1 IT Infrastructure Services White Paper Emerging PaaS Models and Migration to PaaS
2 About the Author Sameer Deshpande Sameer Deshpande has over 15 years of experience in IT, and is a solution architect within the Application Management Services practice of Tata Consultancy Services' (TCS') Infrastructure Services unit. Sameer holds a Masters degree in Electrical Engineering from IIT Kharagpur. He has worked primarily in the middleware, enterprise integration and SOA areas, and has experience in Java and open source technologies. Sameer's work in the financial services, professional services, banking, insurance, and retail domains has enriched his diverse industry experience. With expertise in Infrastructure Services as well as Application Development, he focuses on architecture, application design and development, infrastructure design and implementation, and performance optimization. His present responsibilities include providing technology support for middleware and PaaS infrastructure to TCS' clients across the globe.
3 Cloud computing has been around for a few years, but recent developments in technology have made it more accessible, leading to a fundamental change in how IT infrastructure and related services are consumed. While Infrastructure as a Service (IaaS) and Software as a Service (SaaS) are the better known cloud services models, Platform as a Service (PaaS) is now making its way to the fore. PaaS helps organizations reap the benefits of cloud while allowing them to retain their unique software solutions. Over time, PaaS will evolve along multiple dimensions with different models and specialized providers, given the sheer scope of the technologies involved. For PaaS to succeed in the enterprise space, existing enterprise applications need to be easily deployable on PaaS, and cloud interoperability and PaaS service orchestration will be the key. This paper describes the emerging PaaS models and how they impact enterprise application migration to PaaS.
4 Contents About the author 2 Abstract 3 Abbreviations 5 1 Introduction 6 2 Evolving PaaS Models PaaSdeployment dimension PaaS technology dimension PaaS functional dimension PaaS usage dimension 8 3 Considerations for Migration to PaaS Architectural Considerations Cloud Service Model PaaS Deployment Model PaaS Orchestration Technology Coverage Non-functional Considerations Availability Security Disaster Recovery Portability Operational Considerations Application Monitoring Application Operations Management 13 4 Conclusion 14
5 List of Abbreviations API IaaS OASIS PaaS RPO RTO SaaS SOA TOSCA WAN Application Programming Interface Infrastructure as a Service Organization for the Advancement of Structured Information Standards Platform as a Service Response Point Objective Response Time Objective Software as a Service Service Oriented Architecture Topology and Orchestration Specification for Cloud Applications Wide Area Network
6 1. Introduction Platform as a service (PaaS) is a category of cloud computing services that provides a computing platform and related solution stack as a service. In case of PaaS, the consumer controls software deployment and configuration settings whereas the provider provides the application runtime environment, development life cycle support tools and other services that are required to host the consumer's application. PaaS facilitates the deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities. PaaS has gradually matured, and we foresee PaaS at the forefront of cloud adoption in the enterprise. This is because PaaS offers organizations access to all the benefits of cloud while simultaneously allowing organizations to retain control over how their enterprise software solutions are designed to meet their unique needs. PaaS is the enabling technology model that brings custom software development to the cloud. But the most important feature in PaaS adoption is the transition of the management of the entire life cycle of enterprise applications right from enterprise architecture, application development up to application operations on the cloud. This has huge implications for the IT organization, software integrators and service providers. There is some degree of hype surrounding PaaS. Many organizations are adopting PaaS in a piece-meal fashion and in most cases without a well thought-through strategy. Thus, instead of resulting in a costeffective, agile IT infrastructure, such haphazard adoption often leads to unrealized potential and strong vendor lock-in. Organizations should look at PaaS adoption from a holistic perspective, and understand the special considerations required to migrate existing enterprise applications to PaaS. Migration to PaaS involves assessing the suitability of an enterprise application to be deployed on PaaS, making architectural and design changes to the application to realize the full potential of PaaS, and adjusting the operational processes to minimize any operational risks. This paper describes the emerging PaaS models and outlines the factors organizations need to look at when considering migration to PaaS. 2. Evolving PaaS Models Early PaaS offerings focused on providing an application runtime environment. This included limited feature sets, such as basic application runtime, databases and simple APIs. Some PaaS providers were developer-focused, with an emphasis on application development life cycle management processes and integrated toolsets. In the last few years, the PaaS market has witnessed the emergence of multiple providers with significantly different sets of offerings. While such competition has helped bring innovation to the PaaS ecosystem, it has also led to limited interoperability and lack of common terminology. As the PaaS ecosystem matures, we expect to see an even wider set of offerings and features. We expect that features such as support for multiple frameworks and/or languages, integration capabilities, workflows, role-based fine-grained security, reporting, data management, developmentdeployment-administration tooling, support for application component and/or services marketplace will become part of the core platform services. 6
7 Since PaaS provides runtime for applications, it occupies the space traditionally associated with middleware technologies. This area has vast scope, with multiple technologies ranging from application servers and data management technologies to integration and SOA infrastructure, and so on. This diversity, coupled with technology advancement, customer demand and the need for differentiation will result in the positive and multi-dimensional evolution of the PaaS ecosystem. The dimensions of PaaS are visually represented in Figure 1, and the following sections assess each dimension. Proprietary Open, Extendable Enterprise Developer Commodity Collaboration Application Content Channel Data Management User Experience Integration Comprehensive Java.Net PHP Mix Niche Usage Dimension Functional Dimension Technology Dimension Interoperability Public Private Hybrid Community Deployment Dimension Figure 1 Platform as a Service Evolving Dimensions Interoperability between the four dimensions depicted in Figure 1 will be the key aspect for the PaaS ecosystem to thrive. The demand for standardization and interoperability will not only be driven by PaaS consumer but also by the practical constraints related to providing capability across the enormous technology landscape. Without this interoperability, Hybrid PaaS models will not succeed. 2.1 PaaS Deployment Dimension As is the case with other X-as-a-Service models, PaaS can also be delivered via the three well known deployment models: Public PaaS, Private PaaS and Hybrid PaaS. Currently Public PaaS is most used for specialized needs; it has not seen widespread adoption within enterprises due to some critical challenges. These include lack of clarity on how security and regulatory compliance requirements will be met, and difficulties in porting existing applications to the general purpose PaaS model due to each application s unique architectural aspects and special needs. 7
8 The Private PaaS model has the greatest immediate potential. However, this model is feasible only when the deployment size is significantly large. Hence Private PaaS is adopted mainly by large organizations. The main challenge is that it is difficult to find a single Private PaaS provider who can support the comprehensive stack of multiple technologies that is typical of a large organization s IT landscape. The Hybrid PaaS model provides a seamless extension of Private PaaS infrastructure (and in-house managed infrastructure) to leverage Public PaaS. Since it involves the use of Public PaaS at some stage, the same challenges facing the adoption of Public PaaS impact the adoption of the Hybrid PaaS model as well. A typical organization has many different types of application platforms. Even within a particular platform, the different applications may have strong affinities for different products. For example, in case of Java EE platform, an application may depend on a specific application server such as WebSphere or WebLogic due to the use of the proprietary APIs. This means that an organization looking to adopt a PaaS model may have to work with multiple PaaS providers within the Public or Private PaaS space and in some cases even across. In the long term, the most feasible model is a mix of Public, Private, and Hybrid PaaS alongside in-house infrastructure, which will allow different components of the enterprise application to be deployed on different types of infrastructure to achieve the maximum benefit. 2.2 PaaS Technology Dimension Currently, leading PaaS providers tend to align with dominant, general purpose enterprise technologies, such as the Java, Microsoft.Net or PHP ecosystems. These ecosystems are not homogeneous and can have large variations in technologies within them. PaaS providers are therefore choosing to concentrate on specific combinations of ecosystems in order to provide specialized capabilities. Providers such as Amazon, Heroku, and AppFog offer significant technology mixes in the PaaS space, along with support for multiple programming languages. There are also some specialized PaaS providers that focus on niche areas Force.com from Salesforce, Acquia for Drupal CMS, are examples of this kind of PaaS model. 2.3 PaaS Functional Dimension Of the three cloud service models, PaaS has the widest technology and functional spread. Since it is impossible for a PaaS provider to provide complete technology coverage, we expect specializations such as Application PaaS, Database PaaS, Integration PaaS, BPM PaaS, Collaboration PaaS, Content Channel PaaS, User experience PaaS, and others to emerge in the near future. Each of these PaaS models will have specific use cases, and PaaS providers will provide combinations of these models to differentiate themselves in the marketplace. 2.4 PaaS Usage Dimension PaaS providers will specialize in specific usage areas, such as: n Enterprise application deployment environments: Specialized for the deployment of enterprise applications with specific emphasis on availability, scalability, security, support services, disaster recovery, and so on. 8
9 n Application development environments: Specialized for application development life cycle management and associated tooling, with emphasis on productivity, automation, and ease of usage. n Commodity usage environments: General purpose application deployment with emphasis on low cost, ease of usage and support for multiple technologies. 3. Considerations for Migration to PaaS Most organizations have invested heavily in their existing enterprise applications that are running on traditional in-house data center infrastructure. Hence they are actively looking for ways to leverage the evolving PaaS models for these existing applications. There are two approaches to migrate existing enterprise applications to PaaS: n Direct deployment to PaaS with limited changes (either the entire application or part of it) n Deployment on PaaS with some level of architectural and/or design transformation In direct deployment, generally no or very minimal changes are made to the application while migrating to the cloud, typically through a Private PaaS model. The advantages include lower cost of migration, and immediate realization of basic cloud benefits such as pay-per-usage and flexibility. However, not all application architecture is suitable for PaaS deployment. Typical enterprise applications have up-stream and down-stream dependencies on other applications. These dependencies are implemented through a multitude of integration topologies, some with loose coupling and some without. In order to gain the benefits of PaaS, the application architecture must evolve while being adjusted to work within the boundaries imposed by PaaS. The second approach meets this requirement and hence is more appropriate for organizations looking for long term benefits from PaaS. We now look at the factors to be considered when adopting PaaS with architectural or design transformation. Following are some enterprise application characteristics that may pose challenges while being deployed on PaaS: n Co-location of the application layers and components n Resilience, low latency, and high bandwidth connectivity between layers n Applications disposition for vertical scaling, considering the underutilized infrastructure in traditional data centers n Performance optimization approach, based on application deployment platform tuning, that relies on fine-grained control over the deployment platform n Use of multiple technologies and frameworks, many of which may be non-standard n Dependence on enterprise level shared services related to security, directory services, data management and so on n Complex application integration scenarios with reliance on multiple architectural patterns n Application design patterns (for example, sticky session, synchronous v/s asynchronous communication) n Architectural patterns needing heavy data traffic within the WAN 9
10 Many of the listed factors are core to the application, making it technically challenging and expensive to address them comprehensively. It is important therefore, to take a pragmatic approach, using a combination of architectural adjustments and the right PaaS models to provide the best flexibility. Such an approach rests on three pillars: architectural and application considerations, non-functional considerations, and operational considerations. These are described in subsequent sections. 3.1 Architectural Considerations Cloud Service Model Although many existing applications will gain from being deployed on cloud, it is important to determine if PaaS is the right model for the given application or not. Some applications may have unique needs which cannot be fulfilled by a PaaS provider. For example, some organizations, over the years, have invested in customizing the application runtime environments optimized for their unique needs. In such cases, PaaS may not be appropriate, and the benefits of cloud can be achieved by moving to an Infrastructure-as-a- Service (IaaS) model. On the other hand, if the application under consideration is only providing commodity functionality and does not present any competitive advantage for the organization, Softwareas-a-Service (SaaS) may present a more economical option PaaS Deployment Model The decision as to which PaaS deployment model to adopt is driven by factors like security, data-related regulations and scale of usage. Although Public PaaS ensures a certain level of security, the level of transparency demanded by many PaaS consumers may not be feasible. This is one of the key reasons why the Private PaaS deployment model is popular. Application portability is one of the key considerations in the Hybrid PaaS model. Such portability will allow the application to run seamlessly on Private as well as Public PaaS. To make this happen, the application should be carefully architected so that it does not depend on a specific platform. In addition, PaaS providers must adhere to standard interfaces and frameworks. While migrating the enterprise application to PaaS, organizations should select a PaaS provider with required characteristics and also make the necessary changes to the application architecture and design. It may also be necessary to segregate application components and layers to deploy specific parts of the application on different models based on application usage patterns. In some cases, WAN bandwidth restrictions may prevent tiers from being separated, and all layers of the application will have to be deployed on a single platform. Considering this, each layer and its major components should be evaluated separately for size, security, data transfer and potential migration constraints. It is also important to understand how security zone-related application requirements will be addressed in PaaS PaaS Orchestration As the PaaS model matures, some PaaS providers will specialize in providing niche services/components, while general purpose PaaS providers will act as brokers for these niche players. Hence, the orchestration of PaaS services from multiple providers will be very critical for faster application deployment. While this may not have a significant impact on the migration of existing applications in the immediate future, as the PaaS model matures and more and more applications are migrated, such orchestration will become necessary. 10
11 Existing applications will have to adopt the same architectural principles applicable to service oriented architecture and component-based application development in order to be migrated to PaaS Technology Coverage It is important to determine what capabilities are important for the application to be migrated to PaaS. Organizations can engage a primary provider to provide most of the technology needs in areas such as: n Programming languages and frameworks Every organization generally has a dominant programming language. But there are also small pockets where different languages are used. When evaluating a PaaS provider, organizations must look for depth in at least the dominant programming language but also the capability to provide support for other languages. n Application runtime The application runtime which mainly consists of application and web servers depends on the programming language and in some cases, is dictated by the application design. It is important to have wider support for application runtime not just in terms of the vendor but also the versions supported. Some PaaS environments might not support all features of the application server and might require application changes. n Database Enough weightage must be given to the available database options and their security features to ensure they conform to organizational regulatory and security policy requirements. It is also extremely important to understand the level of access and control offered by such an environment. n Integration services No enterprise application works in standalone mode. It needs to interact with other applications deployed on the same PaaS environment as well as those outside the PaaS environment. Also, integration needs evolve over time. There are many integration technologies, with different PaaS providers offering different capabilities. Selecting a PaaS provider should not only account for the application s current needs but also address future possibilities. The PaaS provider should support technologies such as the enterprise service bus, message oriented middleware, managed file transfer and so on. It is also important to evaluate the compatibility of the application with the specific variant of these technologies supported by PaaS provider. It is given that the PaaS provider s technology stack should match with the technology stack for which the application was designed. But, wherever possible, organizations should also look for alternatives to reduce cost. For example, an application may be deployed on open source application containers instead of proprietary application servers. This may also hold true for database technologies. But while considering these options, application compatibility and performance analysis is advisable. 3.2 Non-Functional Considerations Availability When it comes to enterprise applications, availability is one of the most important aspects. In traditional data centres, the application owners and the operations team are fully aware of the boundaries of availability and elaborate policies and mechanisms are in place to address availability aspects. But when it comes to PaaS, the provider is expected to ensure the availability of the platform. In many cases there is lack of clarity about how this availability is ensured. 11
12 It is important to understand how an application will behave given the availability mechanism provided by the underlying platform. For example, application aspects like session handling, transaction handling, and rollback need to be evaluated with respect to the high availability mechanism provided by the platform. It is also important to ensure that the availability architecture of the PaaS infrastructure works transparently with the rest of the infrastructure deployed in the in-house data center or provided by another PaaS provider. While migrating existing applications, it is necessary to evaluate how abnormal conditions are handled by the application. What will be the impact of changed environmental conditions? This is especially true if the application has different components running both on PaaS and on the in-house infrastructure. As the connectivity quality on cloud may not be as good as it is within a data center, it may be necessary to modify the application design to seamlessly handle random abnormal conditions. It may also be necessary to introduce loose coupling, a message-oriented approach, and appropriate error handling with retry into the application design Security Security and regulatory compliance are critical. It is important to ask the following questions to determine the suitability and compatibility of the existing application with the PaaS infrastructure: n How secure is the underlying platform? Is the platform compliant with the relevant security standards as applicable to the organization's domain of operations? What are the security-related operational processes followed by the provider in normal scenarios as well as in crisis situations? n What security services provided by the platform can the application leverage? How resilient and open are these services? How will the services integrate and complement the security framework and/or infrastructure maintained in-house? n Can the application leverage the security framework provided by the platform? What changes will have to be made to the application design to work securely? These are very important considerations and should be addressed at the start of the decision-making process to choose the PaaS provider, or to decide on the candidate applications for migrating to PaaS Disaster Recovery While it is expected that the PaaS provider will ensure smooth operations even during major disasters, it is always prudent to find out how disaster recovery will be carried out. Even if availability is maintained, it is important to know how much the environment behavior will deviate in case of disaster, where services will be provided from, will there be changes in the compute and storage capacity, how Response Time Objective (RTO) and Response Point Objective (RPO) requirements will be achieved, and whether there will be any changes in network characteristics, including bandwidth and latency. While migrating existing applications, it is important to evaluate the PaaS provider's disaster management process and policies with respect to the services being provided, and their relevance to the application. It is important to understand how the PaaS-deployed application components and the in-house deployed application components will work together in the disaster recovery scenario. The PaaS provider's speed in achieving the reconfiguration needed will greatly impact the time to restore the services. 12
13 3.2.4 Portability Portability between PaaS providers is a growing need, and industry bodies such as OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) are working with several PaaS providers to establish guidelines and frameworks to ensure service portability. While migrating existing applications to PaaS, the portability of the application should be evaluated by asking the following questions: n What are the languages, technologies and frameworks used? Are these well-known and well supported by most PaaS providers? n Is the application tied to a particular version of any underlying technology? How easy is it to upgrade to the latest and/or commonly available version? n What is the format in which the data is stored? Is it easy to export the data? n What are the integration mechanisms used? Are they open and standards-based? 3.3 Operational Considerations It is believed that the introduction of the PaaS model will reduce the complexity of application operations, as all infrastructure and platform-related functions will be managed by the PaaS providers. This is true for small homogeneous platforms with a single PaaS provider. But in the future, we foresee organizations leveraging multiple PaaS providers with niche specialties that may lead to challenges in ensuring availability and good end-to-end performance. Application operations management will become more complex due to the involvement of multiple parties and geographically distributed infrastructure. 3.4 Application Monitoring Under the PaaS model, the operations team does not have to monitor the individual lower level infrastructure components such as hardware, storage, network and application run time environment, since the PaaS provider will ensure the availability of these components. However, the team does have to monitor the behavior of the application on the platform either through remote probes or through the means made available by the PaaS provider. This quickly becomes a complex consideration when there are multiple PaaS providers involved. It is challenging to obtain a comprehensive dashboard view of how various application components (and hence the application) are behaving through a single operations console. In a traditional in-house data center setup, this can be easily achieved through homogenous and deep tooling. While migrating enterprise applications to PaaS, the monitoring needs of the application should be evaluated; it is also important to understand how these needs will be fulfilled by the tooling provided by the PaaS provider Application Operations Management The PaaS provider ensures availability and performance of the platform. However, any issue related to the applications deployed on top of the platform must be handled by the application operations team. Although this distinction is clear in theory, in practice, it is very difficult to establish the root cause of an incident and assign responsibility. Therefore, a more collaborative approach is needed, where the PaaS provider works with the application operations team to resolve the incident. This requires well-defined 13
14 communication channels and coordination, especially in the case of major incidents or disaster-like scenarios. SLAs, the technical capability and the commitment of the PaaS provider s support team play a very important role in ensuring seamless operations. While migrating enterprise applications, organizations must identify application behavior patterns and probable root causes for different types of incidents related to the application. Due to the change in the environment, the cause-effect analysis done in the past in the data center environment may not be fully applicable in the PaaS setup. 4 Conclusion Due to the vast scope of this technology area, we expect PaaS to evolve along multiple dimensions. Today, PaaS providers are trying to differentiate themselves by providing support for different technologies and toolsets; while this is furthering innovation, it also results in a lack of standardization and interoperability. Strong demand from customers as well as industry-led initiatives like OASIS TOSCA will lead to a more open PaaS ecosystem. It will not be uncommon to see an organization leveraging PaaS services from multiple providers through well-defined cloud orchestration. From the enterprise perspective, PaaS will be at the forefront of cloud adoption. PaaS has immense potential to provide flexibility, agility and cost optimization of enterprise applications in the long term. But in the short term, complexities in migrating the enterprise applications to PaaS inhibit adoption. To realize the full potential of PaaS, enterprise architecture must adapt to accommodate cloud models, application design patterns must evolve to work with the limitations associated with PaaS, and application operations must undergo significant changes. 14
15 About TCS IT Infrastructure Services TCS IT Infrastructure Services (ITIS) practice is a strategic business unit of TCS providing you with effective infrastructure management solutions and transform your IT landscape by leveraging our expertise in next-generation models such as IaaS, PaaS, and SaaS. Our unique Global Network TM Delivery Model (GNDM ) allows you to choose the sourcing strategy best suited to run your business efficiently thus providing seamless experience across all operations. TCS ITIS has established several Technology Centers of Excellence (CoEs) across various platforms and technologies to bring enhanced value in terms of technical support, knowledge management, training, continuous service improvement and innovation for our clients Our offerings are backed by the Assess-Build-Manage-Transform framework that leverages our partner eco-system, tools and automation framework, and Technology Centers of Excellence (CoEs). Spanning the entire scope spectrum of IT and infrastructure related needs, our offerings include End-User Computing (EUC) services, IT Service Desk, Converged Network services, Managed Security services, Application Management services, Enterprise Systems Management, IT Service Management, Data Center services, Mobility services, Cloud services and Transformational solutions. Contact To know about TCS PaaS Offering, contact Subscribe to TCS White Papers TCS.com RSS: Feedburner: About Tata Consultancy Services (TCS) Tata Consultancy Services is an IT services, consulting and business solutions organization that delivers real results to global business, ensuring a level of certainty no other firm can match. TCS offers a consulting-led, integrated portfolio of IT and IT-enabled infrastructure, engineering and TM assurance services. This is delivered through its unique Global Network Delivery Model, recognized as the benchmark of excellence in software development. A part of the Tata Group, India s largest industrial conglomerate, TCS has a global footprint and is listed on the National Stock Exchange and Bombay Stock Exchange in India. For more information, visit us at IT Services Business Solutions Consulting All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Copyright 2014 Tata Consultancy Services Limited TCS Design Services I M I 03 I 14