BONUS CHAPTER 2

Case Study
ABC is a large accounting firm with customers in five countries across
North America and Europe. Its North American headquarters is located
in Miami, Florida, where it hosts a data center connected to the Internet
by using two different carriers. Three thousand of their 12,000 North
American employees are located in Miami. The remaining employees are
scattered throughout 75 smaller offices in the United States and Canada.
The Europe headquarters is located in Liverpool, UK, where it hosts a
small data center connected to the Internet by using a single carrier.
There are 1,000 employees in Liverpool and another 3,000 employees
across 12 offices in the United Kingdom, France, Germany, Sweden,
and Norway.
ABC has invested a lot of effort in the creation of a web-based accounting
package it sells to its customers in all five countries it does business in.
Currently the web package is sold to customers and installed on their
premises, where it’s maintained by the customer with support from ABC.
The web package is composed of a front-end web application, a middle-tier
application server, and a database server. The front-end web application
makes calls to web services on the middle-tier application server. The
application server accesses data from the database server. The application
design is shown in Figure B.1.

bc02.indd 1 6/10/2013 2:54:49 PM

 2 Bonus Chapter 2 • Case Study

Customers Internet

Customers

Firewall
Application
Web Pages

Web Servers

Middle-Tier
Web Services

Switch
Application Servers

Accounting
Database

Database Servers

F I G U R E B  1 Application design

Customers have notified ABC multiple times that they are not comfortable
maintaining the web package and would prefer the application to be hosted by
ABC online.
ABC hired you as a consultant to help design a solution that meets the
requirements of their customers and their internal IT department. The list
below summarizes the requirements for the solution:
Accessibility and scalability The accounting application must be accessible
from any device connected to the Internet, from anywhere in the world.
Customers can have anywhere from 5 to 2,500 simultaneous users connected to
the application. The solution must be scalable so that extra resources are auto-
matically added as usage increases and removed as usage decreases. Customers
will pay based on activity volume.
Availability Access to the accounting application must be available 24 hours
a day, every day of the year. Customers require a 99.9% availability. If there’s a
disaster in a data center, customers should be able to access their applications
from a different data center. ABC does not plan on acquiring new data centers.

bc02.indd 2 6/10/2013 2:54:49 PM

 Designing the Solution 3

Isolation and customization Larger customers require their own separate

infrastructure hosted by ABC. They do not want their data and web-application
front end shared with other customers. Larger customers want to be able to
manage resources directly and also create custom forms in the application.
Security All data must be encrypted at rest and in transit. All backups should
be encrypted as well. Only authorized users must be able to access the account-
ing application. Customers should have the ability to use single sign-on (SSO) if
they so desire.
Servicing Account managers from ABC must be able to provision new applica-
tions for large customers by simply filling in a web form that later is used to
automate the creation of the application.
Rules and regulations Data from customers in Europe must not reside in any
data center outside Europe.

Designing the Solution

Before diving into the solution, you must identify the different types of custom-
ers served by ABC. After reading the requirements, you can conclude that there
are two types of customers:
Smaller customers These customers will use a shared platform to access the
accounting application.
Larger customers These customers will have a dedicated platform that is not
shared with any other customer.
Now that you have identified the customer types, you can start breaking down
the solution based on the requirements. Let’s revisit each requirement and
describe how they can be achieved.

Accessibility and Scalability Solution

The accessibility requirements point to a web-based application available over the
Internet. That is easily done since the current solution uses a web-application
front end.
The scalability requirements point to an elastic solution. Resources must be
added and removed dynamically based on usage. This maps directly to a cloud-
based solution that is scalable and automated. The virtual machines hosting
the different tiers of the solution can be created and deleted according to their

bc02.indd 3 6/10/2013 2:54:49 PM

 4 Bonus Chapter 2 • Case Study

load. Another requirement that points directly to a cloud solution is the billing.
Customers must pay according to resources consumed. In a cloud environment,
you can log memory, processor, and storage usage over time and bill based on
consumption.
Also, a cloud-based solution reduces the number of physical servers required
to host the different instances of the accounting application. Looking back at
Figure B.1, the solution would require at least two web servers, two middle-tier
servers, and two database servers for each large customer. A cloud-based solution
would require just a few hypervisor servers in a cluster hosting several virtual
machines, as shown in Figure B.2.

Customers Internet

Customers

Firewall
Virtual
Machines

Hypervisor
Servers

Virtual Hard
Drives

Switch
SAN

F I G U R E B . 2 Private cloud design

Availability Solution
To achieve 99.9% availability, ABC must invest in its data center to ensure that
power is available in case of outage, Internet connection is available in case a
carrier is down, hardware is fault tolerant, and the application tiers are available
even if a server fails.
If you assume that the data center is fully redundant for power and connectiv-
ity, you can concentrate on the hardware and application availability. Servers
can be clustered together to provide multiple hosts to handle virtual machines.

bc02.indd 4 6/10/2013 2:54:49 PM

 Designing the Solution 5

In this case, if a single server crashes, the virtual machines hosted on that
server can be moved to another server. This requires each server in the cluster
to have enough memory and processing resources to host the necessary virtual
machines to maintain availability. Multiple switches and network adapters can
be used to provide redundancy for connectivity.
Finally, the application tiers must be composed of at least six virtual servers:
two front-end servers in network load balancing, two middle-tier servers in
network load balancing, and two database servers clustered. That way, if a single
virtual machine fails, the tier is still available and the automation process can
automatically provision a new virtual machine to take place of the failed virtual
machine. The service template for the accounting application can be seen on
Figure B.3.

Web Server VM Template (t1) Service Template (st1)

Web Pages
Failover
Cluster
Server 1 (t1)
Web Server

Application Server VM Template (t2)

Load Balancer Server 5 (t3)
Server 2 (t1)

Middle-Tier
Web Services

Application Server Virtual Switch

Server 3 (t2)
Server 6 (t3)
Database Server VM Template (t3)

Load Balancer
Server 4 (t2)

Accounting
Database
Web Server

F I G U R E B . 3 Application template

Isolation and Customization Solution

Since smaller customers can share a platform, their data can be hosted on indi-
vidual databases on the same database cluster, and they can all share the same
set of front-end servers and middle-tier servers. That way, you can have a mini-
mum of six virtual machines hosting the application for all smaller customers.
These customers will be paying for access to the application and support and

bc02.indd 5 6/10/2013 2:54:49 PM

 6 Bonus Chapter 2 • Case Study

will use a Software as a Service (SaaS) model. In this model, ABC is a SaaS
provider.
Larger customers require isolation from other customers. This can be
achieved by each of these customers having their own virtual machines hosting
their accounting application. ABC can provide these customers with the ability
to add virtual machines to each tier manually, along with automatic scalability.
Because these customers also want to customize their application, ABC can
provide an application programming interface (API) specifically for that.
These customers would be paying for a Platform as a Service (PaaS) product.
ABC would be responsible for maintaining the operating system (OS) and
programming environment for the solution, leaving the customer responsible
for customization of code.

Security Solution
Because data must be protected at rest and in transit, you need to look at
encryption at each layer. Database engines have the ability to encrypt data at
rest. This ensures that even when the database is backed up, its content cannot
be accessed unless a decryption key is available.
The middle-tier servers must have access to the decryption key and can use
a Secure Sockets Layer (SSL) connection to the database server to send and
receive data, ensuring that data is protected in transit and decrypted at the
middle tier.
SSL can be used again from the web front-end servers when calling the
middle-tier servers and on connections from the end users to the web front end.
Finally, users must be authenticated before they gain access to the
application. For better security, smart cards can be used for authentication. And
to conform to the single sign-on (SSO) requirement, the application can use
federation to integrate with the customer’s authentication platform.

Servicing Solution
To allow account managers to create a new instance of the accounting
application for larger customers, you can use the concept of service templates.
A service template defines the necessary virtual machines and settings to deploy
a service, or application. The service template must contain all the virtual
machines necessary for the application to run. We defined that the application
requires six virtual machines (two web front-end servers, two middle-tier
application servers, and two database servers). Each type of virtual machine
will have its own template that specifies the necessary software and settings for

bc02.indd 6 6/10/2013 2:54:49 PM

 Summary 7

the virtual machine. For instance, the database servers need a database engine
installed along with the accounting database; the web servers need a web server
application and the website used to host the accounting application; and the
middle-tier application severs need the web services used to interact with the
database.
Once the virtual machine templates and the service template are defined, a
self-service portal can be used for account managers to initiate a workflow that
deploys the service template for a given customer.

Rules and Regulations Solution

Based on the availability requirements, the application must be available in case
a data center is offline. To achieve this, data must be synchronized between the
two data centers operated by ABC. That way, if the data center in Miami fails,
customers from North America will be redirected to the Liverpool data center.
However, the same cannot be done for the European customers based on the
rules and regulations enforced as a requirement. ABC does not plan to acquire
a new data center, so they must hire a cloud provider that is able to host the
virtual machines necessary for their customers to stay in business. ABC must be
able to fully customize and update the virtual machines. Therefore, this provider
will sell an Infrastructure as a Service (IaaS) product to ABC, which will be used
as a disaster recovery solution for the European customers.

Summary
ABC must create a service template to deploy its accounting application by using
six virtual machines (two web front-end servers, two middle-tier application
servers, and two database servers).
The service template must be available for deployment through a self-service
portal used by account managers.
Each larger customer will have its own instance of the accounting service. All
smaller customers will share a single instance of the service.
ABC will sell the accounting software as a SaaS product to smaller customers
and as a PaaS product to larger customers.
ABC will provide disaster recovery to North America customers by synchro-
nizing data between the data centers in Miami and Liverpool.
ABC will provide disaster recovery to European customers by synchronizing
data between the Liverpool data center and a public cloud provider in Europe.
The public cloud provider will sell ABC an IaaS product.

bc02.indd 7 6/10/2013 2:54:50 PM

 8 Bonus Chapter 2 • Case Study

Secure access to the application will be guaranteed by using SSO with federa-
tion services when the customer requires it and by connecting to the virtual
machines by using SSL. All data will be encrypted at the database level.
Monitoring tools will be used to allow ABC’s solution to automatically add and
remove virtual machines from each application tier based on consumption.
Finally, to show the return over investment for both the private cloud and
public solutions recommended, you can use a return on investment (ROI)
calculator. There are several calculators available on the Internet, but the one
from MomentumSI is the only independent calculator currently available that
considers the operating system for the virtual machines along with private or
public cloud offering. Its public cloud cost calculator is based on the Amazon
AWS Calculator. You can download the calculator from the following location:
www.momentumsi.com/public-vs-private-cloud-roi-calculator/

bc02.indd 8 6/10/2013 2:54:50 PM