perfect cloud

7/31/2019 Perfect Cloud

1/28


2/28

P r o p e r t y o f M o m e n t u m S I , A l l r i g h t s r e s e r v e d . C o p y r i g h t 2 0 1 0 Page 2

Table of Contents

Faster, Better and Cheaper .................................................................................................... 4

The Three Foundational Shifts in Information Technology ...................................................... 5

Cloud Infrastructure .......................................................................................................................5Embrace Commodity Computing ......................................................................................................... 5Avoiding vendor lock-in ........................................................................................................................ 5Hybrid Clouds & Marketplaces ............................................................................................................. 5

Reduced Cycle Times ......................................................................................................................6Implement Continuous Delivery .......................................................................................................... 6Implement Continuous Delivery on Cloud ........................................................................................... 6

I.T. as a Service ..............................................................................................................................7Services Are Directly Requested By Users ............................................................................................ 7Cloud Offerings are Just Another Service........................................................................................... 7

The Perfect Hybrid Cloud ....................................................................................................... 8

The End-to-End Solution .................................................................................................................8The Solution ......................................................................................................................................... 8

Private Cloud Hardware .................................................................................................................9CPUs for Private Clouds....................................................................................................................... 9High Memory vs. High Computation .................................................................................................... 9Memory Configuration for Private Clouds ........................................................................................... 9Servers ................................................................................................................................................ 10Network Configuration ....................................................................................................................... 10Storage Configuration ........................................................................................................................ 10Hypervisors ......................................................................................................................................... 11Operating Systems ............................................................................................................................. 11

Cloud Platform ............................................................................................................................. 12The Eucalyptus Solution ..................................................................................................................... 12Conceptual Architecture .................................................................................................................... 12Cluster Configurations ........................................................................................................................ 13Logical & Physical Architecture .......................................................................................................... 14

Release Automation ..................................................................................................................... 15The rPath Solution .............................................................................................................................. 15Creating Software Packages & Images ............................................................................................... 17Deploying Images to the Cloud .......................................................................................................... 18Modifying Images in the Cloud .......................................................................................................... 18

Self-Service and the Service Catalog ............................................................................................. 19Spanning Physical, Virtual & Cloud Environments ............................................................................. 20The Service Catalog ............................................................................................................................ 20Self-Service Provisioning .................................................................................................................... 22

Bridging External Clouds with the Private Cloud ............................................................................ 23Eucalyptus-as-a-Service ...................................................................................................................... 23API Compatible Clouds ....................................................................................................................... 23Standardized Self-Service Catalog for both Private & Public Cloud ................................................... 23Standardized Release Automation to Private & Public Cloud ............................................................ 24

Integrations & Solution Add-ons.................................................................................................. 24


3/28


License Management ......................................................................................................................... 24CMDB System ..................................................................................................................................... 24Incident & Change Management ....................................................................................................... 25Capacity Planning ............................................................................................................................... 25Systems Availability Management ..................................................................................................... 25Cloud-to-Cloud Secure Networking ................................................................................................... 25Dynamic Configuration ....................................................................................................................... 25Image Conversion ............................................................................................................................... 26Computing Zones ............................................................................................................................... 26Cloud-to-Cloud Failover ..................................................................................................................... 26Cloud-to-Cloud Bursting ..................................................................................................................... 26On-Disk Encryption ............................................................................................................................. 27Support non-X86 ................................................................................................................................ 27

Moving Forward with a Private/Hybrid Cloud ............................................................................... 27Discussing Your Private & Hybrid Cloud ............................................................................................. 28


4/28


Faster, Better and Cheaper

Faster, better and cheaper pick 2, is the traditional cry echoed by individuals attempting to

find an optimal target state. Its a very rare occasion when one is able to satisfy all the qualities.

However, when an instance does occur, companies must rapidly prepare for the fundamental

shift that lies ahead. It is our belief that just such a shift is occurring in Information

Technology.

The benefits of cloud computing have been widely promoted. As corporations move beyond

the education phase and into adoption, theyre witnessing the direct benefits of the on-

demand, pay-per-use model. Once a certain level of cloud readiness is achieved, the goal

quickly switches to being able to efficiently deal with the associated I.T. service requests relatedto applications and infrastructure. This includes creating new development and test

environments as well as promoting environments into production. Although cloud

infrastructure brought the technical solution to the table, it doesnt fix the inevitable process

problems.

Our experience tells us that the cloud infrastructure solution must be complemented with

additional process-oriented initiatives, including:

- I.T. as a Service- Cycle Time Optimization - a core concept of the Continuous Delivery movement.

These concepts along with the trend of commoditized computation, virtualization and

marketplaces define the new requirements for the Perfect Hybrid Cloud.


5/28


The Three Foundational Shifts in Information Technology

Cloud Infrastructure

For decades, I.T. infrastructure has been providing solutions to decouple software applications

from the hardware. Significant rewards were reaped from mainframe virtual environments, the

Java virtual machine and hypervisors from VMware and others. Modern cloud computing

technology takes these advances to the next logical step.

Our goals remain the same; we want to: 1. Give developers and testers rapid access to secure,

reliable computing environments; 2. Efficiently manage our computational resources (high

utilization); 3. Keep costs down; 4. Avoid lock-in scenarios. Cloud infrastructure must be able to

positively answer all of these considerations.

Embrace Commodity Computing

A core tenet of cloud computing is to use inexpensive, commoditized infrastructure elements.

Practically speaking, this suggests the use of low-cost X86 processors packaged in dense blade

environments typically running a variant of Linux (potentially Windows). Various strategies are

being embraced on the storage side, but again, most organizations are favoring low-cost

solutions over high-end storage area networks.

Avoiding vendor lock-in

A core requirement for modern cloud infrastructure is to embrace open standards, open APIsand where appropriate, open source. Too often, weve seen organizations curtail their use of

virtualization and cloud rollouts because they chose an expensive proprietary solution that

prevented cost effective scale-out. Existing proprietary virtualization solutions should be

embraced for their strengths while contained to those areas where commodity solution wont

suffice.

Hybrid Clouds & Marketplaces

By embracing commodity compute and avoiding vendor locking, an organization is well

positioned to bridge their own private compute environments with external cloud providers. By

creating a computing marketplace, the enterprise will force competition between internal and

external offerings, driving down costs while improving service levels.

Private clouds should be designed to integrate with external

clouds. The hybrid environment should leverage commodity

hardware & software to ensure a cost effective scale out.


6/28


Reduced Cycle Times

Rapidly provisioning hardware and operating systems has never been the end goal (its just a

really important step!) Ultimately, were trying to deliver new applications and capabilities to

the business in a timely and cost effective manner. To achieve this, we must coordinate the

building, packaging, configuration and deployment of the application software with our target

cloud infrastructure; a feat easier said than done.

Esteemed I.T. visionary Martin Fowler recently commented, The time from deciding that you

need to make a change to having it in production is known as cycle time and it a vital metric for

any project. The perfect cloud must be purposefully designed to accommodate changes in

the computing environment, applications and configurations. The accepted practice of

continuous integration has now expanded to one of continuous release, or as some refer to

it, continuous delivery.

Implement Continuous Delivery

Moving an application from development to test, stage, or production often causes problems

because of the dependencies on the new environment. For instance, the test version of the

application requires use of the test version of the database server. These configurations must

be decoupled from the application binary. Core to reducing cycle times is proactive

management of the entire software environment. Automated build processes must have

configuration information separated from the binaries and be centrally stored and versioned.

Ultimately, the desired state of the application should be precisely modeled and digitized to

enable a zero-defect recreation of the environment.

Implement Continuous Delivery on Cloud

These practices are true in a cloud or traditional environment; however, in cloud they become

much more evident. Cloud enables push button hardware provisioning, which has the

potential to significantly reduce cycle times. However, to significantly affect the cycle time,

practitioners must take the next step of automating the build, configure and deployment

processes.

To significantly affect the cycle time, practitioners must

automate the build, configure and deployment processes in

their cloud environment.


7/28


I.T. as a Service

Information technology has a reputation for not always delivering on its promises. For decades,

I.T. faced rapid changes in hardware and software systems forcing systems professionals to

spend their time mastering new programming languages, operating systems and middleware. A

side effect of this was that not enough attention was being spent on I.T. processes and

achieving repeatable, standardized methods for delivering solutions.

In response to the growing need for process, a focus was put on the servicification of I.T. Large

enterprises were able to deconstruct the activities that they performed into repeatable

offerings. Depending on the size of the organization, hundreds, if not thousands of both manual

and automated services were identified, the majority of which would have no intersection with

cloud for years to come.

As a best practice, I.T. organizations are now encouraged to plan their cloud offerings as

services and to ensure that they dont create new computing silos. Early adopters of cloud

computing often rushed to a cloud solution by adopting a starter cloud solution. Although thesolution was able to introduce users to the concepts of cloud computing, users were being

pushed to use a new cloud portal which had a small subset ofthe I.T. services offerings.

Services Are Directly Requested By Users

A core tenet of cloud computing is self service. Our recommended practice is to embrace

self-service, but to not create yet-another-portal that I.T. users must visit to request services.

Instead, we recommend leveraging a unified I.T. self-service storefront and cloud portal with a

menu or catalog of service options (i.e. a service catalog) to make cloud requests for both

internal and external cloud services.

Cloud Offerings are Just Another Service

Like any other service, cloud offerings should have a full support structure around them. Each

service should have owners, usage descriptions, costs, quality levels, troubleshooting processes,

roadmaps, etc. Implement predefined policies to expedite cloud provisioning while diminishing

the need for exception path approvals. Involve your users in the design of the services their

feedback is important because people instinctively support things that they helped to create.

The cloud solution must fully embrace the I.T.-as-a-Service

concept, not create a new silo.


8/28


The Perfect Hybrid Cloud

The End-to-End Solution

The perfect private / hybrid cloud must deliver on all three of the changing paradigms: I.T. as a

Service, Cloud Automation and Reduced Cycle Times. More importantly, it must deliver these

through an integrated environment that provides the right security and control in the right

places, compounding the benefit.

The Solution

To achieve our target state, MomentumSI has selected several best-in-breed components and

brought them together under a united solution set.

In addition to the vendors identified in Figure 2, the Perfect Private / Hybrid Cloud names a

number of additional products which we believe are category leaders for this class of solution.

Combined, the solution satisfies our stringent criteria for a next-generation enterprise grade

cloud solution.


9/28


Private Cloud Hardware

The advantage of the private cloud is the ability to have full control over the environment

allowing you to tailor it. Factors affecting the design of the cloud include performance

considerations, security & compliance needs, computationally intensive workloads and storage

intensive workloads. The disadvantage is the need to pay for the infrastructure up-front and

then to support and maintain the environment over its life. Most organizations recognize that

this is the current state in their traditional data center environment and view the private cloud

as a stepping stone to hybrid and externally cloud providers.

Although the specific requirements for designing the private cloud will vary based on scenario,

were providing guidance based on MomentumSIs field experience.

CPUs for Private Clouds

MomentumSI is recommending the use of Intel Xeon processors for use inprivate cloud environments. As Intel continues to release new versions of their

CPUs its hard to make a static recommendation. However, key characteristics

include:

64 bit architecture Low power consumption Use of their Hyper-Threading Technology Use of their Hardware Virtual Machine (HVM) Technology (VT-X) Large L3 cache

High Memory vs. High Computation

The common practice for profiling workloads is to distinguish between those that need

significant memory (often for large caches) versus those that perform heavy computation as

these profiles are traditionally configured differently. For high memory systems, we

recommend dual socket quad-core processors. Typically these are in the Xeon 5500 series or

equivalent. For high computation systems, we recommend the Xeon 5600 series in a dual

socket and 4 or 6 core configurations.

Memory Configuration for Private Clouds

For memory intensive nodes, we recommend 16-64 gig of memory (depending significantly onthe applications). For computationally intensive nodes (and non-memory intensive), 8-16 gig is

recommended.


10/28


11/28


Hypervisors

Over the last several years, hypervisors have matured significantly. VMware,

Microsoft HyperV and Xen continue to dominate the landscape. Naturally, Xen is

most commonly found in Linux heavy shops while HyperV is primarily used for

virtualizing the Microsoft technologies. Historically, VMware dominated in the enterprise

but has recently seen its marketshare slip as other hypervisors offer enterprise-gradefeatures as a cost competitive price.

Most large companies already have a significant investment in one or more hypervisors and

would find it very costly to replace them. At the same time, theyre questioning if they can have

a more cost effectively tiered hypervisor strategy. By tiering hypervisors based on business

criticality, organizations are able to save money by only using expensive hypervisors for business

critical applications and leveraging the less expensive hypervisors for less critical needs (dev,

test, demo, etc.). To achieve this, a cloud control layer must be implemented. This function sits

over the various hypervisors and provides a single API and proxy to the individualvirtual

machines. In this way, organizations can have the best of both worlds: a choice in hypervisorswhile maintaining a single virtual cloud of them all.

Our recommendation for selecting a hypervisor is, it depends. Careful consideration must be

given to the application workloads, scale out costs and adoption in commercial cloud providers.

As a rule of thumb, were continuing to recommend the use of the major suppliers (VMware,

Microsoft and Citrix XenServer).

Operating Systems

Hypervisors enable the execution of guest operating systems. Our customers typically

run RHEL, CentOS, Ubuntu or Windows Server 2003/2008 in either 32 or 64 bit versions.

The decision is made based on the needs of the applications that reside on the OS.

Virtually all of our customers support Windows as well as at least one flavor of Linux.

Regardless of the operating system, organizations should settle on specific vendors and

versions. These decisions should make their way into a standard model that contains

all of the right patches, utilities, etc. The model should be declarative specification that

guides provisioning, security and system maintenance. MomentumSI provides best

practices on the creation and maintenance of the model.


12/28


Cloud Platform

Virtualization technologies play a significant role in the private/

hybrid cloud solution. However, their primary role is slave to the

cloud platform. Just as virtualization solutions do a good job of

abstracting a workload from a single computer, cloud platform

solutions decouple workloads from any one machine, storage

device or network.

MomentumSI selected Eucalyptus to provide an enterprise grade cloud platform. Key factors

included:

Support for multiple hypervisors (Xen, VMware, KVM, etc.) Use of Amazon AWS API allows 3rd party ecosystem tools to be use with Eucalyptus Embracing open standards and open source, allowing customers to mitigate vendor

lock-in

Extensive feature set (compute-as-a-service, BLOBs, block storage, etc.)

The Eucalyptus Solution

Eucalyptus is an open source cloud platform. The OSS project is backed by a commercial

company, Eucalyptus Systems, which provides paid support and extended features.

Fundamentally, Eucalyptus allows an organization (enterprise or hosting provider) to turn

traditional data center equipment into an infrastructure-as-a-service environment, similar in

nature to Amazon EC2.

In fact, Eucalyptus has modeled their API to be fully compatible with Amazon Web Services,

enabling their solution to leverage the vast set of Amazon tools that have emerged. In addition,

their tooling and image formats allow for users to easily switch between delivering applications

from internal private clouds, to externally hosted Eucalyptus instances or alternatively, directly

on the Amazon cloud.

Conceptual Architecture

The Eucalyptus system is divided into a number of modules enabling a highly scalable and

redundant architecture. The primary elements are:

Cloud Controller (CLC)

The CLC is responsible for exposing and managing the underlying virtualized resources (servers,

network, and storage) via a well-defined API (Amazon EC2) and a Web-based user interface.The CLC is responsible for querying the node managers for information about resources, making

high level scheduling decisions, and implementing them by making requests to cluster

controllers.


13/28


Cluster Controller (CC)

The CCs gather information about a set of VMs and schedules VM execution on specific NCs.

The CC also manages the virtual instance network and participates in the enforcement of SLAs

as directed by the CLC. All nodes served by a single CC must be in the same network domain.

Node Controller (NC)NCs control the execution, inspection, and termination of VM instances on the host where it

runs, fetches and cleans up local copies of instance images (the kernel, the root file system, and

the ram disk image), and queries and controls the system software on its node (host OS and the

hypervisor) in response to queries and control requests from the cluster controller. The Node

controller is also responsible for the management of the virtual network endpoint.

Storage Controller (SC)

SCs implements block-accessed network storage (e.g. Amazon Elastic Block Storage -- EBS) and

are capable of interfacing with various storage systems (NFS, iSCSI, etc.). An elastic block store

is a Linux block device that can be attached to a virtual machine but sends disk traffic across the

locally attached network to a remote storage location. An EBS volume cannot be shared across

instances but does allow a snapshot to be created and stored in a central storage system such

as Walrus, the Eucalyptus storage service.

Walrus Object Storage

Walrus (put/get storage) allows users to store persistent data, organized as eventually

consistent buckets and objects. It allows users to create, delete, list buckets, put, get, delete

objects, and set access control policies. Walrus is interface compatible with Amazons S3.

The Management Platform

The Management Platform provides an interface to various Eucalyptus services and modules.These features can include VM management, storage management, user/group management,

accounting, monitoring and enforcement SLAs, cloud-bursting, provisioning, etc. Note that this

functionality focuses on administrative functions, not user services. User functions are handled

via the self-service storefront and service catalog (see below for the section on newScale).

Cluster Configurations

Virtual machines are managed by a Node Controller (NC) and are grouped together by a Cluster

Controller (CC). Eucalyptus allows the administrator to define the number of VMs per server.

The number allocated will depend on the target hardware and the profile of the workload(heavy vs. light) but will typically vary from 4-20. This number will be affected by the amount of

memory in the system, as physical memory is shared across the virtual instances.


14/28


Logical & Physical Architecture

The Private Cloud lives inside of your current data center acting as a special purpose elastic

computing resource. From a networking perspective, the private cloud is segmented into its

own subnet for security and traffic management purposes. The cloud can be expanded by

adding cluster controllers or by increasing the number/size of the servers inside of cluster.

Within the clusters, Eucalyptus offers a VLAN network that uses the Cluster Controller as a

router for all active VMs in the cluster. This feature can be used to create availability zones for

failover / disaster recovery scenarios.


15/28


Release Automation

Eucalyptus provides the software necessary to turn a traditional virtualization landscape into a

full-featured cloud. However, it doesnt answer the question of how to best package the

software for deployment to the cloud. In our quest to reduce cycle times, enterprises must

prioritize the ability to package and deploy software to cloud environments.

MomentumSI selected rPath to provide an enterprise grade release automation solution. Key

factors included:

Powerful system and software modeling for driving accurate provisioning and updates Best-in-class software packaging & dependency management Ability to work across physical, virtual & cloud environments Version controlled hub for software distribution and change

The rPath Solution

rPath is a model-driven and version-controlled solution for system automation. Based on a

version-controlled repository, rPath acts as a software distribution hub (Figure 4.) for controlled

reuse of application, OS, middleware and other system artifacts. From this hub, version

controlled system components can be reused (directly from rPath or by populating the

newScale service catalog) to construct new systems and business services that are consistent,

compliant and dependency complete. These business services are ready to deploy to any

physical, virtual or cloud environment and theyre easy to update, patch, roll back or

regenerate automatically and on demand.


16/28


These centrally managed system components are integrated back through their software

supply chaincustom, commercial, and open source. As changes are made to these software

sources, they can be easily flowed through rPath and propagated across deployed systems and

business services. rPath automates four key functions for IT system deployment and

maintenance:

1. Automated generation of images for rapid deployment to physical, virtual or cloud targets

2. Automated updates and rollbacks

3. Compliance reporting and remediation

4. Controlled lifecycle promotion

rPath provides a unique model-driven and version-controlled approach to release automation.

Model-driven

Unlike script-based automation solutions, rPath deeply models the entire software stack as adetailed manifest, providing a canonical description of all of the software, dependencies,

configurations, and policies relevant to a specific system.

rPath generates this manifest via two automated functions that rPath performs natively:

(1) Dependency discovery/resolutionrPath automatically discovers and resolves the entire

dependency chain, ensuring that systems are complete and ready to deploy;

(2) Enforcement of IT policiesrPath allows IT to define and enforce build-time policies to

ensure conformance to corporate and regulatory standards and best practices.

This model becomes the basis for generating images for rapid provisioning and conflict-freesystem updates across any physical, virtual or cloud-based environment.

Version-controlled

rPath is the only vendor that offers a fully version-controlled release automation solution. rPath

isn't a source code control management (SCCM) system. Rather, it borrows many of the key

principles from source code control, providing deep control to management of deployed

software systems for managing scale and change.

With rPath, every system artifact is versioned:

Application components OS components Middleware components Policies Configurations Installation Scripts Manifests


17/28


This provides several key advantages:

Systems can be defined hierarchicallywhere systems are defined as branches frombase platform components that are managed centrally and reused as referenced links.

Changes are made centrally at the top of the hierarchy and cascaded across deployed

systems.

Systems are defined by a single version numberrather than dozens or hundreds ofindividually versioned packages that typically describe a deployed system

Versioned systems can be controlledrolled forward, rolled back or rolled out inphases

Version systems can be consistently reproducedacross lifecycle phasesdev, test,production, support

Simplified troubleshootingdifferences between system versions can be bisected forrapid identification of root causes of outages

How does this approach apply to the perfect private cloud? rPath delivers three crucial use

cases: creating cloud images for deployment, deploying images to the cloud, and maintainingrunning systems in the cloud.

Creating Software Packages & Images

The traditional provisioning approachbuild each

new machine from scratchis completely

inappropriate for the cloud. The cloud calls for

ready-to-run, fully baked images that include

everything the new system needs, such as the OS,

patches, middleware, application programs, and

configuration data.

But maintaining a library of such golden images is

prohibitively expensive. It is simply too difficult to

make needed changes to a static image without breaking something.

rPath provides a unique, best-of-both worlds approach. You import your software and

configurations into the rPath hub, and create flexible models for your systems and applications.

These models are easy to change, understand, and validate. Then, rPath dynamically generates

complete imagesfor any physical, virtual, or cloud environmenton demand. These images

accelerate provisioning, but are fully discardable. Given a models version number, rPath canalways regenerate that models image.


18/28


Deploying Images to the Cloud

In addition to generating images, rPath integrates directly into downstream hypervisors and

cloud managers to upload and validate images. For example, in an environment with

Eucalyptus, rPath automatically uploads each dynamical-generated image to the Eucalyptus

image store.

When new systems are launched from the

uploaded images, rPaths management

software automatically inventories and tracks

the new systems in the rPath versioned

inventory. Even in a complex public/private

environment with multiple deployment

targets, you can see a single list of all

managed systems (with the versions of the

models they follow) in the rPath inventory.

Modifying Images in the Cloud

Clouds enable the patch-by-rebuilding model. For many applications (such as stateless grid

computation engines and web front-ends), theres no loss if any given system disappears. So

the best way to roll out any change is to change the model, rebuild the image, and simply

replace the old systems with new systems. rPath image generation makes that process fast.

But many applications are not so simple. Applications with interesting state or session data

may need to run for an extended period of timeand in todays security environment, any

system that is running for more than a few days may require a patch or update. Most cloud

management tools avoid this use case, but it is an IT reality.

rPath solves it via the versioned inventory. When you change a system model in rPath, two

things happen simultaneously:

New systems you provision reflect the change going forward because rPathbakes the change into the images it generates.

rPath lists the existing systems that were built with the previous version of themodel, and offers to update them dynamically. Since rPath updates systems by

moving from one validated model version to another validated model version,

the changes are safe, incremental, and roll-backable.

The result is a best-of-both worlds approach to cloud systems. Whether your application

enables patch-by-rebuilding or not, a single model can automate the complete lifecycle.


19/28


Self-Service and the Service Catalog

The newScale Solution

The newScale software suite provides the set of solutions

necessary to fulfill the I.T. as a Service vision. Their offering

takes a service-centric perspective, providing standardizedI.T. offerings through a self-service portal with orchestration

and lifecycle management for automated delivery and tracking.

I.T. product managers are able to fully describe and promote their offerings in a portal for their

users. Enterprise architects and governance professionals can ensure consistent and repeatable

processes through by enforcing policy-based controls in the newScale solution. And consumers

of I.T. services can order from the catalog to provision I.T. resources in a self-service manner.

In cloud computing, self-service is a high priority. Users expect the ability to provision

infrastructure in minutes, not days, weeks or months. By providing a single source of truth forI.T. services within newScale, users are able to enjoy the one-stop-shopping and consumer-like

e-commerce experience that they have come to expect. Different tiers of services and options

can be presentedwith marketing templates to help drive demand to lower cost options

(supporting a virtual-first or even cloud-first approach).

With self-service through a catalog of standardized options, IT organizations can eliminate the

back-and-forth requirements gathering process, orchestrate automation across IT silos, and

improve visibility into demand to help ensure more accurate capacity planning. Once services

are requested, newScale provides the orchestration and lifecycle tracking to manage the end-

to-end process from provisioning to re-purposing or decommissioning as well as the visibility

into consumption to enable service-based cost allocation showback or even chargeback.

MomentumSI selected newScale to provide an enterprise-grade self-service storefront and

cloud automation solution. Key factors included:

Ability to define and publish standardized infrastructure offerings in a service catalog Enable self-service with an easy-to-use "e-commerce" ordering experience Govern approvals and orchestrate the end-to-end provisioning process Ensure operational compliance and track the lifecycle for workloads Manage consumption and costs, with visibility to enable pay-per-use billing. Ability to integrate with the cloud ecosystem (release automation, infrastructure

providers, etc.)


20/28


Spanning Physical, Virtual & Cloud Environments

A core philosophical tenet that we want to drive home is that the various environments

(physical, virtual & cloud) should not create silos! To the greatest extent possible, the

environments should be managed by a consistent process and tooling base. It has been our

experience that if an organization treats each of these as one-off environments, they will be

unable to achieve the cost savings or agility they desire. In addition, silos in the physical orvirtual areas will create barriers to cloud adoption. Conversely, if the aforementioned are

treated with consistent processes and tools, our users and auditors will feel more confident and

secure in the environments. This in turn will create a much more rapid and natural progression

into a cloud environment. The same benefits are also gained when both private and public

clouds are managed with such consistency. In fact, the better visibility the service catalog has of

the available options, the better it can steer consumers to the best-fit or lowest-cost offering.

The newScale RequestCenter application offers pre-configured integrations to third party

systems across physical, virtual and cloud environments including virtualization tools like

VMware and public cloud providers such as Amazon EC2 cloud for automated provisioning, de-provisioning and management of servers, storage and associated services. The same capability

can be utilized to manage your Eucalyptus private cloud.

The Service Catalog

newScale RequestCenter provides end users with a personalized view of the service catalog

representing a one-stop portal destination for requesting any type of service and tracking

service request status.

Users see the services in the catalog that they are entitled to order, based on their functional

position, location, and associated permissions. With seamless integration to LDAP and Active

Directory, IT organizations can manage authentication and authorization to ensure employees

request only those services appropriate to their job function.


21/28


When used together with newScale LifecycleCenter, IT can provide a pre-built wizard guide

for ordering services, to improve self-service, encourage adoption of IT standards, and drive

down costs. With this guided self-service shopping experience, users are steered to the right

service package that best matches their needs. Policy-based controls and approvals ensure that

the right governance and compliance policies are enforced.

From our perspective, the service catalog performs four primary functions:

1. It communicates standard options, specifications and costs of services.2. It enables self-service access to virtual and cloud services3. It coordinates and orchestrates the provisioning process4. It tracks and manages the service lifecycle and usage

Enterprise I.T. organizations must focus on reducing operational costs. To achieve impactful

results, it will be important to simplify ongoing, repetitive management tasks through

automation, while hiding the technical complexities from the users. By doing this, organizations

can continue to better define standard service options and service tiers, leading to overall

improvements in service quality. The service catalog is the heart of the service simplification

movement and thus, is core to our private/hybrid cloud solution.


22/28


23/28


Bridging External Clouds with the Private Cloud

The Private Cloud weve described enables organizations to more effectively utilize computing

resources and to better respond to internal I.T. infrastructure requests. To complement the

private cloud, many organizations are joining their private cloud with an externally provided

public cloud. By combining private and public clouds a hybrid cloud is created. Each cloud

segment can be used to it strength. The private cloud can run the most sensitive production

payloads and provide low-latency integration access to other internal applications and data

sources. External clouds can be used for failover, disaster recovery, development & test

environments, one-time burst computing jobs, new computing capabilities in a specific

geographic region, and so on.

Although there are several different kinds of public clouds (SaaS, PaaS), our focus is purely on

IaaS clouds. From this perspective, there are a couple practical options on how one can logically

extend their cloud:

1. Use a hoster / cloud provider who provides Eucalyptus-as-a-Service2. Use a public cloud provider who is API compatible, such as Amazon

Eucalyptus-as-a-Service

Eucalyptus is an open-source initiative with commercial backing. Due to its open nature, hosting

providers are able to turn their traditional data center offerings into a cloud offering. The

obvious advantage of this approach is that the software used in your data center can be a

binary match to the software being used in the external cloud. This significantly mitigates the

potential concern of software working in one cloud segment and not in the other.

MomentumSI is working with a number of established hosting companies to provide

Eucalyptus-as-a-Service capability. As a network for providers comes online, we anticipate thatthe competitive nature will drive down costs and also force providers to create value-added

offerings to provide product differentiation. Although the differentiation could lead to a

fragmentation in the offering, the core Eucalyptus services will be the common foundation that

can and should be used by the internal private cloud and the external solution.

API Compatible Clouds

In the past, Eucalyptus has delivered an API compatible version of Amazon AWS EC2. However,

we anticipate that the Eucalyptus open source community will rapidly drive the innovation of

the offering. Using EC2 as an extension of your hybrid cloud is a simple and easy way to get

started; however, were aware of a number of emerging solutions that will also offer compute-

rich solutions. Our recommendation is not to worry about being Amazon API Compatible, but

rather to allow the innovation in Eucalyptus and the ecosystem to drive innovation.

Standardized Self-Service Catalog for both Private & Public Cloud

A core tenet of the I.T.-as-a-Service vision is to use a simple and consistent approach to

requesting and managing ALL I.T. services. The interaction model with the public and private

cloud must be consistent, with standardized policies, security, governance and self-service


24/28


experience. For this reason, were recommending the use of the newScale to provide the front-

end self-service IT storefront, policy-based controls, orchestration, and lifecycle management

for both private and public cloud offerings. We consider the use of multiple front-ends to

individual clouds an anti-pattern, leading to cloud silos.

Standardized Release Automation to Private & Public CloudMomentumSI recognizes that the transition to cloud computing will be a gradual movement. In

large companies this process will take approximately 3-7 years to truly take hold. During this

transition, it is necessary to implement a standard software release model. The enterprise

should use the same basic process across physical, virtual and cloud environments, as well as

the same tooling.

rPath provides consistent tooling that can create software deployment packages for private

Eucalyptus environments as well as Amazon, VMware and other leading providers. Again, it is

important not to create one-off processes or proliferate a number of tools across the

environments. Simplicity should be the rule for managing the environment.

Integrations & Solution Add-ons

The private/hybrid cloud weve described serves as a solid

foundation. Many enterprise customers choose to implement

this solution profile as the base and then extend the capabilities with a number of traditional

infrastructure and operational capabilities. This section identifies several of the popular

integrations and cloud add-ons that are requested.

License Management

Enterprises need to re-think how they purchase, allocate and account for software licenses as

they move to a cloud environment. The scope of this project reaches across purchasing, legal,

license management, and cloud administration teams and must be carefully thought out. Will

your current licenses allow the type of cloud usage you are planning? What will your company

policy on the purchase of future licenses look like to maximize your cloud potential? How will

you track and manage the usage of these licenses in the cloud? MomentumSI has helped

clients answer all of these questions and implement the tools needed to safely and efficiently

manage licenses in the cloud.

CMDB System

The use of a configuration management database (CMDB) in a cloud environment will look

nothing like the CMDB in a typical enterprise. The way you do discovery, federation and

general ITSM activities in a global cloud platform can be totally different than what your

legacy CMDB was built to do. In most cases, enterprises will find that they will want CMDB-

like qualities embedded in to their cloud infrastructure platform or service catalog, and not

living as a stand-alone system. In fact, newScales lifecycle management effectively provides a


25/28


service management database (SMDB) that provides tracking and management for the IT

resources requested and delivery. In most situations, this may be sufficient for cloud in other

cases, it can be integrated to an existing legacy CMDB.

Incident & Change Management

The old saying the bigger they come, the harder they fall applies well to cloud environments.A small change-gone-wrong scaled to thousands of VMs can quickly turn in to a major problem

if not properly managed. The distributed nature of cloud environments across facilities,

platforms and providers makes managing both large and small incidents a core part of

enterprise cloud projects. Most enterprises already have an incident and change management

platform that can be modernized to accept the different inputs and data types generated by a

cloud platform.

Capacity Planning

A by-product of proper monitoring and metering will be the seamless ability to forecast

capacity needs and provide just the right amount, in the right place, at the right time. But toreally take advantage of the concept of cloud computing, your capacity planning process and

tools should look at more than peak usage. Being able to evaluate workloads in real-time to

find the best location, platform and time of the day/week/month to run will not only maximize

your capacity but will result in faster processing for less money.

Systems Availability Management

Just like in traditional IT environments, measuring and reporting against Slaps is an important

function. MomentumSI recommends that clients measure the following six areas in the cloud,

at a minimum: Availability, Reliability, Recoverability, Maintainability, Resiliency and Security.

In addition, clients should consider monitoring things like capacity, cost, incidents/tickets,

change requests and dozens of other metrics depending on their goals and needs. Being ableto get this data out of your global cloud environment and report on it is essential to meeting or

exceeding the Sals your business demands.

Cloud-to-Cloud Secure Networking

As your cloud platform expands it will encompass far more than just a single facility. Youll be

using resources that span countries, providers and technologies. Making sure your data moves

safely and seamlessly from one part of your cloud to another is key security practice. Can you

prove to an auditor that traffic arriving from another part of the cloud has not been viewed or

changed by anyone else along the way? As more critical aspects of your business start to run in

the cloud, things like traditional SSL and VPN will not be enough for most organizations youneed a layered approach to addressing this problem. Planning for this up front will save time

and money later.

Dynamic Configuration

Automation tops the list of must-dos in the cloud to obtain the efficiency of scale that makes

cloud so attractive. Make sure that your cloud platform is capable of automated, dynamic

configuration of things like policies, network rules (VLAN, Firewall, routing), resource allocation


26/28


and account/user management. Using a standalone or integrated configuration engine to apply

standards and management of this dynamic configuration is a good way to reduce your

administrative burden while not losing control of the environment.

Image Conversion

Every enterprise has standard builds of server images in a variety of different OS types andpurposes, and every cloud platform and hypervisor has a slightly different way they need to see

those images packaged. There are both manual and automated tools available that will take a

single image designed for one platform or provider and convert it to run in one or more other

environments. As both the number of images and the number of environments grow, this is

another task best left to automation.

Computing Zones

Amazon calls them availability zones in their AWS service that are based on geography, but at

MomentumSI we talk to our customers about Computing Zones. Weve mentioned in this

document numerous times that your cloud platform will span divisions of your organization,providers, technologies, and even continents. Each of those separation points will act as

physical zones, but it is best to draw and manage against your own logical Computing Zone

boundaries. Maybe you want to have a zone based on geography, or by criticality of

processing, or by cost let your business drivers be the guide, not what a particular provider or

geography defaults to.

Cloud-to-Cloud Failover

Despite the overlapping, redundant nature of cloud computing failures happen and you

need to be prepared for them. MomentumSI can help you convert and synchronize your

machine images and data to a second or third provider and even automate the failover in case

of an outage affecting your primary resources. In addition, if your cloud platform spans to orfrom your enterprise network, you could fail out to the public cloud or in to your private

cloud resources depending on where the primary computing failure is occurring.

Cloud-to-Cloud Bursting

Cloud Bursting is an often-discussed topic in the industry right now and refers to the concept

of adding capacity to a computing environment, only when it is needed, using the cloud. A

simple example is that your company sells flowers, and your website does 500 orders 363 days

out of the year. You need 4 servers to keep up with that load, and you host everything

internally. On Mothers Day and Valentines Day, you do 50,000 orders and need 400 servers.

Rather than keep those extra 396 servers on-site all year, you would design your applicationand infrastructure to burst out to the public cloud when the load exceeds what your 4 servers

can offer. This is an extreme example more common would be to burst for month end

processing or on a daily basis for 1-2 hours during peak load times. The trick to properly using

cloud bursting is in the architecture of your application and the rules you implement around

how, where, when and why to burst.


27/28


On-Disk Encryption

As you put data out in a shared environment, it is obvious that the risk of theft or accidental

disclosure increases. Luckily, there are simple, reliable and low-latency encryption solutions

available for data at rest (on disk). The hard part with any encryption project is properly

storing, using and managing the keys to the encrypted data. If you store the key alongside the

encrypted data, it might as well be in clear text. Just like with cloud bursting, properarchitecture is essential to maximize the impact this technology can offer.

Support non-X86

For most non-x86 systems and applications, running in a cloud or cloud-like environment will

just feel like old times. There are providers and technology vendors offering mainframe time in

the cloud, COBOL in the cloud, and other legacy systems in and around the cloud. Many

people say mainframes were the original cloud because they were designed and built as the

original multi-tenant, time-shared platform. The big question to ask is how much custom

integration or modernization of the platform or application is required, and what will that do to

the reliability and security of the original design? MomentumSI will help you see the pros andcons of moving non-x86 platforms or code to the cloud, and help you put an architecture and

plan together to do it right the first time.

Moving Forward with a Private/Hybrid Cloud

Self-service private/hybrid clouds help enterprise IT deliver the simple, self-service, on-demand

infrastructure services readily available from public clouds like Savvis and Rackspace.

In turn, IT departments reap the following advantages:

Improved agilityDeployment cycles shrink from months to minutes, making IT farmore responsive to business lines and other internal customers.

Reduced capital expenseUtilization of hardware capacity improves dramatically dueto elastic provisioning and de-provisioning of services.

Reduced operating costsSoftware infrastructure and provisioning processes arestandardized and automated. Control is decentralized to decentralized constituents.

Reduced riskThe controlled cloud provides an alternative to rogue deployments tothe public cloud. The ability to move workloads between deployment environments(physical, virtual or cloud) avoids platform lock-in.

The core technologies and services within the MomentumSI self-service private/hybrid cloud

platform include:


28/28

newScale service catalog creates a Web-based, e-commerce ordering experience foreither private or public cloud services. With newScales software, IT can enable on-

demand provisioning, enforce policy-based controls, manage the lifecycle for workloads,

and track usage for billing.

rPath release automation controls and promotes reuse of standardized softwareinfrastructure and automates system construction, maintenance and on-demand image

generation for deployment across any physical, virtual, and cloud environment.

Eucalyptus cloud automation establishes an elastic infrastructure framework thatenables organizations to deploy massively scalable private and hybrid cloud computing

environments within a secure IT infrastructure. Eucalyptus is fully compatible with the

Amazon Web Services public cloud.

MomentumSI professional services provides implementation services, best practicesand the adoption model for making the transition to self-service public cloudcomputing. Beyond the technology components, MomentumSI also addresses the

people, process, organizational, and educational issues involved in optimizing each

clients self-service private cloud.

Discussing Your Private & Hybrid Cloud

This paper has identified a unified solution for creating a private & hybrid cloud. However,

every cloud solution will be tailored to the customer requirements. MomentumSI offers a free

half-day workshop to discuss the specifics of your environment and answer your questions on

private and hybrid clouds.

Call or email to schedule a discussion

MomentumSI serves enterprise customers globally. Our whiteboard workshops are free and

there is never any obligation to have any service performed. Please call or email us now:

[email protected] Phone: 512-844-1732.

Half-Day Agenda

Briefing Review the MSI Cloud Reference Model (30 minutes) Whiteboard Session Assess your current & target cloud architecture (60

minutes)

Briefing Review the MSI Apps-to-Ops Process (30 minutes) Whiteboard Session Assess your current & target delivery model (60

minutes)

Discussion Next Steps (60 minutes)
mailto:[email protected]:[email protected]:[email protected]

perfect cloud

Documents