施耐德中国Infra As code平台PaaS平台解决方案

施耐德中国InfraAscode平台解决方案项目需求分析-ConsolidationInfraascodePOC过程回顾Infraascode方案综述后续项目响应总体计划CONTENTSPage2项目需求分析POC要求分析/01ResourcePoolPage4AutoOpsFullscopeautomationoperationelementsAutomationoperationorchestrationCMDBMonitorDatacenterHypervisorHardwareCloudAWS(BJ/NX)AliLBDockerPlatformApp1App2AppNApp…OSCloudServiceLogPlatformStandardFunctionCMDBlayereddatamodelDetailsinglecomponentCMDBCrosscomponentCMDBAutodiscoveryforCMDBallianceStandardFunctionHardwareOS&SystemsCloudintegrationDB(SQL/NoSQL)/AppsAlertingandstagingCapacitymanagementWebchat/Mobile/SMSalertCI/CDCollectionSearchAnalysisAdditionalFunctionCMDBIntegrationAutodiscoveryandaligned(HW,OS,Service)TrustedAppsoverallstatuswithsubcomponentalertingconstrictionandintegration.SecurityAuditCIAlertAdditionalFunctionDatahealthandcertificationVirtualizationandreportingineverylayerIntegrationwithmonitoringandCI/CDcomponentReverseProxyApps(Interface+version)AppsDB(SQL/NoSQL)Sharecomponents(ESB/API/Mail/NFS……)ShardServicesConnectivityManagedComponentsBuildTestCDDeploytoStagingAcceptancetestingDeploytoPRDAccessLayer(DNS/CDN/GSLB/LB)E2Eoperationsolutions项目整体需求–架构说明-构建Infra级的CI/CD平台POC过程描述IaCDockerManagementCICDProcess/02Page6POC主要工作–对于POC需求的响应对于所有的功能在项目实施阶段均能实现，POC阶段从时间和环境考虑仅演示标记为绿色的部分。ResourcePoolAutoOpsFullscopeautomationoperationelementsAutomationoperationorchestrationCMDBMonitorDatacenterHypervisorHardwareCloudAWS(BJ/NX)AliLBDockerPlatformApp1App2AppNApp…OSCloudServiceLogPlatformStandardFunctionCMDBlayereddatamodelDetailsinglecomponentCMDBCrosscomponentCMDBAutodiscoveryforCMDBallianceStandardFunctionHardwareOS&SystemsCloudintegrationDB(SQL/NoSQL)/AppsAlertingandstagingCapacitymanagementWebchat/Mobile/SMSalertCI/CDCollectionSearchAnalysisAdditionalFunctionCMDBIntegrationAutodiscoveryandaligned(HW,OS,Service)TrustedAppsoverallstatuswithsubcomponentalertingconstrictionandintegration.SecurityAuditCIAlertAdditionalFunctionDatahealthandcertificationVirtualizationandreportingineverylayerIntegrationwithmonitoringandCI/CDcomponentReverseProxyApps(Interface+version)AppsDB(SQL/NoSQL)Sharecomponents(ESB/API/Mail/NFS……)ShardServicesConnectivityManagedComponentsBuildTestCDDeploytoStagingAcceptancetestingDeploytoPRDAccessLayer(DNS/CDN/GSLB/LB)E2Eoperationsolutions基于VMware完成POC：自动完成以下工作：自动化运维工具：自动建虚机（VMWare，OS，加监控）安装中间件或者其他发布应用（gitlab，源码）OS(DB)监控：日志(APP)加到ELK监控：实现所有工具的监控两个应用的监控(OS,数据库，中间件)报警(微信+邮件)监控的界面图示：使用Itop实现CMDB：工具和应用的信息导入Itop，手动拓扑和关联性的展示ConnextDevOps平台：演示CICD，docker：演示平台功能可看见demosite的发布过程Docker信息读取出来并生成CSV文件（后续可以导入CMDB）日志：Graylog系统搭建POC主要工作–综述Page7Page8POC主要工作–CMDB部署和功能展示导入ItopETDC导出CronJob定期任务DC/Cloud自动发现+手动导入Page9POC主要工作–基于Ansible的应用自动化安装部署截图Ansible脚本和剧本编排，实现自动化实施和运维相关工作包括VM资源创建，应用编译和部署，监控系统关联，CMDB写入，日志系统关联Page10POC主要工作–基于Terraform的基础架构资源部署（VM，Network）通过Terraform实现在Vmware，Azure环境下虚机，网络的自动化部署和批量部署。Terraform自动化建立虚机Page11POC主要工作–堡垒机（用户和行为管理）通过堡垒机实现：用户管理：添加删除，权限管理用户行为审计：登陆信息（后期可加上录屏等功能）Page12POC主要工作–DevOps平台演示Infraascode方案综述方案综述及典型场景描述/03ResourcePoolPage14AutoOpsFullscopeautomationoperationelementsAutomationoperationorchestrationCMDBMonitorDatacenterHypervisorHardwareCloudAWS(BJ/NX)AliLBDockerPlatformApp1App2AppNApp…OSCloudServiceLogPlatformStandardFunctionCMDBlayereddatamodelDetailsinglecomponentCMDBCrosscomponentCMDBAutodiscoveryforCMDBallianceStandardFunctionHardwareOS&SystemsCloudintegrationDB(SQL/NoSQL)/AppsAlertingandstagingCapacitymanagementWebchat/Mobile/SMSalertCI/CDCollectionSearchAnalysisAdditionalFunctionCMDBIntegrationAutodiscoveryandaligned(HW,OS,Service)TrustedAppsoverallstatuswithsubcomponentalertingconstrictionandintegration.SecurityAuditCIAlertAdditionalFunctionDatahealthandcertificationVirtualizationandreportingineverylayerIntegrationwithmonitoringandCI/CDcomponentReverseProxyApps(Interface+version)AppsDB(SQL/NoSQL)Sharecomponents(ESB/API/Mail/NFS……)ShardServicesConnectivityManagedComponentsBuildTestCDDeploytoStagingAcceptancetestingDeploytoPRDAccessLayer(DNS/CDN/GSLB/LB)E2Eoperationsolutions绿色框直接可以部署实现，红色框需要二次开发CICD和自动化集成后续项目响应计划Page15方案综述–打造Infra级自动化部署，运维和CI/CD平台展示层：CI:CD:OS&MiddlewareVM&NetworkApplication监控：CMDB：日志：Components：配置管理：代码管理：AlertManager原子化操作库IaaSResourceMiddlewareUIContainerAPPCIAPPSupportResourceMgmtTerraformResourceEngineResourceCITerraformResourceCDTerraformCMDBAnsibleMiddlewareReleaseAnsiblePatch&configurationAnsibleVMReleaseAnsibleLibraryPlatformServicePublicCloudVMandMiddlewarePrivate/publicCloudMonitoringEnginePrometheusAlarmingAlert

ManagerLogEngineELK+BeatsFamilyAuthorityMgmtLDAPPlaybookLibraryGitLabIntegrationEngineJenkinsContainerMgmtKubernetesContainerResourceVMPrivate/publicCloudDockerPrivateCloudDockerAzureContainerizedService-MySQL,

Redis,RabbitMQ,Zuul,erakaPrivateCloudResourceMgmtEngineBuildEngineMavenVMImageLibraryPrivate/publicCloudContainerImageLibraryHarborAPPCodeLibraryGitLabAPPcomponentsNexusContainerAPPCDVMAPPCDVMAPPCIVMReleaseRollbackMonitoringPresentationGrafanaContainerReleaseRollbackContainerAutoscalingContainerizedServiceContainerABReleaseProjectMgmtAPPCIAPPCDResourceCIResourceCDResourceMgmtNetworkMgmtUserMgmtBillingMgmtServiceMgmtLogPresentationGreyLogFunctionalOrchestrationEngineSecurityDockerAWSDockerAliDevopsFlowAccessControlJump

serverOperationMgmtIncidentEngineDailyCheckEngineTaskMgmtOp

ManagerSecurityScanningNiktoMicroserviceMonitoringHystrix+TurbineServiceChainMonitoringZipkin平台整体架构设计Page17自动化运维场景分析#1项目资源交付：Step1:创建VM，关联LB调用Step2:完成系统初始化部署监控，日志系统安全加固加域，配置AD配置登陆权限#2中间件部署-生命周期管理：Step1:完成资源部署更新CMDBStep2:部署中间配置文件Daily:每天自动巡检变更:运行changedeployPage18自动化运维场景分析#3VM资源创建和销毁：Step:VM配置和资源生命周期管理根据模板创建VM配置VMsize配置LB，NSG等策略定期维护资源标准#4OS配置标准化：Windows:定期更新OS本地组策略Linux:定期维护文件一致性更新Step:执行资源销毁销毁监控信息销毁VM，根据需求是否保留磁盘CreationRequestDeleteRequest更新定义策略Page19自动化运维场景分析#5补丁、漏洞管理：Step:完成补丁安装完成补丁安装验证工作#6DB运维关注的不是QPS最高的数据库，反而是繁忙度升高、响应度变差的数据库SQL语句语句执行日志收集分析，方便时段执行回溯更新Step:基于satellite系统补丁扫描系统补丁更新Windows补丁更新Linux补丁更新更新配置补丁策略补丁安装情况视图安全漏洞DBA操作规范建设/news-21-1106-1.htmlAlertManagerPage20典型场景--监控与展现显示所有的应用的状态点击应用查看拓扑以及有问题的节点点击节点查看具体监控信息，排查问题点击Host查看物理宿主机的状态Page21AutomaticBuildingDocker

ImageAutomaticTestingReleasePackageCodeLibraryVMsDockersReleaserProjectReleaseonCONNEXTCaaSSonarTestingManageVirtualMachinesonAzureorPrivateCloudMiddlewareDockerMiddlewareDocker…………HARBORProject

MGMTResource

MGMTConfig

MGMTUser

MGMTRelease

MGMTOperation

MGMTStorage

MGMTDashboardLog

MGMTKubernetesETCDCALICOConnextPaaSGitLabJenkins/Marven(Pipeline)NexusSonarQubeSharedPlatformReleaseCallTheVM-basedCodeofCI/CDDocker-basedCI/CDFlowcontrolPrometheus典型场景–CD部署（基于容器应用、基于虚机环境应用）CICD工作流程实现基于VM和Docker的CICD流程演示后续项目响应总体计划后续项目响应计划/04Page23后续响应安排由于时间原因，具体的详细场景和SOW在后续沟通中提供。√√√√√√√√√√√√√√√√√√√√√Page24NameExperienceRoleServicemodeSunnyGaoSeniorDeliveryDirectorofCONNEXTDeliveryDirectorRemoteJoeWangAccountDirectorofCONNEXTAccountDirectorOn-DemandApplicationandinfrastructurebusinessaccountdirector.MarshalJiangOver8yearsofITindustryexperience,morethan4yearsofIDCconsultingplanningorIDCoperatingexperience;Richsolutionarchitectureexperience;Befamiliarwithpubliccloudbusinessmodeconsultingmethodology,orkeybusinessmixandbusinessmodedesigninpubliccloudarea.SeniorManagedServiceConsultantManagerOn-DemandTerryChenDeliverymanagerofCONNEXTInfraDeliveryManagerOn-Site11yearsprojectmanagerforITprojectMarkLiuSeniorSystemEngineerofCONNEXT

6yearsOperationforITprojectProjectManagerOn-SitePengYuanSeniorDevOps&IaCmanagerSeniorDevOps&IaCManagerOn-SiteJ