. 7.10 Summary
    11. 7.11 Bibliography
  20. Chapter 8. NIC Evolution
    1. 8.1 Understanding Server Buses
    2. 8.2 Comparing NIC Form Factors
    3. 8.3 Looking at the NIC Evolution
    4. 8.4 Using Single Root Input/Output Virtualization
    5. 8.5 Using Virtual I/O
    6. 8.6 Defining “SmartNIC”
    7. 8.7 Summary
    8. 8.8 Bibliography
  21. Chapter 9. Implementing a DS Platform
    1. 9.1 Analyzing the Goals for a Distributed Services Platform
    2. 9.2 Understanding Constraints
    3. 9.3 Determining the Target User
    4. 9.4 Understanding DSN Implementations
    5. 9.5 Summary
    6. 9.6 Bibliography
  22. Chapter 10. DSN Hardware Architectures
    1. 10.1 The Main Building Blocks of a DSN
    2. 10.2 Identifying the Silicon Sweet Spot
    3. 10.3 Choosing an Architecture
    4. 10.4 Having a Sea of CPU Cores
    5. 10.5 Understanding Field-Programmable Gate Arrays
    6. 10.6 Using Application-Specific Integrated Circuits
    7. 10.7 Determining DSN Power Consumption
    8. 10.8 Determining Memory Needs
    9. 10.9 Summary
    10. 10.10 Bibliography
  23. Chapter 11. The P4 Domain-Specific Language
    1. 11.1 P4 Version
    2. 11.2 Using the P4 Language
    3. 11.3 Getting to Know the Portable Switch Architecture
    4. 11.4 Looking at a P4 Example
    5. 11.5 Implementing the P4Runtime API
    6. 11.6 Understanding the P4 INT
    7. 11.7 Extending P4
    8. 11.8 Summary
    9. 11.9 Bibliography
  24. Chapter 12. Management Architectures for DS Platforms
    1. 12.1 Architectural Traits of a Management Control Plane
    2. 12.2 Declarative Configuration
    3. 12.3 Building a Distributed Control Plane as a Cloud-Native Application
    4. 12.4 Monitoring and Troubleshooting
    5. 12.5 Securing the Management Control Plane
    6. 12.6 Ease of Deployment
    7. 12.7 Performance and Scale
    8. 12.8 Failure Handling
    9. 12.9 API Architecture
    10. 12.10 Federation
    11. 12.11 Scale and Performance Testing
    12. 12.12 Summary
    13. 12.13 Bibliography
  25. Index
  26. Code Snippets

Product information

  • Title: Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services
  • Author(s): Silvano Gai
  • Release date: January 2020
  • Publisher(s): Addison-Wesley Professional
  • ISBN: 9780136624226