 Good morning. Good afternoon. Good evening wherever you're hailing from welcome to a very special open shift commons Episode today. Sorry Diane. I am Chris short executive producer of open shift TV. I am here with the one and only Diane Mueller Diane, what are we doing today? What's going on? Well today? It's it's interesting. We're about halfway through the year 2021 and it has been a very interesting year probably a very interesting year and a half and We've been hearing and having lots of open shift commons gatherings We've had three so far this year on one on data science one at kubcon and one just recently at summit part two and we had some amazing end user talks and Halfway through the year what we thought we would do is bring you some of the best of those to attempt you to watch the rest of them and tell you a little bit about the The role of end users in the commons and what the commons is and then sort of a Netflix bingey style watch some of these together and I just think some of these were Really amazing stories journeys to an open shift new workloads that I hadn't seen you'll hear some really interesting talks so I just wanted to really emphasize that These come from across multiple communities of people from different Market sectors whether they're telcos or banks or one of them is a the the first one you'll hear is from the Department of agricultural agriculture Fisheries and marine life in Ireland the version one talk, but lots of different folks and all of them are helping us Make connections with each other share stories that are helping Red Hat engineers and upstream project leads better understand what they need to put into the products and their projects that they're creating and Collaboration is happening all over the place and I that's really one of the things about this Community is that they've been really amazing at connecting Cross communities and some of these stories really Showcase that today, so we thought we'd grab a few of them play them for you play them with you and take your questions in the chat wherever you are and Basically, what we're trying to do is as always promote peer-to-peer interactions. And so here are some of your peers Sharing their end user stories their production use cases and workloads what they've integrated into their stacks because it's not all about open shift and You know, we do this in commons briefings at gatherings You do this in working groups and SIGs and in you know, CNCF tags We're always talking on Slack but here's an opportunity to kind of sit back relax enjoy the show and Here's some of these stories because really what all comes down to is commons Is really for end users and buy end users? Today if you haven't heard me rant before a lot of the model of open source is changing quite a bit There are a huge number of Open source projects that our end users customers have been pushing out and putting into The CNCF and other open source foundations. Yes the other day we heard A briefing on cruise control a project that LinkedIn has donated to the CNC to is put out as open source and GitHub You know, there's just a ton of things that are happening Besides the production use case. There's a lot of folks. You'll hear in the one on health OS from Anthem about Spiffy inspire and envoy and all of the other projects that they're participating in It's just been a very interesting first half of 2021 and We encourage you to join OpenShift commons share your stories and get introduced to your peers So today we're gonna kind of kick it off. We have I've picked a few of them some of these are my favorites And so you may have your other favorites. They're all mostly on YouTube the last Four are still in the Red Hat Summit session catalog and are available there on demand and They will get uploaded into YouTube eventually But we're gonna run through and so this first one that we're gonna talk about I just want to set it up a little bit This is version one, which is a Red Hat partner and Faleef O'Sassie is gonna talk a lot about version one has a really unique way of Working with their clients sort of a little bit like the open innovation labs at Red Hat But they also have this wonderful government agency that they've been working with in Ireland and helping farmers and other folks get and process grants and Doing it all using some text analytics and AI And making sure that it's all GDPR compliant. So I'm gonna kick off with that Ask any questions you want in the chat. I'll share all the links to things as we go along and at the end of this as well and just really Excited that you're here with me today to watch this together. So grab some popcorn and Let's get started Okay, so thanks anyone for making the time for joining this presentation today during this session I'm going to introduce you one of the application we have implemented for one of our customers The application makes use of text analytics and artificial intelligence to reduce the risk of GDPR Breaches, but before diving into that, let me introduce myself. My name is Philip O'Sassie I am a senior software engineer I've been working in the industry industry for quite a few years by now in companies like IBM Concentrics and obviously version one, which I joined in 2014 in my career. I covered a number of different roles dotnet web developers scrum master tech lead since 2019 when I joined the version one innovation labs where I am now one of the leaders Version one is an IT consultancy firm driving customer success through over 20 years of market leadership and innovation in AT services version one believes in modernizing innovating and accelerating our customers business transformation Our greatest strength is in balance in our efforts to keep growing in all the three sides of our strategic triangle The first side is customer success So making a real difference through long-term outcome focused relationships Then empower people selecting empowering and trusting people who are wired to deliver customer success And the third side is strong organization. So a high-performing financially strong organization of the highest integrity We believe that this is what makes a version one different and more importantly our customers agree On this slide some stats about version one The interesting thing I suppose is the quick growing rate on some of the Figures and I'm not gonna lie to you to create this deck I reuse some of the slides from a preview presentation and we run in October 2020 at this light at the time show Just over 1300 employees in just two quarters. We're already reaching 1.5 K I think that more than any other numbers this Demonstrates how version one is growing while committing to our core values Daphne is the Irish government department of agriculture food and the marine Daphne vision is to be an innovative and sustainable Agri-food sector operating to the highest standards Daphne is one of the oldest Version one customers and version one provides many teams dealing with the different Daphne schemes applications and more One of these teams is the BPS team BPS stands for a basic payment scheme BPS is the largest payment scheme run by the department and specifically the scheme is responsible for issuing grant funding to the value of 1.2 billions of euros to 120,000 farmers in lines with the European Union regulation The team handles application and payments of farmer grants through the BPS application Which is can be accessed through modern digital channels, which makes the customer journey easier with fewer administrative overhead In the last couple of years Daphne has invested heavily in the open shift container Platform this choice was primarily justified by one of the key strategic aims for the department To provide a capability for fast flexible application deployment and at the same time to be responsive to changing and emerging needs over time All of these while focusing on small products that can be designed quickly iterated and released often In particular the open shift container platform was a suitable choice for the project I'm sure three going to introduce you because there was real concern about using public cloud Services to scan and analyze documents which might contain a personally sensitive information the this solution reaffirmed the Department believes that the investment in the open shift platform would provide long-term strategic gains In line with the public service ICT strategy Daphne is focused on digital transformation Including both front-end and the back office transformation to deliver services for citizens businesses and the government From May 2018 the general data protection GDPR regulation came into effect requiring businesses to protect the personal data and Privacy of the European citizens for any transaction that occurs within the European member states In line with these requirements with this regulation one of the upon priority for transformation was to protect the personal data for not only the Daphne customers but also for the customers of the public service as a whole and in particular we considered the following use case And to receive to receive grant payments the farmers must upload various documentation through the department website These documents often contain personally sensitive information which might not be Indicated by the user There is a text box on the form and that indicates that the document contains PSIs if ticked Just that certainly levels of the staff can access the document However, very often the end users don't indicate the option Correctly and these leads to a situation whereby department staff reads a documentation to which they should not have access Another challenge of course when agents acting on behalf of the user sometime upload around documentation and these Lead to approximately 60 major GDPR breaches every year So whatever the source of the breeds both scenarios could lead to privacy violation and GDPR Breaches due to the staff accessing the document without a sufficient clearance These breaches require significant effort to address and they are obviously taken very seriously by Daphne The department wanted to understand how technology could be applied to assist and to answer this question Daphne version one on site team contacted the version one innovation labs The labs Is our value added service that version one provide to its customers to explore disruptive technologies a Couple of points to note here. So it's a version one customers That means that whatever we do we do it for the clients which are already within the version one customers base and for them we are a value added service So we are free of charge that doesn't mean though. We are free of cost indeed. We're expecting to use their data We're expecting to use their resources This will have particularly an impact on cost if we decided to go cloud We're expecting to interview their employees to better list their requirements We're expecting them to test the POV and the finally we're expecting at least one person from the customer side to play the role of the product owner and to Actively collaborate with us almost on a day-to-day basis to implement a proof of value The proof of value is the same thing of a of a proof of concept basically a fully working prototype We just apply the semantic switch to highlight that what we do actually bring values into the customers businesses So far we have implemented at least one POV in all the Technological areas as shown on the slide the only exception being the IOT some of those POVs were quite cool I remember one of the first one I work at when I joined the lab was Prove of value for a virtual reality application using Oculus Kits headset for the same customer We immediately implemented another POV this time Using augmented reality on an Android tablet just to show them the different experiences Both the POVs were very well accepted Received by the customers, but we understood that to push this forward to move this into production and to Provide the client with the wow factor they were looking for we simply didn't have the right capabilities within the company that's because these technologies are quite needs and to They require very advanced Graphical skills, especially 3d graphical skills, which are almost those required in the gaming industry So from 2020 we decided instead to focus on those Technological domains where a we got plenty of expertise within the company and be where we think that our Customers would have benefited the most and those domains are machine learning, artificial intelligence and robotic process automation The innovation engagement process with Daphne was exactly the same standard approach that any version one customer faces when engaged with the labs The process is the following. It's always start from ideation. So we are constantly Talking with our customers to understand if they are facing Business problems, which are not solvable by standard day-to-day technology when we identify one of those problems We start researching so we look for Academical or industry resources We run Brainstorming and design thinking sessions until we found a technology that could help solve in the problem at hand and When we identify such such technology we start experimenting with it when we're happy enough when we think we have found a potential solution We formalize it into an innovation canvas The canvas acts like a contract between us and the and the customer and the document contains information such as the problem we are trying to solve the proposed solution the people who will make the Development team A timeline and the matrix that will be used at the end of the project to determine its Success when all of this is agreed and the canvas is signed. We start with the actual implementation We are following an agile Iterative and incremental methodology called the scrum we take up to six bi-weekly sprints To implement the POV we won't do six for the sake of it if at the end of a sprint during the sprint review the customer agrees that we have Solved the problem under investigation We consider we have proven the value of the technology we got in touch with the rest of the First one delivery teams to define our roadmap for moving the POV Live so this is exactly the same process of staff and follow When engaging with us on this particular use case and the outcome the outcome of the whole process is smart text So using best-of-breed open source technology smart text provide text analytic capabilities To extract meaningful insights from unstructured data. So documents images PDFs, etc These insights are the features that are later used for artificial intelligence modeling to ultimately classify if the document contain or not personal sensitive information Obviously, this is just one of the many possible Applications my text could be used by many other scenarios and we will shortly see some example But for now, let me just dive a little bit more into the Components of the solution. The first one is the OCR of CR stands for optical character recognition and this component extracts the textual content from the instructor documents these Textual content is then utilized to derive useful metadata tributes from the other smart text components, which are sentiment analysis the topic modeling semantic or search Regular expression extraction and name entity recognition Each of these components is exposed as a separate API Ensuring those coupling and easy combination the API's use cutting edge open source libraries with With appropriate customization for these and other use cases as example of customization We are currently retraining the open source a machine learning model with specific set of documents for making the models domain specific The smart text solution in Daphne is deployed on-prem But all the components are deployed as containers to ensure portability of deployment across cloud to From a deployment perspective, we said it already Daphne made Significant investment in an on-prem open shift container platform As a consequence, we wanted that smart text utilize the power of the platform to demonstrate its value And that came out to be a great source as the open shift platform help us solving some of the issues that we could have faced otherwise For instance, the smart text solution was designed to take advantage of the Python Machine learning libraries, but this architecture was not supported in the Daphne infrastructure The open shift platform allowed for secure deployment and build of reddit published containers What would have been Would have been impossible. Otherwise given the available budget and time and likewise building our tests and production environment for the project would have normally been another large costs But this was easily overcome with open shift and he made streams The solution is currently live actually actively mitigating GDPR risk for farmers and agents Fragment potential errors during the documents upload these as enable the department to switch from a reactive to a proactive approach of identifying Data breaches and isolating them and preventing them from occurring This obviously reduces the administrative overhead and the lost business hours of the employees having to Resolve any potential breeds and obviously this also reduce reputational damage to Daphne The project Demonstrate that the department led the way in using cutting edge open source technology such as open shifts and natural language processing Libraries phone for what concern in the labs? We were able to demonstrate our credibility in the areas of text analytics and machine learning and artificial intelligence The smart solution is now a key piece of our smart action suite that we are developing We will shortly talk about the smart action suite here I just would like to say that as since we have implemented the solution We are having many conversation with our customers and smart tech storage generated really interested We immediately understood that creating an ability to extract Valuable insights and metadata from a structured document being them forms hundred and letters Images of document whatever would be hugely valuable behind the initial use case For instance for one of our customers in the UK We have been recently implementing a document summarization tool and the the goal of the tool is to provide key pieces of information from The end to the end users from a set of documents without the user having to read any of those documents at the core of this Solution there is more text. We have also recently demonstrated it to many other clients both in Ireland and in the in the UK Or in all we think that this project is an excellent demonstration of how open source technology could be Utilized and augmented to develop solution which which are comparable to the major cloud vendors indeed We'd be commissioned our report to compare smart tech solution with similar technologies from Azure and AWS and this report show that the performance from Smart techs are very much comparable to those of Microsoft computer vision and cognitive services on one side and AWS text threat and comprend on the other Within that fund the smart tech solution was the first application deployed on the open shift Container platform and as such it ironed out all the user technical challenges. We deploying onto a new platform I was not directly involved in the Original development, so I won't spend too much time here on the technical challenges and the subsequent learnings However talking with one of the main developers I found particularly interesting that one of the weakest point of the original implementation was the central role of the orchestrator components in the original architecture Because of the orchestrator that architecture was highly coupled Working through a set of well-defined steps to be executed together Being so the orchestrator needed to know everything about anything else making it the single point of failure That is the orchestrator goes down everything everything that goes down, too So we look we look at more modern architectural approaches at the end We went for a reactive base architecture which make the single components responsive to relevant changes in the data The benefit of these architecture are many most responsiveness resilience elasticity I previously mentioned the smart action suite so before concluding this presentation just please allow me to quickly introduce it to you Before we look at the standard innovation journey our customers are facing when engaging with the innovation labs The journey goes from ideation to the successful implementation of the of a pov However over time we noticed that many of our customers were facing similar problems So instead of reinventing the wheel all the time We have decided to start productizing over existing povs and build what we call the smart action suite This is a suite of components which could be used either either in isolation Or like lego bricks could be combined together in different numbers in order to build many solutions Which could apply to different use cases and scenarios some of the components like smart text and smart data capture Have already been developed developed the other will be implemented in the next Future the overall idea here is to provide our clients with a hyper automation set of apps Which empower their employees allowing them to take a better and more efficient decision in a shorter time In a nutshell the key components are shown on the slide We already talk about smart text. I will just introduce another couple of them One is mart f aq which is our smart bot providing organization with always on 24 7 service answering f aq's to customer queries smart data capture An app to support enterprise data capture requirements smart search a solution providing Intelligent documents search where a user can search for queries in conversational language and the right answer the right reference From the documents will be returned Smart automation best of real automation tools to develop hyper automation So with a combination of rpa and ai and finally smart process advisor, which is designed and designed to guide staff Through organizational processes advising them in step of the way And that was all I wanted to share with you today. I hope you find it interesting Thank you very much for your attention. If you have any question, you can enter it in the chat below Well, hello everybody and welcome back. I hope you enjoyed the talk. We just did with uh flipo sassy and um Now up next we have one of my favorite people joseph mires from rhodian shorts who has been a long time member of the Okay d the open source side of open shift working group And he gave a great talk at kubekan EU talking about Some of the benefits of working with the open source side of things As well as talking to his journey And rhodian shorts journey to running on azure On the azure platform and open shift so without too much further ado But a suggestion that if you're interested in Working with okd and working and joining the okd working group you can go to okd.io and join There and you'll find all the links to join the google group and we meet every tuesday at 1600 utc and We'd be thrilled to have you join But here let joseph tell you a little bit about His road to it may have been bumpy, but it was lots of fun to do it with together and collaborate with the rhodian shorts team. So Kick it off there Hello, my name is joseph. Maya. I'm an electronics engineer and cloud architect at the company rhodian schwarz some german unique located company I'm an okd user since 2018 together with my team And this is a story how we came from okd to open shift in three years We had started a digital transformation program in spring 2018 and the goal was to Get the skills in my company To build up digital business and one of the first goals was to create an mvp of a cloud product for a trade show that Happened in autumn 2018 that's only five months after the start of the program And this was very tough for us Because we had experience with stock up but not with kubernetes It was clear to us that we want to do that with kubernetes and The first task Was this mvp was to provide kubernetes clusters and two ones one on-premises for our developers Because we have the policy my company that no source code ever has to be available in the public cloud so we Created we had to create a cluster on-premises for our developers so they can access the source code and do builds or their artifacts And the second cluster should be in the public cloud So our customers can access them because we don't serve our software from our On-premises cluster to the internet. We have separate clusters for that That was the goal and the first task And the race started We had a few requirements for that um At least there were three very important ones. The first one was Don't pay any license fees for the kubernetes distribution because Yeah, we started with our digital business and we Didn't want to have a burden of the license fees on them and the motto was let the business grow first There was this the most important requirement in the beginning for us The second one was um, the system must be stable. That's obvious. Yeah, but we learned that it's not so easy to achieve Um, we must take and the distribution should take care about everything Uh That's yeah, you don't want to mess around normally with this networking with storage And a few more things. Yeah, we learned a lot about that. It's a hard way that it's not easy to maintain those things if you have to So, uh, yeah, and also if you look back, it's it's one of the biggest and most important requirements You should take into account if you choose kubernetes distribution also The third requirement was that we um, would like to have the same stack Um on premises and in the public cloud and the same user experience so That our developers don't have to switch around in their minds um with the usage of the tooling um independence of if they use the on premise cluster or the public um cloud cluster We wanted to have a look and feel that's the same everywhere Then we went into an evaluation phase Five months is very tough. So we rushed through that very fast First we tried the obvious. Uh, we used, uh, vanilla kubernetes to create our first clusters and had Take care about everything on our own storage networking usability was was disastrous in the beginning And so we gave up very soon. So that was not the way we wanted to work and together with our company Though we were searching for something Better So we tried out several community driven kubernetes distributions. I don't want to name them um But we had mixed experiences. We had problems with stability I remember One tool that had an automatic installer for clusters and every second installation failed Because of bugs User experience was not so good on the others So we were yeah, we had no good feeling that we are on the right track That was was a very tough time for us During the civilization phase It was it was a pure coincidence that we attended a sales presentation for open shift because open shift Violated our most important requirement that we don't wanted to spend money For our kubernetes cluster. You remember we did not want to have the burden of license fees on our digital business but Yeah, it it sounded very good what we heard here the salesman Did a very good job in this presentation and Yeah, he told us about That there is a free edition or community driven edition Of open shift called okt and this is something you never heard about during our research um, and Yeah, it was it was awesome because On the paper it was free. It was a turnkey solution Very similar or at least almost the same as open shift Regarding the features it Took care about storage network had a nice ui at that time And and great dev tools took care about builds Everything was integrated very good in the web ui. It was great for our developers We also got very very good feedback from them And the third one was set okd 3 we could we could install it everywhere On-premise on our vSphere Clusters and in the public cloud in azure. It was very easy to Had clusters running. We had lots of configuration options. We had Ansible Out of the box coming with okd that I did the installation And it was great. We tried it out We used it for our mvp in the end and Yeah, we successfully developed our mvp on the trade show running on okd And yeah management was very happy with us And it was a was a cool time. It was a very stressful But we learned lots of new things during this phase A year later in 2019. We delivered even more cloud products there and we were the heroes Because we enabled all of them with Yeah, it's a great distribution In 2019 everything was everything was cool This is okd. We were very happy. We didn't Regrets that we chose it Also in 2019 we improved and automated our cloud ecosystem because for the mvp we have taken lots of drug cuts and Workarounds because we were not so experienced with kubernetes And the next goal was to automate everything So we Bound lots of tools that helped us a lot in this phase Ansible we had experience with that before I found Terraform That's absolutely great tool for creating infrastructure on Yeah Different look. Yeah, there's different providers It's available for vSphere, Azure, AWS for everything You can imagine So we use Terraform to create the infrastructure and Ansible to Install and configure okd Then we created the icd pipelines. I liked a lot that OpenShift had great support for Jenkins Or has great support for Jenkins. Everything is tightly integrated in the web UI. That's nice And also we created Our first service self-service portal that's a tool running on our cluster that Provides our developer's simple wizards in a web user interface Where you fill out a few fields and get tasks done on the cluster like Detting up a CICD environment with Jenkins with the proper secrets everything Completely automatically set up people liked that And Yes, it was was very cool. We learned a lot in this at this time And in the beginning months we learned that The last release of okd 3 occurred on in autumn 2018 And no new version came came out at that time and OpenShift 4 in the beginning of 2019. I think OpenShift 4 was released But no okd 4 was available And all over the the completely year No okd 4 was inside And this was a problem for us because more and more tools did not work on okd 3 because OpenEats version. I think it was 1.11 Got a 2.0 for lots of tools and we had to wisely choose which tools we use CISA was manageable, but yeah, we were Waiting for something new for okd 4 and It did not come So we started to Yeah, learn what's blocking the release of okd 4 I myself was I tried an okd 4 alpha in november 2019 remember that because I had a colleague of mine He had was master of our dns server and He spent saturday evening Was saturday night together with me in a skype session to set up everything We need for okd 4. He helped me debugging the first steps And in the end it worked. I saw a web UI. I was so happy the I remember that this web UI was so much advanced over that we Already laughed with okd 3. It was so so much better and But it was not easy to get there. Yeah, I had to do lots of mental steps Hacking around in the os in the linux console To find problems why why the installation failed and it it was an alpha. It was okay and Yes, and it worked on vSphere. We're very good if it if it ran it ran very pretty good and I Dive deeper into development. I found this open shift Dev channel on slack And I also found out that there is an okd working group at first. I thought this is a closed club of redhead employees But learned very fast said everyone Who wants to help cannot tense this working group? So I did um and the goal was to To help what do my best what I can do To bring okd for life And yeah that what I did in 2020 I started helping with okd 4. So I created a few fixes for the installer for azure for example because azure At this time did not was not supported by okd at all um Because there were a few problems with fedora chorus that is used on in okd In comparison to redhead chorus that is used in open shift. There were a few problems with that Not no big ones, but this was my first attempt to create pull requests um to the okd 4 community GitHub reports and my first pr was so big because I also patched terraform code And it was far too far too big and body brood kowski one of the Main supporters of okd was Refusing it He he used some nice words. I don't remember don't remember. I was I was sad that it was Refused, but yeah, he told me it was too big. I understand that I created a much uh Smaller pr and this one was accepted then and azure was available for okd. Is this why are my first steps? I did lots of testing at that at that time. I built a upper homelab homelab at home with horizon pc and 16 cores. I never used them and To that level, but I want wanted to be sure that I am not blocked by anything I did lots lots of testing. I also organized a v-sphere license. There is a Some trial now. It's not a trial. It's um, it's called the mvr user group I don't remember exactly the the product name. It it's available for 150 euros It's very affordable and it did also that because I wanted to get okd for life And I reported lots of bucks Fixed several of them uh Not all bucks are so complicated to solve I found out And yes, so this was my Was the time where also our team learned much about the insights of okd4 and that we can use the mechanics To almost solve any Any task we wanted to achieve Um, yeah, it was it's it's a great great thing I also did something That may sound a little bit crazy, but I created a t-shirt Was the working group video meetings I always attended them regularly and The idea was to increase the release pressure And if everyone always sees this okd4 ga On my shirt It's what's not so It was more a funny idea And I promised to not change the shirt before the release has Been made But it took a few months Yeah, I have to admit that I changed the shirt In between I never told that to anybody Finally okd4 was released in july 2020 Was very great Because we had already prepared okd4 clusters On premises we installed everything and only were waiting for the for the ga signal Um a few months before I discovered auger cd That's a tool for githops and I found out that with okd4 It's very easy to configure things with githops Cause there are operators everywhere And you can use also custom resources That's a configuration method of operators With githops This is also great. Um, so you have everything in git no No scripts running once and Developers are changing configuration and nobody knows that Afterwards who has changed what? Because everything is in the cluster Git is a single source of truth. That's nice with auger and Especially in combination with okd4 We changed ourselves service portal to use githops part of that Um And also we migrated all on premises apps from okd3 to okd4 We had to change the routes and other few things Also dns name for okd4 contains I think A part that is called apps in the in the url That's a little bit annoying, but yeah, we had to change that for all our apps And in the end it worked Since july 2020 we upgraded okd4 on premises very often. It almost always worked great Um between open shift 4.6 and 4.7. There were a few hiccups Um, but we could always fix it or find workarounds together with the community around them Um Yes, since 2018 We attracted many of our developers to start a kubernetes journey and on Create a digital business on our kubernetes platform That's great. Um, I counted last week that we had onboarded More than 50 projects not only playgrounds But real projects on our okd clusters and it's available for more than 2000 developers in my company It's running running very stable and But we are using we are moving more and more business critical applications to our okd classes We have a big manufacturing A few manufacturing sites to be more precise that want also to use Kubernetes and the cloud services And that's why we decided to invest at this time in commercial support because we have Digital business running We have lots of interest in my company We have business critical applications and we always say that this should be the time To invest in commercial support And we did that A few weeks ago. We started creating an arrow Cluster that's the abbreviation for azure redhead open shift on azure for our public cloud cluster That's the customer facing one and on-premise We invested in an open shift or the there is also a What was the name of that ok e Open shift kubernetes engine. It's not okd. It's ok. Don't ask me Why say I sound things similar? ok is A version it's it's open shift In fact, you have support but not for everything and we Are not using all the features of open shift. It's a moment for all our environments and because of that we chose ok e for some clusters and open shift is then the full fledged version for the services we need full support and Yeah, for the moment, we are very happy with this decision and To conclude what I told you in this presentation. I Am absolutely thankful and to Yeah, to have okd during our journey. It helped us tremendously to launch our digital business in our opinion okd is a great door opener for open shift in enterprises because you can have open shift with zero risk And to start your digital business. Yeah, you have the same user experience um a few things are different regarding upgrades because in okd you only have um a rolling distribution This means that you if something is fixed it won't get Backports it's always going forward in open shift. You have several stable or fast channels um And yeah, but if you don't need that and for in the beginning you don't need that to be honest then It's a fair deal to don't pay any fees um And you have a full fledged a great kubernetes distribution and I can Yeah, congratulate a redhead for the decision to have a community version of open shift in the program Uh, because it's as I said, I think it's a epic door opener for their main product over shift I have to say thank you to everybody from the okd community and redhead who helped us in the last years that we came to this point And special thanks go to ladi mrutkovsky uh christian glombak and diane moeller they always were very helpful and Yeah, vadim especially vadim is It seems to be online 24 7 on slack and Without this guys, we would not have managed the first steps with okd 4 And thank you all This is our Yeah, this was our journey. It took us three years now. We are absolutely experienced in kubernetes. I can compile Some modules on my own we know the insights of okd and kubernetes very good We help in the community In several projects Thank you for watching and if you have questions i'm available in the chat and that's a wrap all right Well, I think I think that was um one of the the best um endorsements for participating in okd And in the working group and getting um your feet wet with open shift through the open source side of the And one of the the next talk um that we're delivering here is um An initiative that's coming out of anthem around health os And so there's um two folks bobby samuel from anthems and frederick kautz From sharecare now sharecare Just recently acquired doc ai Which is where bobby met frederick And this is a really interesting project because it incorporates so many upstream Other projects spiffy spire envoy Network service mesh just to name a few of them and they're going to tell you a bit about this initiative and how Anthem is going about bringing together all of its end users and its customers and partners um into this health os initiative so chris if you're ready queue it up and um, let's let's take a look at what's going on in at anthem With their health os initiative My name is bobby samuel and i've got frederick kautz here with me And we're going to talk to you today about um health os and enabling standards based healthcare interoperability Using cloud native and zero trust So first of all i'm bobby. Um, I work at anthem. I lead up the health os development as well as Precision insights frederick, would you like to introduce yourself? Hello, i'm frederick kautz. I am a director of software engineering at sharecare and i collaborate with bobby and anthem on zero trust and a variety of architectures and systems So the way we're going to walk through this today is we'll start with the business Case or the business challenge and then we'll we'll move into the technology And then be here to answer any questions. So first of all, you know, what's what's the challenge? What's the what's the point of all this so health os? um, it's something that we've created internally here within anthem and Payers are seen as the middleman pain point across the ecosystem and causing abrasion across various user segments Whether it's provider member or even to other payers But we also sit in position where we have the richest longitudinal view of data And that's whole health data about the person so health os Helps us operationalize our health health data to drive improved outcomes and reduce costs and Overall, you know increases efficiency. So we'll talk to you about how we do that But at the foundation of it all health os is a platform It's a hub whose primary emphasis is interoperability And then driving world-class experiences And uses machine learning An ai to drive insights and also actions So just to talk about the business architecture and how the pieces fit together um, the at the bottom, we've got the data layer and that data layer It focuses on integrations with the hrs It's got payer and clinical data and then our data about members Or our constituents Is based on fire or the fire standard? On top of that layer, and this is where we'll get into cloud native and zero trust but in in that space in the security layer In our platform layer, we've got a number of things that are running and happening So insights and action apps live here And are created here. We've got tool sets or ide's And tool sets to rapidly build validate and or deploy health apps And then this is where we'll talk about where we're implementing zero trust to do workload identity management And then on top of that we've got interaction layer. So the the cool thing about health os Is that or one of the many things about health os Is that whether It's a ui ux that health os manages or a ui ux that Someone else manages whether it's another ehr Or a homegrown app that we have Those all plug into and have the benefit of connecting back into all of these health apps And back into the place where we've got the the rich data stores So this is the ecosystem that we've been putting together with our client end point client application end points to connect as well as sdk our sdk is to build and rapidly deploy apps so in our ecosystem, what what's the What are we trying to do this for and at anthem? We have a number of partners. We work with we have a number of partners that we connect with and various lines of business But the big problem is is they're not connected Anthems connected to them, but they're not connected to each other And what this allows us to do is to connect all the apps to each other So health os allows us to connect to anthems data ocean It allows health apps insights and actions to run And connect all these different apps. So we bring our digital ecosystem together And we bring our emr systems together that we connect with as well as internal systems that exist within anthem All of these things working together focused on better outcome for the for the member And so let me like zoom back out into what's our ecosystem and Where zero trust kind of fits in so We've put health os in the center once again action Apps and inside apps. So an example of an inside app would be What benefits are covered by for bobby or does bobby have this in his formulary this This particular drug in his formula or treatment in his formulary an action could be Scheduling an appointment. It could be one click prescriptions or You know painless prior off one click prior authorizations And so those things run together and then using zero trust connections We connect to various clients like the desktop Or it could be and i'm going counterclockwise right now, but like the desktop It could be on a iml tooling that we've got running that we can make insights available third party health solutions And then even to clients like third party clients like telehealth os Which telehealth has seen a huge rise in popularity and usage due to the pandemic and then emr apps or Our apps that that do payment acceleration As well as just traditional emr platforms like in large hospital systems epic serner ethena health And all of these connected together working together Once again focused on our members health and improving the health of humanity And so what we'll do is we'll dive a bit more into How we're putting all of these things together on a cloud native zero trust foundation to deploy this ecosystem. So frederick, let me turn it to you Thank you, bobby So before we jump into zero trust, let's talk a little bit about some security basics Very often when you speak with a security or information security person You'll often hear about the cia triad. We actually look at four things now But the first three In the cia is is what traditionally people would look at those three Are confidentiality is the information protected against unauthorized viewing or access We look at integrity As the information been modified in a way that was unauthorized. How do we protect it from being modified? We also look at availability. Is the information available when you need it to be And there's a fourth thing that has been added in in more recent times called monrepudiation Which is how can you ensure that a entity that has performed a transaction cannot back out of that transaction? And there's multiple reasons for this which could include at the business layer. How do you prevent fraud? How do you how do you ensure that you can observe the system and know that that's what the state was likely to be It could also be based upon trying to make sure that uh That when you're looking at security systems that you know exactly who you're connecting with and that it hasn't been swapped out with With someone else. So in general, there's now four main categories that people tend to look at There's a couple others that people will bring in as well, but these are the the main four that that you tend to see so using this particular framework We then take a look at Uh, what are the business requirements? What is the what is it that we're trying to to protect? What is changed? So when we look at At the zero trust space and why it's important One of the things that we want to look at is what is what is the What are the previous assumptions that we've made? And what is the reality that we're seeing today? What is what has changed and the differences between that assumption and reality? Can be seen in the form of cyber attacks where people will perform data breaches We'll run ransomware analysis attacks Uh, burgeon identities or so on And the policies that we tend to apply in from a regulatory Or policy perspective may also end up ossifying some of those assumptions to end up And trenching those assumptions in such a way that they can be difficult to respond to so zero trust is about Realizing that we have these gaps And then building up a new framework that is more flexible In order to allow for response to these type of of conditions and to allow for Additional controls to be put in in such a way that it enables other organizations other parts of your organization your digital organization or Your developers to be able to make the changes necessary to meet your mission But at the same time still maintain that control to hit your confidentiality your integrity your availability and your non-recreation goals So what is zero trust? I I try to distill it down into a Into a small image and this is the simplest I was able to find in the very in in the top half of this You have perimeter defense, which is the common Gold standard that you see within many environments. That is where you have a trusted network In that network, you have your services if you need to connect to another network You may have a firewall that you put in between them in order to protect Entities in one network in from entities in another network But the problem is that if you end up in attack with an attacker in one of these networks Then there's a lot that they can do there a lot of damage that can that can be done In the zero trust model instead what we say is well, what if that network was not trusted? No, it's not implicitly trusted that doesn't mean the firewalls go away It doesn't mean that you're that you're not trying to protect the network But it means you're no longer saying this network is the implicit thing in which we base our trust So once you no longer trust your network Then you have to look at where you push the controls and the controls end up being at the services themselves so if you look at the Bottom half of this you can see every service when it connects to something else has some form of a of something resembling a firewall something that that is a control that That allows you to determine what you want to send over those links to those other to those other devices If an attacker enters into your network Again, that doesn't mean you're no longer at risk But it's yet another layer of security that you have that doesn't allow for implicit access to things simply because they're on the network So to build our zero trust framework We started with three main foundations. This is identity policy and automation Identity is what is it that identifies your service? What does it identify as your user or identifies your data? How do you know that what you're looking at is the thing that you are that you're looking for? How do you attest that identity? Policy is how do you develop the rules and apply those rules and enforce those rules across the across identity From the automation perspective is how do we take this from? Let's say you have a single system and you can put a person on that system to defend it When you say when you start to try to scale this out to a large number of systems hundreds of systems thousands of systems Tens of thousands of systems You need to have automation in place that is able to help you assign the identity and enforce the policy but also bring in things like observability so you can audit what's going on and to have controls over What the automation is capable of doing or what it's not able to do so it ends up being three intertwined primary pillars that That have to be put together in order to build a zero trust framework So we've been working on a reference implementation for this in a in the cloud native environment and We focus around three primary things. So if you notice I in the triangle I actually make them link up so you can see identity Uh, we're using spiffy inspire for policy. We're using open policy agent for automation We're relying heavily on things like network service mesh Now these aren't the only things in the infrastructure, but they're the representative of the type of things that we're trying to accomplish So We'll go over each of these and in more detail soon. We also build this on top of uh, kubernetes We build it on top of systems like open shift We build it. We we build in automation on the infrastructure side. We have get-offs style processes that we're bringing in And underpinning all of this you still need observability across the whole stack You still need patrol over the over the whole stack. So it ends up becoming this this model that That this particular thing represents that all works in coordination to deliver the infrastructure that is part of help us So what spiffy inspire are Is that they provide identities to your workloads? So most people are familiar with user identity. You put in your password You log into a online service You have that user identity In this scenario, we're looking at workload identities So every workload receives an x519 certificate This is the same type of certificate that when you log into your bank Your bank will use an x519 certificate to identify who it is. So we're relying on the same type of Primitives and principles in order to secure the workloads When the workload connects to another They use a new feature within tls that is available in tls 1.3 and presumably above as those are released And that is mutual tls Mutual tls is where your client is able to validate your server like you typically can from a web browser validating your bank But simultaneously the server is capable of Validating the identity of the client. So you have this two-way validation that occurs Within a trust domain. So we're able to Create these identities that live within a trust domain that allow them to establish their identities And these identities are constantly rotated out every hour they get rotated out and By default if you're using spiffing inspire And every time that you assign a new certificate you perform a Verifiable attestation and what we mean by that is that the system will last for an identity We will look at the properties of that system. You might have a tpm module that you're working with you might have a A identity document that is within aws or within gcp or other similar Systems that have some cryptographic material inside of them that help prove something about that system We are able to build our spiffy identities with attestation that is rooted in these cryptographic materials from from these type of systems This also has a very nice effect because since we're performing this mutual attestation and validation between systems In many scenarios it reduces or also eliminates the need for long-living bear tokens So in other words, you don't need to pass in a secret The fact you're connecting in with a specific identity is enough for the system to recognize What type of a system it is and what type of policies need to be applied? In terms of policy we're looking at things like open policy agent and open policy agent allows you to To consume the identities that are produced by a system like spiffy inspire And allows you to decide what is this system allowed to do? What is what are its capabilities that that it is able to fulfill and when when you When you create these particular systems or the properties we're looking for That let us open policy agent is it has to be something that's human readable has to be something that is That meets the the look and shape of common policy So in other words, you could have how do you classify data? How do you classify workloads? How can you say this system as phi and And create defaults that say don't allow them to connect the systems that don't have phi or vice versa And then from there we can carve out patterns that the system is allowed to perform in this example We took this from open policy agent orgs. It's one of their it's one of their examples. They have on their front web page And you can see a request that says head owners are allowed with a specific ID that is verified by the JWT Which is which is something that identifies the user cryptographically is allowed to receive information or is allowed to make a request Against against this api in a specific way if and only if the request Comes from like say this is in front of a database if and only if the request comes from a client that we That or a workload that we have identified So it gives us a lot of flexibility to define the exact type of shape and policies that That we want in a human readable way that also allows us to get this policy into get it allows us to To have code reviews on these policies to share them with With other stakeholders so we can get their opinions on whether this policy meets their requirements or not And it gives us that that change over time So we can see how the policy has changed when did it change because it's all checked into into get We also rely on a new technology called network service mesh Network service mesh is another cncf project that is looking to automate Low-level networking systems. So we're looking at if you're familiar with the osi model We're looking at layer two layer three. We're looking at frames in ethernet and ip and other similar level areas And what it does is it facilitates the underlay to services So typically when you're running in kubernetes, you'll often have multiple clusters. You want to connect together in some way And when you connect them the assumption is there's are there's already connectivity established between both systems What network service mesh allows you to do is to acknowledge that there may not be a connection That's there and you may need certain things in place in order to make that connection work So this allows the operator To say in order for this connection to occur I needed to have a firewall an intrusion detection system needs to go through a certain epn gateway a certain epn concentrator So network service mesh allows you to automate these processes through a cloud native api with native support from spiffy inspire and open policy agent And it provides you a cryptographic Non-reputation of that connection chain. So in other words in this example We have on the left health os app going through a specific epn gateway to a specific epn concentrator to a specific health app We can get the cryptographic identity of everything in between And see what is a system connecting through is it connecting through systems that we trust? Is it connecting through systems that That are required to do we have everything in here that we need in order to establish the connection by policy and enforce it on an ongoing basis Finally we look at to get ops and From a get ops perspective the workflow. This is more of a process side that is then committed in as a As a service so from the process you have a developer developer will make some form of a commit into the source code system like such as git Then the c i c d system your continuous integration system will See those changes that have been put into git and will then render them into your your test environments into your staging environment your production environment The every change goes through source through source control every change goes through git Which gives us that audit audit ability. It gives us that chain as to who made the who made the change We also have control from the qa side. So In fact through when you're looking at regulatory concerns in this space It's it's important that your developers are not allowed to push into production You have to have a separate group of people a separate team that is able to look at what changes are there And decide whether or not those changes should hit production So when you start looking at things that are pci compliance or HIPAA compliance Systems you tend to see this pattern quite common so that Uh, you don't have a single place or a single person who is able to push these type of things in So the qa team is then able to determine At what rate and when something is promoted from testing the staging or staging to to production A really great example of a system that you can use to achieve this in your own infrastructure is flux so highly recommended you go look at flux and give it a try it hooks up to github And gives you that initial path towards automating in in this style So with that I want to thank you all for joining us and learning a little bit about health os and zero trust You please consider that these are the type of technologies that we're using we're using open shift with kubernetes We're using spiffy inspire open policy agent network service mission envoy Please join these particular communities There's a lot of things that you can work on in those particular spaces And if you're interested in the type of things that we're working out Please reach out to either bobby or I and we'll help you navigate the the path Whether it's coming to work with us directly or whether it's trying to work in the same area in your own industry so please Please come and join us. Uh with that we have time for questions and thank you very much All right, I'm still autoplaying is it still autoplaying. Oh my goodness. Well, yes, of course because why would you follow settings? Yeah, well, you know, we'll figure out the little details here out and and I love um, this Last talk was about it was a lot focused on the health os and the healthcare industry and that And the next couple of talks Are two folks that I met Via another industry initiative albeit for telcos There was a project the enterprise neuro system initiative Which is being spearheaded by American mobile Verizon media ericsson research and a bunch of other folks along with some red hat support and out of that we decided to launch a Open ship comes gathering earlier this year on data science and two of the talks that came out of that were really cool Um, first of all There probably isn't a talk here that doesn't mention AI or ML So that's that's kind of the interesting thing But this one this first one by Ganesh Harith Um from Verizon media and if you don't know Verizon media a while back ago, um, they Acquired yahoo And so that's a lot of the folks from yahoo were doing some of this work as well So he's going to talk a little bit about that, but he's going to talk about building an edge intelligence Application and what it took to do that So there's lots of little pieces and parts in there and then followed on by a really cool talk by Paul McLaughlin from the same group of folks the enterprise neuro system initiative folks And that data science gathering and he's even going to throw in a little vr and ar into it. So Let's let's queue up this first one. Chris and see what Ganesh has to say and then follow it with Paul Awesome, we'll do fantastic to be here at the open shift commons gathering data science It's a it's a very very interesting era where we are starting to take A closer look at how data and AI is going to transform a lot of our experiences I'm Ganesh Harina. I'm with Verizon Verizon media I've been doing data and AI for a very long time over a decade closely And uh, an interesting paradigm shift that I started to see We were building platforms which were very heavily AI driven on the cloud And we're starting to see application demand where we have to start to move these capabilities onto the edge. So throughout the presentation, I'll be citing our experiences In terms of how we look at these applications, how we solve these applications Using frameworks platforms and so on But most importantly, I feel very very blessed to be part of this ecosystem where I am experiencing how The world would be transformed through AI for better experiences performance efficiencies Around healthcare and then so on And when you start to take a closer look at it, moving forward five ten years Robotic arm surgery is going to be very very normal And what that means is a doctor from New York can perform a surgery On a patient in Los Angeles. To me, this is fascinating And interestingly, when you take a closer look at what's required for all these things to happen Robotics is important A virtual reality is very important And artificial intelligence is the foundation for this capability And most importantly, we being part of telco 5g Would enable to converge these technologies to make This capability a reality In years to come But when we start to ground ourselves and then take a closer look at where we are today What we are trying to do with ML and AI Lot of applications that really required massive data on the cloud applying AI To understand various aspects of the network was one of the area that was very very focused On But looking forward industrial automation is a space where we are starting to Understand big capabilities and solutions To the right on the left Autonomous cars. I'm fascinated. There's a long way to go But the autonomous car today can look at the car in front But what needs to happen is to be able to really connect To 5g capabilities and apply AI to plan the entire route and that's in play as well And these are like fascinating changes that we all are living through And interestingly, the shift has been accelerated But the way how I summarize my experience Any application that we would actually touch field see Would be powered by AI, but it's also equally important that Aspects like AI bias should be taken into account when designing these applications Now To summarize how the application Shift has happening When you take a closer look at any machine learning application, I'm sure we all know There is an aspect of model training Which is very compute intensive and there is aspect of inferencing And in today's world very easily we deploy both training and inferencing on the cloud And have this ML AI experience directly from the cloud But if there is one shift that we are actually starting to see The demand of near real-time inferencing and now we are talking about inferencing in milliseconds We are talking about inferencing in milliseconds at massive scale You're talking hundreds and thousands of inferencing happen That needs to happen Within a very short duration In order to accommodate this We are starting to see a paradigm shape and that is moving the inference capability Very intelligently and seamlessly from the cloud to the closest location where the need is So some of the application If the inferencing is of the order of 10 to 25 millisecond That's just an estimate Then ideal you deploy these inferencing onto the CDN edge VVMG we have CDN edge in 160 location We are already in the process of enabling These CDN edge with intelligence through a platform called Leo which I would cite in a few minutes And most importantly there are a lot of applications which really need inferencing Near real-time at massive scale and most importantly highly reliable In order to accommodate the factor of high reliability And also the aspect of millisecond inferencing We have to start moving inferencing to a two-year box is what I call Now An important paradigm shift when we go back and start to understand Evolution of internet in the very very beginning it used to take fairly long For pages to download when we accessed yahoo.com from Sydney, but magically Capabilities like CDN Was enabled to cache content geographically in different locations And this technology happened Behind the scenes where a sudden change in human experience happened in terms of using the internet everybody started to have consistent experience Of internet and CDN is magic So today when we start to take a closer look at how we want to deploy applications Enabling the CDN edge to be able to deploy ML applications is very very critical And there's a transformation or change that's actually happening in this area as well Now What are the applications? That are really being discussed right now and why really we would need Inferencing to happen so near real-time and what what exactly is a big problem There is another very important paradigm shift that we all I'm sure started to notice Up till until now lot of ML applications were actually primarily driven by Signals from sensors. They're very two-dimensional. They're records And there are billions of records in fact the platforms that are team really operate Build applications being just 100 billion records every day, but It's very easy even to operationalize platforms Which can ingest and process 100 billion records because you have that luxury to be deployed on the cloud And most importantly the inferencing aspect is on a two-dimensional record And the shift is the video content from where we have to pick up intelligence Apply machine learning to surface inside and solve the problem That's another huge paradigm shift And it's no exaggeration when I take a closer look at a lot of applications that come our way When we are starting to work on majority of the applications are camera driven In space of factory automation And what we are seeing right now Is an example of factory automation where you have video cameras, which is Observing the assembly line And these feeds would be fed to platform like leo where you'd have applications Which can understand the video signals inference and alert if there are issues Alongside other Other sensory signals like temperature current and other things So so factory automation Is a space or area where we are continuing to invest a lot in building applications And I call it a 2u box. We have to deploy a 2u box. We need a platform like leo We need applications staying closer to the edge that way we have that reliability Both in terms of high volume inferencing And also ensure that it is seamless and it's actually working In a factory environment And 5G private definitely is going to play a big role to connect all these different sensors cameras and so on and route Signals and video streams to a platforms a centralized platform which can ingest And apply artificial intelligence and start to surface insights To improve efficiencies To avoid error near real time Without any material loss And this is an area we bryzen are starting to heavily invest I'm sure many of you know bryzen already has a company called skyward, which was acquired a few years ago They are into helping flight drones Now knowing bryzen has tens of thousands of cell towers Having technologies like drone and computer vision so on It's uh, it's very timely that we We start to build applications instead of people climbing on the cell tower to understand issues with the towers and connections and so on Flight drones to understand the Issues around those cell towers one It addresses a lot of safety issues too. It addresses Uh A lot of sorry, there's a lot of cost efficiencies Attributed as well and most importantly Uh with computer vision, you really see a lot of insights where you can take corrective actions near real time And we're continuing to invest and this is kind of a very vertical application today You solve it for cell tower cell towers. You can retrain it to monitor oil pipelines Buildings and bridges and then so on I personally am very very fascinated About the mission that we embarked on we are very very early on though There's a lot of learning here, but i'm sure In months to come we'll be able to operationalize products like what we are discussing right now And it really requires edge capability The video stream is coming near real time inferencing on the edge And then being able to provide surface insur sorry being able to surface insights to the person who's really conducting the survey Of the cell tower or an antenna Now, how can we how can we solve all these things? Efficiently is the term that I would actually like to use When we take a closer look at The next generation application pretty much every application would Have an aspect of machine learning attached to it But the very interesting difference between the application that are powered by machine learning and traditional applications Is the machine learning applications are not static. I can't say The release is complete. This is an awesome application. You guys go ahead and then use it We really have to start to monitor the model and have a process in place to really retrain the model To make it more meaningful relevant and accurate on the ground and that's a non-trivial problem And that's where we need to have an ecosystem That supports the next building and deployment of next generation application The ML based applications can't be transactional. I can't say I've deployed the application and I can't walk away I need to provide tools and capabilities Which can be used to ensure that these applications are meaningful over a period of time And that's very important on one side on the other hand Be able to distribute the workload the training workloads on the cloud and the inferencing workloads on the edge in simple terms I call the pink boxes and the blue boxes were deployed on the cloud Now eloquently we have to separate these pink boxes to the closest edge Which could be a cdn edge or a 2u box Which would empower you to build applications like A drone vertical inspection Applications like factory automation and then so on. So we are very heavily invested in operationalizing The capability of platform Which helps empowers us to build Edge application seamlessly. So what you're seeing is a very high level blueprint of the platform Leo Where the pink boxes are taken care as part of The model inferencing And application deployment and this application deployment has to be end to end We should be able to run ui. It has to be secured And this to me is a paradigm shift We all talk about a distributed infrastructure Now we are talking about a distributed application where The same drone inspection the same factory automation has to be deployed in multiple locations and in many cases It has to be integrated on the cloud to make it work very very seamlessly And It's a it's a it's a fascinating time Where the demand for infrastructure is changing the security posture is changing We just can't say we have an awesome cloud Infrastructure in multiple locations It's micro clouds and these micro clouds have to be connected to The parent cloud primarily because your application loads are distributed on the edge and on the cloud with seamless interconnect and what you're seeing Is a reflection of our view About year and a half ago and today what what you're seeing is real. So leo is a glue Between various technology infrastructures platforms Uh and integration between data Sensors and so on Which will enable and empower to build different applications like drone inspection factory automation Digital twin that has been operationalized for brison's own good within brison And i'm sure we all have our own strategies But uh i'm very excited and encouraged to share Uh the success that we are actually starting to see about uh understanding the needs of the edge platform And uh ironing out the capabilities that are actually needed on on on the edge Now in a nutshell when you take a closer look at leo you can build an end-to-end application on leo Which can ingest data Which can apply inferencing at massive scale on the edge And uh be able to uh deploy any machine learning model And most importantly this is container based So what that translates to is it can be deployed on any uh uh edge platform But as i was mentioning it's Very important to have a seamless interconnect to the cloud because It's just only portion of your application And a lot of the training needs to happen on the cloud and there could be compliance policies where you have to Purchase data on the cloud and this data has to be shipped onto the cloud for various reasons And uh most importantly a fascinating uh Approach of building models. This is called distributed model training Which can be consolidated on the cloud can be approached through platforms like leo Now at a very high level For us when you take a closer look at uh one of the capabilities that we would need on the edge Data management is super important be able to ingest data all forms of and kinds of data High throughput and so on and it should Empower us to build end-to-end applications with ui very secure and so on And most importantly the security posture has changed because you have a two u box Sitting somewhere physical security becomes important application security becomes important to you These things have to be factored in this which is beyond leo But we need to have a strategy to address all aspects of security And leo does address application security We would have to depend on edge enablement capabilities Like open shift as well in this case To ensure that it is seamless we can control or manage The container seamlessly on the edge And also provide a very secure environment to deploy edge applications and most importantly Have a strategy in place where you have components where you can deploy models seamlessly manage it monitor it And most importantly perform nearly all time analytics too And everything that I have said is part of leo. It's operationalized and we have been very very successfully been using within Verizon And interestingly though it's very very early leo has become the north star edge architecture For rise in media group as we speak Now to conclude We are starting to see New influx of application. I call this as next generation application And these applications each one of them would be powered by AI. There's no doubt They're poised to enhance human experience and efficiencies and health and safety and so on But the paradigm shift from the infrastructure perspective is We have to understand and identify the components that have to be moved Closer and closer to the edge. It could be a cdn edge or a 2u box Now I think with that the way how I would like to summarize a lot of the stories and experiences that I have explained It's it's a very very it's going to be very very interesting as we move forward primarily As you start to take a closer look at building ml and ai based applications uh It's complex We have to find ways to simplify this through a platform strategy We need to have strategy and partnerships in place where we have control on the edge and uh Technologies like open shift definitely will put us in a very very good situation To have a very controlled and manageable environment taking into account. It's very very distributed to And most importantly, how are we going to build test deploy? Keep the environment very agile that way it's adaptive adaptive too so So taking all these things into account we're very early on we have our own experiences very happy to learn your experiences to connecting offline and also I'm starting to look up to Consortiums like a neuro system. I'm I'm really excited and happy to be part of it And also I feel very blessed to be part of an ecosystem like this While we bring in what we know Primarily from experience perspective in terms of solving problems on the edge Building ml and ai applications for rise in rise in media and other enterprise customers that we are starting to work with We're here to learn As part of the ecosystem and become more and more efficient as we continue to build our next generation applications Which are envision would change a human experience? Which would improve efficiencies and also most importantly I am excited about the security posture improving security posture And also health and safety too. So with that I sincerely thank you all very much for this opportunity and look forward to sync up with you offline as part of consortiums and then we can take it from there most importantly stay safe I'm sure you're all going to have a fantastic and terrific 2021. Thank you All right then So next up Yeah, I'm right. I'm on right here Next up we have paul mcclellan from ericsson research who was also part of the data science gathering earlier this year and He's got he did actually the keynote for us. And so it's quite an interesting talk melding sustainability machine learning augmented reality vr and 5g So and and really one of the focuses paul has is really about doing using ai for good And I thought that was a great theme for this. So I'll let you cue that up chris and we'll move right right into that Got it. Good afternoon. I'm paul mcclellan. I'm a research and the screen is black fun We'll get there Oh, maybe not playing nice Did the youtube video itself Now it like obs wasn't able to see it So hang on while I try to open a new window with the video in it. We can get it to show up There we go. All right Sorry for the technical difficulties Good afternoon. I'm paul mcclellan. I'm a research leader and I'm part of ericsson research based in santa clara california Today i'm going to be talking about how ericsson is using ai to help address sustainability and climate change because We know that climate change is real and having devastating impacts now Humans have caused one degree centigrade of global warming above pre-industrial levels And nasa and noa stated that 2020 was the second hottest year on record globally Climate change is causing extreme weather events, which are the most visible effect of climate change But the frequency of extreme weather like wildfires Droughts hurricanes tornadoes thunderstorms is increasing in the united states and in 2019 Extreme weather cost 45 billion dollars in the united states alone This also has pretty important societal impacts because climate change damages hit low-income americans and the south artists and minorities and people of color They're a disproportionate share of the climate change burden The time to act is running out So what do we need to do the carbon law teaches us that emissions must be cut by half Every decade to reach net zero by 2050 So By 2030 the information and communication technology sector can have a massive impact towards that goal In 2020 54 gigatons, which is a billion tons of greenhouse gas emissions came from the ict sector So following in the carbon law to avoid catastrophe Emissions needed to have peaked last year And between 2030 the 2020 and 2030 We need to have a further 50 reduction in greenhouse gas emissions and for every decades following that until 2050 At the same time, we also have to invest in carbon sinks like forests to help capture some of the carbon we've already admitted Action is required right now. Otherwise, the longer we delay the bigger and faster reduction is required Digitalization though is an exponential technology, which will help us address this target even more quickly Ericsson research indicates that the ict sector can enable reductions in global and greenhouse gas emissions by 15% globally And this is based on existing ict technology More opportunities to go exceed that 15% will likely be enabled by technologies like 5g and machine learning and ai That ericsson is investing in heavily We see a particularly big impact on the energy industry and transportation sectors Which i'll be walking you through some examples as well as speaking to my own research on ar and vr and how that will help address greenhouse gas emissions But the main point is a decarbonization solutions exist exist today We don't need to wait for a silver bullet And the estimated financial benefit of low carbon is 26 trillion dollars by 2030 for reference so we have an incredible opportunity ahead of ourselves So ericsson is leading the way and we are reducing emissions and impact of our company's activities Our products and services and this also will have a dramatic impact on society And so our goal was to be carbon dioxide neutral by 2030 which speaks to our company's impact And this includes fleet vehicles and facilities that our goal is for 5g to be 10 times more efficient than 4g Which speaks to the impact of our products? because 30 percent of network OPEX today comes from energy consumption and 90 percent of mobile network operator emissions are from network power So for example, we are building a smart factory in lewisville, texas We are pursuing lead gold and lead zero carbon certifications And 90 percent of the materials for that factory will be diverted from landfill landfill We've installed 1600 solar modules and we produce over a million kilowatt hours annually, which is enough to power 93 us homes for a year We have water recapturing tanks so we can capture and reuse rainwater Which is enough for us to enough water for one us home for 133 days This is an example of how ericsson is actually investing to ensure that our products Are sustainable and helping us show how manufacturing can transition towards a low carbon future We also want to reduce the impact of digital networks So the ict sector's carbon footprint is estimated to be 1.4 percent of the global total One thing I really want to point out because I think it's remarkable and it shows how we are using technologies like AI today Is that emissions have remained constant while data traffic has quadrupled and the number of subscribers has increased by 30 percent And one of the main reasons for that is because we've seen big energy efficiency gains From technology shift from the technology shift from desktop and laptop to handheld But the ict sector has the carbonization solutions It can get us to they can help lead to a 50 percent energy reduction or emission reduction by 2030 So things like renewable electricity to power networks. The ict sector today is the largest purchaser of renewable power Mobile network efficiency where we can see ericsson's leadership role in innovation But we worry that energy consumption will increase dramatically if 5g is deployed Like 3g and 4g work So ericsson's technology leadership is breaking this energy curve Hardware modernization can drive up to 30 percent reduction in power with higher data throughput And software can drive up to 50 percent reduction in power with no impact to consumers This allows operators to decouple mobile data traffic growth from energy consumption and carbon emissions We're also transforming transportation So transportation emissions constitute 60 percent of the global total or 8.6 gigatons of co2 per year Commercial transport powered by renewable electricity is critical for decarbonization And a robust 5g innovation platform will be required for this future for further development of this technology A fully built out 5g network will be required to operate autonomous vehicles at a massive scale So the challenge is how do how do we provide affordable and safe transportation and reduce greenhouse gas emissions? And an example of solution of this is ericsson a swedish startup called einreid and swedish mobile operator telia created an electric and autonomous transportation system that is safer and more sustainable And the impact is that einreid says electric vehicles powered by renewable renewables reduce carbon emissions of the logistics and work by up to 90 percent Autonomous driverless commercial vehicles also have less downtime, more reliability and lower total cost of ownership, and will also lead to better air quality So how does 5g fit him? 5g enables higher speeds, lower latency and increased reliability for the network and capacity We also think the digital divide is a critical component to sustainability as well Because the digital divide is most pronounced and rural and minority communities 5g and the United States 37 percent of rural students lack adequate connectivity and this has a really critical impact as schools are closed during the Covid-19 pandemic So if you lack connectivity, you cannot attend e-learning And according to Deloitte, the digital divide currently costs the United States economy $130 million a day So as an example of how Ericsson is tackling this problem, the Rutland City public school system partnered with Vermont telephone and Ericsson and we installed next generation 4g and 5g wireless radios and antennas in fewer than 10 days So Vermont telephone delivered modems and routers which connected students to e-learning Rutland City public schools delivered Google Chromebooks that have wireless connectivity and this happened in not in weeks or months, but in less than 10 days And homes in Rutland now have wireless speeds well above 100 megabits per second, which enables students now to access world-class education and e-learning opportunities And Ericsson is committed to this globally, so we are partnering with UNICEF to make this possible globally for students around the world to really bridge that digital divide We also think that 5g will help enable a transition to renewables So the United Nations says that by 2050, 80 percent of all the world's power needs to come from renewables and this will help us get to that decarbonization that is critical for climate action So the challenge for renewables to scale up is that there's a large number of power generators, multiple solar panels and wind farms, and bi-directional energy distribution Our souls and purchase from a grid is needed and we have fluctuations in power generation because renewables can sometimes be unpredictable, there may not be wind one day So the solution to this problem is SMART grids More renewables means the distribution system operators need total control of power distribution networks And distribution system operators need to respond rapidly to balance power production and load to avoid outages So the role of 5g is that distribution system operators see digitalization and connectivity as he enablers in transition to renewable power Distribution system operators recognize cellular connectivity, offers lower CAPEX compared to cabling for grid communications And real-time power system management requires low latency communication connection And we can reduce interruptions by up to 75 percent with ICT compared to today's level according to a Swedish distribution system operator Digitalization is also critical for the industrial sector So the industrial sector currently accounts for 32 percent of global greenhouse gas emissions And the challenge to decarbonizing this is that the industrial sector needs to be consumer demand while cutting emissions by 50 percent by 2030 So business as usual is not sustainable and we have to transition from linear to circular business models, which is what we think of as industry 4.0 And the role of connectivity and industrial process optimization is vast So by 2024 5g will cover 65 percent of the global population and there will be 4.1 or we believe there will be 4.1 billion cellular IoT connections And so that ubiquitous connectivity enables real-time measurement and real-time AI of industrial processes on a massive scale The exponential roadmap shows up to 20 percent reduction in annual energy intensity is possible by real-time monitoring of processes, things like AI and energy use And the AI itself will help us get to continual optimization of processes So Ericsson is using connectivity in our smart factories today in Tallinn, Estonia and in the United States to implement use cases to increase efficiency and reduce our own carbon emissions So we're showing how this can be done today But the role of connectivity is really critical in enabling this circular economy because it increases the lifetime of products and enables reuse For example, 60 to 75 percent of energy can be saved by using recycled instead of new steel and material reuse needs to grow Digitalization can track materials and products from manufacturing and reducing waste by asset tracking can really help during logistics as well So I want to pivot and talk about some of my own research because I was speaking to you a lot about how Ericsson sees tackling this challenge across the industry Across all the industries we partner with and how connectivity plays a role But the team I work on works on augmented and virtual reality, which are technologies that will help bring full experiences to people And we are thinking of this as it relates to carbon emissions, the sustainability And I'll give you an example Air travel today contributes to 2.5 percent of global CO2 emissions And just a single round trip flight between New York and London produces 0.67 tons of carbon dioxide per passenger While a lot of travel is incredibly important, it's something I personally love because I love to have the sense of being in a place Where you can just smell the taste, the sounds of the food, the sounds of the environment But a lot of travel today is to take a tour of a factory or look at a demo of a product or shake a person's hand to conclude a business meeting But what if I told you that we are working towards a vision using AI, 5G and a lot of critical hardware research To enable people to have that same tactile experience from their own home Let me show you a video about that. I get goosebumps every time I see that video So our vision at Ericsson Research is that by 2025 we will be able to have advanced technology that will allow people to have full 5 sensory immersive experiences across a mobile network And we think our vision by 2030 is for people to be able to share things such as memories or thoughts using brain computer interfaces One of the critical challenges that we are trying to solve using AI is spatial computing So for us to have interactive content and experiences, we have to use AI to understand the physical environment around the user and the objects in those environments And that means creating things like spatial maps and environmental understanding, but also enriching those spatial maps with semantic information So not only do we know where an object is located or where buildings are located, we also know what types of objects they are, what the relationship the end user has with those objects And this will really enable us to create that full 5 sensory content and experience Because once we have that information, we can then generate overlays And so these overlays are critical uses for AR and VR So here as an example is what you might see through your headset when you go to pick up your rental car in the future So in order to place this overlay on top of your rental car with your return date, the price per day and the like, we have to understand the object We have to understand the environment We have to do this incredibly rapidly because users can experience what we call virtual reality motion sickness if there is any delay greater than about 40 to 50 milliseconds So this means we have to process data, transmit it across a network or on the device itself and get a response within less time than it takes you to blink So that's one of the key and critical challenges that we are working on in my team and why we're excited for the latency for 5G Because that content placement is extraordinarily computationally complex And we worry that people will not have the same quality of experience unless we can have that computation at the edge But also to have the speed and latency for the algorithms, for the network So that all the overlays, the content, the entertainment that you see through your AR and VR headsets are correctly placed and are personalized for you This is a challenge though because it also requires AI, it requires mobile network, it also requires headsets And XR headsets or AR and VR headsets today are evolving rapidly So today there aren't any commercially available headsets that have embedded 5G chips inside of them So that means that headsets and these experiences are not fully mobile yet if you'll forgive the pun AR and VR headsets cannot, without 5G chips, cannot push connectivity and data processing over the network unless they're connected to Wi-Fi So in that example I just showed you in the car rental pickup garage, the challenge will really be that without 5G or network connectivity We may not be able to get to calculate that overlay unless you're connected to Wi-Fi Once we have 5G chips inside of the headsets, people will be able to take this level of computation and interactivity with them wherever they go And we also think that not only will 5G help address the mobility aspect, it solves a lot of the technical problems or it addresses a lot of the technical problems that are inherent in spatial computing So for example, one millisecond end-to-end latency is the standard for 5G And that dramatically reduced latency means that headsets can work with real-time data So that means as objects or the environment changes in the end-user's field of view, we can track objects, we can correctly track overlays So that content and overlays in XR move with the environment and move with the end-user And 20 gigabits per second downspeed, 10 gigabits per second upspeed means we may not have to compress content or video as much So not only will you have content that reacts in real-time, it will look real as well because we may not have to compress it as significantly This will also really help with spatial computing because it will improve the accuracy and precision of environmental understanding algorithms like simultaneous localization and mapping We also are really excited about the possibilities of edge computing for spatial computing So pushing data processing to the edge of the network really will enable rich experiences and immersive experiences that are mobile as well And with edge computing, one millisecond data travels at the speed of light, so one millisecond means that an edge computing facility can be located upwards of 50 miles from the end-user But we're also working to be able to think of how to make smaller edge facilities that can be located even closer to the end-user Which will really help us address that latency challenge for machine learning and AI So if we can, for example, think about how to distribute where data is processed, that will really help us reach that latency ceiling that is critical for quality of experience for AR and VR And that 5G really means that the headsets and the form factors we will see are evolving rapidly So if we can offload computing into the edge of the network or across the network, it means we can see, and we are starting to see, smaller headsets that have a physical form factor that is lighter and smaller in size Once 5G radios are inside of these headsets, we'll be able to process and experience AR and VR content outside of the home that updates in real time with that incredible latency from 5G in the speed Once we push processing into the edge of the network as well, we'll see longer battery life, or we believe we will see longer battery life Because we will probably need fewer chips on the actual headsets, we don't need to have ASICs that you consume quite a lot of battery So we will see people be able to wear their headsets all day long like they use their cell phone today And the key piece I think is the most exciting for me is around collaboration Because without connectivity, without 5G, and frankly without AI as well, people can't have a really difficult time collaborating If we wanted to have a business meeting in person or look at a product demo together, it will be a challenge to make sure that we are seeing the same thing at the same time and to interact with it So we can change things and collaborate together, play games together, watch entertainment together That's what the latency from 5G and the mobile network connectivity will enable is that collaboration And just to give you a couple of examples, this is the Lenovo A3 These are headsets that are commercially available today, and we're already starting to see a dramatic change in the physical form factors And this isn't Unreal, so we are seeing headsets for AR and VR that are starting to look a lot like the glasses I'm wearing today And that's our vision for how our vision is that the Internet of Senses is coming And our vision as I said is for this to have the technology in place by 2025 to enable full sensory Internet and connectivity And so as you can see in this image, we may tackle sustainability by removing the need to travel and meet in person So here we see a person having a business meeting with someone with a hologram And because of the placement, because of the connectivity and latency from 5G, that hologram is able to travel with the person You can share a secret and whisper and you can shake that hologram's hand and feel the weight of their hand So I really want to thank you for your time for listening to me The message I really want to impart you with is that climate change is real, it is critical that we address it And every day that we wait, the problem gets a little bit harder to solve But by solving climate change, like Ericsson takes very seriously, it's not a solution or it's not a problem that has no solutions Using existing technology, we can already get 15% reduction in greenhouse gases And we at Ericsson think we can go even further than that and we are really excited to be on this journey with you Thanks so much and I'm looking forward to your questions Well alright, and I love that and that means I'm going to probably have to upgrade my Oculus Rift yet again to get the internet of senses there And to get VR with sensory things, mostly I feel sensory deprived right now when I'm in my VR headset stuff Are you one of the unfortunate people that gets like seasick? Well he did mention that little bit of a lag time and when you get that lag time you definitely do it The only time I ever do it is when we are using the Google Earth app in VR That'll do it Nausea because you're flying over stuff and there's one game, I can't think of it but that gives me that But it's really interesting to listen to because that talk really didn't go deep diving into what the infrastructure was underneath it The Kubernetes or the OpenShifter But for me what's interesting it keeps running through is all the AI and ML workloads that are running on OpenShift And the thread of how people are leveraging the Red Hat technologies that we're enabling So that's really cool and the next talk that we're queuing up came from the most recent Red Hat Summit Part 2 in June And Isabank which is out of Turkey did a wonderful talk about enabling GPU usage for machine learning with OpenShift And also talked about their storage stuff But one I wanted to give a huge shout out for them because they went to massive lengths to record this talk during COVID epidemics and everything else And I really appreciate that And I think it might be the first time that they were on stage anywhere at Red Hat as well, the Isabank folks So really cool, they talk about AI and ML, some big data, data management, analytics And they had already been doing a lot with CI CD pipelines and using lots of third party products But this talk really talks about how they brought all that together And I'm not going to steal their thunder but I'm going to let you queue it up Chris Then we'll have one more talk after this because I think we're running up to our time limit at noon And then we'll queue up the remainders at a later date So thanks everybody for hanging in with us today Well we figured out this platform and how to use it properly for all this stuff So thanks again, there you go Chris Hello everybody, in this session together with my colleagues We would like to summarize how we enable GPU usage for machine learning on top of OpenShift and have the storage infrastructure My name is Yener, I am responsible for container and Qvarnist platform in Nishbank I will give some brief information about our OpenShift and Qvarnist journey But first let me give some brief information about Nishbank Nishbank is the largest private bank in Turkey We have 20 million customers, 1,250 branches and approximately 25,000 employees in Turkey For IT department we have 550 employees, for data management team we have 200 employees And for software development teams we have 1,400 employees In IT systems we handle 200,000 transactions per day More than 85% of these transactions are coming from mobile applications We are operating 900 applications and 10,000 VMs in IT infrastructure And right now we have accumulated 13 petabytes of active data In 2017 we have migrated to our new data center which is named as Atlas Atlas is recognized as the first and only data center in Turkey With the highest resolution level tier 4 operations goal Then we have created a secondary data center in Ankara for both active work flows and disaster recovery purposes Our container and orchestration journey started in late 2017 We have created an initiative named as Koly There were members from 10 different teams from both IT and development teams In the meantime, Kubernetes has become the default standard of orchestration With this team we have studied most of the CNCF Kubernetes distributions And for the best three candidates we have concluded our POCs At the end of these POC studies, OpenShift was selected as our orchestration platform We have installed version 3.11 and integrated this version 3.11 OpenShift With our existing DevOps toolchain For DevOps toolchain, we are using other DevOps, Zebria Labs, Release and Deploy products Sonata Nexus, Elastic Steak and our custom in-house build architecture tools Named Faber and Geno and in-house monitoring and other systems And after that, we have purchased essential tools like Tislak, Cluster and Seve For OpenShift version 4, we have obtained OpenShift Cluster storage as our storage solution In January of this year, we started studying with OpenShift version 4 We used Bayer Metal installation with restricted network In both version 3 and version 4, we are using Bayer Metal servers for AI and machine learning work Work flows and virtual machines for other work flows For OpenShift version 4 migration, Red Hat offered CSA engagement CSA means class success architect We have been working with the CSA team for about two months For preparing our version 4 clusters for production and for also migration We are happy with the CSA team and with their work We started the actual migration process at the beginning of May We use our DevOps pipeline for migration and migrating applications one by one At the time of the recording, we have completed 15% of project migration And at last, this slide shows what we have gained from OpenShift Self-service provisioning of computer storage and network components saved us a lot of time Before OpenShift, it was taking days or weeks to get the required components But now it takes seconds to deploy all of the application components And second, it was very easy to integrate with our custom DevOps tools And third, our application development speed and deployments increased by 15% to 20% And at last, OpenShift provided us secure environments by default And from the following slides, my colleague Suha will give brief information about self-storage infrastructure My name is Suha Olnokuzmaiz I am responsible for the storage backup, server and virtualization infrastructure within the bank So today, I would like to summarize the Reddit self-storage and OpenShift container storage And how we utilize these products within the bank So before jumping into technical details of the self-infrastructure I would like to give brief information about the business requirements So the main requirement for us is the S3 endpoint So S3 protocol is an Amazon protocol Which is kind of a de facto standard nowadays And not only the public cloud, but also the on-premise private cloud environments also requires S3 endpoint And the second biggest requirement from us for the OpenShift platforms Like my colleague Yener mentioned, the OpenShift container platforms Utilizes OpenShift container storage for OpenShift person volume needs And the third requirement was the multi-site configuration So all the data, all the objects which is written into self Is replicated bidirectionally between two sites And also the storage infrastructure needs to be redundant, available and sustainable all the time You don't have a chance to put the storage infrastructure down And provide the maintenance during that So self is redundant, available and sustainable all the time Which allows you to do such maintenance jobs And the other requirement was the bucket notification So as of today, SEF allows you to use AMQP Advanced Messaging Queuing Protocol HTTP endpoint and Kafka for bucket notification I will get into the details for that And auditing, so whenever or whoever accesses the objects within the SEF storage environment You need to audit all these access requirements Last but not least is the bucket lifecycle management So you need to tear down or tear up all the objects within the cluster So that you will manage the costs and you will manage the performance in a required way So these are the main business requirements for us to put object storage And software defined storage within the bank So just after the business requirements, I would like to summarize the SEF architecture on each site This is a brief summary of the topology So we have, as my colleague mentioned about it, we have two data centers and two sites So for the tier four data center, we are using three different rooms And we are replicating the data in a 3x replication factor for each object So within these rooms, thanks to Crash Hierarchy, we have placed all the servers Which consist of the OpenShift Container Storage With a different rack on each room And you will see all the services which is running on top of those And all the services like Mons, Managers and MDS Demons are running containerized by the way And they are all running on a Docker containers on top of these servers And you will see public and cluster network So just after we have introduced the SSD disks within the cluster The public and cluster network utilization really increased in a very high fashion You need to keep an eye on those because the cluster network which distributes data across all these nodes Is heavily utilized just after we introduced the SSDs And we are using Jumbo Frames by the way, which is quite critical for us The message transfer units they have to use is 9000 as of today Which gives us additional performance benefits As I mentioned, this is the architecture for each site And since we have two data centers, we have an identical self-cluster installations on each site I would like to mention about the backend architecture as well So we have two different domain names Which is running just under the F5 load balancers Primarily, the red one is serving the internal requirements Where the applications needs to access or write or retrieve the data within the self-storage Is accessing the cluster from a different namespace And the green one which you will see is for applications Which needs to access the self-storage from outside of the bank So these two namespaces are behind different F5 load balancers So in total, we have 40 RADOS gateways So all the RADOS gateways are diversified So that for different type of workloads, we'll use different type of RADOS gateways We isolated all these requirements So in summary, this is the backend architecture Where we are accessing the self-clusters and objects just underneath the cluster So in summary, we have approximately 1.5 petabytes of raw capacity And approximately 430 terabytes of this is SSD And 1.1 petabyte of is SATA drives So we are managing this within two regions As I mentioned, two different data centers located in two different cities Within six rooms, 18 commodity servers with 432 OSDs Excluding the block DBs or SSDs Which is working for the blue store And all RADOS gateways are containerized So multi-site DMZ and production RADOS gateways are running by their own Which serves two different workload needs And in total within the cluster, we are managing more than 400 million objects Within 15 pools and approximately 4,000 placement groups And with three crash rules With the help of this crash rule, as we discussed We are using them for bucket lifecycle management And so that you can create custom rules to move objects across different pools In order to have the cost benefit out of it So I would like to give you some brief information about the use cases So we have integrated the OpenShift Container Storage With OpenShift Container Platform And where this container storage is being utilized by eight different OpenShift clusters We have conducted many POCs just before choosing OpenShift Container Storage And as well as we tried the vendors that we already used within the bank By using the Container Storage Interface But finally we decided to go with OpenShift Container Storage Since we are using SEF and OpenShift Container Platform We are using it in an external mode The reason why we are using it this way is We have many OpenShift clusters And if you do not use that and use it in an internal mode with hyperconverge mode You need to maintain and manage, for example, eight different OpenShift Container Storage installations And with the external mode you are only using the operator To communicate with the external and outside container storage And all the person volume claims are being done with the OpenShift Container Storage And we are also using the metadata server Read write once and read write many storage classes for different type of workloads So the next use case is the notification application So we have a mobile banking application As my colleague Yanar mentioned about it Approximately 85% of the transactions is coming through this mobile banking application And whenever a customer gets a new notification about You have a new document, kind of a document like a bank deposit or credit card deposit as well So once they would like to access that document They are going accessing and getting the token from the authentication server Which is read at SSO for identity provider And once they get the token, they are coming to self storage Thanks to, by the way, secure token service here Which is the same name with Amazon as well And self is offline by offline validation Self is able to validate the token And if it is valid, it creates temporary credentials to access that particular object And by the help of this integration, the client and the customer is able to access its document In a safe manner, in a secure manner The second use case that I would like to mention is the access management and auditing For the self object storage cluster So any user which has the access key and secret key For that user which consists of all the objects underneath is able to access the document So this is not a secure way of accessing the documents We are planning, we have integrated such a workflow To gain an access to users that needs to access the objects within the object storage cluster So whenever a user tries to access the document They are going and trying to get the token from the identity provider So identity provider which is read at SSO The upstream key clock, the upstream name is key clock Is integrated with the internal active directory of the bank And if they are part of that active directory group They are able to create a new token for that particular need From the created realm which is within the read at SSO And once they get the token, they are going and authenticating with the self storage And creating a session policy and role name with the duration In order to put or get whatever action they need from the self object storage And just for that purpose, again secure token service Is offline validating the token and creating If it's a valid token creating temporary credentials And by that credential the user is able to access its documents So the other use case that I would like to mention is the monitoring and alerting So SEF is in a really critical part of our DevOps pipeline And you need to monitor really critical applications that are running on top of this And we need to monitor and create alerts out of this SEF storage cluster And we are using the embedded Prometheus engine for that And we are creating dashboards out of this Prometheus data Which is coming from the Prometheus engine And as well as all the alerting is managed by the Prometheus alert manager And we have integrated the Prometheus alert manager With our internal ticketing system And all the error level alerts creates a critical ticket to the monitoring team Like whenever a node gets down or slow operations is just introduced Or any scrub errors we are getting alerts and creating tickets out of that And the final use case that I would like to mention is the artificial intelligence use cases So my colleague Chahlar will get into details But SEF is just in between with an artificial intelligence pipeline So it starts with getting and collecting all the raw data within the big data platform Just after we have introduced the data within the big data platform The model inputs where they would be introduced to the training Model training which is running on the OpenShift container platform Is stored in the corresponding bucket within the SEF storage And once the model is completed and the model output has been done They are putting the outputs to the SEF object storage cluster to the corresponding bucket And once the objects have been introduced We are firing a notification so that the new object is there within the corresponding bucket And you can keep going with the next stop in the DevOps pipeline But my colleague Chahlar will get into details So I'm giving the words to Chahlar So Chahlar, the stage is yours Thank you Suha I'm Chahlar Gülşenig And I'm working as AI architecture and development chapter lead at Ishbank Yenan and Suha presented our OpenShift and SEF infrastructure in details And now I will talk about how we run AI workflows on these platforms First I want to start with briefly describing our AI application development life cycle First we start with business analysis as usual And after the business analysis is finished We prepare the relevant data to use in that business case And the prepared data is used in model development It's an iterative process The model is developed, experimented, changed and re-expermented And when the model is ready and the performance is as expected It's deployed to the target environment And then we start monitoring our model's performance And if there's a need, we re-analyze it and make changes on our model If I dive more into this model life cycle The first step, the data preparation step has two sub steps The first one is preparing model data And we perform data preparation in our Hadoop cluster It starts with accessing related data sources And aggregating the data and preparing it for the model After preparing the data, we put the data into the OpenShift cluster And we start processing the data and developing the model In processing the data, we detect future types, input missing values and encodes and scale the features Then we choose the best algorithm, best performing algorithm Then we develop the model based on this algorithm and optimize the model and deploy it to the target environment This deployment starts with a pilot phase or there may be some A-B testing And when the model is in its final state, it's used in production And then in the final stage, we monitor the performance of the deployed model and make changes to the model if needed And if I go into the architecture on which we run this AI workflow There are two pipelines, first the data pipeline and the model pipeline In this slide, I will tell you about which technologies, which platforms we use And in the next slide, I will go into the details In the data pipeline, we collect data from Kafka and also we collect data from our data relays and aggregate this data in our big data Hadoop cluster Then we export this prepared data to Safe Object Search and our model pipeline starts In our model pipeline, we run our workflows in OpenShift cluster We also have a safe FS storage for persistent volumes in OpenShift And we use MongoDB to store our data and our metadata about the models And we have a Kafka for internal messaging of our applications If I go into the details of our AI architecture In event Kafka, we have banking events We collect banking events from Kafka and store it in our big data cluster And also we collect our call banking data from our data warehouse In big data cluster, we process this data and prepare the master data to be used in our machine learning applications When the data is ready in Hadoop cluster We export it to our Safe Object Storage as a model input Our trainings are running as batch applications in our OpenShift cluster We use Argo workflows to orchestrate these batch workflows Our predictions may be batch or real-time predictions depending on the use case Batch predictions produce model outputs as a file And we put this file also in Safe Object Search And if we have a real-time prediction in that use case We expose REST APIs, which will be used in our banking applications As a result of training, we have a model file And it's serialized and stored also in our Object Storage In our OpenShift cluster, we also run our Jupyter notebooks Used by our data science team The shared folders that our data science team use and share data with each other Is stored in our SafeFS storage And in SafeFS, we also store our template outputs We also have some management UIs in OpenShift cluster Which is used to handle parameters and set the parameters for the models In MongoDB, we have model metadata And also we keep the register of our models as well as the track of the experiments And finally, in our OpenShift cluster, we run an AutoML platform It's also a part of our OpenShift infrastructure And in internal messaging between posts, we use Kafka for messaging I want to summarize with giving some statistics about our AI landscape Our AI team has about 70 people, which is divided into 8 teams And currently we have more than 30 applications running in production To run these applications, we have 30 servers with more than 50 GPUs And we have a CPU farm of more than 30,000 vCores And we have more than 50TB of memory And as a search, we use 50TB of Safe Search at the moment And more than 30TB of object search And we have batch applications, API and UI And we have Jupyter notebooks, which are more than 30 posts running concurrent And 10 AutoML posts are also running on GPU in OpenShift cluster And I want to finish my verse with giving some example applications that we develop in our AI team We have pricing applications, including retail loan, term deposit and affix pricing We have an expo by application We have loan underwriting applications and we have churn models Also, we are developing some NLP models that are used for internal purposes And we have an ATM cache and root optimization models We also have an AOPS application, which is used in our IT infrastructure For capturing IT anomalies in our IT systems before they cause a problem Thank you for listening to us And if you have any questions, we will be happy to answer it It's unmuted and remuted But I really love the IsoBank story a lot because it's a huge SEF deployment But also how they spread it in their AI story and their AI workloads And how they're taking some of their legacy stuff over and just making it work It's a testament to their persistence and to the ability of OpenShift To take on a variety of tasks from CI, CD to the workloads that they're looking at This next talk, which I also loved, I love a lot of talks So I'm very biased towards end user talks, especially those that advocate for change Like the sustainability one from Ericsson But this next one is from the Southern Coalition for Social Justice And with all the stuff that's going on in the world these days It's wonderful to see the collaboration that happened between some red-haters in Rawley, North Carolina Clarence Clayton and Christopher Tate are part of this presentation Along with Tyler Wittenberg, who's the Chief Counsel for Justice Reform For the Southern Coalition for Social Justice They're a non-profit based in Durham, North Carolina And red-hat's been working with them to see how they could make and help facilitate Making a greater impact on some work they do around racial equity report cards And they leveraged a little bit of red-hat-ansible donation and OpenShift And really saved a lot of time and energy so that they could focus not on the technical aspects But on getting stuff done and making a difference and making a change So without any further ado, this is going to be our last talk of the day Because we're running up right against the noon hour And then everything else we had listed for today is available in the red-hat session catalog And then we'll come back again probably in another month or so And do a less clunky version of end user stories and do this again So here without any further ado is Tyler Wittenberg and the Southern Coalition for Social Justice And I think it's a great way to end the day Wonderful, hearing it up now Hello everyone, and welcome to this session entitled Using Open Source and Open Data to Address Educational Disparities We look forward to sharing more about this wonderful work and partnership during our time together today My name is Clarence Clayton I manage the data privacy team at Red Hat and have been with the company since 2013 I'm also honored to serve as the chair of the BUILD community which stands for Blacks United in Leadership and Diversity And it's in that capacity that I'm with you today BUILD is one of Red Hat's diversity and inclusion communities Now other companies may refer to them as affinity groups or ERGs I'd like to briefly introduce our community and talk about the role we played in bringing this partnership together BUILD exists to foster a connected community of Black Red Hatters and Allies We formed in 2015 and officially launched as a community in 2017 So we'll be celebrating our fourth anniversary later this summer We do a lot of work to enhance and improve the Black associate experience And we do this through member development, social opportunities and service to the community Now with that in mind, the story of today's session really began in May of 2020 The death of George Floyd and the resulting protests and demonstrations hit very close to home For me personally as well as Red Hat as a company There were protests in downtown Raleigh right outside Red Hat's headquarters And everything that was happening compelled our company to take action You'll see here a statement from our CEO Paul Cormier Letting it be known that Red Hat stood in solidarity with the Black community in the fight for social justice Now this was an important step but really only the beginning of the work Red Hat wanted to make it clear that words were not enough and that we could do more So Paul and the corporate leadership team asked us to identify organizations that we could partner with and contribute to Following the open decision framework principles, the Bill community voted and selected the Southern Coalition for Social Justice as one of those organizations Now you'll see here that the three partnerships represented there The Bill community, the Red Hat social innovation program and the Southern Coalition I'll now explain how these three groups came together So after the Southern Coalition was selected and a monetary donation was made Some of my Bill leadership colleagues and I started building a relationship with Tyler Wittenberg and Ryan Roberson who are on the staff of the Southern Coalition for Social Justice We wanted to find ways to provide more than just monetary support though Around that same time, Alexandra Machado who leads the Red Hat social innovation program reached out to me about possible partnership opportunities between her program and the Bill community The social innovation program connects the talent skills and expertise of Red Hatters to causes that matter to them and allow them to make a difference in the world outside of Red Hat So I thought it was a perfect opportunity to connect her with Tyler and Ryan So we met and quickly identified some technical challenges and inefficiencies that the Southern Coalition was facing and we thought that Red Hat could help address them So Alexandra then brought in Kevin Ritter and Christopher Tate who you'll meet in a few moments to get that work underway We're really excited for you to see what we did. So without further delay, I will turn it over to Tyler Wittenberg who will introduce himself and the Southern Coalition for Social Justice Thank you for that introduction Clarence. Yes, my name is Tyler Wittenberg. I work with the Southern Coalition for Social Justice which partners with communities of color and economically disadvantaged communities throughout the South to defend and advance their political, social and economic rights We do this primarily through what we call community or movement law. We provide legal and policy analysis, communication support, strategic research, as well as support and organizing efforts And one big issue that we work on is the school to prison pipeline. So what is the school to prison pipeline. The school to prison pipeline is really a web that consists of policies practices And a systemic investment in schools and in certain practices that we know actually support students of color in particular. Part of that has to do with lack of investment in things that we know support students academically. So we look at academic achievement. We also look at the use of exclusionary discipline, that being suspensions and expulsions because we know that students who are suspended or expelled are more likely to enter the justice system. And then we also look at that direct funneling of youth into the justice system, which is school based referrals to law enforcement. You identify disparities within all these areas and we do so by county using the racial record report cards. So these import cards are important because they really give a temperature check on what the school to prison pipeline looks like in any particular school district in North Carolina 115 of them so it's a lot of work to put these together. These are used by advocates, teachers, students, elected officials, whether it's school board members or legislators, all to track progress to see where there's also maybe some regression and to plot a course for how we end the school to prison pipeline moving forward. And it is a very laborious process. Right so a lot of data that is inputted one at a time, which is why it used to take us three months, a few attorneys three months and a lot of interns to get this done. And we were also kind of static in the process because we're not able to really maneuver if there's any revisions that need to need to be done. So with that I'll pass it to Christopher Tate so we can explain exactly what technology you all provided that was able to really help us build capacity for ourselves and for the communities that we work with. Let's talk about the solution. The new site allows the team to input data into an online form for a given school district and a given school year and make the up to date report cards available instantly. The whole project is completely deployed on OpenShift. A PostgreSQL database to store the data input into the form, an Apache Solar Search Engine for storing data for analytics and reporting, a Red Hat single sign on server for user management and role based access control, and an Apache Zookeeper cluster manager for scaling the whole application. The Red Hat Ansible Automation Platform deployed the image streams, secrets, deployment configs, build configs, services and routes for all the open source applications to staging and production for flexible innovation. The new Racial Equity Report Card site is available at RERC.SouthernCoalition.org. Now I will share my screen and we'll walk through the site together. Let's go to the production deployment of the Racial Equity Report Card site. Here you can see the Apache Solar Search Engine deployed and the Apache Zookeeper cluster manager and the PostgreSQL database and the Red Hat single sign on server and the RERC Southern Coalition application. So I click on this and you see the pod running and there's a route to it. So I'm going to click on this route to go straight to the site. Here is the homepage for the site. You can scroll down and read all about Racial Equity Report Cards and why they're important. I'm going to scroll back up to the top and log in like the Southern Coalition team would do. Enter my username and password. Now here I get access to everything. Let's go to the state of North Carolina because that's where we have data available. So this is the state of North Carolina and you'll see that it's related to many different school districts or agencies here. Let's go to Alexander County for example. And so this is the record for Alexander County and you'll see that there are two report cards available for Alexander County 2018 school year and 2019 school year. Let's go to the 2018 school year. This is the form for entering data. I'm going to scroll down a little bit. These are the inputs that are tracked. You can put this side by side and you can access the data where this comes from. The team will go and pull up this data side by side and look at it and record these values over here and along the way they can see up-to-date calculations going on to verify that what they're putting in is correct. So this is pupils and membership by race and sex. For example, down below there is personnel summary, which is the number of school teachers within the district. And here is some school-based complaint data from this site here. And there's suspension data, long-term and short-term suspensions from this site here. And there's academic achievement data, so how they're doing on standardized tests and college readiness from this site here. So after entering all of this data, you can go back up to the top and view the report card for this county. Here is Alexander County in 2018. You can see the school district demographics of the percentage of white students versus Pacific Islander versus multiracial or Latinx or black or Asian or indigenous and the total population. You can see some summary statistics about college readiness and short-term suspensions and juvenile complaints. You can see the ratio of students to teachers of various races and the academic achievement, whether students are graduating within four years of entering high school, the short-term suspensions and long-term suspensions and expulsions and the short-term suspensions by race and the juvenile complaints. So lots of good information here. Now, another way to make sense of this data is through the powerful open API behind the site. So I want to introduce you to that. I'm going to pull up a new tab to API slash report card. And so I'll show you what one of these records looks like. This is a lot of data to look at. We're going to filter it down a little bit so that it makes more sense. First of all, I'm going to only show certain fields. I create a field list of agency name, pupils report card start year, short-term suspensions, black versus white, and graduate within four years, black percent. Now, what we have here is a much smaller set of data for what we want to see. Let's do some additional work here. We're going to filter this with a filter query of report card start year of 2018 and another filter query on pupils total greater than 10,000. So this will filter on counties that have more than 10,000 students. And we're going to sort this data, graduate within four years, black percent ascending. That will show the report cards where black students are less likely to graduate from high school within four years first. Here we have a report card in Henderson County where the percentage of black students graduating within four years is 77%. So let's take a look at that report card. I'm going to go back here and look at change this to Henderson County and we'll scroll down to the graph. So you can see here how 77.5% is pretty low for that statistic. Now, let's go back to the API and just switch this real quick to instead of ascending to descending. And we get counties where the percentage of black students graduating within four years is very high. Let's take a look at Lincoln County. So we go back here, change Henderson County to Lincoln County. Scroll down to the graph and you'll see that the percentages in all the groups is very even. We can figure out solutions where one county is doing really well. What can we do in other counties that can make a difference? Tyler, how has the new site helped your team achieve its goals for racial equity report cards? Well, as I mentioned, it went from being a three month project to a three day project. Now it takes about three of us, no interns, three days, which means we're able to have more partnerships with community members. It means that the racial equity report cards themselves no longer become this larger burden that ends up being its own project. Now it really is a tool to advance the work as we work with our community in various ways. Also, sometimes we miss spell stuff. Sometimes we get one data point wrong. Sometimes the data is updated and changed and we have to be able to react to that because we're posting this information as, you know, it is publicly available. It is publicly available data, but we're posting our analysis and we want everyone to know that we are responsive to it. We are accountable to it. So now when there's a change of any kind, really, we're able to either go in there ourselves and change it in real time right then and there, or simply reach out to Chris and get either advice on how to do the change or support in changing it right away. It makes us far more responsive than we were prior to this relationship with Red Hat. And the timing couldn't be, could not have been better. It is good to hear about the story of how Red Hat came to this work and then responding to the uprising around the murder of George Floyd. We were also at a time where we needed to be extremely available to our community while we also had the obligation to these racial equity report cards. So we were able to be just as responsive as we needed to be while also do what we said we're going to do and get these reports out and do so actually in a much more timely manner than we did last time. So I speak for all of a sudden coalition for social justice and saying we are immensely appreciative for the support from Red Hat. We look forward to this collaboration continuing and from we look forward to learning about ways that coding itself can advance the fight for social justice and just really appreciative to be in collaboration with you all. Strengthening our children, our families and our communities is the most important work we can do. This work with SESJ shows that open collaboration to create a shared solution, leveraging each other's expertise can solve a common problem. Red Hat will continue to support SESJ through technology so that they can continue to make a difference in the world. Thank you. And we're back. All right. Well, thank you Chris for producing today and working through all of the kinks and one of the things is we're especially this last talk. I was really appreciative of the work that Tyler and Chris and Clarence had done to make this happen. And these are the kinds of stories that really make us thrilled to be part of these collaborations and we're immensely happy to be part of it. As well as for all the work that the folks at the Center for Social Justice are doing and we look forward to doing more collaboration with you. If any of you out there are watching this now and you have a story that you want to tell, an end user story, a workload story, some new technology initiative you're taking on, I'd heartily encourage you to come to commons.openshift.org. If you're not already a member, join or reach out to myself or Chris or the Open Shift Commons Twitter handle. And we'd be happy to give you the podium and let you tell your story and share it with your peers because we all learn from each other. And that's really the point of Open Shift Commons in today's by sharing these stories. You get to see the immense variety of the work that people are doing that is leveraging red hat technologies and not just Open Shift but SEF and all kinds of other ansible pieces and parts of our different product suites. So we really love that everybody has stepped up today and shared their stories with us and allowed us to share them with you and look forward to doing it again sometime soon. So thanks again to Chris and to Bobby Kessler and the other folks at Open Shift TV for producing this session. So take care. Take care. Thank you guys. We'll see you next time, Chris. Yeah, take it easy out there. Stay safe.