“Ecosystem: a biological community of interacting organisms… a complex network or interconnected system.” —OED
At KubeCon 2016, Elliot had a moment to speak with SAP Labs' Nishi Davidson about some of the driving principles behind large-scale adoption of Kubernetes at SAP. Ecosystem partnerships tend to spring organically when thought-leading organizations agree that the same set of problems needs to be solved. As Nishi points out, secure, orchestrated service scaling is definitely one of those problems.
“Security scares the hell out of people,” she says. “The orchestration layer is up for debate, and sometimes people have [their own] views… but as far as security is concerned, everybody wants to collaborate.”
It's a jungle out there. In this episode of Safety at Speed, Elliott and Nishi discuss isolation in the world of bare metal applications, improving control while reducing cost, and embracing open source as a necessary tool for survival.
E: Hi, Nishi. Can you tell us a little bit about yourself—who are you, where you work, what your background is?
N: Sure, Elliott. I work at and represent SAP Labs, which is a research group in SAP that focuses on best practices in infrastructure and cloud delivery. We work with a lot of lines of businesses at SAP, as well as software product groups, and we introduce best practices with regard to cloud.
E: That sounds like a really complicated job in a demanding environment.
N: Yes, it is. Extremely complicated, and it's always difficult to work in a company where there are varying viewpoints, and try to introduce something that's innovative, good, stable, and is in the right direction.
E: Yeah. So, I went to your talk yesterday. We're here at KubeCon, which has a thousand people attending, so much bigger than last year, and next year they're planning for three thousand people.
E: This entire ecosystem around Kubernetes is forming, and a theme that I'm seeing here at the conference is that large businesses and enterprises have been using Kubernetes. Why is SAP interested in Kubernetes?
N: So, there are a couple of reasons.
From a technology standpoint... SAP has a very strong development culture. The German heritage always has been focused towards engineering, and SAP founders themselves are extremely engineering-focused. So, from a new technology perspective, a lot of change in SAP comes through the development community. And Kubernetes in general has a huge background in being developer-friendly, and it actually has a huge Github community out there, and a lot of developers inside of SAP believe that the clarity in thought and the design that Kubernetes provides, is very well-suited to the environment. So, that's one: developer perspective.
Second is, most of our applications that have been extremely successful in the market are built on Linux, and they've always had a foundation on Linux. They run on bare metal, and they're not Windows-friendly so if you think about it, the logical answer to isolation and to resource management will be containerization, not so much virtualization. And therefore the technical group in SAP is highly excited about the development in Docker, in Rocket, and we definitely want to forge ahead in that [direction]. And Kubernetes falls squarely in the zone of open source, which is very favorable to us. So, those are two of my top technical reasons.
From a business standpoint, if you look at the business drivers for our executives, they're concerned about stability. Stability for our SaaS lines of businesses. They're also concerned about growing costs, and trying to make the costs go down—as the company is really, really huge. And, from those two standpoints, if you actually start adding up the infrastructure cost—from server, from storage, from switches, and then Pylon, virtualization, the cost of the operating system, monitoring, logging... it is tremendously expensive. So we as a group have looked at OpenStack as being the centralized orchestration layer, because we believe in open source. And the obvious choice is to look at Kubernetes as well, because we think that eventually, from a business standpoint, it's going to bring costs down—and we all know Google is a leader in technology, and we believe that their design is going to be superior.
E: Yeah. That makes sense. Give us a sense of scale, working inside SAP... how many developers are working with the systems there? Maybe not necessarily using Kubernetes today, but over the entire business, or set of businesses, how many developers are we talking about?
N: So, until yesterday, I thought there were probably—forty people? Today I think there are probably 100-plus or 200 developers in different corners in SAP working on this. Primarily because I met my colleagues in Concur, they have a full system running...
E: ...and that's a business you acquired.
N: That's a SaaS line of business, and they've been deploying clusters after clusters in their operations environment. They told me that they've been meeting teams all across SAP—in China, in Germany—that are working on Kubernetes. In fact, an extension of our team that leads the OpenStack development also runs their complete control plane on bare-metal Kubernetes. So, we basically have a control plane that develops OpenStack components like Nova, and Swift, and all of these components inside of containers. So, I don't know. I think it's crazy large!
E: Yeah, that sounds huge. I mean, a company that is so big that you only discover other parts of the company by meeting them at a conference...
E: ...is pretty big.
N: And it's so exciting to like, meet people who are like-minded, and who believe in Linux, and who believe in open source. It's fantastic.
E: Yeah. So with a company that large, particularly one that has grown through acquiring other companies which had their own ways of doing things, and their own cultures and processes developed—what sort of interesting or thorny challenges have you run into as you try to balance security and stability, and at the same time you're tasked with introducing change and making things ready for the future?
N: As far as our multiple lines of businesses are concerned, the challenges that we face are tools that people want to use in order to deploy containers—so, some are interested in Kubernetes, some are interested in HashiCorp portfolio, some are interested in Mesosphere. That being said, the majority are looking at Kubernetes for the reasons I just described. As far as security is concerned, that's an area where people are willing to collaborate and learn from each other... security always scares the hell out of people.
N: And we all, if somebody finds a better way to help us work with SELinux, or do something different that allows isolation to happen in a better manner between the kernel and the containers, we're willing to listen to anyone. So the interesting part is, the orchestration layer is up for debate, and sometimes people have views—orchestration of containers, and what monitoring tools you use, blah... but, as far as security is concerned, everyone wants to collaborate.
N: So, I think going forward, even if we pick SELinux as the right direction to go forward, it's a little difficult to handle and easily work with. And we across SAP are going to collaborate in terms of how we do the security aspect of containerization and container orchestration.
E: When you're successful introducing this whole new set of tools, whichever particular tools end up being selected, will the rate of change be faster or slower inside the company?
N: I think the major thing that's slowing down the process of adoption is containerization. Most of our applications are running inside VMs, believe it or not. Even though it's built for Linux, most of our applications are running inside VMs. It works, and we have -- a majority of the resources in the company know how virtual machines work.
N: So therefore, from a resource training standpoint, and from a “fixing today's problem” vs. innovation standpoint, people are going to take slow steps towards containerizing all their applications. But once that hill is crossed, you know... you start containerizing some big applications like KANA, or some of your larger applications inside your line of business—human capital management, ERP, S4/HANA, it's just going to be adoption at a skyrocketing pace. Because really, Kubernetes and the community is giving you an infrastructure, orchestration, monitoring, all of these infrastructure platform tools, but they can't containerize your application. That's something that you have to do. And once you do that? There's no stopping it.