OPENSHIFT VS

PIVOTAL CLOUD FOUNDRY

COMPARISON
Presenter
Title
Date
 RED HAT OPENSHIFT PIVOTAL
CONTAINER PLATFORM CLOUD FOUNDRY®

An integrated application A platform-as-a-service for

platform to run, orchestrate, cloud-native applications
monitor and scale containers (PaaS)
(CaaS and PaaS)

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 PIVOTAL CLOUD FOUNDRY
● Pivotal spun off out of EMC and VMWare

● Based on open source Cloud Foundry

● Products
○ Pivotal Cloud Foundry: on-premise PaaS
○ Pivotal Web Services: hosted PaaS on Amazon Web Services (AWS)
○ PCF Dev: local instance on dev machines
○ Pivotal Labs: consulting method

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 RED HAT CONTAINER STACK
Business 3rd party
Red Hat Application Automation
Integration Data Web & Mobile
frameworks
Services (JBoss)
CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER

LIFECYCLE AUTOMATION CONTAINER MANAGEMENT

PaaS

CAPACITY MGMT
SELF-SERVICE SERVICE CATALOG MONITORING PUBLIC REGISTRY
(CloudForms)
(RH Registry)
CI/CD POLICY MANAGEMENT SECURITY ANALYSIS
Red Hat OpenShift (Jenkins)
IMAGE BUILD
(CloudForms) (CloudForms) OPS MANAGEMENT
Container Platform (CloudForms,
CaaS

(incl. CloudForms) CONTAINER INFRASTRUCTURE SERVICES Satellite)

ORCHESTRATION CONTAINER ENGINE REGISTRY OPS AUTOMATION

(Kubernetes) (Docker Engine) (Atomic Registry) (Ansible)
STORAGE SECURITY NETWORKING
(Kubernetes) (Docker Engine) (Open vSwitch) STORAGE
(RH Storage)
ENTERPRISE-GRADE CONTAINER OS
Red Hat Enterprise (Red Hat Enterprise Linux & Atomic Host)
IaaS

DEV TOOLS
Linux & Atomic Host ( Developer Studio,
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD Container Dev Kit)

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 PIVOTAL CLOUD FOUNDRY STACK
VM-centric 3rd party
Spring Cloud Messaging Big Data Web & Mobile
deployment frameworks
model VM VM VM CONTAINER VM

LIFECYCLE AUTOMATION CONTAINER MANAGEMENT

SELF-SERVICE SERVICE CATALOG MONITORING CAPACITY MGMT

29 VM minimum PUBLIC REGISTRY
PaaS

configuration
CI/CD IMAGE BUILD POLICY MANAGEMENT SECURITY ANALYSIS
OPS MANAGEMENT
CONTAINER INFRASTRUCTURE SERVICES
Single points of ORCHESTRATION CONTAINER ENGINE
REGISTRY OPS AUTOMATION
failure (Diego) (Garden)
SECURITY
STORAGE NETWORKING
(Garden)
STORAGE

ENTERPRISE-GRADE CONTAINER OS
Proprietary DEV TOOLS
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD (PCF Dev)
Open Source

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 KEY OPENSHIFT ADVANTAGES
● Enterprise grade security
○ Built on top of RHEL and uses industry-standard SELinux isolation
● Full stack support
○ Single vendor supporting OS, platform, containers and middleware
● Enterprise middleware services including full Java EE support
○ Red Hat JBoss EAP, JWS, A-MQ, Fuse, BRMS, BPMS, JDG, Mobile, API and SSO
● Standard containers and orchestration
○ Linux containers and orchestration with Docker and Kubernetes
● Built-in operational management
○ Infrastructure provisioning, policy-management and vulnerability scanning
● Supported by Red Hat
○ Trusted open source leader
● 100% Open Source

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 COMMUNITY AND VENDORS
OpenShift community vs Cloud Foundry community
● Cloud Foundry community is polarized with 80% contributions by Pivotal and IBM
● OpenShift community is democratized by many contributors and is 5x more active
OpenShift vendors vs Cloud Foundry vendors
● Authentication, app lifecycle, storage, networking, app services and messaging are
proprietary and differ across certified Cloud Foundry vendors (no portability)
● All OpenShift vendors’ solutions are open source and identical (portability)
Switching costs is more than just PaaS/CaaS
● Any application stack runs on OpenShift and OpenShift runs on any infrastructure
● Only Cloud Native applications run on Cloud Foundry

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 FROM CODE TO DEPLOYED CONTAINERS

Container Deployed
Code Application Linux Container Orchestration Containers

Docker Kubernetes
Garden Diego
Swarm
Mesos

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 Docker Kubernetes Diego Garden
Upstream
Community

Docker Kubernetes Community Diego Garden

Platform
OpenShift Origin Cloud Foundry

Docker Kubernetes
Commercial
Proprietary Services
Platform
Red Hat OpenShift
Diego Garden

Commercial Cloud
Foundry

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

ARE YOU LOCKED-IN?
 THE LOCK-IN DILEMMA

Can you switch vendor without

switching technology?

Can you switch technology without

switching vendor?

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 CLOUD FOUNDRY PLATFORMS
● Small set of core services in the open source Cloud Foundry
● Large set of proprietary services on top in each vendor distribution
● Apps are not portable across platforms due the proprietary services (tech lock-in)
● Migration involves cut and replace vendor-specific proprietary services
● Not possible to go from vendor solution to a self-maintained (vendor lock-in)

Helion
Proprietary
Pivotal
Bluemix Services Stackato
Services
Services

Open Source
Cloud Foundry Cloud Foundry Cloud Foundry Cloud Foundry
Core Core Core Core

Community Pivotal CF IBM Bluemix HPE Stackato

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 CLOUD FOUNDRY ARCHITECTURE
Required Elements for a Certified Provider:
Cloud Controller, Router, Diego and Garden, UAA, Logging and Metrics

Router ROUTING

OAuth2 Server (UAA) Login Server AUTHENTICATION

Cloud Controller nsync Diego Brain Cell Reps APP LIFECYCLE

Storage Diego Garden APP STORAGE & EXECUTING

Service Broker APP SERVICES

BBS (HTTP/S) Consul NATS Message Bus MESSAGING

Metrics Logging METRICS & LOGGING

Source: Cloud Foundry PaaS Certification - 2016 Requirements https://www.cloudfoundry.org/use/cloud-foundry-certified/certification-requirements/

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 CLOUD FOUNDRY ARCHITECTURE
Authentication, App Lifecycle, Storage, Networking, App Services, Messaging
can all be different between various Cloud Foundry providers

Router ROUTING

OAuth2 Server (UAA) Login Server AUTHENTICATION

Cloud Controller nsync Diego Brain Cell Reps APP LIFECYCLE

Storage Diego Garden APP STORAGE & EXECUTING

Service Broker APP SERVICES

BBS (HTTP/S) Consul NATS Message Bus MESSAGING

Metrics Logging METRICS & LOGGING

Source: Cloud Foundry PaaS Certification - 2016 Requirements https://www.cloudfoundry.org/use/cloud-foundry-certified/certification-requirements/

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 With Cloud Foundry, every vendor switch
involves sizable application migration
between Cloud Foundry providers

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 KUBERNETES PLATFORMS
● Many platforms have adopted Docker and Kubernetes
● App containers are fully portable across platforms
● App migration might involve cut and replace vendor-specific services
● This is essentially the Cloud Foundry model
Google
CoreOS
Apcera
Apprenda
Proprietary Google
OpenShift
Cloud Engine
Apprenda Huawei
100%
Open
Mesosphere
Source Kubernetes Open Kubernetes Kubernetes Kubernetes WSO2
Source
Canonical
Docker Docker Docker Docker
EngineYard
Red Hat CoreOS Google Rancher
Apprenda
OpenShift Techtonic Container Engine Eldarion

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 With Kubernetes, vendor switch might
involve application migration between
Kubernetes providers

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 OPENSHIFT PLATFORMS
● Based on docker containers and Kubernetes
● 100% open-source
● App containers are fully portable across docker platforms
● Apps are fully portable across vendors No Tech Lock-in
● Zero-effort application migration between vendors No Vendor Lock-in
● Vendor solution can be self-maintained by customer
Red Hat
Telstra
Origin OpenShift OpenShift OpenShift T-Systems
100%
Open
RedBridge Cloud
Source Kubernetes Kubernetes Kubernetes Kubernetes Getup Cloud
Raiffeisen Informatik
Docker Docker Docker Docker
AusNimbus
Community Red Hat OpenShift T-Systems AppAgile Telstra APPUiO

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 With OpenShift, vendor switch involves
zero application migration between
OpenShift providers

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 SWITCH COSTS IS NOT JUST ABOUT
THE CONTAINER PLATFORM

Application Stack

PaaS switch
CaaS costs

Infrastructure

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 SWITCH COSTS IS NOT JUST ABOUT
THE CONTAINER PLATFORM

Any
Cloud Native
Application Stack

OpenShift Cloud Foundry

Any Some
Infrastructure Infrastructure

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 AT A GLANCE

PIVOTAL CF OPENSHIFT
● Garden and Diego ● Docker and Kubernetes
● .NET and Spring ● .NET, Spring and JBoss Middleware
(including full Java EE)
● Only Cloud-native apps ● Cloud-native and stateful apps
● Container security on Ubuntu ● Enterprise-grade security on
Red Hat Enterprise Linux
● Deployment automation ● Complete Ops Management
● Open Core ● 100% Open Source
● Pivotal Labs consulting method ● Red Hat Innovation Labs consulting method

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 AT A GLANCE

PIVOTAL CF OPENSHIFT

e
● Garden and Diego ● Docker and Kubernetes

ir c
● .NET and Spring ● .NET, Spring and JBoss Middleware
(including full Java EE)
● Only Cloud-native apps ● Cloud-native and stateful apps
●
P
Container security on Ubuntu ● Enterprise-grade security on

X
Red Hat Enterprise Linux

5
● Deployment automation ● Complete Ops Management
● Open Core ● 100% Open Source
● Pivotal Labs consulting method ● Red Hat Innovation Labs consulting method

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

BRIEF COMPARISON
 CONTAINER & ORCHESTRATION

PIVOTAL CF OPENSHIFT

Garden & Diego Docker & Kubernetes

● Garden uses OCI runC backend ● Portable across all docker platforms
● Not portable across Cloud Foundry distros ● IP per container
● Containers share host IP ● Integrated image registry
● No image registry ● Image build from source and binary
● Private registries are not supported ● Adoption in many solutions
● No image build
● Adoption only in Cloud Foundry

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 NO NATIVE DOCKER IN CLOUD FOUNDRY

No support to run docker containers. Cloud Foundry transforms

docker containers to Garden and runs the Garden container

❌
decompose run
Docker Garden Garden Garden Garden
rebuild

Pivotal Cloud Foundry

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 NO NATIVE DOCKER IN CLOUD FOUNDRY

Converters Are Terrible

Cloud Foundry is based on the Garden container runtime, not Docker, and then has RunC and
Windows backends. RunC is not Docker, just the lowest runtime layer

Docker Developer Experience Does Not Exist in PCF

PCF “cf push” Dev Experience does not exist for Docker. In Openshift v3 we built S2I to
provide that same experience on top of native Docker images/containers

Diego Is Not Kubernetes

Kubernetes has become the defacto standard for orchestrating docker containers. Diego
orchestrates Garden containers and is used only by Cloud Foundry users

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 APPLICATIONS

PIVOTAL CF OPENSHIFT

.NET and Spring .NET and JBoss Middleware

● Small buildpack service community ● Large docker service community
● Java, .NET Framework ● Full Java EE, .NET Core
● Spring Boot and Spring Cloud ● Spring and JBoss middleware portfolio
● Community CI/CD ● Certified Jenkins and Deployment Pipelines

Only Cloud-native Apps Cloud-native and Stateful Apps

● No persistent storage ● Persistent storage support

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 SECURITY AND OPERATIONS

PIVOTAL CF OPENSHIFT

Enterprise-grade Security on
Basic Security on Ubuntu
Red Hat Enterprise Linux
● Container traffic rules ● SELinux and OpenScap
● AppArmor integration ● Unprivileged containers (no root)
● Unprivileged containers (no root)

Deployment Automation Complete Ops Management

● Deployment via BOSH and Ops Manager ● Deployment via Ansible
● No ops management ● Ops management with Red Hat CloudForms
● No bare-metal ● Built-in log management (Elasticsearch/Kibana)

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 ECOSYSTEM

PIVOTAL CF OPENSHIFT

Open Core 100% Open Source

● Proprietary (based on open source) ● 100% Open Source
● CF Foundation with 65+ members ● Active open-source community
● OpenShift Commons with 200+ members

Pivotal Labs Red Hat Innovation Labs

Consulting Method Consulting Method

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

DETAILED COMPARISON
 CONTAINER

PIVOTAL CF OPENSHIFT

● Garden linux container and buildpacks ● Native Docker linux container

based on OCI runC backend ● Widespread commercial adoption
● Adopted only in Cloud Foundry ● Portable across platforms
● Runs Docker by converting to Garden
● Not portable across platforms (e.g Bluemix)

● No image registry ● Integrated image registry

● Private registries not supported

● Containers share host IP ● Built-in SDN

● All communication through load-balancer ● IP per container
● Inter-container communication

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 NO NATIVE DOCKER IN CLOUD FOUNDRY

No support to run docker containers. Cloud Foundry transforms

docker containers to Garden and runs the Garden container

❌
decompose run
Docker Garden Garden Garden Garden
rebuild

Pivotal Cloud Foundry

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 NO NATIVE DOCKER IN CLOUD FOUNDRY

Converters Are Terrible

Cloud Foundry is based on the Garden container runtime, not Docker, and then has RunC and
Windows backends. RunC is not Docker, just the lowest runtime layer

Docker Developer Experience Does Not Exist in PCF

PCF “cf push” Dev Experience does not exist for Docker. In Openshift v3 we built S2I to
provide that same experience on top of native Docker images/containers

Diego Is Not Kubernetes

Kubernetes has become the defacto standard for orchestrating docker containers. Diego
orchestrates Garden containers and is used only by Cloud Foundry users

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 ORCHESTRATION

PIVOTAL CF OPENSHIFT

● Diego orchestrator ● Kubernetes orchestrator

● Adoption only in Cloud Foundry ● Adoption in many solutions
● No distributed and cron jobs ● Distributed and cron* job support
● Custom scheduling
● Resource limits and quotas with QoS tiering
● Multi-cluster orchestration*

● Service registry only for Spring apps ● Service discovery for all containers
● Service catalog ● Service catalog*
● Config Server for Spring apps ● Loosely-coupled application configuration

* coming soon

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 APPLICATION SERVICES

PIVOTAL CF OPENSHIFT

● Few community buildpacks ● Many community Docker images

● Supported runtimes: Java, Ruby, … ● Supported runtimes: Full Java EE, Java, Ruby, …
● .NET support ● .NET Core support

● Compelling Big Data services ● Red Hat JBoss Middleware

● Spring Boot and Spring Cloud Services ● Microservices with JBoss and Spring
● Microservices with Spring Boot ● Third-party services
● Third-party services

● Stateful and legacy apps not supported ● Stateful and legacy apps supported
● No persistent storage ● Persistent storage support

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 APPLICATION LIFECYCLE

PIVOTAL CF OPENSHIFT

● No container images ● Image build from source and binary

● No Docker build ● Automated redeploy on image update
● Containers run from source and binary ● Docker build support
● CI/CD Integration

● Spinnaker and Concourse CI ● Certified Jenkins

● CloudBees Jenkins integration ● Support for Jenkins slaves
● Built-in CI/CD and Pipeline
● CloudBees Jenkins integration

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 SECURITY

PIVOTAL CF OPENSHIFT

● Container traffic rules (in- and outbound) ● Containers jailed with SELinux
● AppArmor integration ● Unprivileged containers (no root)
● Seccomp integration ● End-to-end cluster security with TLS
● Unprivileged containers (no root) ● Fine-grained role-based policies
● Container vulnerability scanning through Red
Hat CloudForms and BlackDuck (partner)

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 OPERATIONS & MANAGEMENT

PIVOTAL CF OPENSHIFT
● Ubuntu (support partnership with Canonical) ● Red Hat Enterprise Linux and
● Virtual, private and public cloud Atomic Host
● Physical, virtual, private and public cloud

● Container metrics ● Container metrics

● Basic log aggregation ● Container log aggregation and management
● Built-in ElasticSearch and Kibana

● Deployment via BOSH and OpsManager ● Deployment via Red Hat CloudForms
● No operational management ● Complete operational management
(capacity, audit, policy, forensic, etc)

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 ECOSYSTEM

PIVOTAL CF OPENSHIFT

● Proprietary (open core) ● 100% Open Source

● Cloud Foundry Foundation with ● OpenShift Commons with
65+ members 200+ members

● OCI member ● OCI and Platinum CNCF member

● Kubernetes adopted in CNCF

● Vibrant partner community ● Active open-source community

● Vibrant partner community

● Pivotal Labs consulting method for enabling ● Red Hat Innovation Labs consulting method
Agile and DevOps

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 OPENSHIFT AWARDS

2 Years Running!

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 OPENSHIFT CUSTOMERS

read more at openshift.com/customers

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

 OPENSHIFT COMMONS

An interactive community for all OpenShift PaaS

Users, Customers, Contributors, Partners, Service
Providers and Developers to share ideas, code, best
practices, and experiences.

More at http://commons.openshift.org

OPENSHIFT COMPETITIVE OVERVIEW GENERAL DISTRIBUTION

THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHatNews

youtube.com/user/RedHatVideos