IBM Cloud Private overview

IBM® Cloud Private is a next generation, pre-packaged enterprise-class solution, and platform for developing and managing containerized applications. It is an integrated environment for managing containers that includes the container orchestrator Kubernetes, a private image registry, a management console, and monitoring frameworks.

Why use IBM Cloud Private?

IBM Cloud Private delivers a customer-managed container solution for enterprises. Enterprises use the IBM Cloud Private platform for the following use cases:

IBM Cloud Private supports choice in application development with Kubernetes, Cloud Foundry, and function-based programming models. IBM Cloud Private is a private container as a service (CaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) cloud platform.

IBM Cloud Private is differentiated by providing production application services, application runtimes, data and analytics services, messaging services, caching services, and so on, that are necessary for developers to quickly and iteratively innovate based on their enterprise business needs.

Open source components

For the best experience in using IBM Cloud Private, you must understand how Kubernetes, Docker, and Helm work. These open source components are fundamental to the IBM Cloud Private platform. You use Kubernetes deployments to place instances of applications, which are built into Helm charts that reference Docker images. The Helm charts contain the details about your application, and the Docker images contain all the software packages that your applications need to run. You can learn more about these components in the documentation for each component:

Key features and benefits

IBM Cloud Private version 3.2.1 has the following key features and functions:

A unified installer

Rapidly set up a Kubernetes based cluster that contains master, worker, proxy, and optional management and Vulnerability Advisor nodes by using an Ansible based installer. This Ansible based installer is fast and simple to use. Run a few simple commands from a single boot node, and your cluster is up and running in a few minutes.

Robust monitoring and logging with ELK stack

Every container produces logs. Logs are critical for debugging and post-mortem in production failures. Twelve-factor applications break down into many microservices, which increases the number of logs across the containers you need to debug. Also, many logs are written in files within the container. IBM Cloud Private uses the ELK (Elasticsearch, Logstash, Kibana) stack and Filebeat. This monitoring and logging process provides a centralized store for all logs and metrics, better performance, and increased stability when you access and query logs and metrics.

You also can install Kibana or Grafana to query the data in the Elasticsearch database. You can use the results from these queries to produce insightful graphs and reports.

Monitoring and alerts

Every container must have its health monitored. Basic liveness probes in Kubernetes ensure that failed pods are restarted. However, this monitoring is only the beginning of your monitoring challenge across a containerized platform.

Every application container in every middleware container produces health metrics. IBM Cloud Private configures custom Prometheus collectors for custom metrics. Custom metrics help provide insights and building blocks for customer alerts and custom dashboards. IBM® Cloud Private uses a Prometheus and Grafana stack for system monitoring.

Metering

Every container must be managed for license usage. You can use the metering service to view and download detailed usage metrics for your applications and cluster. Fine-grained measurements are visible through the metering UI and the data is kept for up to three months. Monthly summary reports are also available for you to download and are kept for up to 24 months.

Identity and access

Identity and access management ensures consistent identity across all platform services. IBM Cloud Private introduces the concept of teams on top of raw Kubernetes roles/clusterroles. Teams bind a collection of resources, both inside and outside of Kubernetes, to a set of users with defined roles. The team model is based on the access control model from IBM UrbanCode Deploy.

Security

IBM Cloud Private ensures data in transit and data at rest security for all platform services. All services expose network endpoints via TLS and store data that is encrypted at rest. All services must provide audit logs for actions that are performed, when they were performed, and who performed the action. The security model ensures consistent audit trails for all platform services and compliance across all middleware.

IBM Vulnerability Advisor

Containers are constantly changing. Vulnerabilities must be identified on an ongoing basis. Key benefits of the Vulnerability Advisor include:

IBM Cloud Automation Manager

Containers are everything, however, not everything is in a container. IBM Cloud Automation Manager (CAM) is a multi-cloud, self-service management platform running on IBM® Cloud Private that empowers developers and administrators to meet business demands. This platform allows you to efficiently manage and deliver services through end-to-end automation while enabling developers to build applications aligned with enterprise policies.

IBM Edge Computing for Servers

Edge computing opens new ways of deploying workloads that operate closer to where data is created, and where actions are being taken. Specifically, edge computing expands the operating model for most enterprises by virtualizing the cloud beyond the four walls of the IT data center or cloud compute center.

With IBM Edge Computing for Servers, you can manage the deployment of containerized workloads to edge servers, gateways, and devices that are located in remote locations; such as a factory floor warehouse, airport, retail store, essentially anywhere that computing is needed outside of your data center or public cloud hosting environment.

IBM Edge Computing for Servers also includes support for an edge computing profile for significantly reducing the footprint of IBM Cloud Private when IBM Cloud Private is used as a remote edge server.

For more information, see IBM Edge Computing Opens in a new tab.

IBM Cloud Transformation Advisor

Most applications today aren’t in containers and clients need help with modernizing workloads. IBM Cloud Transformation Advisor enables insights into existing applications. Transformation Advisor is a tool that uses information about your WebSphere environment and applications. These inputs are combined with rules and insights gained from years of working with IBM WebSphere and IBM WebSphere applications to provide recommendations for your cloud journey.

Benefits:

IBM Cloud Private management console

Manage, monitor, and troubleshoot your applications and cluster from a single, centralized, and secure management console.

Kubernetes

To run a container in production, Kubernetes brings orchestration primitives to support different styles of workloads:

Private Docker image registry

The private Docker registry integrates with the Docker registry V2 API to provide a local registry service that functions in the same way as the cloud-based registry service, Docker Hub. This local registry has all the same features as Docker Hub, but you can also restrict which users can view or pull images from this registry.

Helm

Helm, the Kubernetes native package management system, is used for application management inside an IBM Cloud Private cluster. The Helm GitHub community curates and continuously expands a set of tested and preconfigured Kubernetes applications. You can add items from this catalog of stable applications to your cluster from the management console. Installing this Helm community catalog provides an extra 80+ Kubernetes applications that are ready for deployment in your cluster. To view a list of all the stable applications that are available from the Helm repository, see stable helm charts Opens in a new tab.

Helm charts describe even the most complex applications; provide repeatable application installation, and serve as a single point of authority. Helm charts are easy to update with in-place upgrades and custom hooks. Charts are also easy to version, share, and host on public or private servers. You can use helm rollback to roll back to an older version of a release with ease.

Catalog

IBM Cloud Private provides an easy to use, extend, and compose Catalog of IBM and third-party content. The following are some key concepts:

The Catalog provides a centralized location from which you can browse for and install packages in your cluster.

Packages for additional IBM products are available from curated repositories that are included in the default IBM Cloud Private repository list. Your environment must be connected to the internet for you to access the charts for these packages. To view a list of all the IBM Cloud Private charts, see stable IBM charts Opens in a new tab.

Kubernetes Service Catalog for managing service brokers

IBM Cloud Private supports the Kubernetes Service Catalog. You can configure the service broker applications to manage the Service Catalog resources and details.

The Service Catalog component adds the following Kubernetes resources:

The service broker is a component that implements the service broker API to view the available services and plans, create an instance from the available services and plans, and create bindings to connect to the service instance. For more information, see Service Catalog.