IBM Cloud Private overview
IBM Cloud Private is an application platform for developing and managing on-premises, containerized applications. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, a private image registry, a management console, and monitoring frameworks.
What is IBM Cloud Private?
IBM Cloud Private delivers a customer-managed container solution for enterprises. It is also available in a community edition, IBM® Cloud Private-CE, which provides a limited offering that is available at no charge and ideal for test environments.
IBM Cloud Private is a private container as a service (CaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) cloud platform. Enterprises use the platform for three main use cases:
- Developing and running production cloud native applications in a private cloud
- Securely integrating and using data and services from sources external to the private cloud
- Refactoring and modernizing heritage enterprise applications
Open source components
For the best experience in using IBM Cloud Private, you must understand how Kubernetes, Docker, and Helm work. These open source components are fundamental to the IBM Cloud Private platform. You use Kubernetes deployments to place instances of applications, which are built into Helm charts that reference Docker images. The Helm charts contain the details about your application, and the Docker images contain all the software packages that your applications need to run. You can learn more about these components in the documentation for each component:
- Helm Documentation
- Get Started, Part 1: Orientation and setup in the Docker documentation
- Kubernetes Basics in the Kubernetes documentation
Key features and benefits
IBM Cloud Private version 3.1.1 has the following key features and functions:
- A unified installer
- Robust monitoring and logging with ELK stack
- Monitoring and alerts
- Identity and access
- IBM Vulnerability Advisor
- IBM Cloud Automation Manager
- IBM Cloud Transformation Advisor
- IBM Microclimate
- IBM Cloud Private management console
- Private Docker image registry
- Kubernetes Service Catalog for managing service brokers
A unified installer
Rapidly set up a Kubernetes based cluster that contains master, worker, proxy, and optional management and Vulnerability Advisor nodes by using an Ansible based installer. This Ansible based installer is fast and simple to use. Run a few simple commands from a single boot node, and your cluster is up and running in a few minutes.
Robust monitoring and logging with ELK stack
Every container produces logs. Logs are critical for debugging and post-mortem in production failures. Twelve-factor applications break down into many microservices, which increases the number of logs across the containers you need to debug. Also, many logs are written in files within the container. IBM Cloud Private uses the ELK (Elasticsearch, Logstash, Kibana) stack and Filebeat. This monitoring and logging process provides a centralized store for all logs and metrics, better performance, and increased stability when you access and query logs and metrics.
You also can install Kibana or Grafana to query the data in the Elasticsearch database. You can use the results from these queries to produce insightful graphs and reports.
Monitoring and alerts
Every container must have its health monitored. Basic liveness probes in Kubernetes ensure failed pods are restarted. This, however, is only the beginning of your monitoring challenge across a containerized platform.
Every application container in every middleware container produces health metrics. IBM Cloud Private configures custom Prometheus collectors for custom metrics. Custom metrics help provide insights and building blocks for customer alerts and custom dashboards. IBM® Cloud Private uses a Prometheus and Grafana stack for system monitoring.
Every container must be managed for license usage. You can use the metering service to view and download detailed usage metrics for your applications and cluster. Fine-grained measurements are visible through the metering UI and the data is kept for up to three months. Monthly summary reports are also available for you to download and are kept for up to 24 months.
Identity and access
Identity and access management ensures consistent identity across all platform services. IBM Cloud Private introduces the concept of teams on top of raw Kubernetes roles/clusterroles. Teams bind a collection of resources, both inside and outside of Kubernetes, to a set of users with defined roles. The team model is based on the access control model from IBM UrbanCode Deploy.
IBM Cloud Private ensures data in transit and data at rest security for all platform services. All services expose network endpoints via TLS and store data which is encrypted at rest. All services must provide audit logs for actions performed, when they were performed, and who performed the action. The security model ensures consistent audit trails for all platform services and compliance across all middleware.
IBM Vulnerability Advisor
Containers are constantly changing. Vulnerabilities must be identified on an ongoing basis. Key benefits of the Vulnerability Advisor include:
- Image Scan for identification of security risks
- Identifying policy violations
- Determining best practice improvements
- Taking corrective actions
IBM Cloud Automation Manager
Containers are everything, however, not everything is in a container. IBM Cloud Automation Manager (CAM) is a multi-cloud, self-service management platform running on IBM® Cloud Private that empowers developers and administrators to meet business demands. This platform allows you to efficiently manage and deliver services through end-to-end automation while enabling developers to build applications aligned with enterprise policies.
IBM Cloud Transformation Advisor
Most applications today aren’t in containers and clients need help modernizing workloads. IBM Cloud Transformation Advisor enables insights into existing applications. Transformation Advisor is a tool that uses information about your WebSphere environment and applications. These inputs are combined with rules and insights gained from years of working with IBM WebSphere and IBM WebSphere applications to provide recommendations for your cloud journey.
- Included and deployed on IBM® Cloud Private
- Introspects existing IBM WebSphere deployments
- Provides recommendations for application modernization
Transforming innovative ideas into business value delivered through containers. IBM Microclimate enables rapid creation of new applications. Microclimate is an end-to-end development environment that you can use to rapidly create, edit, and deploy applications. Applications are run in containers from day one and can be delivered into production on Kubernetes through an automated DevOps pipeline using Jenkins. Microclimate can be installed either locally or on IBM® Cloud Private.
IBM Cloud Private management console
Manage, monitor, and troubleshoot your applications and cluster from a single, centralized, and secure management console.
To run a container in production, Kubernetes brings orchestration primitives to support different styles of workloads:
Private Docker image registry
The private Docker registry integrates with the Docker registry V2 API to provide a local registry service that functions in the same way as the cloud-based registry service, Docker Hub. This local registry has all the same features as Docker Hub, but you can also restrict which users can view or pull images from this registry.
Helm, the Kubernetes native package management system, is used for application management inside an IBM Cloud Private cluster. The Helm GitHub community curates and continuously expands a set of tested and preconfigured Kubernetes applications. You can add items from this catalog of stable applications to your cluster from the management console. Installing this Helm community catalog provides an extra 80+ Kubernetes applications that are ready for deployment in your cluster. To view a list of all the stable applications that are available from the Helm repository, see stable helm charts .
Helm charts describe even the most complex applications; provide repeatable application installation, and serve as a single point of authority. Helm charts are easy to update with in-place upgrades and custom hooks. Charts are also easy to version,
share, and host on public or private servers. You can use
helm rollback to roll back to an older version of a release with ease.
IBM Cloud Private provides an easy to use, extend, and compose Catalog of IBM and third-party content. The following are some key concepts:
- Charts: A bundle of Kubernetes resources
- Repository: A collection of charts
- Releases: A chart instance loaded into Kubernetes. The same chart can be deployed several times and each becomes its own release
The Catalog provides a centralized location from which you can browse for and install packages in your cluster.
Packages for additional IBM products are available from curated repositories that are included in the default IBM Cloud Private repository list. Your environment must be connected to the internet for you to access the charts for these packages. To view a list of all the IBM Cloud Private charts, see stable IBM charts .
Kubernetes Service Catalog for managing service brokers
IBM Cloud Private supports the Kubernetes Service Catalog. You can configure the service broker applications to manage the Service Catalog resources and details.
The Service Catalog component adds the following Kubernetes resources:
The service broker is a component that implements the service broker API to view the available services and plans, create an instance from the available services and plans, and create bindings to connect to the service instance. For more information, see Service Catalog.