Rafay Systems
Overview of Rafay Systems
Edge Computing is driving a new class of high-value applications to deliver improved user experiences and business workflows closer to end-users and endpoints. Rafay’s Kubernetes Operations Platform simplifies the deployment, orchestration, and ongoing operations of containerized microservices across thousands of Kubernetes clusters at the edge. Rafay’s single cloud controller manages hundreds of clusters with ease while allowing software-defined isolation across any department, business group, or geography. The service operates at 99.99% uptime governed by an SLA and is SOC 2 Type 2 certified. A self-managed version is also available.
Application Name/Description
Kubernetes Operations Platform (KOP)
As enterprises modernize their applications, they are quickly realizing the significant increase in the cost and resources required to operationally manage Kubernetes clusters and application lifecycles, especially for edge applications. Rafay’s KOP enables companies to gain efficiencies from Kubernetes almost immediately, thus speeding digital transformation initiatives while keeping operating costs low. Teams can take advantage of the following platform services:
• Multi-Cluster Management: Enables the lifecycle management and blueprinting support for managed Kubernetes services, such as Amazon EKS and Azure AKS, as well as offerings such as Rancher and RedHat OpenShift.
• GitOps Service: Enables infrastructure orchestration and application deployment through multi-stage, git-triggered pipelines.
• Zero-Trust Access Service: Enables controlled, audited access for developers, SREs and automation systems to Kubernetes infrastructure, with just-in-time service account creation and user-level credential management.
• Kubernetes Policy Management Service: Enables policy management for clusters via the Open Policy Agent (OPA) framework for Kubernetes security and governance.
• Backup & Restore Service: Enables disaster recovery and migration of the Kubernetes control plane and application data.
• Visibility & Monitoring Service: Enables development, operations and security/governance teams to visualize and monitor modern apps and underlying Kubernetes infrastructure through dedicated dashboards.
• Network Policy Management Service: Ensure application isolation and reduce the lateral attack surface through configuration of network policies across clusters – fleet-wide.
• Service Mesh Service: Ensure cluster-wide/namespace policy configurations, provide visibility to traffic flows, and automate cert lifecycle management for mTLS.
• Cost Management Service: provide cost visibility and chargeback controls to help optimize spend.
Use Cases
Automation: Kubernetes is the de-facto standard for managing modern applications. Yesterday’s few clusters in a lab are now 10s of production, dev and test clusters – across clouds, on-prem & at the edge. That requires a very different solution. Rafay was built from day 1 with scalability, security, and interoperability in mind.
Security: Mission-critical clusters and applications running in production require the highest-level of security and control. Rafay delivers this out of the box across both Kubernetes clusters and the applications running on top of them.
Visibility: Rafay delivers comprehensive view and health monitoring of your Kubernetes infrastructure and modern applications across data centers, public clouds and remote/edge locations. WIth Rafay, enterprises team work together better to resolve issues fast, as much as 60% reduction in MTTR.
Governance: As infrastructure complexity grows it becomes increasingly difficult to ensure your infrastructure complies with enterprise policies and industry regulations. With Rafay, enterprises easily create repeatable and auditable workflows using approved templates for clusters and applications.
Pre Requisites (recommended system configuration/requirements to Install)
Depending on your setup, Rafay recommends one of the following:
1. Provisioned Intel-based Clusters into the Rafay Kubernetes Operations Platform. These are Kubernetes clusters that are provisioned and managed by the Controller on various types of infrastructure
• Upstream k8s On Bare Metal
• Upstream k8s On Virtual Machines (on vSphere, AWS, GCP, Azure etc)
• Managed Kubernetes Providers (EKS, AKS, etc)
The Controller has the ability to manage full lifecycle management of provisioned clusters.
2. Imported Intel Kubernetes Smart Edge Clusters. Kubernetes clusters that have already been provisioned can be imported into the Controller. Once imported, the controller will provide deep visibility and insight into all aspects of the Kubernetes cluster, deploy and manage workloads to the imported cluster.
With imported clusters, the lifecycle management (add/remove worker nodes, k8s upgrades, decommission etc) is the responsibility of the customer.
Assumptions
• A common form factor for a remote edge cluster is a single node, converged master/node system based on upstream Kubernetes cluster provisioned and managed by the controller.
• Node OS is based on Ubuntu Linux 18.04 LTS or similar.
• User has remote access with administrative privileges on the node OS powering the node.
• The remote edge cluster is based on the "minimal" cluster blueprint (ensures that only the minimal set of components are deployed on the remote cluster)
Architecture
The platform has been specifically designed such that customers can deploy and manage their clusters in both cloud and on-premise environments.
The Controller
The Controller is a management platform that customers use to manage both their Kubernetes clusters and their containerized applications. A separate interface is provided for Operations and Application Owners to ensure that there is clear separation of duties. The controller can be accessed via web console, CLE and REST APIS.
Deployment Options
Three Deployment options are supported for the Controller
1. SaaS (Multi Tenant, Managed)
2. Customer Premise (Managed, Single/Multi Tenant)
3. Customer Premise (Customer Managed, Single/Multi Tenant)
Kubernetes Management Operator
Every “Managed Kubernetes cluster” has a Kubernetes management Operator deployed into a dedicated namespace for ongoing operations and lifecycle management. This Kubernetes operator “dials Out” to the Controller and maintains a long running, TLS connection (mutually authenticated and encrypted).
Usage and Examples (Business Value examples/deployments)
Global Shipping Line utilized Rafay to accelerate their infrastructure modernization initiative across their large fleet.
• Workloads remain available despite intermittent connectivity
• Secure, zero-trust access to clusters.
• Automated provisioning of edge and public cloud clusters to reduce the time and resources required to deploy and manage applications
International Telco gained global visibility and administrative control to power cutting-“edge” applications at the edge of the network to deliver real-time customer experiences on modern applications with fast delivery speeds and lowered latency.
• full multi-tenancy & self-service capabilities.
• Scalability to handle thousands of customer accounts
• Highly automated cluster provisioning based on pre-packaged images optimized for uCPE hypervisor environments
• Easily operate and rapidly deploy applications across multi-cloud and edge environments
Additional Information
Rafay is designed to integrate seamlessly with managed Kubernetes services from Amazon (EKS), Microsoft (AKS) and Google (GKE), and also integrates with Kubernetes platforms such as RedHat OpenShift and VMware Tanzu. In fact, by layering these Kubernetes offerings with critical automation, security, visibility and governance features, Rafay makes these platforms operationally ready for consumption by enterprises. Kubernetes is a means to an end as it relates to container orchestration – with Rafay, enterprises are able to ensure the success of their application modernization initiatives, while controlling the spiraling costs associated with DIY Kubernetes management strategies