Announcing DC/OS 1.11: Edge & Multi-Cloud Operations Now a Reality
DC/OS 1.11 includes a unified control plane for multi/edge cloud operations, multi-layer security, and production Kubernetes-as-a-Service.
We are proud to announce the availability of Mesosphere DC/OS 1.11, which makes DC/OS an even better choice for deploying and operating all of your applications and data services with ease. This latest release adds three exciting new capabilities:
- Seamless Edge and Multi-Cloud Operations — Unifying multiple cloud providers and private datacenters has been the holy grail for infrastructure and operations teams since the birth of cloud computing. Gartner estimates 9 in 10 enterprises will adopt Hybrid Infrastructure Management within two years. Enterprises want the flexibility to choose where to run their applications based on cost, speed to market, and security & compliance considerations. Distributing today's applications and a growing set of data services across multiple infrastructures (including private and edge computing environments) helps guarantee quality of service and uptime. Bursting workloads to the cloud, disaster recovery across locations, and simplified management of edge compute and remote offices is now effortless with DC/OS as your unified control plane. DC/OS 1.11 allows you to pool public cloud, private datacenter, and edge compute resources into a single logical computer and intelligently schedule workloads anywhere from a unified user interface.
- Production Kubernetes-as-a-Service — Development teams around the world are flocking to Kubernetes as their preferred platform for containerizing and deploying applications. But as an operator, your options for supporting these teams are less than ideal. Installing, operating, and upgrading Kubernetes on your own infrastructure can be challenging, and the loss of control and high cost of using cloud hosted container services can trump their convenience. DC/OS provides a third way: operations teams can deploy, scale, and upgrade pure Kubernetes for all of the teams in their organization with one click, and run their stateless applications alongside the stateful services that underpin them. Following a successful beta release of Kubernetes on DC/OS 1.10, during which the technology was tested by many users and customers, DC/OS 1.11 makes Kubernetes on DC/OS generally available.
- Enhanced Data Security — Every company's most valuable asset is its data. However, that data is also constantly under threat from bad actors around the world. To retain the trust of their customers, partners, and shareholders, every business needs to protect their data and applications. This latest DC/OS release adds multi-layer security features to help you secure your entire application stack.
Since our first release of Mesosphere DC/OS nearly 3 years ago, we have focused on automating the best practices of cloud-native infrastructure and operations, so that you can accelerate your time to market, eliminate mundane operational tasks, and reduce your costs. Our customers and user community rely on DC/OS to deliver data-intensive applications like personalization, IoT, and predictive analytics. Our latest release continues our mission of making cloud native tools and infrastructure easy to deploy and operate, so that you can focus on creating the next generation of applications that will help you and your company succeed.
With Mesosphere DC/OS 1.11, mainstream companies can deliver personalized and data-driven experiences with far less specialized expertise. They can focus on their customers, not their infrastructure.
Keep reading to learn about the new features of DC/OS 1.11 in detail.
Unite Cloud Providers and Your Datacenter for Elastic, Truly Hybrid Infrastructure
For a long time, technology leaders have searched for a way to seamlessly pool resources from multiple-cloud environments. Mesosphere DC/OS has always provided a cloud-like operational experience by pooling cluster resources and automating applications services based on their unique operational requirements. Examples include all components of the SMACK stack and other popular data services on DC/OS. This means an automated and highly consistent management experience on any infrastructure where DC/OS is deployed.
Now with DC/OS 1.11 a single DC/OS cluster can pool resources from multiple public or private clouds at once, and operators can distribute workloads across multiple fault domains. This means that in addition to application-aware automation, DC/OS 1.11 adds cloud-aware automation that unleashes powerful new hybrid and multi-cloud operations capabilities, and helps to address enterprise-wide resourcing requirements.
Edge and Multi-Cloud Federation
- An operator using his or her DC/OS credentials can manage multiple clusters on different clouds from a single DC/OS interface by linking these clusters. This means operators can focus on the services they're running, not the differences of the underlying infrastructure. Whether it's an on-premises datacenter, cloud compute on Azure, AWS, or Google, or any other mix of resources, the underlying infrastructure is transparent to the operator - simply use the dropdown menu to switch to the cluster you want to manage.
- DC/OS operators can also run clusters that are stretched, where the agent nodes (the servers that do the work) can be in a remote location away from the master nodes (the brains of DC/OS). This means operators can minimize complexity of their infrastructure by deploying only agent nodes in edge datacenter or remote offices (where they are needed), while still having a single unified operating experience across their entire infrastructure.
Business Continuity and Disaster Recovery
- Keeping applications highly available is another key challenge for infrastructure operations. Outages can occur at multiple levels including server, rack, datacenter (e.g., AWS US-EAST-1), region (e.g., AWS US-EAST) or the entire cloud (e.g., all of AWS).
- DC/OS 1.11 allows operators to intelligently define fault domains and recover against this hierarchy to maximize service survivability. For example, within a region, stateless services can recover automatically from failures at the node, cluster, rack, or even site level. For stateful services, Mesosphere has partnered with Portworx to provide persistent storage for containers that is fully integrated with DC/OS, so users can easily run stateful services with highly available storage, bare-metal performance, and built-in data protection.
- DC/OS allows operators to easily deploy workloads to multiple regions (e.g., to AWS, and also on Azure), to enable multi-cloud high availability.
Scale applications across multiple clouds (or from local datacenters to public clouds) to accommodate rapid demand spikes and reduce infrastructure spend. Companies worldwide spend over $60 billion annually on cloud capacity they don't need. By creating a DC/OS cluster composed of agents from multiple clouds, operators can elastically scale by adding and removing nodes as needed (using Terraform or other basic scripts). DC/OS's cloud-aware scheduling capabilities can then schedule workloads to take advantage of the burst capacity.
Read more about DC/OS's Hybrid Cloud capabilities here.
Give Your Development Teams Kubernetes-as-a-Service on Any Infrastructure
DC/OS and Google Cloud Platform both provide pure Kubernetes by using a underlying platform to supply resources and automate operations. Unlike public cloud providers, however, DC/OS is agnostic to the infrastructure it runs on top of, so your Kubernetes-based applications, developer tools, and backing data services are all completely portable.
Production-Ready Kubernetes On Demand, Anywhere
- DC/OS makes it effortless to set up highly available Kubernetes for production — it automates 20+ steps and many hours (or days) of work into a single click, resulting in a fully functional deployment in minutes.
- Scale Kubernetes up or down for a seamless cloud-like experience.
- DC/OS automates Kubernetes installation on any infrastructure — AWS, Google Cloud, and Azure (using Terraform templates).
Pure Open Source & Always the Latest Version, Automatically
- We use the pure, open source version of Kubernetes - and always will.
- Count on the latest version of Kubernetes as soon as you're ready for it. Upgrade your Kubernetes deployment to the latest version in-place, without disruption, due to DC/OS application-aware automation.
Kubernetes, Dev Tools, & Data Services Happy Together
- Teams typically run Kubernetes with other tools to facilitate operations and support a delivery pipeline. Examples include Prometheus for monitoring, Jenkins for continuous integration/continuous delivery (CI/CD), and Elastic, Logstash, & Kibana for logging. All of these services run elastically together on a shared DC/OS cluster.
- The same DC/OS Kubernetes cluster also runs backing data services and machine learning tools such as Apache Spark, Apache Kafka, Apache Cassandra, & TensorFlow.
Read more about how DC/OS delivers Kubernetes-as-a-Service on any infrastructure here.
Enhanced Protection for Your Data-Rich Applications with Multi-Layer Security
Modern data-intensive applications have many components, and securing all of them can be hard. Containerized microservices are dynamically scheduled, discovered, load balanced, killed, and restarted by design, compounding security challenges even more, and making security strategies highly error-prone.
DC/OS is already secured with an encrypted control plane, and role-based access controls (RBAC) with integration with authentication providers to ensure that only authorized users with the right roles or privileges are provided access to services running on DC/OS.
DC/OS 1.11 adds additional layers of security for data services, which simplifies regulatory compliance by enabling transport level encryption for sensitive information in transit. DC/OS also simplifies data services integration with authentication, authorization, and access control mechanisms such as Kerberos, LDAP, and Active Directory. Secrets management in DC/OS has also been enhanced.
Secure Communications Within Distributed Data Services
- Transport layer security (TLS) ensures only trusted services can communicate with each other (server-to-server), and their client communications are also encrypted (server-to-client). For example, TLS ensures that two nodes of a Cassandra or Kafka cluster can communicate securely, by encrypting the network traffic between those nodes.
- Internal certificate authority automatically generates and dynamically distributes the required encryption certificates and configures the associated application.
- Encryption keys and certificates are securely stored in DC/OS's encrypted secret store and dynamically loaded only for authorized services or clients, providing an additional level of security for your sensitive data.
Control Which Applications Can Access Data Services
- By enabling client authentication for connections to application or data services, you can control which applications can read or write to those data services. Authentication mechanisms can include Kerberos, LDAP, or Active Directory protocols.
- Fine-grained client authorization and control over read and write operations. For example, you may decide to have only certain applications read or write to a specific topic within the Kafka service on DC/OS.
- DC/OS provides a centralized encrypted and access-controlled location for sensitive application credentials such as username/password, certificates and configuration files. Applications are automatically loaded with the right credentials at launch.
- DC/OS 1.11 adds a hierarchy, and multi-team isolation to the DC/OS secrets store, making it easier to manage which secrets can be accessed by various applications or teams.
Read more about DC/OS's multi-layer security.