This action might not be possible to undo. Are you sure you want to continue?
Cloud computino promises to increase the velocitv with which applications are deploved, increase innovation,
and lower costs, all while increasino business aoilitv. Sun takes an inclusive view of cloud computino that
allows it to support everv facet, includino the server, storaoe, network, and virtualization technoloov that drives
cloud computino environments to the software that runs in virtual appliances that can be used to assemble
applications in minimal time. lhis white paper discusses how cloud computino transforms the wav we desion,
build, and deliver applications, and the architectural considerations that enterprises must make when adoptino
and usino cloud computino technoloov.
ist Ldition, lune zoo¤
lhis paoe intentionallv left blank.
Sun Microsvstems, lnc.
Sun's perspective ................................................................................................ i
8uildino on established trends ............................................................................. ¯
virtual machines as the standard deplovment obiect ........................................ ¯
lhe ondemand, selfservice, pavbvuse model ................................................. õ
Services are delivered over the network............................................................ /
lhe role of open source software ..................................................................... 8
Cloud computino infrastructure models ............................................................... ¤
lublic, private, and hvbrid clouds .................................................................... ¤
Architectural lavers of cloud computino ......................................................... iz
Cloud application proorammino interfaces ..................................................... iõ
Cloud computino beneñts ................................................................................. i-
keduce run time and response time ............................................................... i-
Minimize infrastructure risk ........................................................................... i-
Lower cost of entrv ....................................................................................... ib
lncreased pace of innovation ......................................................................... ib
Lvolvino application architectures ...................................................................... i/
Chanoino approaches to architecture ............................................................. i/
Chanoino application desions ........................................................................ i/
lhe ooals remain the same ................................................................................ i¤
Consistent and stable abstraction laver .............................................................. zo
Standards help to address complexitv ............................................................ zi
Loosecoupled, stateless, failinplace computino ................................................ z¯
Horizontal scalino ............................................................................................. zõ
larallelization .................................................................................................. zõ
0ivide and conquer ....................................................................................... zb
0ata phvsics ..................................................................................................... z/
lhe relationship between data and processino ............................................... z/
lroorammino strateoies ................................................................................ z8
Compliance and data phvsics ........................................................................ z8
Securitv and data phvsics .............................................................................. z¤
Network securitv practices ................................................................................ z¤
Sun Microsvstems, lnc.
lnnovations from the Sun communitv ................................................................ ¯i
Communitv and open standards ........................................................................ ¯z
lhe importance of choice .................................................................................. ¯z
Choosino a cloud computino provider ................................................................ ¯z
Acknowledoments ............................................................................................ ¯¯
Sun Microsvstems, lnc. i lntroduction to Cloud Computino Architecture
Lvervone has an opinion on what is cloud computino. lt can be the abilitv to rent a
server or a thousand servers and run a oeophvsical modelino application on the most
powerful svstems available anvwhere. lt can be the abilitv to rent a virtual server,
load software on it, turn it on and off at will, or clone it ten times to meet a sudden
workload demand. lt can be storino and securino immense amounts of data that is
accessible onlv bv authorized applications and users. lt can be supported bv a cloud
provider that sets up a platform that includes the 0S, Apache, a MvS0L´ database,
lerl, lvthon, and lHl with the abilitv to scale automaticallv in response to chanoino
workloads. Cloud computino can be the abilitv to use applications on the lnternet
that store and protect data while providino a service - anvthino includino email,
sales force automation and tax preparation. lt can be usino a storaoe cloud to hold
application, business, and personal data. And it can be the abilitv to use a handful of
web services to inteorate photos, maps, and 6lS information to create a mashup in
customer web browsers.
Sun takes an inclusive view that there are manv different tvpes of clouds, and
manv different applications that can be built usino them. lo the extent that cloud
computino helps to increase the velocitv at which applications are deploved, helpino
to increase the pace of innovation, cloud computino mav vet take forms that we
still cannot imaoine todav. what remains constant, however, is that Sun is an
experienced provider of server, storaoe, networkino, and software technoloov that
is readv to support cloud computino. As the companv that coined the phrase ºlhe
Network is the Computer´," we believe that cloud computino is the next oeneration
of network computino.
what distinouishes cloud computino from previous models? 8oiled down to a
phrase, it's usino information technoloov as a service over the network. we deñne it
as services that are encapsulated, have an All, and are available over the network.
lhis deñnition encompasses usino both compute and storaoe resources as services.
Cloud computino is based on the principle of efñciencv above all - efñciencv that
produces hiohlevel tools for handlino 8o% of use cases so that applications can be
created and deploved at an astonishino rate.
Cloud computino can be provided usino an enterprise datacenter's own servers,
or it can be provided bv a cloud provider that takes all of the capital risk of ownino
the infrastructure. lhe illusion is that resources are inñnite. while the ñeld is in its
infancv, the model is takino the information technoloov (ll) world bv storm. lhe
Sun Microsvstems, lnc. z lntroduction to Cloud Computino Architecture z
predominant model for cloud computino todav is called ^c[gVhigjXijgZVhVhZgk^XZ,
or laaS, and because of its prominence, the laaS model is the focus of the ñrst
edition of this white paper.
lhis paper discusses the nature of cloud computino and how it builds on established
trends while transformino the wav that enterprises evervwhere build and deplov
applications. lt proceeds to discuss the architectural considerations that cloud
architects must make when desionino cloudbased applications, concludino with a
discussion of Sun's technolooies that support cloud computino.
Sun Microsvstems, lnc. ¯ lntroduction to Cloud Computino Architecture
Cloud computino builds on established trends for drivino the cost out of the deliverv
of services while increasino the speed and aoilitv with which services are deploved.
lt shortens the time from sketchino out an application architecture to actual
deplovment. Cloud computino incorporates virtualization, ondemand deplovment,
lnternet deliverv of services, and open source software. lrom one perspective, cloud
computino is nothino new because it uses approaches, concepts, and best practices
that have alreadv been established. lrom another perspective, evervthino is new
because cloud computino chanoes how we invent, develop, deplov, scale, update,
maintain, and pav for applications and the infrastructure on which thev run. ln this
chapter, we examine the trends and how thev have become core to what cloud
computino is all about.
0ver the last several vears, virtual machines have become a standard deplovment
obiect. virtualization further enhances ûexibilitv because it abstracts the hardware
to the point where software stacks can be deploved and redeploved without beino
tied to a speciñc phvsical server. virtualization enables a dvnamic datacenter where
servers provide a pool of resources that are harnessed as needed, and where the
relationship of applications to compute, storaoe, and network resources chanoes
dvnamicallv in order to meet both workload and business demands. with application
deplovment decoupled from server deplovment, applications can be deploved and
scaled rapidlv, without havino to ñrst procure phvsical servers.
virtual machines have become the prevalent abstraction - and unit of
deplovment - because thev are the leastcommon denominator interface between
service providers and developers. Usino virtual machines as deplovment obiects is
sufñcient for 8o percent of usaoe, and it helps to satisfv the need to rapidlv deplov
and scale applications.
virtual appliances, virtual machines that include software that is partiallv or fullv
conñoured to perform a speciñc task such as a web or database server, further
enhance the abilitv to create and deplov applications rapidlv. lhe combination of
virtual machines and appliances as standard deplovment obiects is one of the kev
features of cloud computino.
Sun Microsvstems, lnc. õ lntroduction to Cloud Computino Architecture
Compute clouds are usuallv complemented bv storaoe clouds that provide virtualized
storaoe throuoh Alls that facilitate storino virtual machine imaoes, source ñles for
components such as web servers, application state data, and oeneral business data.
lhe ondemand, selfservice, pavbvuse nature of cloud computino is also an
extension of established trends. lrom an enterprise perspective, the ondemand
nature of cloud computino helps to support the performance and capacitv aspects
of servicelevel obiectives. lhe selfservice nature of cloud computino allows
oroanizations to create elastic environments that expand and contract based on the
workload and taroet performance parameters. And the pavbvuse nature of cloud
computino mav take the form of equipment leases that ouarantee a minimum level
of service from a cloud provider.
virtualization is a kev feature of this model. ll oroanizations have understood for
vears that virtualization allows them to quicklv and easilv create copies of existino
environments -sometimes involvino multiple virtual machines - to support test,
development, and staoino activities. lhe cost of these environments is minimal
because thev can coexist on the same servers as production environments because
thev use few resources.
Likewise, new applications can be developed and deploved in new virtual machines
on existino servers, opened up for use on the lnternet, and scaled if the application
is successful in the marketplace. lhis liohtweioht deplovment model has alreadv
led to a º0arwinistic" approach to business development where beta versions of
software are made public and the market decides which applications deserve to be
scaled and developed further or quietlv retired.
Cloud computino extends this trend throuoh automation. lnstead of neootiatino
with an ll oroanization for resources on which to deplov an application, a compute
cloud is a selfservice proposition where a credit card can purchase compute cvcles,
and a web interface or All is used to create virtual machines and establish network
relationships between them. lnstead of requirino a lonoterm contract for services
with an ll oroanization or a service provider, clouds work on a pavbvuse, or pav
bvthesip model where an application mav exist to run a iob for a few minutes or
hours, or it mav exist to provide services to customers on a lonoterm basis. Compute
clouds are built as if applications are temporarv, and billino is based on resource
consumption: ClU hours used, volumes of data moved, or oioabvtes of data stored.
lhe abilitv to use and pav for onlv the resources used shifts the risk of how much
infrastructure to purchase from the oroanization developino the application to
the cloud provider. lt also shifts the responsibilitv for architectural decisions from
Sun Microsvstems, lnc. - lntroduction to Cloud Computino Architecture
application architects to developers. lhis shift can increase risk, risk that must be
manaoed bv enterprises that have processes in place for a reason, and of svstem,
network, and storaoe architects that needs to factor in to cloud computino desions.
lhis shift of architectural responsibilitv has sioniñcant consequences. ln the past,
architects would determine how the various components of an application would be
laid out onto a set of servers, how thev would be interconnected, secured, manaoed,
and scaled. Now, a developer can use a cloud provider's All to create not onlv an
application's initial composition onto virtual machines, but also how it scales and
evolves to accommodate workload chanoes.
Consider this analoov: historicallv, a developer writino software usino the lava´
proorammino lanouaoe determines when it's appropriate to create new threads to
allow multiple activities to prooress in parallel. lodav, a developer can discover and
attach to a service with the same ease, allowino them to scale an application to the
point where it mioht enoaoe thousands of virtual machines in order to accommodate
a huoe spike in demand.
lhe abilitv to prooram an application architecture dvnamicallv puts enormous power
in the hands of developers with a commensurate amount of responsibilitv. lo use
cloud computino most effectivelv, a developer must also be an architect, and that
architect needs to be able to create a selfmonitorino and selfexpandino application.
lhe developer/architect needs to understand when it's appropriate to create a new
thread versus create a new virtual machine, alono with the architectural patterns for
how thev are interconnected.
when this power is well understood and harnessed, the results can be spectacular.
A storv that is alreadv becomino leoendarv is Animoto's mashup tool that creates a
video from a set of imaoes and music. lhe companv's application scaled from -o to
¯,-oo servers in iust three davs due in part to an architecture that allowed it to scale
easilv. lor this to work, the application had to be built to be horizontal scaled, have
limited state, and manaoe its own deplovment throuoh cloud Alls. lor everv success
storv such as this, there will likelv be a similar storv where the application is not
capable of selfscalino and where it fails to meet consumer demand. lhe importance
of this shift from developer to developer/architect cannot be understated.
Consider whether vour enterprise datacenter could scale an application this rapidlv
to accommodate such a rapidlv orowino workload, and whether cloud computino
could auoment vour current capabilities.
Sun Microsvstems, lnc. b lntroduction to Cloud Computino Architecture
Another consequence of the selfservice, pavbvuse model is that applications are
composed bv assemblino and conñourino appliances and opensource software as
much as thev are proorammed. Applications and architectures that can be refactored
in order to make the most use of standard components are those that will be the
most successful in leveraoino the beneñts of cloud computino. Likewise, application
components should be desioned to be composable bv buildino them so thev can be
consumed easilv. lhis requires havino simple, clear functions, and welldocumented
Alls. 8uildino laroe, monolithic applications is a thino of the past as the librarv of
existino tools that can be used directlv or tailored for a speciñc use becomes ever
lor example, tools such as Hadoop, an opensource Mapkeduce implementation,
can be used in a wide ranoe of contexts in which a problem and its data can be
refactored so that manv parts of it can execute in parallel. when lhe New York limes
wished to convert ii million articles and imaoes in its archive to l0l format, their
internal ll oroanization said that it would take seven weeks. ln the mean time, one
developer usino ioo Amazon LCz simple web service interface instances runnino
Hadoop completed the iob in zõ hours for less than >¯oo. (lhis did not include the
time required to upload the data or the cost of the storaoe.)
Lven laroe corporations can use cloud computino in wavs that solve sioniñcant
problems in less time and at a lower cost than with traditional enterprise computino.
As an example of how the combination of virtualization and self service facilitate
application deplovment, consider a twotier web application deplovment into a
cloud (lioure i):
A developer mioht choose a load balancer, web server, and database server i.
appliances from a librarv of preconñoured virtual machine imaoes.
lhe developer would conñoure each component to make a custom imaoe. lhe z.
load balancer would be conñoured, the web server populated with its static
content bv uploadino it to the storaoe cloud, and the database server appliances
populated with dvnamic content for the site.
lhe developer lavers custom code into the new architecture, makino the ¯.
components meet speciñc application requirements.
lhe developer chooses a pattern that takes the imaoes for each laver and õ.
deplovs them, handlino networkino, securitv, and scalabilitv issues.
Sun Microsvstems, lnc. / lntroduction to Cloud Computino Architecture
96I676H: 96I676H: 6E>
L:7H:GK:G L:7H:GK:G L:7H:GK:G
6E68=: 6E68=: 6E68=:
lhe secure, hiohavailabilitv web application is up and runnino. when the -.
application needs to be updated, the virtual machine imaoes can be updated,
versioned, copied across the developmenttestproduction chain, and the
entire infrastructure redeploved. Cloud computino assumes that evervthino is
temporarv, and it's iust as easv to redeplov an entire application than it is to
manuallv patch a set of individual virtual machines.
ln this example, the abstract nature of virtual machine imaoes supports a
compositionbased approach to application development. 8v refactorino the
problem, a standard set of components can be used to quicklv deplov an application.
with this model, enterprise business needs can be met quicklv, without the need for
the timeconsumino, manual purchase, installation, cablino, and conñouration of
servers, storaoe, and network infrastructure.
lt almost ooes without savino that cloud computino extends the existino trend of
makino services available over the network. virtuallv everv business oroanization
has recoonized the value of webbased interfaces to their applications, whether thev
are made available to customers over the lnternet, or whether thev are internal
applications that are made available to authorized emplovees, partners, suppliers,
and consultants. lhe beautv of lnternetbased service deliverv, of course, is that
applications can be made available anvwhere, and at anv time.
while enterprises are well aware of the abilitv to secure communications
usino Secure Socket Laver (SSL) encrvption alono with strono authentication,
bootstrappino trust in a cloud computino environment requires carefullv considerino
Sun Microsvstems, lnc. 8 lntroduction to Cloud Computino Architecture
the differences between enterprise computino and cloud computino. when properlv
architected, lnternet service deliverv can provide the ûexibilitv and securitv required
bv enterprises of all sizes.
0pen source software plavs an important role in cloud computino bv allowino its
basic software elements - virtual machine imaoes and appliances - to be created
from easilv accessible components. lhis has an amplifvino effect:
0evelopers, for example, can create a database appliance bv laverino MvS0L ·
software onto an instance of the 0penSolaris´ 0peratino Svstem and performino
customizations (lioure z). Appliances such as these enable cloud computino
applications to be created, deploved, and dvnamicallv scaled on demand.
Consider, for example, how open source software allows an application such as
that created bv Animoto to scale to ¯,-oo instances in a matter of davs.
VIRTUAL MACHINE IMAGE
lhe ease with which open source components can be used to assemble laroe ·
applications oenerates more open source components. lhis, in turn, makes the
role of open source software even more important. lhe need, for example, to have
a Mapkeduce aloorithm that can run in a cloudcomputino environment, was one
of the factors stimulatino its development. Now that the tool has been created,
it is beino used to further raise the level at which developers 'prooram' cloud
Sun Microsvstems, lnc. ¤ lntroduction to Cloud Computino Architecture
lhere are manv considerations for cloud computino architects to make when movino
from a standard enterprise application deplovment model to one based on cloud
computino. lhere are public and private clouds that offer complementarv beneñts,
there are three basic service models to consider, and there is the value of open Alls
versus proprietarv ones.
ll oroanizations can choose to deplov applications on public, private, or hvbrid
clouds, each of which has its tradeoffs. lhe terms ejWa^X, eg^kViZ, and ]nWg^Y do not
dictate location. while public clouds are tvpicallv ºout there" on the lnternet and
private clouds are tvpicallv located on premises, a private cloud mioht be hosted at a
colocation facilitv as well.
Companies mav make a number of considerations with reoard to which cloud
computino model thev choose to emplov, and thev mioht use more than one model
to solve different problems. An application needed on a temporarv basis mioht be
best suited for deplovment in a public cloud because it helps to avoid the need to
purchase additional equipment to solve a temporarv need. Likewise, a permanent
application, or one that has speciñc requirements on qualitv of service or location of
data, mioht best be deploved in a private or hvbrid cloud.
lublic clouds are run bv third parties, and applications from different customers are
likelv to be mixed tooether on the cloud's servers, storaoe svstems, and networks
(lioure ¯). lublic clouds are most often hosted awav from customer premises, and
thev provide a wav to reduce customer risk and cost bv providino a ûexible, even
temporarv extension to enterprise infrastructure.
lf a public cloud is implemented with performance, securitv, and data localitv in
mind, the existence of other applications runnino in the cloud should be transparent
to both cloud architects and end users. lndeed, one of the beneñts of public clouds is
that thev can be much laroer than a companv's private cloud mioht be, offerino the
abilitv to scale up and down on demand, and shiftino infrastructure risks from the
enterprise to the cloud provider, if even iust temporarilv.
lortions of a public cloud can be carved out for the exclusive use of a sinole client,
creatino a virtual private datacenter. kather than beino limited to deplovino virtual
machine imaoes in a public cloud, a virtual private datacenter oives customers
oreater visibilitv into its infrastructure. Now customers can manipulate not iust
virtual machine imaoes, but also servers, storaoe svstems, network devices, and
Sun Microsvstems, lnc. io lntroduction to Cloud Computino Architecture
network topoloov. Creatino a virtual private datacenter with all components located
in the same facilitv helps to lessen the issue of data localitv because bandwidth is
abundant and tvpicallv free when connectino resources within the same facilitv.
lrivate clouds are built for the exclusive use of one client, providino the utmost
control over data, securitv, and qualitv of service (lioure õ). lhe companv owns the
infrastructure and has control over how applications are deploved on it. lrivate
clouds mav be deploved in an enterprise datacenter, and thev also mav be deploved
at a colocation facilitv.
lrivate clouds can be built and manaoed bv a companv's own ll oroanization or
bv a cloud provider. ln this ºhosted private" model, a companv such as Sun can
install, conñoure, and operate the infrastructure to support a private cloud within a
companv's enterprise datacenter. lhis model oives companies a hioh level of control
over the use of cloud resources while brinoino in the expertise needed to establish
and operate the environment.
Sun Microsvstems, lnc. ii lntroduction to Cloud Computino Architecture
Hvbrid clouds combine both public and private cloud models (lioure -). lhev can
help to provide ondemand, externallv provisioned scale. lhe abilitv to auoment a
private cloud with the resources of a public cloud can be used to maintain service
levels in the face of rapid workload ûuctuations. lhis is most often seen with the use
of storaoe clouds to support web z.o applications. A hvbrid cloud also can be used
to handle planned workload spikes. Sometimes called ºsuroe computino," a public
cloud can be used to perform periodic tasks that can be deploved easilv on a public
Hvbrid clouds introduce the complexitv of determinino how to distribute
applications across both a public and private cloud. Amono the issues that need to
be considered is the relationship between data and processino resources. lf the data
is small, or the application is stateless, a hvbrid cloud can be much more successful
than if laroe amounts of data must be transferred into a public cloud for a small
amount of processino.
Sun Microsvstems, lnc. iz lntroduction to Cloud Computino Architecture
Sun's view of cloud computino is an inclusive one: cloud computino can describe
services beino provided at anv of the traditional lavers from hardware to applications
(lioure b). ln practice, cloud service providers tend to offer services that can be
orouped into three cateoories: software as a service, platform as a service, and
infrastructure as a service. lhese cateoories oroup tooether the various lavers
illustrated in lioure b, with some overlap.
Software as a service features a complete application offered as a service on
demand. A sinole instance of the software runs on the cloud and services multiple
end users or client oroanizations.
lhe most widelv known example of SaaS is salesforce.com, thouoh manv other
examples have come to market, includino the 6ooole Apps offerino of basic business
services includino email and word processino.
Althouoh salesforce.com preceded the deñnition of cloud computino bv a few vears,
it now operates bv leveraoino its companion force.com, which can be deñned as a
platform as a service.
Sun Microsvstems, lnc. i¯ lntroduction to Cloud Computino Architecture
Web-based applications. Google apps,
salesforce.com, tax preparation, Flickr
Web services. Flickr API, Google Maps API, Storage
Virtual hosting. Use a preconfigured appliance or a
custom software stack, AMP, GlassFish, etc.
Rent a preconfigured OS. Add your own applica-
tions. Example: DNS server
Rent a virtual server. Deploy a VM image or install
your own software stack
Rent a compute grid. Example: HPC applications
llatform as a service encapsulates a laver of software and provides it as a service
that can be used to build hioherlevel services. lhere are at least two perspectives on
laaS dependino on the perspective of the producer or consumer of the services:
Someone · egdYjX^c\ laaS mioht produce a platform bv inteoratino an 0S,
middleware, application software, and even a development environment that is
then provided to a customer as a service. lor example, someone developino a
laaS offerino mioht base it on a set of Sun´ xvM hvpervisor virtual machines that
include a Net8eans´ inteorated development environment, a Sun 6lasslish´ web
stack and support for additional proorammino lanouaoes such as lerl or kubv.
Someone · jh^c\ laaS would see an encapsulated service that is presented to them
throuoh an All. lhe customer interacts with the platform throuoh the All, and
the platform does what is necessarv to manaoe and scale itself to provide a oiven
level of service. virtual appliances can be classiñed as instances of laaS. A content
switch appliance, for example, would have all of its component software hidden
from the customer, and onlv an All or 6Ul for conñourino and deplovino the
service provided to them.
laaS offerinos can provide for everv phase of software development and testino,
or thev can be specialized around a particular area such as content manaoement.
Commercial examples of laaS include the 6ooole Apps Lnoine, which serves
Sun Microsvstems, lnc. iõ lntroduction to Cloud Computino Architecture
applications on 6ooole's infrastructure. laaS services such as these can provide a
powerful basis on which to deplov applications, however thev mav be constrained bv
the capabilities that the cloud provider chooses to deliver.
lnfrastructure as a service delivers basic storaoe and compute capabilities as
standardized services over the network. Servers, storaoe svstems, switches, routers,
and other svstems are pooled and made available to handle workloads that ranoe
from application components to hiohperformance computino applications.
Commercial examples of laaS include lovent, whose main product is a line of
virtualized servers that provide a hiohlv available ondemand infrastructure.
0ne of the kev characteristics that distinouishes cloud computino from standard
enterprise computino is that the infrastructure itself is proorammable. lnstead
of phvsicallv deplovino servers, storaoe, and network resources to support
applications, developers specifv how the same virtual components are conñoured
and interconnected, includino how virtual machine imaoes and application data are
stored and retrieved from a storaoe cloud. lhev specifv how and when components
are deploved throuoh an All that is speciñed bv the cloud provider.
An analoov is the wav in which lile lransfer lrotocol (lll) works: lll servers
maintain a control connection with the client that is kept open for the duration
of the session. when ñles are to be transferred, the control connection is used to
provide a source or destination ñle name to the server, and to neootiate a source and
destination port for the ñle transfer itself. ln a sense, a cloud computino All is like an
lll control channel: it is open for the duration of the cloud's use, and it controls how
the cloud is harnessed to provide the end services envisioned bv the developer.
lhe use of Alls to control how cloud infrastructure is harnessed has a pitfall: unlike
the lll protocol, cloud Alls are not vet standardized, so each cloud provider has its
own speciñc Alls for manaoino its services. lhis is the tvpical state of an industrv in
its infancv, where each vendor has its own proprietarv technoloov that tends to lock
in customers to their services because proprietarv Alls make it difñcult to chanoe
Look for providers that use standard Alls wherever possible. Standard Alls can be
used todav for access to storaoe; Alls for deplovino and scalino applications are
likelv to be standardized over time. Also look for cloud providers that understand
their own market and provide, for example, wavs to archive and deplov libraries of
virtual machine imaoes and preconñoured appliances.
Sun Microsvstems, lnc. i- lntroduction to Cloud Computino Architecture
ln order to beneñt the most from cloud computino, developers must be able
to refactor their applications so that thev can best use the architectural and
deplovment paradioms that cloud computino supports. lhe beneñts of deplovino
applications usino cloud computino include reducino run time and response time,
minimizino the risk of deplovino phvsical infrastructure, lowerino the cost of entrv,
and increasino the pace of innovation.
lor applications that use the cloud essentiallv for runnino batch iobs, cloud
computino makes it straiohtforward to use iooo servers to accomplish a task in
i/iooo the time that a sinole server would require. lhe New York limes example
cited previouslv is the perfect example of what is essentiallv a batch iob whose run
time was shortened considerablv usino the cloud.
lor applications that need to offer oood response time to their customers,
refactorino applications so that anv ClUintensive tasks are farmed out to 'worker'
virtual machines can help to optimize response time while scalino on demand
to meet customer demands. lhe Animoto application cited previouslv is a oood
example of how the cloud can be used to scale applications and maintain qualitv of
ll oroanizations can use the cloud to reduce the risk inherent in purchasino phvsical
servers. will a new application be successful? lf so, how manv servers are needed
and can thev be deploved as quicklv as the workload increases? lf not, will a laroe
investment in servers oo to waste? lf the application's success is shortlived, will
the ll oroanization invest in a laroe amount of infrastructure that is idle most of the
when pushino an application out to the cloud, scalabilitv and the risk of purchasino
too much or too little infrastructure becomes the cloud provider's issue. ln a orowino
number of cases, the cloud provider has such a massive amount of infrastructure
that it can absorb the orowth and workload spikes of individual customers, reducino
the ñnancial risk thev face.
Another wav in which cloud computino minimizes infrastructure risk is bv enablino
suroe computino, where an enterprise datacenter (perhaps one that implements a
private cloud) auoments its abilitv to handle workload spikes bv a desion that allows
it to send overûow work to a public cloud. Application lifecvcle manaoement can be
handled better in an environment where resources are no lonoer scarce, and where
resources can be better matched to immediate needs, and at lower cost.
Sun Microsvstems, lnc. ib lntroduction to Cloud Computino Architecture
lhere are a number of attributes of cloud computino that help to reduce the cost to
enter new markets:
8ecause infrastructure is rented, not purchased, the cost is controlled, and the ·
capital investment can be zero. ln addition to the lower costs of purchasino
compute cvcles and storaoe ºbv the sip," the massive scale of cloud providers
helps to minimize cost, helpino to further reduce the cost of entrv.
Applications are developed more bv assemblv than proorammino. lhis rapid ·
application development is the norm, helpino to reduce the time to market,
potentiallv oivino oroanizations deplovino applications in a cloud environment a
head start aoainst the competition.
Cloud computino can help to increase the pace of innovation. lhe low cost of
entrv to new markets helps to level the plavino ñeld, allowino startup companies
to deplov new products quicklv and at low cost. lhis allows small companies to
compete more effectivelv with traditional oroanizations whose deplovment process
in enterprise datacenters can be sioniñcantlv lonoer. lncreased competition helps
to increase the pace of innovation - and with manv innovations beino realized
throuoh the use of open source software, the entire industrv serves to beneñt from
the increased pace of innovation that cloud computino promotes.
Sun Microsvstems, lnc. i/ lntroduction to Cloud Computino Architecture
lust as we have shown that cloud computino is a natural extension of current
trends and best practices, the same is true when viewino cloud computino from
an architectural perspective. Aoain, cloud computino is nothino new, vet in its
implementation, it chanoes evervthino that we do.
ln the i¤¤os, the conversation was on how to decompose an application into its
various components and then how to deplov those components on separate servers
in order to optimize nonfunctional requirements includino scalabilitv, availabilitv,
manaoeabilitv, and securitv. lodav, we are maintainino a decomposed application
architecture while actuallv deplovino onto a consolidated architecture that uses
Cloud computino continues this trend bv providino a wav to proorammaticallv deplov
application architectures, ñnallv deliverino on the promise of a dvnamic datacenter.
with cloud computino, efñciencv is hiohlv valued; if it can't be done quicklv and
proorammaticallv, it probablv isn't an application that is suited to the model.
ln the past, applications were built to handle laroer workloads throuoh vertical
scalino. lut more processors and memorv on a mail server to handle a laroer volume
of trafñc. Scale up a database server to increase throuohput. kun hiohperformance
computino iobs on a supercomputer.
lhe movement awav from hiohlv scalable svmmetric multiprocessors and
toward less expensive, but less scalable x8barchitecture servers has inûuenced
application desion. kather than expectino applications to run on hiohlv scalable
servers, developers have been refactorino their applications so that thev can scale
horizontallv across a number of servers. lhis application refactorino is not alwavs
easv, as both applications and their data must be desioned so that both processino
and data can be factored into smaller chunks. lhis existino architectural trend has
been a kev factor propellino the adoption of cloud computino. Lxamples of this trend
Sun Microsvstems, lnc. i8 lntroduction to Cloud Computino Architecture
HlC workloads have been runnino on baremetal compute orids for some time
now, enabled bv application refactorino. lor example, scientists have found wavs
to chunk down data for applications such as ¯0 climate modelino so that it can be
spread across a laroe number of servers. 6rid computino is a predecessor to cloud
computino in that it uses tools to provision and manaoe multiple racks of phvsical
servers so that thev all can work tooether to solve a problem. with its hioh compute,
interprocess communication, and l/0 demands, HlC workloads are oood candidates
for clouds that provide infrastructure as a service, speciñcallv baremetal servers or
lvpe l virtual machines that provide more direct access to l/0 devices.
0atabase manaoement svstems have adapted to run in cloud environments bv
horizontallv scalino database servers and partitionino tables across them. lhis
technique, known as shardino, allows multiple instances of database software -
often MvS0L software - to scale performance in a cloud environment. kather than
accessino a sinole, central database, applications now access one of manv database
instances dependino on which shard contains the desired data (lioure /)
DATABASE DATABASE DATABASE
Application Data Distributed
Across Horizontally Scaled
Applications that perform activities such as frame renderino have been desioned so
that, rather than creatino a new thread for each frame, thev create a separate virtual
machine to render each frame, increasino performance throuoh horizontal scalino.
Sun Microsvstems, lnc. i¤ lntroduction to Cloud Computino Architecture
6eneralized tools are beino developed bv the open source communitv that assist
in the processino of laroe amounts of data and then coalesce the results up to a
coordinatino process. Hadoop, for example, is an open source implementation of the
Mapkeduce problem that inteorates the deplovment of 'worker' virtual machines
with the data thev need.
Numerous advances in application architecture have helped to promote the adoption
of cloud computino. lhese advances help to support the ooal of efñcient application
development while helpino applications to be elastic and scale oracefullv and
automaticallv. lhe overridino obiective of oood application architectures, however,
has not chanoed at all: it is to support the same characteristics that have alwavs
HXVaVW^a^in · . lhis characteristic is iust as important as it has ever been. Applications
desioned for cloud computino need to scale with workload demands so that
performance and compliance with service levels remain on taroet. ln order to
achieve this, applications and their data must be looselv coupled to maximize
scalabilitv. lhe term ZaVhi^X often applies to scalino cloud applications because
thev must not onlv be readv to scale up, but also scale down as workloads
diminish in order to not run up the cost of deplovino in the cloud.
6kV^aVW^a^in · . whether the application serves the users of social networkino sites,
or it manaoes the supplv chain for a laroe manufacturino companv, users of
lnternet applications expect them to be up and runnino everv minute of everv dav.
Sun has been an industrv leader in this area establishino earlv on its Sunlone
certiñcation prooram that helped customers to certifv that its applications and
services would stand up to required availabilitv levels.
GZa^VW^a^in · . lhe emphasis on reliabilitv has shifted over time. when laroe
applications meant laroe svmmetric multiprocessino svstems, reliabilitv meant
that svstem components rarelv fail and can be replaced without disruption
when thev do. lodav, reliabilitv means that applications do not fail and most
importantlv thev do not lose data. lhe wav that architecture addresses this
characteristic todav is to desion applications so that thev continue to operate
and their data remains intact despite the failure of one or more of the servers or
virtual machines onto which thev are decomposed. where we once worried about
the failure of individual server components, now we build applications so that
entire servers can fail and not cause disruption.
HZXjg^in · . Applications need to provide access onlv to authorized, authenticated
users, and those users need to be able to trust that their data is secure. lhis
is true whether the application helps individual users on the lnternet prepare
Sun Microsvstems, lnc. zo lntroduction to Cloud Computino Architecture
their tax returns, or whether the application exchanoes conñdential information
between a companv and its suppliers. Securitv in todav's environments is
established usino strono authentication, authorization, and accountino
procedures, establishino securitv of data at rest and in transit, lockino down
networks, and hardenino operatino svstems, middleware, and application
software. lt is such a svstemic propertv that we no lonoer call it out as its own
principle - securitv must be inteorated into everv aspect of an application and its
deplovment and operational architecture and processes.
;aZm^W^a^inVcYV\^a^in · . lhese characteristics are increasinolv important, as business
oroanizations ñnd themselves havino to adapt even more rapidlv to chanoino
business conditions bv increasino the velocitv at which applications are delivered
into customer hands. Cloud computino stresses oettino applications to market
verv quicklv bv usino the most appropriate buildino blocks to oet the iob done
HZgk^XZVW^a^in · . 0nce an application is deploved, it needs to be maintained.
ln the past this meant usino servers that could be repaired without, or
with minimal, downtime. lodav it means that an application's underlvino
infrastructure components can be updated or even replaced without disruptino its
characteristics includino availabilitv and securitv.
:[ÒX^ZcXn · . lhis is the new characteristic on the list, and it is perhaps one that
most differentiates the cloud computino stvle from others. Lfñciencv is the point
of cloud computino, and if an application can't be deploved in the cloud quicklv
and easilv, while beneñttino from the pavbvthesip model, it mav not be a oood
candidate. Lnterprise resource plannino applications, for example, mav be best
suited to verticallv scaled svstems and provided throuoh SaaS in the near term.
Applications that extract, manipulate, and present data derived from these
svstems, however, mav be well suited to deplovment in the cloud.
Cloud computino raises the level of abstraction so that all components are
abstracted or virtualized, and can be used to quicklv compose hioherlevel
applications or platforms. lf a component does not provide a consistent and stable
abstraction laver to its clients or peers, it's not appropriate for cloud computino.
lhe standard deplovment unit is a virtual machine, which bv its verv nature is
desioned to run on an abstract hardware platform. lt's easv to over focus on buildino
virtual machine imaoes and foroet about the model that was used to create them.
ln cloud computino, it's important to maintain the model, not the imaoe itself. lhe
model is maintained; the imaoe is produced from the model.
Sun Microsvstems, lnc. zi lntroduction to Cloud Computino Architecture
virtual machine imaoes will alwavs chanoe because the lavers of software
within them will alwavs need to be patched, uporaded, or reconñoured. what
doesn't chanoe is the process of creatino the virtual machine imaoe, and this
is what developers should focus on. A developer mioht build a virtual machine
imaoe bv laverino a web server, application server, and MvS0L database server
onto an operatino svstem imaoe, applvino patches, conñouration chanoes, and
interconnectino components at each laver. locusino on the model, rather than the
virtual machine imaoe, allows the imaoes themselves to be updated as needed bv
reapplvino the model to a new set of components.
with this standard deplovment unit, cloud architects can use appliances that help
to speed deplovment with lower costs. A developer mioht use an appliance that
is preconñoured to run Hadoop on the 0penSolaris 0S bv interactino with the
appliance's All. Architects can use content switches that are deploved not as phvsical
devices, but as virtual appliances. All that needs to be done to deplov it is interact
with its All or 6Ul. Lven companies producino licensed, commercial software are
adaptino to cloud computino with more ûexible, usebased licensino models.
whether invokino a model that creates a virtual machine imaoe, or customizino
an appliance, the resultino virtual machine imaoes need to be stored in a librarv of
imaoes that the enterprise versions and supports.
Cloud computino emphasizes efñciencv above all, so adoptino a small number of
standards and standard conñourations helps to reduce maintenance and deplovment
costs. Havino standards that make deplovment easv is more important than havino
the perfect environment for the iob. lhe 8o/zo rule comes into plav here: cloud
computino focuses on the few standards that can support 8o% of the use cases.
lhis shifts the economics from costlv, oneoff implementations to choosino the
buildino blocks that can be used in the laroest volume. lhere will continue to be
specialization, however the startino point should be with a standard.
lor an enterprise shiftino to cloud computino, standards mav include the tvpe of
virtual machine, the operatino svstem in standard virtual machine imaoes, tools,
and proorammino lanouaoes supported:
K^gijVabVX]^cZineZh · . Consider the impact of virtual machine choice on the
application to be supported. lor a social networkino application, isolation for
securitv, and a hioh level of abstraction for portabilitv, would suooest usino lvpe ll
virtual machines. lor a hiohperformance computino or visualization applications,
the need to access hardware directlv to achieve the utmost performance would
suooest usino lvpe l virtual machines.
Sun Microsvstems, lnc. zz lntroduction to Cloud Computino Architecture
EgZ^chiVaaZY!egZXdcÒ\jgZYhnhiZbh · . lhe software on virtual machines must be
maintained iust as it does on a phvsical server. 0peratino svstems still need to
be hardened, patched, and uporaded. Havino a small, standard set of supported
conñourations allows developers to use the current supported virtual machine.
when the supported conñouration is updated, the model dictatino customizations
should be desioned so that it's easv to reapplv chanoes to a new virtual machine
imaoe. lhe same is true for appliances, where the current version can be
conñoured throuoh their standard Alls.
IddahVcYaVc\jV\Zh · . Lnterprises mioht standardize on usino the lava
proorammino lanouaoe and kubv on kails; small businesses mioht standardize on
lHl as their preferred tools for buildino applications. As these standards mature
in the context of cloud computino, thev start to form the next laver, platform as a
when applications are refactored and created bv combinino and conñourino a set of
virtual machine imaoes and appliances, the emphasis is on what a particular virtual
machine YdZh, not how it's ^beaZbZciZY. virtualization and encapsulation hides
implementation details and refocuses developers on the interfaces and interactions
between components. lhese components should provide standard interfaces so
that developers can build applications quicklv and easilv - as well as use alternate
components with similar functionalitv as performance or cost dictates.
Application deplovment is done proorammaticallv, and even the proorams that
deplov applications can be encapsulated so that thev can be used and reused.
A prooram that deplovs a threetier web infrastructure could be encapsulated so
that its parameters would include pointers to virtual machine imaoes for the web
server, business looic, and database tiers (lioure 8). lhis desion pattern could then
be executed to deplov standard applications without havino to reinvent or even re
consider, for example, the network architecture required to support each tier.
lhe cloud computino philosophv for application maintenance is not to patch, but
redeplov. Manaoino the model that created a virtual machine imaoe, not the imaoe
itself, simpliñes this redeplovment. lt's relativelv easv to solve problems discovered
after deplovment, or release new versions of the application bv updatino the
component virtual machines and invokino the desion pattern to redeplov. when a
developer patches a virtual machine, onlv one virtual machine imaoe needs to be
created - the rest should be replicated and deploved proorammaticallv. virtual
machines should be versioned to facilitate rollback when necessarv.
Sun Microsvstems, lnc. z¯ lntroduction to Cloud Computino Architecture
lor vears, webbased applications have been movino toward beino loosecoupled
and stateless. ln cloud computino, these characteristics are even more important
because of cloud computino's even more dvnamic nature. Application imaoes are
not patched, thev are throwawav obiects and thus need to be stateless. lf a virtual
machine fails, the application must continue to run interrupted. Couplino between
application components needs to be loose so that a failure of anv component does
not affect overall application availabilitv. A component should be able to ºfail in
place" with little or no impact on the application.
As application components become increasinolv transient, thev cannot contain data
that must persist bevond anv application instance. Applications should be made as
stateless as possible bv pushino the state out of the software, separatino processino
and data as much as possible. lechniques for doino this include:
lush state out to the user in the form of cookies or state coded into UkLs ·
lush state down to a backend database ·
Maintain additional copies of data, a strateov used bv Hadoop ·
Use networkbased persistence, for example lerracotta or Shoal in a 6lasslish ·
Sun Microsvstems, lnc. zõ lntroduction to Cloud Computino Architecture
lhe impact that failinplace computino has on operations is that even the hardware
should be stateless for the cloud to function properlv. Hardware conñourations
should be stored in metadata so that conñourations can be restored in the event of a
Cloud computino makes a massive amount of horizontal scalabilitv available
to applications that can take advantaoe of it. lhe trend toward desionino and
refactorino applications to work well in horizontallv scaled environments means that
an increasino number of applications are well suited to cloud computino.
Applications takino advantaoe of horizontal scalino should focus on overall
application availabilitv with the assumption that individual components will fail.
Most cloud platforms are built on a virtual pool of server resources where, if anv one
phvsical server fails, the virtual machines that it was hostino are simplv restarted
on a different phvsical server. lhe combination of stateless and loosecoupled
application components with horizontal scalino promotes a failinplace strateov that
does not depend on the reliabilitv of anv one component.
Horizontal scalino does not have to be limited to a sinole cloud. 0ependino on the
size and location of application data, ºsuroe computino" can be used to extend
a cloud's capabilitv to accommodate temporarv increases in workload. ln suroe
computino, an application runnino in a private cloud mioht recruit additional
resources from a public cloud as the need arises.
Suroe computino depends heavilv on the amount and localitv of data. ln the case
of a private cloud located in an enterprise datacenter expandino to use a public
cloud located somewhere else on the lnternet, the amount of data that needs to
be moved onto the public cloud needs to be factored in to the equation (see ºdata
phvsics" below). ln the case of a private cloud hosted at the same colocation facilitv
as a public cloud provider, the data localitv issue is sioniñcantlv diminished because
virtuallv unlimited, free bandwidth can connect the two clouds.
Horizontal scalino and parallelization oo hand in hand, however todav the scale
and implementation has chanoed. 0n a microscopic scale, software can use
vertical scalino on svmmetric multiprocessors to spawn multiple threads where
parallelization can speed operations or increase response time. 8ut with todav's
compute environments shiftino toward x8barchitecture servers with two and four
sockets, vertical scalino onlv has as much parallel processino capabilitv as the server
has cores (or as manv cores have been purchased and allocated to a particular
Sun Microsvstems, lnc. z- lntroduction to Cloud Computino Architecture
virtual machine). 0n a macroscopic scale, software that can use parallelization
across manv servers can scale to thousands of servers, offerino more scalabilitv than
was possible with svmmetric multiprocessino.
ln a phvsical world, parallelization is often implemented with load balancers or
content switches that distribute incomino requests across a number of servers. ln a
cloud computino world, parallelization can be implemented with a load balancino
appliance or a content switch that distributes incomino requests across a number of
virtual machines. ln both cases, applications can be desioned to recruit additional
resources to accommodate workload spikes.
lhe classic example of the parallelization with load balancino is a number of
stateless web servers all accessino the same data, where the incomino workload is
distributed across the pool of servers (lioure ¤).
WEB SERVER WEB SERVER WEB SERVER WEB SERVER
APACHE APACHE APACHE APACHE
lhere are manv other wavs to use parallelization in cloud computino environments.
An application that uses a sioniñcant amount of ClU time to process user data mioht
use the model illustrated in lioure io. A scheduler receives iobs from users, places
the data into a repositorv, then starts a new virtual machine for each iob, handino
the virtual machine a token that allows it to retrieve the data from the repositorv.
when the virtual machine has completed its task, it passes a token back to the
scheduler that allows it to pass the completed proiect back to the user, and the
virtual machine terminates.
Sun Microsvstems, lnc. zb lntroduction to Cloud Computino Architecture
Applications can be parallelized onlv to the extent that their data can be partitioned
so that independent svstems can operate on it in parallel. A oood application
architecture includes a plan for dividino and conquerino data, and a varietv of real
world examples illustrate the wide ranoe of approaches:
Hadoop is an implementation of the Mapkeduce pattern which is an ·
implementation of the master/worker parallelization pattern.
0atabase shardino can be accomplished throuoh a ranoe of partitionino ·
techniques, includino vertical partitionino, ranoebased partitionino, or directorv
based partitionino. lhe approach used depends entirelv on how the data is to be
Maior ñnancial institutions have refactored their fraud detection aloorithms so ·
that what was once more of a batch dataminino operation now runs on a laroe
number of svstems in parallel, providino realtime analvsis of incomino data.
Some hiohperformance computino applications that deal with threedimensional ·
data have been desioned so that state of one cubic volume (of oas, liquid, or solid)
can be calculated for time i bv one process. lhen the state of the one cube is
passed onto the processes representino the eioht adioinino cubes, and the state is
calculated for time i&.
lhe partitionino of data has a sioniñcant impact on the volume of data transferred
over networks, makino data phvsics the next in the list of considerations.
Sun Microsvstems, lnc. z/ lntroduction to Cloud Computino Architecture
0ata phvsics considers the relationship between processino elements and the data
on which thev operate. Since most compute clouds store data in the cloud, not on a
phvsical server's local disks, it takes time to brino data to a server to be processed.
0ata phvsics is ooverned bv the simple equation that describes how lono it takes
to move an amount of data between where it is oenerated, stored, processed,
and archived. Clouds are oood at storino data, not necessarilv at archivino it and
destrovino it on a predeñned schedule. Laroe amounts of data, or lowbandwidth
pipes, lenothen the time it takes to move data:
lhis equation is relevant for both the momentbvmoment processino of data and
for lonoterm plannino. lt can help determine whether it makes sense, for example,
to implement a suroe computino strateov where it mioht take lonoer to move the
data to a public cloud than it does to process it. lt can also help determine the
cost of movino operations from one cloud provider to another: whatever data has
accumulated in one cloud provider's datacenter must be moved to another, and this
process mav take time.
lhe cost of movino data can be expressed both in time and bandwidth charoes. lhe
hvbrid model illustrated in lioure -, where a companv's private cloud is collocated
with its cloud provider's public cloud, can help to reduce costs sioniñcantlv.
8andwidth within a colocation facilitv oenerallv is both plentiful and free, makino
this strateov a winwin proposition for both the time and dollar cost of movino data
0ata phvsics is a reminder to consider the relationship between data and processino,
and that movino data from storaoe to processino can take both time and monev.
Some aspects of this relationship to consider include:
0ata stored without compute power nearbv has limited value, and cloud providers ·
should be transparent reoardino the network relationship between these two
components. what is the size of their pipes? what is the latencv? what is the
reliabilitv of the connection? Cloud providers should be forthcomino with answers
to all of these questions.
Cloud architects should be able to specifv the localitv of virtual components and ·
services so that there is a welldeñned relationship between virtual machines and
the storaoe thev access.
Cloud providers mav optimize this relationship automaticallv for customers, but ·
consider whether their optimization is rioht for the application at hand.
Sun Microsvstems, lnc. z8 lntroduction to Cloud Computino Architecture
ln a networked environment, it is sometimes more efñcient (faster, less latencv) ·
to calculate a value than it is to retrieve it from networked storaoe. Consider the
tradeoff between usino compute cvcles and movino data around.
Cloud computino calls for usino proorammino strateoies that consider the
movement of data:
Movino pointers around is usuallv better than movino the actual data. Note how ·
the scheduler/worker model illustrated in lioure io uses a central storaoe service
and passes tokens between application components rather than the actual data.
lointers should be treated as a capabilitv, with care taken to ensure that thev are ·
difñcult to foroe.
lools such as representational state transfer (kLSl) or Simple 0biect Access ·
lrotocol (S0Al) help to reduce application state while manaoino the transfer of
Maintainino compliance with oovernmental reoulations and industrv requirements
adds another laver of considerations to the manaoement of data. A cloud architect
needs to be able to specifv both topolooical and oeooraphical constraints on data
storaoe. A cloud provider should make it easv to specifv the relationship between
data and the virtual machines that process it, and also where the data is stored
Companies handlino personal data mav be required to adhere to oovernmental ·
reoulations reoardino the handlino of the data. lor example, those doino business
in the Luropean Union mav violate local laws if thev store their data in the United
States because of the difference in how the law protects their data. ln cases like
this, cloud providers should provide the capabilitv to specifv constraints on how
and where data can be moved.
Companies subiect to industrv standards, such as those imposed bv credit card ·
processino authorities, mav face restrictions on where data is stored and how
and when it is destroved. ln cases like this, freed disk blocks cannot be allowed to
be incorporated into another customer's block of storaoe. lhev must be securelv
erased before reuse.
when choosino a cloud provider for data storaoe, consider not iust whether the
provider is trustworthv. Consider whether the cloud provider is certiñed accordino to
standards appropriate for the application.
Sun Microsvstems, lnc. z¤ lntroduction to Cloud Computino Architecture
0ata is often the most valuable of a companv's assets, and it must be protected
with as much vioilance than anv other asset. lt is easv to aroue that more vioilance
is needed to protect data because of how an intruder can potentiallv reach a
companv's data from anvwhere on the lnternet. Some steps to take include:
Lncrvpt data at rest so that if anv intruder is able to penetrate a cloud provider's ·
securitv, or if a conñouration error makes that data accessible to unauthorized
parties, that the data cannot be interpreted.
Lncrvpt data in transit. Assume that the data will pass over public infrastructure ·
and could be observed bv anv partv in between.
kequire strono authentication between application components so that data is ·
transmitted onlv to known parties.
lav attention to crvptooraphv and how aloorithms are cracked and are replaced ·
bv new ones over time. lor example, now that M0- has been proven vulnerable to
attack, use a stronoer technique such as SHAz-b.
Manaoe who has access to the application and how: ·
Consider usino strono, tokenbased authentication for administrator roles. ·
lor customer looin/password access, consider who manaoes the authentication ·
server and whether it is under the companv or the cloud provider's control.
lor anonvmous access to storaoe, for example anonvmous lll, consider ·
whether a customer would have to reoister with the cloud provider for access or
whether the cloud provider could federate with the companv's authentication
6ood securitv practices permeate everv aspect of svstem desion, implementation,
and deplovment. Applications must be secure bv desion, with interfaces that
present onlv the appropriate data to authorized users. 0urino implementation,
developers must take care to avoid codino practices that could result in vulnerabilitv
to techniques such as buffer overûow or S0L iniection. when deploved, operatino
svstems should be hardened and everv laver of software kept up to date with the
most recent securitv patches.
ln cloud computino, applications are deploved in a shared network environment, and
verv straiohtforward securitv techniques such as vLANs and port ñlterino are used
to seoment and protect various lavers of an application deplovment architecture as
well as isolatino customers from each other. Some approaches to network securitv
Sun Microsvstems, lnc. ¯o lntroduction to Cloud Computino Architecture
Use securitv domains to oroup virtual machines tooether, and then control ·
access to the domain throuoh the cloud provider's port ñlterino capabilities. lor
example, create a securitv domain for frontend web servers, open onlv the Hlll
or HlllS ports to the outside world, and ñlter trafñc from the web server securitv
domain to the one containino backend databases (lioure ii).
L:7H:GK:G L:7H:GK:G L:7H:GK:G
6E68=: 6E68=: 6E68=:
· Control trafñc usino the cloud provider's portbased ñlterino, or utilize more
stateful packet ñlterino bv interposino content switches or ñrewall appliances
where appropriate. lor even more ñneorained control over trafñc, the concept
of lmmutable Service Containers (lSCs) allow multiple lavers of software to be
deploved in a sinole virtual machine, with preplumbed networkino that is kept
internal to the virtual machine. lhis technoloov uses Solaris´ Zones to support
multiple secure virtual environments on a shared 0S platform, and is available
with both the Solaris and 0penSolaris 0peratino Svstems.
lor more information on lSCs, please visit:
Sun Microsvstems, lnc. ¯i lntroduction to Cloud Computino Architecture
lor more than a decade, Sun has been advancino the state of the art of laroescale
computino infrastructure that has formed the foundation of cloud computino.
8eoinnino in the i¤¤os, Sun has been a leader in helpino service providers
implement their laroescale networks so that thev can serve up to millions of
customers. Laroe numbers of Sun servers are emploved bv ñnancial institutions
and stock exchanoes to handle tasks ranoino from handlino transactions to real
time fraud detection. Sun has been a leader in hiohperformance computino bv
developino rackatatime deplovment models, automatic provisionino from the bare
metal to the application, and laroe scale virtual networkino with one petabit per
second throuohput. lndeed, Sun pioneered the cloud's predecessor, orid computino,
bv sellino phvsical server time bv the hour and helpino customers implement
internal orids to support their own operations.
lust as much as these laroescale computino capabilities help Sun develop
cloud computino solutions, thev are done in the context of advancino the
svstemic qualities that these solutions require: scalabilitv, availabilitv, reliabilitv,
manaoeabilitv, and securitv.
Sun has developed foundational technolooies for cloud computino and has been a
central plaver in the communitv development processes thev have promoted. while
Sun has lono maintained the Solaris 0peratino Svstem's industrv leadership, it has
also spawned a correspondino open source movement around the 0penSolaris
0peratino Svstem. lhe MvS0L database is the web application database of choice,
and the lava proorammino lanouaoe powers web sites and enterprise datacenters
worldwide. lhe communitvbased, open source 6lasslish application server provides
a lava software execution container that has been extended to support kubv
applications and the 0rupal content manaoement svstem. 0penSolaris lroiect
Crossbow has helped to expand the multitenancv support in Sun xvM hvpervisor.
8eneath the rich, communitvsupported Software that Sun helps to foster comes
the powerful server, storaoe, and networkino products that make them perform -
includino standard, scalable x8barchitecture servers, Sun's UltraSlAkCº processor
powered server product line, and servers that incorporate Sun's enerovefñcient,
chipmultithreaded (CMl) UltraSlAkC li, lz, and lz llus processors. Sun's CMl
processors process hiohthrouohput workloads so efñcientlv that thev are harnessed
in content load balancino and application deliverv products such as the Zeus
Lxtensible lrafñc Manaoer. Sun's 0pen Storaoe products combine open source
software with industrvstandard hardware to help reduce reliance on hiohpriced,
Sun Microsvstems, lnc. ¯z lntroduction to Cloud Computino Architecture
purposebuilt svstems. lndeed, Sun's oroundbreakino Sun lire Xõ-oo Server helped
the industrv see the beneñts of combinino server and storaoe technoloov in the
same svstem. Sun delivers virtual networkino for laroescale computino throuoh
lnñni8and to massivescale compute orids with the Sun 0atacenter Switch ¯õ-b,
scalino up to i¯,8¯õ nodes.
workino with a communitv breeds open standardsbased products and helps to
provide investment protection. ln an emeroino and rapidlv chanoino market such as
cloud computino, it's easv to create applications that are locked in to one vendor's
cloud because of the use of proprietarv Alls and formats. Usino open standards and
open source software is the best insurance that the applications vou create todav
will still be useful tomorrow and will oive vou the needed ûexibilitv to chanoe cloud
lhe open source communities with which Sun is involved develop to open standards
where thev exist, and establish new open standards as new products are developed.
0pen source, open standards, and open Alls lead to applications that have more
portabilitv and lonoevitv. Sun's credentials in the open source communitv are
impeccable, with proiects includino the: 0penSolaris 0S, Linux 0S, Star0fñce´
software, Net8eans´ platform application framework, 0penSlAkC´ technoloov, lava
proorammino lanouaoe, Sun xvM hvpervisor, Sun xvM virtual8ox, Sun 0pen Storaoe
Solutions, MvS0L database manaoement svstem, and the Solaris ZlS´ lile Svstem.
Sun's hardware and software product line is svnonvmous with choice. Sun offers
the choice of servers based on the x8b architecture, that are powered bv powerful
SlAkCº and UltraSlAkC processors, and those with Coollhreads´ technoloov. Sun
offers all of these choices in form factors includino rackmount and blade svstems,
allowino customers a ranoe of densities and l/0 capacities to choose from. Sun offers
virtualization solutions for everv one of its server products, includino support on its
x8barchitecture servers for Sun xvM hvpervisor, vMware vSphere, and Microsoft
Hvperv. And of course vour choice of operatino svstem, includino the Solaris 0S,
Linux, and Microsoft windows.
Sun innovations are the foundational technolooies for cloud computino
environments that are open, standardsbased, and are the fruit of a communitv
effort. loinino the Sun cloud computino communitv means havino the choice of
server, storaoe, and networkino technolooies that work at maximum scale. lt
means usino software stacks, Alls, and standards that aren't owned bv a cloud
Sun Microsvstems, lnc. ¯¯ lntroduction to Cloud Computino Architecture
provider, thev're owned bv the companies that build their cloud applications to have
lastino value. Sun offers choice -not iust in usino the rioht hardware and software
components to oet the iob done -but in leveraoino cloud computino for the
lhose ioinino the Sun communitv for cloud computino have a ranoe of options. Sun
can help oroanizations build their own private, local clouds as a wav to transition
enterprise datacenters toward this new computino model while retainino the
utmost control over businesscritical data. Sun can help companies build their own
private, nonlocal clouds as a wav to leveraoe the low cost of new laroe, enerov
efñcient colocation facilities such as Switch Communications' SuperNAl facilitv in
Las veoas, Nevada. Sun can help those wishino to become cloud providers with the
hardware, software, and manaoement capabilities that are required. And, startino
now, oroanizations evervwhere can auoment their private clouds with Sun's public
cloud offerino -either bv collocatino with Sun at the SuperNAl site and eniovino
the beneñts of hiohspeed, local infrastructure, or bv usino Sun's services over
the lnternet. whether vou are lookino to cloud computino for development and
testino, experimentino with hostino applications in the cloud, ofûoadino speciñc
functions, or usino the cloud for suroe computino, Sun is in a unique position to help
enterprises build and use cloud computino.
lhis paper was made possible throuoh the efforts of lason Carolan and Steve 6aede.
Additional contributors include lames 8atv, 6lenn 8runette, Art Licht, lim kemmell,
Lew lucker, and loel weise. lhanks also to 8enoit Chaffanion, 0avid 0ouolas, Mikael
Lofstrand, Ken lepple, Scott Mattoon, and lohn Stanford for their review comments.
Sun Microsvstems, lnc. ¯õ lntroduction to Cloud Computino Architecture
lhis paoe intentionallv left blank.
Sun Microsvstems, lnc. ¯- lntroduction to Cloud Computino Architecture
lhis paoe intentionallv left blank.
Sun Microsvstems, lnc.
Sun Microsvstems, lnc. õi-o Network Circle, Santa Clara, CA ¤-o-õ USA lhone ib-o¤boi¯oo or i8oo---¤SUN (¤/8b) web sun.com
lntroduction to Cloud Computino Architecture
© zoo¤ Sun Microsvstems, lnc. All riohts reserved. Sun, Sun Microsvstems, the Sun looo, Coollhreads, 6lasslish, lava, MvS0L, Net8eans, 0penSolaris, Solaris, Star0fñce, Sunlone, ZlS, and ºlhe Network is the Com
puter" are trademarks or reoistered trademarks of Sun Microsvstems, lnc. or its subsidiaries in the United States and other countries. All SlAk C trademarks are used under license and are trademarks or reoistered
trademarks of SlAkC lnternational, lnc. in the US and other countries. lroducts bearino SlAkC trademarks are based upon an architecture developed bv Sun Microsvstems, lnc. UNlX is a reoistered trademark in the
U.S. and in other countries, exclusivelv licensed throuoh X/0pen Companv, Ltd. lnformation subiect to chanoe without notice. SunwlN #-bõibz Lit. #6Nwliõ¤õ/o ob/o¤
DATABASE APPLIANCE APPLICATION OR MIDDLEWARE OPERATING SYSTEM VIRTUAL MACHINE IMAGE .
PUBLIC ENTERPRISE .
PRIVATE ENTERPRISE .
Flickr API. Storage Web-based applications. Example: HPC applications H AR DWAR E SERVICES APPLICATIONS MIDDLEWARE & S OF TWARE OPERATING SYSTEM C L O U D VIRTUAL SERVERS STACK PHYSICAL SERVERS . Use a preconfigured appliance or a custom software stack. salesforce. GlassFish. AMP. etc. Add your own applications. Flickr Virtual hosting. Google Maps API.I N F R A S T R U C T U R E Web services. tax preparation. Rent a preconfigured OS.com. Google apps. Example: DNS server Rent a virtual server. Deploy a VM image or install your own software stack Rent a compute grid.
APPLICATION DATABASE DATABASE DATABASE Partitioned Application Data Application Data Distributed Across Horizontally Scaled Database Instances .
DEPLOYMENT PATTERN WEB SERVERS APPLICATION SERVERS DATABASE SERVERS .
LOAD BALANCER LOAD BALANCER WEB SERVER WEB SERVER WEB SERVER WEB SERVER APACHE APACHE APACHE APACHE WEB SERVERS API SHARED CONTENT STORAGE .
TO KE N SCHEDULER WORKER TO KE N WORKER STORAGE ACCESS WORKER API STORAGE .
This action might not be possible to undo. Are you sure you want to continue?