Table of Contents

Faster, Better and Cheaper .................................................................................................... 4 The Three Foundational Shifts in Information Technology ...................................................... 5
Cloud Infrastructure .......................................................................................................................5 Embrace Commodity Computing ......................................................................................................... 5 Avoiding vendor lock-in........................................................................................................................ 5 Hybrid Clouds & Marketplaces ............................................................................................................. 5 Reduced Cycle Times ......................................................................................................................6 Implement Continuous Delivery .......................................................................................................... 6 Implement Continuous Delivery on Cloud ........................................................................................... 6 I.T. as a Service ..............................................................................................................................7 Services Are Directly Requested By Users............................................................................................ 7 Cloud Offerings are Just Another Service........................................................................................... 7

The Perfect Hybrid Cloud ....................................................................................................... 8

The End-to-End Solution.................................................................................................................8 The Solution ......................................................................................................................................... 8 Private Cloud Hardware .................................................................................................................9 CPUs for Private Clouds ....................................................................................................................... 9 High Memory vs. High Computation .................................................................................................... 9 Memory Configuration for Private Clouds ........................................................................................... 9 Servers ................................................................................................................................................ 10 Network Configuration....................................................................................................................... 10 Storage Configuration ........................................................................................................................ 10 Hypervisors......................................................................................................................................... 11 Operating Systems ............................................................................................................................. 11 Cloud Platform............................................................................................................................. 12 The Eucalyptus Solution ..................................................................................................................... 12 Conceptual Architecture .................................................................................................................... 12 Cluster Configurations ........................................................................................................................ 13 Logical & Physical Architecture .......................................................................................................... 14 Release Automation..................................................................................................................... 15 The rPath Solution .............................................................................................................................. 15 Creating Software Packages & Images ............................................................................................... 17 Deploying Images to the Cloud .......................................................................................................... 18 Modifying Images in the Cloud .......................................................................................................... 18 Self-Service and the Service Catalog ............................................................................................. 19 Spanning Physical, Virtual & Cloud Environments ............................................................................. 20 The Service Catalog ............................................................................................................................ 20 Self-Service Provisioning .................................................................................................................... 22 Bridging External Clouds with the Private Cloud ............................................................................ 23 Eucalyptus-as-a-Service ...................................................................................................................... 23 API Compatible Clouds ....................................................................................................................... 23 Standardized Self-Service Catalog for both Private & Public Cloud ................................................... 23 Standardized Release Automation to Private & Public Cloud ............................................................ 24 Integrations & Solution Add-ons .................................................................................................. 24
Property of MomentumSI, All rights reserved. Copyright 20 10

Page 2

License Management ......................................................................................................................... 24 CMDB System ..................................................................................................................................... 24 Incident & Change Management ....................................................................................................... 25 Capacity Planning ............................................................................................................................... 25 Systems Availability Management ..................................................................................................... 25 Cloud-to-Cloud Secure Networking ................................................................................................... 25 Dynamic Configuration....................................................................................................................... 25 Image Conversion ............................................................................................................................... 26 Computing Zones ............................................................................................................................... 26 Cloud-to-Cloud Failover ..................................................................................................................... 26 Cloud-to-Cloud Bursting ..................................................................................................................... 26 On-Disk Encryption ............................................................................................................................. 27 Support non-X86 ................................................................................................................................ 27 Moving Forward with a Private/Hybrid Cloud ............................................................................... 27 Discussing Your Private & Hybrid Cloud ............................................................................................. 28

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 3

Faster, Better and Cheaper

Faster, better and cheaper pick 2, is the traditional cry echoed by individuals attempting to find an optimal target state. Its a very rare occasion when one is able to satisfy all the qualities. However, when an instance does occur, companies must rapidly prepare for the fundamental shift that lies ahead. It is our belief that just such a shift is occurring in Information Technology.

The benefits of cloud computing have been widely promoted. As corporations move beyond the education phase and into adoption, theyre witnessing the direct benefits of the ondemand, pay-per-use model. Once a certain level of cloud readiness is achieved, the goal quickly switches to being able to efficiently deal with the associated I.T. service requests related to applications and infrastructure. This includes creating new development and test environments as well as promoting environments into production. Although cloud infrastructure brought the technical solution to the table, it doesnt fix the inevitable process problems. Our experience tells us that the cloud infrastructure solution must be complemented with additional process-oriented initiatives, including: - I.T. as a Service - Cycle Time Optimization - a core concept of the Continuous Delivery movement. These concepts along with the trend of commoditized computation, virtualization and marketplaces define the new requirements for the Perfect Hybrid Cloud.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 4

The Three Foundational Shifts in Information Technology

Cloud Infrastructure
For decades, I.T. infrastructure has been providing solutions to decouple software applications from the hardware. Significant rewards were reaped from mainframe virtual environments, the Java virtual machine and hypervisors from VMware and others. Modern cloud computing technology takes these advances to the next logical step. Our goals remain the same; we want to: 1. Give developers and testers rapid access to secure, reliable computing environments; 2. Efficiently manage our computational resources (high utilization); 3. Keep costs down; 4. Avoid lock-in scenarios. Cloud infrastructure must be able to positively answer all of these considerations. Embrace Commodity Computing A core tenet of cloud computing is to use inexpensive, commoditized infrastructure elements. Practically speaking, this suggests the use of low-cost X86 processors packaged in dense blade environments typically running a variant of Linux (potentially Windows). Various strategies are being embraced on the storage side, but again, most organizations are favoring low-cost solutions over high-end storage area networks. Avoiding vendor lock-in A core requirement for modern cloud infrastructure is to embrace open standards, open APIs and where appropriate, open source. Too often, weve seen organizations curtail their use of virtualization and cloud rollouts because they chose an expensive proprietary solution that prevented cost effective scale-out. Existing proprietary virtualization solutions should be embraced for their strengths while contained to those areas where commodity solution wont suffice. Hybrid Clouds & Marketplaces By embracing commodity compute and avoiding vendor locking, an organization is well positioned to bridge their own private compute environments with external cloud providers. By creating a computing marketplace, the enterprise will force competition between internal and external offerings, driving down costs while improving service levels.

Private clouds should be designed to integrate with external clouds. The hybrid environment should leverage commodity hardware & software to ensure a cost effective scale out.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 5

Reduced Cycle Times

Rapidly provisioning hardware and operating systems has never been the end goal (its just a really important step!) Ultimately, were trying to deliver new applications and capabilities to the business in a timely and cost effective manner. To achieve this, we must coordinate the building, packaging, configuration and deployment of the application software with our target cloud infrastructure; a feat easier said than done. Esteemed I.T. visionary Martin Fowler recently commented, The time from deciding that you need to make a change to having it in production is known as cycle time and it a vital metric for any project. The perfect cloud must be purposefully designed to accommodate changes in the computing environment, applications and configurations. The accepted practice of continuous integration has now expanded to one of continuous release, or as some refer to it, continuous delivery. Implement Continuous Delivery Moving an application from development to test, stage, or production often causes problems because of the dependencies on the new environment. For instance, the test version of the application requires use of the test version of the database server. These configurations must be decoupled from the application binary. Core to reducing cycle times is proactive management of the entire software environment. Automated build processes must have configuration information separated from the binaries and be centrally stored and versioned. Ultimately, the desired state of the application should be precisely modeled and digitized to enable a zero-defect recreation of the environment. Implement Continuous Delivery on Cloud These practices are true in a cloud or traditional environment; however, in cloud they become much more evident. Cloud enables push button hardware provisioning, which has the potential to significantly reduce cycle times. However, to significantly affect the cycle time, practitioners must take the next step of automating the build, configure and deployment processes.

To significantly affect the cycle time, practitioners must automate the build, configure and deployment processes in their cloud environment.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 6

I.T. as a Service
Information technology has a reputation for not always delivering on its promises. For decades, I.T. faced rapid changes in hardware and software systems forcing systems professionals to spend their time mastering new programming languages, operating systems and middleware. A side effect of this was that not enough attention was being spent on I.T. processes and achieving repeatable, standardized methods for delivering solutions. In response to the growing need for process, a focus was put on the servicification of I.T. Large enterprises were able to deconstruct the activities that they performed into repeatable offerings. Depending on the size of the organization, hundreds, if not thousands of both manual and automated services were identified, the majority of which would have no intersection with cloud for years to come. As a best practice, I.T. organizations are now encouraged to plan their cloud offerings as services and to ensure that they dont create new computing silos. Early adopters of cloud computing often rushed to a cloud solution by adopting a starter cloud solution. Although the solution was able to introduce users to the concepts of cloud computing, users were being pushed to use a new cloud portal which had a small subset of the I.T. services offerings. Services Are Directly Requested By Users A core tenet of cloud computing is self service. Our recommended practice is to embrace self-service, but to not create yet-another-portal that I.T. users must visit to request services. Instead, we recommend leveraging a unified I.T. self-service storefront and cloud portal with a menu or catalog of service options (i.e. a service catalog) to make cloud requests for both internal and external cloud services. Cloud Offerings are Just Another Service Like any other service, cloud offerings should have a full support structure around them. Each service should have owners, usage descriptions, costs, quality levels, troubleshooting processes, roadmaps, etc. Implement predefined policies to expedite cloud provisioning while diminishing the need for exception path approvals. Involve your users in the design of the services their feedback is important because people instinctively support things that they helped to create.

The cloud solution must fully embrace the I.T.-as-a-Service concept, not create a new silo.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 7

The Perfect Hybrid Cloud

The End-to-End Solution
The perfect private / hybrid cloud must deliver on all three of the changing paradigms: I.T. as a Service, Cloud Automation and Reduced Cycle Times. More importantly, it must deliver these through an integrated environment that provides the right security and control in the right places, compounding the benefit. The Solution To achieve our target state, MomentumSI has selected several best-in-breed components and brought them together under a united solution set.

In addition to the vendors identified in Figure 2, the Perfect Private / Hybrid Cloud names a number of additional products which we believe are category leaders for this class of solution. Combined, the solution satisfies our stringent criteria for a next-generation enterprise grade cloud solution.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 8

Private Cloud Hardware

The advantage of the private cloud is the ability to have full control over the environment allowing you to tailor it. Factors affecting the design of the cloud include performance considerations, security & compliance needs, computationally intensive workloads and storage intensive workloads. The disadvantage is the need to pay for the infrastructure up-front and then to support and maintain the environment over its life. Most organizations recognize that this is the current state in their traditional data center environment and view the private cloud as a stepping stone to hybrid and externally cloud providers. Although the specific requirements for designing the private cloud will vary based on scenario, were providing guidance based on MomentumSIs field experience.

CPUs for Private Clouds MomentumSI is recommending the use of Intel Xeon processors for use in private cloud environments. As Intel continues to release new versions of their CPUs its hard to make a static recommendation. However, key characteristics include: 64 bit architecture Low power consumption Use of their Hyper-Threading Technology Use of their Hardware Virtual Machine (HVM) Technology (VT-X) Large L3 cache High Memory vs. High Computation The common practice for profiling workloads is to distinguish between those that need significant memory (often for large caches) versus those that perform heavy computation as these profiles are traditionally configured differently. For high memory systems, we recommend dual socket quad-core processors. Typically these are in the Xeon 5500 series or equivalent. For high computation systems, we recommend the Xeon 5600 series in a dual socket and 4 or 6 core configurations. Memory Configuration for Private Clouds For memory intensive nodes, we recommend 16-64 gig of memory (depending significantly on the applications). For computationally intensive nodes (and non-memory intensive), 8-16 gig is recommended.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 9

Servers For private cloud servers, were recommending the Dell PowerEdge C Series rack servers. These systems utilize the Intel Xeon 5500 and 5600 series processors with dual socket quad-core and six-core configurations. The servers leverage DDR3 DIMM allowing up to 144GB of memory. The servers have been approved hypervisor support for both VMware and Citrix. Network Configuration The Dell PowerEdge servers can implemented in a variety of I/O configurations, including GbE, 10GbE, Fibre Channel and Infiniband. Unless the enterprise standard dictates otherwise, we are recommending the use of 10GbE. A switch should be selected which matches this configuration such as the Cisco Nexus 5000 Series. A multi-purpose network security device such as the Cisco ASA 5500 series is recommended to fulfill firewall, intrusion detection, VPN clustering and load balancing needs. Integrated Service Routers should be sized according to the capacity and performance needs of the cloud. The network itself should be configured to create a VLAN between appropriate machines. Assume high data transfers on this network, most likely requiring a 10GbE solution. Individual clusters will have internal IP addresses but have the ability to expose multiple external addresses. Newly instanced machines may need to request a static IP address. In our configuration, the VLAN, security groups and IP assignments are capability provided by Eucalyptus solution. Storage Configuration The data services built on the cloud infrastructure will vary significantly in their needs. For this reason, we recommend a three tiered storage strategy to optimize price/ performance and recovery time objectives. Tiers include: 1. High speed Storage Area Networks (SAN); 2. Network Attached Storage (NAS); and 3. Tape or equivalent inexpensive archival system. Our design intentionally precludes Direct Attached Storage (DAS) to avoid the temptation of durable data being hostage to a single server that may fail. The intention is to keep all storage in a shared area; this includes images and application data. Vendors, prices and models will vary significantly based on the size and characteristics for the target cloud environment.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 10

Hypervisors Over the last several years, hypervisors have matured significantly. VMware, Microsoft HyperV and Xen continue to dominate the landscape. Naturally, Xen is most commonly found in Linux heavy shops while HyperV is primarily used for virtualizing the Microsoft technologies. Historically, VMware dominated in the enterprise but has recently seen its marketshare slip as other hypervisors offer enterprise-grade features as a cost competitive price. Most large companies already have a significant investment in one or more hypervisors and would find it very costly to replace them. At the same time, theyre questioning if they can have a more cost effectively tiered hypervisor strategy. By tiering hypervisors based on business criticality, organizations are able to save money by only using expensive hypervisors for business critical applications and leveraging the less expensive hypervisors for less critical needs (dev, test, demo, etc.). To achieve this, a cloud control layer must be implemented. This function sits over the various hypervisors and provides a single API and proxy to the individual virtual machines. In this way, organizations can have the best of both worlds: a choice in hypervisors while maintaining a single virtual cloud of them all. Our recommendation for selecting a hypervisor is, it depends. Careful consideration must be given to the application workloads, scale out costs and adoption in commercial cloud providers. As a rule of thumb, were continuing to recommend the use of the major suppliers (VMware, Microsoft and Citrix XenServer). Operating Systems Hypervisors enable the execution of guest operating systems. Our customers typically run RHEL, CentOS, Ubuntu or Windows Server 2003/2008 in either 32 or 64 bit versions. The decision is made based on the needs of the applications that reside on the OS. Virtually all of our customers support Windows as well as at least one flavor of Linux. Regardless of the operating system, organizations should settle on specific vendors and versions. These decisions should make their way into a standard model that contains all of the right patches, utilities, etc. The model should be declarative specification that guides provisioning, security and system maintenance. MomentumSI provides best practices on the creation and maintenance of the model.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 11

Cloud Platform
Virtualization technologies play a significant role in the private/ hybrid cloud solution. However, their primary role is slave to the cloud platform. Just as virtualization solutions do a good job of abstracting a workload from a single computer, cloud platform solutions decouple workloads from any one machine, storage device or network. MomentumSI selected Eucalyptus to provide an enterprise grade cloud platform. Key factors included: Support for multiple hypervisors (Xen, VMware, KVM, etc.) Use of Amazon AWS API allows 3rd party ecosystem tools to be use with Eucalyptus Embracing open standards and open source, allowing customers to mitigate vendor lock-in Extensive feature set (compute-as-a-service, BLOBs, block storage, etc.) The Eucalyptus Solution Eucalyptus is an open source cloud platform. The OSS project is backed by a commercial company, Eucalyptus Systems, which provides paid support and extended features. Fundamentally, Eucalyptus allows an organization (enterprise or hosting provider) to turn traditional data center equipment into an infrastructure-as-a-service environment, similar in nature to Amazon EC2. In fact, Eucalyptus has modeled their API to be fully compatible with Amazon Web Services, enabling their solution to leverage the vast set of Amazon tools that have emerged. In addition, their tooling and image formats allow for users to easily switch between delivering applications from internal private clouds, to externally hosted Eucalyptus instances or alternatively, directly on the Amazon cloud. Conceptual Architecture The Eucalyptus system is divided into a number of modules enabling a highly scalable and redundant architecture. The primary elements are: Cloud Controller (CLC) The CLC is responsible for exposing and managing the underlying virtualized resources (servers, network, and storage) via a well-defined API (Amazon EC2) and a Web-based user interface. The CLC is responsible for querying the node managers for information about resources, making high level scheduling decisions, and implementing them by making requests to cluster controllers.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 12

Cluster Controller (CC) The CCs gather information about a set of VMs and schedules VM execution on specific NCs. The CC also manages the virtual instance network and participates in the enforcement of SLAs as directed by the CLC. All nodes served by a single CC must be in the same network domain. Node Controller (NC) NCs control the execution, inspection, and termination of VM instances on the host where it runs, fetches and cleans up local copies of instance images (the kernel, the root file system, and the ram disk image), and queries and controls the system software on its node (host OS and the hypervisor) in response to queries and control requests from the cluster controller. The Node controller is also responsible for the management of the virtual network endpoint. Storage Controller (SC) SCs implements block-accessed network storage (e.g. Amazon Elastic Block Storage -- EBS) and are capable of interfacing with various storage systems (NFS, iSCSI, etc.). An elastic block store is a Linux block device that can be attached to a virtual machine but sends disk traffic across the locally attached network to a remote storage location. An EBS volume cannot be shared across instances but does allow a snapshot to be created and stored in a central storage system such as Walrus, the Eucalyptus storage service. Walrus Object Storage Walrus (put/get storage) allows users to store persistent data, organized as eventually consistent buckets and objects. It allows users to create, delete, list buckets, put, get, delete objects, and set access control policies. Walrus is interface compatible with Amazons S3. The Management Platform The Management Platform provides an interface to various Eucalyptus services and modules. These features can include VM management, storage management, user/group management, accounting, monitoring and enforcement SLAs, cloud-bursting, provisioning, etc. Note that this functionality focuses on administrative functions, not user services. User functions are handled via the self-service storefront and service catalog (see below for the section on newScale). Cluster Configurations Virtual machines are managed by a Node Controller (NC) and are grouped together by a Cluster Controller (CC). Eucalyptus allows the administrator to define the number of VMs per server. The number allocated will depend on the target hardware and the profile of the workload (heavy vs. light) but will typically vary from 4-20. This number will be affected by the amount of memory in the system, as physical memory is shared across the virtual instances.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 13

Logical & Physical Architecture The Private Cloud lives inside of your current data center acting as a special purpose elastic computing resource. From a networking perspective, the private cloud is segmented into its own subnet for security and traffic management purposes. The cloud can be expanded by adding cluster controllers or by increasing the number/size of the servers inside of cluster.

Within the clusters, Eucalyptus offers a VLAN network that uses the Cluster Controller as a router for all active VMs in the cluster. This feature can be used to create availability zones for failover / disaster recovery scenarios.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 14

Release Automation
Eucalyptus provides the software necessary to turn a traditional virtualization landscape into a full-featured cloud. However, it doesnt answer the question of how to best package the software for deployment to the cloud. In our quest to reduce cycle times, enterprises must prioritize the ability to package and deploy software to cloud environments. MomentumSI selected rPath to provide an enterprise grade release automation solution. Key factors included:
Powerful system and software modeling for driving accurate provisioning and updates Best-in-class software packaging & dependency management Ability to work across physical, virtual & cloud environments Version controlled hub for software distribution and change

The rPath Solution rPath is a model-driven and version-controlled solution for system automation. Based on a version-controlled repository, rPath acts as a software distribution hub (Figure 4.) for controlled reuse of application, OS, middleware and other system artifacts. From this hub, version controlled system components can be reused (directly from rPath or by populating the newScale service catalog) to construct new systems and business services that are consistent, compliant and dependency complete. These business services are ready to deploy to any physical, virtual or cloud environment and theyre easy to update, patch, roll back or regenerate automatically and on demand.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 15

These centrally managed system components are integrated back through their software supply chaincustom, commercial, and open source. As changes are made to these software sources, they can be easily flowed through rPath and propagated across deployed systems and business services. rPath automates four key functions for IT system deployment and maintenance: 1. Automated generation of images for rapid deployment to physical, virtual or cloud targets 2. Automated updates and rollbacks 3. Compliance reporting and remediation 4. Controlled lifecycle promotion rPath provides a unique model-driven and version-controlled approach to release automation. Model-driven Unlike script-based automation solutions, rPath deeply models the entire software stack as a detailed manifest, providing a canonical description of all of the software, dependencies, configurations, and policies relevant to a specific system. rPath generates this manifest via two automated functions that rPath performs natively: (1) Dependency discovery/resolutionrPath automatically discovers and resolves the entire dependency chain, ensuring that systems are complete and ready to deploy; (2) Enforcement of IT policiesrPath allows IT to define and enforce build-time policies to ensure conformance to corporate and regulatory standards and best practices. This model becomes the basis for generating images for rapid provisioning and conflict-free system updates across any physical, virtual or cloud-based environment. Version-controlled rPath is the only vendor that offers a fully version-controlled release automation solution. rPath isn't a source code control management (SCCM) system. Rather, it borrows many of the key principles from source code control, providing deep control to management of deployed software systems for managing scale and change. With rPath, every system artifact is versioned: Application components OS components Middleware components Policies Configurations Installation Scripts Manifests
Property of MomentumSI, All rights reserved. Copyright 20 10

Page 16

This provides several key advantages: Systems can be defined hierarchicallywhere systems are defined as branches from base platform components that are managed centrally and reused as referenced links. Changes are made centrally at the top of the hierarchy and cascaded across deployed systems. Systems are defined by a single version numberrather than dozens or hundreds of individually versioned packages that typically describe a deployed system Versioned systems can be controlledrolled forward, rolled back or rolled out in phases Version systems can be consistently reproducedacross lifecycle phasesdev, test, production, support Simplified troubleshootingdifferences between system versions can be bisected for rapid identification of root causes of outages How does this approach apply to the perfect private cloud? rPath delivers three crucial use cases: creating cloud images for deployment, deploying images to the cloud, and maintaining running systems in the cloud. Creating Software Packages & Images The traditional provisioning approachbuild each new machine from scratchis completely inappropriate for the cloud. The cloud calls for ready-to-run, fully baked images that include everything the new system needs, such as the OS, patches, middleware, application programs, and configuration data. But maintaining a library of such golden images is prohibitively expensive. It is simply too difficult to make needed changes to a static image without breaking something. rPath provides a unique, best-of-both worlds approach. You import your software and configurations into the rPath hub, and create flexible models for your systems and applications. These models are easy to change, understand, and validate. Then, rPath dynamically generates complete imagesfor any physical, virtual, or cloud environmenton demand. These images accelerate provisioning, but are fully discardable. Given a models version number, rPath can always regenerate that models image.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 17

Deploying Images to the Cloud In addition to generating images, rPath integrates directly into downstream hypervisors and cloud managers to upload and validate images. For example, in an environment with Eucalyptus, rPath automatically uploads each dynamical-generated image to the Eucalyptus image store. When new systems are launched from the uploaded images, rPaths management software automatically inventories and tracks the new systems in the rPath versioned inventory. Even in a complex public/private environment with multiple deployment targets, you can see a single list of all managed systems (with the versions of the models they follow) in the rPath inventory. Modifying Images in the Cloud Clouds enable the patch-by-rebuilding model. For many applications (such as stateless grid computation engines and web front-ends), theres no loss if any given system disappears. So the best way to roll out any change is to change the model, rebuild the image, and simply replace the old systems with new systems. rPath image generation makes that process fast. But many applications are not so simple. Applications with interesting state or session data may need to run for an extended period of timeand in todays security environment, any system that is running for more than a few days may require a patch or update. Most cloud management tools avoid this use case, but it is an IT reality. rPath solves it via the versioned inventory. When you change a system model in rPath, two things happen simultaneously: New systems you provision reflect the change going forward because rPath bakes the change into the images it generates. rPath lists the existing systems that were built with the previous version of the model, and offers to update them dynamically. Since rPath updates systems by moving from one validated model version to another validated model version, the changes are safe, incremental, and roll-backable. The result is a best-of-both worlds approach to cloud systems. Whether your application enables patch-by-rebuilding or not, a single model can automate the complete lifecycle.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 18

Self-Service and the Service Catalog

The newScale Solution The newScale software suite provides the set of solutions necessary to fulfill the I.T. as a Service vision. Their offering takes a service-centric perspective, providing standardized I.T. offerings through a self-service portal with orchestration and lifecycle management for automated delivery and tracking. I.T. product managers are able to fully describe and promote their offerings in a portal for their users. Enterprise architects and governance professionals can ensure consistent and repeatable processes through by enforcing policy-based controls in the newScale solution. And consumers of I.T. services can order from the catalog to provision I.T. resources in a self-service manner. In cloud computing, self-service is a high priority. Users expect the ability to provision infrastructure in minutes, not days, weeks or months. By providing a single source of truth for I.T. services within newScale, users are able to enjoy the one-stop-shopping and consumer-like e-commerce experience that they have come to expect. Different tiers of services and options can be presented with marketing templates to help drive demand to lower cost options (supporting a virtual-first or even cloud-first approach). With self-service through a catalog of standardized options, IT organizations can eliminate the back-and-forth requirements gathering process, orchestrate automation across IT silos, and improve visibility into demand to help ensure more accurate capacity planning. Once services are requested, newScale provides the orchestration and lifecycle tracking to manage the endto-end process from provisioning to re-purposing or decommissioning as well as the visibility into consumption to enable service-based cost allocation showback or even chargeback. MomentumSI selected newScale to provide an enterprise-grade self-service storefront and cloud automation solution. Key factors included: Ability to define and publish standardized infrastructure offerings in a service catalog Enable self-service with an easy-to-use "e-commerce" ordering experience Govern approvals and orchestrate the end-to-end provisioning process Ensure operational compliance and track the lifecycle for workloads Manage consumption and costs, with visibility to enable pay-per-use billing. Ability to integrate with the cloud ecosystem (release automation, infrastructure providers, etc.)

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 19

Spanning Physical, Virtual & Cloud Environments A core philosophical tenet that we want to drive home is that the various environments (physical, virtual & cloud) should not create silos! To the greatest extent possible, the environments should be managed by a consistent process and tooling base. It has been our experience that if an organization treats each of these as one-off environments, they will be unable to achieve the cost savings or agility they desire. In addition, silos in the physical or virtual areas will create barriers to cloud adoption. Conversely, if the aforementioned are treated with consistent processes and tools, our users and auditors will feel more confident and secure in the environments. This in turn will create a much more rapid and natural progression into a cloud environment. The same benefits are also gained when both private and public clouds are managed with such consistency. In fact, the better visibility the service catalog has of the available options, the better it can steer consumers to the best-fit or lowest-cost offering. The newScale RequestCenter application offers pre-configured integrations to third party systems across physical, virtual and cloud environments including virtualization tools like VMware and public cloud providers such as Amazon EC2 cloud for automated provisioning, deprovisioning and management of servers, storage and associated services. The same capability can be utilized to manage your Eucalyptus private cloud. The Service Catalog newScale RequestCenter provides end users with a personalized view of the service catalog representing a one-stop portal destination for requesting any type of service and tracking service request status.

Users see the services in the catalog that they are entitled to order, based on their functional position, location, and associated permissions. With seamless integration to LDAP and Active Directory, IT organizations can manage authentication and authorization to ensure employees request only those services appropriate to their job function.
Property of MomentumSI, All rights reserved. Copyright 20 10

Page 20

When used together with newScale LifecycleCenter, IT can provide a pre-built wizard guide for ordering services, to improve self-service, encourage adoption of IT standards, and drive down costs. With this guided self-service shopping experience, users are steered to the right service package that best matches their needs. Policy-based controls and approvals ensure that the right governance and compliance policies are enforced. From our perspective, the service catalog performs four primary functions: 1. It communicates standard options, specifications and costs of services. 2. It enables self-service access to virtual and cloud services 3. It coordinates and orchestrates the provisioning process 4. It tracks and manages the service lifecycle and usage Enterprise I.T. organizations must focus on reducing operational costs. To achieve impactful results, it will be important to simplify ongoing, repetitive management tasks through automation, while hiding the technical complexities from the users. By doing this, organizations can continue to better define standard service options and service tiers, leading to overall improvements in service quality. The service catalog is the heart of the service simplification movement and thus, is core to our private/hybrid cloud solution.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 21

Self-Service Provisioning In our solution, we leveraged rPath to assemble the solution and make it available to the newScale catalog. From here, users are able to provision the services. Behind the scenes, the appropriate orchestrations occur: newScale validates authority & rules and makes API calls to Eucalyptus Eucalyptus evaluates the calls and in turn, manages and executes the calls to the appropriate hypervisors or cloud API.

Once the service is requested, it is tracked and managed through the newScale LifecycleCenter application:

Through this integrated environment, users have a consistent window into their physical, virtual and cloud environments. newScale LifecycleCenter enables IT managers to track the end-to-end lifecycle of service requests including decommissioning or repurposing those resources at the end of their lifecycle, to prevent server sprawl, virtual sprawl, or cloud sprawl. This usage and tracking information can also be leveraged for providing a bill-of-services for showback or chargeback.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 22

Bridging External Clouds with the Private Cloud

The Private Cloud weve described enables organizations to more effectively utilize computing resources and to better respond to internal I.T. infrastructure requests. To complement the private cloud, many organizations are joining their private cloud with an externally provided public cloud. By combining private and public clouds a hybrid cloud is created. Each cloud segment can be used to it strength. The private cloud can run the most sensitive production payloads and provide low-latency integration access to other internal applications and data sources. External clouds can be used for failover, disaster recovery, development & test environments, one-time burst computing jobs, new computing capabilities in a specific geographic region, and so on. Although there are several different kinds of public clouds (SaaS, PaaS), our focus is purely on IaaS clouds. From this perspective, there are a couple practical options on how one can logically extend their cloud: 1. Use a hoster / cloud provider who provides Eucalyptus-as-a-Service 2. Use a public cloud provider who is API compatible, such as Amazon Eucalyptus-as-a-Service Eucalyptus is an open-source initiative with commercial backing. Due to its open nature, hosting providers are able to turn their traditional data center offerings into a cloud offering. The obvious advantage of this approach is that the software used in your data center can be a binary match to the software being used in the external cloud. This significantly mitigates the potential concern of software working in one cloud segment and not in the other. MomentumSI is working with a number of established hosting companies to provide Eucalyptus-as-a-Service capability. As a network for providers comes online, we anticipate that the competitive nature will drive down costs and also force providers to create value-added offerings to provide product differentiation. Although the differentiation could lead to a fragmentation in the offering, the core Eucalyptus services will be the common foundation that can and should be used by the internal private cloud and the external solution. API Compatible Clouds In the past, Eucalyptus has delivered an API compatible version of Amazon AWS EC2. However, we anticipate that the Eucalyptus open source community will rapidly drive the innovation of the offering. Using EC2 as an extension of your hybrid cloud is a simple and easy way to get started; however, were aware of a number of emerging solutions that will also offer computerich solutions. Our recommendation is not to worry about being Amazon API Compatible, but rather to allow the innovation in Eucalyptus and the ecosystem to drive innovation. Standardized Self-Service Catalog for both Private & Public Cloud A core tenet of the I.T.-as-a-Service vision is to use a simple and consistent approach to requesting and managing ALL I.T. services. The interaction model with the public and private cloud must be consistent, with standardized policies, security, governance and self-service
Property of MomentumSI, All rights reserved. Copyright 20 10

Page 23

experience. For this reason, were recommending the use of the newScale to provide the frontend self-service IT storefront, policy-based controls, orchestration, and lifecycle management for both private and public cloud offerings. We consider the use of multiple front-ends to individual clouds an anti-pattern, leading to cloud silos. Standardized Release Automation to Private & Public Cloud MomentumSI recognizes that the transition to cloud computing will be a gradual movement. In large companies this process will take approximately 3-7 years to truly take hold. During this transition, it is necessary to implement a standard software release model. The enterprise should use the same basic process across physical, virtual and cloud environments, as well as the same tooling. rPath provides consistent tooling that can create software deployment packages for private Eucalyptus environments as well as Amazon, VMware and other leading providers. Again, it is important not to create one-off processes or proliferate a number of tools across the environments. Simplicity should be the rule for managing the environment.

Integrations & Solution Add-ons

The private/hybrid cloud weve described serves as a solid foundation. Many enterprise customers choose to implement this solution profile as the base and then extend the capabilities with a number of traditional infrastructure and operational capabilities. This section identifies several of the popular integrations and cloud add-ons that are requested. License Management Enterprises need to re-think how they purchase, allocate and account for software licenses as they move to a cloud environment. The scope of this project reaches across purchasing, legal, license management, and cloud administration teams and must be carefully thought out. Will your current licenses allow the type of cloud usage you are planning? What will your company policy on the purchase of future licenses look like to maximize your cloud potential? How will you track and manage the usage of these licenses in the cloud? MomentumSI has helped clients answer all of these questions and implement the tools needed to safely and efficiently manage licenses in the cloud. CMDB System The use of a configuration management database (CMDB) in a cloud environment will look nothing like the CMDB in a typical enterprise. The way you do discovery, federation and general ITSM activities in a global cloud platform can be totally different than what your legacy CMDB was built to do. In most cases, enterprises will find that they will want CMDBlike qualities embedded in to their cloud infrastructure platform or service catalog, and not living as a stand-alone system. In fact, newScales lifecycle management effectively provides a
Property of MomentumSI, All rights reserved. Copyright 20 10

Page 24

service management database (SMDB) that provides tracking and management for the IT resources requested and delivery. In most situations, this may be sufficient for cloud in other cases, it can be integrated to an existing legacy CMDB. Incident & Change Management The old saying the bigger they come, the harder they fall applies well to cloud environments. A small change-gone-wrong scaled to thousands of VMs can quickly turn in to a major problem if not properly managed. The distributed nature of cloud environments across facilities, platforms and providers makes managing both large and small incidents a core part of enterprise cloud projects. Most enterprises already have an incident and change management platform that can be modernized to accept the different inputs and data types generated by a cloud platform. Capacity Planning A by-product of proper monitoring and metering will be the seamless ability to forecast capacity needs and provide just the right amount, in the right place, at the right time. But to really take advantage of the concept of cloud computing, your capacity planning process and tools should look at more than peak usage. Being able to evaluate workloads in real-time to find the best location, platform and time of the day/week/month to run will not only maximize your capacity but will result in faster processing for less money. Systems Availability Management Just like in traditional IT environments, measuring and reporting against Slaps is an important function. MomentumSI recommends that clients measure the following six areas in the cloud, at a minimum: Availability, Reliability, Recoverability, Maintainability, Resiliency and Security. In addition, clients should consider monitoring things like capacity, cost, incidents/tickets, change requests and dozens of other metrics depending on their goals and needs. Being able to get this data out of your global cloud environment and report on it is essential to meeting or exceeding the Sals your business demands. Cloud-to-Cloud Secure Networking As your cloud platform expands it will encompass far more than just a single facility. Youll be using resources that span countries, providers and technologies. Making sure your data moves safely and seamlessly from one part of your cloud to another is key security practice. Can you prove to an auditor that traffic arriving from another part of the cloud has not been viewed or changed by anyone else along the way? As more critical aspects of your business start to run in the cloud, things like traditional SSL and VPN will not be enough for most organizations you need a layered approach to addressing this problem. Planning for this up front will save time and money later. Dynamic Configuration Automation tops the list of must-dos in the cloud to obtain the efficiency of scale that makes cloud so attractive. Make sure that your cloud platform is capable of automated, dynamic configuration of things like policies, network rules (VLAN, Firewall, routing), resource allocation
Property of MomentumSI, All rights reserved. Copyright 20 10

Page 25

and account/user management. Using a standalone or integrated configuration engine to apply standards and management of this dynamic configuration is a good way to reduce your administrative burden while not losing control of the environment. Image Conversion Every enterprise has standard builds of server images in a variety of different OS types and purposes, and every cloud platform and hypervisor has a slightly different way they need to see those images packaged. There are both manual and automated tools available that will take a single image designed for one platform or provider and convert it to run in one or more other environments. As both the number of images and the number of environments grow, this is another task best left to automation. Computing Zones Amazon calls them availability zones in their AWS service that are based on geography, but at MomentumSI we talk to our customers about Computing Zones. Weve mentioned in this document numerous times that your cloud platform will span divisions of your organization, providers, technologies, and even continents. Each of those separation points will act as physical zones, but it is best to draw and manage against your own logical Computing Zone boundaries. Maybe you want to have a zone based on geography, or by criticality of processing, or by cost let your business drivers be the guide, not what a particular provider or geography defaults to. Cloud-to-Cloud Failover Despite the overlapping, redundant nature of cloud computing failures happen and you need to be prepared for them. MomentumSI can help you convert and synchronize your machine images and data to a second or third provider and even automate the failover in case of an outage affecting your primary resources. In addition, if your cloud platform spans to or from your enterprise network, you could fail out to the public cloud or in to your private cloud resources depending on where the primary computing failure is occurring. Cloud-to-Cloud Bursting Cloud Bursting is an often-discussed topic in the industry right now and refers to the concept of adding capacity to a computing environment, only when it is needed, using the cloud. A simple example is that your company sells flowers, and your website does 500 orders 363 days out of the year. You need 4 servers to keep up with that load, and you host everything internally. On Mothers Day and Valentines Day, you do 50,000 orders and need 400 servers. Rather than keep those extra 396 servers on-site all year, you would design your application and infrastructure to burst out to the public cloud when the load exceeds what your 4 servers can offer. This is an extreme example more common would be to burst for month end processing or on a daily basis for 1-2 hours during peak load times. The trick to properly using cloud bursting is in the architecture of your application and the rules you implement around how, where, when and why to burst.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 26

On-Disk Encryption As you put data out in a shared environment, it is obvious that the risk of theft or accidental disclosure increases. Luckily, there are simple, reliable and low-latency encryption solutions available for data at rest (on disk). The hard part with any encryption project is properly storing, using and managing the keys to the encrypted data. If you store the key alongside the encrypted data, it might as well be in clear text. Just like with cloud bursting, proper architecture is essential to maximize the impact this technology can offer. Support non-X86 For most non-x86 systems and applications, running in a cloud or cloud-like environment will just feel like old times. There are providers and technology vendors offering mainframe time in the cloud, COBOL in the cloud, and other legacy systems in and around the cloud. Many people say mainframes were the original cloud because they were designed and built as the original multi-tenant, time-shared platform. The big question to ask is how much custom integration or modernization of the platform or application is required, and what will that do to the reliability and security of the original design? MomentumSI will help you see the pros and cons of moving non-x86 platforms or code to the cloud, and help you put an architecture and plan together to do it right the first time.

Moving Forward with a Private/Hybrid Cloud

Self-service private/hybrid clouds help enterprise IT deliver the simple, self-service, on-demand infrastructure services readily available from public clouds like Savvis and Rackspace. In turn, IT departments reap the following advantages: Improved agilityDeployment cycles shrink from months to minutes, making IT far more responsive to business lines and other internal customers. Reduced capital expenseUtilization of hardware capacity improves dramatically due to elastic provisioning and de-provisioning of services. Reduced operating costsSoftware infrastructure and provisioning processes are standardized and automated. Control is decentralized to decentralized constituents. Reduced riskThe controlled cloud provides an alternative to rogue deployments to the public cloud. The ability to move workloads between deployment environments (physical, virtual or cloud) avoids platform lock-in.

The core technologies and services within the MomentumSI self-service private/hybrid cloud platform include:

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 27

newScale service catalog creates a Web-based, e-commerce ordering experience for either private or public cloud services. With newScales software, IT can enable ondemand provisioning, enforce policy-based controls, manage the lifecycle for workloads, and track usage for billing. rPath release automation controls and promotes reuse of standardized software infrastructure and automates system construction, maintenance and on-demand image generation for deployment across any physical, virtual, and cloud environment. Eucalyptus cloud automation establishes an elastic infrastructure framework that enables organizations to deploy massively scalable private and hybrid cloud computing environments within a secure IT infrastructure. Eucalyptus is fully compatible with the Amazon Web Services public cloud. MomentumSI professional services provides implementation services, best practices and the adoption model for making the transition to self-service public cloud computing. Beyond the technology components, MomentumSI also addresses the people, process, organizational, and educational issues involved in optimizing each clients self-service private cloud.

Discussing Your Private & Hybrid Cloud This paper has identified a unified solution for creating a private & hybrid cloud. However, every cloud solution will be tailored to the customer requirements. MomentumSI offers a free half-day workshop to discuss the specifics of your environment and answer your questions on private and hybrid clouds. Half-Day Agenda
Briefing Review the MSI Cloud Reference Model (30 minutes) Whiteboard Session Assess your current & target cloud architecture (60 minutes) Briefing Review the MSI Apps-to-Ops Process (30 minutes) Whiteboard Session Assess your current & target delivery model (60 minutes) Discussion Next Steps (60 minutes)

Call or email to schedule a discussion MomentumSI serves enterprise customers globally. Our whiteboard workshops are free and there is never any obligation to have any service performed. Please call or email us now: sales@momentumsi.com or Phone: 512-844-1732.

Property of MomentumSI, All rights reserved. Copyright 20 10

Page 28