FiveStepsto EnterpriseCloudComputing

EucalyptusSystems,Inc.
2010

Overview

greaterefficiencieswithinthe enterprisedatacenter.

WhatisaPrivateCloud?

Significanttechnologicaladvancesare oftenmadeduringperiodsofcrisis andchange.Thusitisunsurprising thattodaysCIOsandITprofessionals, confrontedwithextraordinary challengesspikingenergybills, underutilizeddatacenters, accelerateddatagrowthduringa timeofrestrictedcapitaland economicuncertaintyaregravitating towardsinnovativeefficiency enhancingtechnologicalmodels. Cloudcomputingisonesuchmodel. Originallyproposedasapublicutility computingmodel,onpremiseor privatecloudcomputingisemerging asanewtechnologyfortheIT manageddatacenter.Itdeploysasa completeplatformforsupporting scalableapplicationsinawaythat improvestheefficiencyofbothIT managementandoperations. Thispaperdiscussestheuseofcloud computingintheenterprisedata center,thepotentialfrictionpoints associatedwiththeadoptionofcloud computingandstepstotaketoinitiate thedevelopmentofanenterprise privatecloudasanIToptimizing technology.Inparticular,itfocuseson theoperationalandITprocesses withintheenterpriseandhowprivate andhybridcloudscanbringabout
2010EucalyptusSystems,Inc. www.eucalyptus.com

Aprivatecloudisasoftware infrastructurethatenablesendusers toacquire,configure,andultimately releasedatacenterresourceson demand,usingautomatedselfservice toolsandsoftwareserviceswithinan enterprisesdatacenter.Oneofthe easiestwaystounderstandhowa privatecloudfunctionsisbyanalogy withwebbasedecommerce. Today,customersexpecttobeableto shopforandpurchasegoodsand servicesviatheInternet.Successfule commercecompanies(e.g., Amazon.com,Google,eBay,etc.) implementhighlyscalableweb servicesthataredesignedtoallowas manycustomersaspossibletomake separatepurchasingorrental transactionssimultaneously. Furthermore,tokeepsalesoverhead aslowaspossible,theseecommerce venuesarefullyautomatedandself service.Thatis,thegoalistohavethe webservicesandtheinfrastructure (andnotasalespersonorsupport person)handlethevendorsideof eachtransactionautomatically. Byanalogy,aprivatecloudisaservice venuethatallowsendusers (customers)tosearchfor(shopfor) computeinfrastructurethatis customizedtotheirspecificneeds (products),toacquirethat infrastructure,andwhenitisno
Page2

 longerneeded,toreleaseitbacktothe ITorganization.Inthesamewaythat anecommercesitemustsupportthe transactionsputforthbymany simultaneouscustomers,aprivate cloudmustbeabletoscaletohandle manysimultaneousenduserrequests andcommandsautomatically,without humanintervention.Similarly,tokeep managementoverheadtoaminimum, privatecloudssupportselfservice interfacesandtoolssothatthecloud services(andnotsystem administrators)implementeach usersrequestdirectlyand automatically.Theproductinthis rentalanalogy,istypicallyavirtual machinethathaseitherbeenpre configuredwithaspecificsetof softwareapplications,orcanbe customizedbytheenduserdirectly oncetheacquisitiontransactionis complete.

GatingConcerns:Operational Changes,Governance,and Costs

FortheITorganization,aselfservice approachtoinfrastructure managementcanofferorganization efficiencygains,butnotwithout considerationforpotentialchangesto operationalprocesses,governance policies,andcoststructure. Operationalchanges Achievingthefullefficiencybenefitsof aprivatecloudtypicallyrequiresa changeintheactivitiesand
2010EucalyptusSystems,Inc. www.eucalyptus.com

responsibilitiesofbothusersandIT staff.Usersmustdeveloptheskills andknowledgenecessarytooperatea selfserviceresourceprovisioning interface.Notethatwithoutacloud, resourceprovisioningisusuallya personnelintensiveactivityinwhich writtenrequestsforresourcesmust navigatetheorganizationalstructure fromendusertoITprofessional,and backagain.Oftenemployeesfrom differentorganizationalunitsbecome involvedduringdifferentphasesofa request(requirementsgathering, budgeting,security,recharge,etc.) Theadvantageofthisapproachisthat specializedpersonnelcaneachfocus hisorherabilityonaparticular subtasknecessaryultimatelyto allocateanewresourcetoauser.The potentialdisadvantageisexpense(in theformofthepersonneloverhead) anddelay(whichmanifestsaslost productivity)betweenthetimeofthe requestandwhenitissatisfied. Aprivatecloudautomatesthe mechanismforprovisioningnew resourcestoindividualusers.The resourcesarevirtualized(i.e.auseris allocateduseofacollectionofvirtual machines(VMs)ratherthanasetof physicalservers)sothatthecloud infrastructurecansitethem (allocatethemtophysicalservers)at thebehestoftheuser.Furthermore, theuserdoesnotcontrolwherethe VMsrunbutinsteadspecifiesaquality ofserviceexpectationwithaService LevelAgreement(SLA)thatthecloud infrastructuremustrespectforthe usersVMswhenmakingdecisions aboutwheretheyaretobesited.
Page3

 Theadvantageofthisselfservice approachisthatitisfullyautomated, makingitpossibletoprovisionfull machine,network,andstorage collectionsinminutes,transactionally andsimultaneously,foralargeuser community.Thedisadvantageisthat

additionalcomplexityisaddedtothe dutiesoftheenduserwhobecomes theonlyhumanintheprovisioning loop.Alloftheprovisioningfunctions needtobehandledbythecloud automaticallyormanagedbytheend userdirectly(Figure1).

Figure1.OperationalChanges.Thediagrambelowcomparestheserverdeploymentprocessina traditionalITorganizationtothatofanorganizationwithafullyimplementedEucalyptusprivate cloud.InatraditionalITsetting(leftsideofdiagram)eachrequestissubjecttotheactionsof personnelacrossmultipledepartments(e.g.IT,legal,purchasing,support,security).Thetime requiredinmanuallyperformingthesetaskscombinedwithdifferingdepartmentalpriorities, requirements,andconstraintscansignificantlydelayresourcedeployment.

WithaEucalyptusprivatecloud(rightsideofdiagram)repeatediterationsofthispersonnel intensivedeploymentprocessareeliminated.Onceappropriateorganizationalapprovalsandthe cloudarchitectureareinplace,userssimplydeployandscaletheirownvirtualresources(i.e. machines,applicationstacks,network,storage)ondemandviaanautomatedselfserveWebAPI.IT staffactivitiesshifttooptimizingcloudperformanceandenhancingtheenduserexperiencewith imagecreation,archivalmaintenance,interfacecustomization,virtualnetworkoversight,and capacityplanning.

2010EucalyptusSystems,Inc. www.eucalyptus.com

Page4

 Withacloud,then,theseparationof concernsassociatedwithresource provisioningchanges.Thecloud infrastructureitselfimplementsthe mechanismsnecessarytoautomate theprocesssuchassecuritycredential management,accountingandrecharge billing,networksecuritypolicy enforcement,dataintegrityand provenance,etc.ITprofessionals concentrateonbakingintothecloud (byconstructingVMsforusersand/or operatingcloudpolicyinterfaces)the policiesthatthecloudneedsto enforceautomatically.Finally,users mustbeabletochoosetherightsetof VMs,network,andstorageresources necessarytosupportaparticular applicationthatthecloudmust provisionontheirbehalf. Governance Withnewrolesandresponsibilities associatedwithaprivatecloudcomes theneedfornewgovernancepolicies. Inparticular,methodsofoversight, includingmanagementstandards, operationalguidelines,andbest practices,whichensuretheproper functioninganduseofautomatedself serviceactivitiesarecritical.Once provisioned,however,cloudhosted applicationsbehavemuchlikenon cloudhostedones.Thechief differenceisthedynamicnaturewith whichcloudapplicationsandusers canchangetheirprovisioningprofile. Inacloud,forexample,anenduser canchangetherulesgoverning firewallsisolatinghisorherVMs
2010EucalyptusSystems,Inc. www.eucalyptus.com

fromextracloudnetworktrafficand fromeachother.Clearlythecloud cannotallowuserstoviolatesitewide securitypoliciessoanychangesmust beautomaticallyvettedagainst firewallrulesfortheclouditself beforetheyarepermitted.Still,within theblanketsecuritypoliciesforthe cloud,bestpractices(particularlyfor faultisolationand/orintrusion quarantine)dictatethatinterVM communicationshouldberestricted. Thecloudmustauditandreportthe degreetowhichthesepracticesare observed,butitisuptothe organizationtodefinepoliciesand remediationstrategiesgoverningtheir use. Isitaviolationofcloudpolicy,for example,ifauserdropsaninternal firewallrulebetweenVMsforashort period(e.g.,minutes)whiledebugging anetworkconfigurationproblem? Forhowlongshouldthisdebugging periodbeallowed?Whatisthe responseiftheperiodisexceeded? Howisthatresponseimplemented? Becauseusershavecontrolof (virtualized)infrastructure,and becausethecloudcanmakechanges tothisinfrastructureatmachine speedsatthebehestofindividual users,anewsetofgovernancepolicies andpracticesmaybenecessary. Costs Becauseprivatecloudsdepend, fundamentally,onvirtualization technologiesforisolation,theycan implementserverconsolidationinthe
Page5

 samewaythatdatacenter virtualizationtechnologiesdoby stackingseveraldifferentVMsoneach physicalserver.Incloudparlance,this capabilityistermedmultitenancy andthecloudinfrastructuremusttake caretoisolateVMsownedbydifferent usersfromeachotherwhenthey shareacommonresource.Theresult, however,isthesameasina virtualizeddatacenterinthatmore computing,networkingandstorage cansecurelyusefewerresources.The chiefdifferenceisthatinacloud,the cloudinfrastructureandnotthe systemadministratormust automaticallyimplementandmanage multitenancyanddosowhilealarge collectionofusersispermitted simultaneousaccess. Anotherimportantcostsaving capabilityimplementedbyprivate cloudsistheabilitytotemporarily exceedorburstoverresource quotas.Forexample,ifaparticular marketingcampaignsuddenly generateslargerthanexpectedin boundwebtraffic,itispossibleforthe cloudtodoubleuplesscriticalVMs temporarilyuntilamorepermanent decisionaboutmaximumresource footprintforthemarketingVMscan bemade. However,evenwithmultitenancy andtemporaryinternalbursting, whentheresourcecapacityofthe cloudisexceededuserrequestsmust bedenieduntilsufficientresources becomeavailable.Inthiscase,itis possibletoconsiderburstingintoone
2010EucalyptusSystems,Inc. www.eucalyptus.com

ormorepublicclouds,thereby formingahybrid.Clearly,security policiesmustbeinplacetodefinethe exactconditionsandattributes governingwhatandwhenprivate cloudloadcanbeburstintoan externalpubliccloud.Budgetingand costcontrols,however,mustalsobein place. Specifically,publiccloudsoftencharge fortenancy(e.g.,rentalbythehour), storagecapacityandaccessfrequency, andbandwidthinandoutofthe publiccloudvenue.Itiscriticalto understandtheseresourceusage characteristicsonaperapplication basistobeabletopredictthedollar costthatwillbeincurredwhenan applicationisburstfromprivateto publiccloud,andalsowhenitis retractedanditsdataistransferred backtotheprivatecloud. Understandingthisperformance profilecanbechallenging.Moreover, ifcostcontainmentforhybrid operationisdeemedtobecritical, applicationdevelopmentsoasto minimizetheexpenseofpubliccloud deploymentmaybenecessary.That is,itispossible(butperhapsmore complex)todevelopapplicationsina waythatdeliberatelyminimizestheir hostingexpenseinapubliccloudso thatifandwhenapubliccloud deploymentistriggered,theresulting costisminimized. Privatepubliccloudinteroperability isalsocriticaltoahybridmodel.Ifthe privatecloudistotriggerapublic clouddeploymentautomatically,the
Page6

 applicationcodeanddatamustbe portablebetweentheprivateand publiccloudsundersoftwarecontrol. Thustheprivateandpublicclouds mustbeabletointeroperate.

FiveStepstoBuildinga PrivateCloud

Iftheefficiencygainsthrough automationandselfservicethat privatecloudsofferaretoberealized, ITprofessionalstodayareoften interestedinwhatstepstheyshould taketobuildanddeployaprivate cloud.Becausecloudcomputingisstill nascent,thestepsdescribedbelow shouldbeconsideredmoreofa guidelinethanaprescriptionbutif followed,theywillultimatelyresultin afunctionalprivatecloud. Step1:AdoptaMachineVirtualization Technology Clouds,today,usemachine virtualizationasthebasictechnology forisolatingresourceusagebetween users.Avirtualmachineisafull operatingsystemsstackthatexecutes asifitisrunningonthehardware directly.Infact,eachstackisrunning inacontainerthatisexportedbya softwarelayerrunningunderneath theoperatingsystemcalleda hypervisor.Systemsservicesandtools canthenbeusedbysystem administratorstomanipulatevirtual machinesexternally(e.g.,movethem startthem,stopthem,etc.)asifthey areseparatesoftwareprocesseswhile
2010EucalyptusSystems,Inc. www.eucalyptus.com

theapplicationsinsideeachthink theyareeachrunningonadedicated machine. Thefirststepindeployingaprivate cloud,then,istochooseaparticular OSvirtualizationtechnologytouseto implementcloudhostedVMs.There areseveralchoices,eachofferinga differentpricepoint,featureset,and levelofstabilityandreliability.Oncea virtualizationplatformischosen,the ITstaffultimatelyresponsiblefor administeringtheprivatecloudcan becomefamiliarwiththeuseofvirtual machines,theirfailuremodes, networkinginteractions,security interfaces,etc.asaplatformforuser applications. Step2:ProfileApplicationCompute, Memory,andStorageUsageand PerformanceRequirements Oneofthekeyimpedimentsto deployingcloudapplications surroundsthesemanticsassociated withamorescalableanddynamic resourceusagemodel,particularlyfor storage.Oftencomputeand networkingresourcewillchangelittle inacloudversionofanapplication, butthecloudstorageabstractionscan beasourceofnontrivialporting effort.Cloudsmustbeabletoscale bothwithresourcecountand concurrentusertransactionrate.To doso,theyimplementstorage abstractionsthataredifferentthan thestandardfilesystemabstractions usedbyapplicationsnotrunningina cloud.Portingapplicationstothe
Page7

 cloudrequiresafundamental understandingofhowthese abstractionswork.Further,toensure thatapplicationsachievethedesired performanceandrobustnesslevelsin thepresenceofdynamicallychanging cloudprovisioningactivity,aclear understandingoftheirresourceusage (particularlyforstorage)isneeded. Step3:DesignaVMDevelopment Consultancy Usersandapplicationdevelopment groupswillneedhelpinidentifying, developing,anddebuggingthevirtual machinestheywillultimatelyuseto hosttheirapplications.Often,private cloudadministratorsprovideabase setofpreconfiguredVMsfromwhich usersmaychoose,particularlywhen thecloudisfirstdeployed.These initialVMsneedtobedevelopedand catalogedinawaythatallowsusersto understandtheirusage.Asthecloud matures,userswillwanttocreate theirownVMseitherfromscratch,or bymodifyingtheimagesthathave beenpreinstalled.Tohelpuserswith thesetwonewrequirements,an organizationalunitwithexpertisein operatingsystemandmachine configurationisneeded.Thecloud providesaselfserviceinterfacefor provisioningandrunningvirtual machines.Buildingandcustomizing virtualmachinesstillrequires infrastructureexpertise,although becausetheyaresoftware abstractions,thisexpertisecanbe offeredasaconsultancyratherthanas
2010EucalyptusSystems,Inc. www.eucalyptus.com

aserviceprovidedbydatacenter operations. Step4:DevelopAccountingand RechargePoliciesAdaptedtoSelf service Automaticselfservicecarrieswithita differentsetofincentivesforresource usagethaninatraditionaldatacenter setting.Ifuserscansimplyacquirethe machinestheywanttouse,theymay notalwaysreleasethemwhenno longerneeded,orworse(ifresource shortfallsoccur)theymaychooseto hoardthosetheyhavebeenallocated. Inapubliccloud,rentalischargedby theallocatedhoursouserswhofailto returntheirresourcesaresimply chargeduntiltheydo.Inaprivate cloud,whereresourceefficienciesare paramountandusersbankaccounts arenotchargeddirectly,an accountingandresourcepolicymust bedevelopedtoincentivize responsibleresourceusage.For example,quotasonoccupancy(e.g., leases)canbeimplemented. However,applicationterminationor suspensionduetoaquotaviolation maynotbethebestresponsebythe system.Apolicythatinformsthe errantuserofaquotaviolationand discouragesthequotaabusinguser forrepeatedmisuseisnecessaryfor thesystemtobeefficient. Step5:ArchitectaDeploymentand DeployaPrivateCloudInfrastructure Privateclouds,likeotherdatacenter hostedsoftwareservices,canbe
Page8

 architectedtoleveragethecompute, storage,andnetworkingresourceson whichtheyrun.Keyarchitectural designelementsincludethemixof directattachedandnetworkattached storage,thetopologyofcloudservice componentswithrespecttonetwork connectivity,theinteractionbetween hostedVMsandlocalnetwork securitypolicies,andthemanagement androutingofinterVMnetwork traffic.Ideally,privatecloudsare highlyconfigurablesothattheycan takeadvantageofexisting infrastructureifitispresent,orusean infrastructurespecificallydesignedto actasacloudinthemostefficientway possible.Allprivatecloudplatforms supportauniversalbaseline configurationthatcanbeusedtoget aninitialdeploymentupand functioning.Likealldatacenter infrastructure,adesignand deploymentplanwillbeneededto achievemaximumeffectivenessina productionsetting.

TheEucalyptusOpenSource PrivateCloud

EucalyptusisaLinuxbasedopen sourcesoftwarearchitecturethat implementsprivateandhybridclouds withinanenterprisesexistingIT infrastructure. AEucalyptusprivatecloudis deployedacrossanenterpriseson premisedatacenterinfrastructure andisaccessedbyusersover enterpriseintranet.Initially
2010EucalyptusSystems,Inc. www.eucalyptus.com

developedtosupportthehigh performancecomputing(HPC) researchofProfessorRichWolskis researchgroupattheUniversityof California,SantaBarbara,Eucalyptus isengineeredaccordingtodesign principlesthatensurecompatibility withexistingLinuxbaseddatacenter installations.ThusEucalyptuscanbe deployedwithoutmodificationonall majorLinuxOSdistributions, includingUbuntu,RHEL,CentOS,and Debian.Further,Ubuntudistributions nowincludetheEucalyptussoftware coreasthekeycomponentofthe UbuntuEnterpriseCloud. ThebenefitsoftheEucalyptus cloud TheEucalyptusopensourceprivate cloudgivesITorganizationsthe featuressoessentialtoimprovingthe efficiencyofanITinfrastructure, includingthefollowing: Datacenteroptimization. Eucalyptusoptimizesexisting datacenterresourceswith consolidationthrough virtualizationofalldatacenter elements,includingmachines, storageandnetwork. Eucalyptusiscompatiblewith mostwidelyusedvirtualization technologies,includingXenand KVMhypervisors. Automatedselfservice. Eucalyptusautomates computerresource provisioningbyallowingusers
Page9

 toaccesstheirownflexible configurationsofmachines, storage,andnetworking devicesasneededthrough standardizedwebservice protocols. Webservicesbased. Eucalyptususesuniversally acceptedWebserviceprotocols internally,makingits installation,operation,and maintenancesimilartothatof ahighqualityecommercesite. Scalabledatacenter infrastructure.Eucalyptus cloudsarehighlyscalable, whichenablesanorganization toefficientlyscaleuporscale downdatacenterresources accordingtotheneedsofthe enterprise. Elasticresource provisioning.Theelasticityof aEucalyptuscloudallows userstoflexiblyreconfigure computingresourcesas requirementschange.This helpstheenterpriseworkforce remainadaptabletosudden changesinbusinessneeds. Opensourceinnovation. Highlytransparentand extensible,Eucalyptusopen sourcecorearchitecture supportsvalueadding customizationsand innovationsprovidedbythe opensourcedevelopment community.TheEucalyptus opensourcesoftwarecoreis availableforfreedownloadat www.eucalyptus.com. Hybridcloudcapability. EngineeredtoemulateAmazon WebServices(AWS), Eucalyptusinteracts seamlesslywithAmazonpublic cloudservices,includingEC2 andS3,withnosoftware modificationrequired.This allowsITorganizationsto quicklycloudburstintothe publiccloudspacewithout purchasingadditionaldata centerhardwareduringvery largespikesinenterprise resourcedemand.

EucalyptusSystems Eucalyptussystems,Inc.offers enterprisegradetechnologysolutions thatbuildupontheEucalyptusopen sourcesoftwarecorewithefficiency enhancingadditions,including customizeduserinterfaces,enhanced automatedprovisioningwith automatedlegacysupport,image management,autoscaling,auditing, metricsandaccountingtools,and supportforSLAs. Nowavailable,EucalyptusEnterprise Edition,EucalyptusEE1.6,includes supportforproprietaryvirtualization technologies,includingVMwares vSphere,ESXandESXi.

2010EucalyptusSystems,Inc. www.eucalyptus.com

Page10

 Eucalyptusconsulting,training,and supportservicesareavailableonline atwww.eucalyptus.com,viaphoneat 1 (866) 456-3822 (EUCA), viaemail atsupport@eucalyptus.com. Or,visitourEucalyptusopensource communitysiteat http://open.eucalyptus.com.

EucalyptusSystems,Inc. 130CastilianDrive,Goleta,CA93117USA 1(866)4563822(EUCA) www.eucalyptus.com Copyright2010 EucalyptusSystems,Inc.Allrightsreserved. EucalyptusisaregisteredtrademarkofEucalyptusSystems,Inc.

2010EucalyptusSystems,Inc. www.eucalyptus.com

Page11