Professional Documents
Culture Documents
tm tm
Cloud Computing
Dan Sullivan
TheDefinitiveGuidetoCloudComputing
DanSullivan
IntroductiontoRealtimePublishers
by Don Jones, Series Editor
Forseveralyearsnow,Realtimehasproduceddozensanddozensofhighqualitybooks thatjusthappentobedeliveredinelectronicformatatnocosttoyou,thereader.Weve madethisuniquepublishingmodelworkthroughthegeneroussupportandcooperationof oursponsors,whoagreetobeareachbooksproductionexpensesforthebenefitofour readers. Althoughwevealwaysofferedourpublicationstoyouforfree,dontthinkforamoment thatqualityisanythinglessthanourtoppriority.Myjobistomakesurethatourbooksare asgoodasandinmostcasesbetterthananyprintedbookthatwouldcostyou$40or more.Ourelectronicpublishingmodeloffersseveraladvantagesoverprintedbooks:You receivechaptersliterallyasfastasourauthorsproducethem(hencetherealtimeaspect ofourmodel),andwecanupdatechapterstoreflectthelatestchangesintechnology. Iwanttopointoutthatourbooksarebynomeanspaidadvertisementsorwhitepapers. Wereanindependentpublishingcompany,andanimportantaspectofmyjobistomake surethatourauthorsarefreetovoicetheirexpertiseandopinionswithoutreservationor restriction.Wemaintaincompleteeditorialcontrolofourpublications,andImproudthat weveproducedsomanyqualitybooksoverthepastyears. Iwanttoextendaninvitationtovisitusathttp://nexus.realtimepublishers.com,especially ifyouvereceivedthispublicationfromafriendorcolleague.Wehaveawidevarietyof additionalbooksonarangeoftopics,andyouresuretofindsomethingthatsofinterestto youanditwontcostyouathing.WehopeyoullcontinuetocometoRealtimeforyour educationalneedsfarintothefuture. Untilthen,enjoy. DonJones
TheDefinitiveGuidetoCloudComputing
DanSullivan
IntroductiontoRealtimePublishers.................................................................................................................i Chapter1:ChangingtheWayWeDeliverServiceswithCloudComputing....................................1 Overview.................................................................................................................................................................1 TheMovingTargetthatIsCloudComputing......................................................................................3 ABriefIntroductiontoCloudComputing.................................................................................................4 AMassivelyScalableInfrastructure.......................................................................................................5 RapidAllocationofVirtualServers....................................................................................................6 StandardHardwarePlatform...............................................................................................................7 PersistentStorageintheCloud...........................................................................................................7 UniversalAccess.............................................................................................................................................8 . FineGrainedUsageControlsandPricing............................................................................................9 StandardizedResources..............................................................................................................................9 ManagementSupportServices..............................................................................................................10 DriversBehindCloudComputing..............................................................................................................10 ABetterWaytoConsumeServices......................................................................................................11 ServiceOrientedArchitectureintheCloud................................................................................11 DifferentiatedLevelsofService........................................................................................................12 MoreEfficientDeliveryofServices......................................................................................................12 ManagementInfrastructure...............................................................................................................13 OptimizationofWorkloadsAcrossSharedInfrastructure...................................................13 SelfServiceManagement....................................................................................................................14 Monitoring.................................................................................................................................................15 ImprovingtheUserExperiencethroughCloudComputing......................................................15 ChangingEconomicsofIT.............................................................................................................................15 ReducingCapitalExpenditures.............................................................................................................16 EfficientlyAllocatingResources............................................................................................................16 RapidlyDeliveringITServices...............................................................................................................17 ii
TheDefinitiveGuidetoCloudComputing
DanSullivan
AligningBusinessStrategyandIT.............................................................................................................18 Summary..............................................................................................................................................................19 Chapter2:DemystifyingCloudComputing................................................................................................20 ANoteonTerminology..................................................................................................................................20 SearchingforaCommonDefinition:3FundamentalElementsofCloudComputing.........21 MassiveScalability......................................................................................................................................21 ComputingResources...........................................................................................................................22 StorageResources..................................................................................................................................24 NetworkResources................................................................................................................................24 AbilitytoEasilyAllocateCloudResources.......................................................................................25 ServiceManagementPlatform...............................................................................................................26 ServiceCatalogofStandardizedServices.....................................................................................26 PolicyDefinitionandEnforcement.................................................................................................26 ACloudbyAnyOtherName....................................................................................................................27 DifferentTypesofCloudComputingServices.....................................................................................28 InfrastructureServices..............................................................................................................................28 ComputingonDemand.........................................................................................................................29 StorageonDemand................................................................................................................................30 BusinessIntelligenceUseCase.........................................................................................................30 PlatformServices.........................................................................................................................................31 RelationalDatabaseServices.............................................................................................................31 ApplicationServers................................................................................................................................33 SecurityServices.....................................................................................................................................33 ApplicationServices...................................................................................................................................33 MessagingQueues..................................................................................................................................34 Distributed,ParallelProcessing.......................................................................................................35 ApplicationsandBusinessServices.....................................................................................................36 iii
TheDefinitiveGuidetoCloudComputing
DanSullivan
ConsolidatingEnterpriseApplications.........................................................................................36 . ManagingBusinessServicesandWorkloads..............................................................................37 CommonAttributesofCloudServiceModels..................................................................................38 CloudDeliveryModels...................................................................................................................................38 PublicClouds.................................................................................................................................................39 PrivateClouds...............................................................................................................................................39 HybridClouds................................................................................................................................................39 Summary..............................................................................................................................................................40 Chapter3:EnablingBusinessInnovationbyUsingCloudComputing...........................................41 LaunchingaNewBusinessService...........................................................................................................42 NewServicesUnderaTraditionalITServiceModel....................................................................44 Scenario1:TutorialVideosfortheDIYCustomer...................................................................44 Scenario2:AdvancedAnalyticsforAutoInsurancePremiumCalculations.................46 NewServicesUndertheCloudComputingModel.........................................................................49 Scenario1:TutorialVideosintheCloud......................................................................................49 Scenario2:AdvancedAnalyticsintheCloud.............................................................................49 . AdvantagesofDoingBusinesswithCloudComputing....................................................................50 TimetoDeployServices...........................................................................................................................51 CostControlandAbilitytoScaletoDemand...................................................................................52 AdaptabilityofResources........................................................................................................................53 SourceofROIintheCloud............................................................................................................................53 LoweringCapitalCostswithCloudComputing..............................................................................53 LoweringOperationalCostswithCloudComputing....................................................................54 OnDemandProvisioning....................................................................................................................55 ReducingMarginalCostsofSystemsAdministration.............................................................56 StandardizationandAutomation.....................................................................................................58 ServiceManagementReporting.......................................................................................................59 iv
TheDefinitiveGuidetoCloudComputing
DanSullivan
AssessingtheBusinessValueofCloudServices.................................................................................59 Summary..............................................................................................................................................................60 Chapter4:HowCloudComputingWillHelpYourBusiness...............................................................62 HowCloudComputingCanHelpYourBusiness.................................................................................63 BusinessandTechnologyAlignments:TheIdealvs.Reality....................................................63 IdentifyBusinessPriorities.....................................................................................................................65 IdentifyOperationalInefficiencies.......................................................................................................66 IdentifyBarrierstoInnovation..............................................................................................................67 AssessingCurrentCapabilities...................................................................................................................68 InfrastructureCapabilities......................................................................................................................69 PlatformCapabilities..................................................................................................................................69 OSConsolidation.....................................................................................................................................70 ApplicationStacks..................................................................................................................................70 ApplicationCapabilities............................................................................................................................73 GovernanceCapabilities...........................................................................................................................74 ManagementandReportingCapabilities..........................................................................................75 IntroducingaNewModelforConsumptionandDelivery..............................................................76 IntroducingPublicCloudConsumptionModel...............................................................................76 IntroducingPrivateCloudConsumptionModel.............................................................................76 DeployingExistingInfrastructureinaPrivateCloud.............................................................77 EnablingApplicationServicesintheaCloud.............................................................................78 ManagingaPrivateCloud...................................................................................................................78 . MeasuringtheValueofaCloud..................................................................................................................80 ChangestoCapitalCost.............................................................................................................................80 ChangestoOperationalCost...................................................................................................................80 LaborCosts................................................................................................................................................80 InfrastructureMaintenance...............................................................................................................81 v
TheDefinitiveGuidetoCloudComputing
DanSullivan
FacilitiesOperations..............................................................................................................................81 SimplifiedAccounting...........................................................................................................................81 Summary..............................................................................................................................................................82 Chapter5:StrategiesforMovingtotheCloud..........................................................................................83 PlanningPrinciplesforMovingtoCloudComputing........................................................................83 PrioritizingAccordingtoBusinessDrivers......................................................................................84 DefiningRequirements.............................................................................................................................85 ExistingApplicationsInfrastructure:TheCurrentStateofAffairs...................................85 AdditionalRequirementsforNewApplications.......................................................................87 AssessingWorkloads.................................................................................................................................87 CapacityPlanning...................................................................................................................................87 Scheduling..................................................................................................................................................88 CostRecovery...........................................................................................................................................88 AligningRequirementstoCloudServices.........................................................................................89 ArchitecturalPrinciplesforCloudServices..........................................................................................89 DesigningforScalability...........................................................................................................................92 ProvidingScalableComputingResources...................................................................................92 . UsingCloudServicesinScalableWays..........................................................................................94 DesigningforManageability...................................................................................................................97 ManagingCloudProvisioning............................................................................................................97 MonitoringJobsintheCloud.............................................................................................................98 DeployingLayeredTechnicalServices...............................................................................................99 DeliveringBusinessServices..................................................................................................................99 BusinessServicesintheCloud:UseCaseScenarios........................................................................100 NewCustomerInitiativeUseCase.....................................................................................................100 BusinessIntelligenceUseCase............................................................................................................101 MixingWorkloads.....................................................................................................................................102 vi
TheDefinitiveGuidetoCloudComputing
DanSullivan
Summary............................................................................................................................................................103 Chapter6:IdentifyingtheRightCloudArchitectureforYourBusiness.....................................104 . LevelsofCloudArchitecture.....................................................................................................................105 . VirtualizationofResources...................................................................................................................106 LogicalUnitsofComputingResources........................................................................................106 HardwareIndependence...................................................................................................................107 StandardizedServicePricing...........................................................................................................107 ServicesLayer.............................................................................................................................................108 ServiceManagementProcesses..........................................................................................................109 . ProvidingComputeServices......................................................................................................................110 HardwareSelection..................................................................................................................................110 ImplementingVirtualization................................................................................................................111 FailoverandRedundancy......................................................................................................................111 ManagementReporting..........................................................................................................................112 ProvidingStorageServices.........................................................................................................................113 StorageVirtualization..............................................................................................................................113 BackupsandCloudStorage...................................................................................................................115 ManagementReportingforStorageVirtualization.....................................................................116 NetworkServicesforCloudComputing...............................................................................................116 Capacity..........................................................................................................................................................116 IntraCloudReplication......................................................................................................................117 LoadingDataintotheCloud.............................................................................................................117 RedundancyintheNetwork.................................................................................................................117 ManagementReporting..........................................................................................................................118 CloudOperations............................................................................................................................................119 ImageManagement..................................................................................................................................119 . WorkloadManagement...........................................................................................................................119 vii
TheDefinitiveGuidetoCloudComputing
DanSullivan
ServicesLayer:AdaptingITOperationstoCloudInfrastructure..............................................121 DesigningforRecoverability................................................................................................................121 ManagingWorkload.................................................................................................................................122 PerformingMaintenanceandUpgrades..........................................................................................122 MaintainingSecurity................................................................................................................................122 ServiceManagementLayer........................................................................................................................122 Summary............................................................................................................................................................123 Chapter7:RoadmaptoCloudComputing:ThePlanningPhase.....................................................124 AssessingReadinessforCloudComputing.........................................................................................124 . WebApplicationArchitecture..............................................................................................................125 LevelsofCentralization......................................................................................................................125 CouplingofComponents...................................................................................................................126 . AccessibilityofComponents............................................................................................................126 AbilitytoExecuteMultipleInstances...........................................................................................127 PlatformIndependence......................................................................................................................127 SelfManagementofComputeandStorageResources..............................................................129 StandardPlatformsandApplicationStacks...................................................................................130 DeterminingRequiredPlatformsandApplicationStacks..................................................130 RequiredSupportServices...............................................................................................................131 CustomizationandSpecializedRequirements.........................................................................132 AligningBusinessStrategywithCloudComputingServices.......................................................133 WorkloadAnalysis....................................................................................................................................133 ValueMetrics...............................................................................................................................................134 HardwareandSoftwareValues......................................................................................................135 LaborValue.............................................................................................................................................135 . PreparingtoManageCloudServices......................................................................................................136 RoleofPrivate,Public,andHybridCloudServices.....................................................................136 viii
TheDefinitiveGuidetoCloudComputing
DanSullivan
PlanningforGrowth.................................................................................................................................137 LongTermManagementIssues..........................................................................................................139 PlanningforCentralizingResources......................................................................................................139 StandardizingtoReduceComplexity................................................................................................139 StreamlineServiceManagement........................................................................................................140 VirtualizingPhysicalResources..........................................................................................................141 CommittingtoSLAs.......................................................................................................................................141 CapacityCommitments...........................................................................................................................142 NetworkInfrastructure..........................................................................................................................142 . StorageInfrastructure.............................................................................................................................142 AvailabilityandRecoveryManagement..........................................................................................143 ComplianceRequirementsandCloudServices.................................................................................143 Summary............................................................................................................................................................144 Chapter8:RoadmaptoCloudComputing:TheImplementationPhase......................................145 EstablishingaPrivateCloud......................................................................................................................146 DeployingHardwareforaPrivateCloud........................................................................................146 ServersandNetworkEquipment..................................................................................................146 EnvironmentalIssues.........................................................................................................................147 RedundancyandAvoidingSinglePointsofFailure...............................................................147 DeployingNetworkServicesforaPrivateCloud.........................................................................149 ProvidingApplicationStacks................................................................................................................150 CloudManagementServices............................................................................................................150 CloudManagementPolicies..................................................................................................................152 CloudManagementReporting.............................................................................................................153 MigratingComputeandStorageServicestoaPrivateCloud......................................................154 PrioritizingBasedonBusinessDrivers...........................................................................................154 . BusinessDriver#1:Cost...................................................................................................................154 ix
TheDefinitiveGuidetoCloudComputing
DanSullivan
BusinessDriver#2:ComputingResources...............................................................................155 ReallocatingServers.................................................................................................................................156 DeployingCloudEnablingApplications..........................................................................................156 TestingandQualityControl..................................................................................................................157 DeployingManagementApplications...............................................................................................157 MigratingEndUserApplications........................................................................................................158 BuildingVirtualMachineImages...................................................................................................158 MigratingDatatoCloudStorage....................................................................................................158 MigratingAccessPrivilegestotheCloud....................................................................................158 PostImplementationChecklist................................................................................................................159 ManagingCloudServices............................................................................................................................161 . IntegratingServiceManagementwiththeCloud........................................................................161 ServiceCatalogManagement...........................................................................................................162 ServiceLevelManagement...............................................................................................................162 AvailabilityManagement...................................................................................................................163 ServiceValidationandReleaseManagement...........................................................................163 UsageTrackingandAccountingServices........................................................................................163 CapacityPlanning......................................................................................................................................164 ExtendingaPrivateCloudwithPublicServices................................................................................164 Summary............................................................................................................................................................165 Chapter9:MaintainingaCloudEnvironment:Governance,Growth,andSecurity...............166 GovernanceIssuesintheCloudComputing.......................................................................................168 ProtectingtheIntegrityofBusinessServices................................................................................170 ConfidentialityintheCloud..............................................................................................................170 AvailabilityandSLAs...............................................................................................................................172 . ControllingAccesstoCloudServices................................................................................................172 PricingCloudServices.............................................................................................................................173 x
TheDefinitiveGuidetoCloudComputing
DanSullivan
CostAllocation.......................................................................................................................................173 CompetitivePricing.............................................................................................................................174 PlanningforGrowth......................................................................................................................................174 KeyResourcesinCloudComputing...................................................................................................175 BaselineandInitialGrowthProjections..........................................................................................176 BaselineMeasures................................................................................................................................176 GrowthProjections..............................................................................................................................177 ExpandingUsingaPublicCloud.....................................................................................................179 MitigatingRisksThroughArchitecture............................................................................................180 PhysicalDistributionofDataCenters..........................................................................................180 RedundantInfrastructure.................................................................................................................181 SecurityintheCloud.....................................................................................................................................182 IdentityManagementintheCloud.....................................................................................................182 EntitlementsandAccessControls......................................................................................................183 VulnerabilityAssessmentandPatching..........................................................................................183 Summary............................................................................................................................................................184 Chapter10:KeyStepsinEstablishingEnterpriseCloudComputingServices.........................185 AligningBusinessDriverswithCloudServices.................................................................................187 UnderstandingBusinessObjectives..................................................................................................187 CloudComputingEnablesInnovation.........................................................................................188 AccommodatingVaryingDemandforServices.......................................................................190 ImprovingExistingProcesses..............................................................................................................190 IdentifyingWeaknessesinExistingITServiceDelivery..........................................................192 . PrioritizingInitiatives..............................................................................................................................193 PlanningforTransitiontoCloudComputing.....................................................................................193 AssessingtheCurrentStateofReadiness.......................................................................................194
xi
TheDefinitiveGuidetoCloudComputing
DanSullivan
IndentifyingtheDifferencesBetweenCurrentInfrastructureandtheInfrastructureto DeployfortheCloud.................................................................................................................................195 DeterminingtheBestCloudModelforYourRequirements...................................................196 PlanningforLongTermManagementandStability..................................................................197 ImplementingaCloudInfrastructure....................................................................................................198 ImplementingaPrivateCloud.............................................................................................................198 AdaptingPublicCloudServices...........................................................................................................200 UsingaHybridPrivatePublicCloud.................................................................................................201 ManagingandMaintainingaCloud........................................................................................................202 OperationalIssues.....................................................................................................................................202 BusinessManagementIssues....................................................................................................................203 Summary............................................................................................................................................................204
xii
TheDefinitiveGuidetoCloudComputing
DanSullivan
Copyright Statement
2010 Realtime Publishers. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the Materials) and this site and any such Materials are protected by international copyright and trademark laws. THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtime Publishers or its web site sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials. The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, noncommercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice. The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties. Realtime Publishers and the Realtime Publishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. If you have any questions about these terms, or if you would like information about licensing materials from Realtime Publishers, please contact us via e-mail at info@realtimepublishers.com.
xiii
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter1:ChangingtheWayWeDeliver ServiceswithCloudComputing
Computingisconstantlychanging,creatingnewhardwaretechnologies,improving software,andoptimizingbusinessprocesses.Thehistoryofcomputingisalmostaconstant streamofadvances.Mainframecomputingwasfollowedbyminicomputers,whichwere followedbypersonalcomputers,andmostrecentlymobiledevices.Softwaredevelopment followedasimilartrajectorywithanevolutionthatstartedwithbatchorientedmainframe applicationsandmovedthroughclientservermodelstohighlydistributedserviceoriented architecturesandWebapplications.Businessprocesseschangedandcomputingexpanded beyondthereachoflargevolumehighlyfocusedbackofficesystemssupportingcore operationstowidelyadoptedcollaborationandpersonalproductivityapplications. Sometimesthechangesinhardware,software,andbusinessprocessesconvergeinways thatcreatesignificantnewopportunitiesfordeliveringbusinessservices.Theadventof cloudcomputingisoneofthoseevents. Cloudcomputinginitssimplestformisamodelforallocatingcomputeandstorage resourcesondemand.Inpractice,itismuchmore.Cloudcomputingoffersnewwaysto provideserviceswhilesignificantlyalteringthecoststructureunderlyingthoseservices. Thesenewtechnicalandpricingopportunitiesdrivechangesinthewaybusinesses operate.TheDefinitiveGuidetoCloudComputingdescribesthetechnical,operational,and organizationalaspectsofcloudcomputingandprovidesaroadmapfornavigatingthe emerginglandscapeofcloudcomputing.
Overview
Cloudcomputingisabroadrangingandstilldevelopingsetoftechnologiesandbusiness practices.Thisguideexaminestheessentialtechnicalandbusinessaspectsofcloud computinginordertoprovideabroadassessmentofthebenefitsandchallengesfacing adoptersofcloudcomputing.Thisbookconsistsof10chapters;eachdealswitha significantaspectofcloudcomputing: Chapter1,thischapter,introducescloudcomputinganditsimpactonhowwe deliverservices.Inthischapter,weexaminethebusinessdriversbehindcloud computingandtherelatedissuesofthechangingeconomicsofinformation technology(IT).Thechapterconcludeswithadiscussiononaligningbusiness strategywithITservices,especiallywithregardtocloudcomputing.
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter2identifiestheessentialelementsofcloudcomputing,discussesdifferent typesofcloudcomputingservicesanddifferenttypesofclouddeliverymodels, rangingfrompublictoprivatecloudservices. InChapter3weexaminethebusinessadvantagesofcloudcomputingandthe varioussourcesofReturnonInvestment(ROI)incloudcomputing. ThebusinesscaseforcloudcomputingcontinuesinChapter4.Topicsinclude identifyingbusinesspriorities,assessingcurrentcapabilities,determining considerationsforadoptingacloudmodelforservicedeliveryandconsumption, andmeasuringthevalueofacloud. InChapter5thetopicshiftsfromthebusinesscasetounderstandinghowtoplanfor acloudandhowtoassessarchitectureoptionswithregardtocloudcomputing.Use casesareincludedtohighlightsomeofthepracticalconsiderationsindevelopinga plantomovetocloudcomputing. Chapter6delvesdeeperintothetechnicalissuesintroducedinChapter5.These includeprovidinghighavailabilitycompute,storage,andnetworkservices.Cloud managementandadaptingITprocedurestothecloudarealsodiscussed. InChapter7,wetakeaprocessorientedapproachandconsiderhowtousethe informationdevelopedinthepreviouschaptersandapplyittospecificbusiness needs.Subjectareasincludeperformingworkloadanalysis,managingcloud services,centralizingresources,anddefiningservicelevelagreements(SLAs). TheplanningtopicsofChapter7arefollowedbyChapter8.Thefocusofthischapter isonestablishingaprivatecloud,transitioningcomputeandstorageservices,and operationalissuesmanagingcloudservices. Chapter9delvesintolongtermmanagementissuesrangingfromcontrollingaccess tocloudservicestocapacityplanningandriskmitigation. TheDefinitiveGuidetoCloudComputingconcludeswithChapter10.Thischapter consolidatesandsummarizestheessentialaspectsofplanning,implementing,and managingcloudcomputingservices.
TheDefinitiveGuidetoCloudComputing
DanSullivan
Hardware Standardization
TheMovingTargetthatIsCloudComputing
GiventhespeedatwhichITchanges,writingadefinitiveguidecanbelikedesigningand buildingaplanewhileflyinginit.Thisisespeciallytrueofcloudcomputing.Publicclouds arewellestablishedandprivatecloudsareemergingasanalternativedeliverymodelof cloudservices.Identifyingwhichexistingapplicationsarereadilyportedtothecloudwhile spottingothersthatarebestrunonexistingplatformsisanongoingprocess.Applications arebeingbuiltthattakeadvantageofhighperformance,distributedcomputingthrough theuseofnewprogrammingparadigmsanddatabasedesigns.Vendorsarerevisingtheir infrastructuremanagementtoolstosupportclouds.Cloudcomputingisaquicklymoving target. Withtherelentlesspaceofchangeincloudcomputingtechnologiesandpractices,one mightarguethatitistooearlyandcloudcomputingtoovolatiletosuggestaroadmapfor understandingandadoptingcloudcomputing.Thisargumenthassomemerit,butits validityassumeswefocusonlowlevelimplementationdetails.Ratherthantrytodefine lowlevelbestpracticesinthisbook(itistooearlyforthat),webasethisworkonthe principlesandpracticesthatITprofessionalshavelongusedtoadaptandadjustto changingtechnologiesandbusinessconditions.
TheDefinitiveGuidetoCloudComputing
DanSullivan
ChangeisnothingnewtoIT,andourpastexperienceisasoundguidetounderstanding cloudcomputing.Withthatinmind,recognitionofthefollowingfactswillguidethe approachtakeninthisbook: Cloudtechnologywillcontinuetoevolveinintelligibleways.Weunderstand thecurrentstateofcloudtechnologyandrecognizethatitisaproductofearlier technologies. Changesincloudcomputingcomefromnotjustfromchangesinunderlying technologiesbutalsofromthewayswecombineandusethesetechnologies. Businessprocesses,workflows,andcloudmanagementwilldrivethewaywe combinecloudtechniques. Thefundamentalsofcomputingprincipleshavenotchanged.Basicbuilding blocksofITconsistofcomputing,storage,andnetworkresources.Theunderlying principlesofserialandparallelcomputinghavebeenknownforgenerations.Design andmanagementprinciplesthathaveguidedusinthepastarestillrelevant. Businessservicesdrivetheadoptionandcontinueduseofcloudservices. Unlessyouareacomputerscientist,cloudcomputingisameanstoanend,notan endinitself. Intechnology,asintheevolutionoflife,thosethatadaptwhathasworked wellinthepasttonewconditionsandfindwaystobuildonthosepast successestoaddressnovelchallengesarerewarded.Therewillbenosinglebest modelofcloudcomputingforallapplications.Thespecificconditionsand requirementsofaservicewillshapetheoptimaluseofcloudcomputingforthat service.
ABriefIntroductiontoCloudComputing
Cloudcomputingisamodelfordeliveringinformationservicesthatprovidesflexibleuseof virtualservers,massivescalability,andmanagementservices.Withthedictionary definitionoutoftheway,wecannowproceedtodescribingcloudcomputingintermsofits essentialfeaturesandhowitfunctionsalongsideotherinformationtechnologies.Cloud computingisauniquecombinationofcapabilitieswhichinclude: Amassivelyscalable,dynamicinfrastructure Universalaccess Finegrainedusagecontrolsandpricing Standardizedplatforms Managementsupportservices
TheDefinitiveGuidetoCloudComputing
DanSullivan
AMassivelyScalableInfrastructure
Ifwehadtochooseonecharacteristicthatmostdistinguishescloudcomputingfromother models,itisthemassivelyscalableinfrastructure.Intheory,onehasthepotentialfor massivescalabilitywithoutthecloudprovidedonehasthefinancialresourcestoacquire andtheskillstomanageamassivelydistributedinfrastructure.Thecloudputsthatkindof theoryintopractice. Massivescalabilityfromtheserviceconsumerperspectivemeanstheendusercontrols allocationofcomputeorstorageservicesasneeded.Inthepast,acquiringadditional computecyclesrequiredeitherprocuringadditionalhardware,whichcouldtakeweeks,or fittingjobsontoexistingservers.Procuringnewhardwarehasobvioustimeandcost drawbacks,butrunningjobsonotherserversisfarfromapanacea.Itisnotuncommonto runintoproblemssuchas: Incompatibilitieswiththeoperatingsystem(OS)orapplicationsontheserver Conflictsintheschedulingofworkloads Difficultiesallocatingcoststoownersofthejobsrunningontheserver Irresolvableviolationsofsecuritypoliciesregardingaccesscontrolsanddata protectionpolicies
Together,thesecharacteristicsprovidethebenefitsofsoleuseserverswiththeefficiencies ofsharedresources.
TheDefinitiveGuidetoCloudComputing
DanSullivan
RapidAllocationofVirtualServers Cloudcomputingavoidstheseproblemsbydecouplingphysicalserversfromapplications andsingleusers.Inthecloud,auserallocatesthenumberandtypeofvirtualmachines neededtoperformatask.Thevirtualmachinesrunataskaslongasrequiredandthenshut downwhenthetaskiscomplete.(Actually,theimplementationdetails,suchaswhethera virtualmachineisactuallyshutdownorallocatedtoanotherjob,arecloudspecific; logically,itappearstothecloudusersthatvirtualmachinesarenolongerallocatedto them.)Inacloud,physicalserversbecomesharedresourceswithoutthedrawbacks previouslydescribed.AsFigure1.2shows,thedistributionofjobsandnumberofvirtual serversrunningonasetofphysicalserverscanchangequicklyinacloud.
Figure1.2:Virtualmachinesarequicklyallocatedanddeallocatedtospecifictasksin thecloud. AnyonewhohaswaitedhoursordaystohaveanOSandapplicationstackinstalledona servermaywonderhowcloudcomputingserverscanswitchamongusessoquickly.Ina cloud,largenumbersofphysicalserversarereadytorespondtothespecificrequestsfor computingservices.Often,thesephysicalserverswillsupportmultiplevirtualmachines eachdedicatedtodifferenttasks(seeFigure1.2). Differentcloudmodelsrequireorsupport(dependingonyourperspective)differentlevels ofconfigurationinformationfromusers.Inasimplecase,ausermayonlyneedtospecify thenumberofserversshewouldlikededicatedtoherjob.Aslightlymorecomplicated setupwouldrequiretheusertospecifyanumberofserversandtheroleseachserver carriersout,suchasaWebserverroleorapplicationserverrole.Anothermodelrequires userstospecifyaspecificvirtualmachineimagetoexecuteoneachofthevirtualmachines requested.Regardlessofwhichmodelisused,cloudscanrapidlyallocatevirtualmachines inresponsetothecomputingneedsofusers.
TheDefinitiveGuidetoCloudComputing
DanSullivan
StandardHardwarePlatform Anotherenablingcharacteristicofcloudcomputingistheuseofstandardhardware platforms,suchasthex64architecture.Bystandardizingonhardware,applicationsand OSscanrunonmanycombinationsofserverswithinthecloudwithoutincurringadditional overheadrequiredtomanagemanydifferenttypesofservers.Cloudprovidersmayoffer differentlevelsofcomputingservicesbyofferingthefunctionalequivalentofdifferent physicalconfigurations,suchas: Basicserver:64bit,2cores,2GBofmemory,and320GBoflocalstorage Midsizeserver:64bit,4core,8GBofmemory,and320GBoflocalstorage Advancedserver:64bit,8core,16GBofmemory,and1TBoflocalstorage
Inpracticethecloudprovidermayhaveall64bit,8core,16GBofmemoryserversbutwill varythenumberofvirtualmachinestoaccommodatethemixofservicesrequestedby users. PersistentStorageintheCloud Rapidlyallocatinganddeallocatingvirtualmachinesallowsforefficientallocationof computingresources,butmanyofthecomputationsrunontheseserverswillgenerate datathatmustbestoredforextendedperiodsoftime.Itisusefultohavelocalstorageon serversfortemporaryneeds,butoncethevirtualserverisdeallocated,anylocallystored datawouldbelost. Withpersistentcloudstorage,dataisstoredandmadeaccessibletoanyserverinthecloud, subjecttoaccesscontrolrestrictions.Decouplingpersistentstoragefromserversisanother waycloudcomputingprovidesforfinegrainedcontroloverresources.Thecombinationof rapidprovisioningofstandardhardwareandtheuseofpersistentstorageenablemassive scalability. ThePotentialNetworkBottleneck Threetypesofresourcesarefundamentaltocloudcomputing:computation, storage,andnetworking.Technologyisinplacenowtoenablemassive scalabilityofcomputeserversandstoragecapacity;thesamecannotbesaid fornetworkresources. Withinacloudinfrastructure,acloudserviceproviderhascontroloverthe networkarchitectureandresources.Ifadditionalbandwidthisrequiredto maintainservicelevels,cloudprovidersareinapositiontomakethose changes.Problemspotentiallycanarisewhenmovingdataintoandoutofthe cloud.Thisisespeciallythecasewhenthereisaninitial,largedataupload fromanexistingnoncloudstoragesystem.Itcanalsooccuriflargevolumes ofdataaregeneratedrapidlyandmustbemovedtothecloud.
TheDefinitiveGuidetoCloudComputing
DanSullivan
Inthecaseofprivateclouds,asinglecompanywouldcontrolthecloud infrastructureandthenetworkresourcesbetweenthesourceofthedataand thecloud.Publiccloudsdependuponpublicnetworkinfrastructure,andthat canvarywidely.Figure1.3showsthewidevariationinaveragenational broadbandspeeds.Althoughbusinessesmayhavetheresourcestopurchase additionalbandwidth,thesefiguresdemonstratethelimitsoflargescale publicnetworkinfrastructureindifferentregions. Onewaytomitigatetheproblemofthelargeinitialdataloadistophysically shipstoragemediatothecloudprovider.Thismaynotbeaviableoptionfor repeateduse;anotheroptionistogenerateandstoredatainthecloud, avoidingtheneedtousepublicnetworkinfrastructure.
UniversalAccess
Anotherdefiningcharacteristicofcloudcomputingisuniversalaccessfromanywhereon theInternet.Today,wehaveuniversalemailaccessovertheInternet,althoughitwasnot toolongagothatproprietaryemailsystemsrequiredlocalnetworkconnectionsorvirtual privatenetwork(VPN)accesstouseouremail.Similarly,accesstocloudcomputing resourcescanleverageInternetprotocolstoensurewidespreadaccess. Universalaccessshouldnotbeconfusedwithopenaccess,especiallywithregardtoprivate clouds.Companiesandgovernmentsdeployingprivatecloudswillhaveauthenticationand authorizationsystemsinplacetocontrolaccesstoprivatecloudresources.Evenpublic cloudsrequiresomedegreeofidentitymanagementinsupportofmanagementreporting andbilling.
TheDefinitiveGuidetoCloudComputing
DanSullivan
FineGrainedUsageControlsandPricing
Theeconomicbenefitsofcloudcomputingareoneofthekeydriverstoadoption.Oneof thefeaturesthatenablethisbenefitisfinegrainedusagecontrolsandpricing. Whenwepurchaseservers,wepayupfrontforasubstantialresourcewithapproximately a3yearusefullifespanandsomeresidualvalueattheendofthatperiod.Tryingto optimizepurchasedecisionsatthisgranularityisdifficultbecausetheROIdependson manydifficulttogaugefactors,liketheloadonthesystemoverthelifeoftheserver,which willvarywithchangingbusinessconditionsandrequirements.Ifweundersizeaserver,we risknotmeetingSLAs.Ifweoptforexcesscapacity,weincurunnecessarycosts.Cloud computingcanadjustthecomputeandstorageservicesasapplicationdemanddictates. Cloudcomputingmodelsallowustopurchasecomputeresourcesbasedonthemixtureof jobsthatneedtobedonenow.Similarly,wepurchaseandpayforstoragebasedonwhatis actuallyneedednow.Wenolongerhavetomakepurchasedecisionsbasedonsingleserver considerations,suchaspeakcapacityrequirements.Duringperiodofpeakdemand,we provisionadditionalresourcesfromthecloudandreleasethemwhenthedemandismet andpayonlyforwhatisused.
StandardizedResources
Cloudcomputingprovidesstandardhardware,virtualization,andapplicationplatforms. Standardization,however,isnothomogenization.Thereisroomforarangeofoptionsin cloudcomputing.Forexample,acloudcanprovideafewdifferentconfiguredservers,a coupleofdifferentOSs,andseveraldifferentapplicationstackstochoosefrom,suchas LinuxorMicrosoftOSsandLAMP(Linux,ApacheHTTPServer,MySQLdatabaseand Perl/Pythonprogramminglanguages)orMicrosoft.NetFrameworkapplicationstacks. Bylimitingtherangeofoptions,cloudprovidersavoidexcessivemanagementand maintenanceexpensesandkeepthemarginalcostsofexpandingthecloudtoaminimum. This,however,hastobebalancedwithbusinessrequirementsthatmayjustifyagreater rangeofcustomization.
Figure1.4:Atsomepoint,increasingcustomizationofimagesincursadditional managementcostsandanassociateddecreaseinmarginalbenefit. 9
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagementSupportServices
Cloudcomputingisnotacompleteservicewithoutmanagementsupportservices.These servicessupportbothoperationalandmanagementaspectsoftheuseofcloudcomputing. Operationalsupportservicesenableclouduserstoprovisiontheresourcetheyneed withoutadditionalsupportfromITstaff.Theyinclude: Provisionservers Searchandselectvirtualimagestorunonserverinstances Allocatepersistentstorage Monitorjobsexecutingonallocatedservers
Managementsupportservicesprovidetheinformationneededtorefinetheuseofcloud services.Forexample,CPUutilizationreportsmayindicatelowutilizationinjobsthathave beenspreadovermoreserversthannecessary.Storagereportsandnetworkbandwidth usereportsmighthelpidentifyjobsthatinvolvetransferringdataintoandoutofthecloud atacostgreaterthanusingpersistentstorageservicestostorethatdatainthecloud.Cloud computingservicesarenotcompletewithoutthistypeofmanagementsupportservices. Thisbriefintroductionhasjustscratchedthesurfaceofkeyaspectsofcloudcomputing, suchasmassivescalability,universalaccess,finegrainedusagecontrolsandpricing, standardizedplatforms,andtheroleofmanagementsupportservices.Moredetailson thesetopicsareprovidedthroughouttherestofthisbook,butbeforewedelvefurtherinto technicaldetails,wewillturnourattentiontothedriversbehindcloudcomputing adoption.
DriversBehindCloudComputing
Cloudcomputingchangesthewayweconsumeandprovideservicesandintheprocess improvestheuserexperience.Thecombinationoftechnologiesdescribedintheprevious sectionenablethesedriversbutarenotthedriverstoadoptionthemselves.
10
TheDefinitiveGuidetoCloudComputing
DanSullivan
ABetterWaytoConsumeServices
TheearlydaysofITweredominatedbymonolithicapplicationsthatperformedaseriesof relatedtasksinafixedorder.Applicationsprocessedaccountingtransactionstobalance thebooks,calculatedpayrollforthecompany,andgeneratedmonthlystatementsfor customers.Thisapproachworkedwell,andstillworkswell,forsomebusiness requirements,butitdoeshavesomedrawbacks: Isolatingspecializedfunctionsthatmightbeusefulinotherapplications Utilizingafairlyrigidflowofexecutionmakingitdifficulttoadapttoemerging requirements Offeringfewoptionstovaryservicelevelsaccordingtovaryingneeds
11
TheDefinitiveGuidetoCloudComputing
DanSullivan
DifferentiatedLevelsofService Thecloudmodelofcomputingalsosupportsdifferentiatedlevelsofservice.Customerscan choosetheappropriatelevelfortheirneeds.Forexample: Acustomerexecutinganonlinetransactionprocessingapplication(OLTP)mayneed highthroughputandrapidresponsetimes.Thiswarrantsanumberofhighend serverswithasinglevirtualmachineinstancerunningthecustomersOLTP application. Amarketinganalystdataminingtheresultsofseveralcampaignsmaybewillingto havealongerturnaroundtimeinreturnforrunningherapplicationonalowercost lowendserver. Ateamofdevelopersperformscontinuousintegrationtestingeverynightandneeds guaranteeddeliveryofoutputatthestartofthenextbusinessday.Thejobscanrun atanytimeduringthenightaslongasthetherearesufficientserverresourcesto completethejobintime.Thejobcouldbeallocatedtolowendserversearlyinthe night,orifdemandforthoseishigh,canrunlaterinthenightbutonanumberof higherendservers.
MoreEfficientDeliveryofServices
Thereareanumberofwaystoexploitthefinegrainedcontrolsovercompute,storage,and higherlevelservicesincloudcomputingtomakeservicedeliverymoreefficient.Someof themostimportantare: Managementinfrastructure Optimizationofworkloadsacrosssharedinfrastructure Selfservicemanagement Monitoring
Thesesupportservicesprovetobebeneficialforbothcloudconsumersandproviders.
12
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagementInfrastructure Bothpublicandprivatecloudssupportalargepoolofpotentialcustomerswithawide rangeofdiverseservicerequirements.Cloudcomputingsupportstheserequirementswith awelldefinedsetofbasicservicecomponents,soacomprehensivemanagementstructure canbebuiltonasmallnumberofmanagementservices,suchas: Trackingcustomeruseofvirtualserversintermsofnumberofserversandtime usedbyserver Trackingtheamountofpersistentstorageusedbycustomersforagivenperiodof time Accountingforthedatatransferintoandoutofthecloud Accountingfordatatransferwithinthecloud Trackingtheuseoflicensedsoftware
Thistypeofmanagementreportingenablescloudproviderstobillcustomersforresources used.Providerscanhelpcustomersoptimizetheiruseofthecloudbyprovidingnearreal timeupdatesontheirresourceutilizationaswellasaggregatebillingandchargeback reports. Cloudcomputingintroducesnewopportunitiesforsoftwarevendorstochangehowthey pricetheirsoftware.Nameduserandnumberofuserbasedpricingschemeswillfitwell withcloudcomputing,butCPUorcorebasedpricingmethodsareproblematic.Ahighly parallelizedapplicationmightrunfor10hoursonasingleserverorin1houron10 servers.Ifthesoftwarewerelicensedtorunonlyonasingleserver,thecustomerwilllose asignificantadvantageofcloudcomputing.Expectvendorstoexperimentwithnewpricing modelsforenterprisesoftwareasbusinessesadoptcloudcomputing. OptimizationofWorkloadsAcrossSharedInfrastructure Alargeserverfarmisindistinguishablefromasetofcloudserverswhenlookingatthe hardware.Servers,switches,routers,powersupplies,andothercomponentsarethesame. Thedifferenceliesinhowtheseresourcesareused. Theserversinatypicalcorporatedatacenterpriortotheadventofcloudcomputingwere assignedtoaparticulardepartmentorapplicationuse.Theconfigurationwasrelatively fixedandchangedonlywhentheserverwasupgraded,reassigned,ordecommissioned. Theseserverswereconfiguredtodoonetypeofoperation.Thismakesforareliable computeresource,butnotanefficientone. Serverswithfixedconfigurationsarelesslikelytohavehighutilizationrates.Unlessthere isasteadystreamofjobsthatfitsthemachinesconfiguration,therewillbeidleperiods. Withoutproperinfrastructureforrapidlydeployingvirtualmachines,thecostof reconfiguringaserverissohighthatitisdoneonlyforsignificantlongtermchanges.Inthe cloud,thecostofswitchingvirtualmachinesislowenoughthatidleserverscanbe reconfiguredwithdifferentvirtualmachineimagesallowingotherapplicationstorunon thesamephysicalserverthathadjustbeenrunningothertypesofjobs.
13
TheDefinitiveGuidetoCloudComputing
DanSullivan
14
TheDefinitiveGuidetoCloudComputing
DanSullivan
ImprovingtheUserExperiencethroughCloudComputing
Anotherdriverbehindcloudcomputingisthatitcanimprovetheenduserexperience.As notedearlier,cloudserviceconsumershavemoredirectcontrolovertheresourcesthey use.Simplified,Webuserinterfacesmakesthispossible. Usersarealsorelievedoflongtermmanagementissueswhenusingcloudservicesinstead ofdedicatedservers.Concernssuchasschedulingpatches,ensuringsecuritypoliciesare enforced,performingbackups,anddevelopingadisasterrecoveryplanareaddressedby thecloudserviceprovider.Usersarefreetofocuslessonmaintenanceandmoreoncore businessissues. Cloudcomputingalsoimprovestheuserexperiencebyloweringthebarriersto experimentingwithdataoranewbusinessprocess.Forexample,amarketinganalyst mighthaveanideaforincreasingmarketshareforaproductinaparticularregion. Evaluatingheridearequiresasubstantialamountofdataandcomputeresources.Thesales datawarehousemakesuseofcloudstorage,sothedataisreadilyavailableand provisioningserversisasimplematterwiththecloudsWebinterface.Withoutcloud computingresourcesimmediatelyavailable,thecostofprocuringorborrowingserversto runthisjobmayhavebeensohighthatitwasnotdone. Cloudcomputingchangeshowweconsumeservices,howwedeliverservices,andtheway endusersexperiencetheuseoftheseservices.Thesethreefactorsarefundamentaldrivers behindcloudcomputing.Thereare,however,othereconomicfactorsinvolvedaswell.
ChangingEconomicsofIT
Theeconomicsbehindcloudcomputingmakeacompellingcaseforadoptingthisapproach todeliveringservices.Theeconomicbenefitscanbeseeninatleastthreeareas: Reducingcapitalexpenditures Efficientlyallocatingresources RapidlydeliveringITservices
TheDefinitiveGuidetoCloudComputing
DanSullivan
ReducingCapitalExpenditures
Anobviouseconomicadvantageofcloudcomputingfromtheconsumerperspectiveisthe reducedneedforcapitalexpenditures.Consumersofcomputeandstorageservicesdonot havetoprocuretheunderlyinghardwarethatenablesthoseservices.Ratherthanfollowa payupfrontmodel,cloudserviceconsumersfollowapayasyougomodel.Thepayas yougomodelisespeciallyadvantageouswhenaconsumerwouldhavetopurchase serversandstoragetoaccommodatepeakcapacitybutthatpeakcapacityisneededfor onlyrelativelybriefperiodsoftime. Considerthefollowingexample.Anonlineanalyticprocessing(OLAP)application generatesweeklybusinessintelligencereportsthatrequireanumberofhighendservers toperformallcalculationsinthetimeallottedtotheprocess.Inthisscenario,theservers areunderutilizedmostofthetime;nonetheless,inthededicatedserverapproachto consumingcomputeservices,wehavetoplanforandpurchaseforpeakdemand.Abetter optionistousetheelasticscalabilityofthecloudtoprovisiontheserverswhentheyare neededandreleasethemwhenthereportsarecomplete.
EfficientlyAllocatingResources
Cloudcomputingmoreefficientlyallocatescomputeandstorageresourcesthandedicated serverapproaches.Thesourceoftheefficiencystemsfromseveralfactors: Abilitytomanageworkloadsandallocatejobstoavailableserversthroughtheuse ofrapidlydeployedvirtualmachineimagestoserverswithexcesscapacity Abilitytosharestorageresourcesandrealizetheeconomiesofscalewithregardsto centralizedstorageservices Moreefficientsupportoperations,suchasbackupandrecovery;ratherthanmanage manydifferenttypesofbackupjobsthatvaryaccordingtotheneedsofdedicated servers,cloudproviderscanconsolidatebackupoperationsofcentralizedstorage Cloudscanbeconfiguredtousegeographicallydistributeddatacentersand replicationservicesbetweenthedatacenterstoprovidedisasterrecoveryforall cloudconsumers;underthededicatedservermodel,wemustplanfordisaster recoveryseparatelyatthedepartmentorprojectlevel Highavailabilityofservicewithoutsignificantoverheadifaserverweretofailin thecloud,itcouldsimplyberemovedfromthepoolofavailableresources;jobs wouldcontinuetorunonotherservers;inthededicatedservermodel,astandby serverwouldbeneededtoactasabackupforeachprimaryserver
16
TheDefinitiveGuidetoCloudComputing
DanSullivan
RapidlyDeliveringITServices
Withacloud,businessescanmorerapidlydeliverservicestomeetchangingbusiness requirementsandmarketconditions.Onceagain,thereisnosinglepartofthecloudmodel thatenablesthis;instead,itisacombinationoffactors. Onceagain,theabilitytorapidlyprovisionanddeprovisioncomputeandstorageresources isimportant.Ifdemandforaserviceweretorapidlyspike,forexample,foraretailer duringtheholidayseason,serverscanbeaddedtoscaletomeetdemand. AnotherconsiderationistheabilitytoexpandtherangeoffunctionsprovidedbyIT applications.Inthiscase,serviceorientedarchitecturesarewellsuitedforrapid reconfigurationofapplicationsthroughserviceorchestration(seetheearlierdiscussionof serviceorientedarchitectureinthecloud).Functionalitydevelopedforoneapplicationand deliveredthroughthecloudusingserviceorientedarchitecturecanbereadilyadaptedto otherapplicationsaswell. Theeconomicbenefitsofcloudcomputingemergeindifferentways,includingareduction intheneedforcapitalexpenditures,moreefficientallocationofresources,andtheability torapidlydeliverandadaptITservices.Theefficienciesenabledbythereducedtimeand costofcloudcomputingwillbemaximizedonlyifbusinessstrategyisalignedwithIT services.
17
TheDefinitiveGuidetoCloudComputing
DanSullivan
AligningBusinessStrategyandIT
ITservesthestrategyofthebusiness,butkeepingbusinessobjectivesandIToperationsin alignmentisnotalwayseasy.Wemayhaveaclearbusinessstrategymappedtodetailed businessprocessesthatarereadytoimplementbutstilltheexecutionstumbles.Why?One reasonisthattheinformationsystemsneededtoexecutethestrategyareinsufficientor poorlymatchedtotherequirements.Cloudcomputingandserviceorientedarchitectures canmitigatetheriskofsuchmisalignments,assumingtheyareusedinwayssupportiveof businessstrategy. AligningbusinessstrategyandITservicesisaseveralstepprocess,atleastatthemost coarselevel: Identifyingkeybusinessobjectives IdentifyingITservicesneededtosupportthoseobjectives AssessingthecurrentstateofITservicesandidentifyinggapsbetweentheexisting setandtheneededsetofITservices. Developingaplanforreducingthegapbetweentheexistingandneededsetof informationservices
Keybusinessobjectivesmayincludecontrollingandreducingcosts,enablingmorerapid responsetochangingmarketconditions,improvinggovernanceoftheorganization,or improvingtheresiliencyofIToperationstoadverseevents,suchashardwarefailures,loss ofpower,ornaturaldisaster.Manyoftheservicesneededtosupportbusinessobjectives canbereadilyidentifiedoncethebusinessobjectivesareknown.Costcontrolsandcost reductioncomewithmoreefficientserverutilization,moreselfserviceinsystems management,andreducedoverheadassociatedwithinfrastructureservicessuchas backups,highavailability,anddisasterrecovery. Thegapanalysisprocessshouldtakeintoaccountbothtechnicalandorganizational considerations.Forexample,willexistinghardwarereadilydeployinacloudarchitecture orwillnewhardwareberequired?Areservicemanagementpracticesmatureenoughto implementinselfservicedeliverysystems?Isabillingorchargebackmechanisminplaceif aprivatecloudisunderconsideration? Thefirststepsincreatingaplantomovefromtheexistingtotheneededsystemsareto prioritizethegapsandidentifydependenciesintheprocess.Thisiscertainlynotatrivial process,butwewilldelveintoamoredetailedexaminationofthefullalignmentprocessin Chapters5through7.
18
TheDefinitiveGuidetoCloudComputing
DanSullivan
Summary
Cloudcomputingisamodelofservicedeliverythatisenabledbyaconfluenceofadvances inhardware,software,andbusinessprocesses.Theavailabilityofstandardizedservers capableofrunningmultiplevirtualmachines,standardizedvirtualmachineimagesfor deliveringcompleteapplicationstackstoserversondemand,andmatureservice managementpracticesthatlendthemselvestoasignificantlevelofselfserviceall contributetoenablecloudcomputing. Cloudcomputingisdifferentfromotherapproachestoservicedeliverybecauseofits uniquecombinationofattributes,including: Amassivelyscalable,dynamicinfrastructure UniversalaccesstoservicesfromanyInternetenableddevice Finegrainedusagecontrolsandpricingthatallowformoreefficientdeliveryof services Standardizedplatformsthatlendthemselvestolowerprocurementandoperational costs Managementsupportservicesforserviceconsumerstocontroltheiruseofcloud resources
19
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter2:DemystifyingCloudComputing
Thetermcloudcomputinghasbecomeashorthandwayofdescribingawiderangeof differentcomputingservices.Whendescribingtheircloudoffering,avendormightfocuson theabilitytorapidlyprovisioninstancesofvirtualmachinestorunapplicationsofyour choice.Anothervendormightusethetermcloudwhenpromotinganewwaytolicense andrunthevendorsapplicationsonthevendorsservers.Ofcourse,thereareanynumber ofdefinitionsinbetween. Thegoalofthischapteristodemystifycloudcomputingbydefiningasetofcommon characteristicsthatshouldbeincludedinanycloudservicethatcouldbeconsideredready forenterpriseuse.Thecommoncharacteristics,asweshallsee,stillleaveplentyofroom fordifferenttypesofcloudcomputing.Wewillexamineseveraltypesofcloudservicesand theadvantagesanddisadvantagesofeach.Thechapterconcludeswithadiscussionof differentclouddeliverymodelsthatrangefrompublictoprivateclouds.
ANoteonTerminology
Asnotedinthefirstchapter,thetypesofcomputingserviceswearedescribingrepresent anevolutionofinformationtechnologyandservicedelivery.Theelementsofcloud computingarenotradicallynew,butweareusinganddeployingtheminnewways.This cansometimesleadtoconfusioninterminology. Consider,forexample,thetermprovisioning.Inthepast,provisioningaserveralmost alwaysmeantthataphysicalserverwasacquired,configured,anddeployedtoan organizationsnetwork.Thetermstillhasthatmeaning,butitisnottheonlywaytheterm isusedwhendescribingcloudcomputing.Provisioningcanalsomeancreatinganinstance ofavirtualmachine,forexample,torunajobinthecloudforsomeperiodoftimeafter whichthevirtualmachineisshutdown. Thereasonweusethesametermfordifferentprocessesisthatbothapplytomakinga computingresourceavailabletoaspecifictask.Thekeydifferencesaretiedtophysical versusvirtualservers,thedurationforwhichtheserverisassignedtoaspecifictask,and thetimerequiredtomaketheserveravailable.(Thesedifferenceunderlietheefficiencies cloudcomputingintroduces;however,beforewecanrealizethoseefficiencies,weneedto beclearaboutallthevariablesthatareatworkwithservicesdelivery.Thischapterwill makethosevariablesclear.)
20
TheDefinitiveGuidetoCloudComputing
DanSullivan
SearchingforaCommonDefinition:3FundamentalElementsofCloud Computing
Reasonablepeoplecandisagreeaboutprecisedefinitionsofnewtechnologies.Wewill forgowellconstraineddefinitionsofcloudcomputingandinsteadconsiderthree characteristicsthatarerequiredtodeliverthetypesofservicesmostofushavecometo expectfromcloudcomputing: Massivescalability Abilitytoeasilyallocatecloudresources Aservicemanagementplatform
MassiveScalability
Massivescalabilityistheabilitytorapidlyallocatelargeamountsofcomputingresources ondemand.Thisisnotscalabilityinthesenseofpurchasinghundredsofservers,waiting forthemtobedelivered,configured,anddeployed.Massivescalabilityincloudcomputing istheabilitytodeliversignificantresourcesinamatterofminutes,notdaysorweeks.
Figure2.1:Massivescalabilityprovidestheabilitytorapidlyincreasetheamountof allocatedcloudresourcesasneededforajob. 21
DanSullivan
ComputingResources Computingresourcesarethemeanstoprocessinformation.Iftherewereasingle workhorseincloudcomputing,thiswouldbeit.Computingresourcesareprovisionedfora cloudcomputingtaskindifferentways,dependingonthecloudmodel.Atminimum,there isasmallestunitofcomputingresourcethatisallocated.Thiscouldbe,forexample,a virtualmachineequivalenttoanx64architecture,2GHzCPUdualcoreprocessorwith 32GBofmemoryand300GBoflocalstorage.Specificationssuchasthisshouldbe consideredalogicalspecification.Thevirtualmachinerunningjobscouldbehostedonany ofanumberofphysicalimplementations.Thisisoneoftheadvantagesofcloudcomputing: Thedetailsofthephysicalimplementationareabstractedsothattheconsumerofcloud servicesdoesnothavetoconcernthemselveswithsuchdetails. Abstractingcomputingservicescanalsoleadtomoreefficientdelivery.Forexample,a cloudprovidercan: VarytheamountofhardwarerunningatanytimeaccordingtodemandDuring periodsofpeakdemand,manylargeserversmayberunningwhileduringlow demandperiods,onlythemostenergyefficientserversarekeptpoweredon. RunjobsindifferentdatacenterstobetterallocateworkloadThisfunctionalityis constrainedtosomedegreebybusinessrequirements.Forexample,businesses subjecttoEuropeanUnion(EU)privacydirectivesmayrequirethatallpersonal informationonEUcustomersbekeptincountriesthatmeetaminimumlevelof privacyprotections. Executeworkloadsonphysicalserversthatminimizethedistancebetweenthe computeresourcesandthestorageresources
Cloudserviceprovidersallabstractsomelevelofimplementationdetails,butthatlevelcan varysignificantly.Considerafewdifferentscenarios.
The(Near)RawIronApproach
Onecloudproviderallowsconsumerstoselectatypeofvirtualmachine(typesvaryby numberofcores,amountofmemory,andsoon)andthevirtualimagetorunonthat machine.Theremaybeseveraloperatingsystems(OSs)tochoosefromaswellasavariety ofapplicationstacks.Thismodelhastheadvantageofgivingcloudconsumersawiderange ofoptionsbutatthecostofadditionalconfigurationresponsibilities.Forexample,acloud consumermayhavetheoptiontoconfigureandrunaparticularstatisticalanalysispackage onapreferredversionofLinuxwiththisprovider,butsheisalsoresponsiblefortuning andpatchingthisimage.
22
TheDefinitiveGuidetoCloudComputing
DanSullivan
TheServerRoleApproach
Asecondcloudprovidermaylimittherangeofoptionsinreturnforasimplified deploymentmodel.Ratherthanallowcustomerstobuildtheirownvirtualmachineimages, thecloudprovidermayofferasmallsetofpreconfiguredimagesdesignedforspecific roles,suchasloadbalancing,runningaWebserver,orprovidingapplicationservices. Underthisapproach,cloudconsumerscoulddefinethenumberWebserverstheyneedand thenumberofapplicationserversrequiredwithouthavingtoconcernthemselveswithOS orapplicationstackdetails.
TheAPIApproach
Anotherapproachacloudvendormayprovideisageneralcomputingplatformthat abstractsevenbasicdistinctionssuchasWebserversandapplicationservers.Underthis model,cloudconsumersdevelopapplicationsthatuseacloudprovidersapplication programminginterface(API),whichmightinclude,forexample,functionsfor: Definingdatastructures Creatingassociativearrays(keyvaluepairs) Specifyingqueries Implementingtransactions Utilizingtaskqueues
Figure2.2:Cloudconsumershavearangeofoptionsthatbalancedifferentlevelsof flexibilitywiththeneedforsystemsmanagementtasks. 23
TheDefinitiveGuidetoCloudComputing
DanSullivan
Datastoredinthecloudismanipulatedinmuchthesamewayasitisinnoncloud architectureswithsomeminordifferences.BlockbasedstoragemaybeaccessedviaURL. Relationaldataisqueriedthesameinoroutofthecloud,butdatabaseadministratorswill havelesstomanagewithregardstothephysicalallocationofspaceandreplicationofdata forhighavailability. NetworkResources Theabilitytomovedatafromcomputetostorageresourcesmustscalealongwiththose resources.Withinthecloud,thenetworkcapacityandinfrastructureisdefinedand managedbythecloudprovider.Providerscanreasonablyplanformovingdatafrom serverstostoragearraysorreplicatingdatabetweenstoragedevices.Thesituation changeswhendatahastomoveintooroutsideofthecloud. Cloudserviceprovidersaremoreconstrainedintheirabilitytodelivernetworkscalability becauseofdependenceontheoutsidenetworks.Cloudconsumerstransferdataintoand outofthecloudusingwhatevernetworkservicestheyhaveacquired.Thismayormaynot besufficientforthevolumesofdatathatneedtobetransferred.Inresponse,somecloud providersoffersneakernettothecloudservices:physicalstoragedevicesareshippedto thecloudproviderwheretheyareuploadedtothecloud. Partofoptimizingcloudbasedservicesisdeterminingthebestwaytomovedataintoand outofthecloudandminimizingtransfersoutsidethecloud.Thenetworkbottleneckisone reasontogenerate,process,andstoredatainthecloudasmuchaspossible. Massivescalabilityisafundamentalcharacteristicofcloudcomputing.Cloudproviders offerdifferentapproachestoprovidingcomputingresourcesthattradeoffbetween flexibilityinapplicationsthatcanruninthecloudwithdemandsoncloudconsumersto managesystemresources.Similarly,massivestoragescalabilityisfundamentaltocloud computing.Atthispointintime,networkingresourcesoutsidethecloudareapotential bottlenecktomovingdatatoandfromthecloud.
24
TheDefinitiveGuidetoCloudComputing
DanSullivan
AbilitytoEasilyAllocateCloudResources
Cloudcomputingcansignificantlyreducetheneedforsystemsadministrationsupportby providingeasytousetoolsforallocatingcloudresources.Oneoftheadvantagesof abstractingmanyimplementationdetailsisthatitallowsforgreaterautomationofthe cloudresourceprovisioning.Asnotedearlier,cloudprovidersofferdifferentlevelsof abstractionofservices,butinallcases,theprovidershouldoffertoolsthatenable applicationadministratorstheabilitytoadjusttheusageasdemanddictates. Considerasimpleexample.Amarketinganalysthasjustacquiredseverallargedatasetson productsalesoverthepastseveralmonths.Thisisaonetimetaskandtheanalystneedsto aggregatethedataforbusinessreportingaswellasrunsomestatisticalanalysisprograms overeachdataset.Outsidethecloud,theanalystwouldneedtoperformseveraltime consumingsteps: Findadepartmentserverwithavailabilityandconvincetheownertoallowthejobs torunonthatserver. Next,assumingaserverisfound,theanalystwouldthensubmitatickettosystems administratorstoinstallthenecessaryanalysissoftware. Whenthatisdone,whichcouldbeafewhourstoafewdaysdependingontheIT supportbacklog,theanalystwouldneedtouploadthedata.Ifthedatais compressed,additionalstoragewillberequiredtostoreboththecompressedand decompressedfilesuntilthedecompressoperationiscomplete. Runtheanalysisjobs.Thisisacomputeintensivejob,sothetimetocompleteitwill dependonthenumberofCPUresourcesavailable.Iftheanalystwasprovidedwith avirtualserverrunningonahostwithseveralothervirtualmachines,the workloadsontheothervirtualmachinescanadverselyimpactthedataanalysisjob.
Thesameprocessinthecloudissignificantlylessarduous. Selectavirtualmachineimagetorunoncloudserversfromacatalogofimages. ThesecanrangefromOSonlyimagestocompletedevelopmentoranalysis environments. Specifythenumberofthevirtualinstancestorun.Insomecases,cloudvendorsmay offeroptionsonthesizeofservers(forexample,small,midsize,highend),inwhich case,thesizewouldneedtobespecifiedaswell.Asmultipleserversareavailable, theanalysisjobcanbesubdividedintosmallerjobsandruninparallel. Loadthedataintocloudstorageanddecompressifnecessary. Runtheanalysisjobs.
25
TheDefinitiveGuidetoCloudComputing
DanSullivan
ServiceManagementPlatform
Oncewemovebeyondsimplescenariosliketheonepreviouslydescribedandstartto considerenterprisescalemanagementissues,theneedforaservicesmanagement platformbecomesclear.Acosteffectivecloudservicewillofferamanagementplatform thatsupportsfouraspectsofservicemanagement: Supportforautomatedprovisioninganddeprovisioningofresources Selfserviceinterface Aservicecatalogofstandardizedservices Policydefinitionandenforcement
Supportforautomatedprovisioninganddeprovisioningandtheselfserviceinterfacewere coveredintheprevioussection,sowewillfocusourattentionontheothertopicshere. ServiceCatalogofStandardizedServices Aservicecatalogintroducesconsistencyandreusabilitytothecloud.Acatalogincludes virtualmachineimagesthatcanrunwithinthecloudwithminimalsetuponthepartofthe cloudconsumer.Theseimagescapturedesignpatternsthathaveworkedwellinotheruse cases. Forexample,abasicWebserverservicemightincludethelatestversionoftheApacheWeb server,afullypatchedandhardenedLinuxOS,andaproperlyconfiguredfirewall.Another imageintheservicecatalogcouldprovideanextraction,transformation,andload(ETL) applicationforusewithdatawarehousingapplications.Withtheabilitytoinstantiatea fullyfunctionalETLsysteminamatterofminutesusingaselfserviceinterface,the barrierstoentrytobusinessintelligenceanddataanalyticsissignificantlyreduced. PolicyDefinitionandEnforcement Aservicemanagementplatformcanensurethatoperationsinthecloudcomplywith organizationpolicies.Technicalpoliciescanaddressissuessuchas: Authenticationandauthorizationrequiredtouseresources Resourcelimits,suchasthenumberofconcurrentvirtualserversausercanhave instantiatedduringpeakloadperiods Preinstantiationchecks,suchasensuringimagesareproperlypatchedbefore executingorvirtualmachinesusecurrentlyapprovedversionsofsupportedOSs
26
TheDefinitiveGuidetoCloudComputing Organizationalpoliciescanbeenforcedaswell.Theseinclude:
DanSullivan
ACloudbyAnyOtherName
Cloudcomputinghasthepotentialtosignificantlyreducecostsandimprovethedeliveryof businessservices.Itisnowondervendorswouldwanttooffersomethinginthisarea. Simplycallingaserviceofferingacloudisnotenough,atleastforTheDefinitiveGuideto CloudComputing.Thisguidehasandwillcontinuetoarguethatcloudcomputingentails massivescalability,easytoallocateresources,andaservicemanagementplatformthat includesaservicecatalog.Thesethreeelementsareessentialtoofferingaviablecloud computingserviceinanenterprise.
Figure2.3:Cloudcomputingrequiresthreefundamentalelementstobeeffectively usedinenterprisecomputing. 27
TheDefinitiveGuidetoCloudComputing
DanSullivan
Ifanydoubtsremain,considerifanyoneofthesethreecharacteristicsweremissing. Withoutmassivescalability,therewouldnotbetheresourcesrequiredtomeetfluctuating demand.Cloudconsumerswouldhavetohavebackupresourcesinplaceincasecloud resourceswerenotavailable.Traditionalservicedeliverymodelswouldcontinuetoexist andunderminethecostbenefitsofcloudcomputing.Withouteasyprovisioning,cloud consumerswouldstillhavetodependonITsupport,creatingthepotentialforbacklogs anddrivinguplaborcosts.Withoutaservicemanagementplatform,cloudconsumers wouldnothaveawellmanagedservicecatalog,thelackofwhichwoulddriveupcostsof creatingandmaintainingvirtualmachineimages.ITsupportwouldnothaveamechanism toenforcepolicies,leavingthepotentialtoviolategovernanceandcomplianceregulations. Billingandresourcemanagementwouldrequiremoremanualprocesses,drivingupcosts inturn. Cloudcomputinglendsitselftoawidearrayofservicesandservicedeliverymodels.Aswe willseeinthenextsection,therearemanywaystoprovidecloudservices.
DifferentTypesofCloudComputingServices
Cloudcomputingcanencompassabroadrangeofservices,soitisnotsurprisingtoseea numberofbroadoptionsemerging.Theseservicesrange,inincreasingorderofspecific typeofservice,toinclude: Infrastructure Platformservices Applicationservices
Eachlevelofservicemeetsadistinctsetofneeds.
InfrastructureServices
Infrastructureservicesdelivercomputingandstorageservices.Thistypeofserviceisthe oneusedasamodelintheprevioussectiondescribingthethreedefiningcharacteristicsof cloudcomputing.Herewewillturnourattentiontodescribinghowthistypeofservicecan beusedalongwithanexampleusecasetoshowhowcloudcomputingcansignificantly improvesometypesofservicedelivery.
28
TheDefinitiveGuidetoCloudComputing
DanSullivan
Byallocatingjustbasiccomputingservices,cloudconsumerscanrunproprietary workflowsthatdonotdependonpreconfiguredservices.Abroadsetofserviceimagesina servicecatalogcanprovideastartingpointforbuildingproprietaryworkflows.For example,theservicecatalogwouldhavevirtualmachineimageswithOSsandapplication servers,whichuserscouldinstantiateandthenaddcustomapplicationstocompletetheset ofcomponentsneededfortheworkflow. Thistypeofcloudservicealsoworkswellforaccommodatingpeakdemandperiodsfor eitherstandardizedapplicationsorproprietaryworkflows.Existinginfrastructuremaybe sufficientforaverageloads,butduringpeakperiods,suchastheholidayshoppingtimesin theretailindustry,additionalcomputingservicesmaybeneededforrelativelyshort periodsoftime. Maintainingadisasterrecoverysitecanaddsignificantlytothecostofprovidingaservice. Evenifadisasterrecoverysiteisneverused,businessespayforthehousingequipment, powertokeepaminimalinfrastructurerunning,andmaintainingserversandother equipment.Theremaybemarginallaborcostsaswelltomaintainthesite.Analternative, andoneenabledbythecomputingondemandmodel,istouseacloudproviderasa disasterrecoveryservice.Todothis,abusinesscould: Maintainasetofvirtualmachineimagesthatwouldrunthebusinessapplicationsin theeventofadisaster Maintaincopiesofdataincloudstorageusinganappropriatecombinationof backupsandnearrealtimereplication Establishaplanforprovisioningcloudservicestomeetdisasterrecovery requirements;forexample,someservicesmayberunonsmaller,andtherefore lowercost,serverswhileindisasterrecoverymode
Ofcourse,astheserequirementsdemonstrate,computingondemandcanbeclosely coupledtostorageondemand.
29
TheDefinitiveGuidetoCloudComputing
DanSullivan
StorageonDemand Storageondemandcanprovidefile,block,orrelationalstoragetomeetavarietyof requirements.Insomecases,suchastheneedforoffsitebackup,theneedforstorageis fairlyconsistent.Cloudstorageofferstheabilitytoprotectbackupsfromsitespecific damagebutwithouttheneedtomaintainanotherphysicalsite.Whendealingwithmultiple remotesites,copyingbackupstothecloudcanbeanappealingoptionratherthan physicallytransportingtapesfromthosesitesormaintainingadditionaldiskstorageata datacentertoaccommodatethosebackups. Demandforstoragecanvarywidely.Forexample,anaccountingfirmmayhavepeak demandfor2to3monthspriortotaxfilingdeadlineswhenlargeamountsofdataare comingintothefirm.Afterthedeadline,datacanbearchivedandmovedoffdisk,but withoutanoptionsuchascloudbasedstorageondemand,thefirmwouldhavetomaintain peakstoragecapacityallyear.Thewidepotentialforondemandcomputingandstorage canbedemonstratedwithamoregenerallyapplicableexampleaswell. BusinessIntelligenceUseCase Businessintelligencereportingisdrivenbylargevolumesofuptodateinformation. Collectingandprocessingthisdatacanimposesignificantdemandsoncomputingand storageresources,especiallywhentheETLphasehastooccurinalimitedwindowoftime. Withondemandcomputingandstorage,datacanbeuploadedfrommultiplelocalsources simultaneously.Thatdataisthenaggregatedatlowandmidlevelsinparallelbeforebeing aggregatedatagloballevelandfinallystoredinaclouddatabaseforlaterreport generation.
TheDefinitiveGuidetoCloudComputing
DanSullivan
PlatformServices
Platformbasedcloudservicesdeliverhigherlevelservicesthantheinfrastructurebased modeloffers.Platformbasedservicesincludetoolsfordesigning,developing,and deployingapplicationsusingasetofsupportedapplicationcomponents,suchasrelational databasesandapplicationsecurityservicesthatspanmultiplelayersoftheapplication stack.
Figure2.5:Platformservices(ingreen)provideapplicationdevelopment componentsbuiltonlowerlevelcloudservices. RelationalDatabaseServices Relationaldatabasesarethedatabackboneofmostenterpriseapplications.Sincethelater 1970s,relationaldatamodelshaveofferedsignificantadvantagesoverotherdatabase frameworks.Continuousimprovementinrelationaldatabasemanagementsystemshave allowedrelationaldatabasestokeepupwithgrowingandchangingdemandsformanaging persistentdata.Oneofthelatestadvancesistheabilitytohostrelationaldatabasesina cloud. Toavoidanyconfusion,itisworthnotingthattherearetwowaysonecouldhosta databaseinthecloud.Onemethodissuitableforsmallprojectswithshortlifespans,the othertakesadvantageofcloudinfrastructureforamorescalablesolution.
31
TheDefinitiveGuidetoCloudComputing
DanSullivan
ASimpleRelationalDatabaseSystemintheCloud
Thefirstmethodbasicallytransfersthesameapproachtodatabasemanagementwe typicallyuseoutsidethecloudandappliesitinthecloud.Underthismethod,adatabase administratorprovisionsavirtualserverandinstallsthedatabasemanagementsystemon thatserverusinglocaldiskstoragefordatabasefiles.Thisapproachmaybesuitablefor limitedneedsbutisnotageneralsolutionforpersistentrelationalstorageinthecloud. Onedrawbackisthatlocalstorageisallocatedtoausersvirtualmachineinstanceonlyas longastheinstanceisrunning.Oneoftheadvantagesofthecloudisthatvirtualmachine instancesarestartedandstoppedasneeded.Unlesstheinstancehostingthedatabaseis keptrunning,thedatabasewillbelost.Anotherdrawbackisthattheversionsofrelational databasemanagementsystemsrunningontypicalenterpriseserversarenotdesignedto takeadvantageofcloudstorageservicesbasedonallocatingblocksorbucketsofstorage forarbitrarydata.Althoughthisisonewaytouserelationaldatabasesinthecloud,itisnot whatisgenerallyconsideredarelationaldatabaseservice.
RelationalDatabaseServicesOptimizedfortheCloud
Relationaldatabaseservicesforthecloudtakeadvantageofthescalabilityofcomputeand storageresourcesofthecloud.Asonemightexpect,relationaldatabaseservicesattendtoa numberoflowlevelimplementationdetailsthataretypicallytheresponsibilityofa databaseadministrator.Forexample,withinthecloud,databaseadministratorsdonot havetoconcernthemselveswith: Managingdiskspace Specifyinghowtodistributelowleveldatastructures,suchastablespaces,across multiplediskstooptimizeperformance MonitoringI/Opatternstodetectbottlenecksindiskoperations Replicatingdatatoensurehighavailabilitysincepersistentdataistypicallywritten tomultiplelocationswithincloudstorage
32
TheDefinitiveGuidetoCloudComputing
DanSullivan
ApplicationServers Applicationcomponentservicesprovidemiddlewareservicesinthecloud.Likerelational databases,middlewareapplications,suchasapplicationserversandportalservers,canbe optimizedforthecloud.Thisensuresthecomponentscantakeadvantageofscalability, highavailability,andservicemanagementplatformsprovidedinthecloud. SecurityServices Securityisnotacomponentonecanisolatelikeadatabaseoramessagingqueue.Security isaproductofspecializedcomponents,suchasauthenticationandauthorizationservices, aswellassystemsdesign.Thefundamentalprinciplesofsecurityarenodifferentinthe cloudthanoutsidethecloud.Wecannot,however,simplyusethesamesecurity proceduresinthecloudthatweuseoutsidethecloudanymorethanwecansimplyruna databasemanagementsystembuiltforasingleserverinthecloudandexpectcloudlike benefits. Securityservicesneedtobeembeddedintocloudplatformservicesand,ataminimum, includesupportfor: Authentication Authorization Auditingandreporting Keymanagement Securitytokenmanagement
ApplicationServices
Todayscomplexenterpriseapplicationsareoftenbuiltonapplicationframeworksand designpatterns,soitisnotsurprisingtoseesupportfortheseinthecloud.The frameworksvarybutincludecomponentssuchasruntimelibraries,development frameworks,andhigherlevelapplicationcomponents.Thelevelofsupportfordifferent frameworkswillvarybycloudprovider,especiallyifprovidersspecializeinsupportingone typeofframework.Insomecases,acloudprovidermayofferaframeworkspecifically designedforthecloudandnotavailableinotherarchitectures.
33
TheDefinitiveGuidetoCloudComputing
DanSullivan
Evenwithvariationinframeworksandprogramminglanguages,anumberofapplication servicesmaybeavailablethatallowprogrammerstotakefurtheradvantageofwhata cloudinfrastructurehastooffer.Twosuchservicesaremessagingqueuesandsupportfor highlydistributed,parallelprocessing. MessagingQueues Messagingqueuesprovideforasynchronouscommunicationbetweenprocessesrunningin thecloud.Messagingisusefulforconstructingworkflows,implementingdistributed transactions,andaccommodatingthefailureofacomponentwithinadistributedsystem. ConsiderasanexampleaWebinterfacerunningononeserveracceptsrequestsfromusers. Inatightlycoupledapplication,theinterfacemaypasstherequesttooneinstanceofa backendserviceandwaitforaresponse.Ifthebackendserviceisdown,theapplication fails.Inalooselycoupleddesign,theinterfacewouldsubmittherequesttoaqueue.Any oneofanumberofinstancesofthebackendservicecouldreadtherequestfromthequeue, respondtoit,thendeletetherequest.Ifasingleinstanceofthebackendserverisdown,the requestcanstillbeserviced.Ifoneofthebackendinstancescrasheswhileprocessinga request,anotherinstancecanstillreadtherequestbecauseitisnotdeletedfromthequeue untiltheresponseisgenerated.
34
TheDefinitiveGuidetoCloudComputing
DanSullivan
Distributed,ParallelProcessing Oneoftheadvantagesofcloudarchitecturesisaccesstoalargenumberofservers.This introducesopportunitiesforperformingoperationsinparallelthatwouldnormallyhaveto bedonesequentiallywhenonlyasmall,fixednumberofserversareavailable.A programmingparadigmknownasmapreduceisonesuitableforcloudsmethodto implementparallelapplications. Thebasicideabehindmapreduceisthatsomeproblemsareinherentlyparallel:Some stepsinthecomputationcanbedoneindependentlyofotherstepsandtheresultsof individualcomputationscanbecombinedtoproducethefinalresult.TheETLexample citedearlierhighlightsaproblemwithcoursegrainedparallelism.Thatproblemcanbe brokendownintoasmallnumber(forexample,ontheorderof10)stepsfollowedbyan aggregationprocesstocombineresults.Otherproblems,especiallythosewithlarge amountsofdata,canbedividedintoevenlargernumbersofsubproblems. Takeforexample,analyzingclickstreamdata.Abusinessisanalyzingpatternsofactivity ontheirecommercesitetodeterminewhethertherearecommoncharacteristicsshared acrosscustomerinteractionsinwhichthecustomerabandonshisorhercart.Theclick streamdatafromtheWebsitecontainsinformationaboutwhatproductsthecustomer viewed,reviewsthatwereread,andnavigationpathstakentothepointwhereaproduct wasaddedtothecart.Asonecustomersactivityisindependentofothers,thisisagood candidateforhighlyparallelanalysis. Amapreduceapproachtothisproblemcouldbedefinedasfollows: Splitthesetofallclickstreamdatabycustomersession Partitionthecustomersessionsacross100instancesoftheanalysisprogram Foreachcustomersession,scantheclickstreamforthenumberoftimeseach possible3pagesequencepatternoccurs;tosimplifythepattern,lookfortypesof pages,suchasproductdetails,reviews,searchresultsthisisthemapphase Combinetheresultsofeachmapphasetoproducetheaggregatenumberoftimes eachpatternoccurredthisisthereducephase
35
TheDefinitiveGuidetoCloudComputing
DanSullivan
ApplicationsandBusinessServices
Providingapplicationandbusinessservicesfromthecloudpresentsanopportunityto consolidatethoseservices.Thebeneficialfeaturesofcloudcomputing,suchasflexible scalabilityandaservicemanagementframework,canenableorganizationstoreducethe numberofseparateinstancesofapplicationsrunningthroughouttheenterprise. ConsolidatingEnterpriseApplications Considerafewcommontypesofenterpriseapplications: Customerrelationshipmanagement(CRM) Enterpriseresourceplanning(ERP) Businessintelligence
Eachofthesetypesofapplicationscanhavebroadreachthroughoutabusiness.Withthe commonlyusedoneserver/oneapplicationapproachthathasbeenusedforyears, businessesmayfindthemselveslimitedtohowmanyuserstheycansupportwiththese applications. Forexample,consideracompanythatrunsaCRMapplicationonaserversufficientfor currentneedsaswellassomemoderategrowth.Thecompanythenmergeswithanother businessthatalsoneedsCRMsupport.TheITstaffofthenewcompanywillhaveto determinewhetherasingleservercansupportthenewlymergedenterpriseormultiple instancesofthesystemwillhavetoberun.Thelatteroptioncanleadtofragmentationand arbitrarydivisionsthatinturncanleadtoorganizationalproblemsdowntheroad. 36
TheDefinitiveGuidetoCloudComputing
DanSullivan
LetsassumethebusinessdecidesthatrunningtwoinstancesoftheCRMapplicationisthe morecosteffectivealternative.ThecustomersaredividedgeographicallywithNorth America,SouthAmerica,andSoutheastAsiacustomersinoneinstance,andEurope,Middle East,Africa,andotherAsiacustomersinthesecondinstance.Ahostofquestionsarise: Howshouldcustomersinglobal,transnationalcompaniesbedivided? Willregionalsubdivisionsofcustomersbeseparated? Howcostlyandtimeconsumingwillitbeiftheallocationofcustomershastobere arrangedtoalignwithnewbusinessstrategy? Whatisrequiredtosupportafederatedidentitymanagementsystemsothatusers inonesystemcanaccesstheothersystemasneeded?
SimilarquestionscanbeaskedaboutERPsystems;insteadofcustomersthough,the questionswouldfocusonbudgets,inventories,financialprojections,andaccountingissues. Inthecaseofbusinessintelligence,fragmentationcanoccuraroundtoolsandprocedures. Enterprisescaledatawarehousesmayhavededicateddatabaseadministratorswhoare abletotuneandmanagecomplexdatabasemanagementsystems.Departmentswithmore limitedrequirementsmaybuildlocallymanageddatamartsemployingeasiertouse databasesandreportingtools.Thismaybethemostexpeditiousapproachintheshortrun butovertimeitcanleadtoduplicateddata,increasedsoftwarelicensingcosts,and redundantadministrationcosts. MovingenterpriseapplicationssuchasCRM,ERP,andbusinessintelligencesystemstothe cloudcanhelpreducecostsandimprovethedeliveryofbusinessservices.With standardizedvirtualmachineimagesandcentralizedcloudstorage,additionalcompute resourcescanbebroughtonlineasdemandforservicesgrows.Asdataisconsolidatedin thecloud,wecanavoiddatafragmentationproblems.Standardizedvirtualmachineimages deployedthroughaservicesmanagementplatformreducethedemandforspecialized databaseandsystemsadministrationexpertiseindepartmentsrunninglocalapplications, suchasdatamarts. ManagingBusinessServicesandWorkloads Asapplicationsmovetothecloud,therewillbeaneedtomanageaccordingtoservicelevel agreements(SLAs)andotherexpectationsforperformanceandavailability.Thiswill requirebothtechnicalandmanagementapproachestotheproblem. Onthetechnicalside,applicationadministratorswillneedtoutilizeperformancereporting providedbytheservicemanagementplatformtoensureSLAsaremetincosteffective ways.Runningmultipleinstancesofanapplicationandloadbalancingacrossthose instancescanhelpmaintainperformanceandprovidealevelofreliabilitytothesystem. Onthemanagementside,weneedtobecognizantofutilization.Thereisnopointrunning sixinstancesofanapplicationwithanaverageserverutilizationof25%whenrunning threeinstancesstillleavesplentyofmarginforspikesindemandwithouttheneedto instantiateanothervirtualmachineimage.
37
TheDefinitiveGuidetoCloudComputing
DanSullivan
CommonAttributesofCloudServiceModels
Thethreedefiningcharacteristicsofcloudsmassivescalability,easytoallocateresources, andaservicemanagementplatformdescribekeyarchitecturalelementsofcomputing andstorageclouds.Aconsumerofcloudservicesmayseeadifferentsetofattributesfrom theirperspective: OndemandselfserviceTheabilitytoallocate,use,andmanagecomputing, storage,application,andotherbusinessservicesatwillwithoutdependingonIT supportstaff UbiquitousnetworkaccessTheabilitytoworkwithcloudresourcesfromany pointwithInternetaccess;cloudserviceconsumersarenotdependentonbeingin corporateheadquartersorinadatacentertohaveaccesstoanenterprisecloud LocationindependentresourcepoolsComputeandstorageresourcesmaybe locatedanywherethatisnetworkaccessible;resourcepoolsenableredundancyand reducetherisksofsinglepointsoffailure ElasticscalabilityCloudconsumersdecidehowmuchofanyresourcetheyutilize atanytime;allocationisdrivenbyimmediatedemandnottheneedtomaintain capacityforpeakdemand FlexiblepricingCloudproviderstypicallychargewithapayasyougomodel;as cloudcomputingmatures,wewilllikelyseeavarietyofpricingmodels,including pricesthatvarybylevelofdemand
CloudDeliveryModels
Whencloudcomputingfirstemergedasaviableplatform,thetermgenerallyappliedto whatwewouldnowcallapubliccloud.Ascloudcomputingexpanded,sodidthedelivery modelstothepointwherewehaveatleastthreedistinctdeliverymodels: Publicclouds Privateclouds Hybridclouds
Publicandprivatecloudshaveadvantagesanddisadvantages;hybridcloudsattemptto capturethebestofbothworlds.
38
TheDefinitiveGuidetoCloudComputing
DanSullivan
PublicClouds
Publiccloudsarecomputingandstorageservicesthatareopentoanyconsumer.An immediateadvantageofusingapubliccloudisthatthereisnoupfrontcapitalexpenditure requiredofbusinessusers.Cloudconsumerspurchasecomputingandstorageservicesas neededandpayastheygo.Therearelikelycostsassociatedwithtransferringdatatoand fromthecloud,andthesecostscaneasilygrowbeyondthecostofcomputingandstorage forhightransferrates.Anotherdisadvantageisthatbusinessesaredependentonthe viabilityandreliabilityofthecloudprovider.Ifthereisasignificantserviceoutage,data andserviceswillbeinaccessible.Riskassessmentsandmitigationstrategiesarecalledfor whenworkingwithanycloud,buttheyareespeciallynecessarywhencriticalbusiness servicesaredependentonthirdparties.
PrivateClouds
Privatecloudsareownedandoperatedbybusinessesfortheirinternaluse.Thisdelivery modelcanbeespeciallyappealingwhencompliance,security,andotherrisksfactor significantlywhendevelopingacloudstrategy.Akeyadvantageofaprivatecloudisthat thebusinessisincontroloftheservice:itcansetpricingandpolicies,controlaccess,and defineitsownservicecatalogofvirtualmachineimagesforuseinthecloud.Aprivate clouddoesrequirecapitalexpendituretoprocurehardwareandsoftwareforthecloud.A staffofITprofessionalsmustalsobeavailabletoadministerandmanageservices.To realizethegreatestbenefitofthecloudarchitecture,multipledatacenterswillimplement distributedstorageandcomputeinfrastructure.Capacityplanningisalsoanissue.A businesscouldfindasuccessfulprivatecloudcreatesdemandsthatexceedcurrent capacity.Expandingaprivatecloudcanrequiresubstantialcapitalexpenditure;ahybrid modelcouldbeabetteralternative.
HybridClouds
Ahybridcloudcombinespublicandprivateclouds.Abusinessthathasimplementeda privatecloudcanusepubliccloudresourcesasanextensionoftheirowncloud.Therearea fewdifferentwaystodoso. Thetwocloudscouldbeseparatelymanagedserviceplatforms.Policiesareestablishedto governwhatkindsofjobscanruninthepubliccloud,andcloudconsumershavetheoption torunandmanagetheirjobsinthepubliccloud.Thisapproachgivescloudconsumers freedomtochoosebetweentwoservices.Theremaybecaseswherethepubliccloudisless expensiveorcanprovidecapacityunavailableontheprivatecloud. Anotherwaytomanagethehybridprivatepubliccloudistoenableaccesstothepublic cloudfromwithintheservicemanagementplatform.Thetwoservicesarestill independent,butcloudconsumerswouldhaveasinglepointofmanagement. Finally,thepubliccloudcouldbetreatedasanextensionoftheprivatecloudby implementingavirtualprivatenetwork(VPN)inthepubliccloud.Underthismodel,a portionofthepubliccloudistreatedasanextensionoftheprivatecloud. Asissooftenthecaseininformationtechnology,thereismorethanonewaytodelivera service,andthebestoptioninanysituationishighlydependentonspecificrequirements. 39
TheDefinitiveGuidetoCloudComputing
DanSullivan
Summary
Cloudcomputingisrelativelyyoung,butintheshorttimesinceitsinception,ithas managedtocreateahostofcompetingdefinitions,architectures,servicemodels,and deliverymethods.Acrossallofthesevaryingwaysoflookingatcloudcomputing,wefind commoncharacteristics,includingmassivescalability,easeofallocatingresources,anda servicemanagementplatform.Buildingonthisfoundation,cloudproviderscandelivera rangeofservices,frominfrastructuretoplatformstoapplicationsandbusinessservices.No singledeliverymodelmeetsallneeds,butthecombinationofpublic,private,andhybrid cloudsofferarangeofoptionssuitableformanybusinessrequirements.
40
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter3:EnablingBusinessInnovationby UsingCloudComputing
Manydiscussionsofcloudcomputingfocusonitstechnologicaladvantagesandthereare manybuttherearebusinessadvantagesaswell.Thischaptershiftsfocusfromquestions ofarchitectureandoperationstoissuesofservicedeliveryandreturnoninvestment(ROI). Afterall,cloudcomputingisnotanendinitself(unlessyouareacomputerscientistor systemsarchitect)butameansofdeliveringexistingservicesmoreefficientlyandenabling thedeliveryofnewservicesthatmaynotbepracticalunderothermodels. Thechapterisdividedintothreemainsections: LaunchinganewbusinessserviceThefirstsectioncomparesservicedelivery undertraditionalITservicemodelsandundercloudcomputing.Examplescenarios willillustratesomeofthekeydifferences. AdvantagesofdoingbusinesswithcloudcomputingTheadvantagesofdoing businesswithcloudcomputingincludethereducedtimerequiredtodelivernew services,newmeanstocontrolcosts,theabilitytoscaletodemand,andthe adaptabilityofcloudcomputing. SourcesofROIinthecloudROIincloudcomputingcomesfrombothreduced capitalcostsandloweroperationalcosts.Aswithothertechnologies,theROIinthe cloudishighlydependentonmorethanjustthetechnology;howyouimplement andmanagecloudservicescontributestohowmuchofthepotentialROIisactually realized.AsafirststeptounderstandingthesourceofROIincloudcomputing,lets consideracoupleofhypotheticalexamplesofhowservicedeliveryinthecloud differsfromtraditionalITservicedelivery.
41
TheDefinitiveGuidetoCloudComputing
DanSullivan
LaunchingaNewBusinessService
Thereisnothinglikelaunchingabusinessservicetocombinetheexhilarationofcreating somethingnewwiththeapprehensionassociatedwithchoreographingalltheelements requiredforasmoothlaunch.Andthereisnoshortageofpiecesthatmustbeinplace: Thecomputing,storage,andnetworkservicesrequiredtosupporttheservice Softwarethatcapturesthefunctionalrequirementsofthenewservicewhile providingausableinterface Awelldevelopedplanfordeployingelementsintheproperordersothat dependenciesareinplaceasnewcomponentsareputinplace Policiesandprocedurestogovernhowtheserviceinfrastructureismanagedand maintained Arecoverystrategyandcorrespondingsystemstomitigatetheriskofdatalossor servicedeliveryfailure
Itiseasytoseehowessentialeachofthesetechnicalandbusinesselementsistothe ultimatesuccessoftheproject. Takeawaysufficientcomputing,storage,ornetworking,andtheservicecandegradetothe pointoffailure.Skimponusabilityengineeringorotherwiseshortchangetheuser interface,andyoulosecustomersattheproverbialfrontdoor.Thoseofuswhohave workedonprojectswithinadequateplanningknowthefrustrationandfutilitythatcome withadhoc,reactivemanagement.Theworstpartisthatthedelays,rework,andmissed stepscouldhavebeenavoided.Asweconsidertheadvantagesofcloudcomputingfor servicedelivery,youwillseehowsomeofthesepotentialproblemscanbereduced. Needlesstosay,cloudcomputingisnopanaceaandnoamountoftechnologycan compensateforpoormanagementpractices.Cloudcomputingcan,however,reducesome oftheburdensandchallengesthattypicallycomewithplanningandimplementingnew projects. Onceaserviceisdeployed,itistimetomoveintoanoperationmaintenancemode. Planningisjustasimportanthereasitwasduringdesignanddeployment.Thedifference isthatnowyoushiftfromaprojectplanningframeworkofdeliverables,milestones,and resourcebalancingtooperationsguidedbypoliciesandproceduresthatdefinewhatisto bedoneandhowtodoit.Policiesgoverningeverythingfromservicelevelagreement(SLA) monitoringtobackupstosecurityshouldbeinplaceatlaunch.Procedures,whichturn thosepolicesintoexecutabletasks,mustalsobeinplacetoensureproperoperations.Of course,evenwiththebestplanningandpoliciesinplace,hardwarefails,softwareerrors manifestthemselves,andnaturaldisastersstrike.Arecoverymanagementstrategy, commensuratewiththevalueofthenewservices,canhelpyourespondeffectivelyand efficientlywhenadverseeventsoccur.
42
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure3.1:Servicedeliveryisbuiltonafoundationoftechnologyandbusiness servicesandpractices.Remove,disrupt,orundermineanyofthese,andservices deliveryisadverselyaffected. Tobetterunderstandhowservicemodelsinfluenceservicedelivery,letsassessdelivering acoupleofdifferenttypesofservicesunderdifferentmodels.Inthefirstexample,wewill considerahomeimprovementretailerwithaplantooffertutorialvideosonhome improvementprojectsforthedoityourself(DIY)customer.Inoursecondexample,we willseehowbusinessanalystsdealwiththeproblemofbigdataandtheneedfor advancedbusinessintelligenceandanalyticsservices.Theseexamplesarechoseforseveral reasons: TheyaresignificantlydifferenttypesofservicesoneisacustomerfacingWeb applicationandtheotherisamorebatchorientedbackofficeservice Theyrequireadifferentcombinationofcomputingresources Theyhavedifferentusagepatternsovertime Cloudcomputingcanreducethecostofdeliveryofbothservicesregardlessofthe differencesinthetypeofapplicationandemandprofile
First,letsexplorethestepsinvolvedindeployingthesetwoservicesunderatraditionalIT servicemodel.Next,welllookathowthesameservicecouldbedeployedinthecloud. 43
TheDefinitiveGuidetoCloudComputing
DanSullivan
NewServicesUnderaTraditionalITServiceModel
Projectmanagement,softwaredevelopment,testing,anddeploymentpracticesarewell developedundertraditionalITservicemodels.Theyallcomeintoplayinourtwo hypotheticalscenarios. Scenario1:TutorialVideosfortheDIYCustomer Notallofusaregiftedcarpentersorskilledplumbers,butsomeofusthinkwecoulddoa fairlydecentjobaroundthehouseifwejusthadtherighttoolsandafewtipstogetus started.Ahomeimprovementretailerthathastraditionallydonewellservingthesmall contractorsegmentofthemarkethasdecidedtotargetthepotentialDIYcustomerinan efforttoimprovesalesandexpandtheirshareofthatmarketsegment.Thefollowinglist highlightskeyfeaturesandnonfunctionalrequirements: Theservicewillprovideshorttutorialvideosonarangeofhomeimprovement topics.Videoswillrangefrom1to10minutesindurationwithanaverageof5 minutes. VideoswillbestreamedovertheWebanddeliveredthroughthecompanysWeb site. TheservicewillbelaunchedinbetatocustomersintheNortheastUnitedStatesfor 4weeksfollowedbyanextended4weekbetatotheNortheast,MidAtlantic,and SoutheastUnitedStates.Afterthat,itwillbemadeavailablethroughoutthe companysNorthAmericanmarket. Theinitiallaunchwillsupportupto500videos;attheendofthebetatestingphase, 1000videoswillbeavailable.Contentwillgrowatanaveragerateof200videosper monthafterthat. Metadatawillbeassignedtoeachvideotoimprovesearchandbrowsing.Tagswill includestructureddata,suchasrepairtype,toolsrequired,andtimetocompletethe task.Unstructureddatadescribingthevideocontentisalsoincluded. VideoswillbeaccessiblethroughacentralizedHowtoVideoLibraryintheWeb siteaswellasthroughproductpagesthatlinktorelevantvideos. Customerswillbeencouragedtoreviewandratevideos.Theresultswillbe analyzedtoimprovetheoverallqualityofinstruction,expandthescopeoftopics, andeliminatetheleastusefulcontent.
44
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure3.2:Servicedemandwillvarywidelybydayofweekandtimeofday.(Times arerelativetothetimezoneofthedatacenterhostingtheservice). Asthesystemsarchitectsandapplicationdesignersplantheinfrastructureforthisservice, theyhavetotakeintoaccountanumberofconsiderations.Theservicewillrequireservers tomeetpeakdemand,althoughthoseperiodsarerelativelyfewandfairlyshort.Theirony ofrunningahowtofixtutorialserviceonapoorlyfunctioningplatformcouldundermine thebrandimageandisnotworthrisking. Onthebusinessside,thisprojectwillrequireacapitalexpenditureandClevelapproval. TheITprofessionalsontheteamknowthattheywillhaveonechancetogettheresources theyneedwithinthenext12months.Theydonothavesufficientdatatoconfidently predictdemandfortheservice,sotheyresorttothenextbestthing:makingabestguess estimateandthenaddanother20%forcontingency.Thecombinedconcernfornot performingtocustomerexpectationwiththeinabilitytogetasecondroundofresources rapidlyenoughpushtheapplicationsdesignersandsystemsarchitectstochooseamore costlysolutionthanmayultimatelyberequired. Themajorcomponentstheydecideoninclude: Severalserverstostreamthevideotutorials Aloadbalancertodistributeusersessionsacrossseveralservers Astoragearraywithsufficientredundancy(forexample,RAID6) Applicationlicensestosupporttheservice
Figure3.3showstheconfiguration.
45
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure3.3:Thevideotutorialservicerequireshardwaretomeetpeakdemandeven thoughtheaveragedemandissignificantlyless. Itisclearfromthisexamplethatbuildingoutthisservicefollowingatraditionalstrategy requiresthatyoubuildforpeakdemandbeforeyouevenhavesufficientinformationto determinetheactuallevelofneed.Notonlycanyounotadjusttochangingneeds,youhave tomakeafairlylongtermcommitmenttothearchitectureearlyintheprocess. Scenario2:AdvancedAnalyticsforAutoInsurancePremiumCalculations Theautoinsuranceindustryisacompetitivebusiness.Aswithanytypeofinsurance, premiumshavetocorrelatewithrisks.Forautoinsurers,therearemanyfactorsto consider,includingtheageandsexofthedriver,pastaccidents,numberofmoving violations,primarygaraginglocationofthevehicle,andsoon.Fromacompetitive perspective,usingjustthesefactorsisinsufficienttogainanycompetitiveadvantage;after all,competitorsusethesamedata.Usingthesamedatacanleadinsurerstoclusterdrivers intosimilargroupsmakingitdifficulttocompeteonpricewithinthosegroups.
46
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure3.4:Finergrainedclusteringofcustomerscancreateacompetitiveadvantage byallowingmorepreciseandaccuratepremiumpricing. Thefollowinglisthighlightskeyfeaturesandnonfunctionalrequirements: Existingdatasetsonageandsexofthedriver,pastaccidents,numberofmoving violations,primarygaraginglocationofthevehicle,andsoonmustbeavailablefor datamining Additionaldataonhouseholdincome,includingincomebyage,disposableincome, householdnetworth,disposableincome,andsoon;consumerspendingdataby category,suchasfinancialservices,automotive,medical,recreation,andsoon; businessactivitydatabylocation;andpublicallyavailabledata,includingcensus dataandcrimestatistics Onamonthlybasis,internalandexternaldatawillbecollectedandanalyzedto buildapredictivemodelthatcategorizeseachcustomerbyfinegrainedrisk estimate
47
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure3.5:Analyticoperationshavefairlypredictabledemandpatternsthatinclude significantperiodsofpeakdemandfollowedbyanalysisoperations. Onceagain,thisservicerequiresthatyoubuildaninfrastructureforpeakcapacity.A clusterofhighendserverseachwithmultiplemulticoreCPUsandsignificantamountsof memoryarerequiredtobuildtheindividualpredictivemodelscombinedintoanensemble predictionservice.Althoughdatawillonlyneedtobestoredduringthetimethemodels arebuilt,architectswillhavetopurchasestoragesufficienttosupportcopiesofallthe variousdatarequired. BothofthesescenariosmanifestcommondifficultieswiththetraditionalITmodelof servicedelivery.Dedicatedresourcesarenotusedefficiently.Capitalspendingdecisions mayhavetobemadewithinsufficientusagedata.Itisdifficultifnotimpossibletoscalethe infrastructureupordownaccordingtodemand.Thecloudcomputingmodeloffersan alternativemethodfordeployingservices.
48
TheDefinitiveGuidetoCloudComputing
DanSullivan
NewServicesUndertheCloudComputingModel
Thecloudcomputingmodelprovidesaflexibleinfrastructurethatallowsserviceproviders toacquirethecomputeandstorageresourcestheyneed,whentheyneedthem,foraslong astheyneedthem,andtopayforonlywhatisused.Bothoftheexamplescenarioswould benefitfromdeploymentonthecloud. Scenario1:TutorialVideosintheCloud Thetutorialvideoserviceisanewcustomerfacingservicethatcouldhavewideranging demandpatterns.Initially,thesystemsarchitectsdecidetoallocatetwovirtualserversfor thebetatestperiod;however,ifdemandwarrantsadditionalorfewerservers,systems administratorswilladjustasneeded.Planningforlongtermstorageisnotasignificant issuebecauseadditionalstoragewillbeallocatedasneeded.Thereisnoneedtopurchase peakloadstorage.Astheprojectmovesfromthebetatestingstagetofullproduction,the systemsadministratorswilladdvirtualserversasneeded.Ratherthanfocusonpredicting whatthepeakdemandwillbeoverthenext12months,systemsadministratorscanfocus onimmediatedemandandserverallocationtoefficientlyandcosteffectivelymeetthat demands. Scenario2:AdvancedAnalyticsintheCloud Thecloudisamuchmorecosteffectivemethodfordeliveringthekindofadvanced analyticsdescribedearlier.Inthiscase,thereisarecurringdemandforasignificant amountofstorageandcomputingresources.Thedemandisforonlyafewdaysevery month,sopurchasingdedicatedhardwareisnotcosteffective.Deployingtothecloudis relativelystraightforwardandincludes: Creatingvirtualimageswiththerequiredsoftware,suchasETLsystems,andpre processingscriptsandstatisticalanddataminingpackages Instantiatingserverstorunpartsoftheworkflowasneeded;forexample,basedon thetypeofsourcedataanditsconfiguration,itmightmakesensetoinstantiate10 virtualserversforETLoperationsthatruninparallelastheETLoperations execute,theywritedatatocloudstorage,whichistakenasinputtopreprocessing scriptsthatoutputdataintotheproperformatforthedataminingapplication Allocatestoragetostoretherawandprocesseddata;oncethedatahasgone throughthepreprocessingstage,therawdataisdeleted;oncethepredictive modelsarebuilt,theoutputofthepreprocessingstageisdeletedaswell
49
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure3.6:Inthecloud,serverscanbeallocatedtodotaskaslongasneededand releasedatwhichpointotherserversareinstantiatedforthenextstepinthe workflows.Serviceprovidersonlypayforwhentheyareusingcomputeandstorage resources. Thetraditionalmodelofserviceallocationhasworkedwellforus.Themanycritical businessservicesarerunningtodayondedicatedinfrastructure.Cloudcomputingmodels improveonthetraditionaldeploymentmodelbyallowingyoutoeasilysharecomputeand storageresourcesandallocateonlywhatisneededwhenitisneeded.Thisapproach reducestheneedforadhocsolutionstomitigatingrisk,likeaddinganarbitrarypercentage toaprojectbudgetincaseadditionalhardwareisneeded.Asthesetwoscenariosshow, evenwithdiversetypesofprojectstargetedtodifferentuserswithdifferentcomputeand storagerequirements,cloudcomputingcanoffersignificantadvantages.Next,wewill identifytheadvantagesalludedtointhescenariosjustdescribed.
AdvantagesofDoingBusinesswithCloudComputing
Theadvantagesofdeployingserviceswithcloudcomputinginfrastructurefallintofour categories: Timetodeploynewservices Costcontrol Abilitytoscaletodemand Adaptabilityofresources
Eachoftheseadvantagesiscloselytiedtothearchitectureofcloudcomputingcombined withmanagementpracticesforallocatingthecostsofcomputeandstorageservices.
50
TheDefinitiveGuidetoCloudComputing
DanSullivan
TimetoDeployServices
Whenhardwareisdedicatedtospecificfunctions,itcanbedifficulttofindcomputeand storageresourcesforanewinitiative.Intheearlystagesfordevelopment,wouldbe serviceprovidersmaybeabletosqueezeinsomeapplicationsonunderutilizedservers. Thelikelysuccessofthisapproachdependsontheavailabilityofserverorstoragecapacity andtheabilitytofindthatexcesscapacity.Ifonehastocrossorganizationalboundariesto findtheseresources,thechancesofsecuringthemcandropsignificantly.Ifsuccessful, thesestopgapmeasureswilleventuallyhavetobereplacedwithamorepermanent solution. Procuringhardwarecanbetimeconsuming.Capitalexpendituresformultipleservers, storagearrays,andotherequipmentcanrequiremultiplelevelsofapproval.Plansmay havetobereviewedandapprovedfrombothabudgetandtechnicalperspective.Delivery ofhardwarecantakeweeks,andinsomecases,months.Oncethehardwarearrives,the nextstageofdeploymentbegins. Installinghardwareisamultifacetedprocess.Itneedstobeconfiguredaccordingto organizationalstandardsandincorporatedintosupportsystems,likebackupschedules andpatchmanagementsystems.Someofthemostfrustratingdelayscomewhenasingle pieceofhardware,suchasastoragecontroller,hastobeorderedseparatelyandinstalled whentheserverarrives.Intermsoffrustration,orderglitchesaresecondonlytohavingto waitforasimpletask,likerunningafibretothenewserver,togettothefrontofthe servicequeue.Manyoftheseconfigurationtasksareunavoidable.Theintegrityof infrastructuredependsonkeepinghardwareandsoftwareinaccordancewithpolicies. Fortunately,cloudcomputingprovidesaframeworkthatpreservestheintegrityof infrastructurewithoutmanyofthetimedelays(andfrustrations)encounteredin traditionalITdeploymentmodels. Inthecloudmodel,provisioningbecomesamatterofinstantiatingavirtualmachine instance.Therearenohardwareorders,deliverydelays,orwaitingforITsupporttoget aroundtoinstallingyourhardware.Withtheabilitytorapidlyadjustthenumberof instances,thereislessneedtoanalyzeprojecteddemand.Inefficientandtimeconsuming effortstofindexistingserverswithsparecyclesarealsoeliminated.Hardwareresources arecentrallymanagedandallocatedondemand.Thenewbottleneckstodeploymentare establishingachargeaccountforthecostofcloudservices,selectingavirtualimagetorun, anddecidinghowmanyinstancestostart.
51
TheDefinitiveGuidetoCloudComputing
DanSullivan
CostControlandAbilitytoScaletoDemand
Anotheradvantageofusingcloudasadeliveryplatformisgreatercostcontrol,andthatis tightlylinkedtotheabilitytoscaletodemand.Thiscomesfromtheabilitytomakefairly finegraineddecisionsaboutresources.Whereasyoumighthavetodecidebetween purchasinga$10,000and$15,000serverunderamoretraditionaldeploymentscheme,in thecloudrealm,youhavetodecidewhetheryouwanttorunthe$0.50/hrserverorthe $0.90/hrserver.Youarenotcommittedtousingtheseserversfor2to3yearseither;inthe cloud,youcouldbechargedbythehour.Ifyoumakeamistakeandunderestimateyour need,youaddmoreservers.Whenutilizationreportsshowthatthevirtualserversyou haveallocatedareunderutilized,youscalebackthenumberofserversyouarerunning.
Figure3.7:Dedicatedserversincurhighinitialcostinlinewithanticipatedpeak demand.Cloudserversincurcostsforactualuseovertime. Systemsadministratorsandservicemanagershavegreatercontrolovertheallocationof resourcesinthecloudandthereforecanprovisionasneededforcurrentdemand.With cloudcomputing,theyhaveeffectivelyescapedthechallengeofneedingtoconstantly dedicateresourceforpeakdemands. Thereisalsoapotentialforcostsavingswithsoftwarelicensing.Traditionally,softwareis oftenlicensedtonamedusersorforaspecificnumberofconcurrentusers.Thecloud openstheopportunityfornewsoftwarepricingmodels,suchaschargingbythehour. Ultimately,anycostsavingsonsoftwarelicensingwilldependonvendorsadaptingtheir pricingmodelstothecloud.
52
TheDefinitiveGuidetoCloudComputing
DanSullivan
AdaptabilityofResources
ThroughthecourseofITshistory,therehasbeenatrendtowardmakingcomputing resourcesmoreadaptable.Forexample,inthe1960sand1970s,ifyoupurchaseda mainframeorminicomputerfromIBM,DigitalEquipment,oroneofthefewother hardwarevendorsoftheday,youwouldgettheoperatingsystem(OS)forthatmachine, suchasOS/360forthemainframeorRSTSfortheminicomputer.Eachmachinewasused fordifferentpurposes,suchasbatchprocessingbusinessapplicationsorinteractive scientificprograms.Bythe1980s,hardwareandoperatingvendorsstartedtoseparate, withMicrosoftprovidingthedominantOSfortheIBMPCwhileAppleintroduceditsOSto runonMotorolahardware.Inthe1990s,itwasnotuncommontorundifferentOSsonthe sametypeofhardware.Cloudcomputinghasmovedthistrendtothenextstagewiththe abilitytorapidlyswitchvirtualmachineimagesrunningonahardwareplatform. Inthecloud,hardwareresourcesarenottightlycoupledtoanysingleplatform.Thesame resourcethatrunsaninstanceofWindowsServer2008anhouragomayberunning UbuntuLinuxnow.Asetofserversthatweretaskedwithgeneratingreportsforadata warehousemightbeusedtogeneratecustomerinvoicesafterthat.Removingrestrictions onthetypeofsoftwareandradicallyreducingthetimeandexpertiserequiredtochangeOS platformssignificantlyimprovestheadaptabilityofhardware. Theadvantagesofcloudcomputingstemfromtheabilitytodeploynewservicesfaster thanpossibleundermoretraditionalmodels;theabilitytocontrolcostsatamuchfine grainedlevelofdetailthanpossiblebefore,includingtheabilitytorapidlyscaletoneeds andtheadaptabilityofresourcestodifferenttasks.Themovementawayfromdedicated serversforsingletaskstousingcloudresourcesbringswithitseveralsourcesofROI.
SourceofROIintheCloud
TheROIofcloudcomputingisrealizedintwoforms:reducedcapitalexpendituresand improvedoperationalcosts.
LoweringCapitalCostswithCloudComputing
Withcloudcomputing,businessservicescanbelaunchedwithoutthesametypeofcapital outlaysrequiredintraditionalITdeploymentmodels.Theshiftsincapitalexpenditures occurforthreereasons: Reducedneedforinitialcapitaloutlay Reducedneedforbuildingforpeakcapacity Moreefficientutilizationthroughvirtualization
53
TheDefinitiveGuidetoCloudComputing
DanSullivan
Aswesawinearlier,justgettinganewbusinessservicestartedrequiresaccessto hardwareandsoftware.Traditionally,thismeansprocuringdedicatedserversrightfrom thestartevenifthefullcapacityoftheserverisnotneededforsometime.Tyingup workingcapitalinhardwarebringswithitopportunitycosts.Thecapitalthatwentinto purchasingaservercouldhavebeeninvestedinaresourcethatbeginsproducinganROI rightfromthestartinsteadofhavingtowaitmonthsbeforetheservicerequirestheextra initialcapacity. Anotheradvantagefromacapitalcostperspectiveisthatyoudonothavetoinvestforpeak capacity.Withthecloudmodel,yourcostsovertimearemorecloselyalignedwiththe averagecostofdeliveringaservice,notthepeakcapacitycosts.Thesavingscanbe significant,especiallywhenpeakdemandishighlyskewedrelativetootherdemand periods.Forexample,inthecaseoftheadvancedanalyticsapplication,therewasrelatively modestaveragedemandforcomputingresourcesbutsubstantialpeakdemand,providing forsubstantialsavingsincapitalcosts. AnothersourceofROIisduetovirtualization.Theutilizationofaphysicalserverisno longertiedtoasingleapplicationsusagepattern.Aserverdedicatedtotheadvanced analyticsapplicationwouldsitidlemostofthemonth;however,thesameserverinacloud configurationcouldhavemultiplevirtualmachinesrunningonthephysicalserver constantlyifthereissufficientdemand.Ofcourse,oneoftheobjectivesofmanagingacloud serviceistohaveenoughphysicalserverstomeetdemandbutnotsomanythatoverall utilizationratesdrop. PartoftheROIrealizedwithcloudcomputingcanbetracedtothereducedcostofcapital expenditures,butevenmoresubstantialbenefitcanbeaccruedbyloweringoperational costs.
LoweringOperationalCostswithCloudComputing
ThemostimportantdriversinROIrelativetooperationalcostscanbegroupedintofour areas: Ondemandprovisioning Reducedmarginalcostofsystemsadministration Standardizationandautomation Servicemanagementreporting
TheROIinoperationalcostsaresubjecttotheeconomiesofscale.Thesesavingsare particularlyimportantinlargercloudinstallations.
54
TheDefinitiveGuidetoCloudComputing
DanSullivan
OnDemandProvisioning ITsupportservicesarenecessaryinanydeploymentmodel,traditionalorcloud.The amountofsupportthatisneededforprovisioningserverscanvarysignificantly,though. ConsiderthestepsinvolvedinprovisioningavirtualserverinatraditionalITenvironment (thetodolistisevenlongerwhendealingwithphysicalservers),whichincludes: Submittingaservicedeskticketrequestingavirtualmachineinstance Identifyingwhichphysicalserverwillhostthevirtualmachine Determiningtheconfigurationparametersforthenewinstance Specifyingrequiredsupportservices,suchasbackups Coordinatingwithotherusersonthesharedhoststoavoidcommonpeakdemand periodsforexample,runningafullbackupononevirtualmachineinstancewhile anI/Ointensivejobisrunningonanotherinstance.
Figure3.8:Selfprovisioningallowscloudconsumerstoallocateandmanagetheir ownresources.
55
TheDefinitiveGuidetoCloudComputing
DanSullivan
Withaselfprovisioningsystem,cloudconsumershaveaccesstomanagementsystemsthat allowthemtospecifythetypeandnumberofvirtualinstancestocreate.Allthehardware inthecloudismanagedcentrallyandvirtualmachineimagesaremaintainedinaservice catalog,socloudconsumersdonothavetodealwithlowleveldetails.Forinstance,details aboutwhatdevicedrivershavetobeinstalledorwhichlibrariesareneededtorunan applicationhavealreadybeenaddressedwhenthevirtualimageswerecreated.Also,cloud infrastructureabstractsimplementationdetailssuchasallocatingmemoryorCPUsto particularvirtualmachineinstances. ReducingMarginalCostsofSystemsAdministration TounderstandhowacloudinfrastructurecanresultinsignificantROI,youonlyneedto lookathowsystemsadministrationchangeswiththecloud.Atypicallistofsystems administrationtasksinclude: Installingnewapplicationsandpackagesonservers PatchingOSsandapplicationsoneachserver Backinguplocalstorageoneachserver Allocatingspacetofilesystemsasneeded Reviewingandpurginglogfiles Performingsecuritychecks,suchasrunningvulnerabilityscannersandreviewing resultsforeachserver
56
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure3.9:Cloudsystemsadministrationentailsmaintainingimagesintheservice catalog,unliketraditionalsystemsadministration,whichislinkedtoeachphysical server. Inthecloud,maintainingindividualserversisswappedformaintainingvirtualmachine imagesintheservicecatalog.Theservicecatalogisthesetofimagesavailableforrunning inthecloud.Forexample,theremaybeseveralWindowsserverandLinuximagesthat havebeenconfiguredforgeneraluse.Theremayalsobemorespecializedimagesfor relationaldatabasesorcontentmanagementsystems.Stillotherimagesmaybedesigned fordeveloperswhoneedtoroutinelyinstantiateapplicationserversfordevelopmentand testingaswellasforproductionuse.Havingacentralizedrepositoryofvirtualmachine imagescansignificantlyreducethetimerequiredtoperformroutinetasks.Considera simpleexample.
57
TheDefinitiveGuidetoCloudComputing
DanSullivan
Amidsizebusinesscouldeasilyrun200serverswithamixofOSsandapplications.Ifa criticalsecuritypatchisreleasedandhastobeappliedto50servers,thepatchhastobe applied50times.Evenwithpatchmanagementapplicationstohelp,systems administratorswillhavetoverifythesuccessofthepatchineachcase.Incaseswhere automatedtoolsarenotavailable,systemsadministratorswillhavetoapplyeachpatch manually.Nowcomparethatwithpatchingaservicecatalog.Theexistingimageisremoved fromthecatalog;anewpatchedversionisgeneratedanduploadedintothecatalog.What couldhavetaken50distincttasksisdoneinonestep. Thisexampledoesraiseanotherdifferencefromasystemsmanagementperspective.The servicecatalogimageispatched,buttheremaybeinstancesoftheunpatchedimage runninginthecloud.Wherearethoseimages?Howlongwilltheycontinuetorun?Atwhat pointshouldtheinstancesbeshutdownandrestartedusingthepatchedversion?Thefirst twoquestionscanbeaddressedusingcloudmanagementsoftware.Thelastissueisa questionofpolicyanalogoustodecidingwhentoscheduleacriticalpatchforaserver. Systemsadministrationinthecloudmaybelesslaborintensivebutsometimesdifficult decisionsaboutbalancingsecurityorstabilitywithbusinessexpectationsremain. StandardizationandAutomation AnotherreasonforoperationsrelatedROIisthatbystandardizingonasetofgeneral purposevirtualmachineimages,youreducetheoverheadinmaintainingthem.Imagesare deployedandvirtualmachineinstancesarestartedusingamanagementconsole,soacloud userwhoknowshowtodeployaWindowsserverknowshowtodeployaLinuxserverora relationaldatabaseaswell.Standardizationalsoenablesbehindthescenesautomation thatfurtherreducesthedemandforsystemsadministratorexpertise. Forexample,whenyouinstallLinuxonaserver,youhavetodecidewhattypeoffile systemtouseandhowtopartitionthedisk.Thesearenotparticularlydifficulttasks,but youdoneedtoknowsomethingabouthowpartitionsareused,howmuchspacetoallocate toeach,andthetradeoffsbetweenthedifferentkindsoffilesystems.Whenyouinstantiate serversinthecloud,youdonothavetoworryaboutstorageservices,theyareprovidedfor you.Theimagesintheservicecatalogareconfiguredtoworkwithcloudstorageservices. Muchofthetediumofsettingupmonitoringprocessestocollectperformanceandusage dataisalsoautomatedwithservicemanagementsystems.
58
TheDefinitiveGuidetoCloudComputing
DanSullivan
ServiceManagementReporting ROIisnotjustabouttechnologybutabouthowyoumanageit.Withservicemanagement reporting,serviceproviderscanbetterunderstandtheresourcestheyuseandadjusttheir allocationsaccordingly.Someofthemeasurementsserviceprovidersmightuseinclude: Numberofserverhoursallocated Overallaverageserverutilization Averageserverutilizationbyhour Averageserverutilizationbyinstancetype Totalstoragespaceused AmountofnetworkI/O
AssessingtheBusinessValueofCloudServices
TheROIincloudtechnologieswillvaryfromonebusinesstoanother.Muchwilldependon factorsoutofyourcontrol,suchaseconomiesofscalethatwillbenefitlargerbusinesses thansmallerones,aswellasfactorsyoucanmanage,suchasserverutilizationrates.To assessthevalueofcloudservicestoabusiness,considerseveralcloudmetricsaswellas thesourceofROIforyourparticularbusiness. Thereasontotrackparticularmetricsincloudcomputingisnodifferentthanthatofany otherbusinessoperation:toquantifythecostsandbenefitsoftheservice.Thisisespecially importantwhenusingaprivateorhybridcloudmodel.Keymetricsforthesecloudsare: Utilizationofallcloudresources.Ifresourcesareunderutilized,serverscanbe powereddowntosaveonenergycosts.ITmayalsowanttopromotetheuseofthe cloudandpublicizeavailabilityofresources. Systemsmanagementhours.LaborcanaccountforsignificantportionsofIT operatingbudgetsbutshouldbesignificantlylessforcloudservices.
59
TheDefinitiveGuidetoCloudComputing
DanSullivan
Virtualmachineimageuse.Allimagesinaservicecataloghavetobemaintained. Ifsomeimagesarenotused,orusedinfrequently,theymaybeincurringmorecosts thantheyrecoupthroughusagecharges.Infrequentuseorusebyonlyoneusercan alsoindicatespecializedoroneoffimages.Thesearesometimesnecessarytomeet businessrequirements,butifthenumberofspecializedimagesgrows,thecostof maintainingthemwillincrease.Chargesmayneedtobeadjustedtorecoupthefull costsofmaintainingspecializedimages. Timetoprovision.Thismetriccanindicateinsufficientresourcesinthecloud.Ifa sufficientnumberofserversarenotavailable,userswillhavetowaitforotherjobs tofinishinthecloudbeforetherevirtualmachineinstanceswillbeprovisioned.
Summary
Cloudcomputingoffersnewwaystodeliverbusinessservices.Asthetwoexample scenarioshighlighted,differenttypesofbusinessapplicationscanbenefitfromdeployingin thecloud.Theabilitytoscalecomputeandstorageresourcesasneededreducestheneed tobuildforpeakdemand.This,inturn,reducesthecostofdeliveringserviceswhile avoidingcostlyriskmitigationstrategies,suchasaddingcontingencyfundstoaproject budgettopurchaseadditionalhardwaretomeetunexpecteddemand. Furtherbenefitsofcloudcomputingaccruewithregardstoreducingthetimetodeploy newservices,morewaystocontrolcosts,andtheadaptabilityofresources.Serversinthe cloudcanberepurposedrapidlyandwithminimaltechnicalexpertise,reducingtheneed fordedicatedserversandtheirtypicallowutilizationrates.
60
TheDefinitiveGuidetoCloudComputing
DanSullivan
61
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter4:HowCloudComputingWillHelp YourBusiness
Cloudcomputingchangesthewaywedobusiness.Muchofthecoverageofcloud computinghasfocusedonthetechnicalaspectsofthiscomputingmodel:theconsolidation ofservers,virtualization,security,andsoon.Thisisunderstandable,asyoumusthavea clearideaofwhatcloudcomputingoffersfromatechnicalperspectivebeforeyoucan appreciatewhatitcandoforyoufromabusinessperspective. Thischapterturnsattentiontothebusinesssideofcloudcomputing.Inparticular,this chapterconsidersthefollowing: Howcloudcomputingcanhelpyourbusiness Assessingcurrentcapabilities Introducingcloudcomputingasanewmodelforconsumptionanddelivery Measuringthevalueofacloud
62
TheDefinitiveGuidetoCloudComputing
DanSullivan
HowCloudComputingCanHelpYourBusiness
Adoptingcloudcomputingisamajorchangefromthetraditionaldistributedsystems modelsmanyofususetoday.Norationalbusinesspersonwouldmakesuchafundamental changetocoreinfrastructurewithoutunderstandingtheconsequencesforthebusinesses. Afterall,ifyourcurrentcomputingandstoragesystemsaremeetingyourneeds,why change?Whybringontherisksassociatedwithanewtechnology.Certainly,thereissome alluretobeingonthecuttingedgeandhavingthelatesttechnology,butchasingtechnology trendsfortheirownsakeisnotasoundstrategyforlongtermbusinesssuccess.Instead, technologyisadoptedinservicetoabusinessstrategy. Movingyourbusinesstothecloudshouldbeginwithconsiderationsthathavenothingto dowithclouds,atleastnotyet.Cloudcomputingisasolution;thefirstquestiontoask: Whatistheproblem?Togettotheanswertothatquestion,youneedto: Identifybusinesspriorities Identifyoperationinefficiency Identifybarrierstoinnovation
BusinessandTechnologyAlignments:TheIdealvs.Reality
Considerahealthcareproviderwithseveralhospitals,tensofclinics,andhundredsof doctorsservingthousandsofpatients.Aspartofastrategicplantoimprovethequalityof serviceswhilecontrollingcosts,executivesatthehealthcareproviderdecideto disseminateinformationonpatientconditions,treatments,andoutcomes.Theexecutives believe,withsufficientfeedbackontheresultsoftreatmentchoicesalongwithdetailson thecaseswhereparticulartreatmentsworkanddonotwork,physicianswillbeableto reduceuncertaintyassociatedwithselectingtreatmentoptions. Toimplementthisplan,thehealthcareproviderwillhaveto: Createaconsolidatedreportingsystemsuchasadatawarehouse Developproceduresforextractingandloadingdatafrommultiplesitesintothedata warehouse Createareportinginfrastructuretodeliverinformationtophysiciansinawaythat iseasytouseandfitswiththeirworkpatterns Establishgovernanceoverthedatawarehouseandreportingprocedurestoensure compliancewithHIPAAandanyotherrelevantregulations Defineamechanismtocollectfeedbackfromuserstoimprovethesystem
63
TheDefinitiveGuidetoCloudComputing
DanSullivan
Withthehighlevelrequirementsinplace,thenextstepistodeterminehowtheIT departmentwillproceedtoimplementtheplan.Someoftheissuesthatwouldlikelyarise include: Acquiringserversandstoragetohousethedatawarehouse Purchasinglicensesfordatabase,reporting,andextraction,transformation,and load(ETL)tools Assemblingateamtoinstallandconfiguretheinfrastructureonceitisacquired Designinglogicalandphysicaldatamodelsforthedatawarehouse Developingreports Establishingaccesscontrolsoverreportsanddata Creatingasupportteamtomonitordatawarehouseprocessesandprovideenduser support
Thereareotheritemsyoucouldaddtothelist,butthelistissufficienttodemonstratethe potentialdragthatIToperationscanhaveonbusinessinitiatives.First,though,letsdepict anidealscenario. IThassufficientserverandstoragecapacityforthedatawarehouse.Developmentwork canbeginimmediately.Fortunately,IThasstandardizedonarelationaldatabase,adata warehousingmethodology,andreportingtools.Theseapplicationsalreadyworkwiththe identitymanagementsysteminplaceattheorganization,soaccesscontrolscanbereadily establishedandmanaged.ThesupportservicesgroupwithinITisalreadyfamiliarwith thesestandardizedtools,sothereisminimalmarginalcosttosupportanothersetofusers. Thisidealscenarioisoneinwhichinfrastructure,standardizedapplications,andsupport servicesareinplaceandreadilyavailablefornewinitiatives.Tomany,thisisafantasy;the realitythatmanyofushaveexperiencedinprojectslikethisisfardifferentfromthis scenario.Hereisaversionofthescenariothatmightringtrueformorereaders. Therequirementsforthereportingprojectoutstriptheavailablebudget.Requirements willhavetobeprioritizedandsomefeatureswillhavetobedelayeduntillaterphases. Thereisinsufficientstorageavailabletothebusinessdepartmentthatownsthisproject. (Thereisplentyofstorageonanotherdepartmentsdiskarray,butorganizational boundariesruleoutusingit.)Hardwarewillhavetobeprocuredandinstalled.Rackspace andcablingareaproblemthatcanbeworkedoutwiththeinfrastructuremanagement group,which,giventheirbacklog,willbeinafewweeks.Thecompanyhasasitelicensefor thedatabasesoftwarebutthisprojectrequiresseveraladditionalpackagesthatwillhave tobepurchased.Severalreportingtoolsareusedinotherbusinessintelligenceprojects,so aninternalevaluationwillbedonetodeterminethebesttoolforthiseffort.
64
TheDefinitiveGuidetoCloudComputing
DanSullivan
IdentifyBusinessPriorities
OneofthemostimportantaspectsofsuccessfulITservicesisthattheyalignwithbusiness goals.ThatisashortwayofsayingITservicessupportbusinessobjectivesina straightforwardmanneranddonotintroduceunnecessarycost,delays,orotherburdens onabusinessstrategy.
65
TheDefinitiveGuidetoCloudComputing
DanSullivan
Whatevertheprioritiesandtheirrelativeimportance,itiscriticaltoidentifythesefora business.Knowingthesewillhelpdeterminewhetherandhowcloudcomputingcanhelp yourbusiness.Forexample,ifcostcontrolisatoppriority,increasingserverutilization throughvirtualizationandincreasingstorageutilizationthroughconsolidationwithcloud computingarchitecturescanhelp.Ifimprovingcustomerretentionisimportant,youmay needtoinvestinadvancedanalytics,suchasdataminingandstatisticalanalysis,todetect earlywarningsignsofchurn.Advancedanalyticscanbecomputeintensiveandisagood applicationforcloudcomputing.Ofcourse,knowingyourbusinessprioritiesmayleadto theconclusionthatcloudcomputingisnotsomethingyouneedatthemoment.Whatever yourconclusion,ifyoustartwithbusinesspriorities,youwillatleastjustifywhyorwhy nottopursuecloudcomputingoranyothertechnology. Caution Tobeclear,cloudcomputingisnotapanaceathatwillsolveallyour problems.Therearetimeswhencloudcomputingisnottherightsolution.It maybeanappealingoptionatalatertime,butyourbusinessmaynotbeina positiontomovetotheclouduntilitimprovesitsITgovernancepractices, forexample.
IdentifyOperationalInefficiencies
Operationalinefficienciesareadrainonthebottomline.Whenanemployeehastoperform tenstepstocompleteataskthatcouldbedoneinsixsteps,thebusinesslosesproductivity. Whenserversarepoweredonandfunctioningbutnotrunningproductivejobs,the businessisrealizinganopportunitycostaswellasincurringunnecessaryenergycosts. Operationalinefficiencies,ironically,areoftenfoundinITdepartmentsthathave traditionallybeenasourceofincreasedproductivity.OperationalinefficienciesintheIT realmcomefromthewaywedeployandutilizehardwareandthewaywemanage software. Lowserverutilizationisacommoninefficiency.Priortothewidespreadadoptionof virtualization,manyorganizationsusedaoneapplication,oneserverapproachto deployment.Thisapproachminimizedproblemswithconflictingrequirementsand allowedadministratorstomanageserversandapplicationsasatightlycoupledunit.The pricewepaidforthiswaswastedCPUcycles.
66
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure4.3:Standardizingserverconfigurationsisonewaytoreducesystems managementinefficiencies.
IdentifyBarrierstoInnovation
Thescenariodescribedearliershowshowinnovationcanstagnatebecauseoftechnology barriers.Itisimportanttonotethatthebarriersinthatscenariowerenotcausedbypoor managementorunskilledITprofessionals;theproblemarosefromtheconstraintson procuringnewhardware,configuringsoftware,andorderingasequenceofdeployment eventsthataccountforarangeofdependenciesbetweensteps.
67
TheDefinitiveGuidetoCloudComputing
DanSullivan
Anyorallofthesecanbesignificantbarrierstoinnovation.Inthetimeofaglobalized economy,customershavemoreoptionsthaneverbefore,businesseshaveaccesstoawider poolofsuppliersandbusinesspartners,andthelistofpotentialcompetitorsismorelikely togrowthannot.Addtothislistthedemandsoncompaniestoconsistentlymeet performanceexpectationsquarterafterquarter,andyouseethatbarrierstoinnovation canbeapotentiallongtermdragonthecompanyoverall. Thefirststepstounderstandinghowcloudcomputingcanhelpyourbusinessisto formulateaclearpictureofbusinesspriorities,pinpointoperationalinefficiencies,and identifybarrierstoinnovation.Thesethreeelementscomprisethekeybusinessdrivers thatcanguidethesuccessfuluseofcloudcomputinginyourorganization.Asnotedearlier inthischapter,businessrequirementsdrivetechnologybasedsolutions,butbefore adaptingnewtechnologies,ithelpstohaveaclearunderstandingofcurrenttechnical capabilities.
AssessingCurrentCapabilities
Technologycapabilitiesareacombinationofhardwareandsoftwareinfrastructurewithin anorganizationaswellasthemanagementpracticesthatgoverntheuseofthat technology.Forthepurposesofunderstandingtheroleofcloudcomputinginimproving businessservices,letsconsiderseveraltypesofcapabilities: Infrastructure Platforms Applications Governance Managementandreporting
TheDefinitiveGuidetoCloudComputing
DanSullivan
InfrastructureCapabilities
ITinfrastructureforthepurposeofthisdiscussionincludesserverandstoragehardware aswellasnetworkingcomponents.Whenassessingcurrentcapabilitieswithregardsto infrastructure,consider: Theinventoryofserverscurrentlyinplace Thegeographiclocationofservers Thecostsofmaintainingeachserver Utilizationmetricsforservers Networkinfrastructurebetweensites
Attheendoftheinfrastructureassessment,youshouldhaveaclearideaofoverallserver utilization.Ifyouroperationsaresimilartomost,youwillhavemanyserversrunning singleapplications,andthoseserverswereconfiguredtohandlepeak,notaverage, capacity.Ifthisisthecase,amovetocloudcomputingisanopportunitytoconsolidate serversanddecommissionthosewithhighmaintenancecosts,nostandardconfigurations, andrelativelylowperformance.Suchconsolidationcanhaveanimmediateimpactonthe powerandcoolingcostsofadatacenter. Theremayalsobeanopportunitytoconsolidatedatacentersoratleastserverscurrently locatedinremoteoffices.Reducingthenumberofsitescanhelpeasemanagement overheadandstreamlineIToperationssuchasbackups.
PlatformCapabilities
PlatformsaretheOSsandapplicationstacksthatrunonacompanysITinfrastructure. Enterprisestypicallyhaveanumberofplatforms: Windows Linux Unix MainframeOSs
69
DanSullivan
Thegoalhereisonceagaintoconsolidateasmuchaspossible. OSConsolidation Standardizingonareducednumberofplatformswillreducesystemsmanagementtasks andprovideasteptowardthetypeofselfservicemanagementthatissuchanimportant factorincloudcomputingsROI.Standardizinginthiscasedoesnotmeancommittingto usingonlyWindowsoronlyLinuxbuttoreducingtheamountofvariationintheplatforms. Forexample,ifadepartmentisstillrunninganinstanceofWindowsServer2000,thisisa goodtimetomovethoseapplicationstoWindowsServer2008.Similarly,ifseveral distributionsofLinuxarecurrentlysupported,considerreducingthatnumber.Itmaynot bepossibletofindaLinuxdistributionthatisoptimalforallneeds,butyoumightfindyou canusefewerdifferentdistributionsthanyoucurrentlyhave. ApplicationStacks Applicationstacksaremiddlewarethatreducesdependenciesbetweenapplicationsand OSs.WhenapplicationsarewrittendirectlytoanOS,theycanbedifficulttoport.Even similarOSs,likedifferentversionsofUnix,canharborenoughdifferencestomakeporting softwaredifficult.ApplicationstacksandmiddlewareabstractlowlevelOSdetailsand provideaconsistentprogrammaticinterfaceandsetofservices.Theywillbejustas importantinacloudenvironmentastheyareintodaysdistributedsystemenvironments. Commonapplicationstacksare: Microsoft.Net LAMP(Linux/Apache/MySQL/PerlorPython) J2EE(Java2EnterpriseEdition)
70
TheDefinitiveGuidetoCloudComputing
DanSullivan
Microsoft.NETFramework
Microsoft.NETFrameworkisadevelopmentframeworkforbuildingWebapplicationsfor Microsoftplatforms.Theframeworkincludesseveralcomponents: AcommonlanguageruntimethatactsasanabstractionlayeraboveOSfunctions Baseclasslibraries Supportforbothcompiledlanguages,suchasVisualBasicandVisualC#,aswellas dynamiclanguagessuchasIronRubyandIronPython WindowsPresentationFoundation,auserinterface(UI)framework Silverlight,asetof.NETtoolsforbuildingrichInternetapplications(RIAs) WindowsCommunicationFoundation(WCF)forserviceorientedarchitectures ADO.NET,asetofdataaccessservices WindowsWorkflowFoundation
Notsurprisingly,the.NETFrameworkisdesignedtoleverageSQLServerdatabaseand otherOLE/ODBCdatasources.
LAMP(Linux/Apache/MySQL/PerlorPython)
LAMPisasetofcommonlyusedopensourcesystemsforbuildingWebapplications.Unlike theMicrosoft.NETFramework,theindividualcomponentsofthissetofplatformtoolshad longandwelldevelopedhistoriespriortotheadventofLAMP.Eachofthefour componentsprovidesabasicservicecommonlyneededinWebapplications: LinuxistheOSunderlyingtheLAMPstack ApacheistheWebserverandrelatedmodulesthatmaybeinstalledasneededfor particularapplications MySQLisapopularopensourcedatabasesuitableforarangeofapplicationssizes andneeds PHP,Perl,andPythonarescriptinglanguagesusedtoimplementcustomapplication functions
71
TheDefinitiveGuidetoCloudComputing
DanSullivan
JavaPlatformEnterpriseEdition
TheJavaPlatformEnterpriseEdition,sometimesreferredtoasJ2EE,isamiddleware frameworkdesignedfordeployingdistributedJavaapplications.LiketheMicrosoft.NET Framework,therearemultiplecomponentsprovidingarangeofservicesforapplication developers.Theseinclude: EnterpriseJavaBeans,adistributedobjectcontainer JavaTransactionsAPI JavaMessagingServiceAPI JavaEEConnectorArchitecture JavaXMLStreams JavaPersistenceAPI JavaServerFaces,aUIframework
72
TheDefinitiveGuidetoCloudComputing
DanSullivan
ApplicationCapabilities
Enterprisesrunawiderangeofapplicationsandmanyofthesearesuitableforrunningin thecloud.Thegoalofassessingapplicationcapabilitiesistodetermine: Therelativepriorityofmovinganapplicationtothecloud Thedifficultytomovetheapplicationtothecloud Changestoapplicationmanagementpracticesthatmaybeneededafterthemoveto thecloud Potentialrisksandmitigatingstrategies
Whenitcomestoprioritizingmovingapplicationstothecloud,youshouldlookforthose systemsthatare(a)underutilizingtheserverstheyrunon,(b)arerunningbelowneeded performancelevelsbecausethehardwaredoesnotadequatelyservecurrentloads,or(c) havepeakdemandsthatcouldtakeadvantageofelasticallocationofCPUandstorage capacityofthecloud. Atthesametime,youwanttoavoidimmediatelymovingapplicationstothecloudthatmay havespecialrequirements.Forexample,highsecurityapplicationsthatwouldrequireany deleteddatabenotonlydeletedbutoverwrittenmultipletimestoreducetheriskof unauthorizedreconstructionofthatdata.(Deletingdatacanbedonebymarkingadata blockasavailableforuse,soolddatacancontinuetoresideonthediskevenafterfiles havebeenlogicallydeleted.)Itisnotthecasethattheseapplicationscanneverbemovedto thecloud;theycanoncesecurityproceduresareinplacetomeettheapplication requirements. Runningapplicationsinthecloudandonadedicatedserverwillrequiredifferent managementroutines.Forexample,acloudstorageprovidermayprovidesufficient redundancyindataduplicationthatyoumayreducethenumberofbackupsperformed. Also,asdepartmentswilllikelybebilledforthetimevirtualmachineinstancesarerunning, theywillwanttooptimizetheirworkflowstokeepthevirtualserversutilizedasmuchas possiblewhentheyarerunning. Billingrulesshouldalsobeconsideredwhenschedulingjobs.Forexample,ifadepartment ischargedforafullhourofvirtualservertimeregardlessofhowmuchofthathouris utilized,itwouldbebesttoschedulejobscontinuouslyratherthanshuttingdownand restarting.Ofcourse,thisassumesthatjobscanbescheduledtogetherthatrequirethe sameplatform.Aseventhissimplescenarioshows,thewayyoumanagecloudapplications willhavetoaccountfornewbillingstructuresandserverusepatterns.
73
TheDefinitiveGuidetoCloudComputing
DanSullivan
GovernanceCapabilities
Acapabilitiesassessmentshouldincludeanassessmentofgovernancepracticesaswell. Althoughcloudarchitecturesarefaulttolerantandresilient,thegovernancepracticesfor cloudsareapotentialsinglesourceoffailure.Poorgovernanceaffectsallusersofthecloud. Governanceofcloudoperationsisrequiredforalltypesofclouds:private,public,and hybrid.Thepoliciesthatareimplementedwillvarybytypeofcloud,butingeneral,they willinclude: Complyingwithgovernmentandindustryregulations Definingandenforcingauditcontrolsandsecurityprocedures Establishingcostallocationandcostrecoverypolicies Settingpoliciesonthemanagementoftheservicecatalog Adjustingexistingpoliciestoaccommodatecloudservices
Thesegovernancerequirementsshouldnotbenewwithcloudcomputing.Theneedfor governanceisindependentofITarchitecturechoices.Asnotedearlier,though,thecloud changesthewayyoudeliverservicesandprovidesnewopportunitiestochange managementorgovernancepolicies.Forexample,changecontrolpoliciesmaybecome moreflexiblewithregardstoplatformlevelchangesbecausemultipleversionscancoexist intheservicecatalog. Thegoalofthegovernancecapabilityassessmentistounderstandthemechanismsthatare alreadyinplacetoguideIToperations,identifyweaknesses,andmakenecessarychanges. Cloudcomputingwillnotimprovegovernancepractices,butpoorgovernancecan eventuallyunderminethevalueoftheinvestmentincloudcomputing.
74
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagementandReportingCapabilities
Withcloudcomputing,serviceconsumershavegreatercontroloverhowtheyuse computingandstorageresources.Tooptimizetheiruseoftheseresources,theyneed informationabouttheirworkloads,levelsofutilization,costs,andothermetrics. Managementreportsarethekeytodeliveringthatinformation. Reportsanddataoncloudusageshouldbeavailableforbothfrontlinemanagers responsibleforschedulingjobsandbudgetingforservicesandforbackofficebilling operations.Frontlinemanagersshouldhaveaccesstonearrealtimebillinginformation onCPUutilizationandstorageallocationssothattheycantuneworkflows.Theyshould alsohavecomparativehistoricaldatasothattheycandetecttrendsandproperlyplanfor futureneeds.Whenaprivatecloudisused,backofficebillingsystemswillneedto accommodatebillingorchargebacksforcloudservices.Existingfinancialreportswould thenprovideanadditionalsetofreportsforfrontlinemanagers.
75
TheDefinitiveGuidetoCloudComputing
DanSullivan
IntroducingaNewModelforConsumptionandDelivery
Introducingcloudcomputingcanbedoneintwoways:byusingapubliccloudorbyusinga privatecloud.Wewillfocusmostofourattentiononthelatter,butwewillbrieflyaddress theuseofpublicclouds.
IntroducingPublicCloudConsumptionModel
Publiccloudscanbeintroducedquicklyforsmall,experimentalevaluationsthatdonot involveconfidentialdata,specializedworkflows,orcomplexsecurityrequirements.Ina veryshorttime,adepartmentlevelmanagercould: Establishanaccountwithapubliccloudprovider Uploaddataforanalysisintothepubliccloudprovidersstoragesystem SelectfromthepublicproviderscatalogofOSsandotherplatformsoftware Allocatethenecessarynumberandtypesofservers Runthejob Shutdowntheservers,collecttheresults,andcompletethetask
Thistypeofisolated,tacticalusecanalsobedoneincaseswhereconfidentialdata, specializedworkflows,orcomplexsecurityrequirementsexist,butitwouldtake significantlymoreplanning,alongthelinesofwhatwewillbedescribingshortlyinthe discussionofaprivateclouddeployment. Publiccloudsallowconsumerstoexperimentwiththeclouddeliverymodelwithoutfully committinghardware,software,andmanagementtoafullscaledeployment.Itisalsoa viableoptionformeetingpeakdemandsofjobsthatarereadilymovedtoapubliccloud. Runningsignificantportionsofyourbusinessservicesinthecloudforextendedperiods cancertainlybedonebutwillrequirethetypeofattentionandplanningthatonefindswith theuseofprivateclouds.
IntroducingPrivateCloudConsumptionModel
Thereisnothinginherentincloudcomputingthatrequiresthecloudbeownedand operatedbyanotherbusiness.Cloudcomputingisanarchitectureandasetofservicesthat enableaccessresourcesondemand.Theinfrastructureandservicesaremanagedbythe providerandusedbyserviceconsumers.Theprovidercanbeathirdpartyofferinga servicetothepublicoranITdivisionwithinacompanyofferingcomputingandstorage servicestootherdepartmentswithinthecompany.
76
TheDefinitiveGuidetoCloudComputing
DanSullivan
Aprivatecloudmayappeartolacksomeoftheeconomicadvantagesofcloudcomputing, suchaslowermanagementcostsandnoneedforcapitalexpenditures.Thismayormaynot bethecasewithprivateclouds;theeconomicbenefitwilldependoncircumstanceswithin thebusinessprovidingaprivatecloud.Ifthebusinesshasalargeexistinginfrastructure withlowutilizationandhighsystemsmanagementoverhead,thecompanycouldbenefit fromredeployingtheirinfrastructuretoaprivatecloud.Thenumberofserverscouldbe reducedbecausefewerwillbeneededtomeetexistingdemands.Managementoverhead couldbesimplifiedwithcloudmanagementsoftware.Incaseswherecapitalexpenditures arerequired,businessescanstillbenefitfromspendinglessoninfrastructurethanthey wouldiftheydidnotuseacloudbasedapproach. Introducingaprivatecloudwillentailchangingproceduresandpractices;thesechanges fallintothreeareas: Deployingexistinginfrastructureinaprivatecloud Enablingapplicationservicesinacloud Managingacloud
DeployingExistingInfrastructureinaPrivateCloud Thefirststepistoestablishthehardwareinfrastructureforrunningthecloud.Existing hardwaremaybeusedforthis,butofcourse,itwillrequireplanningtoensureexisting servicesarenotdisruptedduringthetransition. Thefirststepistoidentifytheserverstouseforcloudservices.Oneofthegoalsofcloud computingistoincreasetheserverutilization,soyouwouldexpecttousefewerserversfor thesamelevelofdemand.Ifthisisthecase,olderserverswithloweroverallperformance andhighermaintenancecostsareobvioustargetsforelimination.Someofthefactorsto considerwhenselectinghardware: NumberofCPUsandcoresintheserver AmountandspeedofRAM Networkinterfacecardthroughput Costofmaintenancecontracts,ifany Costofleasingcontracts,ifany Powerconsumption Coolingrequirements Standardization
77
TheDefinitiveGuidetoCloudComputing
DanSullivan
Storagehardwareshouldbeselectedforcomparablereasons:speed,capacity,throughput, powerconsumption,cooling,andsoon. Networkcapacityandthroughputshouldalsobeconsideredattheearlydeploymentstate. Ifdatacentersarebeingconsolidated,additionalnetworkcapacitymayberequired.Also, considerthelevelsofredundancyonthenetworktoensureservicescancontinueat neededlevelsif,forexample,oneInternetaccessproviderisdown. EnablingApplicationServicesintheaCloud Applicationservicesbeginwithaservicecatalog.ThisisthesetofallOSs,middleware,and applicationsthatwillruninthecloud.Aswithdeployinghardware,thisisanopportunity tostandardizeonsoftwarecomponents.Theadvantageofstandardizingisthatthereare fewerpiecesofsoftwaretomanage,patch,andconfigureandthatultimatelyleadsto reducedsupportcosts. Softwareservicesinthecatalogshouldbebasedonbusinessrequirements.Therewillbe needsfordifferentOSsandapplicationstacks,possiblyinmultipleconfigurations.For example,tosupportexistingbusinessservices,theservicecatalogmayneedtoinclude: WindowsServer2008with.NETFramework WindowsServer2008withJavaEnterpriseEditionframework LinuxwithLAMPframework
Inadditiontotheapplicationsneededintheexistingconfiguration,therewillbeadditional softwareneededtomanagethecloud. ManagingaPrivateCloud Managingaprivatecloudrequiressoftwareandprocedures.Operationmanagement softwareisneededtotracktheuseofcomputeandstorageresourcesinthecloud.Asnoted earlier,cloudconsumersshouldhavetheabilitytotracktheiruseandcostsastheymake useofservices.Theyshouldalsohavetheabilityto: Monitortheirjobs Scheduletheirjobs Establishcomplexworkflows Trackstorageuse Createspecializedvirtualmachineimageswithcustomconfigurations
78
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure4.6:Managementcomponentsincludetheservicecatalogofaplatformsand applicationsavailableinthecloudaswellasmanagementsupportsoftware.
79
TheDefinitiveGuidetoCloudComputing
DanSullivan
MeasuringtheValueofaCloud
MovingtoacloudcomputingenvironmentwillchangetheITcoststructureandimpact bothcapitalcoststructuresandoperationalcosts.
ChangestoCapitalCost
InaconventionalITmodelinwhichdepartmentsorservicemanagersusededicated servers,theyoftenhavetoplanforcapitalcosts.Theseareinfrequentbutsignificantcosts thatarebudgetedoutsidethenormaloperationsbudget.Althoughthecostofaserveror twomaybeaccommodatedinanoperationalbudget,thatisnotthecaseforafully functionalapplicationenvironment. Considerthecostsofdeveloping,testing,deploying,andmaintainingapplications.For hardware,youwouldneeddevelopmentandtestservers.Forsmallprojects,asinglehigh endservermayserveforbothaslongaseachraninitsownvirtualenvironment.The productionservermayactuallybeaclusterofserversandaloadbalancerinordertoscale topeakdemand.Theloadbalancerwillprovidesomedegreeofhighavailability,but disasterrecoveryproceduresdictateabackupsetofserversinanoffsitelocation.Storage willberequiredaswell,addingtothecapitalexpenditure.Inadditiontothesehardware costs,therewillbethecostofapplicationandOSlicenses. Inthecloud,thesecostsdonotgoaway,buttheyarereduced.Thekeyistoefficientlyshare resourcesratherthandedicateserversandstoragearraystosingleservicesor departments.Ratherthanhavingmultipleservicemanagersdeveloptheirowncapital budgets,completewithwiderangingcontingencyfundseitherexplicitlyorimplicitlyadded tothebudget,centralITcanplanforcapitalcostsacrossawidebaseofusers.Theend resultislesscapitalexpenditurebecauseofmoreefficientuseofinfrastructure,platforms, andapplications.
ChangestoOperationalCost
Cloudcomputingcanproveadvantageousforoperationalcostsinfourareas: Labor Infrastructuremaintenance Facilitiesoperations Simplifiedaccounting
80
TheDefinitiveGuidetoCloudComputing
DanSullivan
ThecloudcanreduceITsupportlaborcostsinotherways.Withacentralizedservice catalog,updatingandpatchingbecomeslesslaborintensive.Forexample,ifanOSvendor releasesacriticalpatchthathastobepushedtoservers,thenhundredsofserversmaybe involved.Thisrequiresidentifyingwhichserversneedthepatch,deployingthepatch throughanautomateddeliverysystem,reviewingtheresultsofthepatchingoperation,and manuallyapplyingthepatchtothoseserversthatfailedtobepatchedcorrectlyusingthe automatedmethod.ThiscanbeatimeconsumingburdenonITsupportstaffwithother regularlyscheduledtaskstocomplete.Thesamepatchcouldbeappliedtoimagesinthe servicecataloginfewernumbersbecauseonlyonecopyofeachconfigurationisneeded. Also,thepatchwouldbeavailabletousersofthoseimagesthenexttimetheyinstantiate theirvirtualmachines. InfrastructureMaintenance Standardizationisawellestablishedmethodtoreducecosts.Standardizingon infrastructureisnoexception.Addingnewcomponents,suchasservers,toacloudwill havelowmarginalcostsiftheyareconfiguredsimilarlytoserversalreadyinthecloud.If therearefailures(andtherewillbe),thenewunitsarereadilyswappedinwithout requiringconfigurationchanges.Inventoriesofsparecomponentsarekepttoaminimum aswell.Cloudsruninacentralizeddatacenter,sothereislessneedforremoteofficevisits todealwithfailedhardware. FacilitiesOperations Anothercontributortosavingsinoperationalcostscomesinfacilitiesmanagement.IT infrastructurecanconsumesignificantamountsofpowerleadingtohighenergycosts.Of course,allthatpowerthatcomesintothedatacentergetsconvertedtousefulcomputation, buttheconversionfromelectricitytocomputationisnotperfect.Theinefficienciesin conversionarerealizedintheformofheat;heatthathastoberemovedwithcostlycooling systems.Bydrivinguptheaverageserverutilization,abusinesscanreducethenumberof serversneeded,whichinturnreducespowerandcoolingcosts. SimplifiedAccounting Oneoftheadvantagesofcloudcomputingisthatitprovidesawaytostandardize computingandstorageunitsofservice.Forexample,avirtualmachinerunningonadual coreprocessor(oritsfunctionalequivalent)for1hourcanbedefinedasaunitof computingresourcewithastandardpriceattachedtoit.Similarly,agigabyteofstorage storedforonedaycouldbeaunitofstorageforaccountingpurposes.Fromthese fundamentalunits,youcouldbuildpricingschedulesthatcouldaccountforadditionalcosts forOSorapplicationlicenses. Withthistypeofmodel,costrecoveryissimplified.Cloudconsumerscanreadilyplantheir expenditures.Reportingandintegrationwithfinancialsystemsislesscomplexthanifa largenumberofspecializedcasesandaccompanyingbusinessruleshavetobe accommodated.Cloudcomputingpresentsclearcostbenefitsinbothcapitaland operationalcostsaslongasproperplanningandassessmentaredone.
81
TheDefinitiveGuidetoCloudComputing
DanSullivan
Summary
Cloudcomputingisanefficientframeworkforutilizingcomputingresources.Togetthe mostofyourinvestment,beginbyassessingthecurrentstateofbusinessandtechnical operations.Thisincludesidentifyingbusinesspriorities,operationalinefficiencies,and barrierstoinnovation.Italsoentailsassessingthecurrentcapabilitiesintermsof infrastructure,platforms,applications,governanceandmanagement,andreporting. Deployingacloudisamultistageprocessthatincludesdeployingexistinginfrastructure, enablingapplicationservices,andmanagingthecloud.Thevalueofthecloudwillbe measuredinbothcapitalandoperationalcostsavings.
82
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter5:StrategiesforMovingtothe Cloud
Cloudcomputingisaframeworkfordeliveringservicesthat,aswehaveseeninprevious chapters,offersanumberofcompellingbenefits.Nowitistimetoturnourattentionto strategiesformovinganorganizationfromthinkingaboutcloudcomputingtousingcloud computing.ManyofthesamerationalmethodsandmanagementtechniquesweuseinIT planninganddelivertodayarerelevanttocloudcomputing.Thisisnotsurprising.AsI havenotedinthisbook,cloudcomputingisaphaseintheevolutionofITservicesdelivery; itbuildsonpreviouspracticestodelivernewlevelsofefficiency,control,and manageability. Thischapterfocusesonhowtoplanfortheorganizationalandtechnicalissuesaroundthe movetocloudcomputing.Itisspecificallystructuredaroundthreebroadtopics: Planningprinciples Architecturalprinciples Usecasescenarios
PlanningPrinciplesforMovingtoCloudComputing
Planningamovetocloudcomputingstartsprettymuchthesameasanyotherplanning process:understandingwhereyouareandwhereyouaretryingtogo.IntherealmofIT, thisgenerallymeansunderstandingthebusinessdriversthatdictatetheservicestobe delivered,theexpectationsforthoseservices,andtheconstraintsonactuallydelivering them.Fromthere,wecanmovetoadetaileddefinitionofrequirements.Withaclearand welldefinedsetofrequirements,wecandocumentworkloadsthatweexpecttoutilizethe cloud.Eachofthesestepswillbeconsideredinturn.
83
TheDefinitiveGuidetoCloudComputing
DanSullivan
PrioritizingAccordingtoBusinessDrivers
BusinessdriversarethestrategicobjectivesofanorganizationthatframetheneedforIT services.Thesecaninclude: Increasingproductivity Reducingtimetomarketinnewproductdevelopment Reducingproductioncosts Optimizingproductdistributionanddelivery Increasingmarketshare Increasingcustomerretention
Businessdriversaresohighlevelthattheycanapplytomanydifferentbusinesses.Thisis expectedbecausebusinessesallhavethesamehighlevelgoalsofmaximizingreturnsfor owners. Whatdistinguishesbusinessesintermsofstrategiesishowtheyprioritizetheseobjectives andhowtheydefineandimplementstrategiestorealizetheirgoals.Forexample,one companymaydecidetofocusonincreasingproductivityinordertoremaincompetitivein anincreasinglyglobalmarket.Anothercompanymayrealizethatitistheirintellectual property(IP)thatdrivestheirgrowth,andtheyneedtoinvestmoreincomputational resourcestodevelopnewIP.Stillanothercompanyoperatinginamaturemarketmay decidetogrowbyacquiringnewcustomersbytargetingperceivedweaknessesintheir competitorsproductline. Thefirststepinplanningamovetothecloud,then,isunderstandingwhatbusiness objectiveisservedbythatmove.Certainly,movingtocloudcomputingbecauseitisamore efficientvehiclefordeliveringcomputingservicesisasoundreason.Wedonotneedto settleforjustthat,though.Ifwepressforanevenmoredetailedsetofdrivers,wecanmore preciselyplanourcloudservices.Thiswillhelpustoplanforshorttermcapacitydemands, planforlongtermneeds,aswellasdeployneededapplicationsandothersoftwareto supportthoseobjectives.
84
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure5.1:Highlevel,nonprioritizedbusinessobjectivesarelesshelpfulinshaping cloudcomputingplanningthanmoreprecise,prioritizedobjectives.
DefiningRequirements
Definingrequirementsthatwilldriveacloudcomputingadoptioncanbeadauntingtask.It isdifficultenoughtoelucidateanddefinerequirementsforoneapplicationletalone gatheringrequirementsformultipleapplicationsservingdifferentbusinessneedsand managedbyarangeofdepartments.Fortunately,wearenotstartingfromscratch. Applications,documentation,policies,andoperationalproceduresareprobablyalreadyin place.Ourjobisthenoneofunderstandingthedetailsofexistingsystemsbecausethese reflect,atleasttosomedegree,thecurrentapplicationrequirements.Wecanthenbuildon thisbyassessingadditionalrequirementsgoingforward. ExistingApplicationsInfrastructure:TheCurrentStateofAffairs Aninventoryofexistingapplicationsandworkloadsisavaluableassetforplanningamove tothecloud.Aninventoryshouldincludeallapplicationsthatmightmigratetothecloud. Implementationdetailswillvaryfromoneapplicationtoanother(evenamongthesame softwareusedbydifferentdepartmentsorfordifferentbusinesspurposes),soitis importanttoincludeintheinventorykeyinformationinthreeareas: Businessrequirementsandrelateddetails Technicalandimplementationrequirements Operationaldetailsandrequirements
85
TheDefinitiveGuidetoCloudComputing
DanSullivan
Thetechnicaldetailscatalogsomeoftheimplementationdetailsaboutexistingservices. Thisincludesdetailssuchas: Serverconfiguration Workloadsonservers Dependenciesandinteroperabilityconsiderations Useofsharedresources,suchasdiskarrays Allthenecessarydetailsaboutexistingservicesmaybedocumentedinaformlikethat showninTable5.1. Type Business RequirementArea
ServiceDescription BusinessOwner ServiceLevelAgreements BusinessObjective Criticality Servers Sharedresourcesused PlatformServices Applications Physicaldistributionofservers Utilization PeakPeriods DependencyonotherServices
Description
Ahighleveldescriptionoftheservice Personordepartmentthatfundsandgovernsthe ITservice Keyrequirementsonservicedelivery Describesthestrategicbusinessobjectivethatis servedbythisITservice Rankingofrelativeimportanceofthisservice. Listofserversanddescriptionofconfiguration;role ofeachserver SharedITresources,suchasdiskarrays,network, backupservices Operatingsystemrequired,libraries,utilitiesand otherpackagesrequiredtoruntheapplications Commercial,opensourceandcustomapplications Locationofprimaryservers,backupserversand disasterrecoverysites Descriptionofserver,diskarray,network utilization. Timesanddurationofpeakloads,frequencyof peakperiods,periodicityofpeakdemands OtherITservicesthatarerequiredtodeliverthis service Recoverypointobjectives,recoverytime objectives,etc. Timetorecoverservices,levelofservicestobe restored,criticaldependencies Summaryofkeycomplianceandgovernanceissues withthisservice
Technical
Operations Backuprequirements
Disasterrecovery Complianceissues
Table5.1:Requirementcategoriesforsummarizingexistingapplications,software stacks,servers,andrelatedhardware
86
TheDefinitiveGuidetoCloudComputing
DanSullivan
AdditionalRequirementsforNewApplications IfthereisonethingwecancountonwithITservices,itisthatrequirementswillchange.A movetothecloudwillopennewopportunitiestodeployadditionalservices,changethe wayservicesareconsumed,andconsolidateresources.Theseshouldalsobecaptured duringtherequirementsgatheringstage.Wecertainlywanttocaptureapplicationsand workloadsthatfallintothemoreofthesamecategory(forexample,moredepartments willstandupsmalldatabasesbecausetheoverheadwithmanagingthemisreduced)but themostinteresting,andperhapsthemostinfluentialinthelongterm,arethosethat changethewaywedobusiness.Considerexamplessuchas: Usingcloudstoragetostoresinglecopiesofdatathatareaccessedbymultiple applicationsratherthanduplicatingdatasets Reducingthenumberofadhocreportingtoolsasusersstandardizedonthebestof thebreedtoolsofferedinthecloudsservicecatalog Newapplications,suchasstatisticalanalysisanddataminingoflargecustomer transactiondatasetsenabledbyondemandaccesstocomputeandstorage resources
Inthebestcases,wewillbeabletodevisereasonableestimatesoncomputeandstorage impactofsomeofthesenewrequirements.Forexample,inthecaseofreducingduplicate dataforbusinessintelligenceapplications,wecandevelopfairlyaccurateestimates.The moreinnovativeapplications,suchasadvancedanalytics,aremoredifficulttopindown. TheCPUdemandsofsuchapplicationsarehighlydependentonthetypeofanalysis,the algorithmsused,theimplementationofthealgorithms,andtheamountofdataweare analyzing.Evenwiththeselimitations,wecanatleastprovidebestestimates(sometimes guesses)forthesenewtypesofapplications.Thenextstepintheplanningprocessafter prioritizingbusinessdriversanddefiningknownandestimatedrequirementsistoanalyze thepotentialworkloadforthecloud.
AssessingWorkloads
Workloadsareasvariedasbusinessrequirements.Someworkloadsplaceaheavyloadon CPUswhileothersaremoreI/Ointensive.Sometimesworkloadsarefairlyconsistentover timeandothershavewelldefinedpeakdemandperiods.Itisimportanttounderstand workloadprofilesforafewreasons. CapacityPlanning First,ithelpstoestimatetheoverallcapacityofcloudservicesthebusinesswillconsume. Thisisespeciallyimportantifyouareimplementingaprivatecloudandwanttoensure adequatecapacityforpeakdemandperiods.Publiccloudcustomerswillalsofindthisdata usefulforbudgetingandlongtermplanningalthoughthereisnoneedtobeconcerned aboutthehardwarecapacityofyourprovider(atleastintheory).Forhybridcloud configurations,thistypeofdetailcanhelpyouunderstandwheninternalcapacitywillbe exceededandpubliccloudresourceswillberequired.
87
TheDefinitiveGuidetoCloudComputing
DanSullivan
Scheduling Anotherreasontoassessworkloadsisforschedulingpurposes.Somejobshavefairly predictableworkloads.Forexample,servicesprovidedtothecustomersthroughWeb applicationswillhavegeneratedhistoricaldatathatcanbeusedtodeterminedemand patterns.Theseapplicationsmayhaveminorperiodicvariations,forexample,Mondays haveheavierworkloadsthanFridays,orlonger,seasonalvariationssuchasthoseretailers experiencejustbeforetheChristmasholiday. Cloudproviderscanuseknowledgeofworkloadstooptimizescheduling.Ideally,atany time,wewouldhaveamixofjobsthathavedifferentlevelsofdemandonCPU,I/O,and networking.Wewouldnotwant,forexample,tohavealltheI/OandCPUintensive extraction,transformation,andload(ETL)processesrunningatonetime.Dependingon thelevelofcontrolonehasovertheworkloadscheduling,acloudprovidercanschedule jobsinanoptimalmannerorusevariationsinpricingschedulestoprovideincentivesfor userstoscheduletheirjobsinwaysthatcoincidewiththeschedulinggoalsoftheprovider. Onewaytogloballyoptimizeschedulingiswithabid/acceptmodelforpricing.Cloud consumerscanbidapriceforaserverorCPUtimebasedonthevalueofhavinga particularjobrun.Ifitisahighpriorityjob,thecustomerwillbidahigherprice;ifthejob canwait,thecustomerwillbidless.Thisapproachwilloptimizetheallocationofresources inthewayafreemarketoptimallyallocatesresources.Thismodel,however,issubjectto thesamelimitationsasfreemarkets;themodelbreaksdownwhenthereis,forexample, insufficientinformationortimetofullyevaluateoptions. CostRecovery Publiccloudproviderssettheirratestocovercostsandearnaprofit.TheITdepartment, orotherorganizationstructurechargedwithprovidingprivatecloudservices,willlikely chargeforservicesprovidedaswell.Internalserviceprovidersgenerallyaremore concernedwithrecoverycoststhanmakingaprofit,andasharedcostmodelisacommon meansforchargingfortheseservices.Chargesarebasedonasimpleformula: (TotalCostofProvidingService/NumberofUnitsConsumed)=CostPerUnit UnitsofservicecanbeCPUhours,serverhours,orgigabytesofstoragepermonth. Basicallytheideaisthattheserviceprovidersrecoverwhateverthecostofprovidinga service. Note Thisisdifferentfromasimplemarketmodelinwhichpriceisdeterminedby supplyanddemand.Inthecaseofacostrecoverymodel,whendemandgoes down,priceperunitcouldactuallygoupbecausethenumberofunits consumedgoesdown.Conventionalfreemarketeconomicspredictstheprice willdropinsuchsituations. Themixofworkloadsandtheirdistributionovertimeareimportantfactorswhenaligning requirementstothecloudmodel.
88
TheDefinitiveGuidetoCloudComputing
DanSullivan
AligningRequirementstoCloudServices
Attheendoftheplanningphase,weshouldhave: Asetofhighlevelrequirementsforexistingapplicationsthatwillmovetothecloud describedintermsofbusiness,technical,andoperationalrequirements Roughestimatesfornewapplicationsenabledbythecloud Workloadinformationthatcanprovidethebasisforcapacityplanning,scheduling, andcostrecovery
Toensureacloudservicemeetstheexpectedneeds,wewanttohavesufficientcapacity. Howwedosowilldependonwhetherweareusingpublic,private,orhybridcloud services.Whenaprivateorhybridcloudmodelisused,weareboththeprovider(forsome oftheservicesinthehybridcase)andtheconsumer.Astheproviderofcloudservices,we havetoredeployexistinghardwareand/orprocureadditionalhardwareanddeployitina cloudinfrastructurealongwithmanagementapplicationsandaservicecatalogofmachine imagesandrelatedsoftware.Whenapubliccloudproviderisused,wehaveto demonstratetheprovidercanofferthelevelsofserviceneededatthetimestheyare required.Aswegetintotheseissues,wemoveawayfromtheplanningaspectsandstartto focusonmorearchitectureorientedissuesrelatedtomovingtothecloud.
ArchitecturalPrinciplesforCloudServices
Thearchitecturalprinciplesunderlyingthecloudmodelaredesignedtomaximizethe utilityofcomputinginfrastructurebymakingitavailabletoabroadrangeofusersfora varietyofapplicationswithoutunnecessarilycouplinghardwareandsoftwaretosingle uses.Todoso,wedesignaroundanumberorarchitecturalprinciplesfocusedon: Designingforscalability Designingformanageability Deployinglayeredtechnicalservices Deliveringbusinessservices
Beforediscussingeachoftheseindetail,itisworthnotingtheimportanceofvirtualization tocloudarchitectures.Virtualizationisafundamentalaspectofcloudcomputingandis usedatnumerouslevelsofservicedelivery.Wevirtualizecomputingandstorage,which hidestheimplementationdetailsoftheselowlevelservices.Higherlevelservices,suchas databasemanagement,contentmanagement,andidentitymanagement,areprovidedas servicesabstractedawayfromimplementationdetails. Animmediatebenefitofvirtualizationisflexibility.Hardwarecanrundifferentoperating systems(OSs)atdifferenttimes.Differentsoftwarestackscanbedeployedtorunforsome periodoftimeandthenshutdown.LegionsofITprofessionalsarenotneededtodothis; virtualizationenablesgreaterlevelsofselfservicethanhavebeenpossibleinthepast.
89
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure5.2:Thegreaterthevirtualizationandsupportforselfadministration,the greatertheflexibilityinadaptingcomputingresourcestochangingserviceneeds. Astepawayfromthededicatedservermodeltowardahighlyvirtualizedenvironmentlike thecloudisaserverfarminwhichserversarereallocatedaccordingtochangingneeds. Thereareanumberofadvantagesofthisapproachoverthededicatedservermodel.First, policiesandproceduresareinplacetochangetherolesofserversfairlyrapidly.Systems administratorsshutdownapplicationsandsupportingsoftware,installmachineimages withotherapplicationsneededatthetime,andredeploytheserversintheirnewroles.A secondadvantageisthathardwareisfairlyeasilyreallocated;thereisnoneedtoprocure newhardwareforsmall,incrementalincreasesinworkloads.
90
TheDefinitiveGuidetoCloudComputing
DanSullivan
91
TheDefinitiveGuidetoCloudComputing
DanSullivan
DesigningforScalability
Concernsaboutscalabilityaffectbothcloudprovidersandcloudserviceconsumers.Inthe caseofcloudproviders,thedesigningforscalabilityentailsaddressingseveral requirementsformeetingvaryingworkloaddemands.Forcloudconsumers,theissues tendtobearoundthequestionofhowtomosteffectivelyutilizethecomputational resourcesavailableinthecloud. ProvidingScalableComputingResources Atfirstglance,cloudscalabilitymaylooklikejustamatterofhardware.Withenough physicalservers,disksinstoragearrays,andnetworkbandwidth,wecanmeetscalability demands,right?Notexactly,oratleastthatisnottheentirestory.Cloudserviceproviders alsohavetoprovideservicesandfeaturesinadditiontorawhardwaretoenablea functional,scalablecloud.Someoftheseservicesandfeaturesinclude: Securityservices Standardizedcatalogofapplications Aserviceorientedarchitecture(SOA)
Theserequirementsarecomparabletothosewefindoutsidethecloud.
SecurityServicesintheCloud
Securityinthecloudlooksmuchlikesecurityoutsideacloudenvironment.Whenwe deployapplicationstothecloud,wehavetoconcernourselveswithseveralsecurity requirements: Identitymanagement Accesscontrols Auditingandlogging Vulnerabilitymanagementandthreatassessment
92
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure5.4:Securitycontrolsintheclouddependonidentity,accesscontrollists,and encryptionkeys. Inadditiontousercentricsecurityinformation,cloudprovidersneedtosupportprocess orientedauditingandlogging.Asinanydeploymentarchitecture,auditandotherlogsmust betamperproofandsufficientlydetailedtomeetsecurityandcompliancerequirements. TheimagesthatcomprisetheservicecatalogwillsupportawiderangeofOSs,utilities, libraries,andapplications.Theseareallsufficientlycomplextorequireregular vulnerabilityscanning,patching,andupgrading.Cloudproviderswillalsoneedtohave proceduresinplacetoperformvulnerabilityscansonimages,trackpatchlevels,and updateimagesasneeded.Oneoftheadvantagesofcloudarchitecturesisthatoncean imageisscannedorpatched,everyclouduserthatdeploysthatimagewillhaveaccessto thelatestversion.Thereisnoneedtopushpatchestoserversordesktops,verify installation,andthenmanuallycorrectfailedpatches.
StandardizedCatalogofServices
Scalabilityoftenimpliesrepeateduseofasmallsetofconstructs.Take,forexample,a clusterofcomputerscomprisingidenticallyconfiguredservers,distributeddatabase runningthesamedatabasemanagementsystemindifferentsites,oreventheubiquitous desktopOS.Theseexamplesshowthatbenefitsofstandardizationcanoftenoutweighthe disadvantagesofnothavingcustomizedsolutionstoaparticularproblem.
93
TheDefinitiveGuidetoCloudComputing
DanSullivan
SOA
Servicesinanyarchitecturehavetobesufficientlyaccessibletobeofuse;whenweare workingwithhighlyscalablearchitecturessuchasthecloud,itisevenmoreimportant.In thecloud,wehavethepossibilityofrunningalargenumberofservicesundervarying workloadconditionswhicharesubjecttodifferentconstraints.Inenvironmentssuchas this,thereshouldbeasfewdependenciesaspossiblebetweenapplications. SOAsdecoupleservicesthroughagreeduponinterfacesandmessagepassing.Thismodel scalestodifferenttypesofservices,awiderangeofinputsandoutputs,andcanscaletoa largenumberofservices. Scalabilityrequiresdesignandimplementationconsiderationsbeyondthoseofjust hardwareandinfrastructure.Scalabilityinthecloudrequiresproviderstoplanforand supportsecurityservices,astandardizedcatalogofservices,andanSOA. UsingCloudServicesinScalableWays Acloudarchitectureis,bydefinition,scalable;however,torealizethefullbenefitofthe cloud,weascloudconsumersneedtouseapplicationarchitecturesthattakeadvantageof thecloudsunderlyingscalability.Thisrequiresthatourapplicationsavoidprocessing bottlenecks,suchasaservicethatisprovidedonlyonasingleserver.Asotherpartsofthe applicationscaleuptomeetdemands,thatservicewouldbeboundbytheconstraintsof thesingleserver.Twocommonwaysofavoidingthistypeofbottleneckaretodistribute workloadsineitheraroundrobinmannerorbypartitioningworkloads.
ScalingwithRoundRobinLoadBalancing
Consideranonlineretailerthatexperiencespeakdemandsduringtheholidayshopping period.Theholidayseasonlastsseveralweeks,soscalingtheirWebsitewithcloudbased applicationsmakessense.TherewillbemanyusersallaccessingtheWebsiteandmostof thedemandsontheserverwillbetodeliverWebpages,sotheretailerwilldeploymultiple Webserverseachhostingthesamecontent.AloadbalancerreceivesallHTTPrequests fromshoppersanddistributesthemevenlyacrossalltheWebservers.Inthisway,no singleserverbecomesabottleneckandadditionalWebserverscanbedeployedfromthe cloudifneeded.Furthermore,thisapproachprovideshighavailabilityaswellbecausethe failureofanyoneWebserverwillbecompensatedforimmediatelybyotherserversinthe cluster.
94
TheDefinitiveGuidetoCloudComputing
DanSullivan
PartitioningbyDataCharacteristics
Anotherwaytoscaleapplicationsistodivideworkloadsbysomecharacteristicofthedata: Geographiclocationofcustomer Distributioncenterfulfillinganorder Productcategory Customername
TheDefinitiveGuidetoCloudComputing
DanSullivan
Partitioningdataandstoringitindifferentdatabasesissometimesusedwhenasingle databaseservercannotkeeppacewithworkloads.Geographicdistributionisespecially helpfulinlocalizingnetworktrafficandimprovingtheresponsivenessofapplicationsthat runonthesamelocalnetworkasthedatabaseserver.Inthecloud,thisislessofaconcern atleastforthecloudserviceconsumer.Nonetheless,thistypeofpartitioningisstilluseful forperformance. Databasesuseacombinationofinmemorycachesandpersistentdiskstorage.Queriesthat canbeansweredusingcacheddataaresignificantlyfasterthanthosethatrequiredisk operations.Inthecloud,multipleinstancesofadatabasecanrunonmultipleservers.Each serverwillmaintainacacheofpartitioneddataand,presumably,usecloudstoragefor persistence.Thetotalamountofmemoryavailableforcachingisthesumofcachememory acrossalldatabaseservers.Thiscanresultinamuchhigherratioofqueriesbeing answeredfromthecacheratherthanfromdisk.
Figure5.6:Partitioningdataacrossmultipledatabaseserverscanimprovethe scalabilityofdataintensiveapplications.
96
TheDefinitiveGuidetoCloudComputing
DanSullivan
DesigningforManageability
Manageabilityisanotherarchitecturalprinciplethatstronglyinfluenceshowwe implementandconsumecloudservices.Thisisanimportantprincipleforbothcloud providersandconsumers.Threekeypointsinthisareaare: Provisioning Monitoring Usageandaccounting
Themoretheseservicescanbeautomated,themoreefficientlyacloudcandeliverservices toitsusers. ManagingCloudProvisioning Provisioninginthecloudistheprocessofinstantiatingoneormorevirtualserversrunning aparticularmachineimage.Inthesimplestcase,auserneedstostartasingleserver,and afterrunningaprocess,theusershutsdowntheserver.Thisisafairlystraightforwardtask butstillrequiresmanagementsoftwaretoallownonITpersonneltomanagetheprocess. Eveninasimplecase,thereareissues: Selectingamachineimagetorunonthevirtualmachine Determiningthetimetostartthevirtualinstance Deployingadditionalapplicationsneededtoprocesstheparticularworkload Startingservicesonthevirtualmachine Executingaworkflow Shuttingdownthevirtualserver
97
TheDefinitiveGuidetoCloudComputing
DanSullivan
MonitoringJobsintheCloud Onceserversareprovisionedandjobsarerunning,wewillneedtomonitorthem.This includestracking: CPUandmemoryutilizationtodeterminewhetheradditionalresourcesare requiredorsomeshouldbeshutdown DiskI/OtoensuresufficientthroughputonI/Ooperationstomeetrequirements andservicelevelagreements(SLAs) Applicationlogstolookforadverseeventsorwarningsofpotentialproblems Jobsandworkflowsrunninginthecloud,includingrunningtime,resources allocated,andcostsforthoseresources
UsageandAccountingReports
Usageandaccountingreportsareespeciallyimportantforverifybillingandanalyzing trendsincloudusage.Forproviders,thesereportsshowaggregateinformationabout: Whoisusingcloudservices Numberofvirtualserversrunperjobandthedurationofjobs Machineimagesinstantiatedinthecloud Theamountofstorageinuse TheamountandtypeofI/Ooperations
Cloudusersmayfindthesereportsespeciallyusefulforoptimizinghowtheyschedulejobs. Unlikerunningadedicatedserver,thereareeasilycontrolledmarginalcostsassociated withrunningjobsinthecloud.Theremaybecostadvantagestorunningjobsonlarger serversbutrunningfewerinstanceswhenthepricingschemeprovidessuchanadvantage. Theremaybeadvantagestoaggregatingjobsandrunningthemlessfrequently.Thiscanbe thecasewhencloudproviderschargeinminimumunitsofonehourandjobsare consistentlyfinishinginwellunderonehour. Designingformanageabilitymeansplanningforenduserprovisioning,processmonitoring, andusageandaccountingreportsfromthestart.Cloudserviceconsumersshouldmakeuse ofthesereportstoruntheirjobsinthemostefficientmannerpossible.
98
TheDefinitiveGuidetoCloudComputing
DanSullivan
DeployingLayeredTechnicalServices
Layeringservicesisalongstandingapproachtodealingwithsoftwarecomplexity.OSs havelongusedlayeringtoisolatetheneedtodealwithhardwarespecificissuesormanage lowleveloperations,likevirtualmemory.Layeringservicesisasoundapproachincloud environmentsaswell.Atthemostcoursedescription,cloudservicesarelayeredas: Infrastructureservices Softwareplatforms Applicationsandinformationservices
Figure5.7:Cloudservicesaredeliveredinlayers,eachprovidingservicetothelayer abovewiththetopmostlayerprovidingendusebusinessapplications.
DeliveringBusinessServices
Usuallywewouldstopdiscussingarchitecturalprinciplesoncewereachthetopofthe applicationstackwherebusinessservicesaredelivered.Wellveerfromthenormalcase heretoaddressoneotheressentialpartofdeliveringandconsumingcloudservices:the needformanagingservicedelivery.
99
TheDefinitiveGuidetoCloudComputing
DanSullivan
Theservicecatalogdiscussedearlierispartofthisprocess.Asnoted,thecontentsofthe servicecatalogaredrivenbyexistingandanticipatedbusinessrequirements.Theservice cataloghasitsownlongtermmaintenanceissues,justassoftwaredistributedthroughout theorganization.Oneoftheadvantagesofthecloudisthatservicemanagementisless complex.Serversaregenerallyconcentratedinthedatacenterandthereislessneedfor maintainingdesktopclients. Policiesareneededtogoverncloudoperationsandservicestoensuretheirlongterm stability.Basicpolicies,suchasthefollowing,shouldbeinplace: Pricingandcostrecovery Patchmanagement Securitypolicies Acceptableusage Auditing Dataretention
BusinessServicesintheCloud:UseCaseScenarios
Wewillconsidertwousecases:anewcustomerserviceinitiativeandabusiness intelligenceapplication.Wewillalsoexaminesomeoftheworkloadconsiderationsthat factorintomanagingcloudbasedservices.
NewCustomerInitiativeUseCase
Thefirstusecasescenarioismotivatedbythebusinessdrivertoimprovecustomer retention.Acompanyhasbeenexperiencingmoderatebutincreasingturnoverinthe customerbase;thisiscommonlyknownaschurn.Inanefforttoreducechurn,thecompany hasdeterminedthatitcangainacompetitiveadvantageoverothersinthemarketby improvingcustomerexperience.Inparticular,thecompanyhasdecidedonatwopronged approach.First,itwillallowcustomerstoaccesstheirentireaccounthistoryratherthan justthepast4months,ascurrentlyimplemented.Second,itwillprovidemoretargeted offersbasedonacustomersaccounthistory. Aspartoftheplanningprocess,thecompanyreviewsthebusiness,technical,and operationalrequirementsfortheseservices(seeTable5.1foralistofrequirement categories).Thebusinessarearequirementsfocusonthisimitativeasmidlevelcriticality (thatis,notessentialforcoredaytodayoperationsbutalongtermpriority).
100
TheDefinitiveGuidetoCloudComputing
DanSullivan
Thetechnicalrequirementsincludeplatformservicessuchasrelationaldatabase managementservices,customeridentitymanagementservices,andaccesstoaportalto providepresentationlevelservices.Estimatesarecompiledontheamountofdatathatwill bestored,thenumberofcustomersqueryingtheiraccounthistorieseachday,andthe processingloadrequiredtoupdateaccounthistoriesonadailybasis. Operationalrequirementsincludebackuprecoveryand,becausethisisacustomerfacing application,disasterrecovery.Compliancerequirementsareminimal,butcompanypolicies protectingprivatecustomerinformationmustbefollowed. Therequirementsarewellmetbycloudarchitecture.Accessingentireaccounthistoriesfor allactivecustomersrequirestheabilitytorapidlyscalebothcomputingandstorage resources.Theincrementalgrowthinstoragerequiredtoaccommodatenewcustomer activityisalsoreadilymetbythecloud.Analyzingcustomeraccounthistorytogenerate customoffersisacomputeintensiveprocessbutwillnotrequiresignificantadditional storage.Thistypeofanalysiswillbedoneperiodicallybutnotmorefrequentlythanoncea month.ThepeakCPUdemandsgeneratedbythisprocesswilllastfor1to2days.Theneed foradditionalcomputeresourcescanbemetbythecloudaswell. Theservicecatalogalreadysupportsthemiddlewarerequired,includingthedatabase, portal,andstatisticalanalysissoftware.Eachoftheseplatformservicesisavailablein differentimages,soeachwillberunningononeormorevirtualmachines.Thisisa customerfacingWebapplication,sotheportalserverswillbeconfiguredinaload balancedclusterandthedatawillbepartitionedtoevenlydistributethecustomer databaseovermultipledatabaseservers.
BusinessIntelligenceUseCase
Acompanyhasdecidedtoconsolidateitsbusinessintelligencereportingservicesto improvetheefficiencyofbusinessintelligenceoperationsandloweroverallcosts.Oneof thedefiningcharacteristicsofbusinessintelligenceandadvancedanalyticoperationsis thattheyentaillargeamountsofdataandtheyarecomputingintensive. Traditionaldatawarehousesandsimilarbusinessintelligencearchitecturesinefficiently allocateresources.Theycanbedeployedarounddedicateddepartmentlevelserversand storage.ThistendstoleadtolowCPUutilizationbetweendataloadsandreportgeneration. Unlessthereishighdemandforadhocqueriesoutsideofdataloadsandreportgeneration operations,theserverrunswellbelowcapacity. Anotherpotentialareaofsignificantinefficiencyisinstorage.Itcanbedifficulttoestimate storagerequirements,especiallywhenvariousperformancetechniques,suchasexcessive indexing,denormalization,andmaterializedviews,maybeusedtoimproveperformance. Thebestcombinationofoptimizationtechniquesmaynotbediscovereduntilthebusiness intelligencesystemhasbeeninuseforsometime.Inatraditionaldeployment,thatstorage hardwarewouldhavebeenpurchasedalready.Thatinconvenientfactoftenleadsto purchasingmorestoragethanisneededforfearofnothavingadequatestorage.
101
TheDefinitiveGuidetoCloudComputing
DanSullivan
Businessintelligenceasacloudservicecanbeimplementedmoreefficiently.Letsassume thebusinessdriversbehindthisprojectincludeimprovingsalesbyprovidingdetailedand timelyreportstosalesmanagerswhilereducingthetotalcostofbusinessintelligence servicesinthecompany.Technicalrequirementsincludelargevolumesofstorageanda largenumberofserverstoperformETLoperationstopopulateandupdatethedata warehouseonadailybasis.OncetheETLprocessiscomplete,reportswillbegenerated. Oncethereportsarecomplete,thepeakdemandperiodisoverbutanestimated25%of peakcomputingresourceswillbeneededduringtherestofthedataforadhocreporting. ThecloudallowsthisinitiativetostartserversasneededfortheETLandreporting operations,thenscalebacktoasmallernumberofservers.Anadditionalbenefitisthata singlecopyofdatacanbesharedamongdifferentdepartments.Forexample,themarketing departmentandthequalitycontrolgroupmaybothwanttousesalesdatabutindifferent ways.Incaseswhereeachdepartmentmaintainsitsowndatamart,thesalesdatawouldbe duplicated.Thesamedatamartscanruninthecloudbutshareasinglecopyofthesource data.
MixingWorkloads
Jobsthatdonotneedtorunonstricttimeschedulescanbearrangedtooptimize utilization.Forexample,loadingschedulescanbeoptimizetoincreaseutilizationby performingextractionandcopyoperationsduringtimeswhenthereisalowdemandon cloudresources.Similarly,workloadscanbemixedsothatsomeI/Ointensivejobsarerun atthesametimeasotherCPUintensivejobsthatcanrunatthesametimeasjobswith moreconstantandpredictableworkloads,suchasdevelopmentandtestenvironmentsor collaborationservices. Bothoftheseusecasesdemonstratecommoncharacteristicsofbusinessservicesthatfit wellwiththecloudmodel: Minimalormoderatesecurityrequirements Minimaldependenciesbetweenservices Moderateauditrequirements Minimalcustomization
102
TheDefinitiveGuidetoCloudComputing
DanSullivan
Summary
Whenformulatingastrategyformovingabusinesstoadoptcloudservices,weshouldbear inmindbothbusinessplanningandarchitecturalconsiderations.Ontheplanningfront, startwiththebusinessdriversandensurethatservicesdeployedinacloudsupportthose drivers.Todoso,besuretoanalyzerequirementsintermsofbusiness,technical,and operationalneeds.Alsounderstandworkloadsandrelatedissues,suchascapacity planning,scheduling,andcostrecovery. Keyarchitectureanddesignconsiderationalsohavetobetakenintoaccountbycloud serviceprovidersandcloudserviceconsumers.Scalabilityisessential.Cloudservice providersensurescalabilitybyprovidingsufficienthardware,software,andnetworking servicesbutalsobysupportingsecurityservicesandastandardizedcatalogofapplications inanSOA.Manageabilityisalsoafactorinrealizingscalableservices,especiallyrelatedto provisioning,monitoring,andusagereporting. Inthenextchapter,wewilldelvedeeperintotechnicalandarchitecturalissueswithalook atidentifyingfurtherdetailsofcloudarchitecturesandtheirimpactonyourbusiness.
103
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter6:IdentifyingtheRightCloud ArchitectureforYourBusiness
Cloudcomputingisageneralmodelfordeliveringcomputingandstorageservices.The modellendsitselftoarangeofimplementationswithnosinglearchitectureconstitutinga truecloudarchitecture.Thisishardlysurprising.Thedefiningcharacteristicsofcloud computing(theabilitytoallocateandreleasecomputeandstorageresourcesondemand,a payasyougofundingmechanism,andhighlevelsofselfservice)allowcloudprovidersto deliverawiderangeofservicesusinganumberofimplementationmodels. Thisrangeofvariabilitymeansbusinessescanchoosetherightcloudarchitecturefortheir environments.Inthischapter,wewillexamineseveralaspectsofselectingacloud architecture: Levelsofcloudarchitecture Issuesinprovidingcomputeservices Issuesinprovidingstorageservices Considerationsfornetworkservices Cloudoperationsmanagement ServicelayersandadaptingIToperationstoinfrastructures Topicsinservicemanagement
Wewillstartwithabriefreviewofarchitecturalelementscommontoallcloud architectures.
104
TheDefinitiveGuidetoCloudComputing
DanSullivan
LevelsofCloudArchitecture
Cloudarchitecturescanbethoughtofintermsoflayersofservicesinwhicheachlayer dependsonservicesprovidedbythenextlowerlayer.Aswithotherlayeredmodelsof abstractioninsoftwareengineering,layersinacloudcontrolthepotentialcomplexityof clouddesignbyfollowingafewbasicprinciples: Servicesareprovidedaslogicalabstractionsthathideimplementationdetails.When aprogramneedstoallocateadditionalstorage,forexample,itmakesacalltoa storageservicerequestingaparticularamountofspace.Thereisnoneedtodelve intodetailsaboutdirectorystructures,filessystems,ordiskconfigurations. Servicesareisolatedtoappropriatelayersinthearchitecture.Anapplication programminginterface(API)forstorageallocationmaymakecallstoadditional servicesthatarenotavailableoutsideofthestoragesystem.Forexample,when allocatingnewstorage,anAPIproceduremightcallanisolatedproceduretoaddthe allocateddiskblockstoalistofblocksthatarereplicatedtostoragedevicesfor backupandperformancereasons. Servicesareprovidedatafunctionallevelappropriatetotheusersorservicesthat consumetheservices.Thehigherupthestackofserviceswego,thebroaderand morebusinessorientedtheservices.Althoughlowerlevelservicesmightoperateon storageblocks,upperlevelservicesmightinitiatebusinessprocessworkflows.
105
TheDefinitiveGuidetoCloudComputing
DanSullivan
Eachoftheselevelscanbefurthersubdivided.
VirtualizationofResources
Oneofthehallmarkcharacteristicsofacloudisthevirtualizationofresources. Virtualizationcanbethoughtofasawayofabstractingcomputingandstorageservices awayfromimplementationdetailsandtowardamorelogicalandlessphysicalviewof resources. Manyofususevirtualserversroutinelyalthoughwemightnotknowit.Weconnectto serversacrosstheInternetthatrunWebsites,emailservers,databases,andotherbusiness applications.Mostofthetime,wedonotthinkoftheimplementationdetailsaboutthese services.Istheemailserverrunningonasinglephysicalserver?Aclusterofloadbalanced servers?Orperhapstheapplicationishostedonavirtualserverthatsharesaphysical serverwithseveralothervirtualmachinesrunninganentirelydifferentsetofapplications. Thesedetailsareoftenunimportant,atleastfromourperspective. Theabilitytohideimplementationdetailswithoutadverselyaffectingservicesisessential toprovidingcloudcomputing.Virtualizationisespeciallyimportantforefficientlyusing computingandstorageinfrastructure.(Wewillfocusprimarilyonservervirtualization hereandaddressstoragevirtualizationlaterinthesectionentitledProvidingStorage Services.) LogicalUnitsofComputingResources Servervirtualizationallowsustomanagecomputeresourcesinfinergrainedunitsthan justaphysicalserverallows.Oneofthefirstadvantagesofthisapproachisthatwecan workwithastandardizedsetoffeatures,suchasthenumberofCPUcoresandamountof RAM.Forexample,astandardvirtualservermightbeequivalenttoaphysicalserverwith oneIntelXeon5600seriesorAMDOpteron6000seriesprocessorand8GB.Onecouldalso definevirtualserversintermsofperformancerelativetostandardbenchmarks,suchasthe TransactionProcessingPerformanceCoucils(http://www.tpc.org/tpcc/default.asp) onlinetransactionprocessing(OLTP)benchmarks(TPCCandTPCE)andtheadhoc, decisionsupportbenchmark(TCPH).Howthelogicunitsaredefinedislessimportant thanthefactthatwehaveastandardforallocatingcomputingresourcesthatisnottiedtoa particularphysicalimplementation. Bydecouplinghowweallocatecomputingresourcesfromtheunderlyinghardwarethat providesthoseresources,wegainflexibilityinmanaginghowweconsumecompute servicesandmanagethem.
106
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure6.2:Servervirtualizationallowscloudserviceconsumerstousestandardized unitsofcomputingserviceswithoutconcernforthephysicalimplementationdetails. HardwareIndependence Anotheradvantageofvirtualizationforcloudserviceprovidersishardwareindependence. Cloudconsumerscanallocatethelevelofcomputingresourcestheyneedwithouthavingto worryaboutwhetheraparticularphysicalserverisa2,4,or8coreserver.Cloudproviders candeliverthoselogicalunitsusingthemosteconomicalwaypossible.Forexample,a cloudmighthaveseveraltypesofphysicalserversrunninginthecloud.Thelessenergy efficientserversareonlyusedwhenthemoreefficientserversarerunningatpeak capacity.Thefirsttimeacloudconsumerrunsajob,thejobmightrunononeofthemore energyefficientservers;thenexttimethesamejobrunsontheothertypeofserver. StandardizedServicePricing Alongwithlogicalunitsofcomputingresourcesandhardwareindependence,virtualization allowsforstandardizedservicepricing.Althoughthisisnotatechnicalissue,ithasadirect impactonhowcloudserviceconsumersplanandmanagetheiruseofthecloud. Virtualizationofservicesisanessentialelementofacloudarchitecture.Itdirectlyenables themostefficientallocationofresources,reducestheneedforcloudserviceconsumersto understandthenuanceddifferencesinphysicalservers,andprovidesforastraightforward pricingmodelthatconsumerscanuseforplanningandbudgeting.
107
TheDefinitiveGuidetoCloudComputing
DanSullivan
ServicesLayer
Theserviceslayerisanothercommoncharacteristicofcloudarchitectures.Atthislevel,we workwithnotjustvirtualizedhardwarebutalsooperatingsystem(OS)andapplication services.Itiscertainlypossibletoprovideacloudthatoffersonlyinfrastructureservices (thatis,thevirtualizedequivalentofbaremetalmachines),butforbusinessusersofcloud services,theserviceslayercanprovideadditionalbenefits.
Figure6.3:Theserviceslayerconsistsofawiderangeofservicetypes,someofwhich buildonotherswithinthesamelayer. ServicessuchasthoseshowninFigure6.3mightbedeliveredindifferentwaysto customers.OSsofcourseareincludedinthevirtualmachineimages,butotherservices mightbeindependentofvirtualmachineinstances.Persistentstorageservices,suchas blockstorageandrelationaldatabaseservices,mightbeavailableasservicesavailableto allvirtualmachineinstancesrunninginthecloud.Higherlevelservices,suchasapplication servers,portals,andworkflowengines,mightbeembeddedwithinvirtualmachine instancesalongwithothersoftwarestackcomponents.Atthehighestlevels,business applicationssuchasCRMsandERPsmaybeprovidedasWebapplicationsthatruninthe cloud.Atthislevel,serviceconsumersarecompletelydivorcedfromimplementation detailsandaresolelyconcernedwithbusinessrelatedfunctionality.
108
TheDefinitiveGuidetoCloudComputing
DanSullivan
ServiceManagementProcesses
Athirdmajoraspectofcloudarchitecturesaretheservicemanagementprocessesthat supportthedeliveryofservices.Theseinclude: Virtualmachineimagemanagement Imagedeployment Jobscheduling Usageaccounting Managementreporting
Figure6.4:Managementreportingservestheneedsofbothcloudserviceproviders andconsumers.
109
TheDefinitiveGuidetoCloudComputing
DanSullivan
ProvidingComputeServices
Therearecompellingreasonstoadoptacloudarchitecturethatincludeaninternalor privatecloud.Businessesmaintaintotalcontrolovercomputingresourceswithaprivate cloud.Thiscansignificantlyreducecomplianceissueswithcloudcomputing.Privateand confidentialdataisnotmovedoutsidethecompany,datadestructionpoliciesand proceduresaredefinedbythebusiness,andsystemsarenotsharedwithoutsiders, includingpotentialcompetitors.Withtheadvantagescomeadditionalfunctional responsibilities. Businessesthatchoosetoprovideprivatecloudsorhybridprivate/publiccloudsmustbe inapositiontoprovidethephysicalinfrastructureandbasicmanagementservicesneeded inacloud.(Businessescanprovidehigherlevelservices,suchasenterpriseapplications,as cloudapplicationswhileusingapublicorotherthirdpartyphysicalinfrastructure.)Those thatwilldelivercomputingservicesdirectlythoughaprivatecloudshouldconsider: Hardwareselection Implementingvirtualization Failoverandredundancy Managementreporting
Abusinessabilitytoaddresseachoftheseissuescanstronglyinfluencetheirsuccessin deliveringcomputingservicesinacloud.
HardwareSelection
Hardwareselectionforcloudsdependsupontwocompetinginterests:controllingcostsby redeployingexistinghardwareversusacquiringastandardizedserverplatformthatis configuredspecificallyforcloudcomputing.Usingexistinghardwarecanlowerinitial capitalexpendituresbutmightleadtohighercostsoverthelongterm.Oldermachinesthat requiremoremaintenance,needpartsthataredifficulttoprocure,orconsumemore electricitycanhavealargertotalcostofownershipthannewservers.Oneoptionistouse existinghardwareinitiallyandreplaceitovertimeasthecostofnewserversbecomes competitivewiththecostofcontinuingtooperatetheolderdevices. Anadvantageofnewhardwareisthatthecloudcanbeconfiguredwithstandardservers optimizedforcloudcomputing:largenumbersofCPUcores,significantamountsof memory,highspeedI/Oforconnectionstodiskarrays,andsoon.Standardizationalso helpsreducemaintenancecosts.
110
TheDefinitiveGuidetoCloudComputing
DanSullivan
ImplementingVirtualization
Manyorganizationsusevirtualizedserversoutsideofclouds;however,virtualizationinthe cloudrequiresmoremanagementservicesthantypicalinITenvironments.Conventionally, managedvirtualserversareinstalledbysystemsadministratorsandrunforextended periodscarryingoutafixedsetoffunctions.Additionalcontrolsareavailableinsome environmentsthatsupportvirtualmachinemigrationfromonephysicalservertoanother. Thisisespeciallyusefulinsituationsinwhichasingleserverisrunningatornearcapacity andoneormoreofthevirtualmachinesneedstobemovedtoalessutilizedphysical server.Eventhis,though,doesnotmeetthelevelofvirtualizationmanagementneededina cloud. Cloudsshouldsupportendusermanagementofcomputingresources.Aknowledgeable usershouldbeable,forexample,toselectavirtualmachineimagefromthecatalogand instantiateaspecifiednumberofvirtualservers.
Figure6.5:Providingcomputingservicesinacloudrequiressignificantsupport software,suchasservicesforselectingandinstantiatingvirtualmachineinstances.
FailoverandRedundancy
Anadvantageofcloudarchitecturesisthatwemoveawayfromtightlycoupling applicationsandservicestoparticularphysicalorvirtualservers.Applicationsarerunon virtualserversthatmeetasetofconfigurationrequirementsdefinedbythecloudservice user.Applicationsthatarewellsuitedfortheclouddonotneedspecializedhardwareora particularserver.Thisreducesthechallengeofprovidingfailoverservices. Cloudsareinherentlyredundant.Ifaphysicalserverfailsforanyreason,itcanberemoved fromthepoolofavailableresources.Virtualmachineimagesaredeployedtootherphysical serversuntilthefailureiscorrected.Thistypeoffailoverandredundancyisattheserver level,nottheapplicationlevel.
111
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagementReporting
Differenttypesofmanagementreportsarerequiredwhenprovidingcomputingservicesin acloud.Inatraditionaloneserveroneapplicationapproach,thebusinessownerofa processisresponsibleforidentifyingtheserversneededtosupportabusinessprocessand coveringthecostoftheservers,eithervirtualorphysical.Inthismodel,thereisfairlylittle toreportoutsideofutilizationrates.Thebusinessprocessownerispayingforsoleuseof servers,sothereisnotmuchincentivetomonitorserveruseaslongasitdoesnot adverselyaffectperformance. Cloudserviceconsumerscanuseandshouldexpectdetailedusagereporting.Withapay asyougopricingmodel,thereisanincentivetoallocatethefewestnumberofvirtual serversandrunthemfortheshortesttimepossiblewhilestillmeetingbusiness requirements.Cloudserviceconsumerscanusereportsdetailing: Numberofvirtualserversallocatedtoajobandthetimetheserversran Peakandaverageutilizationratesofservers Amountofdatastoredpersistently Amountofdatatransferredacrossthenetwork Chargesforcompute,storage,andnetworkservices
Detailedutilizationinformationwillhelpbusinessprocessownersoptimizetheir applications.Forexample,ifanalyticserversarerunningat40%utilizationbecausethey aredependentondatapreprocessingoperationsthatarenotprocessingdatafastenough, additionalserverscouldbeinstantiatedforpreprocessing.Presumablythecostofrunning theadditionalpreprocessingserverswouldbeoffsetbyreducingthelengthoftimethe servershavetorun.Theanalyticserverswouldrunathigherutilizationandforshorter periodsoftimereducingtheoverallcostoftheprocess. Providingcomputingservicesinaprivateorhybridcloudrequiresacombinationof hardware,virtualizationmanagementanddeploymentsystems,aserverconfigurationthat supportsfailoverandredundancy,aswellasrobustmanagementreporting.
112
TheDefinitiveGuidetoCloudComputing
DanSullivan
ProvidingStorageServices
Ifabusinessmovesforwardwithprovidingprivatecloudcomputingservices,itwillhave toprovidestorageservicesaswell.Thiswouldrequireadditionalsupportservices: Storagevirtualization Backuporotherredundantstorage Disasterrecovery
StorageVirtualization
Storagevirtualization,likeservervirtualization,abstractstheservicesprovidedby hardware.Consumersoftheseservicescanallocateresourceswithoutconcernfor implementationdetails.Forexample,detailslikethelogicalunitnumber(LUN)mappings tostoragevolumesandstoragedevicesaremanagedbystoragevirtualizationsoftware. Whenpersistentstorageisneeded,thecloudservicesconsumersimplymakesacalltoa programminginterfacespecifyingtheamountofstoragerequired. Localvs.CloudStorage Virtualmachineinstancescanprovidelocalstoragefortemporarystorage duringthelifeofthevirtualmachineinstance.Thedatainthisstorageislost whenthevirtualmachineisshutdown.Thepersistentcloudstorage describedhereisprovidedbydevicesthatareindependentofvirtual machines.Multiplevirtualmachinescanaccessthesamestorageblocksand thedatacontinuestoexistregardlessofhowvirtualmachinesarestarted andstopped. Theadvantagesofvirtualizedstoragearesimilartothoseofvirtualizedservers: Moreefficientuseofstorageratherthandedicatinglargeunitsofstoragetoa singleuseforextendedperiodsoftime,storageisallocatedinsmallerincrements andforonlyaslongasitisneeded Lowercapitalexpendituresforindividualprojectsandbusinessunitsthatdonot havetoacquirestoragehardware Loweroperatingcostsassociatedwiththepayasyougomodeltypicalincloud computingstorage Moreefficientdeliveryofbackupandrecoveryservices
Thislastbenefitisespeciallyimportant.
113
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure6.6:Cloudstoragesystemscanusedataredundancytoimprovedata managementperformanceandreliabilityofdataservices. Oneoftheadvantagesofvirtualizedstorageistheabilitytoprovidelargeamountsof storagethroughasinglelogicaldevicethestoragecloud.Behindthescenes,ofcourse,we havemultiplediskarrayspossiblylocatedindifferentfacilities.Thissetupcreatesan opportunitytoreplicatedataacrossmultiplestoragearraystoimprovereliabilityand performance. Reliabilityispreservedbecausemultiplecopiesofdataareavailable.Ifastoragedevice shouldfail,thereisnoneedtorestorefrombackuptape;thedataisimmediatelyavailable fromanotherdevice.Theparticulardevicethatreturnsthedataisirrelevanttotheuser. ReplicationcanbedoneasynchronouslysothatI/Ooperationsreturnassoonasdatais writtentotheprimarystoragedevice.Abackgroundreplicationprocesscanaddnewor changedblockstoaqueueofblocksthatwillbecopiedtodevices. Userscanalsobenefitfromimprovedperformancewithmultiplecopies.Datawarehousing andbusinessintelligenceapplicationsoftenquerylargeamountsofdata.Userscontending foraccesstoasinglecopymightexperiencebottlenecksandassociateddropsin performance.Inthecloud,differentqueriescanbeservedbydifferentcopiesofthe database,relievingcontentionforthesameresource.
114
TheDefinitiveGuidetoCloudComputing
DanSullivan
BackupsandCloudStorage
Datareplicationasjustdescribedisavaluableassetincasesofdisasterrecovery,butit cannotmeetallrecoveryrequirements.Theidealreplicationsolutionmaintainsmultiple copiesofdatainnearrealtime,soanyerrorsgeneratedinthesourcesystemwillbe replicatedtootherstoragedevicesaswell.Withoutaseparatebackupcopyofdata,there wouldbenowaytorestorethedatabasebacktoapointintimebeforetheerrorwas introduced. Backupservicesaregenerallyspecifiedintermsofrecoverypointobjectives(RPOs)and recoverytimeobjectives(RTOs).AnRPOdefinespointsoftimeinhistorythatcanbe restored;examplesincludepreviousdayatmidnight,previousendofweek,orinthecase ofhighlyvolatiledatabases,aprevioustimeinthesameday.RTOsdefinethemaximum periodoftimebetweenrequestofarestoreoperationandthetimetherestoreoperation completes.
115
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagementReportingforStorageVirtualization
Areportingframework,similartooneneededforservervirtualization,isrequiredfor storagevirtualizationaswell.Businessesthatdeployshareddiskarrayswillprobablyhave astoragereportingsysteminplacethatprovidesmuchoftheneededfunctionality: Reportingonstorageusedbyproject,department,orotherbillableunit Costofstoragebytype,suchasprimarystorageversusarchivalstorage Trendingreportsongrowthinstorageuse
NetworkServicesforCloudComputing
Networkingcanbethemostresourceconstrainedpartofcloudinfrastructure.Publiccloud providersarenecessarilydependentonpublicInternetprovidersforconnectivitybetween theirdatacentersandtheircustomers.Privatecloudprovidersmightalsodependon publicInternetproviders,especiallyforaccessfromremoteofficesorsmallercorporate facilities.Dedicatednetworkconnectionscanbeemployedbetweensites,butcostisa limitingfactor.Thekeyissueswemustconsiderwhenevaluatingdifferentcloud architectureoptionsare: Capacity Redundancy Managementreporting
Capacity
Networkcapacitylimitstheamountofdatathatcanmovebetweendatacentersand betweencloudserviceconsumersandthecloud.Thisdirectlyaffectsanumberofservices withinthecloud.
116
TheDefinitiveGuidetoCloudComputing
DanSullivan
IntraCloudReplication Fromaninfrastructuremanagementperspective,networkcapacityandspeeddirectly affectreplication.Asnotedearlier,replicationisanessentialelementofcreatingand maintainingareliable,highperformancecloud.Heavydemandsforloadingdataintothe cloudnotonlycreatedemandtogetdataintothecloudbutalsoleadtoadditionalnetwork I/Oduetoreplication.Cloudadministratorsmightdetermine,forinstance,thatgiventhe meantimebetweenfailures(MTBF)ondiskdrives,cloudstoreddatashouldbereplicated fourtimestoreducetheprobabilityofdatalosstowhateverthresholdtheyhavedefined. Thismeansthatalldataloadedintothecloudplusdatageneratedorupdatedbycloud basedoperationswillneedtobecopiedoverthenetworkfourtimes. LoadingDataintotheCloud Cloudcomputingisanidealapproachtoanalyzinglargeamountsofdata.Infact,thephrase BigDatahasbecomeamonikerforusecaseswheretraditionaldatamanagement methodsbreakdown.Theneedtodealwithmultiterabyteandevenpetabytesofdataused tobeaproblemlimitedtospecializedniches,suchasnationalintelligenceand astrophysics;today,theproblemspansindustriessuchasfinancialservices,retail, pharmaceuticals,government,andlifesciences. Businesseswithlargedatasetscanleveragelargenumbersofserverstoprocessand analyzeBigDatainparallelusingplatformssuchasApacheHadoop (http://hadoop.apache.org/).Itisnotalwayspracticaltomovelargeamountsofdataover networkstoloaditintothecloud.Insuchcases,itisbesttobypassthenetworkand employacloudversionofsneakernet(thatis,shipharddrivestodatacenters). HadoopandRelatedTools Hadoopisanopensourceimplementationofthemapreducemodelmade famousbyGoogle.Inadditiontosupportingmassivelyparallelprocessing overclustersofcomputers,itincludesascalabledatabase(HBase),adata warehouseinfrastructure(Hive),ahighleveldataflowlanguage(Pig),anda coordinationservicefordistributedapplications(ZooKeeper). Networkcapacitycanbealimitingfactorincloudarchitecturesifalargeamountofdata (relativetonetworkcapacity)hastobemovedintothecloud.Insomeusecases,thisis onlyaproblemduringthetransitiontocloudcomputingwheninitialdataisloaded;after that,dataisgeneratedinthecloudusingcloudbasedservers.Inothercases,datamaybe generatedoutsidethecloudbysensorsandotherinstrumentation;insuchcases,wewould needtodesignnetworkcapacitytomeetlargescaledatatransfersoverthelongterm.
RedundancyintheNetwork
Bothcomputingandstorageservicesintheclouduseredundancytomitigatetheriskof failures.Whenserversfail,theyareremovedfromthepoolofavailableresources.When storagedevicesfail,dataisretrievedfromanotherdevicewitharedundantcopyofthe data.Networkservicesrequiresimilarredundancytoavoidasinglepointoffailure.
117
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure6.8:Redundantnetworkconnectionsarenecessarybetweendatacentersas wellastotheInternet.
ManagementReporting
Cloudserviceuserswillbeinterestedinnetworkusereportingasameanstocontrolcosts andtomonitortrendsinnetworkusage.Weshouldnotunderestimatethecostofnetwork services.Forexample,whendealingwithBigData,thecostofnetworkI/Ocanexceedthe costofcomputingandstorageresources.Managementreportscanbeespeciallyusefulif theyprovideadetailedbreakdownofnetworkusebytimeperiodandbyjob.Aggregate reportingoverextendedperiodsoftimearealsoneededtodeterminebaselineusagerates, cyclicalpatternsofvariationinnetworkutilization,andlongtermgrowthtrends.
118
TheDefinitiveGuidetoCloudComputing
DanSullivan
CloudOperations
Maintaininganefficientcloudoperationrequiresmanagementsupportmechanismsin additiontothosepreviouslydescribed;inparticular,imagemanagementandworkload management.Thesearetasksassociatedmorewithoverallcloudmanagementthanwith individualusesofcloudservices.
ImageManagement
Acloudcanonlyinstantiatethevirtualmachineimagesavailableinthecloudscatalog.The catalogconstitutesthebaselinesetofservicesprovidedinthecloud.Userscaninstall additionalservices,ofcourse,butonceavirtualmachineisshutdown,thosechangesare lost.Thenexttimethatsystemisrequired,theadditionalsoftwaremustbeinstalledagain. Formanysituations,thecloudcatalogconstitutesthesetofapplicationsandplatformsthat canruninthecloud. MachineimagescanincludeafairlywiderangeofsoftwareinadditiontothebaseOS: Applicationservers Softwarelibraries Analyticsoftware Businessspecificapplications
WorkloadManagement
Workloadmanagementfunctionscanvaryfrombasicjobschedulingtojoboptimization. Jobschedulingsoftwareisusefulforqueuinglargejobsorforrepeatedjobsinthecloud. Theinformationmanagedinthejobschedulerisusefulfortrackingfutureuseofcloud services.Ifmetadataaboutpreviouslyrunjobssuchasnumberofserversused,duration ofjobs,amountofnetworkI/O,andsooniscollected,itcanprovidedataforestimating futuredemandsonvariouscloudresources.
119
TheDefinitiveGuidetoCloudComputing
DanSullivan
120
TheDefinitiveGuidetoCloudComputing
DanSullivan
ServicesLayer:AdaptingITOperationstoCloudInfrastructure
Thecloudisanidealplatformtorunmany,althoughcertainlynotall,businessservices. Applicationswrittentotakeadvantageofmainframecapabilitiesandtunedtorunon mainframeOSsareprobablybestrunonthatplatform.Manybusinessapplicationsare alreadyrunningondistributedplatforms,takingadvantageofclustersofservers,shared storagedevices,andhighspeednetworkinterconnections.Theseapplicationsareideal candidatesfordeployingtoacloud,buttherearestilladditionalfactorsthatshouldbe consideredwhenmovingsystemstothecloud: Designingforrecoverability Managingworkload Performingmaintenanceandupgrades Maintainingsecurity
Theseareallconsiderationsinservicedelivery,butcloudarchitecturesinfluencehowwe addressthem.
DesigningforRecoverability
Recoverabilityisanissueattheapplicationlevelaswellasattheinfrastructurelevel.An applicationthatdependsonalargepoolofserverstoanalyzedatashouldaddress questionssuchas: Whathappensifasingleserverfails? Willthejobhavetoberestartedfromthebeginning? Isthereawaytodetectwhatdatawasbeinganalyzedwhentheserverfailed? Isthereawaytorollbacktoapriorstatewithoutstartingfromthebeginning?
Therearemanydesignchoicesforaddressingthesetypesofquestions.Forexample,each servercanreceiveasubsetofdatafromadistributionnode.Thedistributionnode maintainsaqueueofdatasetstodistributetoanalysisservers.Whenthedistributionnode receivesamessagethatadatasethasbeenanalyzed,itisremovedfromthequeue.Inthis way,ifaserverfailswhileanalyzingdata,thedatawillsimplybesenttoanotherserverfor processing.Toavoidasinglepointoffailure,thissolutionwouldalsorequireafailover mechanismtostartanotherdistributionnodeshouldtheprimaryonefail.Alternatively, multipledistributionnodescouldrunsimultaneouslyandusepersistentcloudstorageto maintainthequeueofdatasetsthatcouldbereadbyanyofthedistributionnodes.Thisis justoneexampleofaresilientapplicationdesignfordistributedcomputing;therearemany others.
121
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagingWorkload
Providingservicesthroughthecloudwillrequireustothinkofjobsandworkloadsinways thatwedonotnecessarilyneedtowhenwehavefullcontrolofdedicatedservers.In particular,wewillwanttomaximizeserverutilizationwhenwerunourjobswhile ensuringjobsfinishinwhatevertimewindowrequired.If,forexample,ourcloudchargesa minimumof1hourofservertimeforeachinstance,andwehaveseveralsmallworkloads, weshouldrunthoseintandemonasinglevirtualserverratherthanrunthemondifferent serverseachincurringtheminimumcharge.
PerformingMaintenanceandUpgrades
Maintenanceandupgradesofapplicationswillhavetobecoordinatedwiththecloud serviceprovider.Whendepartmentsorprojectsmanagetheirownservers,theycan determinetheirownupgradeschedule(withinbroadercompanypolicies,anyway).Inthe cloud,applicationsaredeliveredthroughvirtualmachineimagesmaintainedinthe centrallymanagedimagecatalog.Similarly,patchingandothermaintenancedecisionswill havetobecoordinatedwiththecloudprovider.
MaintainingSecurity
Fundamentalsecurityconsiderationscontinuetopersistinthecloud.Ofparticular importanceistheneedtomanageidentitiesandentitlementsinthecloud.Ifprivate informationisstoredinthecloud,appropriateapplicationlevelcontrolswillhavetobein placetopreventunauthorizedaccess.Directaccesstotheprivatedataviathepersistent storageAPIwillalsohavetobeblockedthroughauthenticationmechanismsandaccess controllists(ACLs)orotherauthorizationcontrol. Inadditiontoaccesscontrols,wemustconsiderapplicationlevelsecurityissuessuchas vulnerabilityscanning.Ideally,securityconcernisaddressedbythecloudserviceprovider, butcustomizationsmightbetheresponsibilityoftheapplicationowner.
ServiceManagementLayer
Afinalpieceofthesoftwareandinfrastructurearchitecturethatmakesupacloudisthe servicemanagementlayer.Throughoutthischapter,wehaveconsideredcorecomputing, storage,andnetworkservicesfromboththeserviceproviderandtheserviceconsumers perspective.Wehaveseentheoverlapinconcernsbetweenbothpartiesforissuessuchas imagemanagement,workloadmanagement,andoptimizationofresources.Thisoverlap andsharedneedforsupportservicecontinuesasweconsidertheservicemanagement layer.
122
TheDefinitiveGuidetoCloudComputing
DanSullivan
Servicemanagementincludesadditionalservicesnecessaryformanagingthebusinessof providingandusingacloud.Theseinclude: Provisioning,whichareservicesthatallownonITprofessionalstodeploycloud servicesasneeded Performancemanagement,whichprovidesadditionalmanagementreportingand monitoringservicesthatallowcloudproviderstounderstanddetailedoperationsin thecloudaswellasplanforlongertermmanagementissues Usageaccounting,whichisnecessaryfortrackingwhouseswhichservicesandfor howlong;thisisessentialforpropercostallocationsorbillingforcloudservices Licensemanagementservicesareimportantforcompliance;runningaclouddoes notnecessarilyentitleonetorunasmanyinstancesofacommercialofftheshelf productasonewouldlikecloudserviceconsumerscannotnotbeexpectedto monitorthenumberofcopiesoflicensedsoftwarerunninginthecloudortoknow licensingdetails,thuslicensemanagementsystemsareneededtoensure compliance
Summary
Cloudservicescanbeprovidedwithanumberofarchitectures,andawiderangeoffactors needtobeconsideredwhenchoosingtodeployacloud.Issuesrelatedtoproviding computingservices,storageservices,andnetworkservicesallcomeintoconsiderationat themostfundamentallevels.Reliability,performance,andmanagementreportingare recurringthemeswhenconsideringthosethreecoreservices.Inaddition,cloudoperations management,adaptingIToperationstocloudarchitecturesandtopics,andservice managementmustbeexaminedasbusinesseschoosetherightcloudarchitecturefortheir situations.
123
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter7:RoadmaptoCloudComputing: ThePlanningPhase
Thebenefitsofcloudcomputingarewellestablished:Thismodelofservicedeliveryis efficient,scaleswell,andmeetsawiderangeofbusinessneeds.Thesebenefitsare maximizedwhenbusinessdrivers,infrastructure,andpoliciesareproperlyalignedtotake advantageofthecloudsmethodofdeliveryservices.Cloudcomputingisnotauniversal panaceaandsomebusinessprocessesarebetterdeliveredbyotherapproaches.Notall businesseswillbenefitequallyfromcloudcomputing;muchdependsonhowwellthey preparefortheadoptionofcloudcomputing.Thepurposeofthischapteristooutlinea planningprocessthatwillhelpmaximizethebenefitsofcloudcomputing.Theplanning processconsistsofseveralsteps: Assessingreadinessforcloudcomputing Aligningbusinessstrategywithcloudcomputingservices Preparingtomanagecloudservices Planningforcentralizedresources Committingtoservicelevelagreements(SLAs) Meetingcompliancerequirements
Thechapterconcludeswithapreimplementationchecklisttohelpmanageyourown planningphase.
AssessingReadinessforCloudComputing
TheancientGreekaphorismknowthyselfissurprisinglyrelevanttoplanningforcloud computing.Thefirststepintheplanningprocessistoassesswheretheorganizationstands withrespectto Webapplicationarchitecture Selfmanagementofcomputeandstorageservices Standardplatformsandapplicationstacks
124
TheDefinitiveGuidetoCloudComputing
DanSullivan
WebApplicationArchitecture
Applicationsaredesignedusingavarietyofdesignprinciplesthatareroughlygroupedinto whatwecallapplicationarchitectures.Thesearchitecturesvaryintermsofanumberof characteristics,suchas: Levelofcentralization Couplingofcomponents Accessibilityofcomponents Abilitytoexecutemultipleinstances Platformindependence
Weneedtoconsiderhowexistingapplicationsaredesignedwithrespecttoeachoftheseto understandhowwellthoseapplicationsareadaptedtocloudinfrastructure.Aswewillsee, thosewithcharacteristicsmostcloselyalignedtoWebapplicationarchitecturesarebest suitedforthecloud;butfirst,wewillbrieflydescribeeachofthesecharacteristics. LevelsofCentralization Anapplicationmaybecentralizedwithallapplicationcodeexecutingonasinglemachine, inasingleprocess,andunderthecontrolofasinglecomponent.Centralizedapplications rangefromsmallutilitiestolargeenterprisescaleapplications.Forexample,asimpletext editorcanberealizedwithasingleexecutablethatrunsasimpleacceptinputprocess inputgenerateoutputloop.Alsointhemostcentralizedapplicationcategory,wehave large,complexbatchorientedmainframeapplicationsthathavedevelopedoveryearsto incorporatemanyfunctions.Abillingsystemforatelecommunicationscompany,for example,mayhavemillionsoflinesofcodethat,althoughdividedintosubmodules,is largelycontrolledbyasinglecontrolmoduleandexecutesonasinglemachine.These applicationsareatoneextremeofthecentralizationspectrum. Themiddlegroundofcentralizationistypifiedbyclient/serverapplications.Inthis applicationarchitecture,theworkperformedbyanapplicationisdividedbetweenservers, whichperformthebulkofcomputingandstorageoperations,andclientdevicesthatare responsibleforuserinteractions.Asimpleexampleofanapplicationemployingthis approachisanorderentrysystemconsistingofa.NetuserinterfacerunningonaWindows desktopandaSQLServerdatabase.Theclientandtheservercomponentsarefairlytightly coupledbuttheyexecuteonseparatedevicesandthecomponents,withsomeeffort,could beexchangedforadifferentformofthecomponent.Forexample,theSQLServerdatabase couldbereplacedwithanOracledatabasewithlittleimpactontheclient.
125
TheDefinitiveGuidetoCloudComputing
DanSullivan
Decentralizedapplicationsexecutemultipleprocessesovermultipledevices.Web applicationarchitecturestakeadvantageofdecentralizedapplicationstocombineservices. AtypicalWebapplicationmayrequirepersistentdatastorageprovidedbyarelational database,usermanagementprovidedbyanLDAPserver,computeservicesprovidedbya Javaapplicationserver,anduserinteractionservicesprovidedbyaWebserver. Decentralizedapplicationsareespeciallywellsuitedforcloudarchitecturesbecause servicescanberunonvirtualserversasneededandnewservicescanbeeasilyadded withoutdisruptingtheloosecouplingbetweenservicesorrequiringonetoprovision additionaldedicatedhardware. CouplingofComponents Thecomponentsofanapplication,suchasaservice,module,orprocedure,maybetightly coupledwithothercomponents.Forexample,aprocedureforcalculatingtheshipping costsofanordermaybepartofalargerorderentryprogramthatcallsthatprocedureat specificpointsintheexecutionoftheorderentryprocesswithadatastructurespecificto thatprogram.Thisisanexampleofatightlycoupledsetofcomponents. Looselycoupledcomponentscanexecuteinmoreautonomousways.Theymayrunon differentservers,theymaybeexecutedonthebehalfofmultiplecallingprograms,andthey exchangeinputandoutputinwaysthatsupportabroadarrayofcallingapplications. Applicationsbuiltonlooselycoupledcomponentsworkwellincloudarchitecturesbecause thenumberofinstancescanbeadjustedtomeetdemandandtheservicestheyprovideare availabletootherapplicationsrunninginthecloud. AccessibilityofComponents Accessiblecomponentsarethosethatareavailabletodifferentservices.Tobeaccessible,a componentmust: Beprogrammaticallydiscoverablesothatothercomponentscanfindit Exchangeinputinwellgeneralizedformats,suchasXML Respectauthenticationandauthorizationrequirements Maintainreasonableresponseratesundervaryingloads
126
TheDefinitiveGuidetoCloudComputing
DanSullivan
AbilitytoExecuteMultipleInstances Theabilitytoexecutemultipleinstancesmightseemanoddrequirementatfirst.Afterall, whycouldntonerunmultipleinstancesofanapplication?Theanswer:Youcouldntrun multipleinstanceswhencomponentsaretightlycoupledandexclusiveuseofaresourceis required.Amonolithicapplication,forexample,mayassumethatitcanlockafileof customerdataforexclusiveusepreventingotherprocessesfromoperatingonthat resource.Iftheapplicationcannotfinishprocessinginthetimewindowallottedtoit,the applicationmanagercouldnotsimplystartanotherinstanceoftheprogramonadifferent serverandfinishinhalfthetime. Applicationsthatarewellsuitedtotheclouddonotrequirethatonlyasingleinstanceof theprogramexecuteatanyonetime.Olderapplicationsmaynothavebeendesignedwith thischaracteristicinmind,butWebapplicationarchitectures,builtondecentralized, looselycoupledcomponents,generallydonothavetheseproblems. PlatformIndependence AnothercharacteristicofWebapplicationsisthatservicesarenotrequiredtorunona singletypeofplatform.Servicesaredecoupledsothatrequirementsdefinehowdatais exchangedbetweenthoseservicesbutnothowtheservicesexecute.Aservicethatneedsto retrieveinformationaboutausercouldjustaseasilydosobycallinganLDAPservice runningonaLinuxplatformasbycallingActiveDirectory(AD)runningonaWindows server. Webapplicationarchitecturesarecharacterizedbydecentralized,looselycoupled componentsthatareaccessibletootherservicecomponentsandcanscaletomeetloads placedonthem.Thiscombinationofcharacteristicsisseenintheservicebusmodelthat usesmessagepassingandserviceabstraction.Applicationsthatusethisapproacharewell suitedtothecloud.Applicationsthatdonotusethismodelcanstillbenefitfromthe managementandcostbenefitsofusingcloudservices.Themoredecentralizedandloosely coupledtheapplication,thegreaterthepotentialbenefits.
127
TheDefinitiveGuidetoCloudComputing
DanSullivan
128
TheDefinitiveGuidetoCloudComputing
DanSullivan
SelfManagementofComputeandStorageResources
Theefficientallocationofcomputeandstorageresourcesrequirestheabilitytostartand stopservicesondemandinresponsetochangingconditions.Aswehavediscussedin previouschapters,oneoftheinefficienciesindedicatingserverstoasingleapplicationis thatsuchservershavetobeconfiguredforpeakcapacityandthisoftenleadsto underutilizationduringnonpeakperiods.Thesameproblemcouldoccurinthecloudif cloudconsumerswerenotabletorapidlyrespondtochangesindemand.Thisistruefor bothcomputingandstorageresources.Itisnotuncommonforusersofstoragearraysto havetosubmitatickettoITsupporttohaveadditionaldiskspaceallocatedtotheir dedicatedservers.ThiscouldtakeminutestodaysdependingonthebackloginITsupport. Thepotentialdelayscanleadtoapplicationmanagersallocatingmorestoragethanneeded simplytoavoidanypossibleriskofrunningoutofspaceandnotgettingadditionalstorage intime.
129
TheDefinitiveGuidetoCloudComputing
DanSullivan
Ideally,applicationmanagerswouldbeabletoallocatecomputeandstorageresourcesas needed.Inmanycases,selfmanagementsoftwareisnotinplacepriortoadoptingcloud computing.Thiscertainlywillnotpreventabusinessfrommovingtocloudcomputingbut itwillrequirethatsuchasystembeputinplace.Whenevaluatingcomputeandstorage serviceselfmanagementsoftware,considerthefollowingfactors: Easeofuse Managementreportingforcloudconsumers Integrationwithaccountingandbillingsystemsforchargebackpurposes Adequateauthenticationandauthorization Jobschedulingfeaturesorintegrationwithexistingjobschedulingsystems Abilitytoscaletothenumberofcloudconsumers
Anotherfactorthatwillinfluenceeaseofmanagementistheabilitytostandardizeon platformsandapplicationstacks.
StandardPlatformsandApplicationStacks
Standardizingonalimitednumberofoperatingsystem(OS)platformsandapplication stackscaneasethemanagementofacompute/storagecloud.Manyorganizationsmayfind somethingakintoan80/20ruleappliestothem:80%ofapplicationneedscanbemetwith arelativelysmallnumberofplatformsandapplicationstacks,possibly20%ofallthe platformsandstacksthatarecurrentlyinuseinabusiness. DeterminingRequiredPlatformsandApplicationStacks Forplanningpurposes,compileaninventoryofapplicationsincludingOSs,application servers,directoryservers,Webservers,andothercorecomponents.Withthatinventory, onecanderivealistofdistinctcombinationsofplatformsandapplicationstacks.Itislikely thatmanyoftheapplicationsrunonsimilarsetsofOSandapplicationstack.Those composethe80%sideofthe80/20rule. Fortheremainingapplications,assessthelevelofdifficultyintransitioningfromthe existingcombinationofOSandapplicationstack.Forexample,ifmanyapplicationsare runningonaRedHatversionofLinuxwhileahandfularerunningonSUSEversions,the effortrequiredtomigratebetweenthoseshouldbefairlylowinmostcases.Anapplication thatdependsonaWindowsserverplatformoroncomponentsthatonlyrunonWindows platformswouldbesignificantlymoredifficulttoporttoaRedHatplatform.Thegoalin movingtoacloudarchitecture,however,isnottoredesignexistingapplicationsbutto leveragethebenefitsofthecloud. Thiscallsforsomethingofabalancingact.First,wewanttominimizethenumberof distinctapplicationstackswesupportinthecloudbutwealsowanttomaximizethe numberofapplicationsthatcanbesupportedinthecloud.Addingapplicationstacks shouldincreasetheabilitytosupporteitherasignificantnumberofgeneralapplicationsor targetedmissioncriticalapplicationsthatwouldbenefitfromrunninginthecloud.
130
TheDefinitiveGuidetoCloudComputing
DanSullivan
RegardlessofthecombinationofapplicationcomponentsandOSs,thereareservicesand policiesthatshouldbestandardizedacrossplatformsinthecloud.
Figure7.3:Relativedistributionofplatform/stackneedsthatcanbemetbyasmall setofcommonlyusedstacks,specializedstacksforlesscommonrequirements,and customplatform/stacksforsingle,customneeds. RequiredSupportServices Thecloudshouldprovideidentitymanagementservicessuchasauthenticationand authorizationservices.Thesearenecessarytoproperlyadministeracloud.Forexample, thesesystemswouldbeusedto: Determinehowusersoragentsareauthenticatedtoselfserviceapplicationsused tomanagecloudservices Determinelimitsoncloudconsumers,suchasthemaximumnumberofinstancesa usercanstartatonetimeorthelengthoftimeasingleinstancecanberunninga singlevirtualmachine Allocatechargesforcloudservicestotheproperdepartmentorbillingcode
131
TheDefinitiveGuidetoCloudComputing
DanSullivan
Thesameauthenticationandauthorizationservicescouldbemadeavailableto applicationsrunninginthecloud,reducingtheneedforapplicationspecificidentity managementsystems. CustomizationandSpecializedRequirements Anotherissuetoconsideraroundstandardizingplatformsandapplicationstacksisthe needforspecializedversionsofcloudprovidedstandards.Thecompanymayhave standardizedonJavaor.Netforallapplicationdevelopmentbutadepartmentneedsto hostathirdpartyapplicationdevelopedinRuby.Rubyisaninterpretedprogramming languageakintoPerlandPython.RubymustbeavailableonaservertoexecuteaRuby application.Ifthislanguageisnotpartofthestandardcloudofferings,thedepartmentmay wanttocreateaspecializedvirtualmachineimagetomeettheirneeds. ThereareadvantagestoallowingcustomizedcombinationsofOSsandapplicationsstacks. Themostcompellingisthatcloudconsumershaveaccesstoexactlywhattheyneed.There isnoneedtoportapplicationstootherplatformsorfindalternativesolutionsthatrunon standardplatforms. Thedisadvantageofallowingcustomizedvirtualmachineinstancesisthattheyaremore difficulttomanage.Forexample,whoisresponsibleforpatchingandmaintaining customizedvirtualmachineimages?Thecreatorsknowthecomponentsandapplications best,butITsupportstaffmaybemostfamiliarwithlowerleveldetails,suchasOS vulnerabilities.Also,ifapatchweretobreaktheapplication,howwoulditbedealtwith? Willusershavetheknowledgeandtimetotestpatchesbeforedeployinginproduction? Willmetadataaboutthecontentsofcustomimagesbekeptuptodate?Willthistask duplicateeffortsalreadycarriedoutbycloudproviders?Wearestartingtoseethe potentialforthekindofinefficiencythatdrivesupITcostsinnoncloudenvironments. Assessingreadinessformovingtoacloudarchitectureisacriticalfirststepintheplanning process.Thisstageofplanningrequiresanassessmentofwhichapplicationswillfitwell withthecloud;thoseusingWebapplicationarchitectures,suchasaservicebus architectureoramultitieredapplicationstackarewellsuitedforthecloud.Oncethose applicationsareinplaceinthecloud,cloudconsumerswillwantprecisecontroloverhow theyexecuteandthestoragetheyuse.Selfmanagementservicesareessentialtorealizing theefficienciesofthecloud.Finally,duringtheassessmentstage,oneshouldidentifythe standardplatformsandapplicationstacksthatareneededinthecloud.Thebenefitsofthe cloudshouldnotbeunderminedbyunnecessarymanagementoverhead. Thefirststageofplanningconsideredprimarilytechnicalaspectsofdeliveringservicesin fromacloud.Inthenextstage,weconsidermorebusinessorientedaspects.
132
TheDefinitiveGuidetoCloudComputing
DanSullivan
AligningBusinessStrategywithCloudComputingServices
Cloudsaredeployedtodeliverservicesandservicesareestablishedtomeetbusiness requirements.Toensurecloudservicesaredeployedinawaythatisalignedwithbusiness strategy,weshouldconsiderexistingworkloadsandtheircorrespondingvaluemetrics.
WorkloadAnalysis
Rightnowinyourbusinesstherearehundreds,thousands,orevenmoreapplications executingbusinessprocesses.Someofthesearetransactionprocessingsystemsthat providehighvolume,rapidprocessingoforders,inquiries,reservations,orabroadarray ofothernarrowlyfocusedbusinessactivities.Otherapplicationsareperformingbatch operations,suchasgeneratinginvoices,reviewinginventorylevels,orperformingdata qualitycontrolchecksondatabases.Stillothersareextractingdatafromoneapplication, transformingthedataintoaformatsuitableforanalysis,andmovingitintoadata warehouse.Thereisawidearrayofdifferenttypesofapplicationsthatareneededtokeep anenterprisefunctioning. Thesedifferenttypesofapplicationshavedifferentrequirementsandconstraintsthatmust beconsideredwhenmovingthemtothecloud.Forexample,theymightneed: Tostartandfinishexecutingwithinaparticulartimeperiod Towaitforanotherjobtocompletebeforeitcanbegin Tolimitthefunctionalityofsomeservices,forexample,writelockingafileto performabackup Toprovisionasignificantnumberofserversforashortperiodoftimefora computeintensiveoperation
133
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure7.4:Thecombinationofworkloadsrunningintheclouddeterminesoverall utilizationatanypointintime;ideally,periodsofunderutilizationandover utilizationareminimized. Cloudconsumersaretheoneswhowilldecidewhentostartandstopjobsandhowmany virtualserverstoprovisionforparticulartasks,butintheplanningstages,wewillwantto ensurethereissufficientcapacity.Todoso,wecanlookatexistingworkloadsandtakeinto account: Howoftenjobsexecuteondedicatedservers Thelevelofutilizationofthoseservers Timeconstraintsonwhenthosejobsexecute
ValueMetrics
DevelopingapreciseandgenerallyacceptedROIfunctionforanyITinvestmentisdifficult atbest.Toassessthevalueofcloudcomputing,wecanconsidermoretargetedmeasures suchasthevaluerelativetohardwareandsoftwareinvestmentsandrelativetolaborcosts.
134
TheDefinitiveGuidetoCloudComputing
DanSullivan
Thecostsarerelativelyfixed,soitdoesnotmatterwhetheryourunyourapplication24 hoursadayor1houraday;thehardwareandsoftwarecostsarethesamewhenrunning thatapplicationonadedicatedserver.Thecostmodelofacloudisdifferent. Inacloudmodel,thecostoflicensingandhardwarecanbedividedamongmultipleusers. Forexample,onedepartmentmightrunanapplicationfor2hoursaday,anotherfor6 hoursaday,andathirduserrunstheapplicationfor10hoursaday.Proratingthecostof licensingandmaintenanceover18hoursofdailyutilizationlowersthecostforallthree users,especiallytheuserwhoonlyneeds2hoursofapplicationservicesperday. LaborValue Thecostoflaborinthecloudmodelislowerthandedicatedservermodelsforacoupleof reasons.First,inthecloud,thereisanopportunitytostandardizehardware.Large numbersofserversallbuiltusingthesame,orverysimilar,componentsareeasierto maintain.Ifaharddrivefailsinaserver,replaceitwithasparethatwouldworkjustas wellinanyotherserver.Thereislessoverheadtomanageinventoryandfewerchancesfor errorsinconfigurationifallserversusethesametypeofcomponents. Standardizingvs.Repurposing Whenfirstdeployingacloud,youmightwanttorepurposehardwarethat hadbeendedicatedtoapplicationsthatwillnowruninthecloud.Someof thishardwaremaynotmatchthecloudshardwarestandard.Onceagain,we havetobalancethebenefitsofstandardizingonhardwarewiththecost savingsofrepurposinghardware.Oneoptionistorepurposenonstandard hardwarebutreplaceitwithstandardequipmentasitfailsornolonger meetsfunctionalrequirements.
135
TheDefinitiveGuidetoCloudComputing
DanSullivan
Second,withselfservicemanagement,cloudconsumerscanmanagetheirown applicationsandworkloads.ITsupportstaffthathadbeendedicatedtorespondingtobasic serversupport(forexample,installingsoftware,allocatingdiskstorage,andrunning backups)cannowbededicatedtohighervaluetasks.Thecloudinfrastructurewillrequire ITsupportservicesthatcanbeprovidedmoreefficientlyinthecloudthanwithservers dedicatedtoparticularapplications.Forexample,ifavulnerabilityisdiscoveredinanOS,a singleadministratorcanpatchtheOS,regeneratevirtualmachineimages,anddeploythose imagestotheservicecatalog.Comparethattaskwiththepatchingofhundredsofservers acrosstheorganization.Byanalyzingworkloadsandcalculatinginitialvaluemeasurein theplanningprocess,wearebetterabletoalignbusinessrequirementsinacosteffective waywithcloudservices.
PreparingtoManageCloudServices
Uptothispointintheplanningprocess,wehaveconsideredreadinessofanorganization tomovetoacloudarchitectureintermsoftechnicalissues,suchastheuseofWeb applicationarchitecturesandstandardizationonplatformsandapplicationstacks.Wehave alsoexaminedthealignmentofbusinessstrategywithcloudservicesintermsofworkload analysisandvaluemetrics.Wenowturnourattentiontoafewissuesrelatedtolonger termmanagementofcloudservices.Theseare: Theroleofprivate,public,andhybridcloudservices Planningforgrowth Longtermmanagementissues
Theseissues,asweshallsee,arestronglyinfluencedbydemandforcloudservices.
RoleofPrivate,Public,andHybridCloudServices
Therearethreebroadmodesofdeliveryforcloudservices:private,public,andhybrid.A privatecloudisdeployedandmanagedbyanorganizationforitsowninternaluse.The organizationcontrolsallaspectsofcloudimplementation,management,andgovernance. Oneofthemostsignificantadvantagesofthisapproachisthatdataneverleavesthecontrol ofitsowner.Thisreducestheriskthatanoutsidepartywillgainaccesstoprivateor confidentialdata.Dependingontheimplementationandmanagementdetails,private cloudsmaybemorecosteffectiveaswell.Forexample,abusinessmayhavesignificant investmentinserversthatcanberedeployedinthecloud,loweringtheinitialcosts. Apubliccloudisonethatismanagedbyathirdpartythatprovidesservicestoits customers.Theprimaryadvantageislowstartupcostsonthepartofcustomersand minimalmanagementoverhead,atleastwithrespecttobasiccloudservices.Businesses willstillneedtomanagetheirworkloads,allocatechargebacks,andsoon.
136
TheDefinitiveGuidetoCloudComputing
DanSullivan
PlanningforGrowth
Ifsuccessful,acloudislikelytogrowbothintermsofunderlyinginfrastructureandin termsofthenumberofservicesprovidedbythecloud.Inthecaseofprivateclouds,growth ininfrastructurecanoccurinternallybyaddingservers,storage,andancillaryequipment asneedsdemandorbyadoptingahybridcloudapproach.
137
TheDefinitiveGuidetoCloudComputing
DanSullivan
Growthinserviceswillputadifferentkindofmanagementburdenoncloudproviders.In particular,cloudproviderswillneedtoplanfor: ExpansioninthenumberofOSsandapplicationstacksthatmaybesupported Growingdemandforcustomvirtualmachineimagestoaccommodatespecialized requirements Agrowingbaseofcloudconsumerswithwidelydifferentneeds Emergingcategoriesofusers,suchaslongtermcloudconsumerswhoneed continuouslyrunningservers,userswithintermittentbutregularlyscheduledneeds forservers,userswhowilltakeadvantageofthecloudforoccasionalneeds,orspot userswhowillusethecloudonlyduringoffpeakhoursifthecostisloweratthose times.
Figure7.6:Usingpubliccloudservicesinahybridcloudconfigurationduringpeak demandperiodsmaybethemostcosteffectivewayofmeetingthedemandforpeak capacity. Thesedifferentfactorswillhelpshapemanagementandpricingpolicies.Amarketpricing model,forinstance,maybeintroducedtomoreevenlydistributetheworkloadincases wherethereareperiodsofhighandlowdemand.Peakpricingcouldbeinstitutedduring highdemandperiodsandlowerpricesduringlowdemandperiods.Anotheroptionisto useanauctionmodelinwhichcloudconsumersspecifythepricetheyarewillingtopayfor aresource;thecloudallocatesresourcestothehighestbidder,thenthenextlowerbidder, andsoonuntilallresourcesareallocated.
138
TheDefinitiveGuidetoCloudComputing
DanSullivan
LongTermManagementIssues
Intheplanningstagesforadoptingacloud,itisimportanttoconsidersomeofthelong termmanagementissuesthatcloudproviderswillface.Theseincludebothserviceand infrastructureissues: Maintainingthesecurityandintegrityofvirtualmachineimages Monitoring,detecting,andblockingunauthorizedusesofthecloud Planningforhighavailabilityanddisasterrecovery,possiblywithmultiplesitesfor aprivatecloudorwiththeuseofahybridcloudapproach Managingidentity,authentication,andauthorizationmechanisms Handlingphysicalconfigurationofthecloudandpowerconsumption Acknowledgingthepotentialforrapid,significantriseindemands,forexamplewith thegreateruseofinstrumentationanddatacollection
Thesearebroadissuesthatwillcontinuetoevolveovertime.Inadditiontothese,thereare severallongtermissuesandresponsibilitiesthatwarrantmoredetailedconsideration.
PlanningforCentralizingResources
Cloudcomputinggainsmanyofitsadvantagesfromcentralizingresources,management, andgovernance.Duringtheplanningstage,itisimportanttobeginformulatingpoliciesand practicesthatsupportcentralization.Thiscancomeinseveralforms: Standardizingtoreducecomplexity Streamliningservicemanagement Virtualizingphysicalresources
Thesevariousformsofcentralizationareimportantindividually,buttheyalsoreinforce andsupporttherealizationofeachother.
StandardizingtoReduceComplexity
Standardizationreducescomplexity,especiallyinthecloud.Whenweusetheoneserver foroneapplicationapproachtodeliveringservices,thereislessneedforstandardization thanincloudmodels.Thatisnottostaystandardizationisunimportant;itisimportant,but thedegreeofstandardizationrequiredtorealizebenefitsisnotasgreatasitiswithcloud computing.
139
TheDefinitiveGuidetoCloudComputing
DanSullivan
Takeforexampleasalesdepartmentthatrunsasmalldatamart.Thedepartmenthad hiredananalystwhohadworkedwithopensourcereportingtoolsinthepastand persuadedthedepartmentmanagertousethosetoolsaswelleventhoughthebusiness hadstandardizedonacommercialtoolsuite.Thedepartmentisresponsibleforbuilding andmaintainingitsdatamart,andthegroupfunctionswellwithit.CentralizedITisnot responsibleformaintainingsalesdepartmentssystemanddoesnotobjecttoit.(Wewill ignorethesecurityimplicationsofthisdecisionforthemoment).Nowpicturethis applicationmovingtothecloud. Avirtualmachineimagewouldhavetobecreatedandmaintainedintheservicecatalogof thecloud.CentralizedITmanagementwouldberesponsiblefordeployingandmaintaining theimage.Asitisinthecatalog,otherusersmightmakeuseofit.Theuserbasemightgrow tothepointthatITmustspendsignificanttimetolearnthetoolinordertoprovide support.Whatstartedasanisolatedinstanceofusingnonstandardsoftwareslowlyshifts tobecominganinstitutionalized,supportedapplication. Standardizationisakeymethodofreducingcomplexity.Thegoalofstandardizationisto meetallfunctionalrequirementswithaminimalsetofcomputingcomponents.Once requirementsaremet,addingcomponentsaddstocomplexitythatis,thenumberof interactingcomponentsthatneedtobemaintainedandadaptedtofunctionwithother componentswithoutaddingtothegoalofmeetingrequirements.Inthepreviousexample aboutdatamartreporting,anonstandardsystemwasusedwhentheenterprisestandard solutionwouldhaveworked.Theresultwasadditionalcomplexitywithnoadditional benefit.Suchsituationsshouldbeavoidedwhendeployingacloud.
StreamlineServiceManagement
Oneofthebenefitsofcentralizationisthatbydeliveringservicesatlargescales,itpaysto investinoptimizingthoseservices.Afastfoodchainthatservesmillionsofsandwichesa yearwilloptimizeeveryaspectoftheproduction,preparation,anddeliveryofthose products.Similarly,thefactthathundredsorthousandsofuserswillrepeatedlyinvokethe samestandardizedsetofservicesdemandsattentiontostreamliningandoptimizingthe deliveryandmanagementofthoseservices. Inordertostreamlineservicemanagement,weneedapplicationsinplacethatreducethe manuallaborandcomplexityofworkflowsrequiredtoimplementmanagementprocesses. Inparticular,servicemanagementshouldinclude: Supportfordiscoveringservicesprovidedinthecloudthroughdetailedandupto datemetadataaboutservices Virtualmachineimagesthataredesignedtosupportservices,suchasreport generation,andnotjustOSsandapplicationstacks,suchasLinuxwithastatistical analysispackageinstalled Managementreportingthatallowscloudconsumerstotrackandoptimizetheirown useofcloudresources
140
TheDefinitiveGuidetoCloudComputing
DanSullivan
Oneofthefactorsthatsupportstheabilitytostreamlineservicemanagementistheability tovirtualizecloudinfrastructure.
VirtualizingPhysicalResources
Thefinalaspectofcentralizingresourceswewillconsideristheneedtovirtualizephysical resources.Aswehaveencounteredrepeatedlywithinourdiscussionofcloudcomputing, theabilitytovirtualizecomputingandstorageservicesareatthefoundationofthe efficienciesprovidedbythecloudmodel.Thekeyphysicalresourcesthatshouldbe virtualizedareserversandstorage. Settingupasetofvirtualmachinesonasingleserverisstraightforward:installa hypervisorandcreatevirtualmachineinstancesbasedonOS(s)ofchoice.Scaling virtualizationtoalargenumberofserversrequiresmanagementsoftwarethatcanmanage multiplehypervisorclientsfromasingleconsole. Storageservicesalsoneedtobevirtualizedsothattheyappeartocloudconsumerstobea singlestoragedevice.Virtualmachineinstancesinthecloud,forexample,shouldbeableto addressstoragespaceonthecloudSAN(s)withouthavingtomanageimplementation details.Ideally,thesamemanagementconsolethatisusedtocontrolserversinthecloud willsupportmanagementandadministrationofstorageresources. Computingandstoragecloudshidemanyoftheimplementationdetailsthatgointo buildingandmaintainingalargeITinfrastructure.Bystandardizingservices,streamlining servicemanagement,andvirtualizingphysicalresources,cloudprovidersenablethe technicalresourcesneededbyuserstoleveragecloudservices.Thosesameusers, however,alsorequireattentiontobusinessconsiderations.
CommittingtoSLAs
Businessmanagersmaylookatcloudservicesandfindthelowercosts,greatercontrol,and potentialforscalingbusinessprocessescompellingreasonstousecloudservices.These reasonsareoftennotenough,though.Itisnotsufficientforacloudtoworkwelltoday;it needstoworkwellforaslongasusersneedit.ThisiswhywehaveSLAs.SLAsare standardinIT,anditisnosurprisethattheyareusedwithcloudservices.Ratherthan focusjustontheavailabilityofaspecificapplication,cloudSLAsmaybemoregeneraland applytocapacitycommitments,networkinfrastructure,storageinfrastructure,and availabilityandrecoverymanagement.TheseSLAsarecloselycoupledtotheinfrastructure ofthecloud,buttheprimaryconcernisonthebusinesscommitmentscloudproviders maketotheircustomers.
141
TheDefinitiveGuidetoCloudComputing
DanSullivan
CapacityCommitments
AcapacitycommitmentinanSLAoutlinesthenumberandtypesofservercapacitythat willbeavailableforusewhenthecloudconsumerattemptstousethem.Severalfactors shouldbeconsideredwhenmakingcapacitycommitments: Thetotalinfrastructureplannedforaprivatecloud Theabilitytoacquireadditionalresources(computeandstorage)asneeded throughahybridcloud Changesinpricingmodelsifhybridresourcesareused Acommitmenttothepercentoftimethecapacitywillbeavailable Lengthoftimethecapacitywillbeavailablewithoutinterruptiononcethecapacity isprovisioned
NetworkInfrastructure
Networkservicecommitmentsareespeciallyimportantwhentherearehighlevelsofdata exchangeinandoutofthecloud.Servicecommitmentswillbelimitedbythenetwork capacityofInternetserviceproviders(ISPs)andtheabilitytodistributenetworkingload acrossmultipleISPs.Cloudserviceprovidersarelimitedbytheservicelevelcommitment theyreceivefromtheirISPs;however,bycombiningnetworkservicesfrommultiple providers,acloudprovidercanimprovetotalthroughputandavailability.
StorageInfrastructure
StorageSLAstakeintoaccountseveralfactors: Amountofstorageavailableforuse Backupservices,ifany Availabilitycommitments,includingpercentoftimestorageserviceswillbe available Throughputcommitments
142
TheDefinitiveGuidetoCloudComputing
DanSullivan
AvailabilityandRecoveryManagement
AnotherpopulartopicforSLAsisrecoverymanagement.Theredundancyofserversinthe cloudensuresthatthefailureofasingleserverinthecloudwillnotdisruptanoperation. Theservicecanbestartedagainonanotherserver.Fromaservicelevelperspective,cloud providersmaybeabletocommittohighlevelsofavailabilityintermsofhavingservers availabletorunapplications.Onemustaccountforthefact,though,thatwhenaserverfails andanotherisstartedinitsplace,theremaybedatalossdependingonhowtheapplication iswritten.Iftheapplicationwritesstateinformationtocloudstorage,anotherinstanceof theapplicationcanrecoverfromthelastpointatwhichstateinformationwaswrittento thedisk.Iftheapplicationdependsonmaintainingstateinformationinmemory,the recoverypointwouldbeearlier.Afinalsetofissuesthatfallsunderthepenumbraof businessdriversiscompliancerequirements.
ComplianceRequirementsandCloudServices
Compliancerequirementstendtofocusonpreservingtheintegrityofdata,especially financialdata,andprotectingtheprivacyofconfidentialinformation.Oneofthegreatest impedimentstoadoptingpubliccloudcomputingisconcernaboutprotectingtheintegrity andconfidentialityofdataonceitleavesthecorporatecontrollednetwork.Privateclouds retaindatawithincorporatefirewallswhereitwillbesubjecttointernalcontrols.The assumptionbehindthisreasoningisthatgovernanceproceduresthatprotectdatainnon cloudinfrastructurearesufficienttoprotectthesamedatainthecloud.Thismaybetrue forthemostpart,butthecloudintroducesadditionalfactorsthatshouldbeconsidered: Applicationsrunninginavirtualmachinemightwritedatatolocaldisks.Whenthe virtualmachineshutsdown,alldatawrittenbyitshouldbeoverwritten. Authorizationsassignedtousersfornoncloudresourcesshouldberespectedinthe cloud.Forexample,ifdatamovesfromadedicatedfileservertocloudstorage,the samerestrictionsonaccessshouldapply. Practicesemployedaspartofcomplianceefforts,suchasroutinevulnerability scanning,willhavetobeadaptedtoscanmachineimagesintheservicecatalog ratherthanjustinstancesrunningataparticularpointintimeonagivensetof servers
143
TheDefinitiveGuidetoCloudComputing
DanSullivan
Summary
Planningforcloudservicesisamultifacetedprocessthatbeginswithassessingreadiness forthecloudandaligningbusinessstrategywithcloudcomputingservices.Italsorequires preparationformanagingcloudservicesandplanningforcentralizedresources.In addition,itentailsanumberofbusinessorientedconcerns,suchasSLAsandsupportfor complianceefforts.Tofacilitatetheplanningprocess,apreimplementationchecklistis providedthatsummarizesthekeypointsofthischapter.
PreImplementationChecklist
AssessingReadinessfor CloudComputing DeterminewhetherapplicationsaredesignedtouseaWeb applicationarchitecture,servicebusarchitecture,orntier architecture Assessabilitytoprovideforselfservicemanagementof computingandstorageservices Standardizeonplatformsandapplicationstacks Analyzeworkloads Determinevaluemetricswithrespecttolabor,hardware, andsoftware Understandtherolesofprivate,public,andhybridclouds andtheirutilityforbusinessrequirements Planforgrowthindemandsforservices Assesslongtermmanagementissues Performcapacityplanningwithrespecttoservicelevel commitments Analyzecapacityofnetworkinfrastructure Analyzecapacityofstorageinfrastructure Formulatereasonablecommitmentswithrespectto availabilityandrecoverymanagement Determinesecurityrequirementsforpreservingtheintegrity andconfidentialityofdata Adaptreportingrequirementstoaddresscompliance implementationissuesintroducedbythecloud
MeetingCompliance Requirements
144
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter8:RoadmaptoCloudComputing: TheImplementationPhase
OneofthemostchallengingITtasksistoimplementanewsystemsarchitecture.By definition,weareintroducinganewwayofdeliveringservices;atthesametime,weare oftenrequiredtomaintainexistingservices.Itisanalogoustorepairingyourcarwhile drivingit.Thefirststepinthecloudadoptionprocessistodevelopacomprehensiveplan thatbeginswithassessingreadinessforcloudcomputing,aligningbusinessprocesseswith cloudservices,planningforcentralizedresources,andcommittingtoservicelevel agreements(SLAs).Wedescribedthisfirststepindetailinthepreviouschapter;inthis chapter,weshiftfocusfromplanningontotheactualimplementationoftheplan. Manyplanningissuesarecommontobothpublicandprivateclouds,butthe implementationdetailsaremorecomplexinthecaseofprivatecloudcomputing.This chapterwilladdresshowtoimplementaprivatecloudandwillincludediscussionof hybridandpubliccloudissuesaswell.Thestructureofthediscussionisdividedintofive coresubtopics: Establishingaprivatecloud Transitioningcomputeandstorageservicestoacloud Completingapostimplementationchecklist Managingcloudservices Extendingaprivatecloudwithpublicservices
145
TheDefinitiveGuidetoCloudComputing
DanSullivan
EstablishingaPrivateCloud
Aprivatecloudbeginswiththedeploymentofhardware,networking,andsoftware services.Throughoutthisbook,wehaveoftendiscussedthebusinessservices,software architectureissues,andotherlogicaldesignconsiderations.Allofthoselogicalchoices ultimatelydependonlowerlevelservicesthatinturnrelyonanITinfrastructurethat includes: Privatecloudhardware Networking Applicationstacks
Deployingacloudbeginsdownintheinfrastructure.
DeployingHardwareforaPrivateCloud
Manyofthehardwareissueswehavetoaddressinaprivatecloudarefamiliartothose withdatacenterexperience.Theytendtoclusteraround Serverlevelissues,suchasthenumberofserversandamountofnetwork equipmentandhowtheyaredeployedandconfigured Environmentalconcerns,suchasspace,power,andcooling Redundancytopreventsinglepointsoffailure
ServersandNetworkEquipment Serversinaprivatecloudarehousedinoneormoredatacenters.Theremustbeadequate spacewithinthedatacentersfortheserverunits.Thenumberofserversinacloudcan growincrementallyquiteeasilybutthephysicalspaceforhousingthemmaynot.Data centersshouldbesizedaccordingtoinitialspacerequirementsaswellasforforeseeable growth. Serversareoftenrackmountedinindustrystandard19inchrackcabinets.Theseare typicallyconfiguredtoalloweasyaccesstoboththefrontandbackofthecabinets.Cabling isrunthroughrackstoimprovecablemanagement;spacerequiredforanorganizedcable distributionsystemmustalsobetakenintoaccountwhensizingthedatacenter.Distances betweencomponentsshouldbeminimizedinordertominimizecablelengths,butmore importantly,thedatacenterequipmentshouldbeorganizedinalogicalfashiontosupport maintainability. DataCenterStandards Standardsforconfiguringdatacentershavebeenestablishedbythe TelecommunicationsIndustryAssociation(TIA).Formoreguidanceon configuringadatacenter,seetheTIA942DataCenterStandardsOverview byADC.
146
TheDefinitiveGuidetoCloudComputing
DanSullivan
Externalpowergeneratorswilltypicallysupplyelectricalpowertoadatacenter.Key considerationsarereliabilityandadequatesupplyofpower.Topreventasinglepointof failureinthepowersupplysystem,abackuppowersystemcanbeused.Uninterruptable powersuppliescanusebatteriestosupplypowerimmediatelyinthecaseofapower failurewhiledieselgeneratorsarestarted.Thegeneratorsaredesignedtosupplypower forlongerperiodsoftime. Coolingisanotherfactorthatmustbetakenintoaccountwhendesigningadatacenterfor aprivatecloud.Serversandotherelectricalequipmentdissipateheatintotheenvironment andthetemperatureinadatacenterwillriseunlessthecenteriscooled.Humiditycontrol isalsoaconcernbecausetoomuchmoistureintheaircanresultincondensationon electricalequipment.Airconditioningisthecommonmethodforcoolingbutalternatives, suchasusingoutsideair,areinuseaswell. TipsonEnergyEfficiencyforDataCenters SeeTheQuickStartGuidetoIncreaseDataCenterEnergyEfficiencybyUS GeneralServicesAdministrationandtheUSDepartmentofEnergyfortipson reducingthecostsandenvironmentalimpactofoperatingadatacenter. Firepreventionequipmentincludesactivecontrolssuchassmokedetectors,sprinkler systems,andfiresuppressiongaseoussystems.Passivecontrols,suchasfirewalls,canalso beusedtocontainfirestoonepartofthedatacenter. Thephysicalintegrityofthedatacentermustbeprotectedwithaccesscontrolstoprevent unauthorizedaccess.Guards,accesscontrolbadges,andsurveillancecamerasareallused toprotectdatacenters. RedundancyandAvoidingSinglePointsofFailure Redundancyisfoundatmultiplelevelsinadatacenter,fromdualpowersuppliesinair conditioningunitsallthewayuptoduplicatedatacenters.Atthelowestlevel,redundancy isbuiltintothecomponentswedeployassinglecomponents,suchasservers,air conditioners,anddiskarrays.Atmidlevels,weincorporateredundantcomponentsor backupsystemsinadatacenter.Asecondairconditioningunitisanexampleoftheformer; anuninterruptablepowersupplyisanexampleofthelatter.
147
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure8.1:Redundancyisusedatmultiplelevelstoavoidsinglepointsoffailurethat couldshutdownasinglecomponentoranentirebusinessprocess. Wemaydothisanywaytoensurehighavailabilityevenwithoutregardfordisaster recoverysituations.Forexample,ifadiskarrayfailsinonedatacenterornetworktrafficto thatdatacenterisunusuallyhigh,otherdatacenterswiththereplicateddatacanrespond toservicerequestsforthatdata. Itshouldbenotedthatthisprocessisnotthesameasbackups.Backupsarecopiesofdata atapointintimeandpreservedfromsomeperiodoftime.Datareplicationcopiesdataand overwritesexistingdatainsomecases.Ifanapplicationerrorcorruptsadatabaseinone datacenter,thatdatabasewilleventuallybereplicatedtootherdatacentersunlessthe problemisdiscoveredintime.Abackupwouldallowthebusinesstorecoverfromthedata corruption;replicationmaynot. Inadditiontocomputeandstorageinfrastructure,weneedtodeploysufficientnetworking resourcestomeetthedemandgeneratedbycloudcomputing.
148
TheDefinitiveGuidetoCloudComputing
DanSullivan
DeployingNetworkServicesforaPrivateCloud
Businessservicesdeliveredthroughthecloudwilldeterminenetworkbandwidth,latency, andreliabilityrequirements.Thenetworkarchitectureselectedforaprivatecloudwill determinehowthoserequirementsaremet.Aswithcomputeandstoragehardware, redundantcomponentssuchasroutersandswitchesareimportantforavoidingasingle pointoffailure.Theyalsocontributetohighavailabilitybyenablingloadbalancingacross networkdevices. Evenwithredundantdevicesonthecorporatenetwork,westillfaceariskoflosing networkservicesontheinternetworkbetweendatacentersandothercorporateoffices. Providingredundantlinksoverthewideareanetwork(WAN)isanobvioussolutionbut thereisasignificantdrawback:cost. ConsideraprivatecloudthatusestwodatacentersandsupportsWANconnections betweenthedatacentersandforcorporateoffices.Figure8.2depictsafullyredundant WAN.
149
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure8.3:Ameshnetworkarchitectureprovidesredundancywithfewerlinksthan afullyredundantdesign.
ProvidingApplicationStacks
Inadditiontodeployinghardwareandnetworkingservices,weneedtoprovideforand manageapplicationstackswithinaprivatecloud.Thisrequiressupportforatleastthree elements:cloudmanagementservices,managementpolicies,andmanagementreporting. CloudManagementServices Cloudmanagementservicescanbethoughtofasanotherlayerinthesoftwareapplication stack.Wehaveapplicationsthatruninsideapplicationserversthatruninsideanoperating system(OS),andOSsthatrunasvirtualmachineswithinhypervisors.Thislayered approachcontinuesinthecloudwithcloudmanagementsoftwarethatcarriesoutbasic cloudoperations: Startingandstoppingvirtualmachineinstances Providingaccesstonetworkstoragesystemsfromvirtualmachinesrunninginthe cloud Managingcloudstorageservices Trackingusageinformationforaccountingandbilling
150
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure8.4:Theconventionalapplicationstackisextendedinthecloudtoinclude cloudmanagementservicesbelowvirtualizationservices. Cloudmanagementservicesmustaccommodateseveraltypesofneeds: Clusteringgroupsofserverstosupporthighperformancecomputingneedsfortight couplingofapplicationsrunningondifferentservers Aservicecatalog,whichisarepositoryofvirtualmachineimagesthatmayberunin thecloud Accesscontrolsoncloudservices,suchastheabilitytostartandshutdown instancesoraddimagestotheservicecatalog Storageabstractionsforpersistentstorageaftervirtualmachineinstancesareshut down
151
TheDefinitiveGuidetoCloudComputing
DanSullivan
CloudManagementPolicies
Cloudmanagementpoliciesspecifyhowcloudresourcesaregoverned.Computingcloud architecturesevolvedfromearlierITarchitectures,sotherearenotnecessarilynewtypes ofpolices;instead,wehaveextensionstoexistingpolicies(forthemostpart).Atminimum, aprivatecloudshouldassesscurrentpoliciesandmakemodificationsasneededto accommodate: Privilegesandlimitsonthenumber,types,anddurationsofuseofvirtualmachines asingleprojectcanprovision Accesscontrolpolicieswithregardtoprovisioningvirtualmachinesandstorage allocations Backupservices LimitsonSLAsandthecostofdifferentSLAs Dataretentionanddatadestructionpolicies
152
TheDefinitiveGuidetoCloudComputing
DanSullivan
CloudManagementReporting
Asystemofreportingoncloudoperationsmustalsobeinplaceearlyinthedeployment phase.Cloudserviceproviderswillneedmanagementreportsthatdescribekey performanceindicatorsofthecloud: Serverutilization Storageutilization Networkbandwidthandlatency Securityincidentreports Servicesupporttickets Servicecataloginventoryandsummarydescriptions
Ideally,thesereportsareavailableforaggregatemeasureacrosstheenterpriseaswellas byimportantdimensions,suchastime,departmentorlineofbusiness,datacenter,user location,andsoon. Cloudserviceconsumerswillalsolookformanagementreportsbutwithanemphasison managingtheirownuseofthecloud.Typicalreportsinthiscategoryinclude: Numberandtypeofserversusedandthedurationofeachusebyjoborproject Amountofstorageallocatedbyjoborproject CPUutilizationrates Imagesandsoftwareused,especiallyifchargebacksareappliedforsoftware licenses Summaryreportsonjobsscheduledandtimerequiredtocompletejobsandtotal costbyjob
Cloudmanagementreportsshouldhelpcloudprovidersmoreefficientlydelivercloud servicesaswellashelpcloudconsumersmoreefficientlysupporttheirbusinessservices andworkflows. Establishingaprivatecloudisamultistepprocess.Hardwaremustbedeployedwith considerationforphysicalinfrastructure,suchaspower,cooling,andphysicalsecurity,as wellasarchitecturalissues,suchasredundancyandfailover.Networkservicesare essentialtodeliveringcloudservices.Asthenumberofdatacentersandremotesites grows,thecostofpointtopointdedicatednetworksquicklybecomesprohibitive. Networkswillhavetobedesignedwithenoughredundancytoproviderobustnetworking butnotsomuchthatthecostsoutweighthebenefits.Applicationstacksmustalsobe deployedwithparticularattentiontocloudmanagementservices,managementpolicies, andmanagementreporting.
153
TheDefinitiveGuidetoCloudComputing
DanSullivan
MigratingComputeandStorageServicestoaPrivateCloud
Sofarinthischapterwehavediscussedaspectsofdeployinghardware,networkservices, andapplicationsinaprivatecloud.Wenowturnourattentiontoamoredetailedlookat thesequenceofeventsthatareneededtoestablishsuchdeployments.Thereareseveral stepsinthetransitiontoacloudinfrastructure: Prioritizingstepsbasedonbusinessdrivers Reallocatingservers Deployingcloudenablingapplications Testingandensuringqualitycontrol Deployingmanagementapplications Migratingenduserapplications
Thislistisroughlytheorderinwhichthestepsareexecutedduringthemigration.
PrioritizingBasedonBusinessDrivers
Beforewestartredeployingserversandmovingapplicationsofftheircurrenthostservers, weneedtoformulateaplan.Thatplanshouldbeshapedbythebusinessdriversthat motivatedthemovetoacloudarchitectureinthefirstplace.Thereareseveraltypesof businessdrivers,andtheyshouldallbeconsideredwhenformulatingtheplan. BusinessDriver#1:Cost Cloudscandeliverservicesmoreefficientlythancandedicatedserversinmanycases.(We describedthereasonsforthisindetailthroughoutthisbookandwillnotrepeatthem here.)Atypicalexampleofalowercostcloudbaseddeliveryiswhenasingleserveris dedicatedtoanapplicationthatusesonlyafractionofthecomputingresourcesofthe server.Multicoreprocessorsrunningonserverswithsignificantamountsofmemorycan supportcomputeintensiveoperations,butmanybusinessoperationsneverfullyutilizethe capabilitiesofservers. Serversdedicatedtofiletransfer,collaboration,andcontentmanagement,forexample, typicallymakelittledemandonserverresources.Utilizationcanimproveiftheserveruses virtualizationtorunmultipleguestOSswithdifferentservices,buteventhismaynotfully utilizetheserverscapabilities.Fourlightweightservicesrunningonahighendserverare betterthanoneservicebutcanstillleaveCPUcycleswasted. Inacloud,thisproblemismitigatedbyaddingvirtualmachinestoserversaslongasthere areresourcesavailabletosupportanotherinstance.InthecaseofaserverrunningfourOS instancesbutstillhasCPUcyclesavailable,anotherinstancecanbeaddedbythecloud managementsoftware.Ofcourse,onecouldaddanotherinstancetoavirtualizedserver withoutcloudmanagementsoftwarebutdoingsowouldrequireanITsupportperson, whichwoulddriveupthecost.
154
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure8.6:Manybusinessprocesses,suchasdatawarehouseETLoperations,can makeuseofmultipleserversforrelativelyshortperiodsoftime.
155
TheDefinitiveGuidetoCloudComputing
DanSullivan
ReallocatingServers
Reallocatingserversisnotassimpleasitmaysoundatfirst.Evenoncetheorderof redeploymentisdeterminedbasedonbusinessdrivers,weneedtoensurethatservices thatarecurrentlyprovidedbyserverscontinuetobeavailableasneeded.Forexample,we mightdeterminethatseveraldozenservershostingWebservers,smalldatabases, collaborationservers,andseveralotherdepartmentlevelserviceswillallbeassignedto thecloud.Todoso,weneedto: Migrateapplicationstootherservers,perhapsinthecloudifsomearealready availableortovirtualhostsonserversdedicatedtothemigrationprocess Backupdatafromthecurrentproductionserversandrestoretothetransitory serverhostingtheapplication Deletedataandapplicationsfromtheserverandinstallvirtualizationaplatform andanycloudspecificapplications Physicallyconnecttheservertothecloudnetworksegmentsandattachtheserver tonetworkstorage
Iftheapplicationsrunningontheserverspriortoreallocationwillberunninginthecloud, virtualmachineimagesmustbeaddedtotheservicecatalogtosupportthoseapplications.
DeployingCloudEnablingApplications
Afterserversarephysicallyallocatedtothecloudandconfiguredtousecloudnetworking servicesandcloudstorage,thenextstepistoconfiguresoftwarefortheservers.The serverswillrunvirtualmachinehypervisorsandintegratewithcloudlevelmanagement softwarefordeployingvirtualmachineimages.Dependingonthetypeofcloud managementsoftware,serversmightrundifferenthypervisors,suchasVMwareproducts, Xen,orKVM.
156
TheDefinitiveGuidetoCloudComputing
DanSullivan
TestingandQualityControl
Testingisanessentialpartofclouddeployment.Atthispoint,serversareallocated,cloud storageisinplace,andnecessarycontrollersaredeployed.Thegoalofthisstepistotest andexercisethecloudconfigurationbeforeopeningitforproductionwork.Thetestplan shouldincludeseveralstepsthatensure: Virtualmachinehypervisorsareinstalledandrunningcorrectlyonallservers Virtualmachineinstancescanbestartedandstoppedasexpected Cloudmanagementsoftwarecorrectlystartsspecifiedmachineimagesonthe correctnumberofservers Allserverscanreadandwritefromcloudstorage LDAPorotherdirectoryservicesareinplaceandfunctioncorrectlyonallservers Securitypoliciesareimplementedcorrectly;forexample,alldataonlocalstorageis deletedwhenavirtualmachineinstanceisshutdown
Aftertestingtheseindividualelementsofcloudfunctionality,wecanmoveonto performancetesting.ThistypeoftestingshouldbedrivenbytheSLAsweexpectto support.Whenitcomestoperformance,moreisalwaysbetter,atleastintheory;however, therearecostsassociatedwithmarginalimprovementsinperformance.During performancetesting,wewanttoverifythat: Virtualmachineinstancesstartandareavailableforuseinanacceptableamountof time Readandwriteoperationstocloudstorageareperformingasexpected Largenumbersofparalleloperations,suchasstartinginstancesorwritingto storage,areperformedinanacceptableamountsoftime NetworklatencyandbandwidtharesufficienttomeetSLAs
Duringtesting,wealsowanttoensurethatusageandaccountinginformationistracked correctly.
DeployingManagementApplications
Asnotedearlier,managementapplicationsareneededforbothcloudprovidersandcloud consumers.Thesemaybothbehostedoncloudcontrollerinfrastructure,suchasservers dedicatedtocollectingusagedataandgeneratingreportsanddataservices.Atthispoint, wealsoneedtoimplementpoliciesandproceduresforbasicoperations,suchasstartup andshutdownofvirtualmachineinstances,recordingusageinformationforaccounting purposes,monitoringserverandnetworkutilization,andensuringsupportingoperations, suchasreplicatingdatabetweendatacenters,isfunctioningasexpected.Whenthecloud infrastructureisinplaceandfunctioningproperly,thenextstepistomigrateenduser applicationstothecloud.
157
TheDefinitiveGuidetoCloudComputing
DanSullivan
MigratingEndUserApplications
Migratingenduserapplicationsisathreestepprocess: Buildingvirtualmachineimageswithnecessaryapplicationstacks Migratingdatatocloudstorage Migratingaccesscontrolprivilegesanddirectoryinformationtothecloud.
BuildingVirtualMachineImages Buildingvirtualmachineimagesisastraightforwardtask,butwemustbecarefulto analyzeapplicationdependenciestoensureallnecessarysupportingsoftwareisinplace. Also,differentconfigurationsofanapplicationmayrequiredifferentversionsofsupporting libraries,sowemayneedtosupportseveralversionsofsimilarimages.Applicationsmay havedifferentconfigurationsdependingonhowtheapplicationisused,andthiscouldalso warranthavingmultipleversions.Forexample,aJavaapplicationservermaybeconfigured differentlyifweexpectheavy,moderate,orlightuse.Ratherthanexpecttheusertoadjust configurationseachtimeavirtualmachineinstanceiscreated,wecouldstoredifferent versionssothattheusercanchoosetheappropriateoneasneeded. MigratingDatatoCloudStorage Migratingdatatothecloudisanotherprocessthatsoundssimplebuthassomepotential challenges.Therearedifferentwaysofstoringdatainthecloud.Oneoptionistouseblock storageinwhichdataiswrittentologicalblocksoncloudstorage;anotheroptionistouse arelationaldatabasemanagementsystem(RDBMS)tomanagedatainthecloud.The secondoptionhassimilarfunctionalitytoRDBMSsthatrunondedicatedserversbut withouthavingtomanagesomeofthelowerlevelstorageissues,suchastablespacefile placement.Somechangesmayberequiredinapplicationstomakeuseofcloudblock storage,soweshouldreviewanapplicationstorageschemebeforemigratingittothe cloud. MigratingAccessPrivilegestotheCloud ApplicationsthatrunondedicatedserversoftenmakeuseofLDAPdirectoriesorActive Directory(AD)tostoreandserveinformationaboutusers,resources,andprivileges.This informationhastobemigratedtothecloudinfrastructureandadjustedasneededinthe cloud. Adjustmentsrangefrommappingaccesscontrolstospecificserversanddirectories(for example,userAJoneshasreadandwriteprivilegeto\\server1\directoryA)tothe comparablelocationinthecloudstorage.Additionaldatamayalsoberequired,suchas limitsonthenumberofvirtualinstancesausermaystartatanyonetime,themaximum timethoseserverscanrun,accountinginformationforchargebacks,andsoon.
158
TheDefinitiveGuidetoCloudComputing
DanSullivan
PostImplementationChecklist
Deploying Hardwarefor PrivateCloud Deploying NetworkServices forPrivateCloud TopicArea Notes
Networkcapacity
Costdrivers
Computedrivers
159
DanSullivan
Backupdata Initializeserversforcloud
InstalllowlevelsoftwareforOSand virtualmachinefunctions Enableservermonitoringservices Doestheserverfunctionasexpected withregardtostartingandstopping virtualmachineinstances?Writingtoand readingfromcloudstorage?Usenetwork services? Doserversfunctionasexpectedunder significantloads?Testforbothcompute andI/Oloads Buildservicecatalogwithimagesas neededtomeetthefullrangeof applicationrequirements Copyapplicationdatatocloudandverify applicationsfunctionproperlywith regardtocloudstorage UpdateLDAPorotherservicesinthe cloudthatstoreauthenticationand authorizationdata
Serverbasedfunctionaltesting
MigratingEnd UserApplications
Performancetesting
Buildingvirtualmachineimages
160
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagingCloudServices
Afterthetransitionperiodwheninfrastructureismigratedtoacloudconfiguration,our attentionshiftstomoreoperationalandmaintenanceorientedconsiderations: Servicemanagementintegrationwiththecloud Usagetrackingandaccountingservices Capacityplanning
IntegratingServiceManagementwiththeCloud
ServicemanagementisasetofpracticesthatorientIToperationsaroundcustomersneeds andbusinessprocessesratherthanaroundtechnology.Throughoutthisbook,wehavehad adecidedlytechnologycentricfocus,butthatshouldnotbeconstruedasmeaningcloud computingcannotbecustomerfocused.Actually,bystreamliningthedeliveryofcomputing andstorageservices,cloudcomputingactuallyimprovescustomerserviceandsupports theobjectivesofservicemanagement. Therearedifferentwaysofimplementingservicemanagement.Oneofthemostformaland wellknownapproachesistheITInfrastructureLibrary(ITIL),whichadvocatesabroad andfairlystructuredapproachtoservicemanagement.Therearemanyelementsinthe ITILframeworkandservicemanagementingeneral,butwewillonlyconsider: Servicecatalogmanagement Servicelevelmanagement Availabilitymanagement Servicevalidationandreleasemanagement
161
TheDefinitiveGuidetoCloudComputing
DanSullivan
ServiceCatalogManagement ServicecatalogsaresetsofbusinessandsupportservicesavailablefromITdepartments. Beforewegoanyfurther,itshouldbenotedthatthetermservicecataloghastwosimilar meanings,anditisimportanttodistinguishthemhere.Aservicecatalogintheservice managementsenseisanabstractdescriptionofthesetofservicesavailablefrom informationtechnologyproviders.Wealsousethetermservicecatalogtodescribea repositoryofvirtualmachineimagesthatareavailableforuseinthecloud.Inthissection, wewillalwaysrefertothelatterastheservicecatalogrepositorytoavoidconfusion. Businessservicesaremadeavailablethroughthecloudwhentheyareaddedtotheclouds servicecatalogrepository.Wehavediscussedtheservicecatalogrepositoryfroma technologyperspectivewithtopicssuchasensuringsoftwaredependenciesare accommodatedinimages,imagesaremaintainedaspartofpatchandvulnerability management,andsoon.Intermsofservicemanagement,weshouldthinkofvirtual machineimagesasvehiclesfordeliveringservice.Thisperspectiverequiresustothink moreintermsofthefollowing: Aretheservicesthatcloudconsumersexpectavailableinthecatalog? Ismetadataassociatedwithvirtualmachineimagessufficientforuserstofindthe servicestheyneedandtodistinguishamongsimilarimages? Aresoftwarelicenserestrictionsproperlyaccountedforinthewayvirtualmachine imagesaremadeavailable?
Otherbusinessservicesarenotnecessarilytiedtovirtualmachineimagesruninthecloud. Supportservices,suchasticketingsystemsforincidentandproblemmanagement,arepart oftheservicecataloginthemanagementsenseoftheterm. ServiceLevelManagement Servicelevelmanagementisthepracticeofmanagingcommitmentstocloudusers.These commitmentsareusuallydocumentedinSLAs.RequirementsaredefinedinSLAs,and QualityofService(QoS)metricsareusuallyassociatedwiththeserequirements.Inthe cloud,SLAsmayincluderequirementsaround: Numberandtypeofvirtualmachineinstancesthatwillbeavailableatregulartimes andforsomelengthoftime Thedurationfromrequestingasetofvirtualserverstothetimetheyareavailable Percentageoftimeotherrequirements,suchasguaranteednumberofservers,will bemet Availabilityofsoftwarepackagesintheservicecatalogrepository
ThedetailsofSLAmetricswillbeslightlydifferentwithacloud,buttheframeworkis essentiallythesametothatwhichweuseinnoncloudenvironments.
162
TheDefinitiveGuidetoCloudComputing
DanSullivan
AvailabilityManagement Availabilitymanagementistheprocessofensuringcomputeandstorageresourcesare availableasneededtomeetSLAs.Oneoftheadvantagesofcloudcomputingisthatiteases availabilitymanagement. Inanenvironmentwithserversdedicatedtoparticulartasks,weoftenusereplicationto keepstandbyserversreadytotakeoverincaseofafailure.Inacloud,serversdonothave identitiesandthesoftwaretheyrunisafunctionofthevirtualmachineimageloadedonto thembyanenduser.Failureofasingleserveroreven10serversinacloudcanbe managedbyinstantiatingtheimagesthatwererunningonthefailedserversonothercloud servers.Assumingdataonthefailedserversispersistedincloudstorage,thenewinstances oftheapplicationswillhaveaccesstodata. ServiceValidationandReleaseManagement Servicevalidationandreleasemanagementareproceduresfortestinganddeployingnew servicestothecloud.Aswithavailabilitymanagement,thistaskiseasierinthecloudthan inadedicatedserviceenvironment.Designing,testing,andvalidatingapplicationsinthe cloudissimilartodesigning,testing,andvalidatinginadedicatedserverenvironment.The advantagesstemfromthefactthatanewreleasecanbedeployedasanothervirtual machineimageintheservicecatalogrepository.Ifthereisaproblemwiththenewrelease, theoldversioniseasilyrunwithoutthechallengesofreinstallingsoftwareonadedicated server. ServicemanagementisabusinesspracticeusedtocontrolthedeliveryofITservices.Cloud computingdoesnoteliminatetheneedforthiskindofmanagementbutdoesrequire adaptationsand,insomecases,makesiteasiertoexecutethesemanagementoperations.
UsageTrackingandAccountingServices
Thereisanoldsayingthatifyoucannotmeasureit,youcannotmanageit.Thisisespecially trueinthecloud.Withlargenumbersofusersrunningawidearrayofapplicationsacrossa largenumberofservers,onewillneedanefficientmethodfortrackinguse.Theideal trackingsystemwill: Functionseamlesslyaspartoftheinstantiationprocesswhenvirtualmachinesare startedorwhenstorageisallocated Collectandmaintainfinegraineddetailaboutuse;forexample,attheuserand imagelevel Allowprojectordepartmentlevelcharging Feeddatadirectlyintofinancialreportingsystems
163
TheDefinitiveGuidetoCloudComputing
DanSullivan
CapacityPlanning
CapacityplanningisyetanotherservicemanagementprocessthatisfamiliartomanyIT professionals.Theprinciplesarethesamewithcloudarchitectures,butonceagain,this processisjustabitlesschallenginginacloudenvironment.Forecastinggrowthwith dedicatedserversoftenrequiresplanningforpeakcapacityinmultipleapplications, departments,andbusinessunits.Inthecloud,wecanmanagetoaggregatetrends.Wecan askquestionssuchashowmanyphysicalserverswillbeneededtosupportallSLAs ratherthanaskinghowmanyserverswillbeneededtosupportDepartmentA,ServiceB, andsoon. WemanagecloudservicesmuchaswemanageanyserviceprovidedbyIT.Service managementpractices,usagetrackingandaccounting,andcapacityplanningareallwell establishedpractices.Theywillcontinuetobeneededwhenmanagingacloudbut, fortunately,withlittlebitlessdifficulty.
ExtendingaPrivateCloudwithPublicServices
Asflexibleasaprivatecloudis,therearelimits.Atsomepoint,thecostsofaddingmore serversorstoragetoaprivatecloudwilloutweighthebenefits.Publiccloudproviderscan realizeeconomiesofscalethatarenotavailabletomostprivatecloudproviders.Ofcourse, privatecloudscontinuetohavetheirbenefits,suchastheabilitytocontrolthe infrastructureonwhichprivateandconfidentialdataresides.Businessesmayfindthatthe optimalsolutionistocombineprivateandpubliccloudstorealizethebenefitsofboth. Incaseswhereadditionalcomputeandstorageresourceareprovidedbypubliccloud providers,itisimperativethatsecuritycontrolsareinplacetoprotectinformationthat leavestheorganization.Forexample,youmightneedtoencryptdataasitistransmittedto publiccloudservers,andstoreitinanencryptedformoncloudstorage.Also,youmight needtosetapolicythatnodataiswrittentolocalstorageofavirtualmachinerunningin theprivatecloudtopreventanypossibilityofalateruserofthatdevicehavingtheability torestoredatathatpreviouslyresidedonthedisk. Policiesshouldbeinplacethatdefinetheacceptableusecasesofpubliccloudservices, includingthetypesofdatathatcanbesenttoprivatecloudserversandthetypesof applicationsthatcanberunintheprivatecloud.Aproprietaryprocessoranalysis procedurethatinstantiatessignificantintellectualproperty,forexample,isagood candidateforkeepingoutofpubliccloudservices.Hybridcloudsthatcombinethebenefits ofprivateandpubliccloudscanimprovetheefficiency,costeffectiveness,andcapabilities ofaprivatecloud,buthybridcloudsmustbeusedinawaythatdoesnotviolatepoliciesor theinterestsofthebusiness.
164
TheDefinitiveGuidetoCloudComputing
DanSullivan
Summary
Establishingaprivatecloudisamultistepprocess.Hardwaremustbeprocuredorre assigned,networkservicesprovisioned,andsoftwareconfiguredforuseinthecloud. Transitioningservicestothecloudrequiresthatwecarefullyplanothersteps,including prioritizingbasedonbusinessdrivers,deployingapplications,implementingquality controls,anddeployingmanagementapplications.ManyexistingITprocesses,suchas servicemanagementandcapacityplanning,canbereadilyadaptedtothecloud.Finally,it maybebeneficialtoconsidertheuseofahybridcloudtotakeadvantageoftheeconomies ofscaleofpubliccloudswhilemaintainingthecontroladvantagesofaprivatecloud.
165
TheDefinitiveGuidetoCloudComputing
DanSullivan
Governanceistheguidingframeworkthatdefineshowwegoaboutimplementingservice deliveryinthecloud.Itcanbethoughtofasasetofconstraintsonpossiblesolutionstoa problem.Principlesofgovernancearenottechnicalprinciples,perse,buttheydohave implicationsonthetechnicalsolutionsweimplement.Forexample,apolicymaydictate thatespeciallysensitiveprivateandconfidentialinformationmayonlybestoredondevices underthecompletecontrolofthecompany.Thislimitstheuseofpubliccloudsasan extensionofaprivatecloud.Thegoverningpolicyneednotexplicitlymentionrestrictions onpubliccloudsbutthatisthepracticalimplication.Otheraspectsofgovernanceinfluence andconstrainhowwedeliverotherservices,whattypesofservicesmaybedelivered,and towhomwemaydeliverthem. CapacityplanningisoftenachallengingtaskinITmanagement.Throughoutthisbook,we havediscussedhowcloudcomputingmakescapacityplanningeasier,anditdoesforthe cloudconsumer.Thecloudservicesprovider,however,stillfacesthetypicalchallengesof forecastingdemandforservices,balancingpeakloaddemandwithaverageloaddemand, andformulatingacceptableservicelevelagreements(SLAs)withcustomers. InadditiontohavingenoughcapacitytomeetthedemandsofSLAs,wehavetoensurethat infrastructureisreliableenoughtobeavailableasrequiredbySLAs.Fortunately,cloud architecturesareinherentlydistributedandthereforeenablerelativelystraightforward failoverapproaches.Nonetheless,westillhavetobecarefultoavoidsinglepointsoffailure andensurethatsupportingservices,suchasmakingredundantcopiesofdata,happenfast enoughandfrequentlyenoughtoensuresufficientrecoveryintheeventofadatalossin onepartofthestoragesystem.
166
TheDefinitiveGuidetoCloudComputing
DanSullivan
Thefundamentalsecurityrequirementsarenodifferentinthecloudthaninothermodels, butthewayweimplementsecuritycontrolscanvary,sometimesforthebetter.For example,ifanoperatingsystem(OS)vendorreleasesasecuritypatchandabusiness determinesthatthepatchmustbeappliedtoeveryserver,thatpatchwillhavetobe pushedtoeachserver.Evenwithanassetmanagementapplicationthatautomatically distributesandinstallssoftwarepatches,thereislikelytobesomemanualintervention required.Systemsadministratorswillhavetoreviewpatchreportstoverifypatcheswere appliedcorrectly,determinewherepatcheshavefailed,andapplycorrectiveactiontoeach instanceofthefailure. Inacloudcomputingenvironment,imagesintheservicecatalogcanberegeneratedwith thepatchanddeployedtotheservicecatalog.Theolder,vulnerableversionoftheimage couldberemovedfromthecatalogsothatitisnolongerinstantiatedwithinthecloud. Theremaybeinstancesofthevulnerableimagerunninginthecloudinwhichcasecloud administratorswouldhavetocoordinatewiththesystemsadministratorsresponsiblefor thoseinstancestoshutdownthoseinstancesandrestartwiththepatchedversions.Thisis similartothekindofcoordinationthattypicallyoccurswhenserversarededicatedto particulardepartmentsorapplications.
167
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure9.1:Theneedtoapplysecuritypatchesisthesamewithorwithoutacloud; however,theexecutioncanbelessproblematicwhenworkingwithaservicecatalog ratherthanindividualserverswherethepatchmayfailfordifferentreasons. Thelongtermmaintenanceofacloudcomputingenvironmentrequiresattentionto governance,capacityplanning,andsecurity.Inthischapter,wewillconsidereachinturn andoutlinekeyconsiderationsineacharea.Notsurprisingly,thesametypesofissueswe seeingovernance,capacityplanning,andsecurityinotherarchitecturesoccurwithinthe cloud.Thispresentsasignificantadvantageforcloudcomputingadministrators:Wecan adaptthebestpracticesthathaveevolvedoverthepastdecadesofITmanagementtocloud computing.
GovernanceIssuesintheCloudComputing
Governanceisaboutestablishingaframeworkfordirecting,monitoring,andreportingon theimplementationactivitiesofanorganization.Businesseshaveboardsofdirectorsfor governingthecompanyatlarge.Cloudcomputinggovernanceisasubsetofcorporate governance.Thedirectionsandprinciplesestablishedatthecorporateleveldefinethe environmentinwhichcloudcomputinggovernanceoccurs.
168
TheDefinitiveGuidetoCloudComputing
DanSullivan
169
TheDefinitiveGuidetoCloudComputing
DanSullivan
ProtectingtheIntegrityofBusinessServices
Theintegrityofbusinessservicesentailstwoparts: Ensuringindividualtransactionsandoperationsinthecloudfunctionasexpected withoutcompromisingtheconfidentialityofthosetransactionsandoperations EnsuringcloudservicesareavailableasexpectedandasagreedtoinSLAs
Itistheresponsibilityofthegoverningbodytospecifypoliciesthatanswertheseand similarquestionsthatwillarise.(Again,governanceaddresseswhatshouldbedonenot howtodoit.Implementationdetailsaredelegatedtoothers,sowewillnotdelveintothe technicaldetailsofhowtomeettheserequirementsrightnow.) Policiesonconfidentiallyshouldspecifyacombinationofprotectionsthatshouldbein placeaswellasadescriptionofthelimitstothoseprotections.Forexample,policymay dictatethatcloudadministratorsmakeavailableencryptedcommunicationsbetweenclient devicesandthecloudresources.Cloudconsumerscanmakeuseofencrypted communicationsiftheywant,buttheymaynotberequiredto.Atthesametime,policymay requirecloudadministratorstoavoiddeployingsoftwarewithknownvulnerabilitiesthat couldcompromisethesecurityofthecloud.Thismayleadcloudadministratorstonotoffer basicftpservicesandinsteadrequireasecureformofftp.Thismayseemcontradictorybut itisnot. Inonepartofapolicy,westatethatcloudconsumers,notadministrators,candecideonthe levelofsecuritytheydesireforcommunications.Inanotherpart,thepolicystatesthat vulnerablesoftwareshouldnotbedeployed,andthislimitscloudconsumerchoices.Itis notunusualforcomplexpoliciestoleadtoseeminglycontradictoryindications.Inthese situations,onepartofthepolicyhastotakeprecedenceovertheother.Inthisexample, protectingthecloudresourcesanditsusersisworthconstrainingtheoptionsofusers.
170
TheDefinitiveGuidetoCloudComputing
DanSullivan
GovernanceandBalancingActs Thiskindofbalancingactiscommonlyseeninlaw.Thefreedomofspeechis awellknownrighttomanybutthatdoesnotpermitustoyellFire!ina crowdedtheaterwhenthereisnofire. Itisconceivablethatgoverningregulationswillimposeconstraintsonwhatbusinessunits mightwanttodo.OnedepartmentmightwanttonegotiateanSLAthatallowsthemto rapidlyuploadlargevolumesofdatafromexternalresources.Internalregulations, however,requirethatanyfilesuploadedfromexternalresourcesbescannedformalware. Thescanningwillcausetheloadingprocesstoexceedthetimewindowthecustomer wants.Thegoverningprinciplesexistforareasonandinspiteofhowitmightlimitwhat businessunitsconceive,theyareinplacetoprotectthecloudinfrastructure,datawithin thecloud,andthebusinessoperationsthatdependonit.
171
TheDefinitiveGuidetoCloudComputing
DanSullivan
AvailabilityandSLAs
AnothertopicforgovernanceisavailabilityandtheroleofSLAs.Agovernanceframework doesnotdictatespecificrulesaboutavailability,butitdoessetguidelines.Forexample,the governingbodymayspecifythatSLAswillcontainspecificationsfor: Thenumberandtypesofserversthatwillbeavailabletothecloudconsumerona regularbasis Thepercentageoftimethattheagreeduponnumberandtypesofserverswillbe available CompensationforviolationsofSLAs
ControllingAccesstoCloudServices
Oneofthemostfundamentalconsiderationsinthegovernanceofcloudresourcesis determiningwhohasaccesstothoseresources.Ifacompanyinvestsinaprivatecloud,will thecompanymakethecloudavailableto Anyemployeeorcontractorwithaninterestinusingtheresource Membersofresearchanddevelopment,engineering,orotherproductdevelopment effortsthatrequiresignificantcomputationalresources Employeesinanydepartmentwiththefundstocoverthecostsoftheresources
Onceitisdeterminedwhowillhaveaccesstothecloud,securitycontrols,suchasidentity management,authentication,andauthorizationsystems,canbeusedtoenforcethose policies. Withinthegroupofuserseligibletousecloudresources,theremaybeafurtherdivisionby priority.Somedepartments,suchasfinance,maybegiventoppriorityunderthe assumptionthattheirneedsareimmediateandcritical.Researchanddevelopmentand engineeringgroupsmaybeinasecondtierofusersbecausetheirworkisessentialtothe longtermviabilityofthecompanyandtheyhavedemonstratedtheneedforlargeamounts ofCPUtime.Athirdtiermaybeeveryoneelseinthecompanywhowillhaveaccessto resourcesnotconsumedbytheothertwogroups.
172
TheDefinitiveGuidetoCloudComputing
DanSullivan
PricingCloudServices
Therearetwobroadapproachestodeterminingthecostsforcloudservices:costallocation andcompetitivepricing.Inpractice,theactualpricescloudconsumerspaybemeamixof bothapproaches,butwewilldiscussthemseparatelyandthenseehowtheycanbe merged. CostAllocation Costallocationisapricingmodelthatisdrivenbythecostsincurredbytheproviderofthe service.Atitsmostbasiclevel,thecostofaserviceisequaltothecostofpurchasingand maintainingequipmentandprovidinglabortosupporttheservicedividedbytheunitsof theserviceprovided.Anexamplecanhelpclarifysomeofthedetails. Letsassumeabasicservercanrunfourvirtualservers.Theserverruns24hoursaday,7 daysweekfor3yearsforatotalof26,280hours.Letsalsoassumetheserverwas purchasedfor$5000,requires$1000inlabortomaintainoverthecourseof3years,and incurs$300inpower,cooling,rackspace,andothermiscellaneouschargesforatotalof $6300incostsover3years.(Forsimplicity,wellassumethatthisserveronlyrunsopen sourcesoftwaresothattherearenosoftwarelicensingcosts).Thehourlycostofproviding thisserveris26,280hoursdividedby$6300or$0.24perhour. Inpractice,thissimplecostallocationmodelwillneedsomemodification.Forexample,the assumptionthatasingleserverwillrun247for3yearsstraightisunrealistic.Also,clouds aredesignedtoaccommodatevaryingpeakdemandperiods,sotherewillbetimewhen someserversarenotutilizedandthereforenotchargedtoanycustomer.Finally,serversin thecloudmayhavebeenacquiredatdifferenttimesfordifferentprices.Tryingtoassign eachserveritsownindividualtotalcostofownership(TCO)wouldgeneratemore accountingworkthanitisworth.Abetterapproachistouseanaveragecostandan averageutilizationrateforeachserver. Inthecostallocationmodel,wehavetomakesomeassumptionsaboututilizationratesand availabilityofservers.Whenwesetprices,wehavetohopewehavemadegoodestimates. Ifweareoverlyoptimisticaboututilizationandavailability,wemayfindthatinfactwedo notrecoveralltheexpenseswehadplannedforandareleftwitharevenueorcost recoveryshortfall. Thiskindofcostallocationmodelisfoundingovernmentinstitutionswherepricingis drivenbytheneedtorecovercostsratherthantoearnaprofit.Thesamemodelmaywork wellwithinabusinesswhereITunitsaretreatedascostrecoverycentersandnotprofit earningcenters.
173
TheDefinitiveGuidetoCloudComputing
DanSullivan
CompetitivePricing Anotherapproachtopricing,whichiscommoninbusiness,iscompetitivepricingor pricingaccordingtowhatthemarketwillbear.Presumablypubliccloudsuseacompetitive pricingmodelwheretheirpriceforaunitofserviceincludesthecostswedescribedearlier plusanadditionalamountforprofit.Thiscertainlymakessenseforapubliccloud,butdoes thispricingmodelhaveaplacewithprivatecloudsusedonlybyinternalcustomers?Yes,in somecases. Bychargingmorethantheactualcosts,acloudprovidercangenerateareserveofearnings thatarenotallocatedtocoverthecostsofprovidingthecloudservices.(Thisissimilarto profitsorretainedearnings,butthosehavespecificaccountingdefinitions,sowewilltryto avoidusingthoseterms.)Thisreservecanbeusedinseveralways: Asaresourceforfundingfutureexpansionofcloudinfrastructure Tomitigatetheriskofunanticipatedproblems,suchcoveringthecostsassociated withreplacingfaileddevicesthatmayormaynotbeunderwarranty Tofundexperimentalcloudservicesthatareprovidedforfreeinreturnfor feedbackontheservices
Thecostrecoverymodeldoesnotprovideamechanismforthiskindofretainedreserves funding.Onecouldimagineincorporatingthecostoffutureexpansion,riskmanagement, andservicedevelopmentintothecostofprovidingservices,butthatisabitcountertothe intentionofthecostrecoveryapproach. Neithercostrecoverynorcompetitivepricingisinherentlybetterorworsethantheother. Itisuptothegoverningbodytodeterminewhichapproachbetterservesthelongterm goalsoftheenterprise. Cloudcomputinggovernanceisasubsetofcorporategovernance.Regulationsputinplace attheenterpriselevelconstrainwhatcanbedonewithcloudservices.Suchhighlevel constraintsareinsufficientguidanceforprovidingagoverningframeworkforaprivate cloud.Furtherregulationsaroundprotectingtheintegrityofservices,limitingaccessto cloudservices,andallocatingthecostsofthecloudareallrequired.Anotherfacetoflong termmaintenanceiscapacityplanning.
PlanningforGrowth
Oneofthekeybenefitsofusingcloudcomputingisthatusersofthecloudcanrapidlyscale theirresourceuseupanddown.Asworkloadsincrease,thenumberofserversdedicatedto thetaskcanincrease.Asdatavolumesgrow,socanthestorageutilized.Usersnolonger needtoworryaboutmaintainingpeakcapacityinfrastructureitisavailableinthecloud whenitisneeded.Cloudcomputingdoesnoteliminatetheneedforcapacityplanning;it centralizestheburdenonthecloudprovider.
174
TheDefinitiveGuidetoCloudComputing
DanSullivan
KeyResourcesinCloudComputing
Thekeyresourcesincloudcomputingarethosethatlimittheabilitytodeliverservices: Physicalservers Storage Networkbandwidth
175
TheDefinitiveGuidetoCloudComputing
DanSullivan
Eachisalimitingfactorbecauseinspiteofadequatecapacityintwoofthese,ashortagein theotherwillinhibittheabilitytodeliverservices.Ifthereareampleserversandsufficient networkcapacitybutwerunoutofstorage,storagedependentworkflowswillbeblocked. Similarly,ifnetworkbandwidthissaturated,theabilitytomovedataintoandoutofthe cloudisconstrained. Howarewetoaccuratelypredictthefutureneedsofcloudusers?Especiallywhentheir workloadsandpeakdemandscanvarysomuch?TheanswerisSLAs.Thesecontracts betweencloudprovidersandcloudconsumersspecifywhatlevelsofresourcesare expectedbycloudconsumersandwhatthecloudprovidercommitsto.Cloudconsumers areresponsibleforestimatingtheircurrentandfuturerequirementsintermsof computing,storage,andnetworkdemands.Cloudprovidersareresponsibleforensuring thatthecloudcanmeettheaggregatedemandforresourcesspecifiedinSLAs. Anotherfactorthatiseasytooverlookisthephysicalenvironmentinwhichthecloud infrastructureresides.Servers,storagedevices,andnetworkequipmentrequirespace, power,andcooling.Therearelimitstohowmanyrackscanfitinadatacenter,howmuch powercanbereliablyandconsistentlydelivered,andhowmuchheatgeneratedby equipmentcanbeadequatelycooledorvented.SLAsprobablywillnotexplicitlystate requirementsrelatedtoenvironment;insteadtheyhavetobederivedfromthedetails aboutservers,storage,andnetworkservices.Withthesekeycomponentsanddetailsof SLAs,wecanbegintoformulatebaselineandfuturegrowthprojections.
BaselineandInitialGrowthProjections
SLAsandhistoricaldataprovideastartingpointforestablishingbaselinesfortheamount ofresourcesrequiredtomeetservicedeliveryneeds.Oneoftheadvantagesofstartingwith SLAsandhistoricaldataisthatitisreasonablyreliableandaccuratedata.Assuming historicaldataiscollectedproperly,wehaveadetailedrecordofwhathappenedinthe past.SLAsprovideguidanceonwhatwilloccurinthenearfuture,andpossiblylongerif customersuselongtermcontractstolockinfavorablepricing. BaselineMeasures Wecanthinkofabaselinemeasureastheaverageloadonthecloudforcomputing,storage, andnetworkservicesatsomepointintime.Thepurposeoftakingabaselineisto understandwhatlevelofservicecanbedeliveredbyaparticularamountofcloud infrastructure.Abaselinemeasureofcloudservicedeliverymightinclude: Numberofserverswithallserversnormalizedtoastandard,suchasasinglequad coreprocessorwith16GBRAM Totalamountofstorageavailable Networkthroughput Averageserverutilization Numberofvirtualmachineinstancesavailableintheservicecatalog PercentageoftimeSLAsaremet
176
TheDefinitiveGuidetoCloudComputing
DanSullivan
Thefirstthreemetricscapturethebasiccapacityofthecloud.Theymeasure,insomeways, theoverallthroughputofthecloudinfrastructure.Thesemetricsarenotpreciseenoughfor allperformancerelatedtasks.Forexample,thesemetricsarenotadequateforcomparing theperformanceofdifferentimplementationsofthesamealgorithm.Forthat,the implementationsshouldberunonthesamehardwareunderthesamenetworkload runningthesameOSandapplicationstack.Thepurposeofcollectingthesemeasuresisto beabletocomparecloudinfrastructurecapacitiesinordertoestimatewhatisrequiredto meetasetofSLAs. Averageutilizationisimportantbecauseitinfluencesthetotalthroughputofthecloud.If utilizationislow,therewillbeexcesscapacitythatisnotutilized.Onewaytoimprovethe throughputofacloudistoincreaseutilization.Forexample,todoublethethroughputofa cloudwith40%utilization,wedoublethenumberofserversandotherinfrastructurewhile maintaininga40%utilizationrate,orwecouldmaintainthesamelevelofinfrastructure andincreasetheutilizationto80%. GrowthProjections Afterestablishingbaselinemeasures,wecanplanforgrowthprojections.Therearetwo typesofgrowthweneedtoaccountfor:growthincapacityandgrowthinusageor throughput.Itisworthnotingthatincreasingutilizationandthroughputcanhappenina fairlyincrementalmannerwhiletheadditionofinfrastructuretendstohappeninamore stepwisemanner,asFigure9.5shows.
177
TheDefinitiveGuidetoCloudComputing
DanSullivan
GrowthinUtilization
Utilizationgrowsataratedeterminedbyanumberoffactors,suchasanincreaseinthe Volumeofworkperformedbyexistingcloudconsumersexecutingexisting workflows Numberofdistinctworkflowsexecutedbyexistingcloudconsumers Numberofcloudconsumers
Foreachofthesetypesofincrease,therecanbecorrespondingdecreases.Forexample,a departmentmayreengineeritsprocessesandstopusinganapplicationthathadruninthe cloud. Someofthesegrowthfactorsarelikelytoleadtoincrementalgrowth.Asalineofbusiness expandsintonewmarketsorlaunchesnewproductlines,therecanbeaprogressive growthinthevolumeoftransactionsthatneedtobeprocessed.Insomecases,theremay besharpandsuddenrisesinthenumberoftransactions(thinkoftheAppleiPadlaunch). Suddenanddramaticgrowthindemandcanarisefromchangesintheorganization.A mergeroracquisitioncanaddalargepoolofpotentialcloudservicecustomerstoa companyanddrivedemandforservicessharplyhigher.Similarly,divestinginalineof businesscancausesuddendropsindemandandthereforeoverallutilization.
GrowthinCapacity
Althoughdemandforcloudservicescanchangeinfairlyincrementalways,capacity changestendtobemorebulk,stepwisechanges.Thisrealityisdrivenbyeconomics. Conceivably,acompanycouldfollowasteadyincrementalgrowthplan.Forexample,a companycouldadd100highendserverstothecloudeveryweekfortheforeseeable future.IfthecompanyisarapidlygrowingWebinfrastructureprovider,thismightmake sense.Inmanycases,astepwisegrowthincapacitymakesmoresense. Consideratypicalbudgetcycle.AnITmanagercreatesaninfrastructurebudgetbasedon projecteddemand.TheCFOtakesintoaccountrevenuegrowth,cashflowprojections, borrowingcosts,andotherfactorsanddeterminesthat25%ofthebudgetwillbeavailable inthefirstquarter,50%inthethirdquarter,andifrevenueprojectionsareontarget, another25%inthefourthquarter.TheITmanagerwilllikelypurchasetheequipmentin threeperiodsasthefundsbecomeavailable.Thehardwarewillbebroughtonlineassoon aspossible.Thefundsarenotavailableanysooner,sothereisnowaytoacceleratethe purchases.Itmakesnosensetoleaveequipmentintheshippingcontainers,unlessdemand islow,inwhichcasethepurchaseswereunnecessary. Anotherfactorthatleadstothestepwisegrowthincapacityistheeconomicsofhardware installation.Ifonegoestothetroubletoinstallasinglerackinadatacenter,themarginal costofinstallingasecond,third,fourth,andsoonissolowthatitoftenmakessenseto performtheseoperationsinbulk.Asthepracticeofcloudcomputinghasmatured,another optionhasbecomeavailableforprovidersofprivateclouds:expandingbyusingpublic cloudcomputeandstorageresources. 178
TheDefinitiveGuidetoCloudComputing
DanSullivan
ElasticScalingandHybridClouds:TheBenefits
Combiningresourceswithapubliccloudallowsprivatecloudstorapidlyexpandcapacity withoutthecapitalinvestmentofexpandingaprivatecloud.Also,resourcesinapublic cloudcanbecommissionedanddecommissionedfasterthanaddingorremoving comparablephysicalresourcesinaprivatecloud. Thecostofaprivatecloudmaybelessthanthatofapubliccloud.Thisisnotcriticismof privateclouds.Thetwoaredesignedfordifferentpurposesandservedifferentneeds. Privatecloudsaredesignedaccordingtotheparticularneedsofasinglebusinessand governedbypoliciesneededtoprotectthatbusiness.Publiccloudsaregenericcomputing andstorageresourceswithpoliciesdesignedtoaccommodateawiderangeofusers.Public cloudsmaybeabletoofferlowerpricesbecausetheybenefitfromeconomiesofscalethat arenotavailabletoprivatecloudproviders.Also,publiccloudsmayhavelessinthewayof security,auditing,andcontrolovertheservicecatalogthanaprivateclouddoes.Asisoften thecaseinIT,choosingbetweenthetwoisamatterofchoosingasolutionthatbestfitsa particularsetofrequirements. 179
TheDefinitiveGuidetoCloudComputing
DanSullivan
ElasticScalingandHybridClouds:TheDisadvantages
Theprimarydisadvantageofahybridcloudisthatsomedataismovedoutsidethe corporatefirewall.Publiccloudproviderscanmakesignificanteffortstoprotecttheir customersdata(theycertainlyhavenoincentivetoriskadatabreachofoneoftheir customers)butthatmaynotbeenoughforsecurityconsciousexecutivesandmanagers. Movinglargevolumesofdatacanalsobeahindrance.Inacloudcomputingversionofthe oldsneakernet(thatis,runningdatabackandforthbetweendatacentersonportable disks),publiccloudprovidersoffercustomerstheoptionofshippingdiskstoadatacenter forbulkloadingratherthancopyingdataovertheInternet. Hybridcloudsareaviableoptioninmanycaseswhenexpandingaprivatecloudisnota practicaloption.Whenthepubliccloudcanbeusedtorunapplicationsthatdonot instantiateprotectedintellectualproperty,thevolumesofdatatotransferarelow,andthe securityrequirementsareminimal,thenpubliccloudservicesmakesense.Publicclouds cansupplementprivatecloudcapacityforconventionalworkloads;publiccloudscanalso contributetomitigatingtheriskofhardwarefailures.
MitigatingRisksThroughArchitecture
Capacityplanningshouldtakeintoaccounttheneedforexcesscapacityincaseoffailures insomepartsofcriticalinfrastructure.Whenasmallnumberofserversfail,thejobs runningonthoseserverscanberestartedonotherservers.Thissituationcanoftenbe accommodatedbytheexcesscapacitythatcanexistbecauseofthedifferenceinthe capacitydeployedandthecapacityrequiredtomeetutilizationrequirements(seeFigure 9.5). Catastrophicfailuresrequireadvanceplanning.Forexample,ifanentiredatacenter becomesinaccessibleoralargenumberofserversisdownbecausepowerdistributionis disruptedtoalargenumberofrackswithinadatacenter,theexcesscapacityinthecloud maynotbeenoughtoaccommodatefortheloss.Insuchcases,weneedtoplantomaintain additionalcapacity.Twofactorsshouldbeconsideredwhenplanningsuchexcesscapacity: thephysicaldistributionofdatacentersandtheneedforredundantinfrastructure. PhysicalDistributionofDataCenters Datacentersindifferentgeographicallocationsreducetheriskthattwoormoredata centerswillbestruckbythesamecatastrophicevent(forexample,regionalpowerloss, earthquake,andflood).Inadditiontobuildingdatacentersindifferentareas,weneedto keepreplicasofdataindifferentdatacenters,maintainredundantcopiesoftheservice catalogindifferentdatacenters,andensurethatpoliciesandproceduresaredefinedand implementedinthesamewayacrossdatacenters.
180
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure9.7:Routinefailuresarereadilyaccommodatedincloudsbutcatastrophic failuresrequirefailoverplanningandadditionalinfrastructure. RedundantInfrastructure Datacenterswillofcourseneedservers,storage,andnetworkinfrastructure.Theywill alsorequirecomparablebackuppowersystems,multipleInternetserviceproviders(ISPs), andbackupcoolingandventingsystemstoreducetheriskofasinglepointoffailureinthe infrastructure. CapacityplanninghastraditionallybeenchallenginginIT.Whenworkingwithinthe constraintsofdepartmentorlineofbusinessbudgets,itmightbedifficulttorealizea highlyredundant,rapidfailoverarchitecturewithoutsignificantcost.Centralizingthe managementofinfrastructurewithinthecloudallowsforpooledutilizationandcapacity.It alsoprovidesformoreefficientdeploymentofredundantinfrastructure,whichcan mitigatetheriskoffailuresinthecloud. Thethirdandfinaltopicwewillconsiderwithregardtolongtermmaintenanceofacloud istheneedforsecurity.
181
TheDefinitiveGuidetoCloudComputing
DanSullivan
SecurityintheCloud
Keyconsiderationsforlongtermplanningforsecurityinthecloudaresimilartothosefor otheraspectsofenterprisesecurity: Identitymanagement Entitlementsandaccesscontrols Vulnerabilityassessments Patchingandimagemanagement
IdentityManagementintheCloud
IdentitymanagementisthepracticeofmaintaininginformationaboutusersofITresources andservices.Aprimaryconcerninthecloudishowtomaintainanaccurateanduptodate databaseofidentities.Commonquestionsthatarisewithidentitiesinthecloudare: Whoshouldbeaddedasauserinthecloud?Allemployees?Fulltimeemployees only?Shouldcontractorsbeadded,andifso,accordingtowhatcriteria? Howshouldidentitiesberemovedtoensuretheleastriskoffailingtoremove someonesidentitythatshouldberemoved? Whattypeofmonitoringontheactivityofidentitiesisrequired? Howfrequentlyshouldidentitiesbeaudited?
Theconcernhereiswithlongtermmanagementandmaintenance,soimplementation issuesarenotconsidered,althoughtheyarecertainlyimportant.Theyarejustoutsidethe scopeofthisdiscussion. Beforewecanaddresswhoseidentitiesshouldbeaddedtothecloud,wehavetohavea clearunderstandingofthepurposeofthecloud.Thelooserthepurpose(forexample,to providegeneralcomputingandstorageservicestoallbusinessunitsforallpurposes),the morebroadlydefinedisthesetofpotentialusers.Morerestrictedclouds,suchasthosefor researchanddevelopmentandengineeringpurposes,willhavecorrespondinglyrestricted groupsofusers. Removingidentitiesisalsoanissue.Ideally,changestoacentralizedHRsystemwould triggertheremovalofidentitiesinthecloudwhenanemployeeleavesthecompany.This maynotaccountforcontractorsandconsultantswhoaregrantedaccesstoresources.It maynotbesufficientforemployeeschangingrolesandlosingprivilegestothecloud.
182
TheDefinitiveGuidetoCloudComputing
DanSullivan
EntitlementsandAccessControls
Entitlementsshouldbeassociatedwithwelldefinedrolesinabusiness.Forexample, financialanalystsshouldhaveaccesstohistoricalfinancialtransactionsandvariousdata martsandbusinessintelligenceapplications;however,accesstoproductdesigns, marketingstrategies,andsalesforecastsmayberestrictedtoasmallgroupofexecutives. Underidealconditions,noonewouldeverbegrantedentitlementstodataorapplications thatarenotrequiredforthemtodotheirjobs.Employeeschangeroles,controlsondata change,andnewapplicationsarebroughtonlinesometimeswithoverlybroadexecution privileges. Policiesandproceduresshouldbeinplaceinthecloudtoprotectanumberofentitlement relatedissues: Grantingaccesstodataaccordingtoadataclassificationscheme.Theseoftenare basedonfourcategories:publicdata,sensitivedata,privatedata,andconfidential data.Publicdatacanbesharedwithoutharm;sensitivedatashouldnotbeshared broadlybutwouldnotcauseseriousharmifitdid;privatedataisaboutacustomer orotherpersonandisnottobesharedoutsidearestrictedgroup;andconfidential dataiscompanyrelateddatathatwouldcausesignificantharmifdisclosed. Applicationsshouldbecontrolledalongsimilarlinesasdata.Someapplications containproprietaryknowledge,suchasariskscoringprogram,andshouldbe restrictedtoindividualswhohavealegitimateneedfortheapplication. Softwarelicensingmayrestrictthenumberofusersthatcansimultaneouslyrunan applicationorrestrictanapplicationsusetoasetofnamedusers.Software licensingmodelstendtoevolvealongwithservertechnology,soitisreasonableto expectsoftwarevendorswillquicklyadapttheirpricingmodelstothecloud.
Entitlementsandaccesscontrolsprotecthowdataandapplicationsareused.Next,wewill turnourattentiontoensuringthoseapplicationsarefunctioningasexpected.
VulnerabilityAssessmentandPatching
Itiswidelyassumedthatcomplexsoftwarehasflaws.Sometimesbugsaretheresultof programmersmakingmistakesintheircoding.Othertimes,designerscreateapplications thatalthoughcodedaccordingtospecification,functioninunanticipatedways.Atother times,softwaredeveloperscreatebetterwaysofperformingthesametaskandreleasenew versionsofapplicationswithbetterperformance.Inallofthesecases,therearereasonsto updatethesoftwarewithvendorprovidedpatches.
183
TheDefinitiveGuidetoCloudComputing
DanSullivan
Patchingisacommonpracticeandcansignificantlyimprovethesecurityandqualityofthe softwarewerun.Itisnotwithoutrisk,though.Apatchmaycorrectoneflawwhile introducinganother.Apatchcouldrenderanapplicationthatworkedwellinone configurationnonfunctional.Policiesshouldbedefinedforthecloudservicecatalogthat specifywhenandhowpatchesshouldbeappliedtovirtualmachineimagesinthecloud. Thesepoliciesshouldconsider: Whatwouldtriggerthedecisiontoapplyapatch?Reasonsincludearegularpatch releasefromavendor,anoticeinthetradepressaboutanewlydiscovered vulnerabilityinapopularsoftwareapplication,orthroughtheuseofvulnerability scanningsoftwarewiththecompany. Whattestingshouldbedonepriortoreleasingapatchedimage?Insomecases,it maybesufficienttoreleaseanewversionwhilemaintainingtheolderversioninthe servicecatalog.Userswouldthenbefreetochoosewhichtorun.Thismayworkfor nonsecuritypatches,butimageswithknown,highimpactvulnerabilitiesshould notbeleftforgeneraluse.
Aswithothersecurityaspects,patchingandvulnerabilitymanagementpracticesoutside thecloudcanbereadilyadaptedtothecloud.
Summary
Longtermmanagementandmaintenanceofacloudenvironmentrequiresattentionto governance,capacityplanning,andsecurityissues.Governanceissuesincludeframing policiesforthecloudthatfitwithoverallcorporategovernance,definingthescopeand structureofSLAs,andformulatingacostrecoverymechanismforcloudservices.Capacity planningisbasedonSLAsandstrategicdirectionofthecompany.SLAsprovideabaseline fordeterminingthecapacityneededtomeetSLAswhilemaintainingreasonableutilization rateswithsometolerancefortheinevitablehardwarefailure.Longtermsecurityconcerns includetheneedtoaddressidentitymanagement,entitlements,vulnerabilityassessment, andpatching.ThesearenotnewmanagementconsiderationsforITprofessionalsand manybestpracticesthathavebeencreatedoverthepastdecadescancontinuetoserveus wellifweadaptthemtotheparticularrequirementsofacloudenvironment.
184
TheDefinitiveGuidetoCloudComputing
DanSullivan
Chapter10:KeyStepsinEstablishing EnterpriseCloudComputingServices
Adoptingcloudcomputingtechnologyinanenterprisecanproducesubstantial improvementsinservicedeliveryandcostcontrol.Thatis,ifitisdoneright.Thedriving forcebehindtheuseofanytechnologyshouldbeabusinessimperative.Forthatreason, thefirstkeystepinestablishingenterprisecloudservicesistounderstandthebusiness objectivesthatcanbeservedbythetechnology. Inthis,thefinalchapterofTheDefinitiveGuidetoCloudComputing,webeginbyexamining howtoalignbusinessdriverswithcloudservices.Thisprocessincludesunderstanding businessobjectives,identifyingweaknessesinexistingITservicedelivery,andprioritizing themultipleobjectivesthatcanbeservedbycloudcomputing. Oncewehaveestablishedwhatwewanttoachievewithcloudcomputingintheenterprise, wemoveontothesecondkeystepintheprocess:planning.Theplanningphaserequiresa combinationofbusinessandtechnicalknowledgethattypicallyrequiresateamof professionalsfromacrosstheorganization.Someoftheissueswemustaddressatthis stageareassessingthecurrentstateofreadiness,determiningthebestcloudmodelfora givensetofrequirements,andplanningforlongtermmanagementandsustainability. Theimplementationphasefollowstheplanningstage.Thedetailsofthisphasewillvary dependingonwhetherabusinessdecidestoadoptaprivatecloudmodel,apubliccloud servicemodel,orahybridsetup.Laterinthechapter,wewillexamineissuesthatshouldbe consideredineachcase,suchasreallocatingserverhardwarewhenimplementingaprivate cloudorestablishingservicelevelagreements(SLAs)withacloudproviderwhenapublic cloudserviceisused. Thefourthkeystepinestablishingcloudcomputingservicesistodevelopamaintenance model.Maintenancehasbothtechnicalandbusinessdimensions.Technicalissuesinclude establishingprocedurestomonitorservices,identifyingandcorrectingfailedservices,and maintainingproperpatchlevelsofsoftwareunderlyingcloudservices.Thebusinesssideof maintenancefocusesontaskssuchasestablishingvaluemetricsandplanningforadequate capacity.
185
TheDefinitiveGuidetoCloudComputing
DanSullivan
186
TheDefinitiveGuidetoCloudComputing
DanSullivan
AligningBusinessDriverswithCloudServices
Throughoutthisbook,wehavediscussedthecharacteristicsofcloudcomputing,delved intosomeofthetechnicaldetails,anddiscussedtheadvantagesanddisadvantagesof variousmodelsofcloudcomputing.Theseareobviouslyimportantconsiderations,butthey arenottheonlyones.Infact,themostfundamentalquestionwecanaskwithregardsto cloudcomputingisWhy? Cloudcomputing,oranytechnology,isnotanendinitself.Technologyisdeployedtoserve abusinesspurpose.Toreducetheriskofmisusingormisapplycloudcomputinginan organization,wearewellservedbyundertakingthreetasksearlyinthecloudcomputing adoptionprocess: Understandingbusinessobjectives IdentifyingweaknessesinexistingITservicedelivery Prioritizinginitiatives
Togetherthesethreetaskshelptokeepthefocus,andthereforethebenefits,ofcloud computingonbusinessneedsinawaythatmaximizesthereturnoninvestment.
Figure10.2:Aligningbusinessobjectiveswithcloudcomputingdeploymentsisa threestepprocess.
UnderstandingBusinessObjectives
Atthemostcoarselevel,businessobjectivescanbecategorizedintotwotypes:developing newproducts,services,andcapabilitiesandimprovingexistingprocesses.Newservices thatareespeciallywellpositionedtotakeadvantageofcloudcomputingservicesarethose thatarecomputeorstorageintensive.Cloudcomputingcanenableinnovationnot practicalunderotherITmodels.Forexample,consideramanufacturingfirmthatproduces customizedmachineparts.
187
TheDefinitiveGuidetoCloudComputing
DanSullivan
CloudComputingEnablesInnovation Customerscontinuetousethemanufacturerbecauseofthecompanyshighqualityparts eventhoughthetimerequiredtodefinetherequirementsfornewpartsislongerthanmost customerswant.Themanufactureriswellawareofitscustomerstimeconstraintsbutit hasdecidednottosacrificequalityforspeed.Thefundamentalproblemisthathighly skilledengineersarerequiredtodothedesignworkandthemanufacturercannotcarry toomanyoftheseprofessionals. Engineerscouldbemoreproductiveiftheycouldbetterleveragethecapabilitiesof computeraideddesign(CAD)software,butthekindsofanalysistheyneedarecompute intensive.ThemanufactureralsodoesnothavetheITexpertisetoimplementandmaintain ahighperformancecomputingenvironmentwithclustersofhighendservers.Usingpublic cloudservices,themanufacturercouldrunthecomputeintensiveCADsoftwareinthe cloudasneeded,freeingengineerstoworkonadditionaldesignproblems.The combinationofinnovativesoftwareandcloudcomputingresourcesallowstheengineersto offloadautomatabledesigntasks. Whenyouareexaminingbusinessobjectivesandassessingtheopportunitiesforoffering newservices,considerseveralfactorsaboutworkflowsthatmakethemcandidatesfor cloudcomputingservices. Isyourabilitytodelivertheservicelimitedbyavailablecomputingorstorage resources? Cansomepartsoflaborintensiveprocessesbeautomated? Canaworkflowbechangedtoautomate80%oftheworkloadwhileleavingthe other20%foremployees?
Existingworkflowsmaynotobviouslylendthemselvestocloudcomputingbutre engineeredformsofthesameworkflowmaybemoreamenabletoautomation.
188
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure10.3:Cloudcomputingcanenableincreaseproductivitythroughthe innovativetreatmentofexistingapplications.
189
TheDefinitiveGuidetoCloudComputing
DanSullivan
AccommodatingVaryingDemandforServices Anotherfactorthatmayholdbackabusinessinitiativeisuncertaintyaboutdemand. Demandmaybelowatfirstbutexpectedtogrow.Theremaybeuncertaintyabouttherate ofgrowth,especiallyduringdownturnsinthebusinesscycle.Thistypeofuncertaintymay beenoughtoderailanotherwisepromisingplan.Ondemandcomputingandstoragecan helpinjustthistypeofsituation. Pilotprojectscanbereadilystartedusingonlycloudresources.Notasingleserverneedsto bepurchased.Eliminatingtheprocurementprocesssavesnotonlymoneybutalsotime.Ifa pilotprojectissuccessful,theservicecanberolledouttolargergroupsofcustomersand cloudresourcescanbescaledaccordingly.Spikesindemandortemporary(oreven prolonged)downturnsindemandarereadilyaccommodatedbyadjustingthelevelofcloud resourcesallocatedtotheservice.Withnosignificantcapitalinvestmentrequiredtostart suchaproject,thereisgreaterfreedomtoexperimentwithnewbusinessservices.The potentialtoapplyinnovativeapplicationofexistingservicesandtoexperimentandquickly implementnewservicesaretwoofthekeytypesofbusinessopportunitiesthatshouldbe consideredwhentryingtounderstandhowtoleveragecloudcomputingandalignitwith businessobjectives.
ImprovingExistingProcesses
Anotherkeytypeofbusinessobjectiveiscostcontrol.Thiscantakeonseveralforms: Inefficientbusinessprocessesandworkflows Belowexpectedproductivityfromprofessionalstaff PoorutilizationofITresources ProlongedtimetocompleteITprocesses,suchasdeployinghardwareorpatching software
Inefficientbusinessprocessesandinsufficientproductivityofprofessionalstaffcanbe addressedusingthemethodsdescribedearlierinthediscussiononinnovation.Theother costcontrolareasrequirefurtherelaboration. ITresources,suchasserversandstoragearrays,arecostlyinvestments.Wellrun businesseswillworktogetareasonablereturnonthatinvestment.Technicalissues, however,cangetintheway.Oneofthemostsignificantproblemsislowutilizationof servers,especiallywhentheyarededicatedtoasinglebusinessprocess.Chapter1 analyzedthisproblemandshowedhowcloudcomputingmoreefficientlyallocates computingresources,showninFigure10.4(whichfirstappearedinChapter1asFigure 1.6).
190
TheDefinitiveGuidetoCloudComputing
DanSullivan
191
TheDefinitiveGuidetoCloudComputing
DanSullivan
IdentifyingWeaknessesinExistingITServiceDelivery
ITdepartmentshavepoliciesandproceduresfordeliveryservices.Whennewhardwareis procured,thereisaproceduretofollow.Whennewapplicationsarebroughtonline,there areprocedurestofollow.Thelistcouldgoontoincludepoliciesandproceduresthat describehowtoimplementsecuritycontrols,softwaremaintenance,network management,andsystemsmonitoringandauditing.Anyoneoftheseareascanrepresenta weaknessintheabilitytodeliverITservices. Consideranexample:Alineofbusinesswantstodeployanewservicethatwillrequire severalserversandacommonlyusedapplicationstack.Everythingthedepartmentwants iswellwithintheabilityoftheITdepartmenttosupportbutstillthereareproblems: Thetimerequiredtoreviewtheserverordersandverifytheconfigurationsare correct Determinationofwhetheradditionallicensesarerequiredtoruntheapplication stack IdentificationofITstafftoperformtheinstallationandsystemsadministration tasks Determinationofwherethehardwarewillbelocatedandassurancethatthereis sufficientpower,networkconnections,andotherinfrastructuretosupportthenew servers
Ifthissamenewapplicationweredeployedinthecloud,wewouldstillhavetoaddress thesesameissues,butwecoulddoitmoreefficiently.Serverswouldnothavetobe orderedjustforthisapplication.Alicensemanagementscheme(forexample,sitelicenses) wouldpresumablyalreadybeinplaceforcloudbasedapplications.Theinstallation processwouldbereducedtoensuringthecorrectimagesareavailableintheservice catalog.Applicationadministratorswouldstartvirtualserversrunningthenecessary applicationsonanasneededbasis.Hardwarewouldbeinplace,soquestionsabout infrastructurewouldnotarise.Implementationissuessuchastheseputadragon innovationorimprovementtoexistingprocesses.ByidentifyingstepsinITprocessesthat hinderotherbusinessoperations,wecanbetterunderstandwherewecanapplycloud computingtoavoidthoseissues.
192
TheDefinitiveGuidetoCloudComputing
DanSullivan
PrioritizingInitiatives
Chapter4outlinedcommonhighpriorityobjectivesthatareworthrepeating: Controllingcosts Expandingmarketshareinmatureindustries Expandingintonewmarketsingrowthindustries Improvingcustomerservice Improvingcustomerretention Increasingcrossselling
Thelaststepinunderstandingbusinessdriversforadoptingcloudcomputingis prioritizingallthewaysweimprovebusinessoperations.Wecanprioritizedbasedonthe valueofsupportinginnovation,reducingthebarrierstointroducingnewservices, improvingITservicedelivery,andreducingthestaffrequiredtomaintainaparticularlevel ofservicedelivery.Eachoftheseimplieseitheradirectcost,suchaslaborcosts,or opportunitycosts,suchasthoseassociatedwithdelaysinreleasingnewproductsand services. Aligningbusinessinitiativeswithcloudcomputingservicesistheessentialfirststepin adoptingcloudcomputing.Byunderstandingbusinessdrivers,identifyingweaknessesin existingprocesses,andprioritizingamongallthepotentialwaystoleveragecloud computing,abusinesswillbeinafirmpositiontotakeonthechallengingtaskofplanning foratransitiontocloudcomputing.
PlanningforTransitiontoCloudComputing
Theplanningphaseofthecloudtransitionisprimarilyfocusedontechnicalissues: Assessingthecurrentstateofreadiness Indentifyingthedifferencesbetweencurrentinfrastructureandtheinfrastructure todeployforthecloud Determiningthebestcloudmodelforyourrequirements Planningforlongtermmanagementandstability
Notsurprisingly,thefirststepingettingtowherewewanttogoistounderstandwherewe are.
193
TheDefinitiveGuidetoCloudComputing
DanSullivan
AssessingtheCurrentStateofReadiness
Cloudcomputingtakesadvantageofaparticularstyleofapplicationarchitecture.The closerwearetothatstylewhenwebegin,thebetteroffweare.Threeelementsofthisstyle areWebapplicationarchitecture,selfmanagementofcomputeandstorageservices,and standardplatformsandapplicationstacks.Theseelementsweredescribedindetailin Chapter7,sotheywillbeonlybrieflydescribedhere. Webapplicationarchitectureisdecentralizedanddependsonmultipleprocessesrunning onmultipleservers.Asimplethreetieredmodelincludesaserverforpersistentstorage, whichisusuallyarelationaldatabase;amiddletierofanapplicationserver,suchasaJava J2EEapplicationserverora.NETapplication;andaclienttierprovidingauserinterface (UI).Acommonvariationonthismodelistohaveseveralapplicationserversproviding servicestoaWebserverthatcoordinatesthoseservicesforaclientinterface(seeFigure 10.5).
194
TheDefinitiveGuidetoCloudComputing
DanSullivan
Oneofthecostcontrolbenefitsofcloudcomputingistheabilitytoofferselfservice managementtocloudconsumers.ThissetupremoveshighcostITprofessionalsfrom commontaskssuchasstartinginstancesofvirtualmachinesorallocatingstorageforan application.Thesoftwarerequiredtoimplementselfservicecanbedeployedinthenext phaseofthetransitionprocess,butcloudconsumersshouldbeinapositiontotake advantageofselfservicefeatureswhentheyarrive. Anotherfactortoconsiderishowstandardizedyourapplicationstacksare.Are departmentsrunningawiderangeofapplicationsanddifferentplatforms?Doyousupport threeorfourmajorrelationaldatabases?Aredepartmentsrunningdifferentversionsof WindowsandLinuxoperatingsystems(OSs)?Theanswerstothesequestionswillgiveyou someindicationofhowstandardizedyourorganizationiswithrespecttoapplication stacks.Thetransitiontocloudcomputingcanbeanopportunitytoprunethesetof supportedapplications.Thiswillfurtherimprovethecostbenefitsofcloudcomputingby reducingthedemandforpatching,licensingmanagement,andsupportservicesrelatedto differentapplications.
IndentifyingtheDifferencesBetweenCurrentInfrastructureandtheInfrastructureto DeployfortheCloud
Cloudservicescanrunoncommodityhardware.Theycanalsorunonspecializedhardware assumingvirtualizationservicesareavailable.Whatsetofhardwareservers,storage,and networkequipmentisavailableinyourorganization?Theoptimalsetofinfrastructure componentsisafunctionofseveralfactors.Ontheonehand,ifhardwareisinplace,it seemslogicaltouseit;ontheotherhand,thegreaterthediversityinequipment,the greatertheadministrationandoverheadcosts.Somethingstoconsiderwithregardto assessingwhatyouhaveandwhatyouwouldlikeforhardwareinfrastructureinclude: Thecapacityofserverstosupportmultiplevirtualinstances,includingprocessor speedandmemorycapacity Theabilityofserverstorunsoftwareintheservicescatalog Therangeofsupportskillsrequiredtomaintaintheinfrastructure Powerconsumptionandcoolingrequirements
195
TheDefinitiveGuidetoCloudComputing
DanSullivan
DeterminingtheBestCloudModelforYourRequirements
Aswehavedescribedthroughoutthisguide,therearethreemodelsfordeliveringcloud services:private,public,andhybrid.Whichisthebestoptionforyou? Aprivatecloudissuitableforenterprisesthathavetheinfrastructure,supportskills,and managementframeworktomaintainsuchanarchitecture.Weusetheterminfrastructure broadly,toincludenotonlyIThardwarebutphysicalinfrastructuresuchasdatacenters, redundantpowersupplies,andmultiplehighspeedInternetconnections.ITprofessionals runningaprivatecloudwillberequiredtomanagelargenumbersofsimilarlyconfigured servers,multiplediskarrays,acomplexarrayofnetworkmanagementsystems,androbust securitycontrols.Amanagementsystemmustbeinplaceaswelltoimplementcost recovery,capacityplanning,servicedelivery,licensingnegotiations,andother administrativecapabilities. Thesearesignificantbarrierstoadoptingaprivatecloudmodel,butthereareadvantages aswell.Yourorganizationhascompletecontrolovertheservicecatalog,whoisallowedto usecloudresources,andtheabilitytomonitorallcloudservices.Thefactthatdataand applicationswouldnothavetoresideoutsidethecorporatefirewallscanbeasubstantial advantagefromacomplianceperspective. Apubliccloudhasseveraladvantages: Minimalcapitalexpenditures Abilitytomaintainexistinginfrastructureinitscurrentconfiguration,allowingfora periodoftimeinwhichbothexistingandnewcloudbasedinstancesareused Possiblylowercostsperunitofcomputingserviceorstoragebecauseofthe economiesofscale Lessmanagementoverheadfordaytodayoperationsbutpotentiallymore overheadfornegotiating,monitoring,andenforcingSLAs
Thepotentialdrawbacksofaprivatecloudincludetheneedtomovesensitivedataoutside thecorporateinfrastructure,thepotentialcostsoftransmittinglargevolumesofdataover thenetwork,andthedelaysinmovingdataintothecloudbyshippingstoragedevices (doneinsomecasestoreduceuploadcosts). Ahybridcloudcanoffertheadvantagesofboththeprivateandpubliccloud.Sensitive informationcanbemaintainedinaprivatecloudwhileotherdataismovedtothepublic cloud.Existinginfrastructurecanbereadilyredeployedtoacloudwhileolderorless amenablehardwareisnot.Initialcapitalexpendituresmaybereducedbecausepeakloads intheprivatecloudcanbeaccommodatedbyallocatingresourcesinapubliccloud. Onceagain,thereisnosolutionthatisoptimalforallcases.Theadvantagesand disadvantagesofeachmodelmustbeweighedagainstthebusinessrequirementsand constraints.
196
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure10.6:Acombinationofprivateandpubliccloudscanenableanorganization torealizethebenefitsofboth.
PlanningforLongTermManagementandStability
Implementingacomputingandstoragecloudisalongtermpropositionthatrequires attentiontoanumberofareasinadditiontothosealreadymentioned.Inparticular,we needtoplanforsecurity,disasterrecovery,andmaintenanceofphysicalinfrastructure. Securityconsiderationsincludeprotectingphysicalinfrastructureaswellaslogicalaccess toservicesandresources.Clouddatacenterswillrequirethesametypesofphysical protectionsasonewouldfindinanylargedatacenter.Accesstoinfrastructureshouldbe limitedtothosewithlegitimateneeds.Thesiteshouldbemonitoredandsecurity proceduresaudited.Firesuppressionequipmentshouldbeinplace.Logicalaccesscontrols beginwithidentitymanagement.Policiesshouldbeinplacedefiningwhohasaccessto variouscloudresources,suchasserversandapplications.Licensingrestrictionsshouldbe takenintoconsiderationaswell.Policiesandproceduresshoulddefinehowauthentication andauthorizationsaregranted,monitored,andrevoked. Longtermmanagementincludesplanningfordisaster.Maintainingmultipledatacenters maybeareasonablestrategyforsomeprivatecloudusersbutnotothers.Thecostscanbe prohibitive.Onealternativeistouseapubliccloudfordisasterrecoverypurposes, althoughtherearestillissuesregardingconfidentialityandcompliance.
197
TheDefinitiveGuidetoCloudComputing
DanSullivan
Maintainingthephysicalinfrastructureofacloudisanongoingoperation.Withlarge numbersofserversanddisks,itisreasonabletoexpectregularequipmentfailures.Even withlongmeantimesbetweenfailures,whenwearedealingwiththousandsofpiecesof equipment,partswillfail.Services,suchaspowerandInternetaccess,willfailaswell. BackuppowersuppliesandredundantInternetprovidersshouldbeused. Ausefulruleofthumbformanagingcloudcomputingandtheservicesitcanprovideisto assumethatchangeandinnovationareinherent.Newequipmentandapplicationswillbe addedwhileothersareretired.Equipmentwillfail.Powerwillgodown.Newbusiness requirementswillemerge.Cloudcomputing,likethebusinessenvironmentitserves,is dynamic.
ImplementingaCloudInfrastructure
Analyzingbusinessdriverscanbechallengingbecauseofcomplex,interdependentgoals andobjectives.Planningcanbedifficultbecauseonehastomergebothbusiness requirementsandtechnicalconstraintsinawaythatservesbusinessobjectives.Thenext stageoftheprocess,implementation,isdifficultprimarilyfortechnicalreasons.The specificchallengeswillvarydependingonthetypeofcloudmodelthatisbeingused: private,public,orhybrid.
ImplementingaPrivateCloud
Thekeytaskstoimplementingaprivatecloudcenterondeployinghardwareand establishingoperations.Threesuchtasksare: Reallocatinganddeployingservers Establishingsoftwareandapplicationmanagementprocedures Implementingamanagementframework
198
TheDefinitiveGuidetoCloudComputing
DanSullivan
Figure10.7:Whennewhardwareisdeployedinthecloud,applicationscanmigrate directlytothecloud. Whenexistinghardwareisredeployedtothecloud,themigrationislessdirect.Abasic challengeistokeepservicesavailablewhilemigratinghardwarefromanapplication centricuseofserverstoacloudcomputingmodel.Onewaytohandlethischallengeisto migrateapplicationsfromtheirdedicatedserverstoasetofvirtualmachinesrunningon serverstemporarilyallocatedtosupportthemigration.Thisapproachworkswhenservers dedicatedtoapplicationsarenotusingthefullcapacityofservers.Applicationsare temporarilyhostedontransitionserverswhilehardwareismigratedtothecloud.Oncethe hardware,software,andsupportingcloudservicesareinplace,applicationscanbegin runninginthecloud.
Figure10.8:Applicationsmaybehostedontransitionvirtualserversincaseswhere existinghardwareistoberedeployedtothecloud.
199
TheDefinitiveGuidetoCloudComputing
DanSullivan
Introducingpubliccloudservicesbringswithitadifferentsetofimplementationtasks.
AdaptingPublicCloudServices
Usingapubliccloudrelievesabusinessofmanyoftheimplementationtasksassociated withprivateclouds.Thereisnoneedtotransitionhardwareorredeployservers.No servicecatalogstoestablishandmanage.Nolowlevelbillinginfrastructuretoputinplace. InsteadthefocustendstobemoreondefiningSLAsandreviewingcomplianceandsecurity issues. SLAsareessentiallycontractsbetweenabusinessandacloudprovider.SLAsareimportant forclarifyingwhatservicesareexpected,thecostofsuchservices,thequalityofthese services,andcompensationforfailuretomeetagreements.SLAswithpubliccloud providerscanincludeagreementsaboutmanyfactors: Thenumberandtypesofserversthatwillbeavailableforuseatanytime Restrictionsonthenumberofvirtualordedicatedserversthatmaybeallocatedina singlerequest Minimumandmaximumstorageusage Guaranteedbandwidthintoandoutofdatacentersusedbythepubliccloud Securitycontrolsandprocedures Auditandmonitoringresponsibilitiesoftheproviderandthebusinesscustomer Computeandstoragerates,billingperiods,andsoon Individualandaggregatedemandreports
200
TheDefinitiveGuidetoCloudComputing
DanSullivan
UsingaHybridPrivatePublicCloud
Ahybridprivatepublicclouddeliversthebenefitsofbothmodelsofcloudcomputing.It alsobringswithittheresponsibilitiesofboththatwejustdescribedandabitmore.The combinedresourcesofaprivateandpubliccloudmayappeartobeseamlesslyintegrated fromtheusersperspectivebutthereareoperationaldifferences.Onlydataand applicationsthataredeemedsafetostoreorruninapubliccloudshouldbemadeavailable outsidetheprivatecloud.
201
TheDefinitiveGuidetoCloudComputing
DanSullivan
ManagingandMaintainingaCloud
Thetasksofmanagingandmaintainingacloudcomputingenvironmentcanbebroken downintooperationalissuesandbusinessmanagementissues.
OperationalIssues
Oncehardwareisdeployed,managementinfrastructureisdeployed,applicationsare installed,andsecuritycontrolshavebeenputinplace,acloudisreadytouse.Afterthat,we areinmaintenancemode.Atthispoint,newbusinessrequirementswillariseandwillbe accommodatedinanincrementalmanner.Therewillstillbebusinessanalysis,planning, andimplementationtasksasdescribedearlierinthediscussionaboutthecloudcomputing lifecycle(seeFigure10.1).Onadaytodaybasis,someofthemostimportantoperational taskswillbe: Monitoring Faultdetectionandcorrection Systemsmaintenance
Cloudadministratorswillhavetoroutinelymonitorseveralattributesofacloud. Utilizationofserversandstoragecapacityshouldberegularlymonitored.Thisdatais usefulforshorttermmanagement,forexample,whenadditionalservershavetobe broughtonlineduringperiodsofpeakdemand,aswellasforlongtermcapacityplanning. Theimagesrunfromtheservicecatalogalsoneedtobemonitored.Systemsadministrators shouldknowwhichapplicationsareusedmostfrequently,especiallywhenlicensingcosts areanissue.Thisinformationisalsousefulforprioritizingpatching,securityscans,and upgradeplanning.Monitoringshouldalsoincludesecuritymonitoring,suchasuser activity,suspiciouseventssuchasauthenticationfailuresorrepeatedunauthorized accessattempts,andscanningofinboundandoutboundnetworktraffic.
202
TheDefinitiveGuidetoCloudComputing
DanSullivan
Hardwarefollowstheruleoflargenumbers:withasufficientlylargenumberofdevices, someofthosedeviceswillfailandinstancesoffailurewillbemorefrequentforacloud thanforasingleserver.Thelogicissimple:theprobabilityofaserverfailingisthe probabilityofServerAfailingplustheprobabilityofServerBfailingplustheprobabilityof ServerCfailing,andsoon.Inaprivatecloud,systemsadministratorswillneedtodetect faultsinserversandstoragedevicesandbeabletotakethosedevicesoffline.Inthecaseof afailedserver,applicationsrunningonthefailedserverwillneedtobemovedtoanother server.Whenastoragedevicefails,readandwriteoperationsshouldbeabletocontinue usingredundantcopiesofthedatathatwaslost.Aggregatedataaboutfailureratesof devicescanbecollectedovertimeandprovideabaselineforpredictingratesoffailures. Systemmaintenanceisarathergenerictermforabroadsetoftasksthatoneneedsto performtokeepapplicationsrunningasexpected.Thesetincludesmanaginguser identities,establishingaccesscontrols,patchingsoftware,scanningimagesformalware andvulnerabilities,andothertaskswehadpriortomovingtoacloudmodel.Changing architecturesdoesnotchangetheneedforbasicsystemmanagementtasks.
BusinessManagementIssues
Longtermbusinessmanagementissuesofsupportingacloudinfrastructurecanbeas variedasthetechnicalissues,rangingfromestablishingvaluemetricstoensuring continuityofservicesintheeventofadisaster.Atthemostbasiclevel,organizationsadopt cloudcomputingbecauseitwillimprovetheabilityofthebusinesstomeetitsobjectives. Thatistheideawhentheprocessgetsstarted,buthowdoyouknowwhetherthe implementationissucceedingorifyouareanywherenearrealizingthebenefitsexpected? Asetofvaluemetricsneedtobeinplacetomeasurethevalueofthecloud.Thesevalue metricscanincludegenericmeasuressuchasreturnoninvestment(ROI)ormorespecific onessuchas Reductionintimetoreleaseanewproductorservice NumberofCPUhoursutilizedfordeliverybusinessservices Utilizationrateofstorageintheenterprise Transactionprocessedperunitofcomputingandstorageresource ReductioninITsupportcostsperserver
203
TheDefinitiveGuidetoCloudComputing
DanSullivan
Capacityplanningrequiresaclosecouplingofbusinessplanningandtechnology management.Operationaldataaboutserver,network,andstorageutilization,numbersof businessoperationssupportedbythecloud,andnumberofusersandtheirdistributionin thecompanyarevitalforcapacityplanning.Forexample,ifaproductdesigngroupisa majoruserofcloudservicesandthecompanyisabouttoacquireanotherfirmthatwill significantlyincreasethesizeoftheproductdesigngroup,thecloudmanagementteam needstoknow.IfaWebapplicationdevelopmentteamatanationalhomeimprovement retailerplanstoprovidealargenumberofdoityourselfvideosontheWebsiteand significantlyincreasenetworkutilization,thecloudteamshouldbeprepared.These realitiesprovideexampleswherecreatingandmaintaininglinesofcommunications betweendifferentpartsofabusinessareimportanttothelongtermeffectivenessofanIT service. Longtermplanningalsorequiresattentiontodisasterrecovery.Ifweassumeadisaster couldstrikeanddisableadatacenter,weneedtobeabletoanswerthequestion,what happensthen?Ifwehavegeographicallydistributeddatacenterswithredundantstorage andadditionalcomputingresources,wecanmoveoperationstooneormorealternative datacenters.Althoughserversmaybeabletofailoverfairlyseamlesslyandredundant copiesofdatacanbemadeavailable,theprogramsrunninginthefaileddatacentermay notbeasrobust.Forexample,anapplicationthatrunsforextendedperiodsoftime withoutwritingstateinformationtopersistentstoragemayhavetorestartitsprocessing fromthebeginningofajobratherthanrecovermidstream.Whenplanningfordisaster recovery,wemustconsiderdetailsfromthelowestimplementationlevel,suchasthe availabilityofpowerandcoolingsystems,tohighleveldesignissues,suchashow applicationsmanagestateinformation. Maintenanceandlongtermmanagementissuesincloudenvironmentsaresimilartothose foundinotherITenvironments.Fortunately,manyofthebestpracticesandmanagement techniquesthathaveevolvedovertheyearsarerelevantandapplicabletoday,albeitwith someslighttuningfortheuniquecharacteristicsofthecloud.
Summary
Cloudcomputingischangingthewaywedeliverbusinessservices.Thecloudarchitecture allowsformoreefficientutilizationofinfrastructure,amoreefficientdeliverymechanism forservices,andanimproveduserexperience.Byaligningbusinessobjectiveswiththe capabilitiesofcloudcomputing,businessescanrealizefastertimetomarket,reducedIT supportcosts,andmoreeffectiveuseofcapitalforinvestments.
204
TheDefinitiveGuidetoCloudComputing
DanSullivan
Cloudcomputingischaracterizedbyitsmassivescalability,easytouseprovisioning services,andaservicemanagementplatform.Thesemaybedeliveredprivatelywithinthe corporateboundaries,publiclythroughathirdpartyprovider,orasacombinationofthe two.Therearedifferentlevelsofcloudservices,suchasinfrastructureproviders,platform services,andapplicationservices.Theseservicescanbedeployedaccordingtobusiness needs,andleadtoimprovedabilitytodelivercurrentservicesandintroducenewservices withoutundoingencumbrancefromhavingtodeploycomplexITinfrastructure. TheDefinitiveGuidetoCloudComputinghaspresentedacomprehensiveoverviewofcloud computingwithafocusonidentifyingstepsneededtosuccessfullydeploycloudcomputing inyourbusiness.Technicaldetailsofcloudcomputingwillchange,buttheanalysisand managementprinciplesarebasedontheITindustryspriorexperiencewithother architecturesandservicedeliverymodels.Thevaluablelessonslearneddeployingand managingmainframes,clientserverapplications,andfirstgenerationareapplicabletothe cloud,withofcourse,someadaptation.
DownloadAdditionaleBooksfromRealtimeNexus!
RealtimeNexusTheDigitalLibraryprovidesworldclassexpertresourcesthatIT professionalsdependontolearnaboutthenewesttechnologies.IfyoufoundthiseBookto beinformative,weencourageyoutodownloadmoreofourindustryleadingtechnology eBooksandvideoguidesatRealtimeNexus.Pleasevisit http://nexus.realtimepublishers.com.
205