Você está na página 1de 219

The Definitive Guide To

tm tm

Cloud Computing

Dan Sullivan

TheDefinitiveGuidetoCloudComputing

DanSullivan

IntroductiontoRealtimePublishers
by Don Jones, Series Editor

Forseveralyearsnow,Realtimehasproduceddozensanddozensofhighqualitybooks thatjusthappentobedeliveredinelectronicformatatnocosttoyou,thereader.Weve madethisuniquepublishingmodelworkthroughthegeneroussupportandcooperationof oursponsors,whoagreetobeareachbooksproductionexpensesforthebenefitofour readers. Althoughwevealwaysofferedourpublicationstoyouforfree,dontthinkforamoment thatqualityisanythinglessthanourtoppriority.Myjobistomakesurethatourbooksare asgoodasandinmostcasesbetterthananyprintedbookthatwouldcostyou$40or more.Ourelectronicpublishingmodeloffersseveraladvantagesoverprintedbooks:You receivechaptersliterallyasfastasourauthorsproducethem(hencetherealtimeaspect ofourmodel),andwecanupdatechapterstoreflectthelatestchangesintechnology. Iwanttopointoutthatourbooksarebynomeanspaidadvertisementsorwhitepapers. Wereanindependentpublishingcompany,andanimportantaspectofmyjobistomake surethatourauthorsarefreetovoicetheirexpertiseandopinionswithoutreservationor restriction.Wemaintaincompleteeditorialcontrolofourpublications,andImproudthat weveproducedsomanyqualitybooksoverthepastyears. Iwanttoextendaninvitationtovisitusathttp://nexus.realtimepublishers.com,especially ifyouvereceivedthispublicationfromafriendorcolleague.Wehaveawidevarietyof additionalbooksonarangeoftopics,andyouresuretofindsomethingthatsofinterestto youanditwontcostyouathing.WehopeyoullcontinuetocometoRealtimeforyour educationalneedsfarintothefuture. Untilthen,enjoy. DonJones

TheDefinitiveGuidetoCloudComputing

DanSullivan

IntroductiontoRealtimePublishers.................................................................................................................i Chapter1:ChangingtheWayWeDeliverServiceswithCloudComputing....................................1 Overview.................................................................................................................................................................1 TheMovingTargetthatIsCloudComputing......................................................................................3 ABriefIntroductiontoCloudComputing.................................................................................................4 AMassivelyScalableInfrastructure.......................................................................................................5 RapidAllocationofVirtualServers....................................................................................................6 StandardHardwarePlatform...............................................................................................................7 PersistentStorageintheCloud...........................................................................................................7 UniversalAccess.............................................................................................................................................8 . FineGrainedUsageControlsandPricing............................................................................................9 StandardizedResources..............................................................................................................................9 ManagementSupportServices..............................................................................................................10 DriversBehindCloudComputing..............................................................................................................10 ABetterWaytoConsumeServices......................................................................................................11 ServiceOrientedArchitectureintheCloud................................................................................11 DifferentiatedLevelsofService........................................................................................................12 MoreEfficientDeliveryofServices......................................................................................................12 ManagementInfrastructure...............................................................................................................13 OptimizationofWorkloadsAcrossSharedInfrastructure...................................................13 SelfServiceManagement....................................................................................................................14 Monitoring.................................................................................................................................................15 ImprovingtheUserExperiencethroughCloudComputing......................................................15 ChangingEconomicsofIT.............................................................................................................................15 ReducingCapitalExpenditures.............................................................................................................16 EfficientlyAllocatingResources............................................................................................................16 RapidlyDeliveringITServices...............................................................................................................17 ii

TheDefinitiveGuidetoCloudComputing

DanSullivan

AligningBusinessStrategyandIT.............................................................................................................18 Summary..............................................................................................................................................................19 Chapter2:DemystifyingCloudComputing................................................................................................20 ANoteonTerminology..................................................................................................................................20 SearchingforaCommonDefinition:3FundamentalElementsofCloudComputing.........21 MassiveScalability......................................................................................................................................21 ComputingResources...........................................................................................................................22 StorageResources..................................................................................................................................24 NetworkResources................................................................................................................................24 AbilitytoEasilyAllocateCloudResources.......................................................................................25 ServiceManagementPlatform...............................................................................................................26 ServiceCatalogofStandardizedServices.....................................................................................26 PolicyDefinitionandEnforcement.................................................................................................26 ACloudbyAnyOtherName....................................................................................................................27 DifferentTypesofCloudComputingServices.....................................................................................28 InfrastructureServices..............................................................................................................................28 ComputingonDemand.........................................................................................................................29 StorageonDemand................................................................................................................................30 BusinessIntelligenceUseCase.........................................................................................................30 PlatformServices.........................................................................................................................................31 RelationalDatabaseServices.............................................................................................................31 ApplicationServers................................................................................................................................33 SecurityServices.....................................................................................................................................33 ApplicationServices...................................................................................................................................33 MessagingQueues..................................................................................................................................34 Distributed,ParallelProcessing.......................................................................................................35 ApplicationsandBusinessServices.....................................................................................................36 iii

TheDefinitiveGuidetoCloudComputing

DanSullivan

ConsolidatingEnterpriseApplications.........................................................................................36 . ManagingBusinessServicesandWorkloads..............................................................................37 CommonAttributesofCloudServiceModels..................................................................................38 CloudDeliveryModels...................................................................................................................................38 PublicClouds.................................................................................................................................................39 PrivateClouds...............................................................................................................................................39 HybridClouds................................................................................................................................................39 Summary..............................................................................................................................................................40 Chapter3:EnablingBusinessInnovationbyUsingCloudComputing...........................................41 LaunchingaNewBusinessService...........................................................................................................42 NewServicesUnderaTraditionalITServiceModel....................................................................44 Scenario1:TutorialVideosfortheDIYCustomer...................................................................44 Scenario2:AdvancedAnalyticsforAutoInsurancePremiumCalculations.................46 NewServicesUndertheCloudComputingModel.........................................................................49 Scenario1:TutorialVideosintheCloud......................................................................................49 Scenario2:AdvancedAnalyticsintheCloud.............................................................................49 . AdvantagesofDoingBusinesswithCloudComputing....................................................................50 TimetoDeployServices...........................................................................................................................51 CostControlandAbilitytoScaletoDemand...................................................................................52 AdaptabilityofResources........................................................................................................................53 SourceofROIintheCloud............................................................................................................................53 LoweringCapitalCostswithCloudComputing..............................................................................53 LoweringOperationalCostswithCloudComputing....................................................................54 OnDemandProvisioning....................................................................................................................55 ReducingMarginalCostsofSystemsAdministration.............................................................56 StandardizationandAutomation.....................................................................................................58 ServiceManagementReporting.......................................................................................................59 iv

TheDefinitiveGuidetoCloudComputing

DanSullivan

AssessingtheBusinessValueofCloudServices.................................................................................59 Summary..............................................................................................................................................................60 Chapter4:HowCloudComputingWillHelpYourBusiness...............................................................62 HowCloudComputingCanHelpYourBusiness.................................................................................63 BusinessandTechnologyAlignments:TheIdealvs.Reality....................................................63 IdentifyBusinessPriorities.....................................................................................................................65 IdentifyOperationalInefficiencies.......................................................................................................66 IdentifyBarrierstoInnovation..............................................................................................................67 AssessingCurrentCapabilities...................................................................................................................68 InfrastructureCapabilities......................................................................................................................69 PlatformCapabilities..................................................................................................................................69 OSConsolidation.....................................................................................................................................70 ApplicationStacks..................................................................................................................................70 ApplicationCapabilities............................................................................................................................73 GovernanceCapabilities...........................................................................................................................74 ManagementandReportingCapabilities..........................................................................................75 IntroducingaNewModelforConsumptionandDelivery..............................................................76 IntroducingPublicCloudConsumptionModel...............................................................................76 IntroducingPrivateCloudConsumptionModel.............................................................................76 DeployingExistingInfrastructureinaPrivateCloud.............................................................77 EnablingApplicationServicesintheaCloud.............................................................................78 ManagingaPrivateCloud...................................................................................................................78 . MeasuringtheValueofaCloud..................................................................................................................80 ChangestoCapitalCost.............................................................................................................................80 ChangestoOperationalCost...................................................................................................................80 LaborCosts................................................................................................................................................80 InfrastructureMaintenance...............................................................................................................81 v

TheDefinitiveGuidetoCloudComputing

DanSullivan

FacilitiesOperations..............................................................................................................................81 SimplifiedAccounting...........................................................................................................................81 Summary..............................................................................................................................................................82 Chapter5:StrategiesforMovingtotheCloud..........................................................................................83 PlanningPrinciplesforMovingtoCloudComputing........................................................................83 PrioritizingAccordingtoBusinessDrivers......................................................................................84 DefiningRequirements.............................................................................................................................85 ExistingApplicationsInfrastructure:TheCurrentStateofAffairs...................................85 AdditionalRequirementsforNewApplications.......................................................................87 AssessingWorkloads.................................................................................................................................87 CapacityPlanning...................................................................................................................................87 Scheduling..................................................................................................................................................88 CostRecovery...........................................................................................................................................88 AligningRequirementstoCloudServices.........................................................................................89 ArchitecturalPrinciplesforCloudServices..........................................................................................89 DesigningforScalability...........................................................................................................................92 ProvidingScalableComputingResources...................................................................................92 . UsingCloudServicesinScalableWays..........................................................................................94 DesigningforManageability...................................................................................................................97 ManagingCloudProvisioning............................................................................................................97 MonitoringJobsintheCloud.............................................................................................................98 DeployingLayeredTechnicalServices...............................................................................................99 DeliveringBusinessServices..................................................................................................................99 BusinessServicesintheCloud:UseCaseScenarios........................................................................100 NewCustomerInitiativeUseCase.....................................................................................................100 BusinessIntelligenceUseCase............................................................................................................101 MixingWorkloads.....................................................................................................................................102 vi

TheDefinitiveGuidetoCloudComputing

DanSullivan

Summary............................................................................................................................................................103 Chapter6:IdentifyingtheRightCloudArchitectureforYourBusiness.....................................104 . LevelsofCloudArchitecture.....................................................................................................................105 . VirtualizationofResources...................................................................................................................106 LogicalUnitsofComputingResources........................................................................................106 HardwareIndependence...................................................................................................................107 StandardizedServicePricing...........................................................................................................107 ServicesLayer.............................................................................................................................................108 ServiceManagementProcesses..........................................................................................................109 . ProvidingComputeServices......................................................................................................................110 HardwareSelection..................................................................................................................................110 ImplementingVirtualization................................................................................................................111 FailoverandRedundancy......................................................................................................................111 ManagementReporting..........................................................................................................................112 ProvidingStorageServices.........................................................................................................................113 StorageVirtualization..............................................................................................................................113 BackupsandCloudStorage...................................................................................................................115 ManagementReportingforStorageVirtualization.....................................................................116 NetworkServicesforCloudComputing...............................................................................................116 Capacity..........................................................................................................................................................116 IntraCloudReplication......................................................................................................................117 LoadingDataintotheCloud.............................................................................................................117 RedundancyintheNetwork.................................................................................................................117 ManagementReporting..........................................................................................................................118 CloudOperations............................................................................................................................................119 ImageManagement..................................................................................................................................119 . WorkloadManagement...........................................................................................................................119 vii

TheDefinitiveGuidetoCloudComputing

DanSullivan

ServicesLayer:AdaptingITOperationstoCloudInfrastructure..............................................121 DesigningforRecoverability................................................................................................................121 ManagingWorkload.................................................................................................................................122 PerformingMaintenanceandUpgrades..........................................................................................122 MaintainingSecurity................................................................................................................................122 ServiceManagementLayer........................................................................................................................122 Summary............................................................................................................................................................123 Chapter7:RoadmaptoCloudComputing:ThePlanningPhase.....................................................124 AssessingReadinessforCloudComputing.........................................................................................124 . WebApplicationArchitecture..............................................................................................................125 LevelsofCentralization......................................................................................................................125 CouplingofComponents...................................................................................................................126 . AccessibilityofComponents............................................................................................................126 AbilitytoExecuteMultipleInstances...........................................................................................127 PlatformIndependence......................................................................................................................127 SelfManagementofComputeandStorageResources..............................................................129 StandardPlatformsandApplicationStacks...................................................................................130 DeterminingRequiredPlatformsandApplicationStacks..................................................130 RequiredSupportServices...............................................................................................................131 CustomizationandSpecializedRequirements.........................................................................132 AligningBusinessStrategywithCloudComputingServices.......................................................133 WorkloadAnalysis....................................................................................................................................133 ValueMetrics...............................................................................................................................................134 HardwareandSoftwareValues......................................................................................................135 LaborValue.............................................................................................................................................135 . PreparingtoManageCloudServices......................................................................................................136 RoleofPrivate,Public,andHybridCloudServices.....................................................................136 viii

TheDefinitiveGuidetoCloudComputing

DanSullivan

PlanningforGrowth.................................................................................................................................137 LongTermManagementIssues..........................................................................................................139 PlanningforCentralizingResources......................................................................................................139 StandardizingtoReduceComplexity................................................................................................139 StreamlineServiceManagement........................................................................................................140 VirtualizingPhysicalResources..........................................................................................................141 CommittingtoSLAs.......................................................................................................................................141 CapacityCommitments...........................................................................................................................142 NetworkInfrastructure..........................................................................................................................142 . StorageInfrastructure.............................................................................................................................142 AvailabilityandRecoveryManagement..........................................................................................143 ComplianceRequirementsandCloudServices.................................................................................143 Summary............................................................................................................................................................144 Chapter8:RoadmaptoCloudComputing:TheImplementationPhase......................................145 EstablishingaPrivateCloud......................................................................................................................146 DeployingHardwareforaPrivateCloud........................................................................................146 ServersandNetworkEquipment..................................................................................................146 EnvironmentalIssues.........................................................................................................................147 RedundancyandAvoidingSinglePointsofFailure...............................................................147 DeployingNetworkServicesforaPrivateCloud.........................................................................149 ProvidingApplicationStacks................................................................................................................150 CloudManagementServices............................................................................................................150 CloudManagementPolicies..................................................................................................................152 CloudManagementReporting.............................................................................................................153 MigratingComputeandStorageServicestoaPrivateCloud......................................................154 PrioritizingBasedonBusinessDrivers...........................................................................................154 . BusinessDriver#1:Cost...................................................................................................................154 ix

TheDefinitiveGuidetoCloudComputing

DanSullivan

BusinessDriver#2:ComputingResources...............................................................................155 ReallocatingServers.................................................................................................................................156 DeployingCloudEnablingApplications..........................................................................................156 TestingandQualityControl..................................................................................................................157 DeployingManagementApplications...............................................................................................157 MigratingEndUserApplications........................................................................................................158 BuildingVirtualMachineImages...................................................................................................158 MigratingDatatoCloudStorage....................................................................................................158 MigratingAccessPrivilegestotheCloud....................................................................................158 PostImplementationChecklist................................................................................................................159 ManagingCloudServices............................................................................................................................161 . IntegratingServiceManagementwiththeCloud........................................................................161 ServiceCatalogManagement...........................................................................................................162 ServiceLevelManagement...............................................................................................................162 AvailabilityManagement...................................................................................................................163 ServiceValidationandReleaseManagement...........................................................................163 UsageTrackingandAccountingServices........................................................................................163 CapacityPlanning......................................................................................................................................164 ExtendingaPrivateCloudwithPublicServices................................................................................164 Summary............................................................................................................................................................165 Chapter9:MaintainingaCloudEnvironment:Governance,Growth,andSecurity...............166 GovernanceIssuesintheCloudComputing.......................................................................................168 ProtectingtheIntegrityofBusinessServices................................................................................170 ConfidentialityintheCloud..............................................................................................................170 AvailabilityandSLAs...............................................................................................................................172 . ControllingAccesstoCloudServices................................................................................................172 PricingCloudServices.............................................................................................................................173 x

TheDefinitiveGuidetoCloudComputing

DanSullivan

CostAllocation.......................................................................................................................................173 CompetitivePricing.............................................................................................................................174 PlanningforGrowth......................................................................................................................................174 KeyResourcesinCloudComputing...................................................................................................175 BaselineandInitialGrowthProjections..........................................................................................176 BaselineMeasures................................................................................................................................176 GrowthProjections..............................................................................................................................177 ExpandingUsingaPublicCloud.....................................................................................................179 MitigatingRisksThroughArchitecture............................................................................................180 PhysicalDistributionofDataCenters..........................................................................................180 RedundantInfrastructure.................................................................................................................181 SecurityintheCloud.....................................................................................................................................182 IdentityManagementintheCloud.....................................................................................................182 EntitlementsandAccessControls......................................................................................................183 VulnerabilityAssessmentandPatching..........................................................................................183 Summary............................................................................................................................................................184 Chapter10:KeyStepsinEstablishingEnterpriseCloudComputingServices.........................185 AligningBusinessDriverswithCloudServices.................................................................................187 UnderstandingBusinessObjectives..................................................................................................187 CloudComputingEnablesInnovation.........................................................................................188 AccommodatingVaryingDemandforServices.......................................................................190 ImprovingExistingProcesses..............................................................................................................190 IdentifyingWeaknessesinExistingITServiceDelivery..........................................................192 . PrioritizingInitiatives..............................................................................................................................193 PlanningforTransitiontoCloudComputing.....................................................................................193 AssessingtheCurrentStateofReadiness.......................................................................................194

xi

TheDefinitiveGuidetoCloudComputing

DanSullivan

IndentifyingtheDifferencesBetweenCurrentInfrastructureandtheInfrastructureto DeployfortheCloud.................................................................................................................................195 DeterminingtheBestCloudModelforYourRequirements...................................................196 PlanningforLongTermManagementandStability..................................................................197 ImplementingaCloudInfrastructure....................................................................................................198 ImplementingaPrivateCloud.............................................................................................................198 AdaptingPublicCloudServices...........................................................................................................200 UsingaHybridPrivatePublicCloud.................................................................................................201 ManagingandMaintainingaCloud........................................................................................................202 OperationalIssues.....................................................................................................................................202 BusinessManagementIssues....................................................................................................................203 Summary............................................................................................................................................................204

xii

TheDefinitiveGuidetoCloudComputing

DanSullivan

Copyright Statement
2010 Realtime Publishers. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the Materials) and this site and any such Materials are protected by international copyright and trademark laws. THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtime Publishers or its web site sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials. The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, noncommercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice. The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties. Realtime Publishers and the Realtime Publishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. If you have any questions about these terms, or if you would like information about licensing materials from Realtime Publishers, please contact us via e-mail at info@realtimepublishers.com.

xiii

TheDefinitiveGuidetoCloudComputing

DanSullivan

[Editor'sNote:ThiseBookwasdownloadedfromRealtimeNexusTheDigitalLibraryforIT Professionals.AllleadingtechnologyeBooksandguidesfromRealtimePublisherscanbefoundat http://nexus.realtimepublishers.com.]

Chapter1:ChangingtheWayWeDeliver ServiceswithCloudComputing
Computingisconstantlychanging,creatingnewhardwaretechnologies,improving software,andoptimizingbusinessprocesses.Thehistoryofcomputingisalmostaconstant streamofadvances.Mainframecomputingwasfollowedbyminicomputers,whichwere followedbypersonalcomputers,andmostrecentlymobiledevices.Softwaredevelopment followedasimilartrajectorywithanevolutionthatstartedwithbatchorientedmainframe applicationsandmovedthroughclientservermodelstohighlydistributedserviceoriented architecturesandWebapplications.Businessprocesseschangedandcomputingexpanded beyondthereachoflargevolumehighlyfocusedbackofficesystemssupportingcore operationstowidelyadoptedcollaborationandpersonalproductivityapplications. Sometimesthechangesinhardware,software,andbusinessprocessesconvergeinways thatcreatesignificantnewopportunitiesfordeliveringbusinessservices.Theadventof cloudcomputingisoneofthoseevents. Cloudcomputinginitssimplestformisamodelforallocatingcomputeandstorage resourcesondemand.Inpractice,itismuchmore.Cloudcomputingoffersnewwaysto provideserviceswhilesignificantlyalteringthecoststructureunderlyingthoseservices. Thesenewtechnicalandpricingopportunitiesdrivechangesinthewaybusinesses operate.TheDefinitiveGuidetoCloudComputingdescribesthetechnical,operational,and organizationalaspectsofcloudcomputingandprovidesaroadmapfornavigatingthe emerginglandscapeofcloudcomputing.

Overview
Cloudcomputingisabroadrangingandstilldevelopingsetoftechnologiesandbusiness practices.Thisguideexaminestheessentialtechnicalandbusinessaspectsofcloud computinginordertoprovideabroadassessmentofthebenefitsandchallengesfacing adoptersofcloudcomputing.Thisbookconsistsof10chapters;eachdealswitha significantaspectofcloudcomputing: Chapter1,thischapter,introducescloudcomputinganditsimpactonhowwe deliverservices.Inthischapter,weexaminethebusinessdriversbehindcloud computingandtherelatedissuesofthechangingeconomicsofinformation technology(IT).Thechapterconcludeswithadiscussiononaligningbusiness strategywithITservices,especiallywithregardtocloudcomputing.

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter2identifiestheessentialelementsofcloudcomputing,discussesdifferent typesofcloudcomputingservicesanddifferenttypesofclouddeliverymodels, rangingfrompublictoprivatecloudservices. InChapter3weexaminethebusinessadvantagesofcloudcomputingandthe varioussourcesofReturnonInvestment(ROI)incloudcomputing. ThebusinesscaseforcloudcomputingcontinuesinChapter4.Topicsinclude identifyingbusinesspriorities,assessingcurrentcapabilities,determining considerationsforadoptingacloudmodelforservicedeliveryandconsumption, andmeasuringthevalueofacloud. InChapter5thetopicshiftsfromthebusinesscasetounderstandinghowtoplanfor acloudandhowtoassessarchitectureoptionswithregardtocloudcomputing.Use casesareincludedtohighlightsomeofthepracticalconsiderationsindevelopinga plantomovetocloudcomputing. Chapter6delvesdeeperintothetechnicalissuesintroducedinChapter5.These includeprovidinghighavailabilitycompute,storage,andnetworkservices.Cloud managementandadaptingITprocedurestothecloudarealsodiscussed. InChapter7,wetakeaprocessorientedapproachandconsiderhowtousethe informationdevelopedinthepreviouschaptersandapplyittospecificbusiness needs.Subjectareasincludeperformingworkloadanalysis,managingcloud services,centralizingresources,anddefiningservicelevelagreements(SLAs). TheplanningtopicsofChapter7arefollowedbyChapter8.Thefocusofthischapter isonestablishingaprivatecloud,transitioningcomputeandstorageservices,and operationalissuesmanagingcloudservices. Chapter9delvesintolongtermmanagementissuesrangingfromcontrollingaccess tocloudservicestocapacityplanningandriskmitigation. TheDefinitiveGuidetoCloudComputingconcludeswithChapter10.Thischapter consolidatesandsummarizestheessentialaspectsofplanning,implementing,and managingcloudcomputingservices.

TheDefinitiveGuidetoCloudComputing

DanSullivan

Hardware Standardization

Virtualization and other Software Advances

Enterprise Cloud Computing

IT Management and Business Practices

Figure1.1:Enterprisecloudcomputingistheproductoftheconfluenceofadvances inthreedistinctareas:serverhardwarestandardization,virtualizationandother softwareadvances,andITmanagementandpractices.Withoutallthree,enterprise cloudcomputingwouldnotbepossible.

TheMovingTargetthatIsCloudComputing
GiventhespeedatwhichITchanges,writingadefinitiveguidecanbelikedesigningand buildingaplanewhileflyinginit.Thisisespeciallytrueofcloudcomputing.Publicclouds arewellestablishedandprivatecloudsareemergingasanalternativedeliverymodelof cloudservices.Identifyingwhichexistingapplicationsarereadilyportedtothecloudwhile spottingothersthatarebestrunonexistingplatformsisanongoingprocess.Applications arebeingbuiltthattakeadvantageofhighperformance,distributedcomputingthrough theuseofnewprogrammingparadigmsanddatabasedesigns.Vendorsarerevisingtheir infrastructuremanagementtoolstosupportclouds.Cloudcomputingisaquicklymoving target. Withtherelentlesspaceofchangeincloudcomputingtechnologiesandpractices,one mightarguethatitistooearlyandcloudcomputingtoovolatiletosuggestaroadmapfor understandingandadoptingcloudcomputing.Thisargumenthassomemerit,butits validityassumeswefocusonlowlevelimplementationdetails.Ratherthantrytodefine lowlevelbestpracticesinthisbook(itistooearlyforthat),webasethisworkonthe principlesandpracticesthatITprofessionalshavelongusedtoadaptandadjustto changingtechnologiesandbusinessconditions.

TheDefinitiveGuidetoCloudComputing

DanSullivan

ChangeisnothingnewtoIT,andourpastexperienceisasoundguidetounderstanding cloudcomputing.Withthatinmind,recognitionofthefollowingfactswillguidethe approachtakeninthisbook: Cloudtechnologywillcontinuetoevolveinintelligibleways.Weunderstand thecurrentstateofcloudtechnologyandrecognizethatitisaproductofearlier technologies. Changesincloudcomputingcomefromnotjustfromchangesinunderlying technologiesbutalsofromthewayswecombineandusethesetechnologies. Businessprocesses,workflows,andcloudmanagementwilldrivethewaywe combinecloudtechniques. Thefundamentalsofcomputingprincipleshavenotchanged.Basicbuilding blocksofITconsistofcomputing,storage,andnetworkresources.Theunderlying principlesofserialandparallelcomputinghavebeenknownforgenerations.Design andmanagementprinciplesthathaveguidedusinthepastarestillrelevant. Businessservicesdrivetheadoptionandcontinueduseofcloudservices. Unlessyouareacomputerscientist,cloudcomputingisameanstoanend,notan endinitself. Intechnology,asintheevolutionoflife,thosethatadaptwhathasworked wellinthepasttonewconditionsandfindwaystobuildonthosepast successestoaddressnovelchallengesarerewarded.Therewillbenosinglebest modelofcloudcomputingforallapplications.Thespecificconditionsand requirementsofaservicewillshapetheoptimaluseofcloudcomputingforthat service.

Ourgoalinthisbookisnottoprescribepreciseregimensforimplementingaspecificcloud computingapplication.Instead,theobjectiveistoprovidethereaderwithabackgroundin theunderlyingtechnologiesandbusinesspracticesofcloudcomputingalongwitha roadmapformovingfromthetheorytopracticeofcloudcomputing.

ABriefIntroductiontoCloudComputing
Cloudcomputingisamodelfordeliveringinformationservicesthatprovidesflexibleuseof virtualservers,massivescalability,andmanagementservices.Withthedictionary definitionoutoftheway,wecannowproceedtodescribingcloudcomputingintermsofits essentialfeaturesandhowitfunctionsalongsideotherinformationtechnologies.Cloud computingisauniquecombinationofcapabilitieswhichinclude: Amassivelyscalable,dynamicinfrastructure Universalaccess Finegrainedusagecontrolsandpricing Standardizedplatforms Managementsupportservices

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thesecapabilitiesenableanumberofvariationsincloudcomputingservices.Forexample, oneservicemightproviderawironserversforrunningspecializedapplications,another offersondemandrelationaldatabaseservices,whileyetanotherprovidesafullyfeatured CustomerRelationshipManagement(CRM)application. CrossReference Chapter2willexaminedifferenttypesofcloudcomputingoptionsinmore detail;fornow,wewillrestrictthediscussiontofeaturesthatarecommonto mostcloudcomputingoptions.

AMassivelyScalableInfrastructure
Ifwehadtochooseonecharacteristicthatmostdistinguishescloudcomputingfromother models,itisthemassivelyscalableinfrastructure.Intheory,onehasthepotentialfor massivescalabilitywithoutthecloudprovidedonehasthefinancialresourcestoacquire andtheskillstomanageamassivelydistributedinfrastructure.Thecloudputsthatkindof theoryintopractice. Massivescalabilityfromtheserviceconsumerperspectivemeanstheendusercontrols allocationofcomputeorstorageservicesasneeded.Inthepast,acquiringadditional computecyclesrequiredeitherprocuringadditionalhardware,whichcouldtakeweeks,or fittingjobsontoexistingservers.Procuringnewhardwarehasobvioustimeandcost drawbacks,butrunningjobsonotherserversisfarfromapanacea.Itisnotuncommonto runintoproblemssuchas: Incompatibilitieswiththeoperatingsystem(OS)orapplicationsontheserver Conflictsintheschedulingofworkloads Difficultiesallocatingcoststoownersofthejobsrunningontheserver Irresolvableviolationsofsecuritypoliciesregardingaccesscontrolsanddata protectionpolicies

Theseproblemscanoccurwhentryingtoshareasingleserveracrossapplicationor organizationalboundariesletalonehundredsorthousandsofserversthatmayberequired foracomputeintensivejob.Theproblemsareavoidedwithcloudcomputingbecauseof threecharacteristicsofthetechnology: Rapidallocationofvirtualservers Standardizedhardware Persistentcloudstorage

Together,thesecharacteristicsprovidethebenefitsofsoleuseserverswiththeefficiencies ofsharedresources.

TheDefinitiveGuidetoCloudComputing

DanSullivan

RapidAllocationofVirtualServers Cloudcomputingavoidstheseproblemsbydecouplingphysicalserversfromapplications andsingleusers.Inthecloud,auserallocatesthenumberandtypeofvirtualmachines neededtoperformatask.Thevirtualmachinesrunataskaslongasrequiredandthenshut downwhenthetaskiscomplete.(Actually,theimplementationdetails,suchaswhethera virtualmachineisactuallyshutdownorallocatedtoanotherjob,arecloudspecific; logically,itappearstothecloudusersthatvirtualmachinesarenolongerallocatedto them.)Inacloud,physicalserversbecomesharedresourceswithoutthedrawbacks previouslydescribed.AsFigure1.2shows,thedistributionofjobsandnumberofvirtual serversrunningonasetofphysicalserverscanchangequicklyinacloud.

Figure1.2:Virtualmachinesarequicklyallocatedanddeallocatedtospecifictasksin thecloud. AnyonewhohaswaitedhoursordaystohaveanOSandapplicationstackinstalledona servermaywonderhowcloudcomputingserverscanswitchamongusessoquickly.Ina cloud,largenumbersofphysicalserversarereadytorespondtothespecificrequestsfor computingservices.Often,thesephysicalserverswillsupportmultiplevirtualmachines eachdedicatedtodifferenttasks(seeFigure1.2). Differentcloudmodelsrequireorsupport(dependingonyourperspective)differentlevels ofconfigurationinformationfromusers.Inasimplecase,ausermayonlyneedtospecify thenumberofserversshewouldlikededicatedtoherjob.Aslightlymorecomplicated setupwouldrequiretheusertospecifyanumberofserversandtheroleseachserver carriersout,suchasaWebserverroleorapplicationserverrole.Anothermodelrequires userstospecifyaspecificvirtualmachineimagetoexecuteoneachofthevirtualmachines requested.Regardlessofwhichmodelisused,cloudscanrapidlyallocatevirtualmachines inresponsetothecomputingneedsofusers.

TheDefinitiveGuidetoCloudComputing

DanSullivan

StandardHardwarePlatform Anotherenablingcharacteristicofcloudcomputingistheuseofstandardhardware platforms,suchasthex64architecture.Bystandardizingonhardware,applicationsand OSscanrunonmanycombinationsofserverswithinthecloudwithoutincurringadditional overheadrequiredtomanagemanydifferenttypesofservers.Cloudprovidersmayoffer differentlevelsofcomputingservicesbyofferingthefunctionalequivalentofdifferent physicalconfigurations,suchas: Basicserver:64bit,2cores,2GBofmemory,and320GBoflocalstorage Midsizeserver:64bit,4core,8GBofmemory,and320GBoflocalstorage Advancedserver:64bit,8core,16GBofmemory,and1TBoflocalstorage

Inpracticethecloudprovidermayhaveall64bit,8core,16GBofmemoryserversbutwill varythenumberofvirtualmachinestoaccommodatethemixofservicesrequestedby users. PersistentStorageintheCloud Rapidlyallocatinganddeallocatingvirtualmachinesallowsforefficientallocationof computingresources,butmanyofthecomputationsrunontheseserverswillgenerate datathatmustbestoredforextendedperiodsoftime.Itisusefultohavelocalstorageon serversfortemporaryneeds,butoncethevirtualserverisdeallocated,anylocallystored datawouldbelost. Withpersistentcloudstorage,dataisstoredandmadeaccessibletoanyserverinthecloud, subjecttoaccesscontrolrestrictions.Decouplingpersistentstoragefromserversisanother waycloudcomputingprovidesforfinegrainedcontroloverresources.Thecombinationof rapidprovisioningofstandardhardwareandtheuseofpersistentstorageenablemassive scalability. ThePotentialNetworkBottleneck Threetypesofresourcesarefundamentaltocloudcomputing:computation, storage,andnetworking.Technologyisinplacenowtoenablemassive scalabilityofcomputeserversandstoragecapacity;thesamecannotbesaid fornetworkresources. Withinacloudinfrastructure,acloudserviceproviderhascontroloverthe networkarchitectureandresources.Ifadditionalbandwidthisrequiredto maintainservicelevels,cloudprovidersareinapositiontomakethose changes.Problemspotentiallycanarisewhenmovingdataintoandoutofthe cloud.Thisisespeciallythecasewhenthereisaninitial,largedataupload fromanexistingnoncloudstoragesystem.Itcanalsooccuriflargevolumes ofdataaregeneratedrapidlyandmustbemovedtothecloud.

TheDefinitiveGuidetoCloudComputing

DanSullivan

Inthecaseofprivateclouds,asinglecompanywouldcontrolthecloud infrastructureandthenetworkresourcesbetweenthesourceofthedataand thecloud.Publiccloudsdependuponpublicnetworkinfrastructure,andthat canvarywidely.Figure1.3showsthewidevariationinaveragenational broadbandspeeds.Althoughbusinessesmayhavetheresourcestopurchase additionalbandwidth,thesefiguresdemonstratethelimitsoflargescale publicnetworkinfrastructureindifferentregions. Onewaytomitigatetheproblemofthelargeinitialdataloadistophysically shipstoragemediatothecloudprovider.Thismaynotbeaviableoptionfor repeateduse;anotheroptionistogenerateandstoredatainthecloud, avoidingtheneedtousepublicnetworkinfrastructure.

Figure1.3:Averagenationalbroadbandspeeds(Mbps)varywidelyby region(Source:TheAkamaiStateoftheInternetReport2ndQuarter 2009.Volume2Number2).

UniversalAccess
Anotherdefiningcharacteristicofcloudcomputingisuniversalaccessfromanywhereon theInternet.Today,wehaveuniversalemailaccessovertheInternet,althoughitwasnot toolongagothatproprietaryemailsystemsrequiredlocalnetworkconnectionsorvirtual privatenetwork(VPN)accesstouseouremail.Similarly,accesstocloudcomputing resourcescanleverageInternetprotocolstoensurewidespreadaccess. Universalaccessshouldnotbeconfusedwithopenaccess,especiallywithregardtoprivate clouds.Companiesandgovernmentsdeployingprivatecloudswillhaveauthenticationand authorizationsystemsinplacetocontrolaccesstoprivatecloudresources.Evenpublic cloudsrequiresomedegreeofidentitymanagementinsupportofmanagementreporting andbilling.

TheDefinitiveGuidetoCloudComputing

DanSullivan

FineGrainedUsageControlsandPricing
Theeconomicbenefitsofcloudcomputingareoneofthekeydriverstoadoption.Oneof thefeaturesthatenablethisbenefitisfinegrainedusagecontrolsandpricing. Whenwepurchaseservers,wepayupfrontforasubstantialresourcewithapproximately a3yearusefullifespanandsomeresidualvalueattheendofthatperiod.Tryingto optimizepurchasedecisionsatthisgranularityisdifficultbecausetheROIdependson manydifficulttogaugefactors,liketheloadonthesystemoverthelifeoftheserver,which willvarywithchangingbusinessconditionsandrequirements.Ifweundersizeaserver,we risknotmeetingSLAs.Ifweoptforexcesscapacity,weincurunnecessarycosts.Cloud computingcanadjustthecomputeandstorageservicesasapplicationdemanddictates. Cloudcomputingmodelsallowustopurchasecomputeresourcesbasedonthemixtureof jobsthatneedtobedonenow.Similarly,wepurchaseandpayforstoragebasedonwhatis actuallyneedednow.Wenolongerhavetomakepurchasedecisionsbasedonsingleserver considerations,suchaspeakcapacityrequirements.Duringperiodofpeakdemand,we provisionadditionalresourcesfromthecloudandreleasethemwhenthedemandismet andpayonlyforwhatisused.

StandardizedResources
Cloudcomputingprovidesstandardhardware,virtualization,andapplicationplatforms. Standardization,however,isnothomogenization.Thereisroomforarangeofoptionsin cloudcomputing.Forexample,acloudcanprovideafewdifferentconfiguredservers,a coupleofdifferentOSs,andseveraldifferentapplicationstackstochoosefrom,suchas LinuxorMicrosoftOSsandLAMP(Linux,ApacheHTTPServer,MySQLdatabaseand Perl/Pythonprogramminglanguages)orMicrosoft.NetFrameworkapplicationstacks. Bylimitingtherangeofoptions,cloudprovidersavoidexcessivemanagementand maintenanceexpensesandkeepthemarginalcostsofexpandingthecloudtoaminimum. This,however,hastobebalancedwithbusinessrequirementsthatmayjustifyagreater rangeofcustomization.

Figure1.4:Atsomepoint,increasingcustomizationofimagesincursadditional managementcostsandanassociateddecreaseinmarginalbenefit. 9

TheDefinitiveGuidetoCloudComputing

DanSullivan

ManagementSupportServices
Cloudcomputingisnotacompleteservicewithoutmanagementsupportservices.These servicessupportbothoperationalandmanagementaspectsoftheuseofcloudcomputing. Operationalsupportservicesenableclouduserstoprovisiontheresourcetheyneed withoutadditionalsupportfromITstaff.Theyinclude: Provisionservers Searchandselectvirtualimagestorunonserverinstances Allocatepersistentstorage Monitorjobsexecutingonallocatedservers

Managementreportsareespeciallyimportantformanagingcosts.Theseincludereporting on: Timeperiodsandnumberofserversallocated CPUutilization Storageuse Networkbandwidthconsumedtouploadanddownloaddatatoandfromthecloud

Managementsupportservicesprovidetheinformationneededtorefinetheuseofcloud services.Forexample,CPUutilizationreportsmayindicatelowutilizationinjobsthathave beenspreadovermoreserversthannecessary.Storagereportsandnetworkbandwidth usereportsmighthelpidentifyjobsthatinvolvetransferringdataintoandoutofthecloud atacostgreaterthanusingpersistentstorageservicestostorethatdatainthecloud.Cloud computingservicesarenotcompletewithoutthistypeofmanagementsupportservices. Thisbriefintroductionhasjustscratchedthesurfaceofkeyaspectsofcloudcomputing, suchasmassivescalability,universalaccess,finegrainedusagecontrolsandpricing, standardizedplatforms,andtheroleofmanagementsupportservices.Moredetailson thesetopicsareprovidedthroughouttherestofthisbook,butbeforewedelvefurtherinto technicaldetails,wewillturnourattentiontothedriversbehindcloudcomputing adoption.

DriversBehindCloudComputing
Cloudcomputingchangesthewayweconsumeandprovideservicesandintheprocess improvestheuserexperience.Thecombinationoftechnologiesdescribedintheprevious sectionenablethesedriversbutarenotthedriverstoadoptionthemselves.

10

TheDefinitiveGuidetoCloudComputing

DanSullivan

ABetterWaytoConsumeServices
TheearlydaysofITweredominatedbymonolithicapplicationsthatperformedaseriesof relatedtasksinafixedorder.Applicationsprocessedaccountingtransactionstobalance thebooks,calculatedpayrollforthecompany,andgeneratedmonthlystatementsfor customers.Thisapproachworkedwell,andstillworkswell,forsomebusiness requirements,butitdoeshavesomedrawbacks: Isolatingspecializedfunctionsthatmightbeusefulinotherapplications Utilizingafairlyrigidflowofexecutionmakingitdifficulttoadapttoemerging requirements Offeringfewoptionstovaryservicelevelsaccordingtovaryingneeds

Cloudcomputingreadilysupportsserviceorientedarchitectures,whichcanprovidea betterwaytoconsumeservices. ServiceOrientedArchitectureintheCloud Serviceorientedarchitecturesuselooselycoupledservicestodeliverfunctionality.Each serviceisimplementedinawaythatdoesnotrequireordependuponknowledgeofthe waytheserviceisused.Forexample,servicetocalculatethecreditriskofacustomercould beusedbyacustomersalesportalaswellasabackofficeriskanalysisapplication.Service orientedarchitecturesexchangedataandinvokeservicesstandardssuchasSimpleObject AccessProtocol(SOAP)andframeworkssuchasRepresentationalStateTransfer(REST).

Figure1.5:Servicesorchestrationcombineslooselycoupledservicesinaflowof executiondesignedtocompletealogicalunitofwork. Byimplementingaserviceorientedarchitectureinthecloud,customerscanconsumeonly theservicestheyneedforaslongastheyneedthemandbebilledonlyforthatuse.The sameleveloffinegrainedcontroloverresourceusethatthecloudprovidesatthelevelof serversandstorageisavailableattheserviceslevelaswell.

11

TheDefinitiveGuidetoCloudComputing

DanSullivan

DifferentiatedLevelsofService Thecloudmodelofcomputingalsosupportsdifferentiatedlevelsofservice.Customerscan choosetheappropriatelevelfortheirneeds.Forexample: Acustomerexecutinganonlinetransactionprocessingapplication(OLTP)mayneed highthroughputandrapidresponsetimes.Thiswarrantsanumberofhighend serverswithasinglevirtualmachineinstancerunningthecustomersOLTP application. Amarketinganalystdataminingtheresultsofseveralcampaignsmaybewillingto havealongerturnaroundtimeinreturnforrunningherapplicationonalowercost lowendserver. Ateamofdevelopersperformscontinuousintegrationtestingeverynightandneeds guaranteeddeliveryofoutputatthestartofthenextbusinessday.Thejobscanrun atanytimeduringthenightaslongasthetherearesufficientserverresourcesto completethejobintime.Thejobcouldbeallocatedtolowendserversearlyinthe night,orifdemandforthoseishigh,canrunlaterinthenightbutonanumberof higherendservers.

Cloudcomputingenablescustomerstodefinethelevelofservicetheyrequire,whichin turn,allowsthecloudprovidertooptimizeworkloadsacrosscustomersandcloud infrastructure.

MoreEfficientDeliveryofServices
Thereareanumberofwaystoexploitthefinegrainedcontrolsovercompute,storage,and higherlevelservicesincloudcomputingtomakeservicedeliverymoreefficient.Someof themostimportantare: Managementinfrastructure Optimizationofworkloadsacrosssharedinfrastructure Selfservicemanagement Monitoring

Thesesupportservicesprovetobebeneficialforbothcloudconsumersandproviders.

12

TheDefinitiveGuidetoCloudComputing

DanSullivan

ManagementInfrastructure Bothpublicandprivatecloudssupportalargepoolofpotentialcustomerswithawide rangeofdiverseservicerequirements.Cloudcomputingsupportstheserequirementswith awelldefinedsetofbasicservicecomponents,soacomprehensivemanagementstructure canbebuiltonasmallnumberofmanagementservices,suchas: Trackingcustomeruseofvirtualserversintermsofnumberofserversandtime usedbyserver Trackingtheamountofpersistentstorageusedbycustomersforagivenperiodof time Accountingforthedatatransferintoandoutofthecloud Accountingfordatatransferwithinthecloud Trackingtheuseoflicensedsoftware

Thistypeofmanagementreportingenablescloudproviderstobillcustomersforresources used.Providerscanhelpcustomersoptimizetheiruseofthecloudbyprovidingnearreal timeupdatesontheirresourceutilizationaswellasaggregatebillingandchargeback reports. Cloudcomputingintroducesnewopportunitiesforsoftwarevendorstochangehowthey pricetheirsoftware.Nameduserandnumberofuserbasedpricingschemeswillfitwell withcloudcomputing,butCPUorcorebasedpricingmethodsareproblematic.Ahighly parallelizedapplicationmightrunfor10hoursonasingleserverorin1houron10 servers.Ifthesoftwarewerelicensedtorunonlyonasingleserver,thecustomerwilllose asignificantadvantageofcloudcomputing.Expectvendorstoexperimentwithnewpricing modelsforenterprisesoftwareasbusinessesadoptcloudcomputing. OptimizationofWorkloadsAcrossSharedInfrastructure Alargeserverfarmisindistinguishablefromasetofcloudserverswhenlookingatthe hardware.Servers,switches,routers,powersupplies,andothercomponentsarethesame. Thedifferenceliesinhowtheseresourcesareused. Theserversinatypicalcorporatedatacenterpriortotheadventofcloudcomputingwere assignedtoaparticulardepartmentorapplicationuse.Theconfigurationwasrelatively fixedandchangedonlywhentheserverwasupgraded,reassigned,ordecommissioned. Theseserverswereconfiguredtodoonetypeofoperation.Thismakesforareliable computeresource,butnotanefficientone. Serverswithfixedconfigurationsarelesslikelytohavehighutilizationrates.Unlessthere isasteadystreamofjobsthatfitsthemachinesconfiguration,therewillbeidleperiods. Withoutproperinfrastructureforrapidlydeployingvirtualmachines,thecostof reconfiguringaserverissohighthatitisdoneonlyforsignificantlongtermchanges.Inthe cloud,thecostofswitchingvirtualmachinesislowenoughthatidleserverscanbe reconfiguredwithdifferentvirtualmachineimagesallowingotherapplicationstorunon thesamephysicalserverthathadjustbeenrunningothertypesofjobs.

13

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure1.6:Inthecloud,serverutilizationcanbesignificantlyhigherwhen workloadsaredistributedandoptimizedoveravailableservers. SelfServiceManagement Incloudcomputingenvironments,provisioningandothermanagementtoolsaremade availabletocloudserviceconsumers.Thislowersthecostofdeliveringcloudservicesby eliminatingorsignificantlyreducingtheneedforITprofessionalstocompleteallocating anddeallocatingoperations.SelfservicemanagementalsoeliminatesITstaffavailabilityas apotentialbottlenecktousingthecloud.Cloudconsumershavethetoolstheyneedto acquireandusecloudresourcesthemselves.

14

TheDefinitiveGuidetoCloudComputing

DanSullivan

Monitoring Thestateofthecloudwillfrequentlychange.Newimagesareloadedintosomeserversto executejobswhileothervirtualserverinstancesareshutdownwhenjobscomplete.Itis importanttomonitorboththeavailabilityofserversandtheworkloadsrunninginthe cloud.Afteraserverhasbeendeprovisioned,itshouldbequicklyallocatedforanewjobto maintainmaximalutilizationrates. Thecombinationofmanagementinfrastructure,optimizationofworkloadsacrossshared infrastructure,selfservicemanagement,andmonitoringofcloudresourcescreatesakey driverbehindcloudadoptionthemoreefficientdeliveryofservices.

ImprovingtheUserExperiencethroughCloudComputing
Anotherdriverbehindcloudcomputingisthatitcanimprovetheenduserexperience.As notedearlier,cloudserviceconsumershavemoredirectcontrolovertheresourcesthey use.Simplified,Webuserinterfacesmakesthispossible. Usersarealsorelievedoflongtermmanagementissueswhenusingcloudservicesinstead ofdedicatedservers.Concernssuchasschedulingpatches,ensuringsecuritypoliciesare enforced,performingbackups,anddevelopingadisasterrecoveryplanareaddressedby thecloudserviceprovider.Usersarefreetofocuslessonmaintenanceandmoreoncore businessissues. Cloudcomputingalsoimprovestheuserexperiencebyloweringthebarriersto experimentingwithdataoranewbusinessprocess.Forexample,amarketinganalyst mighthaveanideaforincreasingmarketshareforaproductinaparticularregion. Evaluatingheridearequiresasubstantialamountofdataandcomputeresources.Thesales datawarehousemakesuseofcloudstorage,sothedataisreadilyavailableand provisioningserversisasimplematterwiththecloudsWebinterface.Withoutcloud computingresourcesimmediatelyavailable,thecostofprocuringorborrowingserversto runthisjobmayhavebeensohighthatitwasnotdone. Cloudcomputingchangeshowweconsumeservices,howwedeliverservices,andtheway endusersexperiencetheuseoftheseservices.Thesethreefactorsarefundamentaldrivers behindcloudcomputing.Thereare,however,othereconomicfactorsinvolvedaswell.

ChangingEconomicsofIT
Theeconomicsbehindcloudcomputingmakeacompellingcaseforadoptingthisapproach todeliveringservices.Theeconomicbenefitscanbeseeninatleastthreeareas: Reducingcapitalexpenditures Efficientlyallocatingresources RapidlydeliveringITservices

Acommonthreadamongallthreeareas,aswewillexploreinamoment,isthatcloud computingallowsustosharecomputinginfrastructureinawaynotpreviouslypossible and,intheprocess,realizeefficienciesunrealizeduntilthispoint. 15

TheDefinitiveGuidetoCloudComputing

DanSullivan

ReducingCapitalExpenditures
Anobviouseconomicadvantageofcloudcomputingfromtheconsumerperspectiveisthe reducedneedforcapitalexpenditures.Consumersofcomputeandstorageservicesdonot havetoprocuretheunderlyinghardwarethatenablesthoseservices.Ratherthanfollowa payupfrontmodel,cloudserviceconsumersfollowapayasyougomodel.Thepayas yougomodelisespeciallyadvantageouswhenaconsumerwouldhavetopurchase serversandstoragetoaccommodatepeakcapacitybutthatpeakcapacityisneededfor onlyrelativelybriefperiodsoftime. Considerthefollowingexample.Anonlineanalyticprocessing(OLAP)application generatesweeklybusinessintelligencereportsthatrequireanumberofhighendservers toperformallcalculationsinthetimeallottedtotheprocess.Inthisscenario,theservers areunderutilizedmostofthetime;nonetheless,inthededicatedserverapproachto consumingcomputeservices,wehavetoplanforandpurchaseforpeakdemand.Abetter optionistousetheelasticscalabilityofthecloudtoprovisiontheserverswhentheyare neededandreleasethemwhenthereportsarecomplete.

EfficientlyAllocatingResources
Cloudcomputingmoreefficientlyallocatescomputeandstorageresourcesthandedicated serverapproaches.Thesourceoftheefficiencystemsfromseveralfactors: Abilitytomanageworkloadsandallocatejobstoavailableserversthroughtheuse ofrapidlydeployedvirtualmachineimagestoserverswithexcesscapacity Abilitytosharestorageresourcesandrealizetheeconomiesofscalewithregardsto centralizedstorageservices Moreefficientsupportoperations,suchasbackupandrecovery;ratherthanmanage manydifferenttypesofbackupjobsthatvaryaccordingtotheneedsofdedicated servers,cloudproviderscanconsolidatebackupoperationsofcentralizedstorage Cloudscanbeconfiguredtousegeographicallydistributeddatacentersand replicationservicesbetweenthedatacenterstoprovidedisasterrecoveryforall cloudconsumers;underthededicatedservermodel,wemustplanfordisaster recoveryseparatelyatthedepartmentorprojectlevel Highavailabilityofservicewithoutsignificantoverheadifaserverweretofailin thecloud,itcouldsimplyberemovedfromthepoolofavailableresources;jobs wouldcontinuetorunonotherservers;inthededicatedservermodel,astandby serverwouldbeneededtoactasabackupforeachprimaryserver

16

TheDefinitiveGuidetoCloudComputing

DanSullivan

MoreefficientpatchmanagementwhenservershaverelativelyfixedOSs,each systemmustbeindividuallypatchedtokeepuptodatewithsecurityand performancepatches;underthecloudmodel,virtualmachineimagesstoredina centralizedcatalogcanbepatchedandwhennewinstancesofvirtualmachinesare started,thepatchedimagesaredeployed Increasedselfservicewithregardstoprocuringserversandstoragereducedemand onITpersonnel Moreefficientserverutilizationrequiresfewserverswhich,inturn,leadstolower hardwarecostsandpowerconsumption

Astheseexamplesshow,efficienciesarisebothfrommoreefficientallocationofITassets andofITpersonnel.Forconsumersofcloudservices,thistranslatesintomoredirect controloverhowtheyuseservicesandthatcantranslateintomoreefficientbusiness operations.

RapidlyDeliveringITServices
Withacloud,businessescanmorerapidlydeliverservicestomeetchangingbusiness requirementsandmarketconditions.Onceagain,thereisnosinglepartofthecloudmodel thatenablesthis;instead,itisacombinationoffactors. Onceagain,theabilitytorapidlyprovisionanddeprovisioncomputeandstorageresources isimportant.Ifdemandforaserviceweretorapidlyspike,forexample,foraretailer duringtheholidayseason,serverscanbeaddedtoscaletomeetdemand. AnotherconsiderationistheabilitytoexpandtherangeoffunctionsprovidedbyIT applications.Inthiscase,serviceorientedarchitecturesarewellsuitedforrapid reconfigurationofapplicationsthroughserviceorchestration(seetheearlierdiscussionof serviceorientedarchitectureinthecloud).Functionalitydevelopedforoneapplicationand deliveredthroughthecloudusingserviceorientedarchitecturecanbereadilyadaptedto otherapplicationsaswell. Theeconomicbenefitsofcloudcomputingemergeindifferentways,includingareduction intheneedforcapitalexpenditures,moreefficientallocationofresources,andtheability torapidlydeliverandadaptITservices.Theefficienciesenabledbythereducedtimeand costofcloudcomputingwillbemaximizedonlyifbusinessstrategyisalignedwithIT services.

17

TheDefinitiveGuidetoCloudComputing

DanSullivan

AligningBusinessStrategyandIT
ITservesthestrategyofthebusiness,butkeepingbusinessobjectivesandIToperationsin alignmentisnotalwayseasy.Wemayhaveaclearbusinessstrategymappedtodetailed businessprocessesthatarereadytoimplementbutstilltheexecutionstumbles.Why?One reasonisthattheinformationsystemsneededtoexecutethestrategyareinsufficientor poorlymatchedtotherequirements.Cloudcomputingandserviceorientedarchitectures canmitigatetheriskofsuchmisalignments,assumingtheyareusedinwayssupportiveof businessstrategy. AligningbusinessstrategyandITservicesisaseveralstepprocess,atleastatthemost coarselevel: Identifyingkeybusinessobjectives IdentifyingITservicesneededtosupportthoseobjectives AssessingthecurrentstateofITservicesandidentifyinggapsbetweentheexisting setandtheneededsetofITservices. Developingaplanforreducingthegapbetweentheexistingandneededsetof informationservices

Keybusinessobjectivesmayincludecontrollingandreducingcosts,enablingmorerapid responsetochangingmarketconditions,improvinggovernanceoftheorganization,or improvingtheresiliencyofIToperationstoadverseevents,suchashardwarefailures,loss ofpower,ornaturaldisaster.Manyoftheservicesneededtosupportbusinessobjectives canbereadilyidentifiedoncethebusinessobjectivesareknown.Costcontrolsandcost reductioncomewithmoreefficientserverutilization,moreselfserviceinsystems management,andreducedoverheadassociatedwithinfrastructureservicessuchas backups,highavailability,anddisasterrecovery. Thegapanalysisprocessshouldtakeintoaccountbothtechnicalandorganizational considerations.Forexample,willexistinghardwarereadilydeployinacloudarchitecture orwillnewhardwareberequired?Areservicemanagementpracticesmatureenoughto implementinselfservicedeliverysystems?Isabillingorchargebackmechanisminplaceif aprivatecloudisunderconsideration? Thefirststepsincreatingaplantomovefromtheexistingtotheneededsystemsareto prioritizethegapsandidentifydependenciesintheprocess.Thisiscertainlynotatrivial process,butwewilldelveintoamoredetailedexaminationofthefullalignmentprocessin Chapters5through7.

18

TheDefinitiveGuidetoCloudComputing

DanSullivan

Summary
Cloudcomputingisamodelofservicedeliverythatisenabledbyaconfluenceofadvances inhardware,software,andbusinessprocesses.Theavailabilityofstandardizedservers capableofrunningmultiplevirtualmachines,standardizedvirtualmachineimagesfor deliveringcompleteapplicationstackstoserversondemand,andmatureservice managementpracticesthatlendthemselvestoasignificantlevelofselfserviceall contributetoenablecloudcomputing. Cloudcomputingisdifferentfromotherapproachestoservicedeliverybecauseofits uniquecombinationofattributes,including: Amassivelyscalable,dynamicinfrastructure UniversalaccesstoservicesfromanyInternetenableddevice Finegrainedusagecontrolsandpricingthatallowformoreefficientdeliveryof services Standardizedplatformsthatlendthemselvestolowerprocurementandoperational costs Managementsupportservicesforserviceconsumerstocontroltheiruseofcloud resources

Beingabletobuildwiththesecharacteristicsisnotsufficienttowarrantwidespread adoptionbybusiness;therehavetobeadditionaldriversbehindthetechnology.Thereare severalbusinessdriversbehindcloudcomputing: Cloudcomputingoffersanefficientwaytodeliverservices Cloudcomputingcoupledwithserviceorientedarchitecturesimproveonwaysto consumeservices Cloudcomputingimprovestheenduserexperiencebymakingiteasiertoworkwith servicesandapplythemtonewopportunities

Inadditiontothesebusinessdrivers,therearecompellingeconomicargumentsfor adoptingacloudmodel,suchasreducingtheneedforcapitalexpendituresandefficiently allocatingcomputeandstorageresources.Cloudcomputingisespeciallybeneficialwhen alignedwithbusinessstrategytocosteffectivelyandrapidlydeliveressentialservices. Inthenextchapter,wewillturnourattentiontodemystifyingdifferenttypesofcloudsand theircharacteristics.

19

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter2:DemystifyingCloudComputing
Thetermcloudcomputinghasbecomeashorthandwayofdescribingawiderangeof differentcomputingservices.Whendescribingtheircloudoffering,avendormightfocuson theabilitytorapidlyprovisioninstancesofvirtualmachinestorunapplicationsofyour choice.Anothervendormightusethetermcloudwhenpromotinganewwaytolicense andrunthevendorsapplicationsonthevendorsservers.Ofcourse,thereareanynumber ofdefinitionsinbetween. Thegoalofthischapteristodemystifycloudcomputingbydefiningasetofcommon characteristicsthatshouldbeincludedinanycloudservicethatcouldbeconsideredready forenterpriseuse.Thecommoncharacteristics,asweshallsee,stillleaveplentyofroom fordifferenttypesofcloudcomputing.Wewillexamineseveraltypesofcloudservicesand theadvantagesanddisadvantagesofeach.Thechapterconcludeswithadiscussionof differentclouddeliverymodelsthatrangefrompublictoprivateclouds.

ANoteonTerminology
Asnotedinthefirstchapter,thetypesofcomputingserviceswearedescribingrepresent anevolutionofinformationtechnologyandservicedelivery.Theelementsofcloud computingarenotradicallynew,butweareusinganddeployingtheminnewways.This cansometimesleadtoconfusioninterminology. Consider,forexample,thetermprovisioning.Inthepast,provisioningaserveralmost alwaysmeantthataphysicalserverwasacquired,configured,anddeployedtoan organizationsnetwork.Thetermstillhasthatmeaning,butitisnottheonlywaytheterm isusedwhendescribingcloudcomputing.Provisioningcanalsomeancreatinganinstance ofavirtualmachine,forexample,torunajobinthecloudforsomeperiodoftimeafter whichthevirtualmachineisshutdown. Thereasonweusethesametermfordifferentprocessesisthatbothapplytomakinga computingresourceavailabletoaspecifictask.Thekeydifferencesaretiedtophysical versusvirtualservers,thedurationforwhichtheserverisassignedtoaspecifictask,and thetimerequiredtomaketheserveravailable.(Thesedifferenceunderlietheefficiencies cloudcomputingintroduces;however,beforewecanrealizethoseefficiencies,weneedto beclearaboutallthevariablesthatareatworkwithservicesdelivery.Thischapterwill makethosevariablesclear.)

20

TheDefinitiveGuidetoCloudComputing

DanSullivan

Throughoutthischapterandtherestofthisbook,wewilluseexplicitdescriptions, distinguishing,forexample,provisioningaphysicalserverfromprovisioninganinstanceof avirtualmachine.Thetextwillalsodistinguishmodelsofpersistentstoragewhen discussingdatabases.Relationaldatabasesarealiveandwellinclouds,buttheyarebyno meanstheonlydatabasemodelavailable.Systemsmanagementisanothertermthatis adaptingtoaccommodatenewtasksthatapplicationadministratorsareexpectedtohandle whenworkingwithclouds. Describingfundamentalcharacteristicsofcloudcomputingisasteptodemystifyingthis newwayofdeliveringservices.

SearchingforaCommonDefinition:3FundamentalElementsofCloud Computing
Reasonablepeoplecandisagreeaboutprecisedefinitionsofnewtechnologies.Wewill forgowellconstraineddefinitionsofcloudcomputingandinsteadconsiderthree characteristicsthatarerequiredtodeliverthetypesofservicesmostofushavecometo expectfromcloudcomputing: Massivescalability Abilitytoeasilyallocatecloudresources Aservicemanagementplatform

Thereareothercharacteristics,suchassecurity,thatareentailedwithinthesethreeand willbediscussedshortly.Massivescalability,theabilitytoeasilyallocatecloudresources, andaservicemanagementplatformareessentialconstituentsofacloudcomputing service.

MassiveScalability
Massivescalabilityistheabilitytorapidlyallocatelargeamountsofcomputingresources ondemand.Thisisnotscalabilityinthesenseofpurchasinghundredsofservers,waiting forthemtobedelivered,configured,anddeployed.Massivescalabilityincloudcomputing istheabilitytodeliversignificantresourcesinamatterofminutes,notdaysorweeks.

Figure2.1:Massivescalabilityprovidestheabilitytorapidlyincreasetheamountof allocatedcloudresourcesasneededforajob. 21

TheDefinitiveGuidetoCloudComputing Threetypesofresourcesshouldbeavailable: Computingresources Storageresources Networkbandwidth

DanSullivan

ComputingResources Computingresourcesarethemeanstoprocessinformation.Iftherewereasingle workhorseincloudcomputing,thiswouldbeit.Computingresourcesareprovisionedfora cloudcomputingtaskindifferentways,dependingonthecloudmodel.Atminimum,there isasmallestunitofcomputingresourcethatisallocated.Thiscouldbe,forexample,a virtualmachineequivalenttoanx64architecture,2GHzCPUdualcoreprocessorwith 32GBofmemoryand300GBoflocalstorage.Specificationssuchasthisshouldbe consideredalogicalspecification.Thevirtualmachinerunningjobscouldbehostedonany ofanumberofphysicalimplementations.Thisisoneoftheadvantagesofcloudcomputing: Thedetailsofthephysicalimplementationareabstractedsothattheconsumerofcloud servicesdoesnothavetoconcernthemselveswithsuchdetails. Abstractingcomputingservicescanalsoleadtomoreefficientdelivery.Forexample,a cloudprovidercan: VarytheamountofhardwarerunningatanytimeaccordingtodemandDuring periodsofpeakdemand,manylargeserversmayberunningwhileduringlow demandperiods,onlythemostenergyefficientserversarekeptpoweredon. RunjobsindifferentdatacenterstobetterallocateworkloadThisfunctionalityis constrainedtosomedegreebybusinessrequirements.Forexample,businesses subjecttoEuropeanUnion(EU)privacydirectivesmayrequirethatallpersonal informationonEUcustomersbekeptincountriesthatmeetaminimumlevelof privacyprotections. Executeworkloadsonphysicalserversthatminimizethedistancebetweenthe computeresourcesandthestorageresources

Cloudserviceprovidersallabstractsomelevelofimplementationdetails,butthatlevelcan varysignificantly.Considerafewdifferentscenarios.

The(Near)RawIronApproach
Onecloudproviderallowsconsumerstoselectatypeofvirtualmachine(typesvaryby numberofcores,amountofmemory,andsoon)andthevirtualimagetorunonthat machine.Theremaybeseveraloperatingsystems(OSs)tochoosefromaswellasavariety ofapplicationstacks.Thismodelhastheadvantageofgivingcloudconsumersawiderange ofoptionsbutatthecostofadditionalconfigurationresponsibilities.Forexample,acloud consumermayhavetheoptiontoconfigureandrunaparticularstatisticalanalysispackage onapreferredversionofLinuxwiththisprovider,butsheisalsoresponsiblefortuning andpatchingthisimage.

22

TheDefinitiveGuidetoCloudComputing

DanSullivan

TheServerRoleApproach
Asecondcloudprovidermaylimittherangeofoptionsinreturnforasimplified deploymentmodel.Ratherthanallowcustomerstobuildtheirownvirtualmachineimages, thecloudprovidermayofferasmallsetofpreconfiguredimagesdesignedforspecific roles,suchasloadbalancing,runningaWebserver,orprovidingapplicationservices. Underthisapproach,cloudconsumerscoulddefinethenumberWebserverstheyneedand thenumberofapplicationserversrequiredwithouthavingtoconcernthemselveswithOS orapplicationstackdetails.

TheAPIApproach
Anotherapproachacloudvendormayprovideisageneralcomputingplatformthat abstractsevenbasicdistinctionssuchasWebserversandapplicationservers.Underthis model,cloudconsumersdevelopapplicationsthatuseacloudprovidersapplication programminginterface(API),whichmightinclude,forexample,functionsfor: Definingdatastructures Creatingassociativearrays(keyvaluepairs) Specifyingqueries Implementingtransactions Utilizingtaskqueues

Whentheapplicationisrun,thecloudconsumerneedonlyspecifythenumberofserversto dedicatetothetask.Bylimitingtherangeofoptionsforimplementinganapplication,the cloudconsumerhasfewersystemsmanagementissuestoaddress.AsFigure2.2shows, thereisatradeoffbetweenflexibilityandsystemsmanagementresponsibility.

Figure2.2:Cloudconsumershavearangeofoptionsthatbalancedifferentlevelsof flexibilitywiththeneedforsystemsmanagementtasks. 23

TheDefinitiveGuidetoCloudComputing

DanSullivan

StorageResources Massivescalabilityimpliestheabilitytopersistentlystorerawdataandcomputedresults. Forthecloudconsumer,theamountofstorageneededatanypointintimeshouldrapidly scaletomeetdemand.Aswithcomputingresources,storageresourcesshouldbeallocated asneededandthereshouldalwaysbestorageavailable. Cloudstorageisavailableinafewforms: Asfilebasedstorage Asblockbasedstorageinwhicharbitrarylargeobjectsarestored Asrelationalstorageinwhichdataismaintainedinrelationaldatabasestructures

Datastoredinthecloudismanipulatedinmuchthesamewayasitisinnoncloud architectureswithsomeminordifferences.BlockbasedstoragemaybeaccessedviaURL. Relationaldataisqueriedthesameinoroutofthecloud,butdatabaseadministratorswill havelesstomanagewithregardstothephysicalallocationofspaceandreplicationofdata forhighavailability. NetworkResources Theabilitytomovedatafromcomputetostorageresourcesmustscalealongwiththose resources.Withinthecloud,thenetworkcapacityandinfrastructureisdefinedand managedbythecloudprovider.Providerscanreasonablyplanformovingdatafrom serverstostoragearraysorreplicatingdatabetweenstoragedevices.Thesituation changeswhendatahastomoveintooroutsideofthecloud. Cloudserviceprovidersaremoreconstrainedintheirabilitytodelivernetworkscalability becauseofdependenceontheoutsidenetworks.Cloudconsumerstransferdataintoand outofthecloudusingwhatevernetworkservicestheyhaveacquired.Thismayormaynot besufficientforthevolumesofdatathatneedtobetransferred.Inresponse,somecloud providersoffersneakernettothecloudservices:physicalstoragedevicesareshippedto thecloudproviderwheretheyareuploadedtothecloud. Partofoptimizingcloudbasedservicesisdeterminingthebestwaytomovedataintoand outofthecloudandminimizingtransfersoutsidethecloud.Thenetworkbottleneckisone reasontogenerate,process,andstoredatainthecloudasmuchaspossible. Massivescalabilityisafundamentalcharacteristicofcloudcomputing.Cloudproviders offerdifferentapproachestoprovidingcomputingresourcesthattradeoffbetween flexibilityinapplicationsthatcanruninthecloudwithdemandsoncloudconsumersto managesystemresources.Similarly,massivestoragescalabilityisfundamentaltocloud computing.Atthispointintime,networkingresourcesoutsidethecloudareapotential bottlenecktomovingdatatoandfromthecloud.

24

TheDefinitiveGuidetoCloudComputing

DanSullivan

AbilitytoEasilyAllocateCloudResources
Cloudcomputingcansignificantlyreducetheneedforsystemsadministrationsupportby providingeasytousetoolsforallocatingcloudresources.Oneoftheadvantagesof abstractingmanyimplementationdetailsisthatitallowsforgreaterautomationofthe cloudresourceprovisioning.Asnotedearlier,cloudprovidersofferdifferentlevelsof abstractionofservices,butinallcases,theprovidershouldoffertoolsthatenable applicationadministratorstheabilitytoadjusttheusageasdemanddictates. Considerasimpleexample.Amarketinganalysthasjustacquiredseverallargedatasetson productsalesoverthepastseveralmonths.Thisisaonetimetaskandtheanalystneedsto aggregatethedataforbusinessreportingaswellasrunsomestatisticalanalysisprograms overeachdataset.Outsidethecloud,theanalystwouldneedtoperformseveraltime consumingsteps: Findadepartmentserverwithavailabilityandconvincetheownertoallowthejobs torunonthatserver. Next,assumingaserverisfound,theanalystwouldthensubmitatickettosystems administratorstoinstallthenecessaryanalysissoftware. Whenthatisdone,whichcouldbeafewhourstoafewdaysdependingontheIT supportbacklog,theanalystwouldneedtouploadthedata.Ifthedatais compressed,additionalstoragewillberequiredtostoreboththecompressedand decompressedfilesuntilthedecompressoperationiscomplete. Runtheanalysisjobs.Thisisacomputeintensivejob,sothetimetocompleteitwill dependonthenumberofCPUresourcesavailable.Iftheanalystwasprovidedwith avirtualserverrunningonahostwithseveralothervirtualmachines,the workloadsontheothervirtualmachinescanadverselyimpactthedataanalysisjob.

Thesameprocessinthecloudissignificantlylessarduous. Selectavirtualmachineimagetorunoncloudserversfromacatalogofimages. ThesecanrangefromOSonlyimagestocompletedevelopmentoranalysis environments. Specifythenumberofthevirtualinstancestorun.Insomecases,cloudvendorsmay offeroptionsonthesizeofservers(forexample,small,midsize,highend),inwhich case,thesizewouldneedtobespecifiedaswell.Asmultipleserversareavailable, theanalysisjobcanbesubdividedintosmallerjobsandruninparallel. Loadthedataintocloudstorageanddecompressifnecessary. Runtheanalysisjobs.

ThesestepswouldbeperformedinaWebbrowserusingaresourcemanagementinterface bytheanalyst.ThereisnoneedforspecializedITsupport,noneedtosearchforaserver withavailablecapacity,andnoneedtoallocatediskspacetoafilesystem.Thecombination ofmassivescalabilityandeasytouseinterfacetoallocateresourcesprovidestwoofthe threecoreelementsofcloudcomputing.Theabilitytomanageservicesistheother.

25

TheDefinitiveGuidetoCloudComputing

DanSullivan

ServiceManagementPlatform
Oncewemovebeyondsimplescenariosliketheonepreviouslydescribedandstartto considerenterprisescalemanagementissues,theneedforaservicesmanagement platformbecomesclear.Acosteffectivecloudservicewillofferamanagementplatform thatsupportsfouraspectsofservicemanagement: Supportforautomatedprovisioninganddeprovisioningofresources Selfserviceinterface Aservicecatalogofstandardizedservices Policydefinitionandenforcement

Supportforautomatedprovisioninganddeprovisioningandtheselfserviceinterfacewere coveredintheprevioussection,sowewillfocusourattentionontheothertopicshere. ServiceCatalogofStandardizedServices Aservicecatalogintroducesconsistencyandreusabilitytothecloud.Acatalogincludes virtualmachineimagesthatcanrunwithinthecloudwithminimalsetuponthepartofthe cloudconsumer.Theseimagescapturedesignpatternsthathaveworkedwellinotheruse cases. Forexample,abasicWebserverservicemightincludethelatestversionoftheApacheWeb server,afullypatchedandhardenedLinuxOS,andaproperlyconfiguredfirewall.Another imageintheservicecatalogcouldprovideanextraction,transformation,andload(ETL) applicationforusewithdatawarehousingapplications.Withtheabilitytoinstantiatea fullyfunctionalETLsysteminamatterofminutesusingaselfserviceinterface,the barrierstoentrytobusinessintelligenceanddataanalyticsissignificantlyreduced. PolicyDefinitionandEnforcement Aservicemanagementplatformcanensurethatoperationsinthecloudcomplywith organizationpolicies.Technicalpoliciescanaddressissuessuchas: Authenticationandauthorizationrequiredtouseresources Resourcelimits,suchasthenumberofconcurrentvirtualserversausercanhave instantiatedduringpeakloadperiods Preinstantiationchecks,suchasensuringimagesareproperlypatchedbefore executingorvirtualmachinesusecurrentlyapprovedversionsofsupportedOSs

26

TheDefinitiveGuidetoCloudComputing Organizationalpoliciescanbeenforcedaswell.Theseinclude:

DanSullivan

AdjustingthecostofusingresourcesaccordingtodemandThiscouldbe implementedwithapolicyofpeakloadpricingorbiddingbasedspotpricing. Prioritizingworkloadsintheeventsufficientresourcesarenotavailableduring peakdemandperiods Controllingthenumberofinstancesofaparticularapplicationthatisrunningatany onetimeThisiswouldbeusedtoensurecompliancewithsoftwarelicensing agreements

Aservicemanagementplatformisessentialtoreducinglaborcostsassociatedwith deliveringinformationservices.ItenablesnonITprofessionalstoallocateresourcesthey needwhentheyneedthemwhilestillensuringorganizationpoliciesarefollowed.

ACloudbyAnyOtherName
Cloudcomputinghasthepotentialtosignificantlyreducecostsandimprovethedeliveryof businessservices.Itisnowondervendorswouldwanttooffersomethinginthisarea. Simplycallingaserviceofferingacloudisnotenough,atleastforTheDefinitiveGuideto CloudComputing.Thisguidehasandwillcontinuetoarguethatcloudcomputingentails massivescalability,easytoallocateresources,andaservicemanagementplatformthat includesaservicecatalog.Thesethreeelementsareessentialtoofferingaviablecloud computingserviceinanenterprise.

Figure2.3:Cloudcomputingrequiresthreefundamentalelementstobeeffectively usedinenterprisecomputing. 27

TheDefinitiveGuidetoCloudComputing

DanSullivan

Ifanydoubtsremain,considerifanyoneofthesethreecharacteristicsweremissing. Withoutmassivescalability,therewouldnotbetheresourcesrequiredtomeetfluctuating demand.Cloudconsumerswouldhavetohavebackupresourcesinplaceincasecloud resourceswerenotavailable.Traditionalservicedeliverymodelswouldcontinuetoexist andunderminethecostbenefitsofcloudcomputing.Withouteasyprovisioning,cloud consumerswouldstillhavetodependonITsupport,creatingthepotentialforbacklogs anddrivinguplaborcosts.Withoutaservicemanagementplatform,cloudconsumers wouldnothaveawellmanagedservicecatalog,thelackofwhichwoulddriveupcostsof creatingandmaintainingvirtualmachineimages.ITsupportwouldnothaveamechanism toenforcepolicies,leavingthepotentialtoviolategovernanceandcomplianceregulations. Billingandresourcemanagementwouldrequiremoremanualprocesses,drivingupcosts inturn. Cloudcomputinglendsitselftoawidearrayofservicesandservicedeliverymodels.Aswe willseeinthenextsection,therearemanywaystoprovidecloudservices.

DifferentTypesofCloudComputingServices
Cloudcomputingcanencompassabroadrangeofservices,soitisnotsurprisingtoseea numberofbroadoptionsemerging.Theseservicesrange,inincreasingorderofspecific typeofservice,toinclude: Infrastructure Platformservices Applicationservices

Eachlevelofservicemeetsadistinctsetofneeds.

InfrastructureServices
Infrastructureservicesdelivercomputingandstorageservices.Thistypeofserviceisthe oneusedasamodelintheprevioussectiondescribingthethreedefiningcharacteristicsof cloudcomputing.Herewewillturnourattentiontodescribinghowthistypeofservicecan beusedalongwithanexampleusecasetoshowhowcloudcomputingcansignificantly improvesometypesofservicedelivery.

28

TheDefinitiveGuidetoCloudComputing

DanSullivan

ComputingonDemand Theabilitytoprovisioncomputingresourcesforjustaboutanycomputingrequirementis valuableenoughtodrivetheadoptionofcloudcomputingevenifnoneoftheothertypesof cloudcomputingserviceswereavailable.Withcomputingondemandservices, organizationshavetheabilitytoallocatevirtualmachineresourcesforavarietyoftasks: Executingproprietaryworkflows Meetingpeakdemandforcomputing Performingdisasterrecovery Runninghighlydistributedapplications

Byallocatingjustbasiccomputingservices,cloudconsumerscanrunproprietary workflowsthatdonotdependonpreconfiguredservices.Abroadsetofserviceimagesina servicecatalogcanprovideastartingpointforbuildingproprietaryworkflows.For example,theservicecatalogwouldhavevirtualmachineimageswithOSsandapplication servers,whichuserscouldinstantiateandthenaddcustomapplicationstocompletetheset ofcomponentsneededfortheworkflow. Thistypeofcloudservicealsoworkswellforaccommodatingpeakdemandperiodsfor eitherstandardizedapplicationsorproprietaryworkflows.Existinginfrastructuremaybe sufficientforaverageloads,butduringpeakperiods,suchastheholidayshoppingtimesin theretailindustry,additionalcomputingservicesmaybeneededforrelativelyshort periodsoftime. Maintainingadisasterrecoverysitecanaddsignificantlytothecostofprovidingaservice. Evenifadisasterrecoverysiteisneverused,businessespayforthehousingequipment, powertokeepaminimalinfrastructurerunning,andmaintainingserversandother equipment.Theremaybemarginallaborcostsaswelltomaintainthesite.Analternative, andoneenabledbythecomputingondemandmodel,istouseacloudproviderasa disasterrecoveryservice.Todothis,abusinesscould: Maintainasetofvirtualmachineimagesthatwouldrunthebusinessapplicationsin theeventofadisaster Maintaincopiesofdataincloudstorageusinganappropriatecombinationof backupsandnearrealtimereplication Establishaplanforprovisioningcloudservicestomeetdisasterrecovery requirements;forexample,someservicesmayberunonsmaller,andtherefore lowercost,serverswhileindisasterrecoverymode

Ofcourse,astheserequirementsdemonstrate,computingondemandcanbeclosely coupledtostorageondemand.

29

TheDefinitiveGuidetoCloudComputing

DanSullivan

StorageonDemand Storageondemandcanprovidefile,block,orrelationalstoragetomeetavarietyof requirements.Insomecases,suchastheneedforoffsitebackup,theneedforstorageis fairlyconsistent.Cloudstorageofferstheabilitytoprotectbackupsfromsitespecific damagebutwithouttheneedtomaintainanotherphysicalsite.Whendealingwithmultiple remotesites,copyingbackupstothecloudcanbeanappealingoptionratherthan physicallytransportingtapesfromthosesitesormaintainingadditionaldiskstorageata datacentertoaccommodatethosebackups. Demandforstoragecanvarywidely.Forexample,anaccountingfirmmayhavepeak demandfor2to3monthspriortotaxfilingdeadlineswhenlargeamountsofdataare comingintothefirm.Afterthedeadline,datacanbearchivedandmovedoffdisk,but withoutanoptionsuchascloudbasedstorageondemand,thefirmwouldhavetomaintain peakstoragecapacityallyear.Thewidepotentialforondemandcomputingandstorage canbedemonstratedwithamoregenerallyapplicableexampleaswell. BusinessIntelligenceUseCase Businessintelligencereportingisdrivenbylargevolumesofuptodateinformation. Collectingandprocessingthisdatacanimposesignificantdemandsoncomputingand storageresources,especiallywhentheETLphasehastooccurinalimitedwindowoftime. Withondemandcomputingandstorage,datacanbeuploadedfrommultiplelocalsources simultaneously.Thatdataisthenaggregatedatlowandmidlevelsinparallelbeforebeing aggregatedatagloballevelandfinallystoredinaclouddatabaseforlaterreport generation.

Figure2.4:Withondemandcomputingandstorage,timecriticaloperationslike aggregatingdataforbusinessintelligencereporting,canbedoneinparallel.This ensuresthejobcompleteswithintheallottedtime. 30

TheDefinitiveGuidetoCloudComputing

DanSullivan

Runningtheaggregationoperationsinparallelallowstheprocesstocompletefasterthanif donesequentially.Runningtheoperationswithcloudresourceseliminatestheneedfor maintainingdedicatedserversthatwouldotherwisebeunderutilized. Infrastructureservicesareanappropriatedeliverymodelwhenorganizationsrequire basiccomputingandstorageresources.Whenthoseneedsincludecomponentscommonly foundinapplicationstacks,theplatformservicesdeliverymodelmaybeabetterfit.

PlatformServices
Platformbasedcloudservicesdeliverhigherlevelservicesthantheinfrastructurebased modeloffers.Platformbasedservicesincludetoolsfordesigning,developing,and deployingapplicationsusingasetofsupportedapplicationcomponents,suchasrelational databasesandapplicationsecurityservicesthatspanmultiplelayersoftheapplication stack.

Figure2.5:Platformservices(ingreen)provideapplicationdevelopment componentsbuiltonlowerlevelcloudservices. RelationalDatabaseServices Relationaldatabasesarethedatabackboneofmostenterpriseapplications.Sincethelater 1970s,relationaldatamodelshaveofferedsignificantadvantagesoverotherdatabase frameworks.Continuousimprovementinrelationaldatabasemanagementsystemshave allowedrelationaldatabasestokeepupwithgrowingandchangingdemandsformanaging persistentdata.Oneofthelatestadvancesistheabilitytohostrelationaldatabasesina cloud. Toavoidanyconfusion,itisworthnotingthattherearetwowaysonecouldhosta databaseinthecloud.Onemethodissuitableforsmallprojectswithshortlifespans,the othertakesadvantageofcloudinfrastructureforamorescalablesolution.

31

TheDefinitiveGuidetoCloudComputing

DanSullivan

ASimpleRelationalDatabaseSystemintheCloud
Thefirstmethodbasicallytransfersthesameapproachtodatabasemanagementwe typicallyuseoutsidethecloudandappliesitinthecloud.Underthismethod,adatabase administratorprovisionsavirtualserverandinstallsthedatabasemanagementsystemon thatserverusinglocaldiskstoragefordatabasefiles.Thisapproachmaybesuitablefor limitedneedsbutisnotageneralsolutionforpersistentrelationalstorageinthecloud. Onedrawbackisthatlocalstorageisallocatedtoausersvirtualmachineinstanceonlyas longastheinstanceisrunning.Oneoftheadvantagesofthecloudisthatvirtualmachine instancesarestartedandstoppedasneeded.Unlesstheinstancehostingthedatabaseis keptrunning,thedatabasewillbelost.Anotherdrawbackisthattheversionsofrelational databasemanagementsystemsrunningontypicalenterpriseserversarenotdesignedto takeadvantageofcloudstorageservicesbasedonallocatingblocksorbucketsofstorage forarbitrarydata.Althoughthisisonewaytouserelationaldatabasesinthecloud,itisnot whatisgenerallyconsideredarelationaldatabaseservice.

RelationalDatabaseServicesOptimizedfortheCloud
Relationaldatabaseservicesforthecloudtakeadvantageofthescalabilityofcomputeand storageresourcesofthecloud.Asonemightexpect,relationaldatabaseservicesattendtoa numberoflowlevelimplementationdetailsthataretypicallytheresponsibilityofa databaseadministrator.Forexample,withinthecloud,databaseadministratorsdonot havetoconcernthemselveswith: Managingdiskspace Specifyinghowtodistributelowleveldatastructures,suchastablespaces,across multiplediskstooptimizeperformance MonitoringI/Opatternstodetectbottlenecksindiskoperations Replicatingdatatoensurehighavailabilitysincepersistentdataistypicallywritten tomultiplelocationswithincloudstorage

Ofcourse,thisdoesnotmeantheendtodatabaseadministratorsasweknowthemany morethancloudcomputingisputtinganendtosystemsadministration.Database administratorsworkingwithrelationaldatabaseservicescanfocusmoreattentiononthe logicalaspectsofdatabasedesign: Definingschemas Optimizingindexes Tuningstoredproceduresandtriggers Creatingviewsandotherabstractionstobettersupportapplicationdevelopment

Also,expectcloudproviderstosupportthethreefundamentalcharacteristicsofcloud computingwithrespecttorelationaldatabases:massivescalability,easytoallocate resources,andaservicemanagementplatform.

32

TheDefinitiveGuidetoCloudComputing

DanSullivan

ApplicationServers Applicationcomponentservicesprovidemiddlewareservicesinthecloud.Likerelational databases,middlewareapplications,suchasapplicationserversandportalservers,canbe optimizedforthecloud.Thisensuresthecomponentscantakeadvantageofscalability, highavailability,andservicemanagementplatformsprovidedinthecloud. SecurityServices Securityisnotacomponentonecanisolatelikeadatabaseoramessagingqueue.Security isaproductofspecializedcomponents,suchasauthenticationandauthorizationservices, aswellassystemsdesign.Thefundamentalprinciplesofsecurityarenodifferentinthe cloudthanoutsidethecloud.Wecannot,however,simplyusethesamesecurity proceduresinthecloudthatweuseoutsidethecloudanymorethanwecansimplyruna databasemanagementsystembuiltforasingleserverinthecloudandexpectcloudlike benefits. Securityservicesneedtobeembeddedintocloudplatformservicesand,ataminimum, includesupportfor: Authentication Authorization Auditingandreporting Keymanagement Securitytokenmanagement

Authenticationandauthorizationarenecessarytodeterminewhoisusingasystemand limitingwhattheyareallowedtodo.Auditingandreportingarerequiredtoensurepolicies andproceduresareenforcedandtodetectunauthorizedactivityassoonaspossible.Key managementandsecuritytokenmanagementareespeciallyimportantindistributed systemswheremultiplesystemsdependontrustedidentitymanagementsystemsto performauthentication,authorization,andothersecurityservicesontheirbehalf. Aboveinfrastructureservicesandplatformservicesinthehierarchyofcloudservices,we findapplications.

ApplicationServices
Todayscomplexenterpriseapplicationsareoftenbuiltonapplicationframeworksand designpatterns,soitisnotsurprisingtoseesupportfortheseinthecloud.The frameworksvarybutincludecomponentssuchasruntimelibraries,development frameworks,andhigherlevelapplicationcomponents.Thelevelofsupportfordifferent frameworkswillvarybycloudprovider,especiallyifprovidersspecializeinsupportingone typeofframework.Insomecases,acloudprovidermayofferaframeworkspecifically designedforthecloudandnotavailableinotherarchitectures.

33

TheDefinitiveGuidetoCloudComputing

DanSullivan

Evenwithvariationinframeworksandprogramminglanguages,anumberofapplication servicesmaybeavailablethatallowprogrammerstotakefurtheradvantageofwhata cloudinfrastructurehastooffer.Twosuchservicesaremessagingqueuesandsupportfor highlydistributed,parallelprocessing. MessagingQueues Messagingqueuesprovideforasynchronouscommunicationbetweenprocessesrunningin thecloud.Messagingisusefulforconstructingworkflows,implementingdistributed transactions,andaccommodatingthefailureofacomponentwithinadistributedsystem. ConsiderasanexampleaWebinterfacerunningononeserveracceptsrequestsfromusers. Inatightlycoupledapplication,theinterfacemaypasstherequesttooneinstanceofa backendserviceandwaitforaresponse.Ifthebackendserviceisdown,theapplication fails.Inalooselycoupleddesign,theinterfacewouldsubmittherequesttoaqueue.Any oneofanumberofinstancesofthebackendservicecouldreadtherequestfromthequeue, respondtoit,thendeletetherequest.Ifasingleinstanceofthebackendserverisdown,the requestcanstillbeserviced.Ifoneofthebackendinstancescrasheswhileprocessinga request,anotherinstancecanstillreadtherequestbecauseitisnotdeletedfromthequeue untiltheresponseisgenerated.

Figure2.6:Tightlycoupledsystemsaremorelikelytohavesinglepointsoffailure; messagingqueuesenablemorerobustapplicationdesign. Applicationserviceswithinthecloudalsoincludehigherlevelcomponentsthatenable enterpriseapplicationfunctionality.

34

TheDefinitiveGuidetoCloudComputing

DanSullivan

Distributed,ParallelProcessing Oneoftheadvantagesofcloudarchitecturesisaccesstoalargenumberofservers.This introducesopportunitiesforperformingoperationsinparallelthatwouldnormallyhaveto bedonesequentiallywhenonlyasmall,fixednumberofserversareavailable.A programmingparadigmknownasmapreduceisonesuitableforcloudsmethodto implementparallelapplications. Thebasicideabehindmapreduceisthatsomeproblemsareinherentlyparallel:Some stepsinthecomputationcanbedoneindependentlyofotherstepsandtheresultsof individualcomputationscanbecombinedtoproducethefinalresult.TheETLexample citedearlierhighlightsaproblemwithcoursegrainedparallelism.Thatproblemcanbe brokendownintoasmallnumber(forexample,ontheorderof10)stepsfollowedbyan aggregationprocesstocombineresults.Otherproblems,especiallythosewithlarge amountsofdata,canbedividedintoevenlargernumbersofsubproblems. Takeforexample,analyzingclickstreamdata.Abusinessisanalyzingpatternsofactivity ontheirecommercesitetodeterminewhethertherearecommoncharacteristicsshared acrosscustomerinteractionsinwhichthecustomerabandonshisorhercart.Theclick streamdatafromtheWebsitecontainsinformationaboutwhatproductsthecustomer viewed,reviewsthatwereread,andnavigationpathstakentothepointwhereaproduct wasaddedtothecart.Asonecustomersactivityisindependentofothers,thisisagood candidateforhighlyparallelanalysis. Amapreduceapproachtothisproblemcouldbedefinedasfollows: Splitthesetofallclickstreamdatabycustomersession Partitionthecustomersessionsacross100instancesoftheanalysisprogram Foreachcustomersession,scantheclickstreamforthenumberoftimeseach possible3pagesequencepatternoccurs;tosimplifythepattern,lookfortypesof pages,suchasproductdetails,reviews,searchresultsthisisthemapphase Combinetheresultsofeachmapphasetoproducetheaggregatenumberoftimes eachpatternoccurredthisisthereducephase

Akeyadvantageofthisapproachisthatlargevolumesofclickstreamdatacanbeanalyzed muchfasterinparallelthansequentially,therebycreatingthepossibilityforgreater amountsandmoreindepthanalysisofcustomerinteractionbehavior.

35

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure2.7:Mapreduceisaparallelprogrammingframeworkthatworkswellwith cloudcomputingandstorage. Applicationmiddleware,suchasapplicationservers;designpatterns,suchastheuseof messagingqueuesforasynchronouscommunicationacrossmultipleprocesseswithina cloud;andprogrammingframeworks,likemapreducethatexploittheparallelcapabilities ofacloud,areallenablingcomponentsfordeliveringenterpriseapplicationsinthecloud. Ascloudtechnologyadoptiongrows,wecanexpecttoseemoreenterpriseapplications beingoffereddirectlytocloudserviceconsumers.

ApplicationsandBusinessServices
Providingapplicationandbusinessservicesfromthecloudpresentsanopportunityto consolidatethoseservices.Thebeneficialfeaturesofcloudcomputing,suchasflexible scalabilityandaservicemanagementframework,canenableorganizationstoreducethe numberofseparateinstancesofapplicationsrunningthroughouttheenterprise. ConsolidatingEnterpriseApplications Considerafewcommontypesofenterpriseapplications: Customerrelationshipmanagement(CRM) Enterpriseresourceplanning(ERP) Businessintelligence

Eachofthesetypesofapplicationscanhavebroadreachthroughoutabusiness.Withthe commonlyusedoneserver/oneapplicationapproachthathasbeenusedforyears, businessesmayfindthemselveslimitedtohowmanyuserstheycansupportwiththese applications. Forexample,consideracompanythatrunsaCRMapplicationonaserversufficientfor currentneedsaswellassomemoderategrowth.Thecompanythenmergeswithanother businessthatalsoneedsCRMsupport.TheITstaffofthenewcompanywillhaveto determinewhetherasingleservercansupportthenewlymergedenterpriseormultiple instancesofthesystemwillhavetoberun.Thelatteroptioncanleadtofragmentationand arbitrarydivisionsthatinturncanleadtoorganizationalproblemsdowntheroad. 36

TheDefinitiveGuidetoCloudComputing

DanSullivan

LetsassumethebusinessdecidesthatrunningtwoinstancesoftheCRMapplicationisthe morecosteffectivealternative.ThecustomersaredividedgeographicallywithNorth America,SouthAmerica,andSoutheastAsiacustomersinoneinstance,andEurope,Middle East,Africa,andotherAsiacustomersinthesecondinstance.Ahostofquestionsarise: Howshouldcustomersinglobal,transnationalcompaniesbedivided? Willregionalsubdivisionsofcustomersbeseparated? Howcostlyandtimeconsumingwillitbeiftheallocationofcustomershastobere arrangedtoalignwithnewbusinessstrategy? Whatisrequiredtosupportafederatedidentitymanagementsystemsothatusers inonesystemcanaccesstheothersystemasneeded?

SimilarquestionscanbeaskedaboutERPsystems;insteadofcustomersthough,the questionswouldfocusonbudgets,inventories,financialprojections,andaccountingissues. Inthecaseofbusinessintelligence,fragmentationcanoccuraroundtoolsandprocedures. Enterprisescaledatawarehousesmayhavededicateddatabaseadministratorswhoare abletotuneandmanagecomplexdatabasemanagementsystems.Departmentswithmore limitedrequirementsmaybuildlocallymanageddatamartsemployingeasiertouse databasesandreportingtools.Thismaybethemostexpeditiousapproachintheshortrun butovertimeitcanleadtoduplicateddata,increasedsoftwarelicensingcosts,and redundantadministrationcosts. MovingenterpriseapplicationssuchasCRM,ERP,andbusinessintelligencesystemstothe cloudcanhelpreducecostsandimprovethedeliveryofbusinessservices.With standardizedvirtualmachineimagesandcentralizedcloudstorage,additionalcompute resourcescanbebroughtonlineasdemandforservicesgrows.Asdataisconsolidatedin thecloud,wecanavoiddatafragmentationproblems.Standardizedvirtualmachineimages deployedthroughaservicesmanagementplatformreducethedemandforspecialized databaseandsystemsadministrationexpertiseindepartmentsrunninglocalapplications, suchasdatamarts. ManagingBusinessServicesandWorkloads Asapplicationsmovetothecloud,therewillbeaneedtomanageaccordingtoservicelevel agreements(SLAs)andotherexpectationsforperformanceandavailability.Thiswill requirebothtechnicalandmanagementapproachestotheproblem. Onthetechnicalside,applicationadministratorswillneedtoutilizeperformancereporting providedbytheservicemanagementplatformtoensureSLAsaremetincosteffective ways.Runningmultipleinstancesofanapplicationandloadbalancingacrossthose instancescanhelpmaintainperformanceandprovidealevelofreliabilitytothesystem. Onthemanagementside,weneedtobecognizantofutilization.Thereisnopointrunning sixinstancesofanapplicationwithanaverageserverutilizationof25%whenrunning threeinstancesstillleavesplentyofmarginforspikesindemandwithouttheneedto instantiateanothervirtualmachineimage.

37

TheDefinitiveGuidetoCloudComputing

DanSullivan

Itisclearasweconsiderthedifferenttypesofservices,frominfrastructuretoplatformto applicationservices,therearemanywaystoleveragecloudservicesandthebenefits generallyarisefromasetofcommonattributes.

CommonAttributesofCloudServiceModels
Thethreedefiningcharacteristicsofcloudsmassivescalability,easytoallocateresources, andaservicemanagementplatformdescribekeyarchitecturalelementsofcomputing andstorageclouds.Aconsumerofcloudservicesmayseeadifferentsetofattributesfrom theirperspective: OndemandselfserviceTheabilitytoallocate,use,andmanagecomputing, storage,application,andotherbusinessservicesatwillwithoutdependingonIT supportstaff UbiquitousnetworkaccessTheabilitytoworkwithcloudresourcesfromany pointwithInternetaccess;cloudserviceconsumersarenotdependentonbeingin corporateheadquartersorinadatacentertohaveaccesstoanenterprisecloud LocationindependentresourcepoolsComputeandstorageresourcesmaybe locatedanywherethatisnetworkaccessible;resourcepoolsenableredundancyand reducetherisksofsinglepointsoffailure ElasticscalabilityCloudconsumersdecidehowmuchofanyresourcetheyutilize atanytime;allocationisdrivenbyimmediatedemandnottheneedtomaintain capacityforpeakdemand FlexiblepricingCloudproviderstypicallychargewithapayasyougomodel;as cloudcomputingmatures,wewilllikelyseeavarietyofpricingmodels,including pricesthatvarybylevelofdemand

Wehavedescribedcloudservicesfromanarchitecturalview,intermsofservices delivered,andfromtheperspectiveofacloudconsumer.Oneremainingdimensionwe shouldconsideristhepublic/privateclouddistinction.

CloudDeliveryModels
Whencloudcomputingfirstemergedasaviableplatform,thetermgenerallyappliedto whatwewouldnowcallapubliccloud.Ascloudcomputingexpanded,sodidthedelivery modelstothepointwherewehaveatleastthreedistinctdeliverymodels: Publicclouds Privateclouds Hybridclouds

Publicandprivatecloudshaveadvantagesanddisadvantages;hybridcloudsattemptto capturethebestofbothworlds.

38

TheDefinitiveGuidetoCloudComputing

DanSullivan

PublicClouds
Publiccloudsarecomputingandstorageservicesthatareopentoanyconsumer.An immediateadvantageofusingapubliccloudisthatthereisnoupfrontcapitalexpenditure requiredofbusinessusers.Cloudconsumerspurchasecomputingandstorageservicesas neededandpayastheygo.Therearelikelycostsassociatedwithtransferringdatatoand fromthecloud,andthesecostscaneasilygrowbeyondthecostofcomputingandstorage forhightransferrates.Anotherdisadvantageisthatbusinessesaredependentonthe viabilityandreliabilityofthecloudprovider.Ifthereisasignificantserviceoutage,data andserviceswillbeinaccessible.Riskassessmentsandmitigationstrategiesarecalledfor whenworkingwithanycloud,buttheyareespeciallynecessarywhencriticalbusiness servicesaredependentonthirdparties.

PrivateClouds
Privatecloudsareownedandoperatedbybusinessesfortheirinternaluse.Thisdelivery modelcanbeespeciallyappealingwhencompliance,security,andotherrisksfactor significantlywhendevelopingacloudstrategy.Akeyadvantageofaprivatecloudisthat thebusinessisincontroloftheservice:itcansetpricingandpolicies,controlaccess,and defineitsownservicecatalogofvirtualmachineimagesforuseinthecloud.Aprivate clouddoesrequirecapitalexpendituretoprocurehardwareandsoftwareforthecloud.A staffofITprofessionalsmustalsobeavailabletoadministerandmanageservices.To realizethegreatestbenefitofthecloudarchitecture,multipledatacenterswillimplement distributedstorageandcomputeinfrastructure.Capacityplanningisalsoanissue.A businesscouldfindasuccessfulprivatecloudcreatesdemandsthatexceedcurrent capacity.Expandingaprivatecloudcanrequiresubstantialcapitalexpenditure;ahybrid modelcouldbeabetteralternative.

HybridClouds
Ahybridcloudcombinespublicandprivateclouds.Abusinessthathasimplementeda privatecloudcanusepubliccloudresourcesasanextensionoftheirowncloud.Therearea fewdifferentwaystodoso. Thetwocloudscouldbeseparatelymanagedserviceplatforms.Policiesareestablishedto governwhatkindsofjobscanruninthepubliccloud,andcloudconsumershavetheoption torunandmanagetheirjobsinthepubliccloud.Thisapproachgivescloudconsumers freedomtochoosebetweentwoservices.Theremaybecaseswherethepubliccloudisless expensiveorcanprovidecapacityunavailableontheprivatecloud. Anotherwaytomanagethehybridprivatepubliccloudistoenableaccesstothepublic cloudfromwithintheservicemanagementplatform.Thetwoservicesarestill independent,butcloudconsumerswouldhaveasinglepointofmanagement. Finally,thepubliccloudcouldbetreatedasanextensionoftheprivatecloudby implementingavirtualprivatenetwork(VPN)inthepubliccloud.Underthismodel,a portionofthepubliccloudistreatedasanextensionoftheprivatecloud. Asissooftenthecaseininformationtechnology,thereismorethanonewaytodelivera service,andthebestoptioninanysituationishighlydependentonspecificrequirements. 39

TheDefinitiveGuidetoCloudComputing

DanSullivan

Summary
Cloudcomputingisrelativelyyoung,butintheshorttimesinceitsinception,ithas managedtocreateahostofcompetingdefinitions,architectures,servicemodels,and deliverymethods.Acrossallofthesevaryingwaysoflookingatcloudcomputing,wefind commoncharacteristics,includingmassivescalability,easeofallocatingresources,anda servicemanagementplatform.Buildingonthisfoundation,cloudproviderscandelivera rangeofservices,frominfrastructuretoplatformstoapplicationsandbusinessservices.No singledeliverymodelmeetsallneeds,butthecombinationofpublic,private,andhybrid cloudsofferarangeofoptionssuitableformanybusinessrequirements.

40

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter3:EnablingBusinessInnovationby UsingCloudComputing
Manydiscussionsofcloudcomputingfocusonitstechnologicaladvantagesandthereare manybuttherearebusinessadvantagesaswell.Thischaptershiftsfocusfromquestions ofarchitectureandoperationstoissuesofservicedeliveryandreturnoninvestment(ROI). Afterall,cloudcomputingisnotanendinitself(unlessyouareacomputerscientistor systemsarchitect)butameansofdeliveringexistingservicesmoreefficientlyandenabling thedeliveryofnewservicesthatmaynotbepracticalunderothermodels. Thechapterisdividedintothreemainsections: LaunchinganewbusinessserviceThefirstsectioncomparesservicedelivery undertraditionalITservicemodelsandundercloudcomputing.Examplescenarios willillustratesomeofthekeydifferences. AdvantagesofdoingbusinesswithcloudcomputingTheadvantagesofdoing businesswithcloudcomputingincludethereducedtimerequiredtodelivernew services,newmeanstocontrolcosts,theabilitytoscaletodemand,andthe adaptabilityofcloudcomputing. SourcesofROIinthecloudROIincloudcomputingcomesfrombothreduced capitalcostsandloweroperationalcosts.Aswithothertechnologies,theROIinthe cloudishighlydependentonmorethanjustthetechnology;howyouimplement andmanagecloudservicescontributestohowmuchofthepotentialROIisactually realized.AsafirststeptounderstandingthesourceofROIincloudcomputing,lets consideracoupleofhypotheticalexamplesofhowservicedeliveryinthecloud differsfromtraditionalITservicedelivery.

41

TheDefinitiveGuidetoCloudComputing

DanSullivan

LaunchingaNewBusinessService
Thereisnothinglikelaunchingabusinessservicetocombinetheexhilarationofcreating somethingnewwiththeapprehensionassociatedwithchoreographingalltheelements requiredforasmoothlaunch.Andthereisnoshortageofpiecesthatmustbeinplace: Thecomputing,storage,andnetworkservicesrequiredtosupporttheservice Softwarethatcapturesthefunctionalrequirementsofthenewservicewhile providingausableinterface Awelldevelopedplanfordeployingelementsintheproperordersothat dependenciesareinplaceasnewcomponentsareputinplace Policiesandprocedurestogovernhowtheserviceinfrastructureismanagedand maintained Arecoverystrategyandcorrespondingsystemstomitigatetheriskofdatalossor servicedeliveryfailure

Itiseasytoseehowessentialeachofthesetechnicalandbusinesselementsistothe ultimatesuccessoftheproject. Takeawaysufficientcomputing,storage,ornetworking,andtheservicecandegradetothe pointoffailure.Skimponusabilityengineeringorotherwiseshortchangetheuser interface,andyoulosecustomersattheproverbialfrontdoor.Thoseofuswhohave workedonprojectswithinadequateplanningknowthefrustrationandfutilitythatcome withadhoc,reactivemanagement.Theworstpartisthatthedelays,rework,andmissed stepscouldhavebeenavoided.Asweconsidertheadvantagesofcloudcomputingfor servicedelivery,youwillseehowsomeofthesepotentialproblemscanbereduced. Needlesstosay,cloudcomputingisnopanaceaandnoamountoftechnologycan compensateforpoormanagementpractices.Cloudcomputingcan,however,reducesome oftheburdensandchallengesthattypicallycomewithplanningandimplementingnew projects. Onceaserviceisdeployed,itistimetomoveintoanoperationmaintenancemode. Planningisjustasimportanthereasitwasduringdesignanddeployment.Thedifference isthatnowyoushiftfromaprojectplanningframeworkofdeliverables,milestones,and resourcebalancingtooperationsguidedbypoliciesandproceduresthatdefinewhatisto bedoneandhowtodoit.Policiesgoverningeverythingfromservicelevelagreement(SLA) monitoringtobackupstosecurityshouldbeinplaceatlaunch.Procedures,whichturn thosepolicesintoexecutabletasks,mustalsobeinplacetoensureproperoperations.Of course,evenwiththebestplanningandpoliciesinplace,hardwarefails,softwareerrors manifestthemselves,andnaturaldisastersstrike.Arecoverymanagementstrategy, commensuratewiththevalueofthenewservices,canhelpyourespondeffectivelyand efficientlywhenadverseeventsoccur.

42

TheDefinitiveGuidetoCloudComputing

DanSullivan

AsFigure3.1depicts,successfulservicedeliveryisdependentontheseandothertechnical andbusinessfactors.Oneofthequestionsfacingbusinessstrategistandsystemsarchitects is,Whatisthebestservicedeliverymodelforrealizingprojectobjectives?

Figure3.1:Servicedeliveryisbuiltonafoundationoftechnologyandbusiness servicesandpractices.Remove,disrupt,orundermineanyofthese,andservices deliveryisadverselyaffected. Tobetterunderstandhowservicemodelsinfluenceservicedelivery,letsassessdelivering acoupleofdifferenttypesofservicesunderdifferentmodels.Inthefirstexample,wewill considerahomeimprovementretailerwithaplantooffertutorialvideosonhome improvementprojectsforthedoityourself(DIY)customer.Inoursecondexample,we willseehowbusinessanalystsdealwiththeproblemofbigdataandtheneedfor advancedbusinessintelligenceandanalyticsservices.Theseexamplesarechoseforseveral reasons: TheyaresignificantlydifferenttypesofservicesoneisacustomerfacingWeb applicationandtheotherisamorebatchorientedbackofficeservice Theyrequireadifferentcombinationofcomputingresources Theyhavedifferentusagepatternsovertime Cloudcomputingcanreducethecostofdeliveryofbothservicesregardlessofthe differencesinthetypeofapplicationandemandprofile

First,letsexplorethestepsinvolvedindeployingthesetwoservicesunderatraditionalIT servicemodel.Next,welllookathowthesameservicecouldbedeployedinthecloud. 43

TheDefinitiveGuidetoCloudComputing

DanSullivan

NewServicesUnderaTraditionalITServiceModel
Projectmanagement,softwaredevelopment,testing,anddeploymentpracticesarewell developedundertraditionalITservicemodels.Theyallcomeintoplayinourtwo hypotheticalscenarios. Scenario1:TutorialVideosfortheDIYCustomer Notallofusaregiftedcarpentersorskilledplumbers,butsomeofusthinkwecoulddoa fairlydecentjobaroundthehouseifwejusthadtherighttoolsandafewtipstogetus started.Ahomeimprovementretailerthathastraditionallydonewellservingthesmall contractorsegmentofthemarkethasdecidedtotargetthepotentialDIYcustomerinan efforttoimprovesalesandexpandtheirshareofthatmarketsegment.Thefollowinglist highlightskeyfeaturesandnonfunctionalrequirements: Theservicewillprovideshorttutorialvideosonarangeofhomeimprovement topics.Videoswillrangefrom1to10minutesindurationwithanaverageof5 minutes. VideoswillbestreamedovertheWebanddeliveredthroughthecompanysWeb site. TheservicewillbelaunchedinbetatocustomersintheNortheastUnitedStatesfor 4weeksfollowedbyanextended4weekbetatotheNortheast,MidAtlantic,and SoutheastUnitedStates.Afterthat,itwillbemadeavailablethroughoutthe companysNorthAmericanmarket. Theinitiallaunchwillsupportupto500videos;attheendofthebetatestingphase, 1000videoswillbeavailable.Contentwillgrowatanaveragerateof200videosper monthafterthat. Metadatawillbeassignedtoeachvideotoimprovesearchandbrowsing.Tagswill includestructureddata,suchasrepairtype,toolsrequired,andtimetocompletethe task.Unstructureddatadescribingthevideocontentisalsoincluded. VideoswillbeaccessiblethroughacentralizedHowtoVideoLibraryintheWeb siteaswellasthroughproductpagesthatlinktorelevantvideos. Customerswillbeencouragedtoreviewandratevideos.Theresultswillbe analyzedtoimprovetheoverallqualityofinstruction,expandthescopeoftopics, andeliminatetheleastusefulcontent.

UsingcurrentWebsitestatistics,businessplannersanticipatepeakdemandsWednesday andThursdayeveningsbetween6:00pmand10:00pmandSaturdaymorningsbetween 7:00amand11:00am.TheanticipateddemandpatternisdepictedinFigure3.2.

44

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure3.2:Servicedemandwillvarywidelybydayofweekandtimeofday.(Times arerelativetothetimezoneofthedatacenterhostingtheservice). Asthesystemsarchitectsandapplicationdesignersplantheinfrastructureforthisservice, theyhavetotakeintoaccountanumberofconsiderations.Theservicewillrequireservers tomeetpeakdemand,althoughthoseperiodsarerelativelyfewandfairlyshort.Theirony ofrunningahowtofixtutorialserviceonapoorlyfunctioningplatformcouldundermine thebrandimageandisnotworthrisking. Onthebusinessside,thisprojectwillrequireacapitalexpenditureandClevelapproval. TheITprofessionalsontheteamknowthattheywillhaveonechancetogettheresources theyneedwithinthenext12months.Theydonothavesufficientdatatoconfidently predictdemandfortheservice,sotheyresorttothenextbestthing:makingabestguess estimateandthenaddanother20%forcontingency.Thecombinedconcernfornot performingtocustomerexpectationwiththeinabilitytogetasecondroundofresources rapidlyenoughpushtheapplicationsdesignersandsystemsarchitectstochooseamore costlysolutionthanmayultimatelyberequired. Themajorcomponentstheydecideoninclude: Severalserverstostreamthevideotutorials Aloadbalancertodistributeusersessionsacrossseveralservers Astoragearraywithsufficientredundancy(forexample,RAID6) Applicationlicensestosupporttheservice

Figure3.3showstheconfiguration.

45

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure3.3:Thevideotutorialservicerequireshardwaretomeetpeakdemandeven thoughtheaveragedemandissignificantlyless. Itisclearfromthisexamplethatbuildingoutthisservicefollowingatraditionalstrategy requiresthatyoubuildforpeakdemandbeforeyouevenhavesufficientinformationto determinetheactuallevelofneed.Notonlycanyounotadjusttochangingneeds,youhave tomakeafairlylongtermcommitmenttothearchitectureearlyintheprocess. Scenario2:AdvancedAnalyticsforAutoInsurancePremiumCalculations Theautoinsuranceindustryisacompetitivebusiness.Aswithanytypeofinsurance, premiumshavetocorrelatewithrisks.Forautoinsurers,therearemanyfactorsto consider,includingtheageandsexofthedriver,pastaccidents,numberofmoving violations,primarygaraginglocationofthevehicle,andsoon.Fromacompetitive perspective,usingjustthesefactorsisinsufficienttogainanycompetitiveadvantage;after all,competitorsusethesamedata.Usingthesamedatacanleadinsurerstoclusterdrivers intosimilargroupsmakingitdifficulttocompeteonpricewithinthosegroups.

46

TheDefinitiveGuidetoCloudComputing

DanSullivan

Inthisscenario,severalautoinsuranceanalystsproposeexpandingthebaseofdatausedto categorizecustomersandthenapplyingdataminingtechniquestocreatefinergrained clustersofcustomers.Premiumscanbeadjustedtothesefinergroupsofcustomerssothat customersposinggreaterriskscanbechargedhigherpremiumsallowingforlower premiumsforsaferdrivers.Ultimately,thiscouldreshapetheriskpoolbyattractingbetter driverswithlowerratesthancompetitorsofferwhilegivingincentivetohigherriskdrivers tolookelsewhereforinsurance.

Figure3.4:Finergrainedclusteringofcustomerscancreateacompetitiveadvantage byallowingmorepreciseandaccuratepremiumpricing. Thefollowinglisthighlightskeyfeaturesandnonfunctionalrequirements: Existingdatasetsonageandsexofthedriver,pastaccidents,numberofmoving violations,primarygaraginglocationofthevehicle,andsoonmustbeavailablefor datamining Additionaldataonhouseholdincome,includingincomebyage,disposableincome, householdnetworth,disposableincome,andsoon;consumerspendingdataby category,suchasfinancialservices,automotive,medical,recreation,andsoon; businessactivitydatabylocation;andpublicallyavailabledata,includingcensus dataandcrimestatistics Onamonthlybasis,internalandexternaldatawillbecollectedandanalyzedto buildapredictivemodelthatcategorizeseachcustomerbyfinegrainedrisk estimate

47

TheDefinitiveGuidetoCloudComputing

DanSullivan

Newextraction,transformation,andload(ETL)procedureswillbedevelopedto collectdatafrommultiplesourcesandcopyittoprojectstorage;datawillnotbe storedoncethemodelisconstructed Toimprovethequalityofpredictions,multiplepredictionmodelswillbe constructedandresultswillbecombinedtomakefinalclassifications.

Thisapplicationiscomputeintensiveduringthetimeswhenthedataminingsystemsare runningandpredictivemodelsarebeingcreated.Afterthemodelshavebeencreated,the modelswillbeexecutedontocategorizenewcustomersandreassessthepremiumson existingcustomersduringpolicyrenewal.Runningmodelsaresignificantlylesscompute intensivethangeneratingthem.

Figure3.5:Analyticoperationshavefairlypredictabledemandpatternsthatinclude significantperiodsofpeakdemandfollowedbyanalysisoperations. Onceagain,thisservicerequiresthatyoubuildaninfrastructureforpeakcapacity.A clusterofhighendserverseachwithmultiplemulticoreCPUsandsignificantamountsof memoryarerequiredtobuildtheindividualpredictivemodelscombinedintoanensemble predictionservice.Althoughdatawillonlyneedtobestoredduringthetimethemodels arebuilt,architectswillhavetopurchasestoragesufficienttosupportcopiesofallthe variousdatarequired. BothofthesescenariosmanifestcommondifficultieswiththetraditionalITmodelof servicedelivery.Dedicatedresourcesarenotusedefficiently.Capitalspendingdecisions mayhavetobemadewithinsufficientusagedata.Itisdifficultifnotimpossibletoscalethe infrastructureupordownaccordingtodemand.Thecloudcomputingmodeloffersan alternativemethodfordeployingservices.

48

TheDefinitiveGuidetoCloudComputing

DanSullivan

NewServicesUndertheCloudComputingModel
Thecloudcomputingmodelprovidesaflexibleinfrastructurethatallowsserviceproviders toacquirethecomputeandstorageresourcestheyneed,whentheyneedthem,foraslong astheyneedthem,andtopayforonlywhatisused.Bothoftheexamplescenarioswould benefitfromdeploymentonthecloud. Scenario1:TutorialVideosintheCloud Thetutorialvideoserviceisanewcustomerfacingservicethatcouldhavewideranging demandpatterns.Initially,thesystemsarchitectsdecidetoallocatetwovirtualserversfor thebetatestperiod;however,ifdemandwarrantsadditionalorfewerservers,systems administratorswilladjustasneeded.Planningforlongtermstorageisnotasignificant issuebecauseadditionalstoragewillbeallocatedasneeded.Thereisnoneedtopurchase peakloadstorage.Astheprojectmovesfromthebetatestingstagetofullproduction,the systemsadministratorswilladdvirtualserversasneeded.Ratherthanfocusonpredicting whatthepeakdemandwillbeoverthenext12months,systemsadministratorscanfocus onimmediatedemandandserverallocationtoefficientlyandcosteffectivelymeetthat demands. Scenario2:AdvancedAnalyticsintheCloud Thecloudisamuchmorecosteffectivemethodfordeliveringthekindofadvanced analyticsdescribedearlier.Inthiscase,thereisarecurringdemandforasignificant amountofstorageandcomputingresources.Thedemandisforonlyafewdaysevery month,sopurchasingdedicatedhardwareisnotcosteffective.Deployingtothecloudis relativelystraightforwardandincludes: Creatingvirtualimageswiththerequiredsoftware,suchasETLsystems,andpre processingscriptsandstatisticalanddataminingpackages Instantiatingserverstorunpartsoftheworkflowasneeded;forexample,basedon thetypeofsourcedataanditsconfiguration,itmightmakesensetoinstantiate10 virtualserversforETLoperationsthatruninparallelastheETLoperations execute,theywritedatatocloudstorage,whichistakenasinputtopreprocessing scriptsthatoutputdataintotheproperformatforthedataminingapplication Allocatestoragetostoretherawandprocesseddata;oncethedatahasgone throughthepreprocessingstage,therawdataisdeleted;oncethepredictive modelsarebuilt,theoutputofthepreprocessingstageisdeletedaswell

Thismethodimprovesupontraditionalimplementationmodelsinatleasttwoways.First, youcanruntheworkflowasasequenceofstepsallocatingserversforeachstepasneeded andthenshuttingthemdownandstartingserverswithsoftwareforthenextstep.With virtualizationandservicecatalogs,thisisasimplematter.Intheory,youcoulddothiswith asetofdedicatedphysicalserversbyrunningdifferentvirtualmachinesateachstepofthe workflow;however,thevirtualmachineimagemanagementwouldbemoredifficult withoutaservicecataloganditwouldstillnotaddresstheproblemofhavingtopurchase hardwareforpeakdemand.

49

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure3.6:Inthecloud,serverscanbeallocatedtodotaskaslongasneededand releasedatwhichpointotherserversareinstantiatedforthenextstepinthe workflows.Serviceprovidersonlypayforwhentheyareusingcomputeandstorage resources. Thetraditionalmodelofserviceallocationhasworkedwellforus.Themanycritical businessservicesarerunningtodayondedicatedinfrastructure.Cloudcomputingmodels improveonthetraditionaldeploymentmodelbyallowingyoutoeasilysharecomputeand storageresourcesandallocateonlywhatisneededwhenitisneeded.Thisapproach reducestheneedforadhocsolutionstomitigatingrisk,likeaddinganarbitrarypercentage toaprojectbudgetincaseadditionalhardwareisneeded.Asthesetwoscenariosshow, evenwithdiversetypesofprojectstargetedtodifferentuserswithdifferentcomputeand storagerequirements,cloudcomputingcanoffersignificantadvantages.Next,wewill identifytheadvantagesalludedtointhescenariosjustdescribed.

AdvantagesofDoingBusinesswithCloudComputing
Theadvantagesofdeployingserviceswithcloudcomputinginfrastructurefallintofour categories: Timetodeploynewservices Costcontrol Abilitytoscaletodemand Adaptabilityofresources

Eachoftheseadvantagesiscloselytiedtothearchitectureofcloudcomputingcombined withmanagementpracticesforallocatingthecostsofcomputeandstorageservices.

50

TheDefinitiveGuidetoCloudComputing

DanSullivan

TimetoDeployServices
Whenhardwareisdedicatedtospecificfunctions,itcanbedifficulttofindcomputeand storageresourcesforanewinitiative.Intheearlystagesfordevelopment,wouldbe serviceprovidersmaybeabletosqueezeinsomeapplicationsonunderutilizedservers. Thelikelysuccessofthisapproachdependsontheavailabilityofserverorstoragecapacity andtheabilitytofindthatexcesscapacity.Ifonehastocrossorganizationalboundariesto findtheseresources,thechancesofsecuringthemcandropsignificantly.Ifsuccessful, thesestopgapmeasureswilleventuallyhavetobereplacedwithamorepermanent solution. Procuringhardwarecanbetimeconsuming.Capitalexpendituresformultipleservers, storagearrays,andotherequipmentcanrequiremultiplelevelsofapproval.Plansmay havetobereviewedandapprovedfrombothabudgetandtechnicalperspective.Delivery ofhardwarecantakeweeks,andinsomecases,months.Oncethehardwarearrives,the nextstageofdeploymentbegins. Installinghardwareisamultifacetedprocess.Itneedstobeconfiguredaccordingto organizationalstandardsandincorporatedintosupportsystems,likebackupschedules andpatchmanagementsystems.Someofthemostfrustratingdelayscomewhenasingle pieceofhardware,suchasastoragecontroller,hastobeorderedseparatelyandinstalled whentheserverarrives.Intermsoffrustration,orderglitchesaresecondonlytohavingto waitforasimpletask,likerunningafibretothenewserver,togettothefrontofthe servicequeue.Manyoftheseconfigurationtasksareunavoidable.Theintegrityof infrastructuredependsonkeepinghardwareandsoftwareinaccordancewithpolicies. Fortunately,cloudcomputingprovidesaframeworkthatpreservestheintegrityof infrastructurewithoutmanyofthetimedelays(andfrustrations)encounteredin traditionalITdeploymentmodels. Inthecloudmodel,provisioningbecomesamatterofinstantiatingavirtualmachine instance.Therearenohardwareorders,deliverydelays,orwaitingforITsupporttoget aroundtoinstallingyourhardware.Withtheabilitytorapidlyadjustthenumberof instances,thereislessneedtoanalyzeprojecteddemand.Inefficientandtimeconsuming effortstofindexistingserverswithsparecyclesarealsoeliminated.Hardwareresources arecentrallymanagedandallocatedondemand.Thenewbottleneckstodeploymentare establishingachargeaccountforthecostofcloudservices,selectingavirtualimagetorun, anddecidinghowmanyinstancestostart.

51

TheDefinitiveGuidetoCloudComputing

DanSullivan

CostControlandAbilitytoScaletoDemand
Anotheradvantageofusingcloudasadeliveryplatformisgreatercostcontrol,andthatis tightlylinkedtotheabilitytoscaletodemand.Thiscomesfromtheabilitytomakefairly finegraineddecisionsaboutresources.Whereasyoumighthavetodecidebetween purchasinga$10,000and$15,000serverunderamoretraditionaldeploymentscheme,in thecloudrealm,youhavetodecidewhetheryouwanttorunthe$0.50/hrserverorthe $0.90/hrserver.Youarenotcommittedtousingtheseserversfor2to3yearseither;inthe cloud,youcouldbechargedbythehour.Ifyoumakeamistakeandunderestimateyour need,youaddmoreservers.Whenutilizationreportsshowthatthevirtualserversyou haveallocatedareunderutilized,youscalebackthenumberofserversyouarerunning.

Figure3.7:Dedicatedserversincurhighinitialcostinlinewithanticipatedpeak demand.Cloudserversincurcostsforactualuseovertime. Systemsadministratorsandservicemanagershavegreatercontrolovertheallocationof resourcesinthecloudandthereforecanprovisionasneededforcurrentdemand.With cloudcomputing,theyhaveeffectivelyescapedthechallengeofneedingtoconstantly dedicateresourceforpeakdemands. Thereisalsoapotentialforcostsavingswithsoftwarelicensing.Traditionally,softwareis oftenlicensedtonamedusersorforaspecificnumberofconcurrentusers.Thecloud openstheopportunityfornewsoftwarepricingmodels,suchaschargingbythehour. Ultimately,anycostsavingsonsoftwarelicensingwilldependonvendorsadaptingtheir pricingmodelstothecloud.

52

TheDefinitiveGuidetoCloudComputing

DanSullivan

AdaptabilityofResources
ThroughthecourseofITshistory,therehasbeenatrendtowardmakingcomputing resourcesmoreadaptable.Forexample,inthe1960sand1970s,ifyoupurchaseda mainframeorminicomputerfromIBM,DigitalEquipment,oroneofthefewother hardwarevendorsoftheday,youwouldgettheoperatingsystem(OS)forthatmachine, suchasOS/360forthemainframeorRSTSfortheminicomputer.Eachmachinewasused fordifferentpurposes,suchasbatchprocessingbusinessapplicationsorinteractive scientificprograms.Bythe1980s,hardwareandoperatingvendorsstartedtoseparate, withMicrosoftprovidingthedominantOSfortheIBMPCwhileAppleintroduceditsOSto runonMotorolahardware.Inthe1990s,itwasnotuncommontorundifferentOSsonthe sametypeofhardware.Cloudcomputinghasmovedthistrendtothenextstagewiththe abilitytorapidlyswitchvirtualmachineimagesrunningonahardwareplatform. Inthecloud,hardwareresourcesarenottightlycoupledtoanysingleplatform.Thesame resourcethatrunsaninstanceofWindowsServer2008anhouragomayberunning UbuntuLinuxnow.Asetofserversthatweretaskedwithgeneratingreportsforadata warehousemightbeusedtogeneratecustomerinvoicesafterthat.Removingrestrictions onthetypeofsoftwareandradicallyreducingthetimeandexpertiserequiredtochangeOS platformssignificantlyimprovestheadaptabilityofhardware. Theadvantagesofcloudcomputingstemfromtheabilitytodeploynewservicesfaster thanpossibleundermoretraditionalmodels;theabilitytocontrolcostsatamuchfine grainedlevelofdetailthanpossiblebefore,includingtheabilitytorapidlyscaletoneeds andtheadaptabilityofresourcestodifferenttasks.Themovementawayfromdedicated serversforsingletaskstousingcloudresourcesbringswithitseveralsourcesofROI.

SourceofROIintheCloud
TheROIofcloudcomputingisrealizedintwoforms:reducedcapitalexpendituresand improvedoperationalcosts.

LoweringCapitalCostswithCloudComputing
Withcloudcomputing,businessservicescanbelaunchedwithoutthesametypeofcapital outlaysrequiredintraditionalITdeploymentmodels.Theshiftsincapitalexpenditures occurforthreereasons: Reducedneedforinitialcapitaloutlay Reducedneedforbuildingforpeakcapacity Moreefficientutilizationthroughvirtualization

53

TheDefinitiveGuidetoCloudComputing

DanSullivan

Aswesawinearlier,justgettinganewbusinessservicestartedrequiresaccessto hardwareandsoftware.Traditionally,thismeansprocuringdedicatedserversrightfrom thestartevenifthefullcapacityoftheserverisnotneededforsometime.Tyingup workingcapitalinhardwarebringswithitopportunitycosts.Thecapitalthatwentinto purchasingaservercouldhavebeeninvestedinaresourcethatbeginsproducinganROI rightfromthestartinsteadofhavingtowaitmonthsbeforetheservicerequirestheextra initialcapacity. Anotheradvantagefromacapitalcostperspectiveisthatyoudonothavetoinvestforpeak capacity.Withthecloudmodel,yourcostsovertimearemorecloselyalignedwiththe averagecostofdeliveringaservice,notthepeakcapacitycosts.Thesavingscanbe significant,especiallywhenpeakdemandishighlyskewedrelativetootherdemand periods.Forexample,inthecaseoftheadvancedanalyticsapplication,therewasrelatively modestaveragedemandforcomputingresourcesbutsubstantialpeakdemand,providing forsubstantialsavingsincapitalcosts. AnothersourceofROIisduetovirtualization.Theutilizationofaphysicalserverisno longertiedtoasingleapplicationsusagepattern.Aserverdedicatedtotheadvanced analyticsapplicationwouldsitidlemostofthemonth;however,thesameserverinacloud configurationcouldhavemultiplevirtualmachinesrunningonthephysicalserver constantlyifthereissufficientdemand.Ofcourse,oneoftheobjectivesofmanagingacloud serviceistohaveenoughphysicalserverstomeetdemandbutnotsomanythatoverall utilizationratesdrop. PartoftheROIrealizedwithcloudcomputingcanbetracedtothereducedcostofcapital expenditures,butevenmoresubstantialbenefitcanbeaccruedbyloweringoperational costs.

LoweringOperationalCostswithCloudComputing
ThemostimportantdriversinROIrelativetooperationalcostscanbegroupedintofour areas: Ondemandprovisioning Reducedmarginalcostofsystemsadministration Standardizationandautomation Servicemanagementreporting

TheROIinoperationalcostsaresubjecttotheeconomiesofscale.Thesesavingsare particularlyimportantinlargercloudinstallations.

54

TheDefinitiveGuidetoCloudComputing

DanSullivan

OnDemandProvisioning ITsupportservicesarenecessaryinanydeploymentmodel,traditionalorcloud.The amountofsupportthatisneededforprovisioningserverscanvarysignificantly,though. ConsiderthestepsinvolvedinprovisioningavirtualserverinatraditionalITenvironment (thetodolistisevenlongerwhendealingwithphysicalservers),whichincludes: Submittingaservicedeskticketrequestingavirtualmachineinstance Identifyingwhichphysicalserverwillhostthevirtualmachine Determiningtheconfigurationparametersforthenewinstance Specifyingrequiredsupportservices,suchasbackups Coordinatingwithotherusersonthesharedhoststoavoidcommonpeakdemand periodsforexample,runningafullbackupononevirtualmachineinstancewhile anI/Ointensivejobisrunningonanotherinstance.

Theprocesscanbetimeconsumingbecausethereisadivisionoflaborthatseparatesthose whoknowwhathastobeimplementedfromthosewhoknowhowtoimplementwhatis needed.ThisisatypicalscenarioinIT.ThecomplexityofITsystemsdemandsapoolof specializedITknowledge.Servicedevelopersandbusinessusersrequiretheirtalentsto deploynewservicesandthatcreatesapotentialbottleneck.Cloudcomputingavoidsthis problemwithsupportforselfprovisioning.

Figure3.8:Selfprovisioningallowscloudconsumerstoallocateandmanagetheir ownresources.

55

TheDefinitiveGuidetoCloudComputing

DanSullivan

Withaselfprovisioningsystem,cloudconsumershaveaccesstomanagementsystemsthat allowthemtospecifythetypeandnumberofvirtualinstancestocreate.Allthehardware inthecloudismanagedcentrallyandvirtualmachineimagesaremaintainedinaservice catalog,socloudconsumersdonothavetodealwithlowleveldetails.Forinstance,details aboutwhatdevicedrivershavetobeinstalledorwhichlibrariesareneededtorunan applicationhavealreadybeenaddressedwhenthevirtualimageswerecreated.Also,cloud infrastructureabstractsimplementationdetailssuchasallocatingmemoryorCPUsto particularvirtualmachineinstances. ReducingMarginalCostsofSystemsAdministration TounderstandhowacloudinfrastructurecanresultinsignificantROI,youonlyneedto lookathowsystemsadministrationchangeswiththecloud.Atypicallistofsystems administrationtasksinclude: Installingnewapplicationsandpackagesonservers PatchingOSsandapplicationsoneachserver Backinguplocalstorageoneachserver Allocatingspacetofilesystemsasneeded Reviewingandpurginglogfiles Performingsecuritychecks,suchasrunningvulnerabilityscannersandreviewing resultsforeachserver

Inconventionalenvironments,systemsmanagershavetorepeatthesetasksforeach server.Fortunately,servicemanagementtoolssupporttheseefforts,buttheycanstillbe timeconsuming.Consistencyacrossserversisimportanttoreducetheamountoftime requiredtomaintainsystems;however,asthenumberofserversgrows,sodoesthe chanceofhumanerrorduringsystemsmanagementoperations.

56

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure3.9:Cloudsystemsadministrationentailsmaintainingimagesintheservice catalog,unliketraditionalsystemsadministration,whichislinkedtoeachphysical server. Inthecloud,maintainingindividualserversisswappedformaintainingvirtualmachine imagesintheservicecatalog.Theservicecatalogisthesetofimagesavailableforrunning inthecloud.Forexample,theremaybeseveralWindowsserverandLinuximagesthat havebeenconfiguredforgeneraluse.Theremayalsobemorespecializedimagesfor relationaldatabasesorcontentmanagementsystems.Stillotherimagesmaybedesigned fordeveloperswhoneedtoroutinelyinstantiateapplicationserversfordevelopmentand testingaswellasforproductionuse.Havingacentralizedrepositoryofvirtualmachine imagescansignificantlyreducethetimerequiredtoperformroutinetasks.Considera simpleexample.

57

TheDefinitiveGuidetoCloudComputing

DanSullivan

Amidsizebusinesscouldeasilyrun200serverswithamixofOSsandapplications.Ifa criticalsecuritypatchisreleasedandhastobeappliedto50servers,thepatchhastobe applied50times.Evenwithpatchmanagementapplicationstohelp,systems administratorswillhavetoverifythesuccessofthepatchineachcase.Incaseswhere automatedtoolsarenotavailable,systemsadministratorswillhavetoapplyeachpatch manually.Nowcomparethatwithpatchingaservicecatalog.Theexistingimageisremoved fromthecatalog;anewpatchedversionisgeneratedanduploadedintothecatalog.What couldhavetaken50distincttasksisdoneinonestep. Thisexampledoesraiseanotherdifferencefromasystemsmanagementperspective.The servicecatalogimageispatched,buttheremaybeinstancesoftheunpatchedimage runninginthecloud.Wherearethoseimages?Howlongwilltheycontinuetorun?Atwhat pointshouldtheinstancesbeshutdownandrestartedusingthepatchedversion?Thefirst twoquestionscanbeaddressedusingcloudmanagementsoftware.Thelastissueisa questionofpolicyanalogoustodecidingwhentoscheduleacriticalpatchforaserver. Systemsadministrationinthecloudmaybelesslaborintensivebutsometimesdifficult decisionsaboutbalancingsecurityorstabilitywithbusinessexpectationsremain. StandardizationandAutomation AnotherreasonforoperationsrelatedROIisthatbystandardizingonasetofgeneral purposevirtualmachineimages,youreducetheoverheadinmaintainingthem.Imagesare deployedandvirtualmachineinstancesarestartedusingamanagementconsole,soacloud userwhoknowshowtodeployaWindowsserverknowshowtodeployaLinuxserverora relationaldatabaseaswell.Standardizationalsoenablesbehindthescenesautomation thatfurtherreducesthedemandforsystemsadministratorexpertise. Forexample,whenyouinstallLinuxonaserver,youhavetodecidewhattypeoffile systemtouseandhowtopartitionthedisk.Thesearenotparticularlydifficulttasks,but youdoneedtoknowsomethingabouthowpartitionsareused,howmuchspacetoallocate toeach,andthetradeoffsbetweenthedifferentkindsoffilesystems.Whenyouinstantiate serversinthecloud,youdonothavetoworryaboutstorageservices,theyareprovidedfor you.Theimagesintheservicecatalogareconfiguredtoworkwithcloudstorageservices. Muchofthetediumofsettingupmonitoringprocessestocollectperformanceandusage dataisalsoautomatedwithservicemanagementsystems.

58

TheDefinitiveGuidetoCloudComputing

DanSullivan

ServiceManagementReporting ROIisnotjustabouttechnologybutabouthowyoumanageit.Withservicemanagement reporting,serviceproviderscanbetterunderstandtheresourcestheyuseandadjusttheir allocationsaccordingly.Someofthemeasurementsserviceprovidersmightuseinclude: Numberofserverhoursallocated Overallaverageserverutilization Averageserverutilizationbyhour Averageserverutilizationbyinstancetype Totalstoragespaceused AmountofnetworkI/O

Dataonthesemeasurementscanhelpdeterminehowmanyserverstoallocateandhow longtorunthem.DataonstorageuseandtheamountofnetworkI/Ocanhelpguide optimizationofapplicationperformance,especiallyiftherearechargesbasedonnetwork traffic. ManyaspectsofcloudcomputingcontributetotheROIinthetechnology.Capital expendituresaresignificantlylower,ifnoteliminated,fornewservicedeploymentwhen usingthecloud.Thebigsavings,however,comesfromreducedoperationallaborcosts enabledbyselfservicemanagement,automation,andstandardization.

AssessingtheBusinessValueofCloudServices
TheROIincloudtechnologieswillvaryfromonebusinesstoanother.Muchwilldependon factorsoutofyourcontrol,suchaseconomiesofscalethatwillbenefitlargerbusinesses thansmallerones,aswellasfactorsyoucanmanage,suchasserverutilizationrates.To assessthevalueofcloudservicestoabusiness,considerseveralcloudmetricsaswellas thesourceofROIforyourparticularbusiness. Thereasontotrackparticularmetricsincloudcomputingisnodifferentthanthatofany otherbusinessoperation:toquantifythecostsandbenefitsoftheservice.Thisisespecially importantwhenusingaprivateorhybridcloudmodel.Keymetricsforthesecloudsare: Utilizationofallcloudresources.Ifresourcesareunderutilized,serverscanbe powereddowntosaveonenergycosts.ITmayalsowanttopromotetheuseofthe cloudandpublicizeavailabilityofresources. Systemsmanagementhours.LaborcanaccountforsignificantportionsofIT operatingbudgetsbutshouldbesignificantlylessforcloudservices.

59

TheDefinitiveGuidetoCloudComputing

DanSullivan

Virtualmachineimageuse.Allimagesinaservicecataloghavetobemaintained. Ifsomeimagesarenotused,orusedinfrequently,theymaybeincurringmorecosts thantheyrecoupthroughusagecharges.Infrequentuseorusebyonlyoneusercan alsoindicatespecializedoroneoffimages.Thesearesometimesnecessarytomeet businessrequirements,butifthenumberofspecializedimagesgrows,thecostof maintainingthemwillincrease.Chargesmayneedtobeadjustedtorecoupthefull costsofmaintainingspecializedimages. Timetoprovision.Thismetriccanindicateinsufficientresourcesinthecloud.Ifa sufficientnumberofserversarenotavailable,userswillhavetowaitforotherjobs tofinishinthecloudbeforetherevirtualmachineinstanceswillbeprovisioned.

Inadditiontothesemoreglobalmetrics,lookingatROIbasedonspecificelementsofcloud infrastructureisusefulaswell.TheseincludetheROIrealizedfrom: Improvedhardwareutilization,especiallywhenfewerserversarerequiredtomeet aworkloadleadingtoreducedcapitalcosts,lowermaintenancecosts,andreduced energycosts Lowersoftwarecostsbecausesoftwarelicensedperservercanhaveimproved utilizationthatparallelshardwareutilization Selfservicemanagement,whichreducessystemsadministration Increasedproductivityduetoreducedwaittimetodeployserversandapplications

Cloudcomputingisanevolutionininformationtechnologyandsoitisnotsurprisingthat manyofthesamemetricsandROIfactorswehaveusedinITforyearshaveanalogsin cloudcomputingaswell.

Summary
Cloudcomputingoffersnewwaystodeliverbusinessservices.Asthetwoexample scenarioshighlighted,differenttypesofbusinessapplicationscanbenefitfromdeployingin thecloud.Theabilitytoscalecomputeandstorageresourcesasneededreducestheneed tobuildforpeakdemand.This,inturn,reducesthecostofdeliveringserviceswhile avoidingcostlyriskmitigationstrategies,suchasaddingcontingencyfundstoaproject budgettopurchaseadditionalhardwaretomeetunexpecteddemand. Furtherbenefitsofcloudcomputingaccruewithregardstoreducingthetimetodeploy newservices,morewaystocontrolcosts,andtheadaptabilityofresources.Serversinthe cloudcanberepurposedrapidlyandwithminimaltechnicalexpertise,reducingtheneed fordedicatedserversandtheirtypicallowutilizationrates.

60

TheDefinitiveGuidetoCloudComputing

DanSullivan

PerhapstheprimarydriverfortheadoptionofcloudcomputingistheROI.Capitalcostsare reducedlargelyduetohigherutilizationratesofservers.Evenmoresubstantialsavings canrealizedwithselfservicemanagementandsavingsinsystemsmanagement.With standardizedimages,automation,andservicemanagementreporting,clouduserscannot onlydeployservicesinthecloudbutalsomanagethemeffectively. Thefirstthreechaptershaveintroducedcloudcomputing,examinedsomeofthetechnical aspects,anddescribedingeneralhowcloudcomputingcanimproveservicedelivery.Inthe nextchapter,wewillturnourattentiontothequestionofhowtobeginplanningforcloud servicesinyourbusiness.

61

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter4:HowCloudComputingWillHelp YourBusiness
Cloudcomputingchangesthewaywedobusiness.Muchofthecoverageofcloud computinghasfocusedonthetechnicalaspectsofthiscomputingmodel:theconsolidation ofservers,virtualization,security,andsoon.Thisisunderstandable,asyoumusthavea clearideaofwhatcloudcomputingoffersfromatechnicalperspectivebeforeyoucan appreciatewhatitcandoforyoufromabusinessperspective. Thischapterturnsattentiontothebusinesssideofcloudcomputing.Inparticular,this chapterconsidersthefollowing: Howcloudcomputingcanhelpyourbusiness Assessingcurrentcapabilities Introducingcloudcomputingasanewmodelforconsumptionanddelivery Measuringthevalueofacloud

Thediscussionwillstartbyidentifyingkeybusinesspriorities;moveontolookingatthe currentstateofITinfrastructure,services,andprocedures;describehowtotransition thosecapabilitiestoacloudenabledenterprise;andfinallyassessthefinancialvalueofa cloudtotheorganization. Cloudcomputinghasandalwayswillbearichtechnicalarea,butitsapplicationtoreal worldbusinessproblemsrequirestheexaminationoforganizationalissuesthatrangefrom borderingonthetechnicaltobeingtheprovenanceofbusinessexecutivesresponsiblefor overallstrategy.

Figure4.1:Thetechnicalaspectsofcloudcomputingshapewhatcanbedonefroma businessperspective;thebusinessdriversdeterminehowcloudcomputingis applied.

62

TheDefinitiveGuidetoCloudComputing

DanSullivan

HowCloudComputingCanHelpYourBusiness
Adoptingcloudcomputingisamajorchangefromthetraditionaldistributedsystems modelsmanyofususetoday.Norationalbusinesspersonwouldmakesuchafundamental changetocoreinfrastructurewithoutunderstandingtheconsequencesforthebusinesses. Afterall,ifyourcurrentcomputingandstoragesystemsaremeetingyourneeds,why change?Whybringontherisksassociatedwithanewtechnology.Certainly,thereissome alluretobeingonthecuttingedgeandhavingthelatesttechnology,butchasingtechnology trendsfortheirownsakeisnotasoundstrategyforlongtermbusinesssuccess.Instead, technologyisadoptedinservicetoabusinessstrategy. Movingyourbusinesstothecloudshouldbeginwithconsiderationsthathavenothingto dowithclouds,atleastnotyet.Cloudcomputingisasolution;thefirstquestiontoask: Whatistheproblem?Togettotheanswertothatquestion,youneedto: Identifybusinesspriorities Identifyoperationinefficiency Identifybarrierstoinnovation

Thesestepshelpyouidentifywhatthebusinessisstrivingtoachieveandwhatishindering thoseefforts.Onlyafteryouunderstandthatcanyouturnyourattentiontoaddressingthe problemsthatthwart,delay,andincreasethecostofyourbusinessoperations. Beforeproceedingtoconsiderpriorities,inefficiencies,andbarrierstoinnovation,lets considerahypotheticalscenariothathighlightstheissuesrelevanttoaligningbusiness goalsandtechnologyinfrastructure.

BusinessandTechnologyAlignments:TheIdealvs.Reality
Considerahealthcareproviderwithseveralhospitals,tensofclinics,andhundredsof doctorsservingthousandsofpatients.Aspartofastrategicplantoimprovethequalityof serviceswhilecontrollingcosts,executivesatthehealthcareproviderdecideto disseminateinformationonpatientconditions,treatments,andoutcomes.Theexecutives believe,withsufficientfeedbackontheresultsoftreatmentchoicesalongwithdetailson thecaseswhereparticulartreatmentsworkanddonotwork,physicianswillbeableto reduceuncertaintyassociatedwithselectingtreatmentoptions. Toimplementthisplan,thehealthcareproviderwillhaveto: Createaconsolidatedreportingsystemsuchasadatawarehouse Developproceduresforextractingandloadingdatafrommultiplesitesintothedata warehouse Createareportinginfrastructuretodeliverinformationtophysiciansinawaythat iseasytouseandfitswiththeirworkpatterns Establishgovernanceoverthedatawarehouseandreportingprocedurestoensure compliancewithHIPAAandanyotherrelevantregulations Defineamechanismtocollectfeedbackfromuserstoimprovethesystem

63

TheDefinitiveGuidetoCloudComputing

DanSullivan

Withthehighlevelrequirementsinplace,thenextstepistodeterminehowtheIT departmentwillproceedtoimplementtheplan.Someoftheissuesthatwouldlikelyarise include: Acquiringserversandstoragetohousethedatawarehouse Purchasinglicensesfordatabase,reporting,andextraction,transformation,and load(ETL)tools Assemblingateamtoinstallandconfiguretheinfrastructureonceitisacquired Designinglogicalandphysicaldatamodelsforthedatawarehouse Developingreports Establishingaccesscontrolsoverreportsanddata Creatingasupportteamtomonitordatawarehouseprocessesandprovideenduser support

Thereareotheritemsyoucouldaddtothelist,butthelistissufficienttodemonstratethe potentialdragthatIToperationscanhaveonbusinessinitiatives.First,though,letsdepict anidealscenario. IThassufficientserverandstoragecapacityforthedatawarehouse.Developmentwork canbeginimmediately.Fortunately,IThasstandardizedonarelationaldatabase,adata warehousingmethodology,andreportingtools.Theseapplicationsalreadyworkwiththe identitymanagementsysteminplaceattheorganization,soaccesscontrolscanbereadily establishedandmanaged.ThesupportservicesgroupwithinITisalreadyfamiliarwith thesestandardizedtools,sothereisminimalmarginalcosttosupportanothersetofusers. Thisidealscenarioisoneinwhichinfrastructure,standardizedapplications,andsupport servicesareinplaceandreadilyavailablefornewinitiatives.Tomany,thisisafantasy;the realitythatmanyofushaveexperiencedinprojectslikethisisfardifferentfromthis scenario.Hereisaversionofthescenariothatmightringtrueformorereaders. Therequirementsforthereportingprojectoutstriptheavailablebudget.Requirements willhavetobeprioritizedandsomefeatureswillhavetobedelayeduntillaterphases. Thereisinsufficientstorageavailabletothebusinessdepartmentthatownsthisproject. (Thereisplentyofstorageonanotherdepartmentsdiskarray,butorganizational boundariesruleoutusingit.)Hardwarewillhavetobeprocuredandinstalled.Rackspace andcablingareaproblemthatcanbeworkedoutwiththeinfrastructuremanagement group,which,giventheirbacklog,willbeinafewweeks.Thecompanyhasasitelicensefor thedatabasesoftwarebutthisprojectrequiresseveraladditionalpackagesthatwillhave tobepurchased.Severalreportingtoolsareusedinotherbusinessintelligenceprojects,so aninternalevaluationwillbedonetodeterminethebesttoolforthiseffort.

64

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure4.2:InnovativeITprojectsrequireanarrayoftechnologyandservicesthat canbedifficulttocoordinateandintegrate. Thecollectiveeffectofseeminglysmalland,inmanycases,expectedproblemsistoslow downandprolongtheimplementation.Inthisscenario,theneedsofthebusinessfor rapidlydeployinganimportantmedicaldecisionsupporttoolishamperedbytheway budgetforprojects,allocatedresourceacrossorganizationallines,failuretostandardized asmuchaspossibleonsoftware,andtaxsupportstaffwithinefficientdeployments.

IdentifyBusinessPriorities
OneofthemostimportantaspectsofsuccessfulITservicesisthattheyalignwithbusiness goals.ThatisashortwayofsayingITservicessupportbusinessobjectivesina straightforwardmanneranddonotintroduceunnecessarycost,delays,orotherburdens onabusinessstrategy.

65

TheDefinitiveGuidetoCloudComputing

DanSullivan

Althoughthereisnosetofprioritiesthatwouldapplytoallorevenmostcompanies, commonprioritiesinclude: Controllingcosts Expandingmarketshareinmatureindustries Expandingintonewmarketsingrowthindustries Improvingcustomerservice Improvingcustomerretention Increasingcrossselling

Whatevertheprioritiesandtheirrelativeimportance,itiscriticaltoidentifythesefora business.Knowingthesewillhelpdeterminewhetherandhowcloudcomputingcanhelp yourbusiness.Forexample,ifcostcontrolisatoppriority,increasingserverutilization throughvirtualizationandincreasingstorageutilizationthroughconsolidationwithcloud computingarchitecturescanhelp.Ifimprovingcustomerretentionisimportant,youmay needtoinvestinadvancedanalytics,suchasdataminingandstatisticalanalysis,todetect earlywarningsignsofchurn.Advancedanalyticscanbecomputeintensiveandisagood applicationforcloudcomputing.Ofcourse,knowingyourbusinessprioritiesmayleadto theconclusionthatcloudcomputingisnotsomethingyouneedatthemoment.Whatever yourconclusion,ifyoustartwithbusinesspriorities,youwillatleastjustifywhyorwhy nottopursuecloudcomputingoranyothertechnology. Caution Tobeclear,cloudcomputingisnotapanaceathatwillsolveallyour problems.Therearetimeswhencloudcomputingisnottherightsolution.It maybeanappealingoptionatalatertime,butyourbusinessmaynotbeina positiontomovetotheclouduntilitimprovesitsITgovernancepractices, forexample.

IdentifyOperationalInefficiencies
Operationalinefficienciesareadrainonthebottomline.Whenanemployeehastoperform tenstepstocompleteataskthatcouldbedoneinsixsteps,thebusinesslosesproductivity. Whenserversarepoweredonandfunctioningbutnotrunningproductivejobs,the businessisrealizinganopportunitycostaswellasincurringunnecessaryenergycosts. Operationalinefficiencies,ironically,areoftenfoundinITdepartmentsthathave traditionallybeenasourceofincreasedproductivity.OperationalinefficienciesintheIT realmcomefromthewaywedeployandutilizehardwareandthewaywemanage software. Lowserverutilizationisacommoninefficiency.Priortothewidespreadadoptionof virtualization,manyorganizationsusedaoneapplication,oneserverapproachto deployment.Thisapproachminimizedproblemswithconflictingrequirementsand allowedadministratorstomanageserversandapplicationsasatightlycoupledunit.The pricewepaidforthiswaswastedCPUcycles.

66

TheDefinitiveGuidetoCloudComputing

DanSullivan

Lessobviouswasthemanagementinefficienciesthatcamewiththeoneapplication,one servermodel.Configurationscouldbetailoredtoindividualapplications,soanITgroup couldsoonfindthatmanyofitsservershaddifferentoperatingsystem(OS)components installed,withdifferentapplicationsandservicesandallrequiringslightlydifferent support.Asaresult,thenumberofserversasingleadministratorcouldmanagewas limited.Hadastandardconfigurationbeendevelopedforalimitedsetofroles,systems administratorswouldhavelessvariationtocontendwith,andthiswouldresultinmore productivesystemsmanagement.

Figure4.3:Standardizingserverconfigurationsisonewaytoreducesystems managementinefficiencies.

IdentifyBarrierstoInnovation
Thescenariodescribedearliershowshowinnovationcanstagnatebecauseoftechnology barriers.Itisimportanttonotethatthebarriersinthatscenariowerenotcausedbypoor managementorunskilledITprofessionals;theproblemarosefromtheconstraintson procuringnewhardware,configuringsoftware,andorderingasequenceofdeployment eventsthataccountforarangeofdependenciesbetweensteps.

67

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thescenariocanhelpyouseethedifferenttypesofbarrierstoinnovationthatcancreep intoIToperations: Delaysinprocuringanddeployinghardware Initialcapitalcosts Ongoingoperationalcosts Insufficientsupportstaff Theneedtoevaluate,select,andcoordinatemultiplesoftwarecomponents

Anyorallofthesecanbesignificantbarrierstoinnovation.Inthetimeofaglobalized economy,customershavemoreoptionsthaneverbefore,businesseshaveaccesstoawider poolofsuppliersandbusinesspartners,andthelistofpotentialcompetitorsismorelikely togrowthannot.Addtothislistthedemandsoncompaniestoconsistentlymeet performanceexpectationsquarterafterquarter,andyouseethatbarrierstoinnovation canbeapotentiallongtermdragonthecompanyoverall. Thefirststepstounderstandinghowcloudcomputingcanhelpyourbusinessisto formulateaclearpictureofbusinesspriorities,pinpointoperationalinefficiencies,and identifybarrierstoinnovation.Thesethreeelementscomprisethekeybusinessdrivers thatcanguidethesuccessfuluseofcloudcomputinginyourorganization.Asnotedearlier inthischapter,businessrequirementsdrivetechnologybasedsolutions,butbefore adaptingnewtechnologies,ithelpstohaveaclearunderstandingofcurrenttechnical capabilities.

AssessingCurrentCapabilities
Technologycapabilitiesareacombinationofhardwareandsoftwareinfrastructurewithin anorganizationaswellasthemanagementpracticesthatgoverntheuseofthat technology.Forthepurposesofunderstandingtheroleofcloudcomputinginimproving businessservices,letsconsiderseveraltypesofcapabilities: Infrastructure Platforms Applications Governance Managementandreporting

Itisimportanttohaveaclearandcomprehensiveunderstandingofthesecapabilities becausetheyareallrelevanttoadoptingthecloudcomputingmodel.Cloudcomputingis anevolutionaryadvanceincomputerarchitectureandservicemanagement;itimproveson whatcamebeforeitbutdoesnotrepresentawholesalereplacement.Soundmanagement practices,softwaredevelopmentlifecyclemethodologies,andsystemsadministration practicesareasrelevanttodeliveringservicesthroughacloudastheyaretootherdelivery methods. 68

TheDefinitiveGuidetoCloudComputing

DanSullivan

InfrastructureCapabilities
ITinfrastructureforthepurposeofthisdiscussionincludesserverandstoragehardware aswellasnetworkingcomponents.Whenassessingcurrentcapabilitieswithregardsto infrastructure,consider: Theinventoryofserverscurrentlyinplace Thegeographiclocationofservers Thecostsofmaintainingeachserver Utilizationmetricsforservers Networkinfrastructurebetweensites

Attheendoftheinfrastructureassessment,youshouldhaveaclearideaofoverallserver utilization.Ifyouroperationsaresimilartomost,youwillhavemanyserversrunning singleapplications,andthoseserverswereconfiguredtohandlepeak,notaverage, capacity.Ifthisisthecase,amovetocloudcomputingisanopportunitytoconsolidate serversanddecommissionthosewithhighmaintenancecosts,nostandardconfigurations, andrelativelylowperformance.Suchconsolidationcanhaveanimmediateimpactonthe powerandcoolingcostsofadatacenter. Theremayalsobeanopportunitytoconsolidatedatacentersoratleastserverscurrently locatedinremoteoffices.Reducingthenumberofsitescanhelpeasemanagement overheadandstreamlineIToperationssuchasbackups.

PlatformCapabilities
PlatformsaretheOSsandapplicationstacksthatrunonacompanysITinfrastructure. Enterprisestypicallyhaveanumberofplatforms: Windows Linux Unix MainframeOSs

WindowsandLinuxoftenrunonserversthatprovidespecializedfunctions,suchasemail servers,contentmanagementservers,databases,anddirectoryservices.Unixand mainframeOSsaretypicallyfoundonenterprisescalecomputersrunninghighvolume, missioncriticalapplications. Cloudinfrastructurecanbebuiltusinglowcostcommodityhardware,sosuchhardware areidealcandidatesforhostingWindowsandLinuxplatforms;ofcourse,UnixOSsrunon theseserversaswell.

69

TheDefinitiveGuidetoCloudComputing Forthepurposesofassessment,youshouldcollectinformationabout: ThenumberandversionofWindowsOSs Thenumber,version,anddistributionofLinuxOSs TheapplicationstacksthatrunontheseOSs

DanSullivan

Thegoalhereisonceagaintoconsolidateasmuchaspossible. OSConsolidation Standardizingonareducednumberofplatformswillreducesystemsmanagementtasks andprovideasteptowardthetypeofselfservicemanagementthatissuchanimportant factorincloudcomputingsROI.Standardizinginthiscasedoesnotmeancommittingto usingonlyWindowsoronlyLinuxbuttoreducingtheamountofvariationintheplatforms. Forexample,ifadepartmentisstillrunninganinstanceofWindowsServer2000,thisisa goodtimetomovethoseapplicationstoWindowsServer2008.Similarly,ifseveral distributionsofLinuxarecurrentlysupported,considerreducingthatnumber.Itmaynot bepossibletofindaLinuxdistributionthatisoptimalforallneeds,butyoumightfindyou canusefewerdifferentdistributionsthanyoucurrentlyhave. ApplicationStacks Applicationstacksaremiddlewarethatreducesdependenciesbetweenapplicationsand OSs.WhenapplicationsarewrittendirectlytoanOS,theycanbedifficulttoport.Even similarOSs,likedifferentversionsofUnix,canharborenoughdifferencestomakeporting softwaredifficult.ApplicationstacksandmiddlewareabstractlowlevelOSdetailsand provideaconsistentprogrammaticinterfaceandsetofservices.Theywillbejustas importantinacloudenvironmentastheyareintodaysdistributedsystemenvironments. Commonapplicationstacksare: Microsoft.Net LAMP(Linux/Apache/MySQL/PerlorPython) J2EE(Java2EnterpriseEdition)

Applicationstacksarechosenfortheirfitwithsystemrequirementsandtheskillsof developersworkingontheapplications.Movingapplicationsfromonestacktoanothercan beaconsiderableundertaking,sothereisprobablylessopportunitytoconsolidateatthis platformlevel.Justasimportant,though,youwillwanttoensurethatallapplicationstacks currentlyinuseandneededinthefuturearesupportedinthecloud.

70

TheDefinitiveGuidetoCloudComputing

DanSullivan

Microsoft.NETFramework
Microsoft.NETFrameworkisadevelopmentframeworkforbuildingWebapplicationsfor Microsoftplatforms.Theframeworkincludesseveralcomponents: AcommonlanguageruntimethatactsasanabstractionlayeraboveOSfunctions Baseclasslibraries Supportforbothcompiledlanguages,suchasVisualBasicandVisualC#,aswellas dynamiclanguagessuchasIronRubyandIronPython WindowsPresentationFoundation,auserinterface(UI)framework Silverlight,asetof.NETtoolsforbuildingrichInternetapplications(RIAs) WindowsCommunicationFoundation(WCF)forserviceorientedarchitectures ADO.NET,asetofdataaccessservices WindowsWorkflowFoundation

Notsurprisingly,the.NETFrameworkisdesignedtoleverageSQLServerdatabaseand otherOLE/ODBCdatasources.

LAMP(Linux/Apache/MySQL/PerlorPython)
LAMPisasetofcommonlyusedopensourcesystemsforbuildingWebapplications.Unlike theMicrosoft.NETFramework,theindividualcomponentsofthissetofplatformtoolshad longandwelldevelopedhistoriespriortotheadventofLAMP.Eachofthefour componentsprovidesabasicservicecommonlyneededinWebapplications: LinuxistheOSunderlyingtheLAMPstack ApacheistheWebserverandrelatedmodulesthatmaybeinstalledasneededfor particularapplications MySQLisapopularopensourcedatabasesuitableforarangeofapplicationssizes andneeds PHP,Perl,andPythonarescriptinglanguagesusedtoimplementcustomapplication functions

71

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure4.4:TheLAMPstackconsistsofasmallnumberofindependentlydeveloped opensourcecomponentsthatarecommonlyusedtogetherforWebapplication development.

JavaPlatformEnterpriseEdition
TheJavaPlatformEnterpriseEdition,sometimesreferredtoasJ2EE,isamiddleware frameworkdesignedfordeployingdistributedJavaapplications.LiketheMicrosoft.NET Framework,therearemultiplecomponentsprovidingarangeofservicesforapplication developers.Theseinclude: EnterpriseJavaBeans,adistributedobjectcontainer JavaTransactionsAPI JavaMessagingServiceAPI JavaEEConnectorArchitecture JavaXMLStreams JavaPersistenceAPI JavaServerFaces,aUIframework

ThesecomponentsarebundledtogetherandincorporatedintoJavaapplicationservers. Theapplicationserverssometimesrunhigherleveladditionalapplicationdevelopment components,suchasportalsandcontentmanagementsystems.

72

TheDefinitiveGuidetoCloudComputing

DanSullivan

Asyoucanseefromthedescriptionsofthreecommonapplicationplatforms,theyprovide manyofthesamefunctionsbutdosowithfundamentallydifferenttoolsets.When assessingexistingcapabilities,itisimportanttocatalogalltheplatformsandmainplatform componentsusedsothattheycanbesupportedinthecloudaswell.

ApplicationCapabilities
Enterprisesrunawiderangeofapplicationsandmanyofthesearesuitableforrunningin thecloud.Thegoalofassessingapplicationcapabilitiesistodetermine: Therelativepriorityofmovinganapplicationtothecloud Thedifficultytomovetheapplicationtothecloud Changestoapplicationmanagementpracticesthatmaybeneededafterthemoveto thecloud Potentialrisksandmitigatingstrategies

Whenitcomestoprioritizingmovingapplicationstothecloud,youshouldlookforthose systemsthatare(a)underutilizingtheserverstheyrunon,(b)arerunningbelowneeded performancelevelsbecausethehardwaredoesnotadequatelyservecurrentloads,or(c) havepeakdemandsthatcouldtakeadvantageofelasticallocationofCPUandstorage capacityofthecloud. Atthesametime,youwanttoavoidimmediatelymovingapplicationstothecloudthatmay havespecialrequirements.Forexample,highsecurityapplicationsthatwouldrequireany deleteddatabenotonlydeletedbutoverwrittenmultipletimestoreducetheriskof unauthorizedreconstructionofthatdata.(Deletingdatacanbedonebymarkingadata blockasavailableforuse,soolddatacancontinuetoresideonthediskevenafterfiles havebeenlogicallydeleted.)Itisnotthecasethattheseapplicationscanneverbemovedto thecloud;theycanoncesecurityproceduresareinplacetomeettheapplication requirements. Runningapplicationsinthecloudandonadedicatedserverwillrequiredifferent managementroutines.Forexample,acloudstorageprovidermayprovidesufficient redundancyindataduplicationthatyoumayreducethenumberofbackupsperformed. Also,asdepartmentswilllikelybebilledforthetimevirtualmachineinstancesarerunning, theywillwanttooptimizetheirworkflowstokeepthevirtualserversutilizedasmuchas possiblewhentheyarerunning. Billingrulesshouldalsobeconsideredwhenschedulingjobs.Forexample,ifadepartment ischargedforafullhourofvirtualservertimeregardlessofhowmuchofthathouris utilized,itwouldbebesttoschedulejobscontinuouslyratherthanshuttingdownand restarting.Ofcourse,thisassumesthatjobscanbescheduledtogetherthatrequirethe sameplatform.Aseventhissimplescenarioshows,thewayyoumanagecloudapplications willhavetoaccountfornewbillingstructuresandserverusepatterns.

73

TheDefinitiveGuidetoCloudComputing

DanSullivan

Anotherareayouneedtoconsiderduringtheapplicationassessmentistheriskofmoving applicationstothecloud.Theserisksinclude: Ifusingapubliccloudprovider,ensuringsecurityandcompliancestandardscanbe met Beingabletorunapplicationsonastandardizedplatformthatmayrequire specializedruntimelibrariesorutilities Havingaccesstovirtualmachineimagesthatsupporttheapplication;thiscanbean issueifacloudprovideronlyoffersthelatestpatchversionofanOSandthe applicationdoesnotruncorrectlyunderthatparticularversion

Movingapplicationstothecloudentailssharingcontrolwiththecloudprovider.Thismay belessofanissuewhenusingaprivatecloud,butitstillmustbeconsideredatthelevelof applicationrequirements.Theseconsiderationswithregardtoapplicationsrepresentjust someofthebroaderissuesthatmustbeaddressedaspartofgovernanceprocesses.

GovernanceCapabilities
Acapabilitiesassessmentshouldincludeanassessmentofgovernancepracticesaswell. Althoughcloudarchitecturesarefaulttolerantandresilient,thegovernancepracticesfor cloudsareapotentialsinglesourceoffailure.Poorgovernanceaffectsallusersofthecloud. Governanceofcloudoperationsisrequiredforalltypesofclouds:private,public,and hybrid.Thepoliciesthatareimplementedwillvarybytypeofcloud,butingeneral,they willinclude: Complyingwithgovernmentandindustryregulations Definingandenforcingauditcontrolsandsecurityprocedures Establishingcostallocationandcostrecoverypolicies Settingpoliciesonthemanagementoftheservicecatalog Adjustingexistingpoliciestoaccommodatecloudservices

Thesegovernancerequirementsshouldnotbenewwithcloudcomputing.Theneedfor governanceisindependentofITarchitecturechoices.Asnotedearlier,though,thecloud changesthewayyoudeliverservicesandprovidesnewopportunitiestochange managementorgovernancepolicies.Forexample,changecontrolpoliciesmaybecome moreflexiblewithregardstoplatformlevelchangesbecausemultipleversionscancoexist intheservicecatalog. Thegoalofthegovernancecapabilityassessmentistounderstandthemechanismsthatare alreadyinplacetoguideIToperations,identifyweaknesses,andmakenecessarychanges. Cloudcomputingwillnotimprovegovernancepractices,butpoorgovernancecan eventuallyunderminethevalueoftheinvestmentincloudcomputing.

74

TheDefinitiveGuidetoCloudComputing

DanSullivan

ManagementandReportingCapabilities
Withcloudcomputing,serviceconsumershavegreatercontroloverhowtheyuse computingandstorageresources.Tooptimizetheiruseoftheseresources,theyneed informationabouttheirworkloads,levelsofutilization,costs,andothermetrics. Managementreportsarethekeytodeliveringthatinformation. Reportsanddataoncloudusageshouldbeavailableforbothfrontlinemanagers responsibleforschedulingjobsandbudgetingforservicesandforbackofficebilling operations.Frontlinemanagersshouldhaveaccesstonearrealtimebillinginformation onCPUutilizationandstorageallocationssothattheycantuneworkflows.Theyshould alsohavecomparativehistoricaldatasothattheycandetecttrendsandproperlyplanfor futureneeds.Whenaprivatecloudisused,backofficebillingsystemswillneedto accommodatebillingorchargebacksforcloudservices.Existingfinancialreportswould thenprovideanadditionalsetofreportsforfrontlinemanagers.

Figure4.5:Organizationalcapabilitiesintheformofinfrastructure,platforms, applications,governanceandmanagement,andreportingenablethedeployment anduseofcloudcomputingservices.

75

TheDefinitiveGuidetoCloudComputing

DanSullivan

Anassessmentoforganizationalcapabilities,spanningexistinginfrastructure,platform, applications,governanceandmanagement,andreportingprocedureswillprovidean organizationwithastartingpointforintroducingcloudcomputingservices.

IntroducingaNewModelforConsumptionandDelivery
Introducingcloudcomputingcanbedoneintwoways:byusingapubliccloudorbyusinga privatecloud.Wewillfocusmostofourattentiononthelatter,butwewillbrieflyaddress theuseofpublicclouds.

IntroducingPublicCloudConsumptionModel
Publiccloudscanbeintroducedquicklyforsmall,experimentalevaluationsthatdonot involveconfidentialdata,specializedworkflows,orcomplexsecurityrequirements.Ina veryshorttime,adepartmentlevelmanagercould: Establishanaccountwithapubliccloudprovider Uploaddataforanalysisintothepubliccloudprovidersstoragesystem SelectfromthepublicproviderscatalogofOSsandotherplatformsoftware Allocatethenecessarynumberandtypesofservers Runthejob Shutdowntheservers,collecttheresults,andcompletethetask

Thistypeofisolated,tacticalusecanalsobedoneincaseswhereconfidentialdata, specializedworkflows,orcomplexsecurityrequirementsexist,butitwouldtake significantlymoreplanning,alongthelinesofwhatwewillbedescribingshortlyinthe discussionofaprivateclouddeployment. Publiccloudsallowconsumerstoexperimentwiththeclouddeliverymodelwithoutfully committinghardware,software,andmanagementtoafullscaledeployment.Itisalsoa viableoptionformeetingpeakdemandsofjobsthatarereadilymovedtoapubliccloud. Runningsignificantportionsofyourbusinessservicesinthecloudforextendedperiods cancertainlybedonebutwillrequirethetypeofattentionandplanningthatonefindswith theuseofprivateclouds.

IntroducingPrivateCloudConsumptionModel
Thereisnothinginherentincloudcomputingthatrequiresthecloudbeownedand operatedbyanotherbusiness.Cloudcomputingisanarchitectureandasetofservicesthat enableaccessresourcesondemand.Theinfrastructureandservicesaremanagedbythe providerandusedbyserviceconsumers.Theprovidercanbeathirdpartyofferinga servicetothepublicoranITdivisionwithinacompanyofferingcomputingandstorage servicestootherdepartmentswithinthecompany.

76

TheDefinitiveGuidetoCloudComputing

DanSullivan

Aprivatecloudmayappeartolacksomeoftheeconomicadvantagesofcloudcomputing, suchaslowermanagementcostsandnoneedforcapitalexpenditures.Thismayormaynot bethecasewithprivateclouds;theeconomicbenefitwilldependoncircumstanceswithin thebusinessprovidingaprivatecloud.Ifthebusinesshasalargeexistinginfrastructure withlowutilizationandhighsystemsmanagementoverhead,thecompanycouldbenefit fromredeployingtheirinfrastructuretoaprivatecloud.Thenumberofserverscouldbe reducedbecausefewerwillbeneededtomeetexistingdemands.Managementoverhead couldbesimplifiedwithcloudmanagementsoftware.Incaseswherecapitalexpenditures arerequired,businessescanstillbenefitfromspendinglessoninfrastructurethanthey wouldiftheydidnotuseacloudbasedapproach. Introducingaprivatecloudwillentailchangingproceduresandpractices;thesechanges fallintothreeareas: Deployingexistinginfrastructureinaprivatecloud Enablingapplicationservicesinacloud Managingacloud

DeployingExistingInfrastructureinaPrivateCloud Thefirststepistoestablishthehardwareinfrastructureforrunningthecloud.Existing hardwaremaybeusedforthis,butofcourse,itwillrequireplanningtoensureexisting servicesarenotdisruptedduringthetransition. Thefirststepistoidentifytheserverstouseforcloudservices.Oneofthegoalsofcloud computingistoincreasetheserverutilization,soyouwouldexpecttousefewerserversfor thesamelevelofdemand.Ifthisisthecase,olderserverswithloweroverallperformance andhighermaintenancecostsareobvioustargetsforelimination.Someofthefactorsto considerwhenselectinghardware: NumberofCPUsandcoresintheserver AmountandspeedofRAM Networkinterfacecardthroughput Costofmaintenancecontracts,ifany Costofleasingcontracts,ifany Powerconsumption Coolingrequirements Standardization

Mostofthesearecommonsenseconsiderations.Thelast,standardization,addressesthe factthatyoushouldexpecthardwarefailuresinthecloud.Actually,youshouldexpect hardwarefailureinarchitecturalconfiguration.Bystandardizinghardware,youreducethe needtomaintainmultipletypesofbackupcomponentsandstreamlinetroubleshooting procedures.

77

TheDefinitiveGuidetoCloudComputing

DanSullivan

Storagehardwareshouldbeselectedforcomparablereasons:speed,capacity,throughput, powerconsumption,cooling,andsoon. Networkcapacityandthroughputshouldalsobeconsideredattheearlydeploymentstate. Ifdatacentersarebeingconsolidated,additionalnetworkcapacitymayberequired.Also, considerthelevelsofredundancyonthenetworktoensureservicescancontinueat neededlevelsif,forexample,oneInternetaccessproviderisdown. EnablingApplicationServicesintheaCloud Applicationservicesbeginwithaservicecatalog.ThisisthesetofallOSs,middleware,and applicationsthatwillruninthecloud.Aswithdeployinghardware,thisisanopportunity tostandardizeonsoftwarecomponents.Theadvantageofstandardizingisthatthereare fewerpiecesofsoftwaretomanage,patch,andconfigureandthatultimatelyleadsto reducedsupportcosts. Softwareservicesinthecatalogshouldbebasedonbusinessrequirements.Therewillbe needsfordifferentOSsandapplicationstacks,possiblyinmultipleconfigurations.For example,tosupportexistingbusinessservices,theservicecatalogmayneedtoinclude: WindowsServer2008with.NETFramework WindowsServer2008withJavaEnterpriseEditionframework LinuxwithLAMPframework

Inadditiontotheapplicationsneededintheexistingconfiguration,therewillbeadditional softwareneededtomanagethecloud. ManagingaPrivateCloud Managingaprivatecloudrequiressoftwareandprocedures.Operationmanagement softwareisneededtotracktheuseofcomputeandstorageresourcesinthecloud.Asnoted earlier,cloudconsumersshouldhavetheabilitytotracktheiruseandcostsastheymake useofservices.Theyshouldalsohavetheabilityto: Monitortheirjobs Scheduletheirjobs Establishcomplexworkflows Trackstorageuse Createspecializedvirtualmachineimageswithcustomconfigurations

78

TheDefinitiveGuidetoCloudComputing

DanSullivan

ManagementtoolsarealsoneededbyITsupportstafftomaintaintheservicescatalog.For example,systemsadministratorsshouldbeabletotrackmetadataabouteveryitemina servicecatalog,suchas: Descriptionofavirtualmachineimage Dateitwascreated Applications,libraries,andutilitiesincluded Patchlevels Numberoftimesinstantiated Locationofsourcesusedtoconstructtheimage

Manyofthesameservicemanagementproceduresusedinnoncloudenvironmentsare stillrelevanttothecloud.Imageswillneedtobepatched,accesscontrolswillneedtobe applied,identitieswillneedtobemanaged,andchargeswillhavetobemadeto departments.

Figure4.6:Managementcomponentsincludetheservicecatalogofaplatformsand applicationsavailableinthecloudaswellasmanagementsupportsoftware.

79

TheDefinitiveGuidetoCloudComputing

DanSullivan

MeasuringtheValueofaCloud
MovingtoacloudcomputingenvironmentwillchangetheITcoststructureandimpact bothcapitalcoststructuresandoperationalcosts.

ChangestoCapitalCost
InaconventionalITmodelinwhichdepartmentsorservicemanagersusededicated servers,theyoftenhavetoplanforcapitalcosts.Theseareinfrequentbutsignificantcosts thatarebudgetedoutsidethenormaloperationsbudget.Althoughthecostofaserveror twomaybeaccommodatedinanoperationalbudget,thatisnotthecaseforafully functionalapplicationenvironment. Considerthecostsofdeveloping,testing,deploying,andmaintainingapplications.For hardware,youwouldneeddevelopmentandtestservers.Forsmallprojects,asinglehigh endservermayserveforbothaslongaseachraninitsownvirtualenvironment.The productionservermayactuallybeaclusterofserversandaloadbalancerinordertoscale topeakdemand.Theloadbalancerwillprovidesomedegreeofhighavailability,but disasterrecoveryproceduresdictateabackupsetofserversinanoffsitelocation.Storage willberequiredaswell,addingtothecapitalexpenditure.Inadditiontothesehardware costs,therewillbethecostofapplicationandOSlicenses. Inthecloud,thesecostsdonotgoaway,buttheyarereduced.Thekeyistoefficientlyshare resourcesratherthandedicateserversandstoragearraystosingleservicesor departments.Ratherthanhavingmultipleservicemanagersdeveloptheirowncapital budgets,completewithwiderangingcontingencyfundseitherexplicitlyorimplicitlyadded tothebudget,centralITcanplanforcapitalcostsacrossawidebaseofusers.Theend resultislesscapitalexpenditurebecauseofmoreefficientuseofinfrastructure,platforms, andapplications.

ChangestoOperationalCost
Cloudcomputingcanproveadvantageousforoperationalcostsinfourareas: Labor Infrastructuremaintenance Facilitiesoperations Simplifiedaccounting

LaborCosts Laborcostsarereducedwiththeuseofselfservicemanagementenabledbycloud managementsoftware.Consumersofcloudserviceshavetheabilitytochoosethevirtual serverstheywanttorun,determinewhatapplicationstorun,andschedulethemwhen needed.Thestandardizedservicecatalogreducestheneedforcostlysoftware configurations,whichinturndependonaccesstoaskilledITprofessionaltoperformthe configuration.

80

TheDefinitiveGuidetoCloudComputing

DanSullivan

ThecloudcanreduceITsupportlaborcostsinotherways.Withacentralizedservice catalog,updatingandpatchingbecomeslesslaborintensive.Forexample,ifanOSvendor releasesacriticalpatchthathastobepushedtoservers,thenhundredsofserversmaybe involved.Thisrequiresidentifyingwhichserversneedthepatch,deployingthepatch throughanautomateddeliverysystem,reviewingtheresultsofthepatchingoperation,and manuallyapplyingthepatchtothoseserversthatfailedtobepatchedcorrectlyusingthe automatedmethod.ThiscanbeatimeconsumingburdenonITsupportstaffwithother regularlyscheduledtaskstocomplete.Thesamepatchcouldbeappliedtoimagesinthe servicecataloginfewernumbersbecauseonlyonecopyofeachconfigurationisneeded. Also,thepatchwouldbeavailabletousersofthoseimagesthenexttimetheyinstantiate theirvirtualmachines. InfrastructureMaintenance Standardizationisawellestablishedmethodtoreducecosts.Standardizingon infrastructureisnoexception.Addingnewcomponents,suchasservers,toacloudwill havelowmarginalcostsiftheyareconfiguredsimilarlytoserversalreadyinthecloud.If therearefailures(andtherewillbe),thenewunitsarereadilyswappedinwithout requiringconfigurationchanges.Inventoriesofsparecomponentsarekepttoaminimum aswell.Cloudsruninacentralizeddatacenter,sothereislessneedforremoteofficevisits todealwithfailedhardware. FacilitiesOperations Anothercontributortosavingsinoperationalcostscomesinfacilitiesmanagement.IT infrastructurecanconsumesignificantamountsofpowerleadingtohighenergycosts.Of course,allthatpowerthatcomesintothedatacentergetsconvertedtousefulcomputation, buttheconversionfromelectricitytocomputationisnotperfect.Theinefficienciesin conversionarerealizedintheformofheat;heatthathastoberemovedwithcostlycooling systems.Bydrivinguptheaverageserverutilization,abusinesscanreducethenumberof serversneeded,whichinturnreducespowerandcoolingcosts. SimplifiedAccounting Oneoftheadvantagesofcloudcomputingisthatitprovidesawaytostandardize computingandstorageunitsofservice.Forexample,avirtualmachinerunningonadual coreprocessor(oritsfunctionalequivalent)for1hourcanbedefinedasaunitof computingresourcewithastandardpriceattachedtoit.Similarly,agigabyteofstorage storedforonedaycouldbeaunitofstorageforaccountingpurposes.Fromthese fundamentalunits,youcouldbuildpricingschedulesthatcouldaccountforadditionalcosts forOSorapplicationlicenses. Withthistypeofmodel,costrecoveryissimplified.Cloudconsumerscanreadilyplantheir expenditures.Reportingandintegrationwithfinancialsystemsislesscomplexthanifa largenumberofspecializedcasesandaccompanyingbusinessruleshavetobe accommodated.Cloudcomputingpresentsclearcostbenefitsinbothcapitaland operationalcostsaslongasproperplanningandassessmentaredone.

81

TheDefinitiveGuidetoCloudComputing

DanSullivan

Summary
Cloudcomputingisanefficientframeworkforutilizingcomputingresources.Togetthe mostofyourinvestment,beginbyassessingthecurrentstateofbusinessandtechnical operations.Thisincludesidentifyingbusinesspriorities,operationalinefficiencies,and barrierstoinnovation.Italsoentailsassessingthecurrentcapabilitiesintermsof infrastructure,platforms,applications,governanceandmanagement,andreporting. Deployingacloudisamultistageprocessthatincludesdeployingexistinginfrastructure, enablingapplicationservices,andmanagingthecloud.Thevalueofthecloudwillbe measuredinbothcapitalandoperationalcostsavings.

82

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter5:StrategiesforMovingtothe Cloud
Cloudcomputingisaframeworkfordeliveringservicesthat,aswehaveseeninprevious chapters,offersanumberofcompellingbenefits.Nowitistimetoturnourattentionto strategiesformovinganorganizationfromthinkingaboutcloudcomputingtousingcloud computing.ManyofthesamerationalmethodsandmanagementtechniquesweuseinIT planninganddelivertodayarerelevanttocloudcomputing.Thisisnotsurprising.AsI havenotedinthisbook,cloudcomputingisaphaseintheevolutionofITservicesdelivery; itbuildsonpreviouspracticestodelivernewlevelsofefficiency,control,and manageability. Thischapterfocusesonhowtoplanfortheorganizationalandtechnicalissuesaroundthe movetocloudcomputing.Itisspecificallystructuredaroundthreebroadtopics: Planningprinciples Architecturalprinciples Usecasescenarios

Thefirstsectiononplanningprincipleswilldescribeaprocessforunderstandingthe currentstateofITservicesandframingtheminsuchawaythatwecanproperlystart deliveringtheseservicesinacloudbasedenvironment.Inthesecondsectionon architecturalprinciples,weexamineissuessuchasscalability,manageability,andservice deliveryintermsofdesignandimplementationissues.Highleveldiscussionsabout planningandarchitectureinthefirsttwosectionsofthischapterarecomplementedbya setofusecasescenariosinthethirdsectionofthischapter.Thegoaloftheusecasesisto provideconcreteexamplesofapplyingtheplanningandarchitecturalprinciplestotypical scenariosfacingcloudcomputingadopters.

PlanningPrinciplesforMovingtoCloudComputing
Planningamovetocloudcomputingstartsprettymuchthesameasanyotherplanning process:understandingwhereyouareandwhereyouaretryingtogo.IntherealmofIT, thisgenerallymeansunderstandingthebusinessdriversthatdictatetheservicestobe delivered,theexpectationsforthoseservices,andtheconstraintsonactuallydelivering them.Fromthere,wecanmovetoadetaileddefinitionofrequirements.Withaclearand welldefinedsetofrequirements,wecandocumentworkloadsthatweexpecttoutilizethe cloud.Eachofthesestepswillbeconsideredinturn.

83

TheDefinitiveGuidetoCloudComputing

DanSullivan

PrioritizingAccordingtoBusinessDrivers
BusinessdriversarethestrategicobjectivesofanorganizationthatframetheneedforIT services.Thesecaninclude: Increasingproductivity Reducingtimetomarketinnewproductdevelopment Reducingproductioncosts Optimizingproductdistributionanddelivery Increasingmarketshare Increasingcustomerretention

Businessdriversaresohighlevelthattheycanapplytomanydifferentbusinesses.Thisis expectedbecausebusinessesallhavethesamehighlevelgoalsofmaximizingreturnsfor owners. Whatdistinguishesbusinessesintermsofstrategiesishowtheyprioritizetheseobjectives andhowtheydefineandimplementstrategiestorealizetheirgoals.Forexample,one companymaydecidetofocusonincreasingproductivityinordertoremaincompetitivein anincreasinglyglobalmarket.Anothercompanymayrealizethatitistheirintellectual property(IP)thatdrivestheirgrowth,andtheyneedtoinvestmoreincomputational resourcestodevelopnewIP.Stillanothercompanyoperatinginamaturemarketmay decidetogrowbyacquiringnewcustomersbytargetingperceivedweaknessesintheir competitorsproductline. Thefirststepinplanningamovetothecloud,then,isunderstandingwhatbusiness objectiveisservedbythatmove.Certainly,movingtocloudcomputingbecauseitisamore efficientvehiclefordeliveringcomputingservicesisasoundreason.Wedonotneedto settleforjustthat,though.Ifwepressforanevenmoredetailedsetofdrivers,wecanmore preciselyplanourcloudservices.Thiswillhelpustoplanforshorttermcapacitydemands, planforlongtermneeds,aswellasdeployneededapplicationsandothersoftwareto supportthoseobjectives.

84

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure5.1:Highlevel,nonprioritizedbusinessobjectivesarelesshelpfulinshaping cloudcomputingplanningthanmoreprecise,prioritizedobjectives.

DefiningRequirements
Definingrequirementsthatwilldriveacloudcomputingadoptioncanbeadauntingtask.It isdifficultenoughtoelucidateanddefinerequirementsforoneapplicationletalone gatheringrequirementsformultipleapplicationsservingdifferentbusinessneedsand managedbyarangeofdepartments.Fortunately,wearenotstartingfromscratch. Applications,documentation,policies,andoperationalproceduresareprobablyalreadyin place.Ourjobisthenoneofunderstandingthedetailsofexistingsystemsbecausethese reflect,atleasttosomedegree,thecurrentapplicationrequirements.Wecanthenbuildon thisbyassessingadditionalrequirementsgoingforward. ExistingApplicationsInfrastructure:TheCurrentStateofAffairs Aninventoryofexistingapplicationsandworkloadsisavaluableassetforplanningamove tothecloud.Aninventoryshouldincludeallapplicationsthatmightmigratetothecloud. Implementationdetailswillvaryfromoneapplicationtoanother(evenamongthesame softwareusedbydifferentdepartmentsorfordifferentbusinesspurposes),soitis importanttoincludeintheinventorykeyinformationinthreeareas: Businessrequirementsandrelateddetails Technicalandimplementationrequirements Operationaldetailsandrequirements

Businessrequirementsspecifywhowithintheorganizationisresponsibleforaservice, howcriticalthatserviceistothebusiness,andwhatstrategicobjectiveisservedbythe application.Theserequirementsarenotnecessarilylong,detaileddocuments;asimple halfpagesummaryisprobablyenough.Ourgoalisnottocreateanencyclopedicresource oneveryapplicationintheorganizationbuttocreateaplanningtoolthathighlightsthe servicesthatwillruninthecloudandidentifythecorerequirementsforthoseservices.

85

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thetechnicaldetailscatalogsomeoftheimplementationdetailsaboutexistingservices. Thisincludesdetailssuchas: Serverconfiguration Workloadsonservers Dependenciesandinteroperabilityconsiderations Useofsharedresources,suchasdiskarrays Allthenecessarydetailsaboutexistingservicesmaybedocumentedinaformlikethat showninTable5.1. Type Business RequirementArea
ServiceDescription BusinessOwner ServiceLevelAgreements BusinessObjective Criticality Servers Sharedresourcesused PlatformServices Applications Physicaldistributionofservers Utilization PeakPeriods DependencyonotherServices

Description
Ahighleveldescriptionoftheservice Personordepartmentthatfundsandgovernsthe ITservice Keyrequirementsonservicedelivery Describesthestrategicbusinessobjectivethatis servedbythisITservice Rankingofrelativeimportanceofthisservice. Listofserversanddescriptionofconfiguration;role ofeachserver SharedITresources,suchasdiskarrays,network, backupservices Operatingsystemrequired,libraries,utilitiesand otherpackagesrequiredtoruntheapplications Commercial,opensourceandcustomapplications Locationofprimaryservers,backupserversand disasterrecoverysites Descriptionofserver,diskarray,network utilization. Timesanddurationofpeakloads,frequencyof peakperiods,periodicityofpeakdemands OtherITservicesthatarerequiredtodeliverthis service Recoverypointobjectives,recoverytime objectives,etc. Timetorecoverservices,levelofservicestobe restored,criticaldependencies Summaryofkeycomplianceandgovernanceissues withthisservice


Technical

Operations Backuprequirements

Disasterrecovery Complianceissues

Table5.1:Requirementcategoriesforsummarizingexistingapplications,software stacks,servers,andrelatedhardware

86

TheDefinitiveGuidetoCloudComputing

DanSullivan

AdditionalRequirementsforNewApplications IfthereisonethingwecancountonwithITservices,itisthatrequirementswillchange.A movetothecloudwillopennewopportunitiestodeployadditionalservices,changethe wayservicesareconsumed,andconsolidateresources.Theseshouldalsobecaptured duringtherequirementsgatheringstage.Wecertainlywanttocaptureapplicationsand workloadsthatfallintothemoreofthesamecategory(forexample,moredepartments willstandupsmalldatabasesbecausetheoverheadwithmanagingthemisreduced)but themostinteresting,andperhapsthemostinfluentialinthelongterm,arethosethat changethewaywedobusiness.Considerexamplessuchas: Usingcloudstoragetostoresinglecopiesofdatathatareaccessedbymultiple applicationsratherthanduplicatingdatasets Reducingthenumberofadhocreportingtoolsasusersstandardizedonthebestof thebreedtoolsofferedinthecloudsservicecatalog Newapplications,suchasstatisticalanalysisanddataminingoflargecustomer transactiondatasetsenabledbyondemandaccesstocomputeandstorage resources

Inthebestcases,wewillbeabletodevisereasonableestimatesoncomputeandstorage impactofsomeofthesenewrequirements.Forexample,inthecaseofreducingduplicate dataforbusinessintelligenceapplications,wecandevelopfairlyaccurateestimates.The moreinnovativeapplications,suchasadvancedanalytics,aremoredifficulttopindown. TheCPUdemandsofsuchapplicationsarehighlydependentonthetypeofanalysis,the algorithmsused,theimplementationofthealgorithms,andtheamountofdataweare analyzing.Evenwiththeselimitations,wecanatleastprovidebestestimates(sometimes guesses)forthesenewtypesofapplications.Thenextstepintheplanningprocessafter prioritizingbusinessdriversanddefiningknownandestimatedrequirementsistoanalyze thepotentialworkloadforthecloud.

AssessingWorkloads
Workloadsareasvariedasbusinessrequirements.Someworkloadsplaceaheavyloadon CPUswhileothersaremoreI/Ointensive.Sometimesworkloadsarefairlyconsistentover timeandothershavewelldefinedpeakdemandperiods.Itisimportanttounderstand workloadprofilesforafewreasons. CapacityPlanning First,ithelpstoestimatetheoverallcapacityofcloudservicesthebusinesswillconsume. Thisisespeciallyimportantifyouareimplementingaprivatecloudandwanttoensure adequatecapacityforpeakdemandperiods.Publiccloudcustomerswillalsofindthisdata usefulforbudgetingandlongtermplanningalthoughthereisnoneedtobeconcerned aboutthehardwarecapacityofyourprovider(atleastintheory).Forhybridcloud configurations,thistypeofdetailcanhelpyouunderstandwheninternalcapacitywillbe exceededandpubliccloudresourceswillberequired.

87

TheDefinitiveGuidetoCloudComputing

DanSullivan

Scheduling Anotherreasontoassessworkloadsisforschedulingpurposes.Somejobshavefairly predictableworkloads.Forexample,servicesprovidedtothecustomersthroughWeb applicationswillhavegeneratedhistoricaldatathatcanbeusedtodeterminedemand patterns.Theseapplicationsmayhaveminorperiodicvariations,forexample,Mondays haveheavierworkloadsthanFridays,orlonger,seasonalvariationssuchasthoseretailers experiencejustbeforetheChristmasholiday. Cloudproviderscanuseknowledgeofworkloadstooptimizescheduling.Ideally,atany time,wewouldhaveamixofjobsthathavedifferentlevelsofdemandonCPU,I/O,and networking.Wewouldnotwant,forexample,tohavealltheI/OandCPUintensive extraction,transformation,andload(ETL)processesrunningatonetime.Dependingon thelevelofcontrolonehasovertheworkloadscheduling,acloudprovidercanschedule jobsinanoptimalmannerorusevariationsinpricingschedulestoprovideincentivesfor userstoscheduletheirjobsinwaysthatcoincidewiththeschedulinggoalsoftheprovider. Onewaytogloballyoptimizeschedulingiswithabid/acceptmodelforpricing.Cloud consumerscanbidapriceforaserverorCPUtimebasedonthevalueofhavinga particularjobrun.Ifitisahighpriorityjob,thecustomerwillbidahigherprice;ifthejob canwait,thecustomerwillbidless.Thisapproachwilloptimizetheallocationofresources inthewayafreemarketoptimallyallocatesresources.Thismodel,however,issubjectto thesamelimitationsasfreemarkets;themodelbreaksdownwhenthereis,forexample, insufficientinformationortimetofullyevaluateoptions. CostRecovery Publiccloudproviderssettheirratestocovercostsandearnaprofit.TheITdepartment, orotherorganizationstructurechargedwithprovidingprivatecloudservices,willlikely chargeforservicesprovidedaswell.Internalserviceprovidersgenerallyaremore concernedwithrecoverycoststhanmakingaprofit,andasharedcostmodelisacommon meansforchargingfortheseservices.Chargesarebasedonasimpleformula: (TotalCostofProvidingService/NumberofUnitsConsumed)=CostPerUnit UnitsofservicecanbeCPUhours,serverhours,orgigabytesofstoragepermonth. Basicallytheideaisthattheserviceprovidersrecoverwhateverthecostofprovidinga service. Note Thisisdifferentfromasimplemarketmodelinwhichpriceisdeterminedby supplyanddemand.Inthecaseofacostrecoverymodel,whendemandgoes down,priceperunitcouldactuallygoupbecausethenumberofunits consumedgoesdown.Conventionalfreemarketeconomicspredictstheprice willdropinsuchsituations. Themixofworkloadsandtheirdistributionovertimeareimportantfactorswhenaligning requirementstothecloudmodel.

88

TheDefinitiveGuidetoCloudComputing

DanSullivan

AligningRequirementstoCloudServices
Attheendoftheplanningphase,weshouldhave: Asetofhighlevelrequirementsforexistingapplicationsthatwillmovetothecloud describedintermsofbusiness,technical,andoperationalrequirements Roughestimatesfornewapplicationsenabledbythecloud Workloadinformationthatcanprovidethebasisforcapacityplanning,scheduling, andcostrecovery

Toensureacloudservicemeetstheexpectedneeds,wewanttohavesufficientcapacity. Howwedosowilldependonwhetherweareusingpublic,private,orhybridcloud services.Whenaprivateorhybridcloudmodelisused,weareboththeprovider(forsome oftheservicesinthehybridcase)andtheconsumer.Astheproviderofcloudservices,we havetoredeployexistinghardwareand/orprocureadditionalhardwareanddeployitina cloudinfrastructurealongwithmanagementapplicationsandaservicecatalogofmachine imagesandrelatedsoftware.Whenapubliccloudproviderisused,wehaveto demonstratetheprovidercanofferthelevelsofserviceneededatthetimestheyare required.Aswegetintotheseissues,wemoveawayfromtheplanningaspectsandstartto focusonmorearchitectureorientedissuesrelatedtomovingtothecloud.

ArchitecturalPrinciplesforCloudServices
Thearchitecturalprinciplesunderlyingthecloudmodelaredesignedtomaximizethe utilityofcomputinginfrastructurebymakingitavailabletoabroadrangeofusersfora varietyofapplicationswithoutunnecessarilycouplinghardwareandsoftwaretosingle uses.Todoso,wedesignaroundanumberorarchitecturalprinciplesfocusedon: Designingforscalability Designingformanageability Deployinglayeredtechnicalservices Deliveringbusinessservices

Beforediscussingeachoftheseindetail,itisworthnotingtheimportanceofvirtualization tocloudarchitectures.Virtualizationisafundamentalaspectofcloudcomputingandis usedatnumerouslevelsofservicedelivery.Wevirtualizecomputingandstorage,which hidestheimplementationdetailsoftheselowlevelservices.Higherlevelservices,suchas databasemanagement,contentmanagement,andidentitymanagement,areprovidedas servicesabstractedawayfromimplementationdetails. Animmediatebenefitofvirtualizationisflexibility.Hardwarecanrundifferentoperating systems(OSs)atdifferenttimes.Differentsoftwarestackscanbedeployedtorunforsome periodoftimeandthenshutdown.LegionsofITprofessionalsarenotneededtodothis; virtualizationenablesgreaterlevelsofselfservicethanhavebeenpossibleinthepast.

89

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thedegreeofflexibility,andthebenefitsderivedfromit,varieswiththeamountand methodofvirtualization.Forexample,atoneendofthespectrum,wecandeploysingle serversdedicatedtosingletasks.Ifadditionalresourcesareneededtoaccommodate growingworkloads,eithertheserverneedstobeupgradedoradditionalserversneedtobe dedicatedtothatpurpose.Thisisespeciallycostlyiftheadditionalresourcerequirements areonlyforshortpeakdemandperiods.

Figure5.2:Thegreaterthevirtualizationandsupportforselfadministration,the greatertheflexibilityinadaptingcomputingresourcestochangingserviceneeds. Astepawayfromthededicatedservermodeltowardahighlyvirtualizedenvironmentlike thecloudisaserverfarminwhichserversarereallocatedaccordingtochangingneeds. Thereareanumberofadvantagesofthisapproachoverthededicatedservermodel.First, policiesandproceduresareinplacetochangetherolesofserversfairlyrapidly.Systems administratorsshutdownapplicationsandsupportingsoftware,installmachineimages withotherapplicationsneededatthetime,andredeploytheserversintheirnewroles.A secondadvantageisthathardwareisfairlyeasilyreallocated;thereisnoneedtoprocure newhardwareforsmall,incrementalincreasesinworkloads.

90

TheDefinitiveGuidetoCloudComputing

DanSullivan

Althoughthevirtualizedserverfarmisastepintherightdirection,itisstillhamperedby theneedforITsupporttoreallocateresources.Thiscreatesacertainamountofoverhead costassociatedwiththeswitch.Granted,itissmallerthanthecostassociatedwith switchingdedicatedservers,butitisstillgreaterthanthecostassociatedwiththeself serviceswitchingcostsfoundincloudenvironments.

Figure5.3:Virtualizationcombinedwithselfserviceadministrationlowersvirtual machinedeploymentcosts.Nontechnicalcloudconsumerscanmanagetheirown workloads. Inacloudenvironment,theprocessofdeployingvirtualmachinesishighlyautomatedwith theuseofselfservicesoftware.Inaddition,resourcetrackingmodulesinthecloud administrationsoftwarecantracktheimagesused,thetimeserversareupandrunning, andtheamountofstorageusedbyjob.Thiscanfurtherreduceadministrationcostsand facilitatechargebacksandcostrecovery.Inadditiontoflexibility,virtualizationenables criticalqualitiessuchasscalabilityandmanageability.

91

TheDefinitiveGuidetoCloudComputing

DanSullivan

DesigningforScalability
Concernsaboutscalabilityaffectbothcloudprovidersandcloudserviceconsumers.Inthe caseofcloudproviders,thedesigningforscalabilityentailsaddressingseveral requirementsformeetingvaryingworkloaddemands.Forcloudconsumers,theissues tendtobearoundthequestionofhowtomosteffectivelyutilizethecomputational resourcesavailableinthecloud. ProvidingScalableComputingResources Atfirstglance,cloudscalabilitymaylooklikejustamatterofhardware.Withenough physicalservers,disksinstoragearrays,andnetworkbandwidth,wecanmeetscalability demands,right?Notexactly,oratleastthatisnottheentirestory.Cloudserviceproviders alsohavetoprovideservicesandfeaturesinadditiontorawhardwaretoenablea functional,scalablecloud.Someoftheseservicesandfeaturesinclude: Securityservices Standardizedcatalogofapplications Aserviceorientedarchitecture(SOA)

Theserequirementsarecomparabletothosewefindoutsidethecloud.

SecurityServicesintheCloud
Securityinthecloudlooksmuchlikesecurityoutsideacloudenvironment.Whenwe deployapplicationstothecloud,wehavetoconcernourselveswithseveralsecurity requirements: Identitymanagement Accesscontrols Auditingandlogging Vulnerabilitymanagementandthreatassessment

Identitiesareindependentofworkloadsrunninginthecloud.Identitiespersistovertime andshouldbemaintainedwithauthenticationandauthorizationinformationaswellas encryptionkeys.Thistypeofinformationisneeded,forexample,tocontrollimitson resourceallocationinthecloudandtostorekeysusedtoencryptdatastoredinthecloud.

92

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure5.4:Securitycontrolsintheclouddependonidentity,accesscontrollists,and encryptionkeys. Inadditiontousercentricsecurityinformation,cloudprovidersneedtosupportprocess orientedauditingandlogging.Asinanydeploymentarchitecture,auditandotherlogsmust betamperproofandsufficientlydetailedtomeetsecurityandcompliancerequirements. TheimagesthatcomprisetheservicecatalogwillsupportawiderangeofOSs,utilities, libraries,andapplications.Theseareallsufficientlycomplextorequireregular vulnerabilityscanning,patching,andupgrading.Cloudproviderswillalsoneedtohave proceduresinplacetoperformvulnerabilityscansonimages,trackpatchlevels,and updateimagesasneeded.Oneoftheadvantagesofcloudarchitecturesisthatoncean imageisscannedorpatched,everyclouduserthatdeploysthatimagewillhaveaccessto thelatestversion.Thereisnoneedtopushpatchestoserversordesktops,verify installation,andthenmanuallycorrectfailedpatches.

StandardizedCatalogofServices
Scalabilityoftenimpliesrepeateduseofasmallsetofconstructs.Take,forexample,a clusterofcomputerscomprisingidenticallyconfiguredservers,distributeddatabase runningthesamedatabasemanagementsystemindifferentsites,oreventheubiquitous desktopOS.Theseexamplesshowthatbenefitsofstandardizationcanoftenoutweighthe disadvantagesofnothavingcustomizedsolutionstoaparticularproblem.

93

TheDefinitiveGuidetoCloudComputing

DanSullivan

Inthecloud,standardizationattheplatformandapplicationlevelcomeswitha standardizedcatalogofservices.Clouduserscaninstantiatevirtualmachinesrunning imagesfromthecatalog.Thedatawecollectintheplanningstagesaboutapplication requirementscanformthebasisforbuildingtheservicecatalog.Cloudusersarestillfree tobringordeveloptheirowncustomapplications,buttheservicecatalogprovidesa supportedfoundationforallcloudusers.Cloudprovidershavetoweighthebenefitsof addingspecializedimagestothecatalogagainsttheadditionaloverheadofmanagingmore images.

SOA
Servicesinanyarchitecturehavetobesufficientlyaccessibletobeofuse;whenweare workingwithhighlyscalablearchitecturessuchasthecloud,itisevenmoreimportant.In thecloud,wehavethepossibilityofrunningalargenumberofservicesundervarying workloadconditionswhicharesubjecttodifferentconstraints.Inenvironmentssuchas this,thereshouldbeasfewdependenciesaspossiblebetweenapplications. SOAsdecoupleservicesthroughagreeduponinterfacesandmessagepassing.Thismodel scalestodifferenttypesofservices,awiderangeofinputsandoutputs,andcanscaletoa largenumberofservices. Scalabilityrequiresdesignandimplementationconsiderationsbeyondthoseofjust hardwareandinfrastructure.Scalabilityinthecloudrequiresproviderstoplanforand supportsecurityservices,astandardizedcatalogofservices,andanSOA. UsingCloudServicesinScalableWays Acloudarchitectureis,bydefinition,scalable;however,torealizethefullbenefitofthe cloud,weascloudconsumersneedtouseapplicationarchitecturesthattakeadvantageof thecloudsunderlyingscalability.Thisrequiresthatourapplicationsavoidprocessing bottlenecks,suchasaservicethatisprovidedonlyonasingleserver.Asotherpartsofthe applicationscaleuptomeetdemands,thatservicewouldbeboundbytheconstraintsof thesingleserver.Twocommonwaysofavoidingthistypeofbottleneckaretodistribute workloadsineitheraroundrobinmannerorbypartitioningworkloads.

ScalingwithRoundRobinLoadBalancing
Consideranonlineretailerthatexperiencespeakdemandsduringtheholidayshopping period.Theholidayseasonlastsseveralweeks,soscalingtheirWebsitewithcloudbased applicationsmakessense.TherewillbemanyusersallaccessingtheWebsiteandmostof thedemandsontheserverwillbetodeliverWebpages,sotheretailerwilldeploymultiple Webserverseachhostingthesamecontent.AloadbalancerreceivesallHTTPrequests fromshoppersanddistributesthemevenlyacrossalltheWebservers.Inthisway,no singleserverbecomesabottleneckandadditionalWebserverscanbedeployedfromthe cloudifneeded.Furthermore,thisapproachprovideshighavailabilityaswellbecausethe failureofanyoneWebserverwillbecompensatedforimmediatelybyotherserversinthe cluster.

94

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure5.5:Roundrobinloadbalancingassignseachnewconnectionortransaction tothenextserverinanorderedlistofservers;whenthelastserverisreached,the nextconnectionortransactionisassignedtothefirstserverinthelist.

PartitioningbyDataCharacteristics
Anotherwaytoscaleapplicationsistodivideworkloadsbysomecharacteristicofthedata: Geographiclocationofcustomer Distributioncenterfulfillinganorder Productcategory Customername

Ideally,thecriteriafordividingaworkloadwillleadtoroughlyequalsizepartitionsofthe data.Thishelpstoensurescalabilitybecausenooneserversupportingapartitionwould becomeoverloadedfasterthantheothers.Also,itcanhelplongtermmaintenanceifthe partitioningschemeallowsforchangestothepartitioncriteriawithoutsignificant overhead.Forexample,ifageographicpartitioningschemeisusedandoneareagrows fasterthantheothers,onecouldsubdividethefastgrowinggeographicareaintotwo subdivisions. 95

TheDefinitiveGuidetoCloudComputing

DanSullivan

Partitioningdataandstoringitindifferentdatabasesissometimesusedwhenasingle databaseservercannotkeeppacewithworkloads.Geographicdistributionisespecially helpfulinlocalizingnetworktrafficandimprovingtheresponsivenessofapplicationsthat runonthesamelocalnetworkasthedatabaseserver.Inthecloud,thisislessofaconcern atleastforthecloudserviceconsumer.Nonetheless,thistypeofpartitioningisstilluseful forperformance. Databasesuseacombinationofinmemorycachesandpersistentdiskstorage.Queriesthat canbeansweredusingcacheddataaresignificantlyfasterthanthosethatrequiredisk operations.Inthecloud,multipleinstancesofadatabasecanrunonmultipleservers.Each serverwillmaintainacacheofpartitioneddataand,presumably,usecloudstoragefor persistence.Thetotalamountofmemoryavailableforcachingisthesumofcachememory acrossalldatabaseservers.Thiscanresultinamuchhigherratioofqueriesbeing answeredfromthecacheratherthanfromdisk.

Figure5.6:Partitioningdataacrossmultipledatabaseserverscanimprovethe scalabilityofdataintensiveapplications.

96

TheDefinitiveGuidetoCloudComputing

DanSullivan

Designingforscalabilityisconcernforbothcloudprovidersandcloudconsumers. Providersneedtoaddressobvioushardwareandnetworkinginfrastructureissueswith scalability,butthosearenottheonlyscalabilityissuestheyface.Security,astandardized catalogofapplications,andanSOAarealsoessentialforensuringscalability.Cloud consumersalsohavearoleinensuringscalabilitybydesigningtheirapplications appropriatelyusingtechniquessuchasroundrobinloadbalancinganddatapartitioning.

DesigningforManageability
Manageabilityisanotherarchitecturalprinciplethatstronglyinfluenceshowwe implementandconsumecloudservices.Thisisanimportantprincipleforbothcloud providersandconsumers.Threekeypointsinthisareaare: Provisioning Monitoring Usageandaccounting

Themoretheseservicescanbeautomated,themoreefficientlyacloudcandeliverservices toitsusers. ManagingCloudProvisioning Provisioninginthecloudistheprocessofinstantiatingoneormorevirtualserversrunning aparticularmachineimage.Inthesimplestcase,auserneedstostartasingleserver,and afterrunningaprocess,theusershutsdowntheserver.Thisisafairlystraightforwardtask butstillrequiresmanagementsoftwaretoallownonITpersonneltomanagetheprocess. Eveninasimplecase,thereareissues: Selectingamachineimagetorunonthevirtualmachine Determiningthetimetostartthevirtualinstance Deployingadditionalapplicationsneededtoprocesstheparticularworkload Startingservicesonthevirtualmachine Executingaworkflow Shuttingdownthevirtualserver

Provisioningoperationscanbemorecomplexiftheyinvolvemultipleinstancesrunning differentapplications.Forexample,aworkflowmayrequiresixvirtualserversrunninga Javaapplicationserverandaloadbalancerfordistributingtransactionsacrossthesix otherservers.Theserversmaybeshutdownatdifferenttimesastheworkloadvariesor otherapplicationserversmaybeaddedtothesetofserverstomeetpeakdemand.Easyto usesoftwareisessentialtolowcostprovisioning.

97

TheDefinitiveGuidetoCloudComputing

DanSullivan

MonitoringJobsintheCloud Onceserversareprovisionedandjobsarerunning,wewillneedtomonitorthem.This includestracking: CPUandmemoryutilizationtodeterminewhetheradditionalresourcesare requiredorsomeshouldbeshutdown DiskI/OtoensuresufficientthroughputonI/Ooperationstomeetrequirements andservicelevelagreements(SLAs) Applicationlogstolookforadverseeventsorwarningsofpotentialproblems Jobsandworkflowsrunninginthecloud,includingrunningtime,resources allocated,andcostsforthoseresources

Thistypeofmonitoringisprimarilyformanagingrunningjobs.Itisalsoimportanttohave managementreportsthatsummarizejobs,resourcesused,andcostsoverlongerperiodsof time.

UsageandAccountingReports
Usageandaccountingreportsareespeciallyimportantforverifybillingandanalyzing trendsincloudusage.Forproviders,thesereportsshowaggregateinformationabout: Whoisusingcloudservices Numberofvirtualserversrunperjobandthedurationofjobs Machineimagesinstantiatedinthecloud Theamountofstorageinuse TheamountandtypeofI/Ooperations

Cloudusersmayfindthesereportsespeciallyusefulforoptimizinghowtheyschedulejobs. Unlikerunningadedicatedserver,thereareeasilycontrolledmarginalcostsassociated withrunningjobsinthecloud.Theremaybecostadvantagestorunningjobsonlarger serversbutrunningfewerinstanceswhenthepricingschemeprovidessuchanadvantage. Theremaybeadvantagestoaggregatingjobsandrunningthemlessfrequently.Thiscanbe thecasewhencloudproviderschargeinminimumunitsofonehourandjobsare consistentlyfinishinginwellunderonehour. Designingformanageabilitymeansplanningforenduserprovisioning,processmonitoring, andusageandaccountingreportsfromthestart.Cloudserviceconsumersshouldmakeuse ofthesereportstoruntheirjobsinthemostefficientmannerpossible.

98

TheDefinitiveGuidetoCloudComputing

DanSullivan

DeployingLayeredTechnicalServices
Layeringservicesisalongstandingapproachtodealingwithsoftwarecomplexity.OSs havelongusedlayeringtoisolatetheneedtodealwithhardwarespecificissuesormanage lowleveloperations,likevirtualmemory.Layeringservicesisasoundapproachincloud environmentsaswell.Atthemostcoursedescription,cloudservicesarelayeredas: Infrastructureservices Softwareplatforms Applicationsandinformationservices

Infrastructureservicesarethelowestlevelserviceandincludevirtualmachines, virtualizedstorage,andnetworkservices.Ontopofthislayer,werunmiddlewaresoftware suchasrelationaldatabasemanagementsystems,Javaapplicationservers,content managementsystems,portals,andsoon.Thismiddletierprovidesthebuildingblocksfor businessspecificapplicationssuchascustomerrelationshipmanagement(CRM)systems, businessintelligencereportingsystems,andcustomerfacingWebapplications.

Figure5.7:Cloudservicesaredeliveredinlayers,eachprovidingservicetothelayer abovewiththetopmostlayerprovidingendusebusinessapplications.

DeliveringBusinessServices
Usuallywewouldstopdiscussingarchitecturalprinciplesoncewereachthetopofthe applicationstackwherebusinessservicesaredelivered.Wellveerfromthenormalcase heretoaddressoneotheressentialpartofdeliveringandconsumingcloudservices:the needformanagingservicedelivery.

99

TheDefinitiveGuidetoCloudComputing

DanSullivan

Theservicecatalogdiscussedearlierispartofthisprocess.Asnoted,thecontentsofthe servicecatalogaredrivenbyexistingandanticipatedbusinessrequirements.Theservice cataloghasitsownlongtermmaintenanceissues,justassoftwaredistributedthroughout theorganization.Oneoftheadvantagesofthecloudisthatservicemanagementisless complex.Serversaregenerallyconcentratedinthedatacenterandthereislessneedfor maintainingdesktopclients. Policiesareneededtogoverncloudoperationsandservicestoensuretheirlongterm stability.Basicpolicies,suchasthefollowing,shouldbeinplace: Pricingandcostrecovery Patchmanagement Securitypolicies Acceptableusage Auditing Dataretention

Policiesdefinehowcloudserviceswillbegovernedandmanagedandprovidethefinal pieceoftheplanningprocessesfordeployingbusinessservicesinthecloud.Inthenext section,wewillturnourattentiontotwousecasestoprovideexamplesofapplyingthe planningprocessandarchitecturalprinciplestotypicalbusinessrequirements.

BusinessServicesintheCloud:UseCaseScenarios
Wewillconsidertwousecases:anewcustomerserviceinitiativeandabusiness intelligenceapplication.Wewillalsoexaminesomeoftheworkloadconsiderationsthat factorintomanagingcloudbasedservices.

NewCustomerInitiativeUseCase
Thefirstusecasescenarioismotivatedbythebusinessdrivertoimprovecustomer retention.Acompanyhasbeenexperiencingmoderatebutincreasingturnoverinthe customerbase;thisiscommonlyknownaschurn.Inanefforttoreducechurn,thecompany hasdeterminedthatitcangainacompetitiveadvantageoverothersinthemarketby improvingcustomerexperience.Inparticular,thecompanyhasdecidedonatwopronged approach.First,itwillallowcustomerstoaccesstheirentireaccounthistoryratherthan justthepast4months,ascurrentlyimplemented.Second,itwillprovidemoretargeted offersbasedonacustomersaccounthistory. Aspartoftheplanningprocess,thecompanyreviewsthebusiness,technical,and operationalrequirementsfortheseservices(seeTable5.1foralistofrequirement categories).Thebusinessarearequirementsfocusonthisimitativeasmidlevelcriticality (thatis,notessentialforcoredaytodayoperationsbutalongtermpriority).

100

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thetechnicalrequirementsincludeplatformservicessuchasrelationaldatabase managementservices,customeridentitymanagementservices,andaccesstoaportalto providepresentationlevelservices.Estimatesarecompiledontheamountofdatathatwill bestored,thenumberofcustomersqueryingtheiraccounthistorieseachday,andthe processingloadrequiredtoupdateaccounthistoriesonadailybasis. Operationalrequirementsincludebackuprecoveryand,becausethisisacustomerfacing application,disasterrecovery.Compliancerequirementsareminimal,butcompanypolicies protectingprivatecustomerinformationmustbefollowed. Therequirementsarewellmetbycloudarchitecture.Accessingentireaccounthistoriesfor allactivecustomersrequirestheabilitytorapidlyscalebothcomputingandstorage resources.Theincrementalgrowthinstoragerequiredtoaccommodatenewcustomer activityisalsoreadilymetbythecloud.Analyzingcustomeraccounthistorytogenerate customoffersisacomputeintensiveprocessbutwillnotrequiresignificantadditional storage.Thistypeofanalysiswillbedoneperiodicallybutnotmorefrequentlythanoncea month.ThepeakCPUdemandsgeneratedbythisprocesswilllastfor1to2days.Theneed foradditionalcomputeresourcescanbemetbythecloudaswell. Theservicecatalogalreadysupportsthemiddlewarerequired,includingthedatabase, portal,andstatisticalanalysissoftware.Eachoftheseplatformservicesisavailablein differentimages,soeachwillberunningononeormorevirtualmachines.Thisisa customerfacingWebapplication,sotheportalserverswillbeconfiguredinaload balancedclusterandthedatawillbepartitionedtoevenlydistributethecustomer databaseovermultipledatabaseservers.

BusinessIntelligenceUseCase
Acompanyhasdecidedtoconsolidateitsbusinessintelligencereportingservicesto improvetheefficiencyofbusinessintelligenceoperationsandloweroverallcosts.Oneof thedefiningcharacteristicsofbusinessintelligenceandadvancedanalyticoperationsis thattheyentaillargeamountsofdataandtheyarecomputingintensive. Traditionaldatawarehousesandsimilarbusinessintelligencearchitecturesinefficiently allocateresources.Theycanbedeployedarounddedicateddepartmentlevelserversand storage.ThistendstoleadtolowCPUutilizationbetweendataloadsandreportgeneration. Unlessthereishighdemandforadhocqueriesoutsideofdataloadsandreportgeneration operations,theserverrunswellbelowcapacity. Anotherpotentialareaofsignificantinefficiencyisinstorage.Itcanbedifficulttoestimate storagerequirements,especiallywhenvariousperformancetechniques,suchasexcessive indexing,denormalization,andmaterializedviews,maybeusedtoimproveperformance. Thebestcombinationofoptimizationtechniquesmaynotbediscovereduntilthebusiness intelligencesystemhasbeeninuseforsometime.Inatraditionaldeployment,thatstorage hardwarewouldhavebeenpurchasedalready.Thatinconvenientfactoftenleadsto purchasingmorestoragethanisneededforfearofnothavingadequatestorage.

101

TheDefinitiveGuidetoCloudComputing

DanSullivan

Businessintelligenceasacloudservicecanbeimplementedmoreefficiently.Letsassume thebusinessdriversbehindthisprojectincludeimprovingsalesbyprovidingdetailedand timelyreportstosalesmanagerswhilereducingthetotalcostofbusinessintelligence servicesinthecompany.Technicalrequirementsincludelargevolumesofstorageanda largenumberofserverstoperformETLoperationstopopulateandupdatethedata warehouseonadailybasis.OncetheETLprocessiscomplete,reportswillbegenerated. Oncethereportsarecomplete,thepeakdemandperiodisoverbutanestimated25%of peakcomputingresourceswillbeneededduringtherestofthedataforadhocreporting. ThecloudallowsthisinitiativetostartserversasneededfortheETLandreporting operations,thenscalebacktoasmallernumberofservers.Anadditionalbenefitisthata singlecopyofdatacanbesharedamongdifferentdepartments.Forexample,themarketing departmentandthequalitycontrolgroupmaybothwanttousesalesdatabutindifferent ways.Incaseswhereeachdepartmentmaintainsitsowndatamart,thesalesdatawouldbe duplicated.Thesamedatamartscanruninthecloudbutshareasinglecopyofthesource data.

MixingWorkloads
Jobsthatdonotneedtorunonstricttimeschedulescanbearrangedtooptimize utilization.Forexample,loadingschedulescanbeoptimizetoincreaseutilizationby performingextractionandcopyoperationsduringtimeswhenthereisalowdemandon cloudresources.Similarly,workloadscanbemixedsothatsomeI/Ointensivejobsarerun atthesametimeasotherCPUintensivejobsthatcanrunatthesametimeasjobswith moreconstantandpredictableworkloads,suchasdevelopmentandtestenvironmentsor collaborationservices. Bothoftheseusecasesdemonstratecommoncharacteristicsofbusinessservicesthatfit wellwiththecloudmodel: Minimalormoderatesecurityrequirements Minimaldependenciesbetweenservices Moderateauditrequirements Minimalcustomization

Asaresult,theseapplicationscanmeettherequirementsofthebusinessdriversthat motivatetheirdevelopment;theycanbedeployedusingtheinfrastructure,platform,and applicationservicesprovidedbythecloud;andtheycanbemanagedusingtheselfservice provisioning,monitoring,andusageaccountingservicesprovidedbythecloud managementsoftware.

102

TheDefinitiveGuidetoCloudComputing

DanSullivan

Summary
Whenformulatingastrategyformovingabusinesstoadoptcloudservices,weshouldbear inmindbothbusinessplanningandarchitecturalconsiderations.Ontheplanningfront, startwiththebusinessdriversandensurethatservicesdeployedinacloudsupportthose drivers.Todoso,besuretoanalyzerequirementsintermsofbusiness,technical,and operationalneeds.Alsounderstandworkloadsandrelatedissues,suchascapacity planning,scheduling,andcostrecovery. Keyarchitectureanddesignconsiderationalsohavetobetakenintoaccountbycloud serviceprovidersandcloudserviceconsumers.Scalabilityisessential.Cloudservice providersensurescalabilitybyprovidingsufficienthardware,software,andnetworking servicesbutalsobysupportingsecurityservicesandastandardizedcatalogofapplications inanSOA.Manageabilityisalsoafactorinrealizingscalableservices,especiallyrelatedto provisioning,monitoring,andusagereporting. Inthenextchapter,wewilldelvedeeperintotechnicalandarchitecturalissueswithalook atidentifyingfurtherdetailsofcloudarchitecturesandtheirimpactonyourbusiness.

103

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter6:IdentifyingtheRightCloud ArchitectureforYourBusiness
Cloudcomputingisageneralmodelfordeliveringcomputingandstorageservices.The modellendsitselftoarangeofimplementationswithnosinglearchitectureconstitutinga truecloudarchitecture.Thisishardlysurprising.Thedefiningcharacteristicsofcloud computing(theabilitytoallocateandreleasecomputeandstorageresourcesondemand,a payasyougofundingmechanism,andhighlevelsofselfservice)allowcloudprovidersto deliverawiderangeofservicesusinganumberofimplementationmodels. Thisrangeofvariabilitymeansbusinessescanchoosetherightcloudarchitecturefortheir environments.Inthischapter,wewillexamineseveralaspectsofselectingacloud architecture: Levelsofcloudarchitecture Issuesinprovidingcomputeservices Issuesinprovidingstorageservices Considerationsfornetworkservices Cloudoperationsmanagement ServicelayersandadaptingIToperationstoinfrastructures Topicsinservicemanagement

Wewillstartwithabriefreviewofarchitecturalelementscommontoallcloud architectures.

104

TheDefinitiveGuidetoCloudComputing

DanSullivan

LevelsofCloudArchitecture
Cloudarchitecturescanbethoughtofintermsoflayersofservicesinwhicheachlayer dependsonservicesprovidedbythenextlowerlayer.Aswithotherlayeredmodelsof abstractioninsoftwareengineering,layersinacloudcontrolthepotentialcomplexityof clouddesignbyfollowingafewbasicprinciples: Servicesareprovidedaslogicalabstractionsthathideimplementationdetails.When aprogramneedstoallocateadditionalstorage,forexample,itmakesacalltoa storageservicerequestingaparticularamountofspace.Thereisnoneedtodelve intodetailsaboutdirectorystructures,filessystems,ordiskconfigurations. Servicesareisolatedtoappropriatelayersinthearchitecture.Anapplication programminginterface(API)forstorageallocationmaymakecallstoadditional servicesthatarenotavailableoutsideofthestoragesystem.Forexample,when allocatingnewstorage,anAPIproceduremightcallanisolatedproceduretoaddthe allocateddiskblockstoalistofblocksthatarereplicatedtostoragedevicesfor backupandperformancereasons. Servicesareprovidedatafunctionallevelappropriatetotheusersorservicesthat consumetheservices.Thehigherupthestackofserviceswego,thebroaderand morebusinessorientedtheservices.Althoughlowerlevelservicesmightoperateon storageblocks,upperlevelservicesmightinitiatebusinessprocessworkflows.

Figure6.1:Cloudarchitecturescanvaryindetailandlevelsofservicesprovidedbut mostincludesomecombinationofinfrastructure,platforms,andservices management.

105

TheDefinitiveGuidetoCloudComputing

DanSullivan

Broadlyspeaking,wecanthinkofthreecoarsegrainedlevelsofservicesinacloud architecture: Virtualizationofresources Serviceslayer Servermanagementprocesses

Eachoftheselevelscanbefurthersubdivided.

VirtualizationofResources
Oneofthehallmarkcharacteristicsofacloudisthevirtualizationofresources. Virtualizationcanbethoughtofasawayofabstractingcomputingandstorageservices awayfromimplementationdetailsandtowardamorelogicalandlessphysicalviewof resources. Manyofususevirtualserversroutinelyalthoughwemightnotknowit.Weconnectto serversacrosstheInternetthatrunWebsites,emailservers,databases,andotherbusiness applications.Mostofthetime,wedonotthinkoftheimplementationdetailsaboutthese services.Istheemailserverrunningonasinglephysicalserver?Aclusterofloadbalanced servers?Orperhapstheapplicationishostedonavirtualserverthatsharesaphysical serverwithseveralothervirtualmachinesrunninganentirelydifferentsetofapplications. Thesedetailsareoftenunimportant,atleastfromourperspective. Theabilitytohideimplementationdetailswithoutadverselyaffectingservicesisessential toprovidingcloudcomputing.Virtualizationisespeciallyimportantforefficientlyusing computingandstorageinfrastructure.(Wewillfocusprimarilyonservervirtualization hereandaddressstoragevirtualizationlaterinthesectionentitledProvidingStorage Services.) LogicalUnitsofComputingResources Servervirtualizationallowsustomanagecomputeresourcesinfinergrainedunitsthan justaphysicalserverallows.Oneofthefirstadvantagesofthisapproachisthatwecan workwithastandardizedsetoffeatures,suchasthenumberofCPUcoresandamountof RAM.Forexample,astandardvirtualservermightbeequivalenttoaphysicalserverwith oneIntelXeon5600seriesorAMDOpteron6000seriesprocessorand8GB.Onecouldalso definevirtualserversintermsofperformancerelativetostandardbenchmarks,suchasthe TransactionProcessingPerformanceCoucils(http://www.tpc.org/tpcc/default.asp) onlinetransactionprocessing(OLTP)benchmarks(TPCCandTPCE)andtheadhoc, decisionsupportbenchmark(TCPH).Howthelogicunitsaredefinedislessimportant thanthefactthatwehaveastandardforallocatingcomputingresourcesthatisnottiedtoa particularphysicalimplementation. Bydecouplinghowweallocatecomputingresourcesfromtheunderlyinghardwarethat providesthoseresources,wegainflexibilityinmanaginghowweconsumecompute servicesandmanagethem.

106

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure6.2:Servervirtualizationallowscloudserviceconsumerstousestandardized unitsofcomputingserviceswithoutconcernforthephysicalimplementationdetails. HardwareIndependence Anotheradvantageofvirtualizationforcloudserviceprovidersishardwareindependence. Cloudconsumerscanallocatethelevelofcomputingresourcestheyneedwithouthavingto worryaboutwhetheraparticularphysicalserverisa2,4,or8coreserver.Cloudproviders candeliverthoselogicalunitsusingthemosteconomicalwaypossible.Forexample,a cloudmighthaveseveraltypesofphysicalserversrunninginthecloud.Thelessenergy efficientserversareonlyusedwhenthemoreefficientserversarerunningatpeak capacity.Thefirsttimeacloudconsumerrunsajob,thejobmightrunononeofthemore energyefficientservers;thenexttimethesamejobrunsontheothertypeofserver. StandardizedServicePricing Alongwithlogicalunitsofcomputingresourcesandhardwareindependence,virtualization allowsforstandardizedservicepricing.Althoughthisisnotatechnicalissue,ithasadirect impactonhowcloudserviceconsumersplanandmanagetheiruseofthecloud. Virtualizationofservicesisanessentialelementofacloudarchitecture.Itdirectlyenables themostefficientallocationofresources,reducestheneedforcloudserviceconsumersto understandthenuanceddifferencesinphysicalservers,andprovidesforastraightforward pricingmodelthatconsumerscanuseforplanningandbudgeting.

107

TheDefinitiveGuidetoCloudComputing

DanSullivan

ServicesLayer
Theserviceslayerisanothercommoncharacteristicofcloudarchitectures.Atthislevel,we workwithnotjustvirtualizedhardwarebutalsooperatingsystem(OS)andapplication services.Itiscertainlypossibletoprovideacloudthatoffersonlyinfrastructureservices (thatis,thevirtualizedequivalentofbaremetalmachines),butforbusinessusersofcloud services,theserviceslayercanprovideadditionalbenefits.

Figure6.3:Theserviceslayerconsistsofawiderangeofservicetypes,someofwhich buildonotherswithinthesamelayer. ServicessuchasthoseshowninFigure6.3mightbedeliveredindifferentwaysto customers.OSsofcourseareincludedinthevirtualmachineimages,butotherservices mightbeindependentofvirtualmachineinstances.Persistentstorageservices,suchas blockstorageandrelationaldatabaseservices,mightbeavailableasservicesavailableto allvirtualmachineinstancesrunninginthecloud.Higherlevelservices,suchasapplication servers,portals,andworkflowengines,mightbeembeddedwithinvirtualmachine instancesalongwithothersoftwarestackcomponents.Atthehighestlevels,business applicationssuchasCRMsandERPsmaybeprovidedasWebapplicationsthatruninthe cloud.Atthislevel,serviceconsumersarecompletelydivorcedfromimplementation detailsandaresolelyconcernedwithbusinessrelatedfunctionality.

108

TheDefinitiveGuidetoCloudComputing

DanSullivan

ServiceManagementProcesses
Athirdmajoraspectofcloudarchitecturesaretheservicemanagementprocessesthat supportthedeliveryofservices.Theseinclude: Virtualmachineimagemanagement Imagedeployment Jobscheduling Usageaccounting Managementreporting

Thefirsttwooftheseservicessupportsacatalogofimagespreconfiguredtoparticular applications,softwarestacks,orOSsthatcanbedeployedbycloudserviceconsumers. Jobschedulingapplicationshelpwithroutineprocessesthatrunrepeatedlyonaschedule aswellaslarge,onetimejobsthatcanbesubmittedtoruninthecloudasservicesare available.Jobschedulingservicesareespeciallyusefulwhenservicespricingvariesby pointintimedemandortimeofday. Usageaccountingandmanagementreportingarenecessaryforbillingorchargebackson thepartofcloudserviceprovidersandforcloudserviceconsumerswhomustplanand managetheirbudgetsforITservices.

Figure6.4:Managementreportingservestheneedsofbothcloudserviceproviders andconsumers.

109

TheDefinitiveGuidetoCloudComputing

DanSullivan

Tosummarize,cloudarchitecturescanbedescribedintermsofinfrastructure,services, andservicesmanagement.Variationsintheselayersallowfordifferenttypesofcloud architectures.Multiplefactorswilldeterminethebestchoiceofarchitecturefora particularsetofbusinessrequirements.Theremainingsectionsofthischapterwilldelve intothosefactors.

ProvidingComputeServices
Therearecompellingreasonstoadoptacloudarchitecturethatincludeaninternalor privatecloud.Businessesmaintaintotalcontrolovercomputingresourceswithaprivate cloud.Thiscansignificantlyreducecomplianceissueswithcloudcomputing.Privateand confidentialdataisnotmovedoutsidethecompany,datadestructionpoliciesand proceduresaredefinedbythebusiness,andsystemsarenotsharedwithoutsiders, includingpotentialcompetitors.Withtheadvantagescomeadditionalfunctional responsibilities. Businessesthatchoosetoprovideprivatecloudsorhybridprivate/publiccloudsmustbe inapositiontoprovidethephysicalinfrastructureandbasicmanagementservicesneeded inacloud.(Businessescanprovidehigherlevelservices,suchasenterpriseapplications,as cloudapplicationswhileusingapublicorotherthirdpartyphysicalinfrastructure.)Those thatwilldelivercomputingservicesdirectlythoughaprivatecloudshouldconsider: Hardwareselection Implementingvirtualization Failoverandredundancy Managementreporting

Abusinessabilitytoaddresseachoftheseissuescanstronglyinfluencetheirsuccessin deliveringcomputingservicesinacloud.

HardwareSelection
Hardwareselectionforcloudsdependsupontwocompetinginterests:controllingcostsby redeployingexistinghardwareversusacquiringastandardizedserverplatformthatis configuredspecificallyforcloudcomputing.Usingexistinghardwarecanlowerinitial capitalexpendituresbutmightleadtohighercostsoverthelongterm.Oldermachinesthat requiremoremaintenance,needpartsthataredifficulttoprocure,orconsumemore electricitycanhavealargertotalcostofownershipthannewservers.Oneoptionistouse existinghardwareinitiallyandreplaceitovertimeasthecostofnewserversbecomes competitivewiththecostofcontinuingtooperatetheolderdevices. Anadvantageofnewhardwareisthatthecloudcanbeconfiguredwithstandardservers optimizedforcloudcomputing:largenumbersofCPUcores,significantamountsof memory,highspeedI/Oforconnectionstodiskarrays,andsoon.Standardizationalso helpsreducemaintenancecosts.

110

TheDefinitiveGuidetoCloudComputing

DanSullivan

ImplementingVirtualization
Manyorganizationsusevirtualizedserversoutsideofclouds;however,virtualizationinthe cloudrequiresmoremanagementservicesthantypicalinITenvironments.Conventionally, managedvirtualserversareinstalledbysystemsadministratorsandrunforextended periodscarryingoutafixedsetoffunctions.Additionalcontrolsareavailableinsome environmentsthatsupportvirtualmachinemigrationfromonephysicalservertoanother. Thisisespeciallyusefulinsituationsinwhichasingleserverisrunningatornearcapacity andoneormoreofthevirtualmachinesneedstobemovedtoalessutilizedphysical server.Eventhis,though,doesnotmeetthelevelofvirtualizationmanagementneededina cloud. Cloudsshouldsupportendusermanagementofcomputingresources.Aknowledgeable usershouldbeable,forexample,toselectavirtualmachineimagefromthecatalogand instantiateaspecifiednumberofvirtualservers.

Figure6.5:Providingcomputingservicesinacloudrequiressignificantsupport software,suchasservicesforselectingandinstantiatingvirtualmachineinstances.

FailoverandRedundancy
Anadvantageofcloudarchitecturesisthatwemoveawayfromtightlycoupling applicationsandservicestoparticularphysicalorvirtualservers.Applicationsarerunon virtualserversthatmeetasetofconfigurationrequirementsdefinedbythecloudservice user.Applicationsthatarewellsuitedfortheclouddonotneedspecializedhardwareora particularserver.Thisreducesthechallengeofprovidingfailoverservices. Cloudsareinherentlyredundant.Ifaphysicalserverfailsforanyreason,itcanberemoved fromthepoolofavailableresources.Virtualmachineimagesaredeployedtootherphysical serversuntilthefailureiscorrected.Thistypeoffailoverandredundancyisattheserver level,nottheapplicationlevel.

111

TheDefinitiveGuidetoCloudComputing

DanSullivan

Ifaphysicalserverweretofailwhileanapplicationwererunningonit,recoverywould dependontheapplication.Forexample,iftheapplicationprovidedstatelessWebservices, itcouldberestartedonanothervirtualmachineinstanceonanotherphysicalserverand startrespondingtoservicerequestsagain.Incaseswheretheapplicationwritesstate informationtopersistentstorageandchecksforpriorexecutioninformationeachtimethe applicationstarts,theapplicationcouldalsorecoverfairlyrobustlyonanothervirtual machine.

ManagementReporting
Differenttypesofmanagementreportsarerequiredwhenprovidingcomputingservicesin acloud.Inatraditionaloneserveroneapplicationapproach,thebusinessownerofa processisresponsibleforidentifyingtheserversneededtosupportabusinessprocessand coveringthecostoftheservers,eithervirtualorphysical.Inthismodel,thereisfairlylittle toreportoutsideofutilizationrates.Thebusinessprocessownerispayingforsoleuseof servers,sothereisnotmuchincentivetomonitorserveruseaslongasitdoesnot adverselyaffectperformance. Cloudserviceconsumerscanuseandshouldexpectdetailedusagereporting.Withapay asyougopricingmodel,thereisanincentivetoallocatethefewestnumberofvirtual serversandrunthemfortheshortesttimepossiblewhilestillmeetingbusiness requirements.Cloudserviceconsumerscanusereportsdetailing: Numberofvirtualserversallocatedtoajobandthetimetheserversran Peakandaverageutilizationratesofservers Amountofdatastoredpersistently Amountofdatatransferredacrossthenetwork Chargesforcompute,storage,andnetworkservices

Detailedutilizationinformationwillhelpbusinessprocessownersoptimizetheir applications.Forexample,ifanalyticserversarerunningat40%utilizationbecausethey aredependentondatapreprocessingoperationsthatarenotprocessingdatafastenough, additionalserverscouldbeinstantiatedforpreprocessing.Presumablythecostofrunning theadditionalpreprocessingserverswouldbeoffsetbyreducingthelengthoftimethe servershavetorun.Theanalyticserverswouldrunathigherutilizationandforshorter periodsoftimereducingtheoverallcostoftheprocess. Providingcomputingservicesinaprivateorhybridcloudrequiresacombinationof hardware,virtualizationmanagementanddeploymentsystems,aserverconfigurationthat supportsfailoverandredundancy,aswellasrobustmanagementreporting.

112

TheDefinitiveGuidetoCloudComputing

DanSullivan

ProvidingStorageServices
Ifabusinessmovesforwardwithprovidingprivatecloudcomputingservices,itwillhave toprovidestorageservicesaswell.Thiswouldrequireadditionalsupportservices: Storagevirtualization Backuporotherredundantstorage Disasterrecovery

StorageVirtualization
Storagevirtualization,likeservervirtualization,abstractstheservicesprovidedby hardware.Consumersoftheseservicescanallocateresourceswithoutconcernfor implementationdetails.Forexample,detailslikethelogicalunitnumber(LUN)mappings tostoragevolumesandstoragedevicesaremanagedbystoragevirtualizationsoftware. Whenpersistentstorageisneeded,thecloudservicesconsumersimplymakesacalltoa programminginterfacespecifyingtheamountofstoragerequired. Localvs.CloudStorage Virtualmachineinstancescanprovidelocalstoragefortemporarystorage duringthelifeofthevirtualmachineinstance.Thedatainthisstorageislost whenthevirtualmachineisshutdown.Thepersistentcloudstorage describedhereisprovidedbydevicesthatareindependentofvirtual machines.Multiplevirtualmachinescanaccessthesamestorageblocksand thedatacontinuestoexistregardlessofhowvirtualmachinesarestarted andstopped. Theadvantagesofvirtualizedstoragearesimilartothoseofvirtualizedservers: Moreefficientuseofstorageratherthandedicatinglargeunitsofstoragetoa singleuseforextendedperiodsoftime,storageisallocatedinsmallerincrements andforonlyaslongasitisneeded Lowercapitalexpendituresforindividualprojectsandbusinessunitsthatdonot havetoacquirestoragehardware Loweroperatingcostsassociatedwiththepayasyougomodeltypicalincloud computingstorage Moreefficientdeliveryofbackupandrecoveryservices

Thislastbenefitisespeciallyimportant.

113

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure6.6:Cloudstoragesystemscanusedataredundancytoimprovedata managementperformanceandreliabilityofdataservices. Oneoftheadvantagesofvirtualizedstorageistheabilitytoprovidelargeamountsof storagethroughasinglelogicaldevicethestoragecloud.Behindthescenes,ofcourse,we havemultiplediskarrayspossiblylocatedindifferentfacilities.Thissetupcreatesan opportunitytoreplicatedataacrossmultiplestoragearraystoimprovereliabilityand performance. Reliabilityispreservedbecausemultiplecopiesofdataareavailable.Ifastoragedevice shouldfail,thereisnoneedtorestorefrombackuptape;thedataisimmediatelyavailable fromanotherdevice.Theparticulardevicethatreturnsthedataisirrelevanttotheuser. ReplicationcanbedoneasynchronouslysothatI/Ooperationsreturnassoonasdatais writtentotheprimarystoragedevice.Abackgroundreplicationprocesscanaddnewor changedblockstoaqueueofblocksthatwillbecopiedtodevices. Userscanalsobenefitfromimprovedperformancewithmultiplecopies.Datawarehousing andbusinessintelligenceapplicationsoftenquerylargeamountsofdata.Userscontending foraccesstoasinglecopymightexperiencebottlenecksandassociateddropsin performance.Inthecloud,differentqueriescanbeservedbydifferentcopiesofthe database,relievingcontentionforthesameresource.

114

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thistypeofreplicationalsosupportsdisasterrecovery.Intheeventofacatastrophic failureinonedatacenter,userscouldbereroutedtoanotherdatacenterthatmaintains replicatedcopiesofthelostdata.

Figure6.7:Storagevirtualizationsupportsdatareplicationacrossdatacenters, whichimprovesreliabilityandperformance. Thistypeofreplicationdoesnoteliminatetheneedforbackup,however.

BackupsandCloudStorage
Datareplicationasjustdescribedisavaluableassetincasesofdisasterrecovery,butit cannotmeetallrecoveryrequirements.Theidealreplicationsolutionmaintainsmultiple copiesofdatainnearrealtime,soanyerrorsgeneratedinthesourcesystemwillbe replicatedtootherstoragedevicesaswell.Withoutaseparatebackupcopyofdata,there wouldbenowaytorestorethedatabasebacktoapointintimebeforetheerrorwas introduced. Backupservicesaregenerallyspecifiedintermsofrecoverypointobjectives(RPOs)and recoverytimeobjectives(RTOs).AnRPOdefinespointsoftimeinhistorythatcanbe restored;examplesincludepreviousdayatmidnight,previousendofweek,orinthecase ofhighlyvolatiledatabases,aprevioustimeinthesameday.RTOsdefinethemaximum periodoftimebetweenrequestofarestoreoperationandthetimetherestoreoperation completes.

115

TheDefinitiveGuidetoCloudComputing

DanSullivan

Traditionalbackupsareeasilyaccommodatedinthecloud.Sourcedataisbackedupfrom thecloudandwrittentocloudstorage.Theprocesscouldbeassimpleascopyingand compressingdatafilesorblockstoragefromonestorageareatoanother.Ifbackup softwaresupportsdirectreadsandwritestocloudstorage,backupprocessescantake advantageofincrementalanddifferentialbackupsreducingthetotalamountofspace neededtostorebackupfiles.

ManagementReportingforStorageVirtualization
Areportingframework,similartooneneededforservervirtualization,isrequiredfor storagevirtualizationaswell.Businessesthatdeployshareddiskarrayswillprobablyhave astoragereportingsysteminplacethatprovidesmuchoftheneededfunctionality: Reportingonstorageusedbyproject,department,orotherbillableunit Costofstoragebytype,suchasprimarystorageversusarchivalstorage Trendingreportsongrowthinstorageuse

Infrastructuremanagersshouldhaveadditionaldetailedreportsonsuchthingsas replicationperformance. Storagevirtualizationandservervirtualizationsharemanyofthesamebenefitsand managementrequirements.Togetherwithnetworksservices,theyconstitutethecore infrastructureforcloudservices.

NetworkServicesforCloudComputing
Networkingcanbethemostresourceconstrainedpartofcloudinfrastructure.Publiccloud providersarenecessarilydependentonpublicInternetprovidersforconnectivitybetween theirdatacentersandtheircustomers.Privatecloudprovidersmightalsodependon publicInternetproviders,especiallyforaccessfromremoteofficesorsmallercorporate facilities.Dedicatednetworkconnectionscanbeemployedbetweensites,butcostisa limitingfactor.Thekeyissueswemustconsiderwhenevaluatingdifferentcloud architectureoptionsare: Capacity Redundancy Managementreporting

Capacity
Networkcapacitylimitstheamountofdatathatcanmovebetweendatacentersand betweencloudserviceconsumersandthecloud.Thisdirectlyaffectsanumberofservices withinthecloud.

116

TheDefinitiveGuidetoCloudComputing

DanSullivan

IntraCloudReplication Fromaninfrastructuremanagementperspective,networkcapacityandspeeddirectly affectreplication.Asnotedearlier,replicationisanessentialelementofcreatingand maintainingareliable,highperformancecloud.Heavydemandsforloadingdataintothe cloudnotonlycreatedemandtogetdataintothecloudbutalsoleadtoadditionalnetwork I/Oduetoreplication.Cloudadministratorsmightdetermine,forinstance,thatgiventhe meantimebetweenfailures(MTBF)ondiskdrives,cloudstoreddatashouldbereplicated fourtimestoreducetheprobabilityofdatalosstowhateverthresholdtheyhavedefined. Thismeansthatalldataloadedintothecloudplusdatageneratedorupdatedbycloud basedoperationswillneedtobecopiedoverthenetworkfourtimes. LoadingDataintotheCloud Cloudcomputingisanidealapproachtoanalyzinglargeamountsofdata.Infact,thephrase BigDatahasbecomeamonikerforusecaseswheretraditionaldatamanagement methodsbreakdown.Theneedtodealwithmultiterabyteandevenpetabytesofdataused tobeaproblemlimitedtospecializedniches,suchasnationalintelligenceand astrophysics;today,theproblemspansindustriessuchasfinancialservices,retail, pharmaceuticals,government,andlifesciences. Businesseswithlargedatasetscanleveragelargenumbersofserverstoprocessand analyzeBigDatainparallelusingplatformssuchasApacheHadoop (http://hadoop.apache.org/).Itisnotalwayspracticaltomovelargeamountsofdataover networkstoloaditintothecloud.Insuchcases,itisbesttobypassthenetworkand employacloudversionofsneakernet(thatis,shipharddrivestodatacenters). HadoopandRelatedTools Hadoopisanopensourceimplementationofthemapreducemodelmade famousbyGoogle.Inadditiontosupportingmassivelyparallelprocessing overclustersofcomputers,itincludesascalabledatabase(HBase),adata warehouseinfrastructure(Hive),ahighleveldataflowlanguage(Pig),anda coordinationservicefordistributedapplications(ZooKeeper). Networkcapacitycanbealimitingfactorincloudarchitecturesifalargeamountofdata (relativetonetworkcapacity)hastobemovedintothecloud.Insomeusecases,thisis onlyaproblemduringthetransitiontocloudcomputingwheninitialdataisloaded;after that,dataisgeneratedinthecloudusingcloudbasedservers.Inothercases,datamaybe generatedoutsidethecloudbysensorsandotherinstrumentation;insuchcases,wewould needtodesignnetworkcapacitytomeetlargescaledatatransfersoverthelongterm.

RedundancyintheNetwork
Bothcomputingandstorageservicesintheclouduseredundancytomitigatetheriskof failures.Whenserversfail,theyareremovedfromthepoolofavailableresources.When storagedevicesfail,dataisretrievedfromanotherdevicewitharedundantcopyofthe data.Networkservicesrequiresimilarredundancytoavoidasinglepointoffailure.

117

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure6.8:Redundantnetworkconnectionsarenecessarybetweendatacentersas wellastotheInternet.

ManagementReporting
Cloudserviceuserswillbeinterestedinnetworkusereportingasameanstocontrolcosts andtomonitortrendsinnetworkusage.Weshouldnotunderestimatethecostofnetwork services.Forexample,whendealingwithBigData,thecostofnetworkI/Ocanexceedthe costofcomputingandstorageresources.Managementreportscanbeespeciallyusefulif theyprovideadetailedbreakdownofnetworkusebytimeperiodandbyjob.Aggregate reportingoverextendedperiodsoftimearealsoneededtodeterminebaselineusagerates, cyclicalpatternsofvariationinnetworkutilization,andlongtermgrowthtrends.

118

TheDefinitiveGuidetoCloudComputing

DanSullivan

Networkservices,computingservices,andstorageservicesarethefoundationofcloud computing.Eachofthesecomponentsareprovidedinredundantmannerssupporting reliabilityandincreasedperformance.Managementreportingisrequiredinallthreeareas. Inadditiontotherequirementsmentioned,therearefurtherdemandsforoperations support.

CloudOperations
Maintaininganefficientcloudoperationrequiresmanagementsupportmechanismsin additiontothosepreviouslydescribed;inparticular,imagemanagementandworkload management.Thesearetasksassociatedmorewithoverallcloudmanagementthanwith individualusesofcloudservices.

ImageManagement
Acloudcanonlyinstantiatethevirtualmachineimagesavailableinthecloudscatalog.The catalogconstitutesthebaselinesetofservicesprovidedinthecloud.Userscaninstall additionalservices,ofcourse,butonceavirtualmachineisshutdown,thosechangesare lost.Thenexttimethatsystemisrequired,theadditionalsoftwaremustbeinstalledagain. Formanysituations,thecloudcatalogconstitutesthesetofapplicationsandplatformsthat canruninthecloud. MachineimagescanincludeafairlywiderangeofsoftwareinadditiontothebaseOS: Applicationservers Softwarelibraries Analyticsoftware Businessspecificapplications

ThebaseOSaswellastheoptionalsoftwarewillneedtobemaintainedovertime.Each imageinthecatalogwillhavetoberoutinelypatched,scannedforvulnerabilities,and rebuiltasnewversionsofcorecomponentsbecomeavailable.

WorkloadManagement
Workloadmanagementfunctionscanvaryfrombasicjobschedulingtojoboptimization. Jobschedulingsoftwareisusefulforqueuinglargejobsorforrepeatedjobsinthecloud. Theinformationmanagedinthejobschedulerisusefulfortrackingfutureuseofcloud services.Ifmetadataaboutpreviouslyrunjobssuchasnumberofserversused,duration ofjobs,amountofnetworkI/O,andsooniscollected,itcanprovidedataforestimating futuredemandsonvariouscloudresources.

119

TheDefinitiveGuidetoCloudComputing

DanSullivan

Clouds,likeanyotherITresource,canbeoptimized.Allthingsbeingequal,usersmight prefertorunlargejobsovernightandshorterjobsduringtheworkday.Thismayleadto peakdemandsthataresignificantlyhigherthanlowdemandperiods.Forexample,users mayrunmostdataloadingjobsatnight,leadingtoperiodswheredemandexceedscapacity whilenetworkcapacityisunderutilizedduringtheday.Thistypeofskeweddemand schedulemaybesmoothedbyadjustingpriceofservices.Ifnetworkresourcesareinhigh demandatnight,thepriceishigherthanintheday.Ifdemandforcomputingserversislow intheearlyhoursofthebusinessday,thehourlypriceforserversisreduced.

Figure6.9:Demandforcloudresourcescanbesmoothedbyvaryingthepriceof servicestoshiftdemandawayfrompeakperiodstolowdemandperiods. Softwareforcloudoperationssuchasimagemanagementandworkloadmanagementare necessarytoensurecloudsoperateinanefficientmanner.Uptothispointinthe discussion,wehavefocusedonlowerlevelservices,suchasvirtualservers,storage,and networkI/O,andmanagementofthoselowlevelservices.Informationtechnologyservices alsoprovidehighlevelfunctions.

120

TheDefinitiveGuidetoCloudComputing

DanSullivan

ServicesLayer:AdaptingITOperationstoCloudInfrastructure
Thecloudisanidealplatformtorunmany,althoughcertainlynotall,businessservices. Applicationswrittentotakeadvantageofmainframecapabilitiesandtunedtorunon mainframeOSsareprobablybestrunonthatplatform.Manybusinessapplicationsare alreadyrunningondistributedplatforms,takingadvantageofclustersofservers,shared storagedevices,andhighspeednetworkinterconnections.Theseapplicationsareideal candidatesfordeployingtoacloud,buttherearestilladditionalfactorsthatshouldbe consideredwhenmovingsystemstothecloud: Designingforrecoverability Managingworkload Performingmaintenanceandupgrades Maintainingsecurity

Theseareallconsiderationsinservicedelivery,butcloudarchitecturesinfluencehowwe addressthem.

DesigningforRecoverability
Recoverabilityisanissueattheapplicationlevelaswellasattheinfrastructurelevel.An applicationthatdependsonalargepoolofserverstoanalyzedatashouldaddress questionssuchas: Whathappensifasingleserverfails? Willthejobhavetoberestartedfromthebeginning? Isthereawaytodetectwhatdatawasbeinganalyzedwhentheserverfailed? Isthereawaytorollbacktoapriorstatewithoutstartingfromthebeginning?

Therearemanydesignchoicesforaddressingthesetypesofquestions.Forexample,each servercanreceiveasubsetofdatafromadistributionnode.Thedistributionnode maintainsaqueueofdatasetstodistributetoanalysisservers.Whenthedistributionnode receivesamessagethatadatasethasbeenanalyzed,itisremovedfromthequeue.Inthis way,ifaserverfailswhileanalyzingdata,thedatawillsimplybesenttoanotherserverfor processing.Toavoidasinglepointoffailure,thissolutionwouldalsorequireafailover mechanismtostartanotherdistributionnodeshouldtheprimaryonefail.Alternatively, multipledistributionnodescouldrunsimultaneouslyandusepersistentcloudstorageto maintainthequeueofdatasetsthatcouldbereadbyanyofthedistributionnodes.Thisis justoneexampleofaresilientapplicationdesignfordistributedcomputing;therearemany others.

121

TheDefinitiveGuidetoCloudComputing

DanSullivan

ManagingWorkload
Providingservicesthroughthecloudwillrequireustothinkofjobsandworkloadsinways thatwedonotnecessarilyneedtowhenwehavefullcontrolofdedicatedservers.In particular,wewillwanttomaximizeserverutilizationwhenwerunourjobswhile ensuringjobsfinishinwhatevertimewindowrequired.If,forexample,ourcloudchargesa minimumof1hourofservertimeforeachinstance,andwehaveseveralsmallworkloads, weshouldrunthoseintandemonasinglevirtualserverratherthanrunthemondifferent serverseachincurringtheminimumcharge.

PerformingMaintenanceandUpgrades
Maintenanceandupgradesofapplicationswillhavetobecoordinatedwiththecloud serviceprovider.Whendepartmentsorprojectsmanagetheirownservers,theycan determinetheirownupgradeschedule(withinbroadercompanypolicies,anyway).Inthe cloud,applicationsaredeliveredthroughvirtualmachineimagesmaintainedinthe centrallymanagedimagecatalog.Similarly,patchingandothermaintenancedecisionswill havetobecoordinatedwiththecloudprovider.

MaintainingSecurity
Fundamentalsecurityconsiderationscontinuetopersistinthecloud.Ofparticular importanceistheneedtomanageidentitiesandentitlementsinthecloud.Ifprivate informationisstoredinthecloud,appropriateapplicationlevelcontrolswillhavetobein placetopreventunauthorizedaccess.Directaccesstotheprivatedataviathepersistent storageAPIwillalsohavetobeblockedthroughauthenticationmechanismsandaccess controllists(ACLs)orotherauthorizationcontrol. Inadditiontoaccesscontrols,wemustconsiderapplicationlevelsecurityissuessuchas vulnerabilityscanning.Ideally,securityconcernisaddressedbythecloudserviceprovider, butcustomizationsmightbetheresponsibilityoftheapplicationowner.

ServiceManagementLayer
Afinalpieceofthesoftwareandinfrastructurearchitecturethatmakesupacloudisthe servicemanagementlayer.Throughoutthischapter,wehaveconsideredcorecomputing, storage,andnetworkservicesfromboththeserviceproviderandtheserviceconsumers perspective.Wehaveseentheoverlapinconcernsbetweenbothpartiesforissuessuchas imagemanagement,workloadmanagement,andoptimizationofresources.Thisoverlap andsharedneedforsupportservicecontinuesasweconsidertheservicemanagement layer.

122

TheDefinitiveGuidetoCloudComputing

DanSullivan

Servicemanagementincludesadditionalservicesnecessaryformanagingthebusinessof providingandusingacloud.Theseinclude: Provisioning,whichareservicesthatallownonITprofessionalstodeploycloud servicesasneeded Performancemanagement,whichprovidesadditionalmanagementreportingand monitoringservicesthatallowcloudproviderstounderstanddetailedoperationsin thecloudaswellasplanforlongertermmanagementissues Usageaccounting,whichisnecessaryfortrackingwhouseswhichservicesandfor howlong;thisisessentialforpropercostallocationsorbillingforcloudservices Licensemanagementservicesareimportantforcompliance;runningaclouddoes notnecessarilyentitleonetorunasmanyinstancesofacommercialofftheshelf productasonewouldlikecloudserviceconsumerscannotnotbeexpectedto monitorthenumberofcopiesoflicensedsoftwarerunninginthecloudortoknow licensingdetails,thuslicensemanagementsystemsareneededtoensure compliance

Supportservicessuchasthese,andothersrelatedtoservicemonitoringandavailability, providethehigherlevelmanagementservicesnecessary,especiallywhenrunninga privatecloud.

Summary
Cloudservicescanbeprovidedwithanumberofarchitectures,andawiderangeoffactors needtobeconsideredwhenchoosingtodeployacloud.Issuesrelatedtoproviding computingservices,storageservices,andnetworkservicesallcomeintoconsiderationat themostfundamentallevels.Reliability,performance,andmanagementreportingare recurringthemeswhenconsideringthosethreecoreservices.Inaddition,cloudoperations management,adaptingIToperationstocloudarchitecturesandtopics,andservice managementmustbeexaminedasbusinesseschoosetherightcloudarchitecturefortheir situations.

123

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter7:RoadmaptoCloudComputing: ThePlanningPhase
Thebenefitsofcloudcomputingarewellestablished:Thismodelofservicedeliveryis efficient,scaleswell,andmeetsawiderangeofbusinessneeds.Thesebenefitsare maximizedwhenbusinessdrivers,infrastructure,andpoliciesareproperlyalignedtotake advantageofthecloudsmethodofdeliveryservices.Cloudcomputingisnotauniversal panaceaandsomebusinessprocessesarebetterdeliveredbyotherapproaches.Notall businesseswillbenefitequallyfromcloudcomputing;muchdependsonhowwellthey preparefortheadoptionofcloudcomputing.Thepurposeofthischapteristooutlinea planningprocessthatwillhelpmaximizethebenefitsofcloudcomputing.Theplanning processconsistsofseveralsteps: Assessingreadinessforcloudcomputing Aligningbusinessstrategywithcloudcomputingservices Preparingtomanagecloudservices Planningforcentralizedresources Committingtoservicelevelagreements(SLAs) Meetingcompliancerequirements

Thechapterconcludeswithapreimplementationchecklisttohelpmanageyourown planningphase.

AssessingReadinessforCloudComputing
TheancientGreekaphorismknowthyselfissurprisinglyrelevanttoplanningforcloud computing.Thefirststepintheplanningprocessistoassesswheretheorganizationstands withrespectto Webapplicationarchitecture Selfmanagementofcomputeandstorageservices Standardplatformsandapplicationstacks

124

TheDefinitiveGuidetoCloudComputing

DanSullivan

Eachofthesethreeareasisrelevanttothedeliveryofcloudservices.Atthisstageofthe planningprocess,itisnotnecessarytohaveallthreeinplaceatideallevels;infact,most organizationsnotalreadysupportingacloudinfrastructurewilllikelynothavefully deployedandstandardizedaroundthesethreeareas.Thisisnotaproblem.Thisisthe planningprocessandthepointoftheassessmentstageistounderstandwhatresourcesare inplacewhenwebeginthemovetocloudcomputing.Theinformationgatheredinthis processwillhelptoguidelaterplanninganddesignefforts.

WebApplicationArchitecture
Applicationsaredesignedusingavarietyofdesignprinciplesthatareroughlygroupedinto whatwecallapplicationarchitectures.Thesearchitecturesvaryintermsofanumberof characteristics,suchas: Levelofcentralization Couplingofcomponents Accessibilityofcomponents Abilitytoexecutemultipleinstances Platformindependence

Weneedtoconsiderhowexistingapplicationsaredesignedwithrespecttoeachoftheseto understandhowwellthoseapplicationsareadaptedtocloudinfrastructure.Aswewillsee, thosewithcharacteristicsmostcloselyalignedtoWebapplicationarchitecturesarebest suitedforthecloud;butfirst,wewillbrieflydescribeeachofthesecharacteristics. LevelsofCentralization Anapplicationmaybecentralizedwithallapplicationcodeexecutingonasinglemachine, inasingleprocess,andunderthecontrolofasinglecomponent.Centralizedapplications rangefromsmallutilitiestolargeenterprisescaleapplications.Forexample,asimpletext editorcanberealizedwithasingleexecutablethatrunsasimpleacceptinputprocess inputgenerateoutputloop.Alsointhemostcentralizedapplicationcategory,wehave large,complexbatchorientedmainframeapplicationsthathavedevelopedoveryearsto incorporatemanyfunctions.Abillingsystemforatelecommunicationscompany,for example,mayhavemillionsoflinesofcodethat,althoughdividedintosubmodules,is largelycontrolledbyasinglecontrolmoduleandexecutesonasinglemachine.These applicationsareatoneextremeofthecentralizationspectrum. Themiddlegroundofcentralizationistypifiedbyclient/serverapplications.Inthis applicationarchitecture,theworkperformedbyanapplicationisdividedbetweenservers, whichperformthebulkofcomputingandstorageoperations,andclientdevicesthatare responsibleforuserinteractions.Asimpleexampleofanapplicationemployingthis approachisanorderentrysystemconsistingofa.NetuserinterfacerunningonaWindows desktopandaSQLServerdatabase.Theclientandtheservercomponentsarefairlytightly coupledbuttheyexecuteonseparatedevicesandthecomponents,withsomeeffort,could beexchangedforadifferentformofthecomponent.Forexample,theSQLServerdatabase couldbereplacedwithanOracledatabasewithlittleimpactontheclient.

125

TheDefinitiveGuidetoCloudComputing

DanSullivan

Decentralizedapplicationsexecutemultipleprocessesovermultipledevices.Web applicationarchitecturestakeadvantageofdecentralizedapplicationstocombineservices. AtypicalWebapplicationmayrequirepersistentdatastorageprovidedbyarelational database,usermanagementprovidedbyanLDAPserver,computeservicesprovidedbya Javaapplicationserver,anduserinteractionservicesprovidedbyaWebserver. Decentralizedapplicationsareespeciallywellsuitedforcloudarchitecturesbecause servicescanberunonvirtualserversasneededandnewservicescanbeeasilyadded withoutdisruptingtheloosecouplingbetweenservicesorrequiringonetoprovision additionaldedicatedhardware. CouplingofComponents Thecomponentsofanapplication,suchasaservice,module,orprocedure,maybetightly coupledwithothercomponents.Forexample,aprocedureforcalculatingtheshipping costsofanordermaybepartofalargerorderentryprogramthatcallsthatprocedureat specificpointsintheexecutionoftheorderentryprocesswithadatastructurespecificto thatprogram.Thisisanexampleofatightlycoupledsetofcomponents. Looselycoupledcomponentscanexecuteinmoreautonomousways.Theymayrunon differentservers,theymaybeexecutedonthebehalfofmultiplecallingprograms,andthey exchangeinputandoutputinwaysthatsupportabroadarrayofcallingapplications. Applicationsbuiltonlooselycoupledcomponentsworkwellincloudarchitecturesbecause thenumberofinstancescanbeadjustedtomeetdemandandtheservicestheyprovideare availabletootherapplicationsrunninginthecloud. AccessibilityofComponents Accessiblecomponentsarethosethatareavailabletodifferentservices.Tobeaccessible,a componentmust: Beprogrammaticallydiscoverablesothatothercomponentscanfindit Exchangeinputinwellgeneralizedformats,suchasXML Respectauthenticationandauthorizationrequirements Maintainreasonableresponseratesundervaryingloads

Webapplicationarchitecturesarebuiltonaccessiblecomponentsusingstandardssuchas SOAPandWSSecuritytomeetsomeoftheserequirements.Others,suchastheabilityto maintainreasonableresponserates,aremetbyusingscalablearchitecturessuchas computeclouds.

126

TheDefinitiveGuidetoCloudComputing

DanSullivan

AbilitytoExecuteMultipleInstances Theabilitytoexecutemultipleinstancesmightseemanoddrequirementatfirst.Afterall, whycouldntonerunmultipleinstancesofanapplication?Theanswer:Youcouldntrun multipleinstanceswhencomponentsaretightlycoupledandexclusiveuseofaresourceis required.Amonolithicapplication,forexample,mayassumethatitcanlockafileof customerdataforexclusiveusepreventingotherprocessesfromoperatingonthat resource.Iftheapplicationcannotfinishprocessinginthetimewindowallottedtoit,the applicationmanagercouldnotsimplystartanotherinstanceoftheprogramonadifferent serverandfinishinhalfthetime. Applicationsthatarewellsuitedtotheclouddonotrequirethatonlyasingleinstanceof theprogramexecuteatanyonetime.Olderapplicationsmaynothavebeendesignedwith thischaracteristicinmind,butWebapplicationarchitectures,builtondecentralized, looselycoupledcomponents,generallydonothavetheseproblems. PlatformIndependence AnothercharacteristicofWebapplicationsisthatservicesarenotrequiredtorunona singletypeofplatform.Servicesaredecoupledsothatrequirementsdefinehowdatais exchangedbetweenthoseservicesbutnothowtheservicesexecute.Aservicethatneedsto retrieveinformationaboutausercouldjustaseasilydosobycallinganLDAPservice runningonaLinuxplatformasbycallingActiveDirectory(AD)runningonaWindows server. Webapplicationarchitecturesarecharacterizedbydecentralized,looselycoupled componentsthatareaccessibletootherservicecomponentsandcanscaletomeetloads placedonthem.Thiscombinationofcharacteristicsisseenintheservicebusmodelthat usesmessagepassingandserviceabstraction.Applicationsthatusethisapproacharewell suitedtothecloud.Applicationsthatdonotusethismodelcanstillbenefitfromthe managementandcostbenefitsofusingcloudservices.Themoredecentralizedandloosely coupledtheapplication,thegreaterthepotentialbenefits.

127

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure7.1:Webapplicationsthatutilizeaservicebusmodelarewellsuitedto executinginthecloud. Fromanassessmentperspective,abusinessshouldtrytodeterminehowcloselyexisting applicationsuseaWebapplicationarchitecture.Evenwithoutaformalservicebus,other applicationarchitecturescanexhibitthecharacteristicsthatfitwellwithcloudcomputing. Forexample,thecommon3tierarchitecturethatFigure7.2showshasmanyofthe characteristicspreviouslydescribed.

128

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure7.2:The3tierarchitecturealsoexhibitsdecentralization,loosecoupling,and platformindependence. Anotherfactortoconsiderwhenassessingreadinessforcloudcomputingissupportfor selfmanagementofresources.

SelfManagementofComputeandStorageResources
Theefficientallocationofcomputeandstorageresourcesrequirestheabilitytostartand stopservicesondemandinresponsetochangingconditions.Aswehavediscussedin previouschapters,oneoftheinefficienciesindedicatingserverstoasingleapplicationis thatsuchservershavetobeconfiguredforpeakcapacityandthisoftenleadsto underutilizationduringnonpeakperiods.Thesameproblemcouldoccurinthecloudif cloudconsumerswerenotabletorapidlyrespondtochangesindemand.Thisistruefor bothcomputingandstorageresources.Itisnotuncommonforusersofstoragearraysto havetosubmitatickettoITsupporttohaveadditionaldiskspaceallocatedtotheir dedicatedservers.ThiscouldtakeminutestodaysdependingonthebackloginITsupport. Thepotentialdelayscanleadtoapplicationmanagersallocatingmorestoragethanneeded simplytoavoidanypossibleriskofrunningoutofspaceandnotgettingadditionalstorage intime.

129

TheDefinitiveGuidetoCloudComputing

DanSullivan

Ideally,applicationmanagerswouldbeabletoallocatecomputeandstorageresourcesas needed.Inmanycases,selfmanagementsoftwareisnotinplacepriortoadoptingcloud computing.Thiscertainlywillnotpreventabusinessfrommovingtocloudcomputingbut itwillrequirethatsuchasystembeputinplace.Whenevaluatingcomputeandstorage serviceselfmanagementsoftware,considerthefollowingfactors: Easeofuse Managementreportingforcloudconsumers Integrationwithaccountingandbillingsystemsforchargebackpurposes Adequateauthenticationandauthorization Jobschedulingfeaturesorintegrationwithexistingjobschedulingsystems Abilitytoscaletothenumberofcloudconsumers

Anotherfactorthatwillinfluenceeaseofmanagementistheabilitytostandardizeon platformsandapplicationstacks.

StandardPlatformsandApplicationStacks
Standardizingonalimitednumberofoperatingsystem(OS)platformsandapplication stackscaneasethemanagementofacompute/storagecloud.Manyorganizationsmayfind somethingakintoan80/20ruleappliestothem:80%ofapplicationneedscanbemetwith arelativelysmallnumberofplatformsandapplicationstacks,possibly20%ofallthe platformsandstacksthatarecurrentlyinuseinabusiness. DeterminingRequiredPlatformsandApplicationStacks Forplanningpurposes,compileaninventoryofapplicationsincludingOSs,application servers,directoryservers,Webservers,andothercorecomponents.Withthatinventory, onecanderivealistofdistinctcombinationsofplatformsandapplicationstacks.Itislikely thatmanyoftheapplicationsrunonsimilarsetsofOSandapplicationstack.Those composethe80%sideofthe80/20rule. Fortheremainingapplications,assessthelevelofdifficultyintransitioningfromthe existingcombinationofOSandapplicationstack.Forexample,ifmanyapplicationsare runningonaRedHatversionofLinuxwhileahandfularerunningonSUSEversions,the effortrequiredtomigratebetweenthoseshouldbefairlylowinmostcases.Anapplication thatdependsonaWindowsserverplatformoroncomponentsthatonlyrunonWindows platformswouldbesignificantlymoredifficulttoporttoaRedHatplatform.Thegoalin movingtoacloudarchitecture,however,isnottoredesignexistingapplicationsbutto leveragethebenefitsofthecloud. Thiscallsforsomethingofabalancingact.First,wewanttominimizethenumberof distinctapplicationstackswesupportinthecloudbutwealsowanttomaximizethe numberofapplicationsthatcanbesupportedinthecloud.Addingapplicationstacks shouldincreasetheabilitytosupporteitherasignificantnumberofgeneralapplicationsor targetedmissioncriticalapplicationsthatwouldbenefitfromrunninginthecloud.

130

TheDefinitiveGuidetoCloudComputing

DanSullivan

OrganizationsthatalreadyhavelargeportfoliosofWebapplicationswilllikelyfindthat theycanaddressmanyoftheirrequirementswithasmallnumberofdifferentapplication stacks,suchas: LAMPstack,withLinux,Apache,MySQL,andPerl/Python/PHP Windowsstack,with.Netapplicationsandservers Commonlyusedapplicationservers,suchasJavaapplicationserversandJava portals

RegardlessofthecombinationofapplicationcomponentsandOSs,thereareservicesand policiesthatshouldbestandardizedacrossplatformsinthecloud.

Figure7.3:Relativedistributionofplatform/stackneedsthatcanbemetbyasmall setofcommonlyusedstacks,specializedstacksforlesscommonrequirements,and customplatform/stacksforsingle,customneeds. RequiredSupportServices Thecloudshouldprovideidentitymanagementservicessuchasauthenticationand authorizationservices.Thesearenecessarytoproperlyadministeracloud.Forexample, thesesystemswouldbeusedto: Determinehowusersoragentsareauthenticatedtoselfserviceapplicationsused tomanagecloudservices Determinelimitsoncloudconsumers,suchasthemaximumnumberofinstancesa usercanstartatonetimeorthelengthoftimeasingleinstancecanberunninga singlevirtualmachine Allocatechargesforcloudservicestotheproperdepartmentorbillingcode

131

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thesameauthenticationandauthorizationservicescouldbemadeavailableto applicationsrunninginthecloud,reducingtheneedforapplicationspecificidentity managementsystems. CustomizationandSpecializedRequirements Anotherissuetoconsideraroundstandardizingplatformsandapplicationstacksisthe needforspecializedversionsofcloudprovidedstandards.Thecompanymayhave standardizedonJavaor.Netforallapplicationdevelopmentbutadepartmentneedsto hostathirdpartyapplicationdevelopedinRuby.Rubyisaninterpretedprogramming languageakintoPerlandPython.RubymustbeavailableonaservertoexecuteaRuby application.Ifthislanguageisnotpartofthestandardcloudofferings,thedepartmentmay wanttocreateaspecializedvirtualmachineimagetomeettheirneeds. ThereareadvantagestoallowingcustomizedcombinationsofOSsandapplicationsstacks. Themostcompellingisthatcloudconsumershaveaccesstoexactlywhattheyneed.There isnoneedtoportapplicationstootherplatformsorfindalternativesolutionsthatrunon standardplatforms. Thedisadvantageofallowingcustomizedvirtualmachineinstancesisthattheyaremore difficulttomanage.Forexample,whoisresponsibleforpatchingandmaintaining customizedvirtualmachineimages?Thecreatorsknowthecomponentsandapplications best,butITsupportstaffmaybemostfamiliarwithlowerleveldetails,suchasOS vulnerabilities.Also,ifapatchweretobreaktheapplication,howwoulditbedealtwith? Willusershavetheknowledgeandtimetotestpatchesbeforedeployinginproduction? Willmetadataaboutthecontentsofcustomimagesbekeptuptodate?Willthistask duplicateeffortsalreadycarriedoutbycloudproviders?Wearestartingtoseethe potentialforthekindofinefficiencythatdrivesupITcostsinnoncloudenvironments. Assessingreadinessformovingtoacloudarchitectureisacriticalfirststepintheplanning process.Thisstageofplanningrequiresanassessmentofwhichapplicationswillfitwell withthecloud;thoseusingWebapplicationarchitectures,suchasaservicebus architectureoramultitieredapplicationstackarewellsuitedforthecloud.Oncethose applicationsareinplaceinthecloud,cloudconsumerswillwantprecisecontroloverhow theyexecuteandthestoragetheyuse.Selfmanagementservicesareessentialtorealizing theefficienciesofthecloud.Finally,duringtheassessmentstage,oneshouldidentifythe standardplatformsandapplicationstacksthatareneededinthecloud.Thebenefitsofthe cloudshouldnotbeunderminedbyunnecessarymanagementoverhead. Thefirststageofplanningconsideredprimarilytechnicalaspectsofdeliveringservicesin fromacloud.Inthenextstage,weconsidermorebusinessorientedaspects.

132

TheDefinitiveGuidetoCloudComputing

DanSullivan

AligningBusinessStrategywithCloudComputingServices
Cloudsaredeployedtodeliverservicesandservicesareestablishedtomeetbusiness requirements.Toensurecloudservicesaredeployedinawaythatisalignedwithbusiness strategy,weshouldconsiderexistingworkloadsandtheircorrespondingvaluemetrics.

WorkloadAnalysis
Rightnowinyourbusinesstherearehundreds,thousands,orevenmoreapplications executingbusinessprocesses.Someofthesearetransactionprocessingsystemsthat providehighvolume,rapidprocessingoforders,inquiries,reservations,orabroadarray ofothernarrowlyfocusedbusinessactivities.Otherapplicationsareperformingbatch operations,suchasgeneratinginvoices,reviewinginventorylevels,orperformingdata qualitycontrolchecksondatabases.Stillothersareextractingdatafromoneapplication, transformingthedataintoaformatsuitableforanalysis,andmovingitintoadata warehouse.Thereisawidearrayofdifferenttypesofapplicationsthatareneededtokeep anenterprisefunctioning. Thesedifferenttypesofapplicationshavedifferentrequirementsandconstraintsthatmust beconsideredwhenmovingthemtothecloud.Forexample,theymightneed: Tostartandfinishexecutingwithinaparticulartimeperiod Towaitforanotherjobtocompletebeforeitcanbegin Tolimitthefunctionalityofsomeservices,forexample,writelockingafileto performabackup Toprovisionasignificantnumberofserversforashortperiodoftimefora computeintensiveoperation

Anycloudwillhavefiniteresources.Aspartoftheplanningprocess,weneedto understandwhattypesofjobscanruninthecloud(thatwasaddressedintheprevious section)andhowtorunthemefficiently.

133

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure7.4:Thecombinationofworkloadsrunningintheclouddeterminesoverall utilizationatanypointintime;ideally,periodsofunderutilizationandover utilizationareminimized. Cloudconsumersaretheoneswhowilldecidewhentostartandstopjobsandhowmany virtualserverstoprovisionforparticulartasks,butintheplanningstages,wewillwantto ensurethereissufficientcapacity.Todoso,wecanlookatexistingworkloadsandtakeinto account: Howoftenjobsexecuteondedicatedservers Thelevelofutilizationofthoseservers Timeconstraintsonwhenthosejobsexecute

Onceagainwearefacedwithabalancingact.Wewanttodeploysufficientcloud infrastructuretoavoidperiodswhencloudconsumerswanttorunmorejobsthanthereis capacityfor(overutilization)atthesametimewedonotwantextendedperiodsoftime whenserversareidle(underutilization).Thisbringsustothesecondaspectofbusiness alignment:valuemetrics.

ValueMetrics
DevelopingapreciseandgenerallyacceptedROIfunctionforanyITinvestmentisdifficult atbest.Toassessthevalueofcloudcomputing,wecanconsidermoretargetedmeasures suchasthevaluerelativetohardwareandsoftwareinvestmentsandrelativetolaborcosts.

134

TheDefinitiveGuidetoCloudComputing

DanSullivan

HardwareandSoftwareValues Wewillbeginwithhardwareandsoftwarevaluemeasuresbyconsideringtheconstituent costsofrunninganapplicationonasetofdedicatedservers.Theyinclude: OScosts Applicationsoftwarelicensingandmaintenancecosts Databasemanagementlicensingandmaintenancecosts Hardwareprocurementandmaintenancecosts

Thecostsarerelativelyfixed,soitdoesnotmatterwhetheryourunyourapplication24 hoursadayor1houraday;thehardwareandsoftwarecostsarethesamewhenrunning thatapplicationonadedicatedserver.Thecostmodelofacloudisdifferent. Inacloudmodel,thecostoflicensingandhardwarecanbedividedamongmultipleusers. Forexample,onedepartmentmightrunanapplicationfor2hoursaday,anotherfor6 hoursaday,andathirduserrunstheapplicationfor10hoursaday.Proratingthecostof licensingandmaintenanceover18hoursofdailyutilizationlowersthecostforallthree users,especiallytheuserwhoonlyneeds2hoursofapplicationservicesperday. LaborValue Thecostoflaborinthecloudmodelislowerthandedicatedservermodelsforacoupleof reasons.First,inthecloud,thereisanopportunitytostandardizehardware.Large numbersofserversallbuiltusingthesame,orverysimilar,componentsareeasierto maintain.Ifaharddrivefailsinaserver,replaceitwithasparethatwouldworkjustas wellinanyotherserver.Thereislessoverheadtomanageinventoryandfewerchancesfor errorsinconfigurationifallserversusethesametypeofcomponents. Standardizingvs.Repurposing Whenfirstdeployingacloud,youmightwanttorepurposehardwarethat hadbeendedicatedtoapplicationsthatwillnowruninthecloud.Someof thishardwaremaynotmatchthecloudshardwarestandard.Onceagain,we havetobalancethebenefitsofstandardizingonhardwarewiththecost savingsofrepurposinghardware.Oneoptionistorepurposenonstandard hardwarebutreplaceitwithstandardequipmentasitfailsornolonger meetsfunctionalrequirements.

135

TheDefinitiveGuidetoCloudComputing

DanSullivan

Second,withselfservicemanagement,cloudconsumerscanmanagetheirown applicationsandworkloads.ITsupportstaffthathadbeendedicatedtorespondingtobasic serversupport(forexample,installingsoftware,allocatingdiskstorage,andrunning backups)cannowbededicatedtohighervaluetasks.Thecloudinfrastructurewillrequire ITsupportservicesthatcanbeprovidedmoreefficientlyinthecloudthanwithservers dedicatedtoparticularapplications.Forexample,ifavulnerabilityisdiscoveredinanOS,a singleadministratorcanpatchtheOS,regeneratevirtualmachineimages,anddeploythose imagestotheservicecatalog.Comparethattaskwiththepatchingofhundredsofservers acrosstheorganization.Byanalyzingworkloadsandcalculatinginitialvaluemeasurein theplanningprocess,wearebetterabletoalignbusinessrequirementsinacosteffective waywithcloudservices.

PreparingtoManageCloudServices
Uptothispointintheplanningprocess,wehaveconsideredreadinessofanorganization tomovetoacloudarchitectureintermsoftechnicalissues,suchastheuseofWeb applicationarchitecturesandstandardizationonplatformsandapplicationstacks.Wehave alsoexaminedthealignmentofbusinessstrategywithcloudservicesintermsofworkload analysisandvaluemetrics.Wenowturnourattentiontoafewissuesrelatedtolonger termmanagementofcloudservices.Theseare: Theroleofprivate,public,andhybridcloudservices Planningforgrowth Longtermmanagementissues

Theseissues,asweshallsee,arestronglyinfluencedbydemandforcloudservices.

RoleofPrivate,Public,andHybridCloudServices
Therearethreebroadmodesofdeliveryforcloudservices:private,public,andhybrid.A privatecloudisdeployedandmanagedbyanorganizationforitsowninternaluse.The organizationcontrolsallaspectsofcloudimplementation,management,andgovernance. Oneofthemostsignificantadvantagesofthisapproachisthatdataneverleavesthecontrol ofitsowner.Thisreducestheriskthatanoutsidepartywillgainaccesstoprivateor confidentialdata.Dependingontheimplementationandmanagementdetails,private cloudsmaybemorecosteffectiveaswell.Forexample,abusinessmayhavesignificant investmentinserversthatcanberedeployedinthecloud,loweringtheinitialcosts. Apubliccloudisonethatismanagedbyathirdpartythatprovidesservicestoits customers.Theprimaryadvantageislowstartupcostsonthepartofcustomersand minimalmanagementoverhead,atleastwithrespecttobasiccloudservices.Businesses willstillneedtomanagetheirworkloads,allocatechargebacks,andsoon.

136

TheDefinitiveGuidetoCloudComputing

DanSullivan

Choosingbetweenpublicandprivatecloudimplementationsisnotanallornothing proposition.Hybridclouds,orthecombinationofprivateandpublicimplementationsto runbusinessservices,haveemergedasathirdalternative.Considertheeconomicbenefits. Theremaybeapoint,however,atwhichthebenefitofaddingserverstoaprivatecloudis notsufficienttooffsetthecostsofaddingthem.Forexample,thedistributionofworkloads mayentailanumberofpeakperiodswheredemandexceedsthecapacityoftheprivate cloud.Thesepeaksmayberegularshortperiods(forexample,attheendofthemonth whenaccountsareclosedanddatawarehousesanddatamartsareupdatedandmany reportsaregenerated)ortheymaybemoreunpredictableperiodsofhighdemand.

Figure7.5:Thecostofaddingandmaintainingadditionalcloudresourceseventually reachesapointwherethecostsoutweighthebenefits.Atthispoint,ahybridcloud approachmaybethemostcosteffectiveoption.

PlanningforGrowth
Ifsuccessful,acloudislikelytogrowbothintermsofunderlyinginfrastructureandin termsofthenumberofservicesprovidedbythecloud.Inthecaseofprivateclouds,growth ininfrastructurecanoccurinternallybyaddingservers,storage,andancillaryequipment asneedsdemandorbyadoptingahybridcloudapproach.

137

TheDefinitiveGuidetoCloudComputing

DanSullivan

Growthinserviceswillputadifferentkindofmanagementburdenoncloudproviders.In particular,cloudproviderswillneedtoplanfor: ExpansioninthenumberofOSsandapplicationstacksthatmaybesupported Growingdemandforcustomvirtualmachineimagestoaccommodatespecialized requirements Agrowingbaseofcloudconsumerswithwidelydifferentneeds Emergingcategoriesofusers,suchaslongtermcloudconsumerswhoneed continuouslyrunningservers,userswithintermittentbutregularlyscheduledneeds forservers,userswhowilltakeadvantageofthecloudforoccasionalneeds,orspot userswhowillusethecloudonlyduringoffpeakhoursifthecostisloweratthose times.

Figure7.6:Usingpubliccloudservicesinahybridcloudconfigurationduringpeak demandperiodsmaybethemostcosteffectivewayofmeetingthedemandforpeak capacity. Thesedifferentfactorswillhelpshapemanagementandpricingpolicies.Amarketpricing model,forinstance,maybeintroducedtomoreevenlydistributetheworkloadincases wherethereareperiodsofhighandlowdemand.Peakpricingcouldbeinstitutedduring highdemandperiodsandlowerpricesduringlowdemandperiods.Anotheroptionisto useanauctionmodelinwhichcloudconsumersspecifythepricetheyarewillingtopayfor aresource;thecloudallocatesresourcestothehighestbidder,thenthenextlowerbidder, andsoonuntilallresourcesareallocated.

138

TheDefinitiveGuidetoCloudComputing

DanSullivan

Therearemanywaystomanageandpriceservices;animportantpointtorememberisthat thepoliciesandmethodsusedintheearlydaysofcloudadoptionmaynotbethebest optioninlaterstages.Followingpastpracticesbecausethatisthewaywevealwaysdone itisnotalwaysarecipeforsuccess.

LongTermManagementIssues
Intheplanningstagesforadoptingacloud,itisimportanttoconsidersomeofthelong termmanagementissuesthatcloudproviderswillface.Theseincludebothserviceand infrastructureissues: Maintainingthesecurityandintegrityofvirtualmachineimages Monitoring,detecting,andblockingunauthorizedusesofthecloud Planningforhighavailabilityanddisasterrecovery,possiblywithmultiplesitesfor aprivatecloudorwiththeuseofahybridcloudapproach Managingidentity,authentication,andauthorizationmechanisms Handlingphysicalconfigurationofthecloudandpowerconsumption Acknowledgingthepotentialforrapid,significantriseindemands,forexamplewith thegreateruseofinstrumentationanddatacollection

Thesearebroadissuesthatwillcontinuetoevolveovertime.Inadditiontothese,thereare severallongtermissuesandresponsibilitiesthatwarrantmoredetailedconsideration.

PlanningforCentralizingResources
Cloudcomputinggainsmanyofitsadvantagesfromcentralizingresources,management, andgovernance.Duringtheplanningstage,itisimportanttobeginformulatingpoliciesand practicesthatsupportcentralization.Thiscancomeinseveralforms: Standardizingtoreducecomplexity Streamliningservicemanagement Virtualizingphysicalresources

Thesevariousformsofcentralizationareimportantindividually,buttheyalsoreinforce andsupporttherealizationofeachother.

StandardizingtoReduceComplexity
Standardizationreducescomplexity,especiallyinthecloud.Whenweusetheoneserver foroneapplicationapproachtodeliveringservices,thereislessneedforstandardization thanincloudmodels.Thatisnottostaystandardizationisunimportant;itisimportant,but thedegreeofstandardizationrequiredtorealizebenefitsisnotasgreatasitiswithcloud computing.

139

TheDefinitiveGuidetoCloudComputing

DanSullivan

Takeforexampleasalesdepartmentthatrunsasmalldatamart.Thedepartmenthad hiredananalystwhohadworkedwithopensourcereportingtoolsinthepastand persuadedthedepartmentmanagertousethosetoolsaswelleventhoughthebusiness hadstandardizedonacommercialtoolsuite.Thedepartmentisresponsibleforbuilding andmaintainingitsdatamart,andthegroupfunctionswellwithit.CentralizedITisnot responsibleformaintainingsalesdepartmentssystemanddoesnotobjecttoit.(Wewill ignorethesecurityimplicationsofthisdecisionforthemoment).Nowpicturethis applicationmovingtothecloud. Avirtualmachineimagewouldhavetobecreatedandmaintainedintheservicecatalogof thecloud.CentralizedITmanagementwouldberesponsiblefordeployingandmaintaining theimage.Asitisinthecatalog,otherusersmightmakeuseofit.Theuserbasemightgrow tothepointthatITmustspendsignificanttimetolearnthetoolinordertoprovide support.Whatstartedasanisolatedinstanceofusingnonstandardsoftwareslowlyshifts tobecominganinstitutionalized,supportedapplication. Standardizationisakeymethodofreducingcomplexity.Thegoalofstandardizationisto meetallfunctionalrequirementswithaminimalsetofcomputingcomponents.Once requirementsaremet,addingcomponentsaddstocomplexitythatis,thenumberof interactingcomponentsthatneedtobemaintainedandadaptedtofunctionwithother componentswithoutaddingtothegoalofmeetingrequirements.Inthepreviousexample aboutdatamartreporting,anonstandardsystemwasusedwhentheenterprisestandard solutionwouldhaveworked.Theresultwasadditionalcomplexitywithnoadditional benefit.Suchsituationsshouldbeavoidedwhendeployingacloud.

StreamlineServiceManagement
Oneofthebenefitsofcentralizationisthatbydeliveringservicesatlargescales,itpaysto investinoptimizingthoseservices.Afastfoodchainthatservesmillionsofsandwichesa yearwilloptimizeeveryaspectoftheproduction,preparation,anddeliveryofthose products.Similarly,thefactthathundredsorthousandsofuserswillrepeatedlyinvokethe samestandardizedsetofservicesdemandsattentiontostreamliningandoptimizingthe deliveryandmanagementofthoseservices. Inordertostreamlineservicemanagement,weneedapplicationsinplacethatreducethe manuallaborandcomplexityofworkflowsrequiredtoimplementmanagementprocesses. Inparticular,servicemanagementshouldinclude: Supportfordiscoveringservicesprovidedinthecloudthroughdetailedandupto datemetadataaboutservices Virtualmachineimagesthataredesignedtosupportservices,suchasreport generation,andnotjustOSsandapplicationstacks,suchasLinuxwithastatistical analysispackageinstalled Managementreportingthatallowscloudconsumerstotrackandoptimizetheirown useofcloudresources

140

TheDefinitiveGuidetoCloudComputing

DanSullivan

Abilitytoprovidetimelysupportforcloudconsumersincaseswherethereare problemsexecutingjobsinthecloud Utilizationanalysisreportstogivethoseresponsibleformanagingcloudservices theinformationtheyneedtodetecttrendsandanalyzevaryingpatternsofresource utilization

Oneofthefactorsthatsupportstheabilitytostreamlineservicemanagementistheability tovirtualizecloudinfrastructure.

VirtualizingPhysicalResources
Thefinalaspectofcentralizingresourceswewillconsideristheneedtovirtualizephysical resources.Aswehaveencounteredrepeatedlywithinourdiscussionofcloudcomputing, theabilitytovirtualizecomputingandstorageservicesareatthefoundationofthe efficienciesprovidedbythecloudmodel.Thekeyphysicalresourcesthatshouldbe virtualizedareserversandstorage. Settingupasetofvirtualmachinesonasingleserverisstraightforward:installa hypervisorandcreatevirtualmachineinstancesbasedonOS(s)ofchoice.Scaling virtualizationtoalargenumberofserversrequiresmanagementsoftwarethatcanmanage multiplehypervisorclientsfromasingleconsole. Storageservicesalsoneedtobevirtualizedsothattheyappeartocloudconsumerstobea singlestoragedevice.Virtualmachineinstancesinthecloud,forexample,shouldbeableto addressstoragespaceonthecloudSAN(s)withouthavingtomanageimplementation details.Ideally,thesamemanagementconsolethatisusedtocontrolserversinthecloud willsupportmanagementandadministrationofstorageresources. Computingandstoragecloudshidemanyoftheimplementationdetailsthatgointo buildingandmaintainingalargeITinfrastructure.Bystandardizingservices,streamlining servicemanagement,andvirtualizingphysicalresources,cloudprovidersenablethe technicalresourcesneededbyuserstoleveragecloudservices.Thosesameusers, however,alsorequireattentiontobusinessconsiderations.

CommittingtoSLAs
Businessmanagersmaylookatcloudservicesandfindthelowercosts,greatercontrol,and potentialforscalingbusinessprocessescompellingreasonstousecloudservices.These reasonsareoftennotenough,though.Itisnotsufficientforacloudtoworkwelltoday;it needstoworkwellforaslongasusersneedit.ThisiswhywehaveSLAs.SLAsare standardinIT,anditisnosurprisethattheyareusedwithcloudservices.Ratherthan focusjustontheavailabilityofaspecificapplication,cloudSLAsmaybemoregeneraland applytocapacitycommitments,networkinfrastructure,storageinfrastructure,and availabilityandrecoverymanagement.TheseSLAsarecloselycoupledtotheinfrastructure ofthecloud,buttheprimaryconcernisonthebusinesscommitmentscloudproviders maketotheircustomers.

141

TheDefinitiveGuidetoCloudComputing

DanSullivan

CapacityCommitments
AcapacitycommitmentinanSLAoutlinesthenumberandtypesofservercapacitythat willbeavailableforusewhenthecloudconsumerattemptstousethem.Severalfactors shouldbeconsideredwhenmakingcapacitycommitments: Thetotalinfrastructureplannedforaprivatecloud Theabilitytoacquireadditionalresources(computeandstorage)asneeded throughahybridcloud Changesinpricingmodelsifhybridresourcesareused Acommitmenttothepercentoftimethecapacitywillbeavailable Lengthoftimethecapacitywillbeavailablewithoutinterruptiononcethecapacity isprovisioned

Theworkloadanalysisperformedearlierintheplanningprocesscanhelptounderstand thecapacitycommitmentsacloudprovidercanmakegivenaparticularnumberofservers andstoragecapacity.

NetworkInfrastructure
Networkservicecommitmentsareespeciallyimportantwhentherearehighlevelsofdata exchangeinandoutofthecloud.Servicecommitmentswillbelimitedbythenetwork capacityofInternetserviceproviders(ISPs)andtheabilitytodistributenetworkingload acrossmultipleISPs.Cloudserviceprovidersarelimitedbytheservicelevelcommitment theyreceivefromtheirISPs;however,bycombiningnetworkservicesfrommultiple providers,acloudprovidercanimprovetotalthroughputandavailability.

StorageInfrastructure
StorageSLAstakeintoaccountseveralfactors: Amountofstorageavailableforuse Backupservices,ifany Availabilitycommitments,includingpercentoftimestorageserviceswillbe available Throughputcommitments

Whenconsideringtheamountofstorageavailableforuse,takeintoaccounttheneedfor redundantstoragetoimproveperformanceandavailability.Thesecansignificantlyreduce thetotalamountofstorageavailablefordirectusebycloudconsumers.

142

TheDefinitiveGuidetoCloudComputing

DanSullivan

AvailabilityandRecoveryManagement
AnotherpopulartopicforSLAsisrecoverymanagement.Theredundancyofserversinthe cloudensuresthatthefailureofasingleserverinthecloudwillnotdisruptanoperation. Theservicecanbestartedagainonanotherserver.Fromaservicelevelperspective,cloud providersmaybeabletocommittohighlevelsofavailabilityintermsofhavingservers availabletorunapplications.Onemustaccountforthefact,though,thatwhenaserverfails andanotherisstartedinitsplace,theremaybedatalossdependingonhowtheapplication iswritten.Iftheapplicationwritesstateinformationtocloudstorage,anotherinstanceof theapplicationcanrecoverfromthelastpointatwhichstateinformationwaswrittento thedisk.Iftheapplicationdependsonmaintainingstateinformationinmemory,the recoverypointwouldbeearlier.Afinalsetofissuesthatfallsunderthepenumbraof businessdriversiscompliancerequirements.

ComplianceRequirementsandCloudServices
Compliancerequirementstendtofocusonpreservingtheintegrityofdata,especially financialdata,andprotectingtheprivacyofconfidentialinformation.Oneofthegreatest impedimentstoadoptingpubliccloudcomputingisconcernaboutprotectingtheintegrity andconfidentialityofdataonceitleavesthecorporatecontrollednetwork.Privateclouds retaindatawithincorporatefirewallswhereitwillbesubjecttointernalcontrols.The assumptionbehindthisreasoningisthatgovernanceproceduresthatprotectdatainnon cloudinfrastructurearesufficienttoprotectthesamedatainthecloud.Thismaybetrue forthemostpart,butthecloudintroducesadditionalfactorsthatshouldbeconsidered: Applicationsrunninginavirtualmachinemightwritedatatolocaldisks.Whenthe virtualmachineshutsdown,alldatawrittenbyitshouldbeoverwritten. Authorizationsassignedtousersfornoncloudresourcesshouldberespectedinthe cloud.Forexample,ifdatamovesfromadedicatedfileservertocloudstorage,the samerestrictionsonaccessshouldapply. Practicesemployedaspartofcomplianceefforts,suchasroutinevulnerability scanning,willhavetobeadaptedtoscanmachineimagesintheservicecatalog ratherthanjustinstancesrunningataparticularpointintimeonagivensetof servers

Reportingisanotheressentialpartofcompliance.Itisnotsufficienttobeincompliance; onemustoftenbeabletodemonstrateoneisincompliance.Again,existingprocedures mightneedtobemodifiedtoaccommodatereportingoncloudproceduresthatsupport compliance.Forexample,eachtimeavirtualmachineinstanceisshutdown,arecordmay beloggedindicatinglocaldatahasbeenoverwrittentopreventthenextuserfromscanning localstorageforresidualdata.

143

TheDefinitiveGuidetoCloudComputing

DanSullivan

Summary
Planningforcloudservicesisamultifacetedprocessthatbeginswithassessingreadiness forthecloudandaligningbusinessstrategywithcloudcomputingservices.Italsorequires preparationformanagingcloudservicesandplanningforcentralizedresources.In addition,itentailsanumberofbusinessorientedconcerns,suchasSLAsandsupportfor complianceefforts.Tofacilitatetheplanningprocess,apreimplementationchecklistis providedthatsummarizesthekeypointsofthischapter.

PreImplementationChecklist
AssessingReadinessfor CloudComputing DeterminewhetherapplicationsaredesignedtouseaWeb applicationarchitecture,servicebusarchitecture,orntier architecture Assessabilitytoprovideforselfservicemanagementof computingandstorageservices Standardizeonplatformsandapplicationstacks Analyzeworkloads Determinevaluemetricswithrespecttolabor,hardware, andsoftware Understandtherolesofprivate,public,andhybridclouds andtheirutilityforbusinessrequirements Planforgrowthindemandsforservices Assesslongtermmanagementissues Performcapacityplanningwithrespecttoservicelevel commitments Analyzecapacityofnetworkinfrastructure Analyzecapacityofstorageinfrastructure Formulatereasonablecommitmentswithrespectto availabilityandrecoverymanagement Determinesecurityrequirementsforpreservingtheintegrity andconfidentialityofdata Adaptreportingrequirementstoaddresscompliance implementationissuesintroducedbythecloud

AligningBusinessStrategy withCloudComputing Services PreparingtoManage CloudService CommittingtoSLAs

MeetingCompliance Requirements

144

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter8:RoadmaptoCloudComputing: TheImplementationPhase
OneofthemostchallengingITtasksistoimplementanewsystemsarchitecture.By definition,weareintroducinganewwayofdeliveringservices;atthesametime,weare oftenrequiredtomaintainexistingservices.Itisanalogoustorepairingyourcarwhile drivingit.Thefirststepinthecloudadoptionprocessistodevelopacomprehensiveplan thatbeginswithassessingreadinessforcloudcomputing,aligningbusinessprocesseswith cloudservices,planningforcentralizedresources,andcommittingtoservicelevel agreements(SLAs).Wedescribedthisfirststepindetailinthepreviouschapter;inthis chapter,weshiftfocusfromplanningontotheactualimplementationoftheplan. Manyplanningissuesarecommontobothpublicandprivateclouds,butthe implementationdetailsaremorecomplexinthecaseofprivatecloudcomputing.This chapterwilladdresshowtoimplementaprivatecloudandwillincludediscussionof hybridandpubliccloudissuesaswell.Thestructureofthediscussionisdividedintofive coresubtopics: Establishingaprivatecloud Transitioningcomputeandstorageservicestoacloud Completingapostimplementationchecklist Managingcloudservices Extendingaprivatecloudwithpublicservices

Bytheendofthechapter,wewillhaveoutlinedsomeofthefundamentalissuesthatshould beconsideredduringtheimplementationphaseinordertobegindeployingcloudservices withinanorganization.

145

TheDefinitiveGuidetoCloudComputing

DanSullivan

EstablishingaPrivateCloud
Aprivatecloudbeginswiththedeploymentofhardware,networking,andsoftware services.Throughoutthisbook,wehaveoftendiscussedthebusinessservices,software architectureissues,andotherlogicaldesignconsiderations.Allofthoselogicalchoices ultimatelydependonlowerlevelservicesthatinturnrelyonanITinfrastructurethat includes: Privatecloudhardware Networking Applicationstacks

Deployingacloudbeginsdownintheinfrastructure.

DeployingHardwareforaPrivateCloud
Manyofthehardwareissueswehavetoaddressinaprivatecloudarefamiliartothose withdatacenterexperience.Theytendtoclusteraround Serverlevelissues,suchasthenumberofserversandamountofnetwork equipmentandhowtheyaredeployedandconfigured Environmentalconcerns,suchasspace,power,andcooling Redundancytopreventsinglepointsoffailure

ServersandNetworkEquipment Serversinaprivatecloudarehousedinoneormoredatacenters.Theremustbeadequate spacewithinthedatacentersfortheserverunits.Thenumberofserversinacloudcan growincrementallyquiteeasilybutthephysicalspaceforhousingthemmaynot.Data centersshouldbesizedaccordingtoinitialspacerequirementsaswellasforforeseeable growth. Serversareoftenrackmountedinindustrystandard19inchrackcabinets.Theseare typicallyconfiguredtoalloweasyaccesstoboththefrontandbackofthecabinets.Cabling isrunthroughrackstoimprovecablemanagement;spacerequiredforanorganizedcable distributionsystemmustalsobetakenintoaccountwhensizingthedatacenter.Distances betweencomponentsshouldbeminimizedinordertominimizecablelengths,butmore importantly,thedatacenterequipmentshouldbeorganizedinalogicalfashiontosupport maintainability. DataCenterStandards Standardsforconfiguringdatacentershavebeenestablishedbythe TelecommunicationsIndustryAssociation(TIA).Formoreguidanceon configuringadatacenter,seetheTIA942DataCenterStandardsOverview byADC.

146

TheDefinitiveGuidetoCloudComputing

DanSullivan

EnvironmentalIssues Serversandnetworkingequipmentdependonenvironmentalinfrastructuretokeep functioning,especially: Power Cooling Fireprevention Physicalsecurity

Externalpowergeneratorswilltypicallysupplyelectricalpowertoadatacenter.Key considerationsarereliabilityandadequatesupplyofpower.Topreventasinglepointof failureinthepowersupplysystem,abackuppowersystemcanbeused.Uninterruptable powersuppliescanusebatteriestosupplypowerimmediatelyinthecaseofapower failurewhiledieselgeneratorsarestarted.Thegeneratorsaredesignedtosupplypower forlongerperiodsoftime. Coolingisanotherfactorthatmustbetakenintoaccountwhendesigningadatacenterfor aprivatecloud.Serversandotherelectricalequipmentdissipateheatintotheenvironment andthetemperatureinadatacenterwillriseunlessthecenteriscooled.Humiditycontrol isalsoaconcernbecausetoomuchmoistureintheaircanresultincondensationon electricalequipment.Airconditioningisthecommonmethodforcoolingbutalternatives, suchasusingoutsideair,areinuseaswell. TipsonEnergyEfficiencyforDataCenters SeeTheQuickStartGuidetoIncreaseDataCenterEnergyEfficiencybyUS GeneralServicesAdministrationandtheUSDepartmentofEnergyfortipson reducingthecostsandenvironmentalimpactofoperatingadatacenter. Firepreventionequipmentincludesactivecontrolssuchassmokedetectors,sprinkler systems,andfiresuppressiongaseoussystems.Passivecontrols,suchasfirewalls,canalso beusedtocontainfirestoonepartofthedatacenter. Thephysicalintegrityofthedatacentermustbeprotectedwithaccesscontrolstoprevent unauthorizedaccess.Guards,accesscontrolbadges,andsurveillancecamerasareallused toprotectdatacenters. RedundancyandAvoidingSinglePointsofFailure Redundancyisfoundatmultiplelevelsinadatacenter,fromdualpowersuppliesinair conditioningunitsallthewayuptoduplicatedatacenters.Atthelowestlevel,redundancy isbuiltintothecomponentswedeployassinglecomponents,suchasservers,air conditioners,anddiskarrays.Atmidlevels,weincorporateredundantcomponentsor backupsystemsinadatacenter.Asecondairconditioningunitisanexampleoftheformer; anuninterruptablepowersupplyisanexampleofthelatter.

147

TheDefinitiveGuidetoCloudComputing

DanSullivan

Atthetoplevel,weduplicateentiredatacenters.Thisisobviouslyacostlyoptionbuthasa numberofadvantages.Multipledatacenterswithsimilarinfrastructurescanactas backupsforeachother.Ifonedatacenterishitwithanaturaldisaster,theotherdata centerscancarrytheworkloadofthedowneddatacenter.Thiskindofdisasterrecovery configurationrequiresawelldefinedplanbeforethedisaster.Forexample,dataneedsto bereplicatedbetweendatacentersinatimelymanner.

Figure8.1:Redundancyisusedatmultiplelevelstoavoidsinglepointsoffailurethat couldshutdownasinglecomponentoranentirebusinessprocess. Wemaydothisanywaytoensurehighavailabilityevenwithoutregardfordisaster recoverysituations.Forexample,ifadiskarrayfailsinonedatacenterornetworktrafficto thatdatacenterisunusuallyhigh,otherdatacenterswiththereplicateddatacanrespond toservicerequestsforthatdata. Itshouldbenotedthatthisprocessisnotthesameasbackups.Backupsarecopiesofdata atapointintimeandpreservedfromsomeperiodoftime.Datareplicationcopiesdataand overwritesexistingdatainsomecases.Ifanapplicationerrorcorruptsadatabaseinone datacenter,thatdatabasewilleventuallybereplicatedtootherdatacentersunlessthe problemisdiscoveredintime.Abackupwouldallowthebusinesstorecoverfromthedata corruption;replicationmaynot. Inadditiontocomputeandstorageinfrastructure,weneedtodeploysufficientnetworking resourcestomeetthedemandgeneratedbycloudcomputing.

148

TheDefinitiveGuidetoCloudComputing

DanSullivan

DeployingNetworkServicesforaPrivateCloud
Businessservicesdeliveredthroughthecloudwilldeterminenetworkbandwidth,latency, andreliabilityrequirements.Thenetworkarchitectureselectedforaprivatecloudwill determinehowthoserequirementsaremet.Aswithcomputeandstoragehardware, redundantcomponentssuchasroutersandswitchesareimportantforavoidingasingle pointoffailure.Theyalsocontributetohighavailabilitybyenablingloadbalancingacross networkdevices. Evenwithredundantdevicesonthecorporatenetwork,westillfaceariskoflosing networkservicesontheinternetworkbetweendatacentersandothercorporateoffices. Providingredundantlinksoverthewideareanetwork(WAN)isanobvioussolutionbut thereisasignificantdrawback:cost. ConsideraprivatecloudthatusestwodatacentersandsupportsWANconnections betweenthedatacentersandforcorporateoffices.Figure8.2depictsafullyredundant WAN.

Figure8.2.Afullyredundantnetworkrequirestwoormorelinksbetweeneach interlinkednetwork. Inthissimpleexampleofonedatacenterandfourcorporateoffices(fiveendpoints),there areatotalof20WANlinks.Ifweincreasethenumberofdatacenterstotwoandaddfour morecorporateoffices(10endpoints),wewouldneedatotalof90links.Thenumberof linksinafullyredundantnetworkgrowsaccordingtotheformula:n(n1)wherenisthe numberofendpoints.Thisarchitecturecanbecomecostprohibitivequitequickly.

149

TheDefinitiveGuidetoCloudComputing

DanSullivan

AnalternativeapproachistouseameshdesigninwhicheachendpointintheWANhas linkstotwoormoreotherendpoints.Ifanysinglelinkfails,theendpointscan communicateusingtheotherWANlink.Figure8.3showsanexampleofameshnetwork thatprovidesmultipleroutesbetweenanytwoendpoints.Note,thatFigure8.3depictsa networkwith10endpointsbutusesonly18WANlinks.

Figure8.3:Ameshnetworkarchitectureprovidesredundancywithfewerlinksthan afullyredundantdesign.

ProvidingApplicationStacks
Inadditiontodeployinghardwareandnetworkingservices,weneedtoprovideforand manageapplicationstackswithinaprivatecloud.Thisrequiressupportforatleastthree elements:cloudmanagementservices,managementpolicies,andmanagementreporting. CloudManagementServices Cloudmanagementservicescanbethoughtofasanotherlayerinthesoftwareapplication stack.Wehaveapplicationsthatruninsideapplicationserversthatruninsideanoperating system(OS),andOSsthatrunasvirtualmachineswithinhypervisors.Thislayered approachcontinuesinthecloudwithcloudmanagementsoftwarethatcarriesoutbasic cloudoperations: Startingandstoppingvirtualmachineinstances Providingaccesstonetworkstoragesystemsfromvirtualmachinesrunninginthe cloud Managingcloudstorageservices Trackingusageinformationforaccountingandbilling

150

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure8.4:Theconventionalapplicationstackisextendedinthecloudtoinclude cloudmanagementservicesbelowvirtualizationservices. Cloudmanagementservicesmustaccommodateseveraltypesofneeds: Clusteringgroupsofserverstosupporthighperformancecomputingneedsfortight couplingofapplicationsrunningondifferentservers Aservicecatalog,whichisarepositoryofvirtualmachineimagesthatmayberunin thecloud Accesscontrolsoncloudservices,suchastheabilitytostartandshutdown instancesoraddimagestotheservicecatalog Storageabstractionsforpersistentstorageaftervirtualmachineinstancesareshut down

151

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure8.5:Cloudmanagementservicesincludeapplicationstoallowusersto provisiontheirownvirtualmachinesasneededwithoutassistancefromITsupport personnel.

CloudManagementPolicies
Cloudmanagementpoliciesspecifyhowcloudresourcesaregoverned.Computingcloud architecturesevolvedfromearlierITarchitectures,sotherearenotnecessarilynewtypes ofpolices;instead,wehaveextensionstoexistingpolicies(forthemostpart).Atminimum, aprivatecloudshouldassesscurrentpoliciesandmakemodificationsasneededto accommodate: Privilegesandlimitsonthenumber,types,anddurationsofuseofvirtualmachines asingleprojectcanprovision Accesscontrolpolicieswithregardtoprovisioningvirtualmachinesandstorage allocations Backupservices LimitsonSLAsandthecostofdifferentSLAs Dataretentionanddatadestructionpolicies

Policiesareinplacetoensurecloudserviceconsumerscanplantheiruseofthecloud accordingtoenterprisewideconstraints.Policiesalsoservecloudproviderswhoneedto maintaincompliancewithinternalrequirementsandSLAsaswellasexternalregulations.

152

TheDefinitiveGuidetoCloudComputing

DanSullivan

CloudManagementReporting
Asystemofreportingoncloudoperationsmustalsobeinplaceearlyinthedeployment phase.Cloudserviceproviderswillneedmanagementreportsthatdescribekey performanceindicatorsofthecloud: Serverutilization Storageutilization Networkbandwidthandlatency Securityincidentreports Servicesupporttickets Servicecataloginventoryandsummarydescriptions

Ideally,thesereportsareavailableforaggregatemeasureacrosstheenterpriseaswellas byimportantdimensions,suchastime,departmentorlineofbusiness,datacenter,user location,andsoon. Cloudserviceconsumerswillalsolookformanagementreportsbutwithanemphasison managingtheirownuseofthecloud.Typicalreportsinthiscategoryinclude: Numberandtypeofserversusedandthedurationofeachusebyjoborproject Amountofstorageallocatedbyjoborproject CPUutilizationrates Imagesandsoftwareused,especiallyifchargebacksareappliedforsoftware licenses Summaryreportsonjobsscheduledandtimerequiredtocompletejobsandtotal costbyjob

Cloudmanagementreportsshouldhelpcloudprovidersmoreefficientlydelivercloud servicesaswellashelpcloudconsumersmoreefficientlysupporttheirbusinessservices andworkflows. Establishingaprivatecloudisamultistepprocess.Hardwaremustbedeployedwith considerationforphysicalinfrastructure,suchaspower,cooling,andphysicalsecurity,as wellasarchitecturalissues,suchasredundancyandfailover.Networkservicesare essentialtodeliveringcloudservices.Asthenumberofdatacentersandremotesites grows,thecostofpointtopointdedicatednetworksquicklybecomesprohibitive. Networkswillhavetobedesignedwithenoughredundancytoproviderobustnetworking butnotsomuchthatthecostsoutweighthebenefits.Applicationstacksmustalsobe deployedwithparticularattentiontocloudmanagementservices,managementpolicies, andmanagementreporting.

153

TheDefinitiveGuidetoCloudComputing

DanSullivan

MigratingComputeandStorageServicestoaPrivateCloud
Sofarinthischapterwehavediscussedaspectsofdeployinghardware,networkservices, andapplicationsinaprivatecloud.Wenowturnourattentiontoamoredetailedlookat thesequenceofeventsthatareneededtoestablishsuchdeployments.Thereareseveral stepsinthetransitiontoacloudinfrastructure: Prioritizingstepsbasedonbusinessdrivers Reallocatingservers Deployingcloudenablingapplications Testingandensuringqualitycontrol Deployingmanagementapplications Migratingenduserapplications

Thislistisroughlytheorderinwhichthestepsareexecutedduringthemigration.

PrioritizingBasedonBusinessDrivers
Beforewestartredeployingserversandmovingapplicationsofftheircurrenthostservers, weneedtoformulateaplan.Thatplanshouldbeshapedbythebusinessdriversthat motivatedthemovetoacloudarchitectureinthefirstplace.Thereareseveraltypesof businessdrivers,andtheyshouldallbeconsideredwhenformulatingtheplan. BusinessDriver#1:Cost Cloudscandeliverservicesmoreefficientlythancandedicatedserversinmanycases.(We describedthereasonsforthisindetailthroughoutthisbookandwillnotrepeatthem here.)Atypicalexampleofalowercostcloudbaseddeliveryiswhenasingleserveris dedicatedtoanapplicationthatusesonlyafractionofthecomputingresourcesofthe server.Multicoreprocessorsrunningonserverswithsignificantamountsofmemorycan supportcomputeintensiveoperations,butmanybusinessoperationsneverfullyutilizethe capabilitiesofservers. Serversdedicatedtofiletransfer,collaboration,andcontentmanagement,forexample, typicallymakelittledemandonserverresources.Utilizationcanimproveiftheserveruses virtualizationtorunmultipleguestOSswithdifferentservices,buteventhismaynotfully utilizetheserverscapabilities.Fourlightweightservicesrunningonahighendserverare betterthanoneservicebutcanstillleaveCPUcycleswasted. Inacloud,thisproblemismitigatedbyaddingvirtualmachinestoserversaslongasthere areresourcesavailabletosupportanotherinstance.InthecaseofaserverrunningfourOS instancesbutstillhasCPUcyclesavailable,anotherinstancecanbeaddedbythecloud managementsoftware.Ofcourse,onecouldaddanotherinstancetoavirtualizedserver withoutcloudmanagementsoftwarebutdoingsowouldrequireanITsupportperson, whichwoulddriveupthecost.

154

TheDefinitiveGuidetoCloudComputing

DanSullivan

BusinessDriver#2:ComputingResources Anothermajordriverforutilizingacloudistheabilitytoprovisioncomputingresourceson demand.Ifadatawarehousemustperformcomplexextraction,transformation,andload (ETL)operationseverynight,acloudisanidealwaytodoso.Sourcesystemscansend theirinputdatastreamstomultipleservers,whichperformrecordleveltransformations anddataqualitycontrolchecks.Theseserverscanthenpipetheiroutputtoanothersetof serversthatreceivedatabasedonsomecriteria,suchasgeographiclocation.The secondarysetofserversaggregatedatabyregion,andthey,inturn,pipetheiroutputto anotherserverforthelevelofdataaggregation.

Figure8.6:Manybusinessprocesses,suchasdatawarehouseETLoperations,can makeuseofmultipleserversforrelativelyshortperiodsoftime.

155

TheDefinitiveGuidetoCloudComputing

DanSullivan

Duringtheprioritizationstep,weshoulditemizebothbusinessprocessesandserversand determine(1)howthebusinessprocesswouldbenefitfromflexibleserverallocationand (2)therelativeutilizationoftheserver.Businessprocessesthatuseaserveratfairly constantlevels,suchasthosededicatedtotransactionprocessingonacontinuousstream ofinput,arelesslikelytobenefitfromflexibleallocation.Businessprocessesthat experiencehighvariabilityinresourcedemandaregoodcandidatesforearlymigrationto thecloud.Serversthatrunatnearcapacitywouldbeonlymarginallymoreproductiveina cloudconfiguration,butthosethatareunderutilizedcouldbebetterutilizedinthecloud.

ReallocatingServers
Reallocatingserversisnotassimpleasitmaysoundatfirst.Evenoncetheorderof redeploymentisdeterminedbasedonbusinessdrivers,weneedtoensurethatservices thatarecurrentlyprovidedbyserverscontinuetobeavailableasneeded.Forexample,we mightdeterminethatseveraldozenservershostingWebservers,smalldatabases, collaborationservers,andseveralotherdepartmentlevelserviceswillallbeassignedto thecloud.Todoso,weneedto: Migrateapplicationstootherservers,perhapsinthecloudifsomearealready availableortovirtualhostsonserversdedicatedtothemigrationprocess Backupdatafromthecurrentproductionserversandrestoretothetransitory serverhostingtheapplication Deletedataandapplicationsfromtheserverandinstallvirtualizationaplatform andanycloudspecificapplications Physicallyconnecttheservertothecloudnetworksegmentsandattachtheserver tonetworkstorage

Iftheapplicationsrunningontheserverspriortoreallocationwillberunninginthecloud, virtualmachineimagesmustbeaddedtotheservicecatalogtosupportthoseapplications.

DeployingCloudEnablingApplications
Afterserversarephysicallyallocatedtothecloudandconfiguredtousecloudnetworking servicesandcloudstorage,thenextstepistoconfiguresoftwarefortheservers.The serverswillrunvirtualmachinehypervisorsandintegratewithcloudlevelmanagement softwarefordeployingvirtualmachineimages.Dependingonthetypeofcloud managementsoftware,serversmightrundifferenthypervisors,suchasVMwareproducts, Xen,orKVM.

156

TheDefinitiveGuidetoCloudComputing

DanSullivan

TestingandQualityControl
Testingisanessentialpartofclouddeployment.Atthispoint,serversareallocated,cloud storageisinplace,andnecessarycontrollersaredeployed.Thegoalofthisstepistotest andexercisethecloudconfigurationbeforeopeningitforproductionwork.Thetestplan shouldincludeseveralstepsthatensure: Virtualmachinehypervisorsareinstalledandrunningcorrectlyonallservers Virtualmachineinstancescanbestartedandstoppedasexpected Cloudmanagementsoftwarecorrectlystartsspecifiedmachineimagesonthe correctnumberofservers Allserverscanreadandwritefromcloudstorage LDAPorotherdirectoryservicesareinplaceandfunctioncorrectlyonallservers Securitypoliciesareimplementedcorrectly;forexample,alldataonlocalstorageis deletedwhenavirtualmachineinstanceisshutdown

Aftertestingtheseindividualelementsofcloudfunctionality,wecanmoveonto performancetesting.ThistypeoftestingshouldbedrivenbytheSLAsweexpectto support.Whenitcomestoperformance,moreisalwaysbetter,atleastintheory;however, therearecostsassociatedwithmarginalimprovementsinperformance.During performancetesting,wewanttoverifythat: Virtualmachineinstancesstartandareavailableforuseinanacceptableamountof time Readandwriteoperationstocloudstorageareperformingasexpected Largenumbersofparalleloperations,suchasstartinginstancesorwritingto storage,areperformedinanacceptableamountsoftime NetworklatencyandbandwidtharesufficienttomeetSLAs

Duringtesting,wealsowanttoensurethatusageandaccountinginformationistracked correctly.

DeployingManagementApplications
Asnotedearlier,managementapplicationsareneededforbothcloudprovidersandcloud consumers.Thesemaybothbehostedoncloudcontrollerinfrastructure,suchasservers dedicatedtocollectingusagedataandgeneratingreportsanddataservices.Atthispoint, wealsoneedtoimplementpoliciesandproceduresforbasicoperations,suchasstartup andshutdownofvirtualmachineinstances,recordingusageinformationforaccounting purposes,monitoringserverandnetworkutilization,andensuringsupportingoperations, suchasreplicatingdatabetweendatacenters,isfunctioningasexpected.Whenthecloud infrastructureisinplaceandfunctioningproperly,thenextstepistomigrateenduser applicationstothecloud.

157

TheDefinitiveGuidetoCloudComputing

DanSullivan

MigratingEndUserApplications
Migratingenduserapplicationsisathreestepprocess: Buildingvirtualmachineimageswithnecessaryapplicationstacks Migratingdatatocloudstorage Migratingaccesscontrolprivilegesanddirectoryinformationtothecloud.

BuildingVirtualMachineImages Buildingvirtualmachineimagesisastraightforwardtask,butwemustbecarefulto analyzeapplicationdependenciestoensureallnecessarysupportingsoftwareisinplace. Also,differentconfigurationsofanapplicationmayrequiredifferentversionsofsupporting libraries,sowemayneedtosupportseveralversionsofsimilarimages.Applicationsmay havedifferentconfigurationsdependingonhowtheapplicationisused,andthiscouldalso warranthavingmultipleversions.Forexample,aJavaapplicationservermaybeconfigured differentlyifweexpectheavy,moderate,orlightuse.Ratherthanexpecttheusertoadjust configurationseachtimeavirtualmachineinstanceiscreated,wecouldstoredifferent versionssothattheusercanchoosetheappropriateoneasneeded. MigratingDatatoCloudStorage Migratingdatatothecloudisanotherprocessthatsoundssimplebuthassomepotential challenges.Therearedifferentwaysofstoringdatainthecloud.Oneoptionistouseblock storageinwhichdataiswrittentologicalblocksoncloudstorage;anotheroptionistouse arelationaldatabasemanagementsystem(RDBMS)tomanagedatainthecloud.The secondoptionhassimilarfunctionalitytoRDBMSsthatrunondedicatedserversbut withouthavingtomanagesomeofthelowerlevelstorageissues,suchastablespacefile placement.Somechangesmayberequiredinapplicationstomakeuseofcloudblock storage,soweshouldreviewanapplicationstorageschemebeforemigratingittothe cloud. MigratingAccessPrivilegestotheCloud ApplicationsthatrunondedicatedserversoftenmakeuseofLDAPdirectoriesorActive Directory(AD)tostoreandserveinformationaboutusers,resources,andprivileges.This informationhastobemigratedtothecloudinfrastructureandadjustedasneededinthe cloud. Adjustmentsrangefrommappingaccesscontrolstospecificserversanddirectories(for example,userAJoneshasreadandwriteprivilegeto\\server1\directoryA)tothe comparablelocationinthecloudstorage.Additionaldatamayalsoberequired,suchas limitsonthenumberofvirtualinstancesausermaystartatanyonetime,themaximum timethoseserverscanrun,accountinginformationforchargebacks,andsoon.

158

TheDefinitiveGuidetoCloudComputing

DanSullivan

Transitioningcomputeandstorageservicestothecloudisamultistepprocessthatbegins withprioritizingservicestomigratetothecloudbasedonbusinessdriversandmoves throughreallocatingservers,deployingcloudenablingapplications,testingandquality control,deployingmanagementapplications,andfinallymigratingendusersapplications. Therearemanystepstotheprocess;thefollowingpostimplementationchecklist summarizesthekeysteps.

PostImplementationChecklist
Deploying Hardwarefor PrivateCloud Deploying NetworkServices forPrivateCloud TopicArea Notes

Serversandnetworkequipment Environmentalissues Avoidingsinglepointsoffailure

Establishdatacenterinfrastructure Power,cooling,physicalsecurity,fire suppression Isredundancyusedforcritical components,systems,anddatacenters?

Networkcapacity

Isnetworkbandwidthandlatency sufficientforSLA? Areredundantroutesimplementedina costeffectivemanner?

Redundancy Deploying ApplicationStacks forPrivateCloud Cloudmanagementservices PrioritizingBased onBusiness Drivers


Policies Managementreporting

Provisioningvirtualmachinesandstorage Privileges,accesscontrols,backups,data retentionpolicies Cloudproviderandcloudconsumer reporting

Costdrivers

Whichserverscanbemostefficiently redeployedinthecloud? Whichbusinessservicesrequire significantcomputingresources?Which processesneedregularpeakcapacity significantlyinexcessofmorecommon workloads?

Computedrivers

159

TheDefinitiveGuidetoCloudComputing Reallocating Servers


Migratingapplications

DanSullivan

Planmigrationandswitchover Considerhowtosynchronizedataif existingapplicationcontinuestorun duringmigration Wipeexistingdataonserver,physically moveserverstodatacenter

DeployingCloud Enabling Applications Testingand QualityControl

Backupdata Initializeserversforcloud

Physicallyconnectserverstocloud Establishconnectionstootherservers, infrastructure storage,andnetwork

Deployinghypervisors Serverspecificmonitoring applications

InstalllowlevelsoftwareforOSand virtualmachinefunctions Enableservermonitoringservices Doestheserverfunctionasexpected withregardtostartingandstopping virtualmachineinstances?Writingtoand readingfromcloudstorage?Usenetwork services? Doserversfunctionasexpectedunder significantloads?Testforbothcompute andI/Oloads Buildservicecatalogwithimagesas neededtomeetthefullrangeof applicationrequirements Copyapplicationdatatocloudandverify applicationsfunctionproperlywith regardtocloudstorage UpdateLDAPorotherservicesinthe cloudthatstoreauthenticationand authorizationdata

Serverbasedfunctionaltesting

MigratingEnd UserApplications

Performancetesting

Buildingvirtualmachineimages

Migratingdatatocloudstorage Migratingaccesscontrol information

160

TheDefinitiveGuidetoCloudComputing

DanSullivan

ManagingCloudServices
Afterthetransitionperiodwheninfrastructureismigratedtoacloudconfiguration,our attentionshiftstomoreoperationalandmaintenanceorientedconsiderations: Servicemanagementintegrationwiththecloud Usagetrackingandaccountingservices Capacityplanning

Thesearebusinessoperationsthatlikelyexistedwellbeforecloudcomputingwas introduced,soitisusuallyamatterofextendingthesebusinessprocessestofunctionwith thecloud.

IntegratingServiceManagementwiththeCloud
ServicemanagementisasetofpracticesthatorientIToperationsaroundcustomersneeds andbusinessprocessesratherthanaroundtechnology.Throughoutthisbook,wehavehad adecidedlytechnologycentricfocus,butthatshouldnotbeconstruedasmeaningcloud computingcannotbecustomerfocused.Actually,bystreamliningthedeliveryofcomputing andstorageservices,cloudcomputingactuallyimprovescustomerserviceandsupports theobjectivesofservicemanagement. Therearedifferentwaysofimplementingservicemanagement.Oneofthemostformaland wellknownapproachesistheITInfrastructureLibrary(ITIL),whichadvocatesabroad andfairlystructuredapproachtoservicemanagement.Therearemanyelementsinthe ITILframeworkandservicemanagementingeneral,butwewillonlyconsider: Servicecatalogmanagement Servicelevelmanagement Availabilitymanagement Servicevalidationandreleasemanagement

Thereareotheraspectsofservicemanagementthatarerelevanttocloudcomputingbut areoutsidethescopeofthischapter;theseincluderiskmanagement,financial management,andsuppliermanagement. ITILv3 FormoreinformationabouttheITILframeworkandotherservice managementissues,seehttp://www.itilofficialsite.com/home/home.asp.

161

TheDefinitiveGuidetoCloudComputing

DanSullivan

ServiceCatalogManagement ServicecatalogsaresetsofbusinessandsupportservicesavailablefromITdepartments. Beforewegoanyfurther,itshouldbenotedthatthetermservicecataloghastwosimilar meanings,anditisimportanttodistinguishthemhere.Aservicecatalogintheservice managementsenseisanabstractdescriptionofthesetofservicesavailablefrom informationtechnologyproviders.Wealsousethetermservicecatalogtodescribea repositoryofvirtualmachineimagesthatareavailableforuseinthecloud.Inthissection, wewillalwaysrefertothelatterastheservicecatalogrepositorytoavoidconfusion. Businessservicesaremadeavailablethroughthecloudwhentheyareaddedtotheclouds servicecatalogrepository.Wehavediscussedtheservicecatalogrepositoryfroma technologyperspectivewithtopicssuchasensuringsoftwaredependenciesare accommodatedinimages,imagesaremaintainedaspartofpatchandvulnerability management,andsoon.Intermsofservicemanagement,weshouldthinkofvirtual machineimagesasvehiclesfordeliveringservice.Thisperspectiverequiresustothink moreintermsofthefollowing: Aretheservicesthatcloudconsumersexpectavailableinthecatalog? Ismetadataassociatedwithvirtualmachineimagessufficientforuserstofindthe servicestheyneedandtodistinguishamongsimilarimages? Aresoftwarelicenserestrictionsproperlyaccountedforinthewayvirtualmachine imagesaremadeavailable?

Otherbusinessservicesarenotnecessarilytiedtovirtualmachineimagesruninthecloud. Supportservices,suchasticketingsystemsforincidentandproblemmanagement,arepart oftheservicecataloginthemanagementsenseoftheterm. ServiceLevelManagement Servicelevelmanagementisthepracticeofmanagingcommitmentstocloudusers.These commitmentsareusuallydocumentedinSLAs.RequirementsaredefinedinSLAs,and QualityofService(QoS)metricsareusuallyassociatedwiththeserequirements.Inthe cloud,SLAsmayincluderequirementsaround: Numberandtypeofvirtualmachineinstancesthatwillbeavailableatregulartimes andforsomelengthoftime Thedurationfromrequestingasetofvirtualserverstothetimetheyareavailable Percentageoftimeotherrequirements,suchasguaranteednumberofservers,will bemet Availabilityofsoftwarepackagesintheservicecatalogrepository

ThedetailsofSLAmetricswillbeslightlydifferentwithacloud,buttheframeworkis essentiallythesametothatwhichweuseinnoncloudenvironments.

162

TheDefinitiveGuidetoCloudComputing

DanSullivan

AvailabilityManagement Availabilitymanagementistheprocessofensuringcomputeandstorageresourcesare availableasneededtomeetSLAs.Oneoftheadvantagesofcloudcomputingisthatiteases availabilitymanagement. Inanenvironmentwithserversdedicatedtoparticulartasks,weoftenusereplicationto keepstandbyserversreadytotakeoverincaseofafailure.Inacloud,serversdonothave identitiesandthesoftwaretheyrunisafunctionofthevirtualmachineimageloadedonto thembyanenduser.Failureofasingleserveroreven10serversinacloudcanbe managedbyinstantiatingtheimagesthatwererunningonthefailedserversonothercloud servers.Assumingdataonthefailedserversispersistedincloudstorage,thenewinstances oftheapplicationswillhaveaccesstodata. ServiceValidationandReleaseManagement Servicevalidationandreleasemanagementareproceduresfortestinganddeployingnew servicestothecloud.Aswithavailabilitymanagement,thistaskiseasierinthecloudthan inadedicatedserviceenvironment.Designing,testing,andvalidatingapplicationsinthe cloudissimilartodesigning,testing,andvalidatinginadedicatedserverenvironment.The advantagesstemfromthefactthatanewreleasecanbedeployedasanothervirtual machineimageintheservicecatalogrepository.Ifthereisaproblemwiththenewrelease, theoldversioniseasilyrunwithoutthechallengesofreinstallingsoftwareonadedicated server. ServicemanagementisabusinesspracticeusedtocontrolthedeliveryofITservices.Cloud computingdoesnoteliminatetheneedforthiskindofmanagementbutdoesrequire adaptationsand,insomecases,makesiteasiertoexecutethesemanagementoperations.

UsageTrackingandAccountingServices
Thereisanoldsayingthatifyoucannotmeasureit,youcannotmanageit.Thisisespecially trueinthecloud.Withlargenumbersofusersrunningawidearrayofapplicationsacrossa largenumberofservers,onewillneedanefficientmethodfortrackinguse.Theideal trackingsystemwill: Functionseamlesslyaspartoftheinstantiationprocesswhenvirtualmachinesare startedorwhenstorageisallocated Collectandmaintainfinegraineddetailaboutuse;forexample,attheuserand imagelevel Allowprojectordepartmentlevelcharging Feeddatadirectlyintofinancialreportingsystems

Adaptingcurrentchargebacksystemsmayrequiresomeworktoallowforautomated transactionsindicatingwheninstancesarestartedorstorageisallocated.Theseoperations arelargelyselfservicestepsinthecloud(whereastheyarenotindedicatedserver environments).

163

TheDefinitiveGuidetoCloudComputing

DanSullivan

CapacityPlanning
CapacityplanningisyetanotherservicemanagementprocessthatisfamiliartomanyIT professionals.Theprinciplesarethesamewithcloudarchitectures,butonceagain,this processisjustabitlesschallenginginacloudenvironment.Forecastinggrowthwith dedicatedserversoftenrequiresplanningforpeakcapacityinmultipleapplications, departments,andbusinessunits.Inthecloud,wecanmanagetoaggregatetrends.Wecan askquestionssuchashowmanyphysicalserverswillbeneededtosupportallSLAs ratherthanaskinghowmanyserverswillbeneededtosupportDepartmentA,ServiceB, andsoon. WemanagecloudservicesmuchaswemanageanyserviceprovidedbyIT.Service managementpractices,usagetrackingandaccounting,andcapacityplanningareallwell establishedpractices.Theywillcontinuetobeneededwhenmanagingacloudbut, fortunately,withlittlebitlessdifficulty.

ExtendingaPrivateCloudwithPublicServices
Asflexibleasaprivatecloudis,therearelimits.Atsomepoint,thecostsofaddingmore serversorstoragetoaprivatecloudwilloutweighthebenefits.Publiccloudproviderscan realizeeconomiesofscalethatarenotavailabletomostprivatecloudproviders.Ofcourse, privatecloudscontinuetohavetheirbenefits,suchastheabilitytocontrolthe infrastructureonwhichprivateandconfidentialdataresides.Businessesmayfindthatthe optimalsolutionistocombineprivateandpubliccloudstorealizethebenefitsofboth. Incaseswhereadditionalcomputeandstorageresourceareprovidedbypubliccloud providers,itisimperativethatsecuritycontrolsareinplacetoprotectinformationthat leavestheorganization.Forexample,youmightneedtoencryptdataasitistransmittedto publiccloudservers,andstoreitinanencryptedformoncloudstorage.Also,youmight needtosetapolicythatnodataiswrittentolocalstorageofavirtualmachinerunningin theprivatecloudtopreventanypossibilityofalateruserofthatdevicehavingtheability torestoredatathatpreviouslyresidedonthedisk. Policiesshouldbeinplacethatdefinetheacceptableusecasesofpubliccloudservices, includingthetypesofdatathatcanbesenttoprivatecloudserversandthetypesof applicationsthatcanberunintheprivatecloud.Aproprietaryprocessoranalysis procedurethatinstantiatessignificantintellectualproperty,forexample,isagood candidateforkeepingoutofpubliccloudservices.Hybridcloudsthatcombinethebenefits ofprivateandpubliccloudscanimprovetheefficiency,costeffectiveness,andcapabilities ofaprivatecloud,buthybridcloudsmustbeusedinawaythatdoesnotviolatepoliciesor theinterestsofthebusiness.

164

TheDefinitiveGuidetoCloudComputing

DanSullivan

Summary
Establishingaprivatecloudisamultistepprocess.Hardwaremustbeprocuredorre assigned,networkservicesprovisioned,andsoftwareconfiguredforuseinthecloud. Transitioningservicestothecloudrequiresthatwecarefullyplanothersteps,including prioritizingbasedonbusinessdrivers,deployingapplications,implementingquality controls,anddeployingmanagementapplications.ManyexistingITprocesses,suchas servicemanagementandcapacityplanning,canbereadilyadaptedtothecloud.Finally,it maybebeneficialtoconsidertheuseofahybridcloudtotakeadvantageoftheeconomies ofscaleofpubliccloudswhilemaintainingthecontroladvantagesofaprivatecloud.

165

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter9:MaintainingaCloud Environment:Governance,Growth,and Security


Thereismuchdiscussionabouthowcloudcomputingisdifferentfromearliermodelsof servicedelivery.Thisbookhasfollowedasimilarpatternforthefirsteightchaptersby concentratingonwhatdistinguishescloudcomputingfrommainframe,clientserver,and otherdistributedapproachestodeliveringservices.Thischapterwillbedifferent.Nowwe willfocusourattentiononthemescommontoallformsofITanddelivery: Theroleofgovernance Capacityplanning Theneedforsecurity

Governanceistheguidingframeworkthatdefineshowwegoaboutimplementingservice deliveryinthecloud.Itcanbethoughtofasasetofconstraintsonpossiblesolutionstoa problem.Principlesofgovernancearenottechnicalprinciples,perse,buttheydohave implicationsonthetechnicalsolutionsweimplement.Forexample,apolicymaydictate thatespeciallysensitiveprivateandconfidentialinformationmayonlybestoredondevices underthecompletecontrolofthecompany.Thislimitstheuseofpubliccloudsasan extensionofaprivatecloud.Thegoverningpolicyneednotexplicitlymentionrestrictions onpubliccloudsbutthatisthepracticalimplication.Otheraspectsofgovernanceinfluence andconstrainhowwedeliverotherservices,whattypesofservicesmaybedelivered,and towhomwemaydeliverthem. CapacityplanningisoftenachallengingtaskinITmanagement.Throughoutthisbook,we havediscussedhowcloudcomputingmakescapacityplanningeasier,anditdoesforthe cloudconsumer.Thecloudservicesprovider,however,stillfacesthetypicalchallengesof forecastingdemandforservices,balancingpeakloaddemandwithaverageloaddemand, andformulatingacceptableservicelevelagreements(SLAs)withcustomers. InadditiontohavingenoughcapacitytomeetthedemandsofSLAs,wehavetoensurethat infrastructureisreliableenoughtobeavailableasrequiredbySLAs.Fortunately,cloud architecturesareinherentlydistributedandthereforeenablerelativelystraightforward failoverapproaches.Nonetheless,westillhavetobecarefultoavoidsinglepointsoffailure andensurethatsupportingservices,suchasmakingredundantcopiesofdata,happenfast enoughandfrequentlyenoughtoensuresufficientrecoveryintheeventofadatalossin onepartofthestoragesystem.

166

TheDefinitiveGuidetoCloudComputing

DanSullivan

Theneedforsecurityininformationmanagementisubiquitous.Cloudcomputinghasits arrayofinformationsecurityrequirementsthataresimilartothosefoundinotherservice delivermodels,includingtheneedto: Maintainidentityinformationaboutusers Limitaccesstodataandapplicationsbasedonidentity Ensuresoftwareischeckedforvulnerabilitiesandpatchedasneeded Preventmaliciousapplicationsfromoperatingwithinthecloud Protecttheprivacyofconfidentialinformation

Thefundamentalsecurityrequirementsarenodifferentinthecloudthaninothermodels, butthewayweimplementsecuritycontrolscanvary,sometimesforthebetter.For example,ifanoperatingsystem(OS)vendorreleasesasecuritypatchandabusiness determinesthatthepatchmustbeappliedtoeveryserver,thatpatchwillhavetobe pushedtoeachserver.Evenwithanassetmanagementapplicationthatautomatically distributesandinstallssoftwarepatches,thereislikelytobesomemanualintervention required.Systemsadministratorswillhavetoreviewpatchreportstoverifypatcheswere appliedcorrectly,determinewherepatcheshavefailed,andapplycorrectiveactiontoeach instanceofthefailure. Inacloudcomputingenvironment,imagesintheservicecatalogcanberegeneratedwith thepatchanddeployedtotheservicecatalog.Theolder,vulnerableversionoftheimage couldberemovedfromthecatalogsothatitisnolongerinstantiatedwithinthecloud. Theremaybeinstancesofthevulnerableimagerunninginthecloudinwhichcasecloud administratorswouldhavetocoordinatewiththesystemsadministratorsresponsiblefor thoseinstancestoshutdownthoseinstancesandrestartwiththepatchedversions.Thisis similartothekindofcoordinationthattypicallyoccurswhenserversarededicatedto particulardepartmentsorapplications.

167

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure9.1:Theneedtoapplysecuritypatchesisthesamewithorwithoutacloud; however,theexecutioncanbelessproblematicwhenworkingwithaservicecatalog ratherthanindividualserverswherethepatchmayfailfordifferentreasons. Thelongtermmaintenanceofacloudcomputingenvironmentrequiresattentionto governance,capacityplanning,andsecurity.Inthischapter,wewillconsidereachinturn andoutlinekeyconsiderationsineacharea.Notsurprisingly,thesametypesofissueswe seeingovernance,capacityplanning,andsecurityinotherarchitecturesoccurwithinthe cloud.Thispresentsasignificantadvantageforcloudcomputingadministrators:Wecan adaptthebestpracticesthathaveevolvedoverthepastdecadesofITmanagementtocloud computing.

GovernanceIssuesintheCloudComputing
Governanceisaboutestablishingaframeworkfordirecting,monitoring,andreportingon theimplementationactivitiesofanorganization.Businesseshaveboardsofdirectorsfor governingthecompanyatlarge.Cloudcomputinggovernanceisasubsetofcorporate governance.Thedirectionsandprinciplesestablishedatthecorporateleveldefinethe environmentinwhichcloudcomputinggovernanceoccurs.

168

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure9.2:Thehierarchyofcorporategovernancesubsumescloudcomputing governance. Corporategovernanceestablishesdirectionandmanagementprinciplesfortheentire companywithsomespecialization,asrequired,forareassuchasfinance,strategic planning,andservicedelivery.Withinservicedelivery,wecanplacecloudcomputing governance.Someofthemostimportantaspectsofcloudgovernanceinclude: Protectingtheintegrityofbusinessservices Controllingaccesstocloudservices Allocatingcostsforcloudservices

169

TheDefinitiveGuidetoCloudComputing

DanSullivan

Theseareasallhaveimplicationsforhowweimplementcloudservices,buttheyare primarilybusinessissues,nottechnicalissues.Thetechnicalaspectsoftheseissuescome intoplaywhenwestarttoimplementthepoliciesdefinedbygoverningbodies.Cloud governancedefineswhatistobeimplemented;cloudimplementationdefineshowitis implemented.

ProtectingtheIntegrityofBusinessServices
Theintegrityofbusinessservicesentailstwoparts: Ensuringindividualtransactionsandoperationsinthecloudfunctionasexpected withoutcompromisingtheconfidentialityofthosetransactionsandoperations EnsuringcloudservicesareavailableasexpectedandasagreedtoinSLAs

ConfidentialityintheCloud Whatlevelofconfidentialityshouldacloudconsumerexpectwhenusingcloudresources? Forexample, Whowillhaveaccesstothedatatransmittedbetweenthecloudandoutsidedata stores? Whowilldeterminewhowillhaveaccesstodatastoredincloudstorage? Whateffortsaremadetoreducetheriskofinadvertentdisclosureofdata? Underwhatcircumstanceswillnormalconfidentialityprotectionsbesuspendedin ordertopreventorinvestigatemaliciousactivitiesinthecloud?

Itistheresponsibilityofthegoverningbodytospecifypoliciesthatanswertheseand similarquestionsthatwillarise.(Again,governanceaddresseswhatshouldbedonenot howtodoit.Implementationdetailsaredelegatedtoothers,sowewillnotdelveintothe technicaldetailsofhowtomeettheserequirementsrightnow.) Policiesonconfidentiallyshouldspecifyacombinationofprotectionsthatshouldbein placeaswellasadescriptionofthelimitstothoseprotections.Forexample,policymay dictatethatcloudadministratorsmakeavailableencryptedcommunicationsbetweenclient devicesandthecloudresources.Cloudconsumerscanmakeuseofencrypted communicationsiftheywant,buttheymaynotberequiredto.Atthesametime,policymay requirecloudadministratorstoavoiddeployingsoftwarewithknownvulnerabilitiesthat couldcompromisethesecurityofthecloud.Thismayleadcloudadministratorstonotoffer basicftpservicesandinsteadrequireasecureformofftp.Thismayseemcontradictorybut itisnot. Inonepartofapolicy,westatethatcloudconsumers,notadministrators,candecideonthe levelofsecuritytheydesireforcommunications.Inanotherpart,thepolicystatesthat vulnerablesoftwareshouldnotbedeployed,andthislimitscloudconsumerchoices.Itis notunusualforcomplexpoliciestoleadtoseeminglycontradictoryindications.Inthese situations,onepartofthepolicyhastotakeprecedenceovertheother.Inthisexample, protectingthecloudresourcesanditsusersisworthconstrainingtheoptionsofusers.

170

TheDefinitiveGuidetoCloudComputing

DanSullivan

GovernanceandBalancingActs Thiskindofbalancingactiscommonlyseeninlaw.Thefreedomofspeechis awellknownrighttomanybutthatdoesnotpermitustoyellFire!ina crowdedtheaterwhenthereisnofire. Itisconceivablethatgoverningregulationswillimposeconstraintsonwhatbusinessunits mightwanttodo.OnedepartmentmightwanttonegotiateanSLAthatallowsthemto rapidlyuploadlargevolumesofdatafromexternalresources.Internalregulations, however,requirethatanyfilesuploadedfromexternalresourcesbescannedformalware. Thescanningwillcausetheloadingprocesstoexceedthetimewindowthecustomer wants.Thegoverningprinciplesexistforareasonandinspiteofhowitmightlimitwhat businessunitsconceive,theyareinplacetoprotectthecloudinfrastructure,datawithin thecloud,andthebusinessoperationsthatdependonit.

Figure9.3:Governancepoliciesdefinehowcloudresourcesmaybeused.Business unitsmightwantadditionalfeaturesorfunctionalitythatarenotallowedinthe cloud;instead,theyareconstrainedtothefeaturestheywouldlikethatoverlapwith thoseallowedbygovernanceregulations.

171

TheDefinitiveGuidetoCloudComputing

DanSullivan

AvailabilityandSLAs
AnothertopicforgovernanceisavailabilityandtheroleofSLAs.Agovernanceframework doesnotdictatespecificrulesaboutavailability,butitdoessetguidelines.Forexample,the governingbodymayspecifythatSLAswillcontainspecificationsfor: Thenumberandtypesofserversthatwillbeavailabletothecloudconsumerona regularbasis Thepercentageoftimethattheagreeduponnumberandtypesofserverswillbe available CompensationforviolationsofSLAs

TheseareSLAspecificissuesthatwouldbenegotiatedbetweenthecloudadministrators andusersofcloudservices.Thegoverningbodymayalsospecifyglobalguidelines,suchas requiringthatnotmorethanX%ofservers,storagecapacity,orotherresourcebedownfor routinemaintenanceatthesametime.Thistypeofglobalconstraintfurtherdefinesthe boundariesofactionsthatcloudadministratorscantake. Theintegrityofcloudservicesisprotectedinpartbypoliciesprotectingconfidentialityof dataandpreservingtheavailabilityofservices.Itisalsohighlydependentonsecurity controls,includingaccesstothecloud.

ControllingAccesstoCloudServices
Oneofthemostfundamentalconsiderationsinthegovernanceofcloudresourcesis determiningwhohasaccesstothoseresources.Ifacompanyinvestsinaprivatecloud,will thecompanymakethecloudavailableto Anyemployeeorcontractorwithaninterestinusingtheresource Membersofresearchanddevelopment,engineering,orotherproductdevelopment effortsthatrequiresignificantcomputationalresources Employeesinanydepartmentwiththefundstocoverthecostsoftheresources

Onceitisdeterminedwhowillhaveaccesstothecloud,securitycontrols,suchasidentity management,authentication,andauthorizationsystems,canbeusedtoenforcethose policies. Withinthegroupofuserseligibletousecloudresources,theremaybeafurtherdivisionby priority.Somedepartments,suchasfinance,maybegiventoppriorityunderthe assumptionthattheirneedsareimmediateandcritical.Researchanddevelopmentand engineeringgroupsmaybeinasecondtierofusersbecausetheirworkisessentialtothe longtermviabilityofthecompanyandtheyhavedemonstratedtheneedforlargeamounts ofCPUtime.Athirdtiermaybeeveryoneelseinthecompanywhowillhaveaccessto resourcesnotconsumedbytheothertwogroups.

172

TheDefinitiveGuidetoCloudComputing

DanSullivan

Withineachgroup,theremaybelimitationsontheresourcestheycanacquire.For example,thetoptierFinancegroupmayhaveaccesstoasmanyserversastheylikebut canrunthemcontinuouslyforonly48hoursifotherjobsarewaitingtoruninthecloud. Engineeringmayneedtorunlargecalculationsforextendedperiodsoftime,sotheymay runtheirvirtualserverinstancesforaslongastheylikebutarelimitedinthenumberof virtualserverstheycaninstantiateatanyonetime.Regardlessofwhocanaccesscloud services,someonehastopayforthem.

PricingCloudServices
Therearetwobroadapproachestodeterminingthecostsforcloudservices:costallocation andcompetitivepricing.Inpractice,theactualpricescloudconsumerspaybemeamixof bothapproaches,butwewilldiscussthemseparatelyandthenseehowtheycanbe merged. CostAllocation Costallocationisapricingmodelthatisdrivenbythecostsincurredbytheproviderofthe service.Atitsmostbasiclevel,thecostofaserviceisequaltothecostofpurchasingand maintainingequipmentandprovidinglabortosupporttheservicedividedbytheunitsof theserviceprovided.Anexamplecanhelpclarifysomeofthedetails. Letsassumeabasicservercanrunfourvirtualservers.Theserverruns24hoursaday,7 daysweekfor3yearsforatotalof26,280hours.Letsalsoassumetheserverwas purchasedfor$5000,requires$1000inlabortomaintainoverthecourseof3years,and incurs$300inpower,cooling,rackspace,andothermiscellaneouschargesforatotalof $6300incostsover3years.(Forsimplicity,wellassumethatthisserveronlyrunsopen sourcesoftwaresothattherearenosoftwarelicensingcosts).Thehourlycostofproviding thisserveris26,280hoursdividedby$6300or$0.24perhour. Inpractice,thissimplecostallocationmodelwillneedsomemodification.Forexample,the assumptionthatasingleserverwillrun247for3yearsstraightisunrealistic.Also,clouds aredesignedtoaccommodatevaryingpeakdemandperiods,sotherewillbetimewhen someserversarenotutilizedandthereforenotchargedtoanycustomer.Finally,serversin thecloudmayhavebeenacquiredatdifferenttimesfordifferentprices.Tryingtoassign eachserveritsownindividualtotalcostofownership(TCO)wouldgeneratemore accountingworkthanitisworth.Abetterapproachistouseanaveragecostandan averageutilizationrateforeachserver. Inthecostallocationmodel,wehavetomakesomeassumptionsaboututilizationratesand availabilityofservers.Whenwesetprices,wehavetohopewehavemadegoodestimates. Ifweareoverlyoptimisticaboututilizationandavailability,wemayfindthatinfactwedo notrecoveralltheexpenseswehadplannedforandareleftwitharevenueorcost recoveryshortfall. Thiskindofcostallocationmodelisfoundingovernmentinstitutionswherepricingis drivenbytheneedtorecovercostsratherthantoearnaprofit.Thesamemodelmaywork wellwithinabusinesswhereITunitsaretreatedascostrecoverycentersandnotprofit earningcenters.

173

TheDefinitiveGuidetoCloudComputing

DanSullivan

CompetitivePricing Anotherapproachtopricing,whichiscommoninbusiness,iscompetitivepricingor pricingaccordingtowhatthemarketwillbear.Presumablypubliccloudsuseacompetitive pricingmodelwheretheirpriceforaunitofserviceincludesthecostswedescribedearlier plusanadditionalamountforprofit.Thiscertainlymakessenseforapubliccloud,butdoes thispricingmodelhaveaplacewithprivatecloudsusedonlybyinternalcustomers?Yes,in somecases. Bychargingmorethantheactualcosts,acloudprovidercangenerateareserveofearnings thatarenotallocatedtocoverthecostsofprovidingthecloudservices.(Thisissimilarto profitsorretainedearnings,butthosehavespecificaccountingdefinitions,sowewilltryto avoidusingthoseterms.)Thisreservecanbeusedinseveralways: Asaresourceforfundingfutureexpansionofcloudinfrastructure Tomitigatetheriskofunanticipatedproblems,suchcoveringthecostsassociated withreplacingfaileddevicesthatmayormaynotbeunderwarranty Tofundexperimentalcloudservicesthatareprovidedforfreeinreturnfor feedbackontheservices

Thecostrecoverymodeldoesnotprovideamechanismforthiskindofretainedreserves funding.Onecouldimagineincorporatingthecostoffutureexpansion,riskmanagement, andservicedevelopmentintothecostofprovidingservices,butthatisabitcountertothe intentionofthecostrecoveryapproach. Neithercostrecoverynorcompetitivepricingisinherentlybetterorworsethantheother. Itisuptothegoverningbodytodeterminewhichapproachbetterservesthelongterm goalsoftheenterprise. Cloudcomputinggovernanceisasubsetofcorporategovernance.Regulationsputinplace attheenterpriselevelconstrainwhatcanbedonewithcloudservices.Suchhighlevel constraintsareinsufficientguidanceforprovidingagoverningframeworkforaprivate cloud.Furtherregulationsaroundprotectingtheintegrityofservices,limitingaccessto cloudservices,andallocatingthecostsofthecloudareallrequired.Anotherfacetoflong termmaintenanceiscapacityplanning.

PlanningforGrowth
Oneofthekeybenefitsofusingcloudcomputingisthatusersofthecloudcanrapidlyscale theirresourceuseupanddown.Asworkloadsincrease,thenumberofserversdedicatedto thetaskcanincrease.Asdatavolumesgrow,socanthestorageutilized.Usersnolonger needtoworryaboutmaintainingpeakcapacityinfrastructureitisavailableinthecloud whenitisneeded.Cloudcomputingdoesnoteliminatetheneedforcapacityplanning;it centralizestheburdenonthecloudprovider.

174

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure9.4:Withtheadoptionofcloudcomputing,thescopeofcapacityplanning shiftsfromindividualapplicationsanddepartmentstoacentralizedcloudservice provider. Centralizedcloudproviderswillhavetoaddresscapacityplanningissuescommon throughoutIT: Researchingcustomerexpectationsforcurrentandfutureresources Estimatingcostsoffutureservices Planninghowtodeliverneededcapacityinthemostefficientmanner Identifyingdependenciesthatcaninfluencehownewcapacityisadded

Capacityplanningbeginsbyidentifyingkeyresourcesthataffecttheabilityofservice providerstomeetSLAs.Thenweturnourattentiontounderstandinghowdemandsfor capacityofvariousresourcesareexpectedtogrow.

KeyResourcesinCloudComputing
Thekeyresourcesincloudcomputingarethosethatlimittheabilitytodeliverservices: Physicalservers Storage Networkbandwidth

175

TheDefinitiveGuidetoCloudComputing

DanSullivan

Eachisalimitingfactorbecauseinspiteofadequatecapacityintwoofthese,ashortagein theotherwillinhibittheabilitytodeliverservices.Ifthereareampleserversandsufficient networkcapacitybutwerunoutofstorage,storagedependentworkflowswillbeblocked. Similarly,ifnetworkbandwidthissaturated,theabilitytomovedataintoandoutofthe cloudisconstrained. Howarewetoaccuratelypredictthefutureneedsofcloudusers?Especiallywhentheir workloadsandpeakdemandscanvarysomuch?TheanswerisSLAs.Thesecontracts betweencloudprovidersandcloudconsumersspecifywhatlevelsofresourcesare expectedbycloudconsumersandwhatthecloudprovidercommitsto.Cloudconsumers areresponsibleforestimatingtheircurrentandfuturerequirementsintermsof computing,storage,andnetworkdemands.Cloudprovidersareresponsibleforensuring thatthecloudcanmeettheaggregatedemandforresourcesspecifiedinSLAs. Anotherfactorthatiseasytooverlookisthephysicalenvironmentinwhichthecloud infrastructureresides.Servers,storagedevices,andnetworkequipmentrequirespace, power,andcooling.Therearelimitstohowmanyrackscanfitinadatacenter,howmuch powercanbereliablyandconsistentlydelivered,andhowmuchheatgeneratedby equipmentcanbeadequatelycooledorvented.SLAsprobablywillnotexplicitlystate requirementsrelatedtoenvironment;insteadtheyhavetobederivedfromthedetails aboutservers,storage,andnetworkservices.Withthesekeycomponentsanddetailsof SLAs,wecanbegintoformulatebaselineandfuturegrowthprojections.

BaselineandInitialGrowthProjections
SLAsandhistoricaldataprovideastartingpointforestablishingbaselinesfortheamount ofresourcesrequiredtomeetservicedeliveryneeds.Oneoftheadvantagesofstartingwith SLAsandhistoricaldataisthatitisreasonablyreliableandaccuratedata.Assuming historicaldataiscollectedproperly,wehaveadetailedrecordofwhathappenedinthe past.SLAsprovideguidanceonwhatwilloccurinthenearfuture,andpossiblylongerif customersuselongtermcontractstolockinfavorablepricing. BaselineMeasures Wecanthinkofabaselinemeasureastheaverageloadonthecloudforcomputing,storage, andnetworkservicesatsomepointintime.Thepurposeoftakingabaselineisto understandwhatlevelofservicecanbedeliveredbyaparticularamountofcloud infrastructure.Abaselinemeasureofcloudservicedeliverymightinclude: Numberofserverswithallserversnormalizedtoastandard,suchasasinglequad coreprocessorwith16GBRAM Totalamountofstorageavailable Networkthroughput Averageserverutilization Numberofvirtualmachineinstancesavailableintheservicecatalog PercentageoftimeSLAsaremet

176

TheDefinitiveGuidetoCloudComputing

DanSullivan

Thefirstthreemetricscapturethebasiccapacityofthecloud.Theymeasure,insomeways, theoverallthroughputofthecloudinfrastructure.Thesemetricsarenotpreciseenoughfor allperformancerelatedtasks.Forexample,thesemetricsarenotadequateforcomparing theperformanceofdifferentimplementationsofthesamealgorithm.Forthat,the implementationsshouldberunonthesamehardwareunderthesamenetworkload runningthesameOSandapplicationstack.Thepurposeofcollectingthesemeasuresisto beabletocomparecloudinfrastructurecapacitiesinordertoestimatewhatisrequiredto meetasetofSLAs. Averageutilizationisimportantbecauseitinfluencesthetotalthroughputofthecloud.If utilizationislow,therewillbeexcesscapacitythatisnotutilized.Onewaytoimprovethe throughputofacloudistoincreaseutilization.Forexample,todoublethethroughputofa cloudwith40%utilization,wedoublethenumberofserversandotherinfrastructurewhile maintaininga40%utilizationrate,orwecouldmaintainthesamelevelofinfrastructure andincreasetheutilizationto80%. GrowthProjections Afterestablishingbaselinemeasures,wecanplanforgrowthprojections.Therearetwo typesofgrowthweneedtoaccountfor:growthincapacityandgrowthinusageor throughput.Itisworthnotingthatincreasingutilizationandthroughputcanhappenina fairlyincrementalmannerwhiletheadditionofinfrastructuretendstohappeninamore stepwisemanner,asFigure9.5shows.

Figure9.5:Capacityisoftenacquiredinbulk,givingastepwisegrowthincapacity. Utilizationtendstogrowincrementally,althoughtheremaybespikesortemporary dropsinutilization.

177

TheDefinitiveGuidetoCloudComputing

DanSullivan

GrowthinUtilization
Utilizationgrowsataratedeterminedbyanumberoffactors,suchasanincreaseinthe Volumeofworkperformedbyexistingcloudconsumersexecutingexisting workflows Numberofdistinctworkflowsexecutedbyexistingcloudconsumers Numberofcloudconsumers

Foreachofthesetypesofincrease,therecanbecorrespondingdecreases.Forexample,a departmentmayreengineeritsprocessesandstopusinganapplicationthathadruninthe cloud. Someofthesegrowthfactorsarelikelytoleadtoincrementalgrowth.Asalineofbusiness expandsintonewmarketsorlaunchesnewproductlines,therecanbeaprogressive growthinthevolumeoftransactionsthatneedtobeprocessed.Insomecases,theremay besharpandsuddenrisesinthenumberoftransactions(thinkoftheAppleiPadlaunch). Suddenanddramaticgrowthindemandcanarisefromchangesintheorganization.A mergeroracquisitioncanaddalargepoolofpotentialcloudservicecustomerstoa companyanddrivedemandforservicessharplyhigher.Similarly,divestinginalineof businesscancausesuddendropsindemandandthereforeoverallutilization.

GrowthinCapacity
Althoughdemandforcloudservicescanchangeinfairlyincrementalways,capacity changestendtobemorebulk,stepwisechanges.Thisrealityisdrivenbyeconomics. Conceivably,acompanycouldfollowasteadyincrementalgrowthplan.Forexample,a companycouldadd100highendserverstothecloudeveryweekfortheforeseeable future.IfthecompanyisarapidlygrowingWebinfrastructureprovider,thismightmake sense.Inmanycases,astepwisegrowthincapacitymakesmoresense. Consideratypicalbudgetcycle.AnITmanagercreatesaninfrastructurebudgetbasedon projecteddemand.TheCFOtakesintoaccountrevenuegrowth,cashflowprojections, borrowingcosts,andotherfactorsanddeterminesthat25%ofthebudgetwillbeavailable inthefirstquarter,50%inthethirdquarter,andifrevenueprojectionsareontarget, another25%inthefourthquarter.TheITmanagerwilllikelypurchasetheequipmentin threeperiodsasthefundsbecomeavailable.Thehardwarewillbebroughtonlineassoon aspossible.Thefundsarenotavailableanysooner,sothereisnowaytoacceleratethe purchases.Itmakesnosensetoleaveequipmentintheshippingcontainers,unlessdemand islow,inwhichcasethepurchaseswereunnecessary. Anotherfactorthatleadstothestepwisegrowthincapacityistheeconomicsofhardware installation.Ifonegoestothetroubletoinstallasinglerackinadatacenter,themarginal costofinstallingasecond,third,fourth,andsoonissolowthatitoftenmakessenseto performtheseoperationsinbulk.Asthepracticeofcloudcomputinghasmatured,another optionhasbecomeavailableforprovidersofprivateclouds:expandingbyusingpublic cloudcomputeandstorageresources. 178

TheDefinitiveGuidetoCloudComputing

DanSullivan

ExpandingUsingaPublicCloud Thereasonsthataprivatecloudproviderwouldwanttomakeuseofapubliccloudparallel thereasonsthatendusersaredrawntopublicclouds:elasticityandcosteffectiveness.The combinationofprivateandpublicclouds,knownasahybridcloud,hasseveraladvantages aswellassomedisadvantages.

Figure9.6:Hybridcloudsappeartouserstobefunctionallyequivalenttoprivate clouds.Privatecloudadministratorshidetheimplementationdetailsfromend users.

ElasticScalingandHybridClouds:TheBenefits
Combiningresourceswithapubliccloudallowsprivatecloudstorapidlyexpandcapacity withoutthecapitalinvestmentofexpandingaprivatecloud.Also,resourcesinapublic cloudcanbecommissionedanddecommissionedfasterthanaddingorremoving comparablephysicalresourcesinaprivatecloud. Thecostofaprivatecloudmaybelessthanthatofapubliccloud.Thisisnotcriticismof privateclouds.Thetwoaredesignedfordifferentpurposesandservedifferentneeds. Privatecloudsaredesignedaccordingtotheparticularneedsofasinglebusinessand governedbypoliciesneededtoprotectthatbusiness.Publiccloudsaregenericcomputing andstorageresourceswithpoliciesdesignedtoaccommodateawiderangeofusers.Public cloudsmaybeabletoofferlowerpricesbecausetheybenefitfromeconomiesofscalethat arenotavailabletoprivatecloudproviders.Also,publiccloudsmayhavelessinthewayof security,auditing,andcontrolovertheservicecatalogthanaprivateclouddoes.Asisoften thecaseinIT,choosingbetweenthetwoisamatterofchoosingasolutionthatbestfitsa particularsetofrequirements. 179

TheDefinitiveGuidetoCloudComputing

DanSullivan

ElasticScalingandHybridClouds:TheDisadvantages
Theprimarydisadvantageofahybridcloudisthatsomedataismovedoutsidethe corporatefirewall.Publiccloudproviderscanmakesignificanteffortstoprotecttheir customersdata(theycertainlyhavenoincentivetoriskadatabreachofoneoftheir customers)butthatmaynotbeenoughforsecurityconsciousexecutivesandmanagers. Movinglargevolumesofdatacanalsobeahindrance.Inacloudcomputingversionofthe oldsneakernet(thatis,runningdatabackandforthbetweendatacentersonportable disks),publiccloudprovidersoffercustomerstheoptionofshippingdiskstoadatacenter forbulkloadingratherthancopyingdataovertheInternet. Hybridcloudsareaviableoptioninmanycaseswhenexpandingaprivatecloudisnota practicaloption.Whenthepubliccloudcanbeusedtorunapplicationsthatdonot instantiateprotectedintellectualproperty,thevolumesofdatatotransferarelow,andthe securityrequirementsareminimal,thenpubliccloudservicesmakesense.Publicclouds cansupplementprivatecloudcapacityforconventionalworkloads;publiccloudscanalso contributetomitigatingtheriskofhardwarefailures.

MitigatingRisksThroughArchitecture
Capacityplanningshouldtakeintoaccounttheneedforexcesscapacityincaseoffailures insomepartsofcriticalinfrastructure.Whenasmallnumberofserversfail,thejobs runningonthoseserverscanberestartedonotherservers.Thissituationcanoftenbe accommodatedbytheexcesscapacitythatcanexistbecauseofthedifferenceinthe capacitydeployedandthecapacityrequiredtomeetutilizationrequirements(seeFigure 9.5). Catastrophicfailuresrequireadvanceplanning.Forexample,ifanentiredatacenter becomesinaccessibleoralargenumberofserversisdownbecausepowerdistributionis disruptedtoalargenumberofrackswithinadatacenter,theexcesscapacityinthecloud maynotbeenoughtoaccommodatefortheloss.Insuchcases,weneedtoplantomaintain additionalcapacity.Twofactorsshouldbeconsideredwhenplanningsuchexcesscapacity: thephysicaldistributionofdatacentersandtheneedforredundantinfrastructure. PhysicalDistributionofDataCenters Datacentersindifferentgeographicallocationsreducetheriskthattwoormoredata centerswillbestruckbythesamecatastrophicevent(forexample,regionalpowerloss, earthquake,andflood).Inadditiontobuildingdatacentersindifferentareas,weneedto keepreplicasofdataindifferentdatacenters,maintainredundantcopiesoftheservice catalogindifferentdatacenters,andensurethatpoliciesandproceduresaredefinedand implementedinthesamewayacrossdatacenters.

180

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure9.7:Routinefailuresarereadilyaccommodatedincloudsbutcatastrophic failuresrequirefailoverplanningandadditionalinfrastructure. RedundantInfrastructure Datacenterswillofcourseneedservers,storage,andnetworkinfrastructure.Theywill alsorequirecomparablebackuppowersystems,multipleInternetserviceproviders(ISPs), andbackupcoolingandventingsystemstoreducetheriskofasinglepointoffailureinthe infrastructure. CapacityplanninghastraditionallybeenchallenginginIT.Whenworkingwithinthe constraintsofdepartmentorlineofbusinessbudgets,itmightbedifficulttorealizea highlyredundant,rapidfailoverarchitecturewithoutsignificantcost.Centralizingthe managementofinfrastructurewithinthecloudallowsforpooledutilizationandcapacity.It alsoprovidesformoreefficientdeploymentofredundantinfrastructure,whichcan mitigatetheriskoffailuresinthecloud. Thethirdandfinaltopicwewillconsiderwithregardtolongtermmaintenanceofacloud istheneedforsecurity.

181

TheDefinitiveGuidetoCloudComputing

DanSullivan

SecurityintheCloud
Keyconsiderationsforlongtermplanningforsecurityinthecloudaresimilartothosefor otheraspectsofenterprisesecurity: Identitymanagement Entitlementsandaccesscontrols Vulnerabilityassessments Patchingandimagemanagement

ThesearenotfundamentallydifferentfromwhatneedstobedoneinotherIT environmentsbut,asissooftenthecase,differentimplementationsofsimilarservicesand functionalitybringwiththemvaryingdependenciesandmaintenancerequirements.

IdentityManagementintheCloud
IdentitymanagementisthepracticeofmaintaininginformationaboutusersofITresources andservices.Aprimaryconcerninthecloudishowtomaintainanaccurateanduptodate databaseofidentities.Commonquestionsthatarisewithidentitiesinthecloudare: Whoshouldbeaddedasauserinthecloud?Allemployees?Fulltimeemployees only?Shouldcontractorsbeadded,andifso,accordingtowhatcriteria? Howshouldidentitiesberemovedtoensuretheleastriskoffailingtoremove someonesidentitythatshouldberemoved? Whattypeofmonitoringontheactivityofidentitiesisrequired? Howfrequentlyshouldidentitiesbeaudited?

Theconcernhereiswithlongtermmanagementandmaintenance,soimplementation issuesarenotconsidered,althoughtheyarecertainlyimportant.Theyarejustoutsidethe scopeofthisdiscussion. Beforewecanaddresswhoseidentitiesshouldbeaddedtothecloud,wehavetohavea clearunderstandingofthepurposeofthecloud.Thelooserthepurpose(forexample,to providegeneralcomputingandstorageservicestoallbusinessunitsforallpurposes),the morebroadlydefinedisthesetofpotentialusers.Morerestrictedclouds,suchasthosefor researchanddevelopmentandengineeringpurposes,willhavecorrespondinglyrestricted groupsofusers. Removingidentitiesisalsoanissue.Ideally,changestoacentralizedHRsystemwould triggertheremovalofidentitiesinthecloudwhenanemployeeleavesthecompany.This maynotaccountforcontractorsandconsultantswhoaregrantedaccesstoresources.It maynotbesufficientforemployeeschangingrolesandlosingprivilegestothecloud.

182

TheDefinitiveGuidetoCloudComputing

DanSullivan

Routinemonitoringofactivitiesassociatedwithidentitiescanhelpdetectanomalous events.Forexample,ifoneortwoindividualsareusingcloudresourcesatrates significantlyhigherthanothersinthesamerole,itmaybeanindicationofunauthorized use.Lessfrequentbutroutineauditingoftheidentitymanagementdatabasecanhelp detectcaseswhereidentitiesthatshouldhavebeenremovedordisabledremainactive. Identitiesprovideameanstoassociateprivilegeswithusers.Theseprivileges,or entitlementsastheyaresometimescalled,alsorequireoversight.

EntitlementsandAccessControls
Entitlementsshouldbeassociatedwithwelldefinedrolesinabusiness.Forexample, financialanalystsshouldhaveaccesstohistoricalfinancialtransactionsandvariousdata martsandbusinessintelligenceapplications;however,accesstoproductdesigns, marketingstrategies,andsalesforecastsmayberestrictedtoasmallgroupofexecutives. Underidealconditions,noonewouldeverbegrantedentitlementstodataorapplications thatarenotrequiredforthemtodotheirjobs.Employeeschangeroles,controlsondata change,andnewapplicationsarebroughtonlinesometimeswithoverlybroadexecution privileges. Policiesandproceduresshouldbeinplaceinthecloudtoprotectanumberofentitlement relatedissues: Grantingaccesstodataaccordingtoadataclassificationscheme.Theseoftenare basedonfourcategories:publicdata,sensitivedata,privatedata,andconfidential data.Publicdatacanbesharedwithoutharm;sensitivedatashouldnotbeshared broadlybutwouldnotcauseseriousharmifitdid;privatedataisaboutacustomer orotherpersonandisnottobesharedoutsidearestrictedgroup;andconfidential dataiscompanyrelateddatathatwouldcausesignificantharmifdisclosed. Applicationsshouldbecontrolledalongsimilarlinesasdata.Someapplications containproprietaryknowledge,suchasariskscoringprogram,andshouldbe restrictedtoindividualswhohavealegitimateneedfortheapplication. Softwarelicensingmayrestrictthenumberofusersthatcansimultaneouslyrunan applicationorrestrictanapplicationsusetoasetofnamedusers.Software licensingmodelstendtoevolvealongwithservertechnology,soitisreasonableto expectsoftwarevendorswillquicklyadapttheirpricingmodelstothecloud.

Entitlementsandaccesscontrolsprotecthowdataandapplicationsareused.Next,wewill turnourattentiontoensuringthoseapplicationsarefunctioningasexpected.

VulnerabilityAssessmentandPatching
Itiswidelyassumedthatcomplexsoftwarehasflaws.Sometimesbugsaretheresultof programmersmakingmistakesintheircoding.Othertimes,designerscreateapplications thatalthoughcodedaccordingtospecification,functioninunanticipatedways.Atother times,softwaredeveloperscreatebetterwaysofperformingthesametaskandreleasenew versionsofapplicationswithbetterperformance.Inallofthesecases,therearereasonsto updatethesoftwarewithvendorprovidedpatches.

183

TheDefinitiveGuidetoCloudComputing

DanSullivan

Patchingisacommonpracticeandcansignificantlyimprovethesecurityandqualityofthe softwarewerun.Itisnotwithoutrisk,though.Apatchmaycorrectoneflawwhile introducinganother.Apatchcouldrenderanapplicationthatworkedwellinone configurationnonfunctional.Policiesshouldbedefinedforthecloudservicecatalogthat specifywhenandhowpatchesshouldbeappliedtovirtualmachineimagesinthecloud. Thesepoliciesshouldconsider: Whatwouldtriggerthedecisiontoapplyapatch?Reasonsincludearegularpatch releasefromavendor,anoticeinthetradepressaboutanewlydiscovered vulnerabilityinapopularsoftwareapplication,orthroughtheuseofvulnerability scanningsoftwarewiththecompany. Whattestingshouldbedonepriortoreleasingapatchedimage?Insomecases,it maybesufficienttoreleaseanewversionwhilemaintainingtheolderversioninthe servicecatalog.Userswouldthenbefreetochoosewhichtorun.Thismayworkfor nonsecuritypatches,butimageswithknown,highimpactvulnerabilitiesshould notbeleftforgeneraluse.

Aswithothersecurityaspects,patchingandvulnerabilitymanagementpracticesoutside thecloudcanbereadilyadaptedtothecloud.

Summary
Longtermmanagementandmaintenanceofacloudenvironmentrequiresattentionto governance,capacityplanning,andsecurityissues.Governanceissuesincludeframing policiesforthecloudthatfitwithoverallcorporategovernance,definingthescopeand structureofSLAs,andformulatingacostrecoverymechanismforcloudservices.Capacity planningisbasedonSLAsandstrategicdirectionofthecompany.SLAsprovideabaseline fordeterminingthecapacityneededtomeetSLAswhilemaintainingreasonableutilization rateswithsometolerancefortheinevitablehardwarefailure.Longtermsecurityconcerns includetheneedtoaddressidentitymanagement,entitlements,vulnerabilityassessment, andpatching.ThesearenotnewmanagementconsiderationsforITprofessionalsand manybestpracticesthathavebeencreatedoverthepastdecadescancontinuetoserveus wellifweadaptthemtotheparticularrequirementsofacloudenvironment.

184

TheDefinitiveGuidetoCloudComputing

DanSullivan

Chapter10:KeyStepsinEstablishing EnterpriseCloudComputingServices
Adoptingcloudcomputingtechnologyinanenterprisecanproducesubstantial improvementsinservicedeliveryandcostcontrol.Thatis,ifitisdoneright.Thedriving forcebehindtheuseofanytechnologyshouldbeabusinessimperative.Forthatreason, thefirstkeystepinestablishingenterprisecloudservicesistounderstandthebusiness objectivesthatcanbeservedbythetechnology. Inthis,thefinalchapterofTheDefinitiveGuidetoCloudComputing,webeginbyexamining howtoalignbusinessdriverswithcloudservices.Thisprocessincludesunderstanding businessobjectives,identifyingweaknessesinexistingITservicedelivery,andprioritizing themultipleobjectivesthatcanbeservedbycloudcomputing. Oncewehaveestablishedwhatwewanttoachievewithcloudcomputingintheenterprise, wemoveontothesecondkeystepintheprocess:planning.Theplanningphaserequiresa combinationofbusinessandtechnicalknowledgethattypicallyrequiresateamof professionalsfromacrosstheorganization.Someoftheissueswemustaddressatthis stageareassessingthecurrentstateofreadiness,determiningthebestcloudmodelfora givensetofrequirements,andplanningforlongtermmanagementandsustainability. Theimplementationphasefollowstheplanningstage.Thedetailsofthisphasewillvary dependingonwhetherabusinessdecidestoadoptaprivatecloudmodel,apubliccloud servicemodel,orahybridsetup.Laterinthechapter,wewillexamineissuesthatshouldbe consideredineachcase,suchasreallocatingserverhardwarewhenimplementingaprivate cloudorestablishingservicelevelagreements(SLAs)withacloudproviderwhenapublic cloudserviceisused. Thefourthkeystepinestablishingcloudcomputingservicesistodevelopamaintenance model.Maintenancehasbothtechnicalandbusinessdimensions.Technicalissuesinclude establishingprocedurestomonitorservices,identifyingandcorrectingfailedservices,and maintainingproperpatchlevelsofsoftwareunderlyingcloudservices.Thebusinesssideof maintenancefocusesontaskssuchasestablishingvaluemetricsandplanningforadequate capacity.

185

TheDefinitiveGuidetoCloudComputing

DanSullivan

AsFigure10.1depicts,implementingcloudcomputingintheenterprisewillintroducecan ongoinglifecyclethatmirrorsmanyofthestepswefollowtoestablishcloudcomputing services.Forexample,businessdriverswillchangeovertime.Newserviceswillberolled out.Strategicinitiativeswillbelaunched.Serviceofferingswillbecurtailedasthebusiness shiftsitsfocustonewopportunities.Theprocessofaligningcloudcomputingserviceswith businessdriversisnotaonetimeoperation.Cloudcomputingservicesmayberegularly adjustedtomeetincrementallychangingrequirements,buttheservicesshouldalso undergoperiodiccomprehensivereviewtoensurethattheprovidedpoliciesand proceduresinplacecontinuetomeetthelongtermobjectivesoftheorganization.

Figure10.1:Thekeystepstotransitioningtocloudserviceswillpersistinasimilar forminanongoinglifecycle. Justasaligningbusinessobjectivesandtechnologyispartofthecloudcomputinglifecycle, soaretheotherstagesoutlinedhere.Planninglogicallyfollowsfromstrategicassessments, implementationsfollowplanning,andmaintenancefollowsimplementation.Gettingthe cloudcomputinglifecyclestartedintherightwaywillhelpestablishtheframeworkforthe ongoingjobofadjustingandadaptingcloudservicestothedynamicneedsofthe enterprise.

186

TheDefinitiveGuidetoCloudComputing

DanSullivan

AligningBusinessDriverswithCloudServices
Throughoutthisbook,wehavediscussedthecharacteristicsofcloudcomputing,delved intosomeofthetechnicaldetails,anddiscussedtheadvantagesanddisadvantagesof variousmodelsofcloudcomputing.Theseareobviouslyimportantconsiderations,butthey arenottheonlyones.Infact,themostfundamentalquestionwecanaskwithregardsto cloudcomputingisWhy? Cloudcomputing,oranytechnology,isnotanendinitself.Technologyisdeployedtoserve abusinesspurpose.Toreducetheriskofmisusingormisapplycloudcomputinginan organization,wearewellservedbyundertakingthreetasksearlyinthecloudcomputing adoptionprocess: Understandingbusinessobjectives IdentifyingweaknessesinexistingITservicedelivery Prioritizinginitiatives

Togetherthesethreetaskshelptokeepthefocus,andthereforethebenefits,ofcloud computingonbusinessneedsinawaythatmaximizesthereturnoninvestment.

Figure10.2:Aligningbusinessobjectiveswithcloudcomputingdeploymentsisa threestepprocess.

UnderstandingBusinessObjectives
Atthemostcoarselevel,businessobjectivescanbecategorizedintotwotypes:developing newproducts,services,andcapabilitiesandimprovingexistingprocesses.Newservices thatareespeciallywellpositionedtotakeadvantageofcloudcomputingservicesarethose thatarecomputeorstorageintensive.Cloudcomputingcanenableinnovationnot practicalunderotherITmodels.Forexample,consideramanufacturingfirmthatproduces customizedmachineparts.

187

TheDefinitiveGuidetoCloudComputing

DanSullivan

CloudComputingEnablesInnovation Customerscontinuetousethemanufacturerbecauseofthecompanyshighqualityparts eventhoughthetimerequiredtodefinetherequirementsfornewpartsislongerthanmost customerswant.Themanufactureriswellawareofitscustomerstimeconstraintsbutit hasdecidednottosacrificequalityforspeed.Thefundamentalproblemisthathighly skilledengineersarerequiredtodothedesignworkandthemanufacturercannotcarry toomanyoftheseprofessionals. Engineerscouldbemoreproductiveiftheycouldbetterleveragethecapabilitiesof computeraideddesign(CAD)software,butthekindsofanalysistheyneedarecompute intensive.ThemanufactureralsodoesnothavetheITexpertisetoimplementandmaintain ahighperformancecomputingenvironmentwithclustersofhighendservers.Usingpublic cloudservices,themanufacturercouldrunthecomputeintensiveCADsoftwareinthe cloudasneeded,freeingengineerstoworkonadditionaldesignproblems.The combinationofinnovativesoftwareandcloudcomputingresourcesallowstheengineersto offloadautomatabledesigntasks. Whenyouareexaminingbusinessobjectivesandassessingtheopportunitiesforoffering newservices,considerseveralfactorsaboutworkflowsthatmakethemcandidatesfor cloudcomputingservices. Isyourabilitytodelivertheservicelimitedbyavailablecomputingorstorage resources? Cansomepartsoflaborintensiveprocessesbeautomated? Canaworkflowbechangedtoautomate80%oftheworkloadwhileleavingthe other20%foremployees?

Existingworkflowsmaynotobviouslylendthemselvestocloudcomputingbutre engineeredformsofthesameworkflowmaybemoreamenabletoautomation.

188

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure10.3:Cloudcomputingcanenableincreaseproductivitythroughthe innovativetreatmentofexistingapplications.

189

TheDefinitiveGuidetoCloudComputing

DanSullivan

AccommodatingVaryingDemandforServices Anotherfactorthatmayholdbackabusinessinitiativeisuncertaintyaboutdemand. Demandmaybelowatfirstbutexpectedtogrow.Theremaybeuncertaintyabouttherate ofgrowth,especiallyduringdownturnsinthebusinesscycle.Thistypeofuncertaintymay beenoughtoderailanotherwisepromisingplan.Ondemandcomputingandstoragecan helpinjustthistypeofsituation. Pilotprojectscanbereadilystartedusingonlycloudresources.Notasingleserverneedsto bepurchased.Eliminatingtheprocurementprocesssavesnotonlymoneybutalsotime.Ifa pilotprojectissuccessful,theservicecanberolledouttolargergroupsofcustomersand cloudresourcescanbescaledaccordingly.Spikesindemandortemporary(oreven prolonged)downturnsindemandarereadilyaccommodatedbyadjustingthelevelofcloud resourcesallocatedtotheservice.Withnosignificantcapitalinvestmentrequiredtostart suchaproject,thereisgreaterfreedomtoexperimentwithnewbusinessservices.The potentialtoapplyinnovativeapplicationofexistingservicesandtoexperimentandquickly implementnewservicesaretwoofthekeytypesofbusinessopportunitiesthatshouldbe consideredwhentryingtounderstandhowtoleveragecloudcomputingandalignitwith businessobjectives.

ImprovingExistingProcesses
Anotherkeytypeofbusinessobjectiveiscostcontrol.Thiscantakeonseveralforms: Inefficientbusinessprocessesandworkflows Belowexpectedproductivityfromprofessionalstaff PoorutilizationofITresources ProlongedtimetocompleteITprocesses,suchasdeployinghardwareorpatching software

Inefficientbusinessprocessesandinsufficientproductivityofprofessionalstaffcanbe addressedusingthemethodsdescribedearlierinthediscussiononinnovation.Theother costcontrolareasrequirefurtherelaboration. ITresources,suchasserversandstoragearrays,arecostlyinvestments.Wellrun businesseswillworktogetareasonablereturnonthatinvestment.Technicalissues, however,cangetintheway.Oneofthemostsignificantproblemsislowutilizationof servers,especiallywhentheyarededicatedtoasinglebusinessprocess.Chapter1 analyzedthisproblemandshowedhowcloudcomputingmoreefficientlyallocates computingresources,showninFigure10.4(whichfirstappearedinChapter1asFigure 1.6).

190

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure10.4:Cloudcomputingmoreefficientlyutilizescomputingresourcesthan dedicatingserverstosingleoperationsthathavewidelyvaryinglevelsofdemand. AlsoconsiderthecostofITsupportstaffwhenevaluatingbusinessdriversbehindamove tocloudcomputing.Thecombinationofanumberoffeaturesoftheclouddeliverymodel oftenmakesitacosteffectiveapproach.Themostimportantofthesefeaturesare: Virtualizedservers Standardizedcatalogofsoftwareandservices Selfserviceallocationandmanagement CloudmanagementapplicationsforITadministrators

191

TheDefinitiveGuidetoCloudComputing

DanSullivan

ThiscombinationoffeaturesallowsfewerITprofessionalstosupportalargernumberof usersandmorehardwareresourcesthanwouldbepossibleunderdedicated server/dedicatedsystemsadministratorapproaches.

IdentifyingWeaknessesinExistingITServiceDelivery
ITdepartmentshavepoliciesandproceduresfordeliveryservices.Whennewhardwareis procured,thereisaproceduretofollow.Whennewapplicationsarebroughtonline,there areprocedurestofollow.Thelistcouldgoontoincludepoliciesandproceduresthat describehowtoimplementsecuritycontrols,softwaremaintenance,network management,andsystemsmonitoringandauditing.Anyoneoftheseareascanrepresenta weaknessintheabilitytodeliverITservices. Consideranexample:Alineofbusinesswantstodeployanewservicethatwillrequire severalserversandacommonlyusedapplicationstack.Everythingthedepartmentwants iswellwithintheabilityoftheITdepartmenttosupportbutstillthereareproblems: Thetimerequiredtoreviewtheserverordersandverifytheconfigurationsare correct Determinationofwhetheradditionallicensesarerequiredtoruntheapplication stack IdentificationofITstafftoperformtheinstallationandsystemsadministration tasks Determinationofwherethehardwarewillbelocatedandassurancethatthereis sufficientpower,networkconnections,andotherinfrastructuretosupportthenew servers

Ifthissamenewapplicationweredeployedinthecloud,wewouldstillhavetoaddress thesesameissues,butwecoulddoitmoreefficiently.Serverswouldnothavetobe orderedjustforthisapplication.Alicensemanagementscheme(forexample,sitelicenses) wouldpresumablyalreadybeinplaceforcloudbasedapplications.Theinstallation processwouldbereducedtoensuringthecorrectimagesareavailableintheservice catalog.Applicationadministratorswouldstartvirtualserversrunningthenecessary applicationsonanasneededbasis.Hardwarewouldbeinplace,soquestionsabout infrastructurewouldnotarise.Implementationissuessuchastheseputadragon innovationorimprovementtoexistingprocesses.ByidentifyingstepsinITprocessesthat hinderotherbusinessoperations,wecanbetterunderstandwherewecanapplycloud computingtoavoidthoseissues.

192

TheDefinitiveGuidetoCloudComputing

DanSullivan

PrioritizingInitiatives
Chapter4outlinedcommonhighpriorityobjectivesthatareworthrepeating: Controllingcosts Expandingmarketshareinmatureindustries Expandingintonewmarketsingrowthindustries Improvingcustomerservice Improvingcustomerretention Increasingcrossselling

Thelaststepinunderstandingbusinessdriversforadoptingcloudcomputingis prioritizingallthewaysweimprovebusinessoperations.Wecanprioritizedbasedonthe valueofsupportinginnovation,reducingthebarrierstointroducingnewservices, improvingITservicedelivery,andreducingthestaffrequiredtomaintainaparticularlevel ofservicedelivery.Eachoftheseimplieseitheradirectcost,suchaslaborcosts,or opportunitycosts,suchasthoseassociatedwithdelaysinreleasingnewproductsand services. Aligningbusinessinitiativeswithcloudcomputingservicesistheessentialfirststepin adoptingcloudcomputing.Byunderstandingbusinessdrivers,identifyingweaknessesin existingprocesses,andprioritizingamongallthepotentialwaystoleveragecloud computing,abusinesswillbeinafirmpositiontotakeonthechallengingtaskofplanning foratransitiontocloudcomputing.

PlanningforTransitiontoCloudComputing
Theplanningphaseofthecloudtransitionisprimarilyfocusedontechnicalissues: Assessingthecurrentstateofreadiness Indentifyingthedifferencesbetweencurrentinfrastructureandtheinfrastructure todeployforthecloud Determiningthebestcloudmodelforyourrequirements Planningforlongtermmanagementandstability

Notsurprisingly,thefirststepingettingtowherewewanttogoistounderstandwherewe are.

193

TheDefinitiveGuidetoCloudComputing

DanSullivan

AssessingtheCurrentStateofReadiness
Cloudcomputingtakesadvantageofaparticularstyleofapplicationarchitecture.The closerwearetothatstylewhenwebegin,thebetteroffweare.Threeelementsofthisstyle areWebapplicationarchitecture,selfmanagementofcomputeandstorageservices,and standardplatformsandapplicationstacks.Theseelementsweredescribedindetailin Chapter7,sotheywillbeonlybrieflydescribedhere. Webapplicationarchitectureisdecentralizedanddependsonmultipleprocessesrunning onmultipleservers.Asimplethreetieredmodelincludesaserverforpersistentstorage, whichisusuallyarelationaldatabase;amiddletierofanapplicationserver,suchasaJava J2EEapplicationserverora.NETapplication;andaclienttierprovidingauserinterface (UI).Acommonvariationonthismodelistohaveseveralapplicationserversproviding servicestoaWebserverthatcoordinatesthoseservicesforaclientinterface(seeFigure 10.5).

Figure10.5:Acommondecentralizedamenabletocloudcomputingmodelusesa multitierstacktoimplementapplications. Themorecentralizedanapplication,themoredifficultitistotakeadvantageofthecloud. Forexample,intheapplicationarchitectureshowninFigure10.5,ifanyoftheapplication serversreachescapacity,anotherinstanceofthatapplicationservercouldbeinstantiated toassistwiththeload.Centralizedapplicationsdonotoffertheopportunitytoscaleparts oftheapplicationlikethat.

194

TheDefinitiveGuidetoCloudComputing

DanSullivan

Oneofthecostcontrolbenefitsofcloudcomputingistheabilitytoofferselfservice managementtocloudconsumers.ThissetupremoveshighcostITprofessionalsfrom commontaskssuchasstartinginstancesofvirtualmachinesorallocatingstorageforan application.Thesoftwarerequiredtoimplementselfservicecanbedeployedinthenext phaseofthetransitionprocess,butcloudconsumersshouldbeinapositiontotake advantageofselfservicefeatureswhentheyarrive. Anotherfactortoconsiderishowstandardizedyourapplicationstacksare.Are departmentsrunningawiderangeofapplicationsanddifferentplatforms?Doyousupport threeorfourmajorrelationaldatabases?Aredepartmentsrunningdifferentversionsof WindowsandLinuxoperatingsystems(OSs)?Theanswerstothesequestionswillgiveyou someindicationofhowstandardizedyourorganizationiswithrespecttoapplication stacks.Thetransitiontocloudcomputingcanbeanopportunitytoprunethesetof supportedapplications.Thiswillfurtherimprovethecostbenefitsofcloudcomputingby reducingthedemandforpatching,licensingmanagement,andsupportservicesrelatedto differentapplications.

IndentifyingtheDifferencesBetweenCurrentInfrastructureandtheInfrastructureto DeployfortheCloud
Cloudservicescanrunoncommodityhardware.Theycanalsorunonspecializedhardware assumingvirtualizationservicesareavailable.Whatsetofhardwareservers,storage,and networkequipmentisavailableinyourorganization?Theoptimalsetofinfrastructure componentsisafunctionofseveralfactors.Ontheonehand,ifhardwareisinplace,it seemslogicaltouseit;ontheotherhand,thegreaterthediversityinequipment,the greatertheadministrationandoverheadcosts.Somethingstoconsiderwithregardto assessingwhatyouhaveandwhatyouwouldlikeforhardwareinfrastructureinclude: Thecapacityofserverstosupportmultiplevirtualinstances,includingprocessor speedandmemorycapacity Theabilityofserverstorunsoftwareintheservicescatalog Therangeofsupportskillsrequiredtomaintaintheinfrastructure Powerconsumptionandcoolingrequirements

Thegoalistoprovideneededcloudservicesatthelowestcost.Thisrequiresustoconsider thefullrangeofexpenses,fromthecostofnewhardwaretothecostofmaintainingpower andcoolingforolderhardwarethatmayrequiremoresupportthannewerhardware.The bestcombinationofnewandexistinginfrastructureisafunctionofyourresources, environment,andrequirements.Thereisnosingleanswerorsimpleformulafor determiningtheoptimalsolution.

195

TheDefinitiveGuidetoCloudComputing

DanSullivan

DeterminingtheBestCloudModelforYourRequirements
Aswehavedescribedthroughoutthisguide,therearethreemodelsfordeliveringcloud services:private,public,andhybrid.Whichisthebestoptionforyou? Aprivatecloudissuitableforenterprisesthathavetheinfrastructure,supportskills,and managementframeworktomaintainsuchanarchitecture.Weusetheterminfrastructure broadly,toincludenotonlyIThardwarebutphysicalinfrastructuresuchasdatacenters, redundantpowersupplies,andmultiplehighspeedInternetconnections.ITprofessionals runningaprivatecloudwillberequiredtomanagelargenumbersofsimilarlyconfigured servers,multiplediskarrays,acomplexarrayofnetworkmanagementsystems,androbust securitycontrols.Amanagementsystemmustbeinplaceaswelltoimplementcost recovery,capacityplanning,servicedelivery,licensingnegotiations,andother administrativecapabilities. Thesearesignificantbarrierstoadoptingaprivatecloudmodel,butthereareadvantages aswell.Yourorganizationhascompletecontrolovertheservicecatalog,whoisallowedto usecloudresources,andtheabilitytomonitorallcloudservices.Thefactthatdataand applicationswouldnothavetoresideoutsidethecorporatefirewallscanbeasubstantial advantagefromacomplianceperspective. Apubliccloudhasseveraladvantages: Minimalcapitalexpenditures Abilitytomaintainexistinginfrastructureinitscurrentconfiguration,allowingfora periodoftimeinwhichbothexistingandnewcloudbasedinstancesareused Possiblylowercostsperunitofcomputingserviceorstoragebecauseofthe economiesofscale Lessmanagementoverheadfordaytodayoperationsbutpotentiallymore overheadfornegotiating,monitoring,andenforcingSLAs

Thepotentialdrawbacksofaprivatecloudincludetheneedtomovesensitivedataoutside thecorporateinfrastructure,thepotentialcostsoftransmittinglargevolumesofdataover thenetwork,andthedelaysinmovingdataintothecloudbyshippingstoragedevices (doneinsomecasestoreduceuploadcosts). Ahybridcloudcanoffertheadvantagesofboththeprivateandpubliccloud.Sensitive informationcanbemaintainedinaprivatecloudwhileotherdataismovedtothepublic cloud.Existinginfrastructurecanbereadilyredeployedtoacloudwhileolderorless amenablehardwareisnot.Initialcapitalexpendituresmaybereducedbecausepeakloads intheprivatecloudcanbeaccommodatedbyallocatingresourcesinapubliccloud. Onceagain,thereisnosolutionthatisoptimalforallcases.Theadvantagesand disadvantagesofeachmodelmustbeweighedagainstthebusinessrequirementsand constraints.

196

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure10.6:Acombinationofprivateandpubliccloudscanenableanorganization torealizethebenefitsofboth.

PlanningforLongTermManagementandStability
Implementingacomputingandstoragecloudisalongtermpropositionthatrequires attentiontoanumberofareasinadditiontothosealreadymentioned.Inparticular,we needtoplanforsecurity,disasterrecovery,andmaintenanceofphysicalinfrastructure. Securityconsiderationsincludeprotectingphysicalinfrastructureaswellaslogicalaccess toservicesandresources.Clouddatacenterswillrequirethesametypesofphysical protectionsasonewouldfindinanylargedatacenter.Accesstoinfrastructureshouldbe limitedtothosewithlegitimateneeds.Thesiteshouldbemonitoredandsecurity proceduresaudited.Firesuppressionequipmentshouldbeinplace.Logicalaccesscontrols beginwithidentitymanagement.Policiesshouldbeinplacedefiningwhohasaccessto variouscloudresources,suchasserversandapplications.Licensingrestrictionsshouldbe takenintoconsiderationaswell.Policiesandproceduresshoulddefinehowauthentication andauthorizationsaregranted,monitored,andrevoked. Longtermmanagementincludesplanningfordisaster.Maintainingmultipledatacenters maybeareasonablestrategyforsomeprivatecloudusersbutnotothers.Thecostscanbe prohibitive.Onealternativeistouseapubliccloudfordisasterrecoverypurposes, althoughtherearestillissuesregardingconfidentialityandcompliance.

197

TheDefinitiveGuidetoCloudComputing

DanSullivan

Maintainingthephysicalinfrastructureofacloudisanongoingoperation.Withlarge numbersofserversanddisks,itisreasonabletoexpectregularequipmentfailures.Even withlongmeantimesbetweenfailures,whenwearedealingwiththousandsofpiecesof equipment,partswillfail.Services,suchaspowerandInternetaccess,willfailaswell. BackuppowersuppliesandredundantInternetprovidersshouldbeused. Ausefulruleofthumbformanagingcloudcomputingandtheservicesitcanprovideisto assumethatchangeandinnovationareinherent.Newequipmentandapplicationswillbe addedwhileothersareretired.Equipmentwillfail.Powerwillgodown.Newbusiness requirementswillemerge.Cloudcomputing,likethebusinessenvironmentitserves,is dynamic.

ImplementingaCloudInfrastructure
Analyzingbusinessdriverscanbechallengingbecauseofcomplex,interdependentgoals andobjectives.Planningcanbedifficultbecauseonehastomergebothbusiness requirementsandtechnicalconstraintsinawaythatservesbusinessobjectives.Thenext stageoftheprocess,implementation,isdifficultprimarilyfortechnicalreasons.The specificchallengeswillvarydependingonthetypeofcloudmodelthatisbeingused: private,public,orhybrid.

ImplementingaPrivateCloud
Thekeytaskstoimplementingaprivatecloudcenterondeployinghardwareand establishingoperations.Threesuchtasksare: Reallocatinganddeployingservers Establishingsoftwareandapplicationmanagementprocedures Implementingamanagementframework

Reallocatingserversmustbedonecarefullytoavoiddisruptingexistingbusinessservices. Whennewhardwareisusedforclouddeployments,thetransitionisrelatively straightforward,asdepictedinFigure10.7.Applicationscancontinuetorunonlegacy hardwareaslongasneededasthosesameapplicationsaremovedtothecloud.

198

TheDefinitiveGuidetoCloudComputing

DanSullivan

Figure10.7:Whennewhardwareisdeployedinthecloud,applicationscanmigrate directlytothecloud. Whenexistinghardwareisredeployedtothecloud,themigrationislessdirect.Abasic challengeistokeepservicesavailablewhilemigratinghardwarefromanapplication centricuseofserverstoacloudcomputingmodel.Onewaytohandlethischallengeisto migrateapplicationsfromtheirdedicatedserverstoasetofvirtualmachinesrunningon serverstemporarilyallocatedtosupportthemigration.Thisapproachworkswhenservers dedicatedtoapplicationsarenotusingthefullcapacityofservers.Applicationsare temporarilyhostedontransitionserverswhilehardwareismigratedtothecloud.Oncethe hardware,software,andsupportingcloudservicesareinplace,applicationscanbegin runninginthecloud.

Figure10.8:Applicationsmaybehostedontransitionvirtualserversincaseswhere existinghardwareistoberedeployedtothecloud.

199

TheDefinitiveGuidetoCloudComputing

DanSullivan

Managementproceduresmustbeestablishedformaintainingthediversearrayofsoftware thatwillbeusedinthecloud.Theseincludeestablishingpoliciesandproceduresfor: Addingandremovingapplicationsfromtheservicecatalog Patchingimagesintheservicecatalog Controllingtheuseoflicensedapplicationstoensuretheiruseisincompliancewith licenses Performingsecurityreviews,suchasvulnerabilityandmalwarescansonimagesin theservicecatalog

Aprivatecloudalsorequiresamanagementframeworkfornonsoftwaremanagement issues.Anumberofessentialmanagementtasksshouldbeinplacebeforethecloudis widelyusedintheenterprise: Trackingcomputeandstorageusageforbillingandcostrecoverypurposes Monitoringperformanceandloadforcapacityplanning Auditingpatternsofuseandaccessaspartofsecurityreviewprocedures

Introducingpubliccloudservicesbringswithitadifferentsetofimplementationtasks.

AdaptingPublicCloudServices
Usingapubliccloudrelievesabusinessofmanyoftheimplementationtasksassociated withprivateclouds.Thereisnoneedtotransitionhardwareorredeployservers.No servicecatalogstoestablishandmanage.Nolowlevelbillinginfrastructuretoputinplace. InsteadthefocustendstobemoreondefiningSLAsandreviewingcomplianceandsecurity issues. SLAsareessentiallycontractsbetweenabusinessandacloudprovider.SLAsareimportant forclarifyingwhatservicesareexpected,thecostofsuchservices,thequalityofthese services,andcompensationforfailuretomeetagreements.SLAswithpubliccloud providerscanincludeagreementsaboutmanyfactors: Thenumberandtypesofserversthatwillbeavailableforuseatanytime Restrictionsonthenumberofvirtualordedicatedserversthatmaybeallocatedina singlerequest Minimumandmaximumstorageusage Guaranteedbandwidthintoandoutofdatacentersusedbythepubliccloud Securitycontrolsandprocedures Auditandmonitoringresponsibilitiesoftheproviderandthebusinesscustomer Computeandstoragerates,billingperiods,andsoon Individualandaggregatedemandreports

200

TheDefinitiveGuidetoCloudComputing

DanSullivan

SeveralofthetopicsaddressedinSLAsaresecurityoriented.Clearly,atoppriorityfor mostbusinessesusingpubliccloudservicesisensuringthatprivate,sensitivity,and confidentialdataisprotected.Thiswillrequireacombinationofsecurecommunications betweentheclouddatacenterandusersites;secure,probablyencryptedpersistentdata storageinthecloud;accesscontrolsonprivateimagesorapplicationsstoredandruninthe cloud;andverificationthatcloudsoftwareisroutinelypatchedandscannedfor vulnerabilitiesandmalware.

UsingaHybridPrivatePublicCloud
Ahybridprivatepublicclouddeliversthebenefitsofbothmodelsofcloudcomputing.It alsobringswithittheresponsibilitiesofboththatwejustdescribedandabitmore.The combinedresourcesofaprivateandpubliccloudmayappeartobeseamlesslyintegrated fromtheusersperspectivebutthereareoperationaldifferences.Onlydataand applicationsthataredeemedsafetostoreorruninapubliccloudshouldbemadeavailable outsidetheprivatecloud.

Figure10.9:Ifusersaregivenachoiceofwheretorunapplicationsinahybridcloud, policiesandincentivesshouldbeinplacetopromotetheoptimalbalancefroman enterpriseperspective.

201

TheDefinitiveGuidetoCloudComputing

DanSullivan

Usersofcloudservicesshouldalsobemadeawareofanycostdifferencesbetweenthe privateandpublicclouds.Forexample,willtheITdepartmentchargeanadditionalfeeon topofthepubliccloudproviderschargestocovertheoverheadofmanagingthehybrid cloud?Alsoconsiderwhetherrulesorcoststructuresshouldbeinplacetoincentivize userstouseprivatecloudservicesbeforeturningtothepubliccloud.Thisisespecially importantifcostrecoverypricingisusedandassumptionsaremadeaboutthelevelof utilizationintheprivatecloud.Thelastkeyareatoaddressforthelongtermmaintenance ofanenterprisecloudis,infact,maintenance.

ManagingandMaintainingaCloud
Thetasksofmanagingandmaintainingacloudcomputingenvironmentcanbebroken downintooperationalissuesandbusinessmanagementissues.

OperationalIssues
Oncehardwareisdeployed,managementinfrastructureisdeployed,applicationsare installed,andsecuritycontrolshavebeenputinplace,acloudisreadytouse.Afterthat,we areinmaintenancemode.Atthispoint,newbusinessrequirementswillariseandwillbe accommodatedinanincrementalmanner.Therewillstillbebusinessanalysis,planning, andimplementationtasksasdescribedearlierinthediscussionaboutthecloudcomputing lifecycle(seeFigure10.1).Onadaytodaybasis,someofthemostimportantoperational taskswillbe: Monitoring Faultdetectionandcorrection Systemsmaintenance

Cloudadministratorswillhavetoroutinelymonitorseveralattributesofacloud. Utilizationofserversandstoragecapacityshouldberegularlymonitored.Thisdatais usefulforshorttermmanagement,forexample,whenadditionalservershavetobe broughtonlineduringperiodsofpeakdemand,aswellasforlongtermcapacityplanning. Theimagesrunfromtheservicecatalogalsoneedtobemonitored.Systemsadministrators shouldknowwhichapplicationsareusedmostfrequently,especiallywhenlicensingcosts areanissue.Thisinformationisalsousefulforprioritizingpatching,securityscans,and upgradeplanning.Monitoringshouldalsoincludesecuritymonitoring,suchasuser activity,suspiciouseventssuchasauthenticationfailuresorrepeatedunauthorized accessattempts,andscanningofinboundandoutboundnetworktraffic.

202

TheDefinitiveGuidetoCloudComputing

DanSullivan

Hardwarefollowstheruleoflargenumbers:withasufficientlylargenumberofdevices, someofthosedeviceswillfailandinstancesoffailurewillbemorefrequentforacloud thanforasingleserver.Thelogicissimple:theprobabilityofaserverfailingisthe probabilityofServerAfailingplustheprobabilityofServerBfailingplustheprobabilityof ServerCfailing,andsoon.Inaprivatecloud,systemsadministratorswillneedtodetect faultsinserversandstoragedevicesandbeabletotakethosedevicesoffline.Inthecaseof afailedserver,applicationsrunningonthefailedserverwillneedtobemovedtoanother server.Whenastoragedevicefails,readandwriteoperationsshouldbeabletocontinue usingredundantcopiesofthedatathatwaslost.Aggregatedataaboutfailureratesof devicescanbecollectedovertimeandprovideabaselineforpredictingratesoffailures. Systemmaintenanceisarathergenerictermforabroadsetoftasksthatoneneedsto performtokeepapplicationsrunningasexpected.Thesetincludesmanaginguser identities,establishingaccesscontrols,patchingsoftware,scanningimagesformalware andvulnerabilities,andothertaskswehadpriortomovingtoacloudmodel.Changing architecturesdoesnotchangetheneedforbasicsystemmanagementtasks.

BusinessManagementIssues
Longtermbusinessmanagementissuesofsupportingacloudinfrastructurecanbeas variedasthetechnicalissues,rangingfromestablishingvaluemetricstoensuring continuityofservicesintheeventofadisaster.Atthemostbasiclevel,organizationsadopt cloudcomputingbecauseitwillimprovetheabilityofthebusinesstomeetitsobjectives. Thatistheideawhentheprocessgetsstarted,buthowdoyouknowwhetherthe implementationissucceedingorifyouareanywherenearrealizingthebenefitsexpected? Asetofvaluemetricsneedtobeinplacetomeasurethevalueofthecloud.Thesevalue metricscanincludegenericmeasuressuchasreturnoninvestment(ROI)ormorespecific onessuchas Reductionintimetoreleaseanewproductorservice NumberofCPUhoursutilizedfordeliverybusinessservices Utilizationrateofstorageintheenterprise Transactionprocessedperunitofcomputingandstorageresource ReductioninITsupportcostsperserver

Somevaluemetricsshouldmeasuretechnicalaspects,suchasserverutilizationrates,but othersshouldclearlymeasurethebusinessvalueofthecloud,suchasROI.Theformer helpssystemsadministratorsandITmanagersdriveefficienciesinthecloud;thelatter ensuresthattheseareworththeeffortfromabusinessperspective.

203

TheDefinitiveGuidetoCloudComputing

DanSullivan

Capacityplanningrequiresaclosecouplingofbusinessplanningandtechnology management.Operationaldataaboutserver,network,andstorageutilization,numbersof businessoperationssupportedbythecloud,andnumberofusersandtheirdistributionin thecompanyarevitalforcapacityplanning.Forexample,ifaproductdesigngroupisa majoruserofcloudservicesandthecompanyisabouttoacquireanotherfirmthatwill significantlyincreasethesizeoftheproductdesigngroup,thecloudmanagementteam needstoknow.IfaWebapplicationdevelopmentteamatanationalhomeimprovement retailerplanstoprovidealargenumberofdoityourselfvideosontheWebsiteand significantlyincreasenetworkutilization,thecloudteamshouldbeprepared.These realitiesprovideexampleswherecreatingandmaintaininglinesofcommunications betweendifferentpartsofabusinessareimportanttothelongtermeffectivenessofanIT service. Longtermplanningalsorequiresattentiontodisasterrecovery.Ifweassumeadisaster couldstrikeanddisableadatacenter,weneedtobeabletoanswerthequestion,what happensthen?Ifwehavegeographicallydistributeddatacenterswithredundantstorage andadditionalcomputingresources,wecanmoveoperationstooneormorealternative datacenters.Althoughserversmaybeabletofailoverfairlyseamlesslyandredundant copiesofdatacanbemadeavailable,theprogramsrunninginthefaileddatacentermay notbeasrobust.Forexample,anapplicationthatrunsforextendedperiodsoftime withoutwritingstateinformationtopersistentstoragemayhavetorestartitsprocessing fromthebeginningofajobratherthanrecovermidstream.Whenplanningfordisaster recovery,wemustconsiderdetailsfromthelowestimplementationlevel,suchasthe availabilityofpowerandcoolingsystems,tohighleveldesignissues,suchashow applicationsmanagestateinformation. Maintenanceandlongtermmanagementissuesincloudenvironmentsaresimilartothose foundinotherITenvironments.Fortunately,manyofthebestpracticesandmanagement techniquesthathaveevolvedovertheyearsarerelevantandapplicabletoday,albeitwith someslighttuningfortheuniquecharacteristicsofthecloud.

Summary
Cloudcomputingischangingthewaywedeliverbusinessservices.Thecloudarchitecture allowsformoreefficientutilizationofinfrastructure,amoreefficientdeliverymechanism forservices,andanimproveduserexperience.Byaligningbusinessobjectiveswiththe capabilitiesofcloudcomputing,businessescanrealizefastertimetomarket,reducedIT supportcosts,andmoreeffectiveuseofcapitalforinvestments.

204

TheDefinitiveGuidetoCloudComputing

DanSullivan

Cloudcomputingischaracterizedbyitsmassivescalability,easytouseprovisioning services,andaservicemanagementplatform.Thesemaybedeliveredprivatelywithinthe corporateboundaries,publiclythroughathirdpartyprovider,orasacombinationofthe two.Therearedifferentlevelsofcloudservices,suchasinfrastructureproviders,platform services,andapplicationservices.Theseservicescanbedeployedaccordingtobusiness needs,andleadtoimprovedabilitytodelivercurrentservicesandintroducenewservices withoutundoingencumbrancefromhavingtodeploycomplexITinfrastructure. TheDefinitiveGuidetoCloudComputinghaspresentedacomprehensiveoverviewofcloud computingwithafocusonidentifyingstepsneededtosuccessfullydeploycloudcomputing inyourbusiness.Technicaldetailsofcloudcomputingwillchange,buttheanalysisand managementprinciplesarebasedontheITindustryspriorexperiencewithother architecturesandservicedeliverymodels.Thevaluablelessonslearneddeployingand managingmainframes,clientserverapplications,andfirstgenerationareapplicabletothe cloud,withofcourse,someadaptation.

DownloadAdditionaleBooksfromRealtimeNexus!
RealtimeNexusTheDigitalLibraryprovidesworldclassexpertresourcesthatIT professionalsdependontolearnaboutthenewesttechnologies.IfyoufoundthiseBookto beinformative,weencourageyoutodownloadmoreofourindustryleadingtechnology eBooksandvideoguidesatRealtimeNexus.Pleasevisit http://nexus.realtimepublishers.com.

205

Você também pode gostar