Exploring the Private Cloud for Your Organization

an

Networking eBook

Contents
Exploring the Private Cloud for Your Organization
This content was adapted from the ServerWatch and Enterprise IT Planet websites. Contributors: Paul Rubens, Drew Robb and Sonny Discini.

2
2

The Private Cloud Defined

4 6 8
8

Journey to the Center of the Cloud

From Obsolete Servers to Private Cloud in 3 Easy Steps

Building a Private Cloud at Los Alamos

12

Exploring the Private Cloud for Your Organization

The Private Cloud Defined

By Paul Rubens
efore trying to pin down this elusive beast, its useful first to think about whats meant by cloud computing. Defining cloud is not easy, but a cloud computing solution will almost certainly offer: Elasticity and scalability. This encompasses the idea of computing on demand, and the ability to increase the supply of computing resources as they are needed to deal with spikes in demand for a particular application or service. Theres also the idea of turning computing resources into a commodity so more can be added over time, as needed, to ensure systems are almost infinitely scalable. Pay-as-you-go computing. This involves paying for the computing resources you use for the amount of time that you use them. In a private cloud, customers are generally individual departments or business units. Service level agreements. In many ways what drives the cloud computing model is the need for set performance levels. Elasticity, scalability and the pay-asyou-go model all follow from the need for an economical way to get set desired service levels at all times, even when demand spikes unpredictably. Lower costs. A fundamental attraction of cloud computing is that it can provide an opportunity to reduce costs. Savings come from the use of computing resources based at one or more low-cost locations, which are

managed efficiently using automation, and by realizing economies of scale stemming from the use of specialist staff members managing large quantities of computing resources Although its arguably not a requirement of cloud computing, the key technology enabler is virtualization. This allows a number of physical servers to be pooled into a large computing resource that can be used to run as many virtual machines of almost any size as are needed at any given time.

The Downside of Cloud Computing

The problem is that there are a number of objections to the cloud computing model. Common ones raised by many CIOs include a loss of control over enterprise and customer data, worries about security and issues connected to regulatory compliance. Private clouds aim to avoid these objections, while still offering many of the key benefits of public cloud computing. The obvious way around these objections is to implement something that looks like a cloud platform but sits safely within the corporate firewall, under the control of the IT department. This type of private cloud comes at a cost: The organization implementing the private cloud is still responsible for running and managing IT resources instead of being able to pass that responsibility on to a specialist third-party operator. Therefore there is less opportunity to enjoy the economies of scale that a large,

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.

Exploring the Private Cloud for Your Organization

highly automated cloud platform should offer. But must private clouds be like this? To answer this question, we must be clear about what we mean by private in this context. If you think of a private cloud as something acceptable to companies that find running applications in a public cloud unacceptable, then perhaps the most helpful way to define a private cloud even if it is not a technical definition is this: It is simply a cloud solution that offers a significant portion of the benefits of a public cloud, while addressing all the concerns that using a public cloud may raise. Depending on the organization in question, these concerns are likely to include physical location and ownership, application control, data security and liability for breaches of SLAs. Its worth pointing out that some private cloud solutions have the capability to cloud-burst into a public cloud at peak times when additional resources are needed. The definition above almost certainly still holds for this type of system though, as most organizations will only cloud-burst less-important applications (in terms of data security, compliance and so on) to free up resources in their private clouds for more important or sensitive ones. Despite this lack of a technical definition, theres no doubt that private clouds are more than just an idea: the likes of Arjuna, Elastra, Cassatt and Enomaly all have offerings that fall within this loose definition, and more are in the pipeline. Private clouds are here, and they are here now, even if no one knows exactly how to define them.

Private Cloud Complexities and Considerations

And thats actually rather tricky to define. A company server room containing a self-contained cloud infrastructure as described above would certainly count as a private cloud, but there are other things to take into account besides the physical location of the servers themselves. For example, if a similar infrastructure, controlled by an enterprise, is located in a third-party data center operators facility; is that still a private cloud? Things to consider include: Who owns and manages the cloud platform itself? Are other companies virtual machines hosted on the same cloud platform? Who ends up being liable if SLAs are breached? Who manages and controls the applications running on the cloud platform? Could a third party be compelled and able to hand over data to law enforcement bodies? Is the enterprise connected to its cloud infrastructure over a private or public network?

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.

Exploring the Private Cloud for Your Organization

Journey to the Center of the Cloud

By Drew Robb

ules Vernes novel Journey to the Center of the Earth featured adventurers traveling down volcanic pipes to a new world in the center of the earth. The theme of last years EMC World conference in Boston had a Verne-esque feel Your Journey to the Private Cloud. Instead of volcanic passageways, EMC is proposing virtualization as the route to a new IT world. The next wave in IT is cloud computing, said Joe Tucci, chairman and CEO of EMC. EMC is going all out on the private cloud. Why now? IT infrastructure is getting too complex, too inefficient and too costly, he said. To make his point, he cited a survey that found 72 percent of IT investment is going to maintain existing applications and infrastructure. EMC aims to offer solutions to both sides of the equation: VMware for virtualization and EMC storage technologies as the underlying infrastructure for cloud computing. While companies like Google and Amazon are setting up a public cloud, EMC sees the private cloud as a more viable enterprise model. Email, backup and storage on a public cloud might be fine for home computers, but no company is going to trust such a setup. That opens the door to private clouds that offer the flexibility and agility of the cloud while surrounding it with enough control, reliability and security so enterprises will be comfortable with it.

But Tucci doesnt predict an either/or scenario. Both public and private clouds will have to co-exist. Large data centers will provide their own private clouds, which will extend regionally or globally to encompass users, customers and partners. Around these private clouds will operate a smaller number of massive public clouds that provide certain services deemed safe enough to farm out to service providers. Both camps will have to work together, said Tucci. Further, EMC doesnt plan to acquire companies so that it can offer every aspect of the private cloud. Instead, it will partner with Cisco and others to deliver a complete solution. You can use servers from different vendors and even nonEMC storage if you want to, said Tucci. Our goal is to give max efficiency, choice and control to customers. According to analyst research from IDC, the cloud looms large among current enterprise priorities, along with server/storage virtualization. That leads Tucci to believe EMC has its biggest opportunity yet for major expansion. The coincidence of VMware pervasion and EMCs overall dominance in storage technologies can come together to potentially propel the company into an even wider sphere. That might even affect Microsofts domain. As hypervisors claim a larger presence, they take over some

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.

Exploring the Private Cloud for Your Organization

of the functions that traditionally reside in the operating system. Device driver management, for example, moves away from the OS and into the hypervisor. EMCs cloud vision will also impact the role of the PC. Instead of user data residing on a specific device, Tucci sees data as following the user from device to device all stored within the cloud, which is underpinned by EMC storage. The concept of the PC will change dramatically, he said. Users will access their data using public and private clouds to give them more flexibility. As a result, cloud federation will rise into more prominence, i.e., technology that permits applications to interoperate and data to be transferred seamlessly between private and public clouds. In addition, federation will take care of how workloads are moved to minimize costs and maximize efficiency. If a missioncritical application requires more resources within the private cloud, other workloads can be moved over to public networks, provided enough security and performance is available. What about the idea that everything will eventually meld into a few massive clouds that service all users and all enterprises? Tucci doesnt see that as a workable approach. Most organizations have too much time and development resources invested in internal applications to turn them all over to the Amazons and Googles of the world. There are billions of lines of code representing trillions of dollars of investment residing inside companies, he said. Thus, the public cloud might be just fine for newly developed applications developers will have coded them specifically with a cloud-like infrastructure in mind. This means were in for a far more dispersed infrastructure, but one that plays more into the hands of customers rather than vendors. They have the choice, after all, of multiple infrastructure providers as well as service providers. In 40 years, I have never seen a time when customers are so in the drivers seat, said Tucci.

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.

Exploring the Private Cloud for Your Organization

From Obsolete Servers to Private Cloud in 3 Easy Steps

By Sonny Discini
ts happening everywhere. IT shops are being forced to do much more with a lot less. Given the new rules of engagement, the prospect of needing to find value in old hardware in the face of zero budget dollars is not unusual. If you are like most server administrators, you have a pile of older servers sitting off to the side in your network operations center. Theyve been around for years, and individually, they do not offer much in the way of performance or use. But what if you could find a way to harness the power of all these servers together?

Build Your Own Nebulous

A server administrator for a national insurance company had this to say on the subject of recycling hardware. Our accounting department showed us that we had no money to purchase new hardware and they went on to say that the five-year depreciation on hardware was going to be extended out to 10 years. Clearly there is a misunderstanding on requirements, but given that we must comply with this, we went to our warehouse and grabbed about five 2U Dell PowerEdge servers. Our plan was to build a private cloud, for free, using open source operating systems and virtualization. Even with no money, we still had projects on the table that had to be done. We called our experiment, Nebulous, named after the cloud. The end result was better than we had imagined. supported, mainly free, software operating system based on Red Hat Enterprise Linux. It exists to provide a free, enterprise-class computing platform, and it strives to maintain 100 percent binary compatibility. CentOS stands for Community ENTerprise Operating System. We knew that CentOS had clustering capabilities, so we installed it across all five of our servers. Once we patched them and hardened the servers, we used the native clustering functionality to run all five servers as one environment. The really nice thing here is that the enterprise investment in the RHCE certification for us was not wasted. Our server administrators already had the skills to carry out the architecture design, so right there we were able to avoid contractor or training expenses. We now had the hardware running, the open source OS pumping, all the configurations set and were now ready to add the final piece of the puzzle.

1. Assemble the Pieces

CentOS is the free version of the popular Red Hat Enterprise Linux operating system. It is a community-

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.

Exploring the Private Cloud for Your Organization

We took the Nebulous pilot to other departments and business lines. Some were hesitant for the same reasons as outsourced cloud services, but once we explained that we own this cloud, tensions were lowered. The biggest set of questions we had came from departments who adhere to various regulations, such as PCI and SOX. We have asked our QSA vendor to assess our Nebulous environment and determine if it can be used.

2. Create the Cloud

We decided on VirtualBox, an open source virtualization platform. VirtualBox is a general-purpose full virtualizer for x86 hardware. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also open source software. We had zero dollars to acquire an enterprise virtualization package, such as VMware, so we matched up our needs with the VirtualBox open source solution. We went ahead and set up the console, and began installing guest operating system environments. At this point, we had the security team come in and do a full risk assessment of the pilot design. We were very encouraged by their findings and felt that the level of risk was well below the benefits to the business. Management agreed and our Nebulous, or internal private cloud, was born.

New, Old and Innovation

From just this one example, we see that server administrators are mixing old hardware with new concepts to deliver viable business platforms with little to no costs. Given this example, I can see projects like Nebulous springing up across both private and public sector server environments. As a final note, when asked about hard dollar savings Nebulous offered, the server admin had this to say. We looked at everything from the [power] cost per slot in the network racks all the way to the hourly rates of pay associated with uptime and management of Nebulous. If we did this only for our development group, we would save 37 percent of the current costs to their operations.

3. Market the Old with a New Name

When we approached development and showed them how quickly we could add, remove or assign test beds, they were very pleased. This would be a huge time saver from the current process of building environments by hand. It also allowed for many more environments to be tested simultaneously because there would not be a reliance on physical hardware being available or ready for use. They were so pleased that they gave us a bunch of hardware and asked us to add it to the environment.

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.

Exploring the Private Cloud for Your Organization

Building a Private Cloud at Los Alamos

By Drew Robb
ecurity often comes up as a big stopping point for cloud computing. One of the ways around this is to build a private cloud one that remains within the corporate firewall and wholly controlled internally. That was the approach taken by Los Alamos National Laboratory as it seeks to create an infrastructure on demand (IOD) architecture to simplify the rollout of new technology projects and to eliminate delays in storage, server and network provisioning. Anil Karmel, IT manager at Los Alamos National Lab, noted four tenets that played a major role in the private cloud decision: Green IT Streamlined operations Rapid scaleup/down Security As we deploy more virtual servers, we consume far less power and also reduce electronic waste, said Karmel. We estimate eventual savings of $1.3 million annually due to IOD. Server capacity on demand is now achievable in a few clicks. Instead of 30 days to provision a server, it now takes less than 30 minutes. The organization is utilizing HP c7000 blade enclosures along with HP Virtual Connect Fibre Channel/Flex 10 Ethernet. HP BL460c and BL490c blades are used, with

each blade containing multiple quad-core and six-core chips. A NetApp SAN was brought in to add storage capacity. This is based on the NetApp V Series with 2 PBs of Tier 2 SATA storage. Tier One is provided by existing HP arrays. The cloud itself consists of four elements: a Web portal at the front end; Microsoft SharePoint as the automation engine for cloud workflows, and also as the integration point for functions such as chargeback; VMware vCloud Director to manage and operate the cloud; and VMware vShield to provide security at both the application level and at the user device level. Any virtual environment has to be cost effective, so that means it has to be simple while being aware of any and all changes in real time, said Karmel. This is especially important in the security arena. Traditional security operates at the hardware or software layer. But the addition of a virtualization layer, said Karmel, provides too many gray areas for such security tools to operate effectively. Hence security itself is now being virtualized to eliminate yet another wave of security holes showing up in the corporate networks. Using Infrastructure on Demand, the National Lab is

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.

Exploring the Private Cloud for Your Organization

creating virtual security enclaves using vShield that prevent one desktop or client from infecting others, and keeps virtual machines (VMs) out of harms way. Rules are set indicating access rights, as well as security protocols based on threat detection. Traditional security tools interface with this virtual security layer to keep servers and devices more protected. Any time a threat is detected, the offending virtual computer is sent to a remediation area, which has no network connectivity with which to propagate malware. This all occurs automatically based on preset policy, said Karmel. If a VM is moved from one host to another, the security policy given to it moves with it. To prevent VM sprawl, VMs are given an expiry data. This is one year by default, though that can be adjusted. Thirty days before the due date, an email is automatically generated asking the VM owner about renewal. Another similar email is relayed with 10 days left and then again the day before expiry. As soon as the VM is turned off, the user is informed of the fact and asked if he/she wants it back on line. Even then, 29 days later, the user is told that VM is scheduled for deletion. The next day it is deleted. A backup is retained for seven years just in case. The NetApp storage is used to create snapshots of VMs before they are retired to tape. For now, restores are not automated. But in the next version of Infrastructure on Demand, users will be able to restore VMs they desire in a few clicks. Lifecycle management of VMs is very important, said Karmel. The organization has erected a chargeback structure. Cloud resources are priced according to CPU, RAM and disk. Users can see the total cost before submitting a request for IT resources. Following a request, the line manger has to approve and accepts the charges to that unit. You have to build best practices around our workloads, said Karmel. Service Level Agreements (SLAs) are set at four 9s. If some hardware goes down and Infrastructure on Demand doesnt meet the SLA, it doesnt charge for that resource for that month. In addition, uptime and availability metrics are regularly published so users are fully informed. At the moment, separate network, security and virtual server teams are being maintained to monitor the infrastructure. Over time, this may be streamlined to one centralized unit.

Back to Contents

Exploring the Private Cloud for Your Organization an Internet.com Networking eBook. 2011, Internet.com, a division of QuinStreet, Inc.