 Yes, good morning everybody. My name is stomach Jack. I'm from DHL and together today with I'm Keith tensor principle solution architect I read it. Yeah, and I would like to tell you our short, but I think a powerful story about using open shift in the HL and Yeah, as you can see making a making a big yellow fly DHL is a pretty big company. It is actually a leading mail Service in Europe the biggest one. We have a Number one supply chain operations, you know DHL Express. You probably know it We are delivering to 220 countries worldwide and we have also global forwarding in in an ocean also leading Leading services worldwide. So it's a five hundred and ten thousand people company and Our challenge for my challenge currently is how to make it fly And you know, we have thousands of applications We have hundreds of technologies people all over all over the world and how to get them get them be quicker and running and We have to do it. We have a big big challenge Because obviously the market we are operating is changing rapidly maybe not so much like for banks or Insurances, but we also impacted by the digitalization Where our competitors are introducing new digital products our customers like Amazon are becoming our competitors and We have a lot of small startups really trying to bite bite into our business and yeah, that's that's our challenge And that's why in 2016 we kind of started thinking what we do about it from IT perspective and How to really be faster more flexible and and and fit innovation into you know this big yellow colors and our approach Pretty old concept, but good works for us is introducing Or trying to bring the challenge the change via by model concept Because in such a big environment, it's just not possible to release come and say like alright guys from day from today We are gonna be agile and quick and fast and And that's that's not possible in such a big organization to make it so we said okay We do it the by model way we let the guys in the mode one as they work today and we've and we try to build new capability in the modes To and then slowly pulled everybody into into this new a new approach and the the idea was to focus on three areas Change the technology. That's what we'll be talking a second or more in depth adapting the processes and and working on the culture and and mindsets and In terms of the technology it was 2016 when we started looking for a right technology and our Choice was we we wanted to find a container based platform And we wanted to have a zero downtime platform and something that is re scalable and set up for a future and In terms well that the technology is good, but technology is you know part of the solution you need to adapt all the processes around and Really adapt your operating model automate your deployments and also introduce some better commercial model or on on on selling Internally the the technology and Finally and that's I've heard from Barclays the same problem You know you've you started with the technology which is like a first obvious choice then you Well, it's a little bit more difficult to get the process around updated but the most difficult in the end what stays is changing the people's mind and it's You know with containers you are having so many new concepts about new architecture about New way of developing software and especially bringing all the teams and people together That's in the end stays to be the most hard part All right, so this is how we how we started that is our why and Well, we ended up Implementing an open shift as our technology base and let's let us share with you a little bit some details about it Well, so this is a little bit like a big picture Of our our model So then the most important is actually that we are not trying just to have an open shift You know like a container as a as a service implemented what we try to do is to have like an entire end-to-end ecosystem For for our developers so that when the projects are coming to to our platform They they have like a full full experience. They just need to really Come with the source code and all the rest is set and let me explain how it is how it is being done so at the bottom we decided to have an on-premise cluster or at least start with on-premise cluster and Advantage of on-premise cluster that you can easily modernize Existing applications because they are just on the infrastructure, you know sitting in the data center next next to each other So we have a physical ESX cluster With physical servers as a bottom of our open shift system And and then we have a of course open shift layer and I was personally fighting quite a long a lot internally To make an open shift cluster being just one cluster Many people can make different choices. You know splitting past and production on having one class than another Our we were able to succeed and to persuade people just have a one cluster with everything inside but the deal was Okay, you can have one cluster, but We still need to you know separate production from tests and that we do with with the networking zones and Here on the picture you can see we have actually also to two zones on the cluster one internal zone for application that Only connect to the existing data center Infrastructure, and we have also in the cluster build a DMZ zone for application that are gonna be exposed or being connected from internet so that's let's say a technology base and what was important for us and Is to put also like a the whole DevOps tool chain like a standardized devil DevOps toolchain block on top and Practically to give give the the the projects like an end-to-end experience So they just come to the to the platform and they not just have a place to run containers But also a place where they have all the tools To do entire deployment chain and that's a that's an important concept to to change a big company at scale and so and that's a power of the platform and that you give the people like a stand as much as possible standardized block and And then the projects can very very quickly Jump on this on this model and then you are in you know scaling up and introducing the change Very very quickly. Yeah, and on our cluster. We have people from all over the places from all our divisions running their applications and all mixing on this on on one Cluster and that gives a good good good simplicity in Operating it Okay, and now I switch to to Keith to talk about a little bit details on our networking and details of our cluster So as Tomic mentioned, you know one of the things we did here was we integrated the platform with Existing IT so existing IT infrastructure And so anytime you do that think one of the biggest areas that's a challenge is on the networking side People are working with firewall rules and want to do things in a certain way and there's certain processes And so while you want to bring about change and change certain things It's kind of you know, there's a lot of trade-offs here And so we had quite a lot of discussions actually As you remember Tomic on what the best way to do this and the best approach What we decided to do at the end of the day was not change the way the current IT does networking or firewall rules or or any of that stuff in regards to the OpenShift platform So what that meant is we basically have two zones We have a DM set as the Barclays guys also mentioned they have that as well as most companies that have internet-facing Applications are under regulatory rules and require different levels of Security there and we had obviously the internal and as Tomic mentioned we have the same Cluster, so we're running production and test on the same OpenShift cluster And so what you see here on the top box basically is the management zone So we created a separate zone for management and we opened up obviously the ports for the master servers so that they can communicate with the nodes in the DM set test and production as well as in the the internal ones and That's in red the masters on in the middle You see the the in yellow the the the manage the the monitoring logging metrics all of that stuff So we have a separate cluster there of nodes for that and then on On the right you see the in purple is basically the the the infer nodes That's basically the OpenShift router the proxy so it's taking requests for Kibana for Metrics and logging and that's what it's there and then on the left we have obviously an Ansible host for deployment and Cloud forms which Tomic I think will address a little bit About what we're doing with charge back and how we're using that so Basically, that's opened up and then I think what's interesting is how we're doing the application traffic So in each of these in each of these zones, there's basically you'll see two infrastructure nodes It's again running the OpenShift router Because there's no east-west traffic. So we see basically these firewalls. There's there's no there's no east-west Traffic going there's hard firewalls between that so an application running in the DM set cannot Communicate with anything outside of that unless you open up specific rule sets And so one of the challenges with you know with with at least the the the proxy If you let's say just had a proxy that could access all these zones Well, then somebody that's accessing a DM set application DMZ application could access an application Internally potentially so someone from the internet could potentially do that and so that's why we created sort of these these these hard set Zones if you will and so this is one way to do that So the nice thing here is the firewall rules at least from how DHL we're viewing it We don't need to change the way they work. They work exactly the way they do today They can open up firewall rules and manage access from From external applications who has access to what with the environment outside of OpenShift basically So that's basically what what we what we did there So I get back to you Tommy. All right. Thank you. Thank you Keith Now I would like to come back a little bit to the to the processes Because you know implementing technically OpenShift cluster It is you know fun for a couple of months But this is just a beginning of the journey and the question is okay So I have the cluster, but how can I scale? How can I get quicker and? One of the point I mentioned already was Give them the fast processes and and and and enable the application built and not just on the you know in the container but really in in the company and how to make it work and This is a little little picture how we Connected the OpenShift cluster with our existing Toolings and so we said alright instead of like just giving the people empty empty cluster And okay find your container and run them give them the entire story So in our case we are using our own internal git repository to keep the source codes and also configuration We are Managing the entire CICD pipeline with our internal Jenkins was also a big discussion Shall we do it with Jenkins on on on an OpenShift or an external? And I think the good choice was to use an external to OpenShift our own Jenkins for in the build process we use Factory to to pull the dependencies and a big big advantage for me is that we are using or giving the people the base images From from redhead so we don't have to take care about updating and maintaining images We're just getting them from redhead and that's that's a very big Advantage of the OpenShift as a as a system in the test We are using Fortify scan and SonarCube scan so we want to make really sure that the container that are going on the platform and you know We are mixing everybody on the one platform are pretty good quality so we require people to use Fortify and SonarCube and we also connected to the platform Selenium and UFT universal functional tests So they can do an automated testing and so in the best case they they can kind of run the entire Pipeline fully automatic up to production. That's that's what's possible and the last piece on the picture the production And that's probably maybe the most difficult one was how to make sure that the change process would be fast like a platform And you know in my world or you know normal change process You have a change ticket you need 20 approvals you need to you know register with 10 10 or best two weeks before before the change so you know you know really like you know traditional enterprise change process and how to make it actually not stay in the way and we were able to create like a fast fast change process and we are using for change tracking and Service now system and we just connected it practically with API So whenever we deploy to production OpenShift, then we are creating automatically a change ticket and And through a very disciplined pipeline We ensured our change the change management colleagues that's a non You know change management rules are compromised So we are kind of saying we're replacing a manual approvals that used to be or are still from non-OpenShift systems with Automatic approvals build built in in the pipeline and that that enables the whole system works fast and in such a Let's say traditional environment like we are we we can deploy it You know at the speed of the project they can deploy it every five minutes depends how their pipeline is working Yeah, so that gives the people the entire story. So people just can you know applications are just coming with the source code and off we go We get them quickly onboard it and then you know, they are up and running and that I hope will let us you know deploy Really bring the change at the scale One more Maybe interesting point for some of you. Well, I'm working for DHL but IT services DHL IT services We are like in a you know within the group and a like IT company within the group so I'm selling the OpenShift to my own business units and The idea was you know how to sell it and here's an a little idea what we we use So we wanted to have two things at the same time to sell OpenShift, you know and have like a pay-per-use Cloud feeling and on the other on the other side, you know pay-per-use if somebody used maybe a cloud a little bit too aggressively You know the the spend on on pay-per-use can be quite high. You know, you sometimes really Don't know how to control it. So an idea here is to introduce so-called application box So people buying, you know, like a quota on the cluster say I want to have four cores and 16 gigram and we've in this box within this physical quota on the cluster Projects can can deploy and consume this quote as they want But we will know they will never, you know, breach the maximum size of the of the club of the box Like an example for course That's maximum and on the other side to make sure that the people properly sizing and buying a proper proper Boxes we charge them a minimum charge always of 20% so don't don't get crazy You know they come and say like okay, give me thousand cores because the paper use right and and you know use two cores and you know I doesn't make any sense from capacity management And yeah, and actually they are then being charged physically between minimum charge and the and the maximum charge of You know represented in this in this box. So that's an idea that might some In a similar situation need to resell the open sheet to our your internal customers or external customers that's maybe an interesting idea and Yeah, the final two words on our outlook. So it's you know, we are Relatively fresh guys on the block as what do we want to know? I want to expand is We will be building another cluster Kind of multi cluster environment. That's one of our expansion We would we are just implementing a persistent storage as we as we speak and we think about Putting a disaster recovery multi cluster disaster recovery scenarios. We have Some concept ready and I think the next year I hope to persuade my internal stakeholders that we get with another cluster on cloud and really run some Hybrid scenarios so sound of you and I saw already some of you are already doing that that kind of stuff Then you know catch me on on the break and they give me some good feedback Because we are here to learn from each other So that's our our little outlook. Yeah, and with that, I think we are coming to the end So thank you very much for listening