From e9180fcf2c1bfbf604aa80cbced59fd27f25f8c3 Mon Sep 17 00:00:00 2001 From: Anthony Dillon Date: Mon, 28 Sep 2020 16:20:55 +0100 Subject: [PATCH 1/6] Update homepage content --- templates/index.html | 84 ++++++++++++++++++++++---------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/templates/index.html b/templates/index.html index 7d09ab693aa..5ac457a61e0 100644 --- a/templates/index.html +++ b/templates/index.html @@ -56,9 +56,9 @@

In production at

Clean, composable operators

-

Do one thing and do it well

+

Do one thing and do it well

- Keep each operator as simple as possible, then compose them to create rich application graph topologies for complex solutions with a simple, consistent experience and much less YAML. + Juju operator integration allows us to keep each operator as simple as possible, then compose them to create rich application graph topologies that support complex scenarios with a simple, consistent experience and much less YAML. The UNIX philosophy of ‘doing one thing well’ applies to large-scale operations code too, and the benefits of clarity and reuse are exactly the same. Small is beautiful.

@@ -67,34 +67,34 @@

Clean, composable operators

-

Both cloud-native and legacy ‘machine’ workloads

-

Operators for traditional apps on bare metal, VMWare and IAAS

+

K8s and legacy estate operators

+

Universal operators for K8s as well as traditional Linux and Windows apps on bare metal, VMWare and IAAS

- Embrace the operator pattern for your entire business, including legacy estate. Dramatically reduce maintenance and operations costs for traditional workloads without re-platforming to K8s. The Juju Operator Lifecycle Manager (OLM) uniquely supports both container and machine-based apps, with seamless integration between them. + Juju allows you to adopt the operator pattern for your entire estate, including legacy apps. Model-driven operations dramatically reduce maintenance and operations costs for traditional workloads without re-platforming to K8s. Once charmed, legacy apps become multi-cloud ready, too. The Juju Operator Lifecycle Manager (OLM) uniquely supports both container and machine-based apps, with seamless integration between them.

-
+
-

Multi-cloud freedom

-

Portable operations code, tested on cloud and on premise

+

Reusable integration code

+

An application graph drives pre-packaged integration code in the operator

- Deploy any scenario on any cloud, and integrate easily across cloud boundaries. Achieve full multi-cloud independence with the operator pattern — not only for containers but also for legacy physical, virtual and cloud machine estate. + Custom integration code is the biggest waste of time in enterprise operations. Our mission is to share integration code along with ops code, so we don’t just drive the app lifecycle with operators, we use the Juju OLM’s declarative operator integration to share and reuse open source integration code for better security and cost.

-
+
-

Reusable integration code

-

Application graph drives integration code packaged in the operator

+

Multi-cloud operators

+

Portable operations code tested on every major public cloud, and on premise too

- The biggest waste of enterprise time is custom integration. Don’t just drive the app lifecycle with operators, use the Juju OLM’s declarative operator integration to share and reuse open source integration code. + The encapsulation of ops code in charms allows us to deploy any scenario on any cloud, and integrate easily across cloud boundaries. Because the Juju OLM handles provisioning we achieve full multi-cloud independence with cloud-agnostic operators - not only for Kubernetes container workloads but also for legacy physical, virtual and cloud applications. Build models on any cloud, and unify your application management on public cloud, private cloud and container estate with JAAS, the multi-cloud enterprise dashboard for Juju.

@@ -104,9 +104,9 @@

Reusable integration code

The Open Operator Collection

-

Community-driven service catalogue for better operations

+

Community-driven operator catalogue

- The largest portfolio of operators for Kubernetes and traditional machine-based applications that work consistently and integrate seamlessly. Any cloud, any machines, or any Kubernetes, on any architecture, with long term support and maintenance. + Charmhub is the largest portfolio of operators for Kubernetes as well as traditional Linux applications or Windows applications that work consistently and integrate seamlessly. Open source principles and the Open Operator Manifesto guide the community. Find operators to drive apps on any cloud, or any bare metal, or any Kubernetes, on any architecture, with long term support and maintenance.

@@ -116,11 +116,10 @@

The Open Operator Collection

Highly available Enterprise OLM

-

Production-grade operator lifecycle management -

+

Production-grade operator lifecycle management

- Built in Go for mission-critical workloads to embrace the operator pattern for both infrastructure and applications, across cloud-native and traditional estate. Juju provides resilient leader-election as a service to every operator. -

+ Juju is built to run mission-critical infrastructure and applications, across cloud-native and traditional estate. The OLM controller itself features autonomous, self-healing high availability, and provides resilient leader-election as a service that enables vendors and communities to create HA operators easily. Creating operators that support high availability is straightforward in the Python Operator Framework. +

@@ -129,10 +128,10 @@

Highly available Enterprise OLM

OLM-as-a-service

-

Multi-cloud hosted Operator Lifecycle Manager

+

Multi-cloud hosted Operator Lifecycle Manager

- Run your own OLM anywhere, with or without Kubernetes. Or use JAAS.ai as a fully managed multi-cloud multi-tenant infinitely scalable lifecycle manager for models on any cloud. -

+ You can run your own Juju OLM anywhere, with or without Kubernetes. But instead of maintaining many OLM controllers across all the regions of all the clouds, you can use JAAS to offer a single enterprise-wide service for operator management and governance. For public cloud estate, JAAS.ai is a fully managed, multi-cloud, multi-tenant, infinitely scalable lifecycle manager. +

@@ -143,7 +142,8 @@

OLM-as-a-service

Consistent operator experience

Many operators, one CLI for lifecycle, config, integration and ops

- Unify the operator experience for diverse workloads from multiple vendors and communities. One consistent CLI for operator installation, updates, configuration, integration, scaling, and everyday ops like backup and restore. That makes documentation and training much simpler. + Unify the operator experience for diverse workloads from multiple vendors and communities. One consistent CLI for operator installation, updates, configuration, integration, scaling, and everyday ops like backup and restore. This consistent experience for all application management makes documentation and training much simpler and streamlines the process of onboarding new software into the enterprise.

@@ -153,9 +153,9 @@

Consistent operator experience

SAAS integration

-

Third-party SAAS is just another app in the model

+

Third-party SAAS is just another operator in the model

- Drive SAAS with operators too, for cloud deployments that combine software and SAAS seamlessly. For example, substitute Amazon RDS MySQL anywhere you use the MySQL operator. + Drive SAAS with operators too, for cloud deployments that combine software and SAAS seamlessly. For example, substitute the Amazon RDS PostgreSQL operator anywhere you normally use the PostgreSQL operator. It is even straightforward to connect SAAS from one cloud to SAAS from another cloud.

@@ -164,10 +164,10 @@

SAAS integration

-

Run your own SAAS

-

Offer and consume managed apps between teams

+

Offer home-grown SAAS internally

+

Integrate managed apps between teams

- Delegate service operations to independent teams for home-grown SAAS, integrated across models in the enterprise. Your DBA team can run databases on cloud or on prem which other teams consume as SAAS. + Juju model-driven operations make it easy to delegate application operations to independent teams for home-grown SAAS. Each team that runs applications with Juju can offer them to other teams, to integrate across models in the enterprise. Each model has its own administrators, and cross-model integration just requires permission from both sets of admins. Your DBA team can run databases on cloud or on prem which other teams consume as SAAS. This even works across different clouds!

@@ -179,7 +179,7 @@

Run your own SAAS

Devsecops by design

Encapsulate security best practices with every service or application

- Operators provide repeatable best practice for installation, update, configuration, and integration. We track security issues in operators with CVEs and distribute patches automatically, so you can manage compliance professionally. And of course, open source operators evolve to meet multiple industry security and compliance standards. + Operators provide repeatable security best practice for hardened application installation, update, configuration, and integration. We track security issues in operators with CVEs and distribute patches automatically, so you can manage compliance professionally. And of course, open source operators evolve to meet multiple industry security and compliance standards.

@@ -189,9 +189,9 @@

Devsecops by design

Pure Python operators

-

Cleaner infra-as-code with the Python Operator Framework.

+

Cleaner infra-as-code with the Python Operator Framework

- You can write operators in any language with the Juju OLM, but most prefer Python. Every instance of every app in every deployment becomes an object, with methods for integration and operations. Clean, accessible code with a fully asynchronous API. Just perfect, just Python. + You can write operators in any language with the Juju OLM, but most people prefer Python. Every instance of every app in every deployment becomes an object, with methods for integration and operations. Clean, accessible code with a fully asynchronous API. Just perfect, just Python. Charmcraft lets you share libraries between charms easily for smoother operator integration.

@@ -200,11 +200,11 @@

Pure Python operators

-

Windows workload operators

-

Create operators for Windows workloads for cross-platform integration

+

Windows operators

+

Create operators for Windows apps for cross-platform integration

- Full support for Windows applications enables consistent use of the operator pattern across the entire business IT estate. Windows operators integrate perfectly with remote applications on Kubernetes and clouds thanks to Juju cross-model relations. -

+ Full support for Windows applications enables consistent use of the operator pattern across the entire business IT estate. Windows operators integrate perfectly with remote applications on Kubernetes and public clouds thanks to Juju cross-model relations. +

@@ -215,8 +215,8 @@

Windows workload operators

App-centric operations

Manage apps and services, not configuration files

- It’s not about configuration management, it’s about application management. Operators encapsulate applications to handle the details, especially in containers where config management doesn’t work. -

+ It’s not about configuration management, it’s about application management. Operators encapsulate applications to handle the details, especially in containers where config management doesn’t work. This allows organisations to onboard new applications faster, because they don’t need to train admins on the details of configuration for every new application. +

@@ -228,8 +228,8 @@

Model-driven operations

Operators respond to real time desired state model

- Integrated applications share a single model, so that changes can be made in one place and propagate to all affected applications. Each model is a separate RBAC domain for segregated management and administration controls. -

+ Integrated applications on the same substrate share a single model, so that changes can be made in one place and propagate to all affected applications. Each model is a separate RBAC domain for segregated management and administration controls. Multiple models can be composed and integrated into a single multi-cloud scenario. +

@@ -403,19 +403,19 @@

Why choose the Juju OLM?

Linux 
sudo snap install juju
-

Install instructions ›

+

Install instructions ›

Windows

Download Juju for Windows

-

Install instructions ›

+

Install instructions ›

macOS 
brew install juju
-

Install instructions ›

+

Install instructions ›

From 938972575378eca31dddff1c8a1ee2ac083d6f0a Mon Sep 17 00:00:00 2001 From: Anthony Dillon Date: Mon, 28 Sep 2020 16:35:20 +0100 Subject: [PATCH 2/6] Update model-driven-operations page --- templates/about/model-driven-operations.html | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/templates/about/model-driven-operations.html b/templates/about/model-driven-operations.html index 7140c40c5d9..e45c79e1ae1 100644 --- a/templates/about/model-driven-operations.html +++ b/templates/about/model-driven-operations.html @@ -18,7 +18,7 @@

Model-driven operations

@@ -69,23 +69,23 @@

Where we run the applications

A single scenario might in fact involve several models on different substrates, because it involves applications that must run in multiple different clouds. I might have some components on my mainframe, some on a public cloud, some on a different cloud Kubernetes cluster, and some on servers. Each of those compute substrates would get a model, and applications placed in each model will run on that substrate.

-

Who will be responsible for each application

+

Who is responsible for each application

Models also allow different groups of administrators to be responsible for particular subsets of the applications in the scenario. Since permissions are allocated by model, it is convenient to represent organisational boundaries in models as well. One team that has responsibility for the data lake could have permissions to administer a model with those components, another team that is responsible for machine learning could have permission to administer a second model.

When we have separate teams responsible for subsets of the applications, we create a scenario with two models on the same substrate to segregate responsibilities. Since applications can be integrated across model boundaries, multiple models do not complicate the overall scenario design. So the second business decision is who has permission to administer each model.

-

Which applications we compose in the scenario

+

Which applications we compose in the scenario

The third business decision is which applications will be needed in that scenario. Operators are placed into models using the Juju operator lifecycle manager. The operators are integrated through matching integration points. Each line of integration represents a particular way in which those two operators are composed. Operators can be composed in many ways, if two operators have multiple pairs of matching integration points then there can be multiple lines of integration between them. The net effect is a rich application graph on the canvas.

This graph is an abstraction. The same graph could describe a small deployment, on Raspberry Pi hosts, or a large deployment, on dual-socket x86 servers. The graph describes the logical relationships between the applications. We can reuse this graph on different substrates to build multiple copies of the same idea, for example development, staging and production.

-

How much we spend

+

How much we spend on capacity

-To make this abstract model real, we need to provide some compute capacity, some storage, and possibly some networks on which those applications will be run. This is the fourth business decision that we must take — how much we want to spend on this particular application. +To make this abstract model real, we need to provide some compute capacity, some storage, and possibly some networks on which those applications will run. This is the fourth business decision that we must take — how much we want to spend on capacity for this particular scenario.

On a machine substrate, like IAAS or VMware or bare metal with MAAS, compute capacity takes the form of machines. By allocating machines to the model we make a business decision — how much hardware we want to spend on this application. In the cloud, compute capacity is explicitly financial because it is clear that you are spending money for each instance hour. Bare metal has the same financial considerations. Every host has a cost, placing more hosts into the model, or more expensive hosts is a business decision. @@ -144,7 +144,7 @@

Applications, workloads and operators

So ‘application’ is the name in the application graph in the model, an application in the model is defined by its operator and configuration, an operator can be used multiple times in a model under different names. The workload is the actual processes driven by the operator when it is running.

-

Subordinate applications

+

Subordinate applications

There are certain software components which play a supporting role. They are essential, but they are not the reason for the model to exist. In business terms, they are not the drivers of resource allocation.

From 2dc41ecffc1ad0150b29183cd43687ac16b0e883 Mon Sep 17 00:00:00 2001 From: Anthony Dillon Date: Mon, 28 Sep 2020 16:41:06 +0100 Subject: [PATCH 3/6] Update hosted-olm page --- templates/about/hosted-olm.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/about/hosted-olm.html b/templates/about/hosted-olm.html index 14f40da8805..19748bcf17d 100644 --- a/templates/about/hosted-olm.html +++ b/templates/about/hosted-olm.html @@ -15,7 +15,7 @@

JAAS.ai is multi-cloud OLM as a service

If you don’t want to run your own Juju controllers, you can get someone else to do it for you!

-The public site JAAS.ai is a hosted Juju service that spans all the public clouds. Any user can login there and start to create models on their public cloud accounts or Kubernetes clusters. JAAS.ai supports both machine and Kubernetes models across the major public clouds. The service is run by Canonical on highly-available instances on each of the public clouds. +The public site JAAS.ai is a hosted Juju service that spans all the public clouds. Any user can login there and start to create models on their public cloud accounts or Kubernetes clusters. JAAS.ai supports both machine and Kubernetes models across all major public clouds. The service is run by Canonical on highly-available instances on each of the public clouds.

Addressing operator sprawl

From 68e3f5f370bb0f346fbca33d0d13be598ec14591 Mon Sep 17 00:00:00 2001 From: Anthony Dillon Date: Mon, 28 Sep 2020 16:43:17 +0100 Subject: [PATCH 4/6] Update operator-lifecycle-manager page --- templates/about/operator-lifecycle-manager.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/about/operator-lifecycle-manager.html b/templates/about/operator-lifecycle-manager.html index 144f603da8f..a273e3885d4 100644 --- a/templates/about/operator-lifecycle-manager.html +++ b/templates/about/operator-lifecycle-manager.html @@ -107,7 +107,7 @@

Removing operators

Policy, settings and the command-line options will govern the consequences for storage associated with the removed application — it may be archived or it may be destroyed as well.

-

Configuration

+

Operator configuration

Another benefit of an OLM is consistent configuration of operators from a wide range of vendors and communities.

@@ -127,7 +127,7 @@

Scaling

The Juju OLM explicitly models application scale, and provides mechanisms for integrated applications to be aware of changes in their own and related application scale.

-

Everyday operations actions

+

Everyday operations actions

Any long-lived workload requires maintenance or administrative activities. Backup, restore, reset, checkpoint, benchmarking, and application-specific operations occur both on a schedule and as interrupts for the administrator.

From 3700ef437a415a72715fb6e096b199da28ed1295 Mon Sep 17 00:00:00 2001 From: Anthony Dillon Date: Mon, 28 Sep 2020 16:56:51 +0100 Subject: [PATCH 5/6] Update devsecops page --- templates/about/devsecops.html | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/templates/about/devsecops.html b/templates/about/devsecops.html index 7375ae7ec3e..e8752e7a255 100644 --- a/templates/about/devsecops.html +++ b/templates/about/devsecops.html @@ -4,48 +4,48 @@ {% block meta_copydoc %}https://docs.google.com/document/d/10tjWftKVRrmsUn9R5vSLlRtLS0o0nwBbKA4Av5m840w/edit#{% endblock meta_copydoc %} -{% block meta_description %}The Open Operator Collection community brings ‘many eyes’ to devsecops. Shared, open source operators represent best practice both for operations and for security, greatly increasing quality and reducing the cost of high-security, compliant operations for all end users of the operator collection.{% endblock %} +{% block meta_description %}Juju has security at its core. Shared, open source operators distill best practice both for operations and for security, to ensure safe deployments across the global community.{% endblock %} {% block about_content %}

Community-driven DevSecOps

Combining the operator pattern and devsecops
with open source community processes

-

Hardened open source operators

+

Hardened open source operators

The Open Operator Collection community brings ‘many eyes’ to devsecops. Shared, open source operators represent best practice both for operations and for security, greatly increasing quality and reducing the cost of high-security, compliant operations for all end users of the operator collection.

What is DevSecOps?

DevSecOps means integrating the expertise of security specialists into the DevOps process.

-

The shift to agile development, continuous integration and continuous deployment drove the rise of devops, combining development and production operations expertise into agile teams. Devops meant that development teams now also had to understand the production consequences of their work, taking responsibility for performance, upgrades, and reliability.

-

DevSecOps extends this to recognise the importance of security. Since devops means faster deployments, there are fewer opportunities to review security before code is deployed to production. Instead of trying to address security after the fact, DevSecOps brings the security expertise into the devops team and makes security the responsibility of the combined group.

+

The shift to agile development, continuous integration and continuous deployment drove the rise of devops, combining development and production operations expertise into agile teams. Devops meant that development teams also had to understand the production consequences of their work, taking responsibility for performance, upgrades, and reliability.

+

Devsecops extends this principle to recognise the importance of security. Since devops means faster deployments, there are fewer opportunities to review security before code is deployed to production. Instead of trying to address security after the fact, Devsecops brings the security expertise into the devops team and makes security the responsibility of the combined group.

Security becomes a shared responsibility, tightly integrated into the devops process. Security design, security reviews, and security responses all take place in the arena of continuous integration, testing and deployment. Automation of security monitoring and analysis is crucial, since there will be fewer opportunities for lengthy analysis of static systems in production given the fast pace of change inherent to continuous deployment.

-

Containerized operations need DevSecOps

-

The cloud-native preference for immutable containers means that security can never be addressed in production, but must be addressed in the source tree of the containers which are being deployed. Since all deployments are automated, the security design and review process must take place at the same time as development.

-

Even the underlying infrastructure on which applications are deployed is likely to be software-defined infrastructure-as-code, with continuous deployment processes driving high speed change. So devsecops is necessary, all the way from the baseline infrastructure to the applications themselves.

+

Containerized operations require devsecops

+

A central shared repository of operators creates the opportunity for security reviews at a community level, bringing specialist perspectives which would not be available to every project in every organisation.

+

The benefits of an open source approach are well understood; expertise is pooled, costs are reduced, security fixes are provided faster. These same benefits apply to operators which are of course software packages, even though their purpose is to drive operations.

Reuse drives quality

-

A key benefit of the operator pattern is the ability to reuse operations logic. Reuse of code drives quality. The more scenarios in which operations logic is used, the more it reflects experience and insights. In the ideal case, an operator is used across many organisations so that it also provides the mechanism for sharing the cost of implementation across multiple parties, reducing the cost to each individual user.

+

A key benefit of the operator pattern is the ability to reuse operations logic. Reuse of code drives quality. When ops code is reused in more scenarios, it reflects more experience and insights. In the ideal case, an operator is used across many organisations and many clouds so that the cost of implementation is shared across multiple parties, reducing the cost to each individual user.

The Open Operator Collection is a community-driven approach to operator design and development. The collection is a portfolio of consistent operators, developed by vendors, open source leaders, and expert contributors. The goal is to bring diverse experience to reusable operations code for software components that are very widely shared.

Shared apps, shared operators, shared security

-

This also creates the opportunity to conduct security reviews at a community level, bringing specialist perspectives to bear which would not normally be available to every project in every organisation.

+

A central shared repository of operators creates the opportunity for security reviews at a community level, bringing specialist perspectives which would not be available to every project in every organisation.

The benefits of an open source approach are well understood; expertise is pooled, costs are reduced, security fixes are provided faster. These same benefits apply to operators which are of course software packages, even though their purpose is to drive operations.

Open source operators get more reviews

When an operator is developed as proprietary code inside an organisation, the only code reviews of that operator will be done in the team responsible. Open source operators have many more opportunities for inspection and analysis, which increase the likelihood of identifying problems and generating solutions.

The Open Operator Manifesto, which shapes the work of the Open Operator Collection Community, requires source code for all operators to be available for such review.

Specialist expertise is shared

Security in particular is a subtle and challenging discipline. For every system in production there are many attack vectors that require different experience to analyse and address. This experience is both rare and expensive.

-

A good software architecture applies defense-in-depth strategies to mitigate the consequences of a security lapse in one part of the system, but it remains the case that a single mistake can undo all of the good work of many in providing an adversary with an entrypoint to integrated systems. Unlike performance or reliability in software, simply addressing the top priority issue does not fundamentally secure a system when there are many lower-priority problems; it is necessary to close all the gaps, and quickly, to be confident in the integrity of a production system.

+

A good software architecture applies defense-in-depth to mitigate the consequences of a security lapse in one part of the system, but it remains the case that a single mistake can undo all of the good work of many in providing an adversary with an entrypoint to integrated systems. Unlike performance or reliability in software, simply addressing the top priority issue does not fundamentally secure a system when there are many lower-priority problems; it is necessary to close all the gaps, and quickly, to be confident in the integrity of a production system.

A community can draw upon specialist perspectives to harden the entire stack for the benefit of all its members and users. From kernel configuration to MAC-based security policies, from cryptography and key management to network security, an open source operator is more likely to reflect the state of the art than any single-vendor effort.

Importantly, open source provides a level playing field for large and small organisations alike, both of which bring benefits to the community.

-

Rapid distribution of security fixes

+

Rapid distribution of security fixes

Security issues are not fixed when a patch is available, they are fixed when the patch is in production.

-

A critical characteristic of software delivery frameworks is the speed with which fixes move from being available to being in production. Many popular distribution mechanisms for software have a very poor track record of delivering fixes to production. Security research firm Snyk found systematic security problems in Helm charts for example.

+

A critical characteristic of software delivery frameworks is the speed with which fixes move from being available to being in production. Many popular distribution mechanisms for software have a poor track record of delivering fixes to production. Security research firm Snyk found systematic security problems in Helm charts for example.

The Juju operator lifecycle manager provides an efficient update distribution system. Progressive releases minimise the risk of a widespread update-related problem and increase user confidence in automated updates. As a result, many users choose to apply updates automatically, enhancing the security posture of the entire ecosystem.

CVEs for operators

-

It is important for institutions to audit and report on their systems security standing. The global community of practitioners have come to rely on CVEs as a framework for tracking systematic issues in shared applications.

-

The Open Operator Collection extends this idea to operator code. Security vulnerabilities in operators are treated with the same process of disclosure and fix distribution that applies to vendor applications and solutions.

+

It is important for institutions to audit and report on their systems security standing. The global security community relies on CVEs as a framework for tracking systematic issues in shared applications.

+

The Open Operator Collection extends this to operator code. Security vulnerabilities in operators are treated with the same process of disclosure and fix distribution as vendor applications and solutions.

In addition, because operators drive workload updates and upgrades, it becomes possible in principle to have operators provide the audit function, enabling a consistent view of CVE coverage in a complex containerised estate.

Compliance

Ensuring compliance is essential for large organisations, but difficult in a fast-moving devops world. Regulated entities face a growing list of hard requirements - FIPS, HIPAA, CIS. These specify precise requirements for machine and container behaviour, and carry significant penalties if not met.

-

Every organisation also has to meet internal standards for infrastructure and apps. When an application is being deployed widely off custom ops code, it is extremely difficult to ensure that every deployment meets expectations. Checklists and manuals depend on human judgment.

+

Every organisation also has to meet internal standards for infrastructure and apps. When an application is being deployed widely off custom ops code, it is extremely difficult to ensure that every deployment meets expectations. Checklists and manuals depend on fallible human judgment.

Operators greatly improve compliance consistency, audit and remediation.

-

Since an operator contains all the logic of service instantiation, upgrade, integration and configuration, it can enforce compliance consistency. The Juju OLM allows placement of operators on specific machines, or all machines in the model, for the specific purpose of enforcing compliance with infrastructure standards such as CIS or FIPS.

+

Since an operator contains all the logic of service instantiation, upgrade, integration and configuration, it can enforce compliance consistency. The Juju OLM allows placement of operators on specific machines, or all machines in the model, to enforce compliance with infrastructure standards such as CIS or FIPS.

Juju’s unique ability to compose operators efficiently means that investments in compliance for a particular operator are returned in every single application graph where that operator is used. Rather than develop overly complex operators for entire scenarios, composition gets the benefits of focus, simplicity and reuse at the level of individual software components.

Audit is improved because the Juju OLM supports actions on operators; reporting on specific compliance is thus codified in operator actions and can be invoked wherever a particular workload is deployed.

Remediation takes place through the standard process of operator updates; since operators are distributed through a reliable global distribution infrastructure, improvements flow quickly to production systems with appropriate enterprise control.

From c048a2d775e5b5fa3ee842448fd277860c5397c3 Mon Sep 17 00:00:00 2001 From: Anthony Dillon Date: Mon, 28 Sep 2020 17:11:15 +0100 Subject: [PATCH 6/6] Tidy up some links and ids --- templates/about/beyond-configuration-management.html | 2 +- templates/about/integration.html | 2 +- templates/index.html | 12 ++++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/templates/about/beyond-configuration-management.html b/templates/about/beyond-configuration-management.html index f876b2c0984..d257a925968 100644 --- a/templates/about/beyond-configuration-management.html +++ b/templates/about/beyond-configuration-management.html @@ -78,7 +78,7 @@

Open source principles and practices

An open source operator will not be perfect initially. It will likely handle just the situations that its original developer needed. But it serves to attract a community and contributors, each of whom bring new insights and perspectives and experience. Just as open source gains momentum and depth, an open source operator delivers better and better operations, until it is the world’s best expert in a package.

-

Consistent experience

+

Consistent experience

In order for operations to become simple despite the richness and diversity of software, we are required to integrate and run, the administration experience of diverse applications must become consistent.

diff --git a/templates/about/integration.html b/templates/about/integration.html index 8f158a222c2..2c686ea3e5e 100644 --- a/templates/about/integration.html +++ b/templates/about/integration.html @@ -35,7 +35,7 @@

“Do one thing and do it well”

A community process is extremely effective at surfacing the range of possibilities and requirements for operator composition, so the Open Operator Collection serves as a single venue for discussions between operator designers and their users. Since composition is the key ingredient of efficiency, it is more valuable to have those conversations in a central location than to fragment the discussion across many forums.

-

Integration with remote applications

+

Integration with remote applications

Typically, the entire scenario is captured in a single application graph in a single model. It is possible, however, for a large scenario to be split across several different models.

diff --git a/templates/index.html b/templates/index.html index 5ac457a61e0..ac197bce6dd 100644 --- a/templates/index.html +++ b/templates/index.html @@ -58,7 +58,7 @@

In production at

Clean, composable operators

Do one thing and do it well

- Juju operator integration allows us to keep each operator as simple as possible, then compose them to create rich application graph topologies that support complex scenarios with a simple, consistent experience and much less YAML. The UNIX philosophy of ‘doing one thing well’ applies to large-scale operations code too, and the benefits of clarity and reuse are exactly the same. Small is beautiful. + Juju operator integration allows us to keep each operator as simple as possible, then compose them to create rich application graph topologies that support complex scenarios with a simple, consistent experience and much less YAML. The UNIX philosophy of ‘doing one thing well’ applies to large-scale operations code too, and the benefits of clarity and reuse are exactly the same. Small is beautiful.

@@ -68,7 +68,7 @@

Clean, composable operators

K8s and legacy estate operators

-

Universal operators for K8s as well as traditional Linux and Windows apps on bare metal, VMWare and IAAS

+

Universal operators for K8s as well as traditional Linux and Windows apps on bare metal, VMWare and IAAS

Juju allows you to adopt the operator pattern for your entire estate, including legacy apps. Model-driven operations dramatically reduce maintenance and operations costs for traditional workloads without re-platforming to K8s. Once charmed, legacy apps become multi-cloud ready, too. The Juju Operator Lifecycle Manager (OLM) uniquely supports both container and machine-based apps, with seamless integration between them.

@@ -76,7 +76,7 @@

K8s and legacy estate operators

-
+

Reusable integration code

@@ -88,7 +88,7 @@

Reusable integration code

-
+

Multi-cloud operators

@@ -203,7 +203,7 @@

Pure Python operators

Windows operators

Create operators for Windows apps for cross-platform integration

- Full support for Windows applications enables consistent use of the operator pattern across the entire business IT estate. Windows operators integrate perfectly with remote applications on Kubernetes and public clouds thanks to Juju cross-model relations. + Full support for Windows applications enables consistent use of the operator pattern across the entire business IT estate. Windows operators integrate perfectly with remote applications on Kubernetes and public clouds thanks to Juju cross-model relations.

@@ -215,7 +215,7 @@

Windows operators

App-centric operations

Manage apps and services, not configuration files

- It’s not about configuration management, it’s about application management. Operators encapsulate applications to handle the details, especially in containers where config management doesn’t work. This allows organisations to onboard new applications faster, because they don’t need to train admins on the details of configuration for every new application. + It’s not about configuration management, it’s about application management. Operators encapsulate applications to handle the details, especially in containers where config management doesn’t work. This allows organisations to onboard new applications faster, because they don’t need to train admins on the details of configuration for every new application.