IBM SmartCloud Entry Brings the Cloud to You Exploring IBM Systems Director Security

IBM i Chief Architect on IBM i V5R4 to 7.1

It’s Time to Move from AIX 5.3 to 7.1

Yo u r P u r e , A I X , A n d I B M i Au t h o r I t Y

A P e n to n P u b l i c At i o n S e P t e m b e r 2012 / V o l . 1 / n o. 5

Cloud SmackdownvsPrivate Public

Plus >>

IBM SmartCloud Entry Brings the Cloud to You Exploring IBM Systems Director Security

IBM i Chief Architect on IBM i V5R4 to 7.1

It’s Time to Move from AIX 5.3 to 7.1

Yo u r P u r e , A I X , A n d I B M i Au t h o r I t Y

A P e n to n P u b l i c At i o n S e P t e m b e r 2012 / V o l . 1 / n o. 5

Cloud SmackdownvsPrivate Public

Plus >>

Private vs. Public Cloud Smackdown — Mel BeckmanThe public cloud showed IT technologists the advantages of multi-tenant infrastructure, but public clouds do have problems. Private clouds are identical to public clouds but have intrinsic control, security, and performance advantages. Is the private cloud better than the public cloud, or do both have a mission within IT?

Cover Story ▼

Access articles online at www.POWERITPro.com.

Chat with Us

Twitter

5 Power News

11 New Products

15 Industry Issues: IBM i Chief Architect Steve Will on IBM i V5R4 to 7.1 Chris Maxcer

18 Industry Issues: It’s Time to Move from AIX 5.3 to 7.1 Anthony English

76 Hot or Not: Saying Goodbye to Choice Sean Chandler

79 Advertising Index

In every IssueFeatures 33 IBM SmartCloud Entry Brings the

Cloud to You Greg Hintermeister

46 Secrets of an AIX Administrator, Part 3 Christian Pruett

Power at Work 51 Exploring IBM Systems Director Security Erwin Earley

63 Use Kerberos to Morph Multiple Passwords into One

David Tansley

68 Easy Ways to Trace Your Virtual SCSI Configuration with AIX

Anthony English

71 How to Load a Virtual I/O Server from AIX Network Installation Manager

Rob McNelly

Power Solutions 72 CURT Connects with Infor IntelliChief

for Custom Packing Slips Chris Maxcer

S e P t e m b e r 2 0 1 2 | V o l . 1 N o . 5

21

Cover Story

21 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / S E P T E m b E R 2 0 1 2

Cover Story

1 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / S E P T E m b E R 2 0 1 2

Cover Story

Public cloud infrastructure-as-a-service (IaaS) offerings have been with us now for several years, and have proven their pluck. Today you can spin up a slew of public cloud servers,

load them with virtual appliance software, and have a working Web-facing Internet app in a single day. A public cloud delivers resources over the Internet using a self-service, pay-as-you-go cost model. If your app actually sprouts wings and needs more CPU, memory or storage, expanding it is a simple click (and credit card charge) away. Yes, it’s true that public cloud infrastructure costs more than private infrastructure over the long run, but that gap is narrowing, which you’d think would make a wholesale switch from traditional data centers to public clouds a no-brainer.

But public clouds have a few pain points that IT pros detest, and as of yet, public cloud operators haven’t stepped up with good solutions. The first pain point is IT’s loss of control. In a private infrastructure outage, the IT staff can lay hands on the equipment and heal it, usually quickly. Cloud components are “out there, somewhere,” beyond the reach of IT, which instead must depend on the cloud provider’s fixit abilities (and those aren’t always adequate). There have been some

Mel Beckmanis senior technical editor for POWER IT Pro.

Email

Website

Is one cloud loftier than the other?Cloud Smackdown

vsPrivate Public

Cover Story

Public cloud Infrastructure as a Service (IaaS) offerings have been with us now for several years and have proven their pluck. Today you can spin up a slew of public cloud servers, load

them with virtual appliance software, and have a working web-facing Internet app in a single day. A public cloud delivers resources over the Internet using a self-service, pay-as-you-go cost model. If your app actually sprouts wings and needs more CPU, memory, or storage, expanding it is a simple click (and credit card charge) away. Yes, it’s true that public cloud infrastructure costs more than private infra-structure over the long run, but that gap is narrowing, which you’d think would make a wholesale switch from traditional data centers to public clouds a no-brainer.

But public clouds have a few pain points that IT pros detest, and as of yet, public cloud operators haven’t stepped up with good solutions. The first pain point is IT’s loss of control. In a private infrastructure outage, the IT staff can lay hands on the equipment and heal it, usu-ally quickly. Cloud components are “out there, somewhere,” beyond the reach of IT, which instead must depend on the cloud provider’s fixit abilities (which aren’t always adequate). There have been some

Mel Beckmanis senior technical editor for POWER IT Pro.

Email

Website

P O W E R I T P R O / S E P T E m b E R 2 0 1 2 W W W . P O W E R I T P R O . c O m22

Cover Story

spectacular cloud failures—most recently the 2011 Easter weekend Amazon disaster—that have kept cloud subscribers offline for days.

A second pain point is security. Cloud computing means virtual computing, and virtual servers have a host of new vulnerabilities to be mitigated. Do cloud providers do enough to address them? Not always. For some vulnerabilities, no known solution exists in today’s virtualization landscape.

A third pain point is performance. As we all know, the “v” in “vir-tual” stands for “fake.” Cloud servers typically aren’t real, dedicated hardware (although some providers do offer that option at a higher cost). Multiple tenants share physical servers, storage, and networks. One tenant’s workload can bog down the response time of neigh-boring workloads belonging to unrelated tenants. Thus, public cloud performance is estimated, not guaranteed.

But cloud computing is a great idea, and it’s one that enterprise IT data centers decided they wanted to emulate in the form of private cloud infrastructure. Private clouds aim to ameliorate the sting of pub-lic cloud shortcomings, and they’ve done that well. With a private cloud, you control the horizontal, you control the vertical, and you control the reliability, security, and performance of your applications.

A rivalry of sorts has arisen in the clouds, with public and private advocates facing off over these issues. At stake are billions of dollars of IT spending. Some of those dollars are yours. Before you put money on either contender, you should understand the pros and cons of each, and what you have to do to avoid getting knocked out of the ring.

Public Cloud’s Bum RushThe idea behind a private cloud is to emulate the rapid, automatic provisioning and cost chargeback that public clouds deliver, moving IT out of the role of application expert and into a mission of a pro-vider of reliable utility computing. That’s not as easy as you might think, however, because most public cloud providers closely guard their provisioning and management software.

w w w . P O w E R I T P R O . c O m P O w E R I T P R O / S E P T E m b E R 2 0 1 2 23

Private vs. Public Cloud

One problem private clouds have encountered is a rush to deploy infrastructure without first developing internal processes for resource management. Internal customers tend to demand favorable treatment for pet projects, and without strong policies that often results in “VM sprawl”—the unrestrained multiplication of virtual machines that are poorly planned and managed. Public clouds are absolutely neutral with respect to customer demand. You get what you pay for, and not a penny more. Until IT can achieve this discipline, private cloud deployments are likely to increase complexity without returning the expected service delivery elegance.

The key element of a workable private cloud is the workload man-agement component, which includes servers dedicated to the end user service delivery portal, monitoring, load balancing, and trouble-shooting. Ideally, management and workload networks and storage are completely isolated from each other. Building a reliable private cloud platform is often outside the abilities of even expert enterprise IT teams, primarily because the technology is so new.

“Private-cloud-in-a-box” vendors help address this problem by pro-viding pre-engineered infrastructure packages, such as IBM’s PureFlex system, which supports both x86 and IBM Power physical hosts. Pure-Flex has integrated cloud administration hosted on dedicated physical servers with best-practice network isolation. An integrated self-service portal lets VM consumers spin up new servers while tracking costs for internal billing; the portal includes hooks to let IT mediate the deploy-ment process to prevent VM sprawl. And the system supports APIs that let private cloud operators customize management interfaces for internal branding or to meet special control requirements.

Public Clouds Take It on the ChinCloud computing is a new technology: Amazon launched its Elastic Compute Cloud in 2006, a scant six years ago. So you’d expect its reliability to improve over time. Alas, just the opposite has happened, which gives IT folks pause when considering where to invest their

P O W E R I T P R O / S E P T E m b E R 2 0 1 2 W W W . P O W E R I T P R O . c O m24

Cover Story

future retirement assets. 2011 saw a sharp increase in cloud outages over previous years, starting with the aforementioned Amazon Easter disaster. That single four-day outage power-punched Amazon’s EC2 reliability from the golden “five nines” of IT champions down to a palookaville 98.9 percent. That’s one nine, if you’re counting.

But clouds are worldwide, so you must consider the entire planet to get a true measure of cloud fragility. In August 2011, both Micro-soft and Amazon’s Dublin, Ireland, cloud data centers were knocked out by lightning strikes. The bell rang after two days of downtime. At about the same time, Microsoft launched its Office 365 cloud, which critics claim should be renamed “Office 363” after a one-two punch of configuration and deployment errors kept many users out of their virtual offices for 48 hours. Google Docs suffered spurious downtime lasting hours in Budapest and its apparent sister city, San Francisco. This year, a leap-year bug hooked Microsoft’s Azure cloud (a digital certificate expired on February 29), taking users to the mat for several hours.

These are just the highlights. There have been, and continue to be, many public cloud outages, although 2012 does seem less of a barn-burner than 2011. The International Working Group on Cloud Com-puting Resiliency, formed this year by Telecom ParisTech and Paris 13 University, published the report “Availability Ranking of World Cloud Computing,” noting that the 13 largest cloud providers accrued a total of 568 hours of downtime since 2007. That works out to about five days per year of dark clouds. So clouds don’t yet seem capable of being the sole provider of IT services.

A key challenge faced by private cloud operators is they’re blaz-ing new trails in component interoperability. A public cloud uses the same hardware regular IT shops use, just in huge volumes, and the hardware is interconnected in complex, novel ways never intended by its designers. Predicting and countering failure modes in this arena is more art than science. When something does go wrong, the problem often propagates through a cloud’s network, making

w w w . P O w E R I T P R O . c O m P O w E R I T P R O / S E P T E m b E R 2 0 1 2 25

Private vs. Public Cloud

diagnosis and repair extremely difficult. New technologies such as Software Defined Networking (SDN) and public cloud interoperability standards will let you deploy workloads across multiple cloud opera-tors, distributing the risk of a single operator outage.

One good thing has resulted from public cloud outages: Cloud pro-viders have been surprisingly candid about their failures, and appear to have learned from them. Amazon, for example, instituted new pro-cedures and out-of-band management paths in its technician-induced Easter disaster. Google claims it has identified weak points in its data-plex and made appropriate upgrades. All major cloud providers now give users candid visibility into infrastructure uptimes, with status consoles that let you track problems in real time.

Virtualization’s “Snapshot” Glass JawPublic cloud security is a natural concern for mission-critical enter-prise applications, but many IT people believe they can address those concerns with encryption: encrypting data at rest, and in transit, using tokenization, public key infrastructures, and VPNs. Virtualization does introduce some new risks, primarily related to the hypervisor and its interface with the outside world. Of the two general classes of hypervisor—Type 1, which is implemented on “bare metal,” and Type 2, which runs within an OS such as Linux or Windows—Type 1 is the only one considered acceptable for secure public or private cloud operation. Type 1 hypervisors contain only the components necessary to carry out virtualization management tasks, giving them a much smaller attack surface than Type 2 architectures. It’s also common for Type 1 hypervisors to run from read-only storage, making them less susceptible to direct attack. A key aspect of hypervisor protection is to ensure that all management components—and the hypervisors themselves—are isolated from all public Internet access, as well as from virtual networks employed by cloud workloads. Both public and private cloud best practices currently call for this isolation, and gener-ally it’s been well-implemented in public clouds.