 y cyfnod postgres yw'r diwylliant. Yn ni'n gweithio'r cyffredinol, mae'n gweithio'r dynnu ar y dynnu unig, ac mae'n ffwrdd gan y ddechrau. Ond mae'n gweithio'r cyffredinol. Mae'n gweithio'r cyffredinol i'r ddechrau'r ddechrau. A dyna'r gweithio'r ddau. Yr hyffredinol yw'r cyffredinol ar gyfer y Gweld Cwyddiad, gyda'r cyffredinol yn Gwyd. Ond mae'n gweithio'r gweithio'r cyffredinol in a self-service fashion. The reason she wants to do this is to extend the power of her cloud-native applications by accessing pre-existing databases containing the years of data in those databases. Now meet Rick. Rick is from Operations and he needs to be able to create services. So he says, hi, I'm Rick. I need to create a number of services for our developers on cloud foundry. But I must exercise appropriate controls in place for an audit, compliance and good practice. Now his pain is that he has to keep repeating the same tasks over and over again. The developers coming to him, he's asking them what they need it for, asking them to go through the procedures in order to grant them permissions. So what he wants to do is build on trusted assets and he wants to enable developers to be able to work with pre-existing data. But he wants to do it in a compliant way so that the services are consistent, they're secure and they're curated, and most of all controlled. So this is the scenario that we want to avoid. So Maureen's saying, can I have access to the database? And he says, yes, but once you've followed the approval process. So I'd like to propose our solution, the cloud soft service broker manager. And what we've identified here is three use cases. Those database services that I've just spoken about. But more widely being able to deploy other database type services into a cloud location of your choice, whether it's public cloud, private cloud, on VMs, or bare metal. And what this does is it makes it quicker and simpler to create new service... Sorry, it's quicker and simpler than creating new service brokers. And it's also quicker and simpler than managing multiple brokers. So we provide a permission-based access to pre-existing services as managed services. So no longer using user-provided services. This securely connects trusted enterprise databases and software. And it controls the provisioning and access in line with the company best practices. So no longer are you having to ask for the credentials of a database to be given to the developer for them to create a user-provided service. Instead, we now have an audit trail and we can make sure that everything is exactly the way that we would like it to be within our company. Alongside this, we have a very intuitive and simple form because creating user-provided services is this simple, so it should be for creating access to existing services. So what this does is it adds a new service definition to the Cloudsoft service broker. Each instance creates a new read-only user on that database. So you can imagine here that within your regulatory system the means of providing a new user is very difficult, especially if that user might cause damage within the system. So we focused on a read-only user at this point. And then I spoke about being able to deploy all services that Cloudsoft AMP can deploy. And again, we do this through a simple form-based interface where we can specify the blueprint for the service that we're going to create. Again, this adds service definitions to the Cloudsoft service broker. But instead of this time being a database that is where we're configuring the plan, the service based on what the user's going to be, this time we can specify the configuration details of a VM that we're provisioning. So be that the amount of RAM that the VM gets, the operating system, or even if you're using a clustered service how many nodes are in that cluster. And so once that blueprint is sent to AMP it can then deploy it across multiple clouds. So whether that's public cloud like AWS or a local or private or dedicated cloud such as OpenStack whether it's onto virtual machines or directly onto physical hardware. And you can get this available for open source cloud foundry, for ATOS cloud foundry. It's also in the pivotal network and we have in progress for some of the others too. And so now I'm going to show you a quick demo. It's a recording so I'm not I'm not so confident to do a live demo. It worked. So I'll walk you through the use of this. So this view is for your operator, for Rick. And the developer doesn't get to see this view. This is purely for the manager. And so I'll start the video. So first we're going to look at databases. And we see that there are none available so we want to add a database. So at this point Rick, the database administrator he chooses that he wants to provide access to a Postgres database. So then he enters in the credentials of that database. So at this point the user he's providing is an admin user who is able to create other users. And so then he chooses the database he wants to connect to and provides a service name that will appear in the Cloud Foundry marketplace. He tests the connection to make sure the credentials are correct. And at this point he saves it. Now what's happening here is that the blueprint is created and sent across to AMP and then update service broker is called. At this point we also need to provide access to the relevant orgs that's going to be available for convenience we select available to all orgs here. But because we're managing where our services are going to be deployed and which users have them we can choose the individual orgs. So now this is Maureen's view. She's doing CF marketplace and she can see that the customer's database is available for her. And when she does create service it's at this point that the new user is created on the database. So this says create service, be our customers, standard customers if you can't read that. Her app had no data in it so now she needs to bind the service. So she's doing CF bind service to spring customers to the customer's database. Before this takes effect she restages the app so that the new environment variables are populated. This bind is sped up. It's actually much lower. And so when she comes back to her application she should find that when she refreshes the customers details are now available. But we said this was a read-only user. So let's test that. We expect this customer not to be added. So if you can't read that it says should fail with read-only. The customer is 0-0-0 and it's a test. After adding this customer that went too fast. What happened there? Play that again for you. So the customer was not added because it was a read-only connection. And back to Rick's view he can see that the database has been created or rather the user has been created as a new service. And he can have a little look into that. He can see behind the scenes what actually happened that a new user was indeed created. And so he can see what the... I'll move my pointer there. He can see that the new user has been created and the password that was used for that. And he can see the JDBC URL that the application would use to connect to that. So that's database services. I mentioned... I mentioned our other use case. These are other services that AMP can provision across multiple clouds. So we have a few in the catalogue already. Some different services. Rabbit, Mongo, Redis, Postgres and the customers that we've just added. Now when we want to create a new service again we click plus. We fill in the metadata that's required for a catalogue item. Here we're going to create a post... sorry, a couch-based service. So we give it the service name and a description and a URL for the icon. Then we can choose from the catalogue of services that AMP is able to provision. And that provides us with a base entity from which we can make plans. So to make a small plan we give it a name and description but then we provide some configuration YAML. And that configuration YAML in this case is configuring the provisioning properties of the virtual machines used to... to provision this. And we're going to set the minimum amount of RAM used. Excuse me, I don't know what's... Sorry about that. So as I said, we're setting the minimum amount of RAM because it's a small plan we're just going to give the VM one gigabyte. We add that plan and then for good measure we make a second plan called medium and we're going to provision it with three gigs of RAM. Once we're satisfied with the plans that we're defining we click save and this blueprint is added to AMP's catalogue and brought in through the service broker into Cloud Foundry. We can now check that the service is there. There's a couch base ready to be used once we've enabled it for the particular orgs that we care about. Again, for convenience just to all. So now when Maureen checks her marketplace she can see that couch base is there and she can create that service. Rick can now check that the service is available. He sees that it's in a starting state. A few moments later once the create has succeeded he has the ability to look inside that service and see key metrics affecting that service such as the number of HTTP requests per second or any other pertinent information. Lastly, because we're a service broker manager we don't just manage the Cloudsoft service broker's access requirements. We can select a different broker and choose the access requirements for the services available for that. That's the end of the demo. So, as I said, these are available for open source Cloud Foundry and some other Cloud Foundry providers. If you would like to get it and try it out you can download it from cloudsoft.io. Get CSB. Thank you. Any questions? Yes. I'll speak later. When the application binds to the service using the first example what's actually in the environment and what's exploited in the space of the app? Does the code have been written in a specific way to leverage the connection that's provided or does it just get access as it would normally? So it works in the same way that it would normally but the credentials that are passed back on-bind are not those of the admin database but of the new read-only user that it created. Yes. Yes, absolutely. We're also live streaming this talk and we'll make it available, definitely. Yes. It can create user accounts on existing databases or it can create new databases on virtual machines. I should say we can also deploy to locations that are container-based as well like Docker or Kubernetes in the works at the moment. Well, we have... we have a partnership with Atos. We also have it in the pivotal network as a tile if you are using that brand. Yes. How does it work in France because the people can get to from predicts to the enterprise and the workload? Okay. That's not something that's integrated into it at the moment but if there is a route to that host then it's just making a JDBC call out to it to connect to it. Cool. Thank you very much.