WA1929 Cloud Computing for Architects using OpenStack EVALUATION ONLY

WA1929 Cloud Computing for Architects using OpenStack Web Age Solutions Inc. USA: 1-877-517-6540 Canada: 1-866-206-4644 Web: http://www.webagesolutions.com

The following terms are trademarks of other companies: Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. IBM, WebSphere, DB2 and Tivoli are trademarks of the International Business Machines Corporation in the United States, other countries, or both. Other company, product, and service names may be trademarks or service marks of others. For customizations of this book or other sales inquiries, please contact us at: USA: 1-877-517-6540, email: getinfousa@webagesolutions.com Canada: 1-866-206-4644 toll free, email: getinfo@webagesolutions.com Copyright 2013 Web Age Solutions Inc. This publication is protected by the copyright laws of Canada, United States and any other country where this book is sold. Unauthorized use of this material, including but not limited to, reproduction of the whole or part of the content, re-sale or transmission through fax, photocopy or e-mail is prohibited. To obtain authorization for any such activities, please write to: Web Age Solutions Inc. 439 University Ave Suite 820 Toronto Ontario, M5G 1Y8

Table of Contents Chapter 1 - The Rise of the Cloud...13 1.1 Where did Cloud Computing originate?...13 1.2 Cloud Computing...13 1.3 Wikipedia Entry...14 1.4 Gartner on Cloud...15 1.5 The NIST Perspective...15 1.6 Five Characteristics...16 1.7 Five Characteristics...17 1.8 The Cloud Computing Spectrum / Service Models...17 1.9 Cloud Deployment Models...18 Understanding Cloud Computing...19 1.10 Understanding by Phone Service Analogy...19 1.11 Understanding by Electrical Power Grid Service Analogy...20 1.12 What is so special about Cloud?...20 1.13 Synergy is Powerful...20 1.14 Moving to the cloud...21 1.15 Capacity Planning...21 1.16 Challenge Measuring Capacity...22 1.17 Capacity Planning Concepts and Challenges...23 1.18 Capacity Planning Utilization Risk...24 1.19 Utilization Risk Mitigation...24 1.20 Capacity Planning Different Workloads...25 1.21 Multi-Tenancy Model...26 1.22 Common Characteristics of Multi-tenant Applications...26 1.23 Data Management in the Cloud...27 1.24 Data Management in the Cloud...27 1.25 Data Physics...27 1.26 By the Numbers...28 1.27 Summary...28 Chapter 2 - Cloud Computing Value Proposition...31 2.1 Why does Cloud matter?...31 2.2 Cloud Value Proposition...31 2.3 Cloud Value Business Case #1...32 2.4 Cloud Value Business Case #2...33 2.5 Cloud Value Business Case #3...33 2.6 Cloud Value Business Case #4...34 2.7 Cloud Business Cases...35 2.8 Cloud economics...36 2.9 Cloud economics...37 2.10 Cloud economics...37 2.11 Do Clouds Compute?...37 2.12 1. Select Expected Benefits...38 2.13 2. Identify applicable cost scenario...38 2.14 3. Calculate initial, simple return...39

2.15 4. Calculate returns for on-going usage...39 2.16 Summary...39 Chapter 3 - Cloud Computing Myths...41 3.1 Myth #1: Cloud == Virtualization...41 3.2 Myth #2: Cloud == Grid...41 3.3 Myth #3: Cloud == SAAS...42 3.4 Myth #4: Cloud == SOA...42 3.5 Myth #5: Cloud == Security Risk...43 3.6 Summary 1/2...43 3.7 Summary 2/2...44 Chapter 4 - Cloud Computing Components...45 4.1 The Cloud Computing Stack...45 4.2 Cloud Computing Components...46 4.3 Tightly Coupled Enterprise...46 4.4 Breaking the Silos...47 4.5 Understanding SOA...48 4.6 Applying SOA to the Cloud...48 4.7 Cloud Computing without SOA...49 4.8 Cloud Component - Virtualization...49 4.9 Hypervisors...49 4.10 Hypervisor Types...50 4.11 Type 1 hypervisors...50 4.12 Type 2 hypervisors...50 4.13 Applying Virtualization to the Cloud...51 4.14 Cloud Component - SaaS...51 4.15 Applying SaaS to the Cloud...52 4.16 Web 2.0 Should I upgrade?...52 4.17 Web 1.0 vs Web 2.0...53 4.18 Applying Web 2.0 to the Cloud...53 4.19 Summary...54 Chapter 5 - Categorizing Clouds...55 5.1 Consider the kind of cloud...55 5.2 Cloud Scope Public clouds...55 5.3 Cloud Scope Private clouds...56 5.4 Cloud Scope Hybrid clouds...56 5.5 Discussing Cloud Scope...57 5.6 Cloud Type - User Interface...57 5.7 Cloud Type Application Service...57 5.8 Cloud Type Data Services...58 5.9 Discussing Cloud Types...59 5.10 Intersection of Scope & Type...59 5.11 Cloud Role...59 5.12 Discussing Cloud Categories...60 5.13 Cloud Integration...60 5.14 Cloud Integration...60 5.15 Summary...61

Chapter 6 - Real World Case Study Analysis...63 6.1 Case Study Amazon Web Services (AWS)...63 6.2 Amazon EC2 Value...63 6.3 Discussing Amazon...64 6.4 Case Study TuneCore...64 6.5 TuneCore s Value...65 6.6 Discussing TuneCore...65 6.7 Case Study Salesforce.com...65 6.8 Salesforce.com Value...66 6.9 Discussing SalesForce...66 6.10 Case Study Google Apps...67 6.11 Google Apps Value...67 6.12 Discussing Google...68 6.13 Case Study Pitney Bowes...68 6.14 Pitney Bowes Value...68 6.15 Discussing Pitney Bowes...69 6.16 Case Study X.Commerce/OpenStack...69 6.17 OpenStack Value...69 6.18 Discussing X.Commerce/OpenStack...70 6.19 Summary...70 Chapter 7 - Cloud Risks and Risk Mitigation...73 7.1 Failure-As-A-Service in 2009...73 7.2 Failure-As-A-Service in 2010...74 7.3 Notable Breaches in 2011...74 7.4 Notable Breach # 2...75 7.5 Notable Breach # 3...76 7.6 Notable Breach # 4 & # 5...76 7.7 Notable Breach # 6...77 7.8 The Cost of Failed Clouds...77 7.9 Risks When Consuming Clouds: Service Reliability...78 7.10 Service Quality...78 7.11 Problem Resolution...79 7.12 Data Back-up...79 7.13 Total Cost of Ownership (TCO)...79 7.14 Risks When Supporting Clouds: Provisioning...80 7.15 The Scale of Scale...80 7.16 Financial Management...80 7.17 How to Practically Estimate Your Cloud Bill?...81 7.18 Managing Service Levels...81 7.19 Redundancy / Failover...82 7.20 Vendor Lock-In...82 7.21 Liability...83 7.22 Security...83 7.23 Cloud Security...84 7.24 Access Control...84 7.25 Application Security...85

7.26 Application Multi-Layer Security Design...86 7.27 Information and Data Security...86 7.28 Network Security...87 7.29 Operational Security...88 7.30 Mitigating Cloud Computing Risks: Identifying Cloud-ready Solutions...88 7.31 Governing Cloud Services...89 7.32 Business alignment...89 7.33 Asset Ownership...89 7.34 Contract-driven Services...90 7.35 Financial Management and Tracking...91 7.36 Governance and Risk Mitigation...92 7.37 Some Best Practices...92 7.38 Summary 1/2...93 7.39 Summary 2/2...93 Chapter 8 - Cloud Standards...95 8.1 What Exactly Are We Standardizing?...95 8.2 What Exactly Are We Standardizing?...95 8.3 Standardizing on a Definition...96 8.4 Why Standardize?...96 8.5 Simple Concept, Difficult Implementation...97 8.6 Perspective #1 Turf Wars...97 8.7 Turf Wars...98 8.8 Turf Wars...99 8.9 Other Groups Defining Standards...99 8.10 Recent Progress...100 8.11 Recent Progress (cont.)...100 8.12 Perspective #2 Let the Market Decide...101 8.13 Standardization is Restrictive not Creative...101 8.14 Fostering Creativity...102 8.15 Survival of the Fittest...102 8.16 OpenStack Foundation Model...102 8.17 Perspective #3 The Simple View...103 8.18 Standards to Date...103 8.19 OCCI Details...104 8.20 OCCI Client Handshake...105 8.21 OCCI Server Response...106 8.22 OCCI Server Response (cont.)...106 8.23 OCCI Cloud Infrastructure Categories...107 8.24 Best Practices for Working with Cloud Standards: Building Cloud Solutions Today...107 8.25 Advice #1 Build on Proven Standards...107 8.26 Advice #2 Focus on Solid Design...108 8.27 Advice #3 Good Standards Take Time...108 8.28 Review 1 / 2...109 8.29 Review 1 / 2...109 Chapter 9 - Cloud Computing Infrastructure...111

9.1 Does It Really Matter?...111 9.2 Cloud Infrastructure Categories...111 9.3 Understanding Virtualization...112 9.4 Cloud Management...113 9.5 Controllers and Agents...113 9.6 More Cloud Management Strategies...114 9.7 Abstracted Networking...114 9.8 Abstracted Computing...115 9.9 Abstracted Storage...115 9.10 Pulling it all together...117 9.11 Eucalyptus...117 9.12 Eucalyptus (cont.)...118 9.13 Eucalyptus (cont.)...119 9.14 Eucalyptus (cont.)...120 9.15 Eucalyptus (cont.)...121 9.16 OpenStack...121 9.17 What is OpenStack?...121 9.18 What is OpenStack?...122 9.19 OpenStack main components...122 9.20 OpenStack main components...123 9.21 OpenStack main components...123 9.22 OpenStack Conceptual Architecture...124 9.23 Summary...124 Chapter 10 - Looking Under the Cloud Hood...125 10.1 Amazon Cloud Overview...125 10.2 Working with Amazon Web Services (AWS)...125 10.3 Building an Amazon Cloud Service...126 10.4 Google Cloud Overview...127 10.5 Google Cloud Storage...128 10.6 Working with the Google App Engine...129 10.7 Building a Google App...129 10.8 Microsoft Azure Overview...129 10.9 Working with Windows Azure...130 10.10 Building an Azure Cloud Service...130 10.11 OpenStack Overview...131 10.12 Working with OpenStack...131 10.13 Building OpenStack Environment...132 10.14 Building OpenStack environment by hand...132 10.15 Using automated configurators...132 10.16 Creating OpenStack VM Instances...133 10.17 Managing OpenStack Clouds...133 10.18 Summary...134 Chapter 11 - Cloud Services...135 11.1 Defining Cloud Services...135 11.2 The Typical Cloud Services...135 11.3 Application Services...136

11.4 Messaging Application Service...136 11.5 Email Application Service...137 11.6 Cache Application Service...137 11.7 Specialized Application Service...137 11.8 Storage Services...138 11.9 Object Storage...138 11.10 Archive Storage...138 11.11 Relational Storage...139 11.12 NoSQL Storage...139 11.13 Monitoring Services...139 11.14 Review...140 Chapter 12 - Cloud Computing Sanity Check...141 12.1 The Cloud Shift...141 12.2 Adapting to a Broader Market...141 12.3 Before You Leap to the Cloud...142 12.4 Cloud Sanity Check #1...142 12.5 Cloud Sanity Check #2...143 12.6 Cloud Sanity Check #3...143 12.7 Cloud Sanity Check #4...143 12.8 Summary...144 Chapter 13 - Adopting Your Very Own Cloud...145 13.1 How can my organization explore Cloud?...145 13.2 Cloud Adoption Best Practices...145 13.3 Cloud Adoption Phase 1...146 13.4 1. Identify your business drivers...146 13.5 2. Get Educated...146 13.6 3. Articulate a Value Proposition...147 13.7 4. Define one or more scenarios...147 13.8 Cloud Adoption Phase 1...148 13.9 Cloud Adoption Phase 2...148 13.10 5. Produce a Road Map...149 13.11 6. Gain Stakeholder Buy-in...149 13.12 Cloud Adoption Phase 2...150 13.13 Cloud Adoption Phase 3...150 13.14 7. Establish Governance...151 13.15 8. Invest in Infrastructure...151 13.16 9. Cloud Pilot...152 13.17 Scoping the Pilot Project...152 13.18 Pilot Project Scope (cont d)...152 13.19 10. Enterprise Roll-out...153 13.20 Start small and grow incrementally...153 13.21 Summary...154 Chapter 14 - Cloud Reference Model...155 14.1 Parsing the Cloud Service Model...155 14.2 Cloud Reference Model...155 14.3 Cloud Infrastructure...156

14.4 Cloud Infrastructure Vendor Comparison...157 14.5 Cloud Infrastructure - Cloud Storage...158 14.6 Cloud Platform...159 14.7 Cloud Software...160 14.8 SaaS - Cloud Services...161 14.9 SaaS - Cloud Applications...162 14.10 OpenStack Solution Stack...162 14.11 OpenStack main components/services...163 14.12 Compute (Nova)...163 14.13 Main Compute (Nova) modules/services...164 14.14 Image (Glance)...165 14.15 Object Store (Swift)...165 14.16 Components of Swift...166 14.17 Block Storage (Cinder)...167 14.18 Identity (Keystone)...167 14.19 Network (Quantum)...168 14.20 Dashboard (Horizon)...169 14.21 Pulling It All Together...170 14.22 Summary...170 Chapter 15 - Cloud Layering...171 15.1 Cloud Layering...171 15.2 Cloud Layering Overview...172 15.3 Content Services...172 15.4 Logic Services...173 15.5 Orchestration in the Cloud...174 15.6 Utility - Security Services...175 15.7 Security Service Example...175 15.8 Utility - Data Services...176 15.9 Layering Example 1/5...176 15.10 Layering Example 2/5...177 15.11 Layering Example 3/5...178 15.12 Layering Example 4/5...179 15.13 Layering Example 5/5...180 15.14 Summary...180 Chapter 16 - SDLC in the Cloud...183 16.1 Software Development Lifecycle Phases...183 16.2 SDLC Models...184 16.3 Waterfall...184 16.4 RAD SDLC Practices...184 16.5 The Criticisms of RAD...185 16.6 Enterprise Technology Delivery Frameworks...185 16.7 ETDF Phases...186 16.8 Project Initiation...187 16.9 Project Classification...187 16.10 Requirements Discovery...188 16.11 Analysis and Design...188

16.12 Development...189 16.13 Testing...189 16.14 Production Implementation...190 16.15 Post-implementation Monitoring of Cloud Solutions...190 16.16 Retirement...191 16.17 Summary...191 Chapter 17 - Requirements Discovery...193 17.1 Discovering Cloud Requirements...193 17.2 Discovery Workshops...194 17.3 Running a Discovery Workshop...194 17.4 Cloud Requirements...195 17.5 Scoping Cloud Requirements...195 17.6 Documenting Expected, Average and Peak Usage...196 17.7 Defining Cloud Service Levels...196 17.8 Discovery Best Practices...196 17.9 Discovery Best Practices (Cont'd)...197 17.10 What is Six Sigma?...197 17.11 Discovery Gotchas...198 17.12 Summary...198 Chapter 18 - Analysis and Design...199 18.1 Analysis and Design in the Cloud...199 18.2 Analyzing Cloud Requirements...199 18.3 Requirements Management...200 18.4 Analysis Workflow...200 18.5 Mapping Cloud Requirements to Usage Scenarios...201 18.6 "Good/Not so Good" Use Cases for the Cloud...202 18.7 Introduction to Cloud Design...202 18.8 Designing Cloud Service Solutions...203 18.9 Design the Cloud Service Interface...203 18.10 Designing for Cloud Non-Functional Requirements...204 18.11 Analysis and Design Best Practices...204 18.12 A&D Best Practices - Prototyping...205 18.13 A&D Best Practices System Partitioning...205 18.14 A&D Best Practices -Leveraging Cloud Platform Services...205 18.15 A&D Best Practices - Using Asynchronous Communication Patterns...206 18.16 A&D Best Practices - Design for Failure...206 18.17 A&D Best Practices - Caching...207 18.18 A&D Best Practices - Staying Hands-On...207 18.19 Analysis and Design Gotchas...207 18.20 More Design Gotchas...208 18.21 Summary...208 Chapter 19 - Cloud Design Strategies...209 19.1 Cloud Design Strategies...209 19.2 Designing for Cloud Availability...209 19.3 Designing for Cloud Security...210 19.4 Designing for Cloud Security - OWASP 10...210

19.5 Designing for Cloud Security - OWASP 10 (Cont'd)...211 19.6 Designing for Cloud Security Multi-Factor Security...212 19.7 Designing for Cloud Storage...212 19.8 Stepping Across Site Silos...212 19.9 Stepping Across Site Silos SAML and OpenID...213 19.10 Stepping Across Site Silos OAuth...214 19.11 Selecting the Right Storage...215 19.12 Cloud Storage Model...216 19.13 Designing for Cloud Management...216 19.14 Designing for Cloud Maintainability...216 19.15 Designing for Cloud Service Reuse...217 19.16 Designing for Cloud Agility...218 19.17 Designing for Cloud Usability...218 19.18 Additional Usability Considerations...219 19.19 Summary...219 Chapter 20 - Cloud Development...221 20.1 Implementing Cloud Services...221 20.2 Common Pitfalls for Cloud Developers...221 20.3 Building Composite Solutions...221 20.4 Cloud Development Stacks...222 20.5 Creating Services for Amazon WS...222 20.6 AWS Toolkit for Eclipse...223 20.7 AWS Explorer...223 20.8 AWS Toolkit for Visual Studio...223 20.9 Testing in the Amazon Cloud...224 20.10 Deploying Amazon Web Services...224 20.11 Consuming Amazon Web Services...224 20.12 Creating Services for OpenStack...225 20.13 Creating Applications for OpenStack...226 20.14 Testing OpenStack Solutions...227 20.15 Consuming OpenStack Solutions...227 20.16 Creating Services for Google...228 20.17 Testing Google Cloud Services...228 20.18 Deploying Google Services...228 20.19 Consuming Google Services...229 20.20 Summary...229 Chapter 21 - Cloud Governance...231 21.1 IT Governance...231 21.2 Agile IT in the Cloud...232 21.3 SOA Governance Overview...232 21.4 SOA Governance in Practice...232 21.5 Cloud Governance...233 21.6 Top Cloud Computing Consumer Risks...234 21.7 Top Cloud Computing Provider Risks...234 21.8 Risk Mitigation...234 21.9 Defining Cloud Governance...235

21.10 Cloud Governance Model...235 21.11 Key Artifacts...235 21.12 Governance Life Cycle...235 21.13 Policies and Procedures...236 21.14 Roles and Responsibilities...236 21.15 Governance Best Practices...237 21.16 Governance Gotchas...237 21.17 Summary...237 Chapter 22 - Cloud SLAs...239 22.1 The Importance of Cloud SLAs...239 22.2 What Belongs in a Cloud SLA?...239 22.3 Minimal Cloud SLA...240 22.4 Robust Cloud SLA...240 22.5 More SLA Items...240 22.6 Governing Cloud Service Quality...240 22.7 Supporting Clouds...241 22.8 Summary...241

Chapter 1 - The Rise of the Cloud Objectives Key objectives of this chapter: Describe the major aspects of Cloud Computing Identify the different trends that converge into Cloud Computing Explain the five attributes of Cloud Computing Describe the different elements of the enterprise that can be moved to the Cloud 1.1 Where did Cloud Computing originate? Cloud computing represents a convergence of threads Virtualization, 1960s, 1990s, 2000s abstracting computer resources to support efficiency and availability Grid computing, early 1990s, late 1990s harvesting of computer resources as a collective Software as a Service (SaaS), late 1990s hosting of software in a centralized fashion with access and licensing provided on-demand Web Services (WS), late 1990s standards-based messaging integration technology Service Oriented Architecture (SOA), early 2000s connecting service providers and consumers in a distributed fashion across ownership domains Web 2.0 / Web Oriented Architecture (WOA), early 2000s collaboration, rich multimedia, data mash-ups 1.2 Cloud Computing Everyone has their own definition, perspective, or angle regarding what 'Cloud' is and what impact it will have upon the industry Cloud computing is

Chapter 1 - The Rise of the Cloud One scoop of SOA A dash of SAAS Stir in Virtualization A pinch of Grid Computing Layer with Web 2.0 / WOA as desired 1.3 Wikipedia Entry Cloud computing refers to the delivery of computational resources from a location other than your current one. In its most used context it is Internet-based ("cloud") development and use of computer technology ("computing"). The cloud is a metaphor for the Internet, based on how it is depicted in computer network diagrams, and is an abstraction for the complex infrastructure it conceals. It is a style of computing in which IT-related capabilities are provided as a service, allowing users to access technology-enabled services from the Internet ("in the cloud") without knowledge of, expertise with, or control 14

Chapter 1 - The Rise of the Cloud over the technology infrastructure that supports them. 1.4 Gartner on Cloud Gartner defines Cloud computing as A style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service to external customers using Internet technologies The What, Why, and When of Cloud Computing Gartner, 2009 1.5 The NIST Perspective The National Institute of Standards and Technology (NIST) s definition of cloud computing "Cloud computing is a model for enabling ubiquitous, convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." Furthermore, the cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models." 4 Deployment Models 3 Service Models 5 Characteristics Notes The NIST Perspective NIST is a U.S. agency and laboratory that focuses upon innovation and standardization in science and technology. More information is available at NIST.org 15

Chapter 1 - The Rise of the Cloud "The NIST Definition of Cloud Computing" (NIST Special Publication 800-145) - http://www.nist.gov/itl/csd/cloud-102511.cfm 1.6 Five Characteristics 4 Deployment Models 3 Service Models 5 Characteristics On-demand self-service - A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service s provider. Broad network access - Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs). Resource pooling - The provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. 16

Chapter 1 - The Rise of the Cloud 1.7 Five Characteristics 4 Deployment Models 3 Service Models 5 Characteristics Rapid elasticity Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. Measured service Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service. 1.8 The Cloud Computing Spectrum / Service Models 4 Deployment Models 3 Service Models 5 Characteristics 17

Chapter 1 - The Rise of the Cloud Notes The Cloud Computing Spectrum / Service Models The Cloud Computing Spectrum: Infrastructure-As-A-Service (IAAS) The vendor provides infrastructure for you to deploy your own software solution, OS images, database, etc. Amazon EC2 and GoGrid are hosted in the provider s cloud, RightScale is a management platform to use with an IAAS for scaling and resource management. Platform-As-A-Service (PAAS) The vendor provides a framework that your solution must fit within. You code against their APIs, management resources, and other elements of the framework to ensure that your software stack works within their environment. Software-As-A-Service (SAAS) The vendor provides a complete solution that you simply purchase access to in the form of some sort of licensing subscription model. 1.9 Cloud Deployment Models 4 Deployment Models 3 Service Models 5 Characteristics Private cloud - The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and 18

Chapter 1 - The Rise of the Cloud may exist on premise or off premise. Community cloud - The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud - The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud - A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds). Understanding Cloud Computing 1.10 Understanding by Phone Service Analogy Landline phone service (non-cloud) Select a single provider Always use that provider for your service (unless you switch) If that provider goes down, you are hosed Cellular phone service (cloud) Select a standard (CDMA, TDMA, GSM) Select a provider and negotiate rates Provider offers seamless support wherever you travel (sometimes renting bandwidth from others, but abstracting this via the cloud) If the provider is unavailable, the contract may allow you to use another service at a higher rate 19

Chapter 1 - The Rise of the Cloud 1.11 Understanding by Electrical Power Grid Service Analogy Another analogy is the Electrical Power Grid that generates and delivers electricity from suppliers to consumers, where Power stations are data centers Transmission lines are the network Consumer electrical appliances are client applications Electrical power is available on demand Power distribution is a utility service Clients pay as per as you go model Much more efficient and reliable then managing your own power generator 1.12 What is so special about Cloud? There are some that will argue that Cloud Computing is merely the next fad in a string of hype and buzzwords Does Cloud Computing actually offer anything novel or unique? Not exactly. You would be hard-pressed to identify a 'Cloud Standard' or 'Cloud Platform'. On the other hand, it provides a unifying theme to several evolving threads. Synthesis is valuable. 1.13 Synergy is Powerful Virtualization offers technology cost savings and productivity increases. SOA provides a foundation for the creation and governance of services and business processes. SaaS offers a paradigm for software delivery and shifts cost models and capital expenditures to a lean, on-demand model. Web 2.0 delivers compelling user interface experiences. Cloud brings all of these together and synthesizes a solution to a business 20

Chapter 1 - The Rise of the Cloud problem. 1.14 Moving to the cloud A big part of what makes the concept of Cloud Computing so interesting is the ability to move select IT concerns "to the cloud" Establish a contracted agreement Pay for service and actual usage Disregard up-front fixed costs and avoid on-going maintenance costs (just fee-for-service) What can you move to the cloud? Data Software Business logic / processes / rules User interface 1.15 Capacity Planning Is the key part of assessing the practicality of moving your solutions to the cloud In many cases, you need to decide upfront: how many instances you will need (create a pool of stand-by instances or let the cloud scale out elastically). You need to define what resources are cloud, what resources aren't e.g. Database might be outside the cloud Determine critical parameters Disk Capacity 21

Chapter 1 - The Rise of the Cloud I/O Database CPU Memory You need to make sure you don't overrun your cloud bill To help you estimate your cloud bill (per month or year), cloud vendors offer resource utilization calculators Capacity Planning Capacity planning is a key aspect of cloud deployment. One of the key value propositions of cloud is that capacity can be shared and optimized across many application deployments. What resources are cloud resources, and which aren't For example, database might be outside the cloud Determine which parameters are likely to be critical Disk capacity May be distinguished by instance or attached storage and remote or SAN storage Database capacity Common to have a traditional database cluster outside the cloud serving the cloud. If so, then apply traditional capacity planning for the database. I/O Capacity (disk read/write operations) CPU capacity how to measure difficult since cpu types vary. Amazon, for instance defines a compute unit as equivalent to 1.0 or 1.2 GHZ 2007 Opteron or 2007 Xeon processor Memory Capacity 1.16 Challenge Measuring Capacity Different nodes have different capacities Capacity is virtualized 22

Chapter 1 - The Rise of the Cloud e.g. CPU difficult to compare May require arbitrary measurements Amazon, for instance defines a Compute Unit 1.0-1.2 GHz 2007 Xeon processor equivalent 1.17 Capacity Planning Concepts and Challenges As number of applications, instances or deployment units grows, capacity becomes a linear commodity Smaller deployments need to be planned on a what-if basis Also applies to applications that take a large slice of resources Traditional capacity planing focused on new servers for applications that had funding On-demand provisioning changes the equations Fewer signals of capacity need Shorter time horizon when needs are known with any degree of certainty Need to speed up ability to add capacity Capacity Planning Concepts and Challenges As number of applications/instances/deployment units grows, capacity can be viewed as a linear commodity. For a small number of deployments, capacity needs to be planned on a what-if basis Also applies to deployments that take a large proportion of the cloud's resources. Traditional capacity planning focused on new servers for applications able to achieve capital funding. This model is undermined by allowing application teams to assume that servers can be provisioned on-demand, which of course is the whole idea of the cloud. Fewer capacity signals are available, and the time frame for capacity planning becomes much shorter If applications are thought-up, written, and deployed in a matter of weeks or months, with 23

Chapter 1 - The Rise of the Cloud on-demand assumptions, capacity planning has a much shorter time horizon with any degree of certainty. May need to drastically reduce your reaction time in adding cloud resources. 1.18 Capacity Planning Utilization Risk Utilization Risk Risk that utilization of a resource is different from expected Utilization Risk Overuse leads to excess wait times and failure to meet requirements Underuse wasted money, low return on investment In traditional server per application model, the app owner also owns the server, thus bears the risk In the cloud, cloud provider bears the risk Utilization risk Risk that the utilization of a resource is higher than expected Overuse, typically leading to excess wait times and failure to meet requirements or lower than expected Wasted money, low return on investment In traditional Server-per-application, application's sponsor owns the server, thus bears the utilization risk. In cloud, the cloud provider bears the utilization risk. 1.19 Utilization Risk Mitigation App owners can provision and release resources on-demand Could lead to seasonal or other periodic surges Solutions: Controls on how much, how often 24

Chapter 1 - The Rise of the Cloud Requires policy setting and negotiation Charge-back model Price is an efficient rationing mechanism Allow use of public cloud Good overflow flexibility, but what about costs and data physics? Utilization Risk - Mitigation Application owners can provision and release resources on-demand (perhaps subject to some limitations). Could lead to seasonal or other-periodic surges in demand One solution charge-back costing model to pass on the costs to users. Price is an efficient rationing mechanism. Application owners might also have the option to use a public cloud when necessary. Good overflow flexibility, but what about costs? 1.20 Capacity Planning Different Workloads Applications have different needs for CPU, memory, I/O How do you plan without knowing the mixture? Offer different types of VM instances to users Users can decide (and pay for) the type of workload they need to provision for Again, cost tends to lead users toward informed choices Capacity Planning Different Workloads Some applications will be more CPU, memory, or I/O-focused than others how to plan for them? Offer different types of VM instances to users. Then users can decide (based on insight or testing) which instance type they need. 25

Chapter 1 - The Rise of the Cloud 1.21 Multi-Tenancy Model Cloud providers pool their IT capabilities to serve multiple cloud service consumers by employing multi-tenancy models Multi-tenancy often relies on the use of virtualization technologies Cloud IT resources are partitioned so that computational resources, data, network, etc. can be shared between multiple organizations Each organization sees only its own tenanted (rented) resources 1.22 Common Characteristics of Multi-tenant Applications Tenant isolation Run-time behavior of one tenant does not affect others Data isolation Tenants receive individual databases and / or schemas Network I/O operations are totally isolated Scalability It is a tenant-scoped operation; it does not affect application availability and / or performance of other tenants Security Enforced on the per tenant basis Vendors may employ common cloud public-key infrastructure (PKI) shared among tenants Usage Metering and Billing Resources (CPU, Network, Data, etc.) consumed by tenants are metered and tenants are billed at current rates only for what hey consumed Data back-up and recovery Can be executed on demand by a tenant without affecting other tenants 26

Chapter 1 - The Rise of the Cloud 1.23 Data Management in the Cloud All the usual good practices apply Canonical Data Model Master Data Management Horizontal Scaling affects data Database Sharding partition data across multiple nodes to parallelize bandwidth and access. NoSQL Databases are a good fit Eventual Consistency - non-transactional programming style Stateless servers help with scalability BUT! - data physics applies 1.24 Data Management in the Cloud Multi-Tenancy cloud model affects data Three approaches Separate database Separate schema Shared Tables with discriminator column - tenant id 1.25 Data Physics Data Physics considers the relationship of data and the processing elements that use the data There is a cost to moving data So data should be located near the processing If data is stored in the cloud rather than on local disk, it will take time and bandwidth to move it. In a networked environment, it's often faster to calculate a value than 27

Chapter 1 - The Rise of the Cloud retrieve it Architects need to be able to specify the locality of virtual components and storage Maintain well-defined relationship between processing units and the data they process. 1.26 By the Numbers Cloud Computing certainly seems to be gaining some traction Over half of respondents to a survey by IBM identified that developing new applications for the cloud would be the top activity for the next 24 months. (2011 Tech Trends Report) 37% of businesses globally are deploying cloud to either remotely host applications or host data, or both. (AMD 2011 Global Cloud Computing Adoption, Attitudes, and Approaches Study) 39% of SMBs with 2-250 employees expect to be paying for cloud services within three years [an increase of 34%] (Microsoft Global SMB Cloud Adoption Study, March 2011) 1.27 Summary Cloud Computing represents a convergence of several different trends, including Virtualization, Grid Computing SOA, Web Services, Web 2.0 / WOA Software As A Service (SAAS) Cloud brings all of these elements together and synthesizes a solution to a business problem Many aspects of the enterprise can be moved to the cloud Data Software 28

Chapter 1 - The Rise of the Cloud Business logic / processes / rules User interface 29

Chapter 2 - Cloud Computing Value Proposition Objectives Key objectives of this chapter Introduce the value and potential associated with Cloud Computing Explore several Cloud business cases Examine a framework for quantifying the value of Cloud Computing solutions 2.1 Why does Cloud matter? Why should enterprises examine Cloud Computing? Three reasons (well, maybe just two): Be more efficient Gain a competitive edge It s too depressing to spend all day watching the market waffle and talking to potential customers that you know don t have any money to spend Efficiency put idle resources to work Frugality 2.2 Cloud Value Proposition minimize capital expenditures, shifting fixed costs to variable costs Reliability offer strong redundancy solutions and seamlessly roll over to alternative providers as needed Scalability more easily adapt to changing user needs and usage scenarios

Chapter 2 - Cloud Computing Value Proposition Centralization move capabilities and their support to a centralized provider that can be commonly shared by many Maintainability off-load updates, upgrades and burden of hardware obsolescence 2.3 Cloud Value Business Case #1 Cloud desktop Virtualize the desktop environment, serving up operating systems (along with file and network access) to users via a wide range of thin client interfaces Examples Hosted OS (e.g. OS is accessible on-demand through various devices, served from a centralized location) Operating System User Profile Preferences File Access Network Access Notes Cloud Value Business Case #1 A classic example of this type of solution would be CITRIX solutions like XenDesktop where you host an OS along with configured software through a thin client interface. UI commands are captured at the client-side and then a message is sent over the wire to the server-side where the instruction is interpreted and the command is carried out. The screen update is then sent back to the client-side to display the result of that action. VMWare offers a product called View with similar capabilities. 32

Chapter 2 - Cloud Computing Value Proposition 2.4 Cloud Value Business Case #2 Cloud software Deliver software on-demand from a centralized location, rather than supporting a more distributed and diverse environment Examples Google Apps (e.g. replace MS Office, Outlook/Exchange, or similar) Salesforce.com (e.g. move sales team to Web-based CRM) Web-based Software anytime access (24-7) global availability automatic patches/updates per-user incremental cost Notes Cloud Value Business Case #2 Another great example of this is GoToMeeting in which you can access a hosted conference and connect in from anywhere in the world through the use of a subscription plan. 2.5 Cloud Value Business Case #3 Cloud service Provide information or offer a capability to meet requester needs ondemand Examples Data retrieval (e.g. data aggregation, filtering, caching, etc.) Authentication / authorization (e.g. security system abstraction) Resource pooling (e.g. locksmith or tow truck driver) 33

Chapter 2 - Cloud Computing Value Proposition Service Common interface Seamless availability Location independence Cloud processing 2.6 Cloud Value Business Case #4 Support peak demand for data and transaction processing on an asneeded basis without paying for those resources during off-hours Examples Batch processing Business process execution Data warehousing / BI 34

Chapter 2 - Cloud Computing Value Proposition Cloud Provider (EC2, RightScale, Flexiscale, etc.) Cloud desktop 2.7 Cloud Business Cases Corporate Infrastructure Virtualize the desktop environment, serving up operating systems (along with file and network access) to users via a wide range of thin client interfaces Cloud software Deliver software on-demand from a centralized location, rather than supporting a more distributed and diverse environment Cloud service Provide information or offer a capability to meet requester needs ondemand Cloud processing Support peak demand for data and transaction processing on an asneeded basis without paying for those resources during off-hours 35

Chapter 2 - Cloud Computing Value Proposition 2.8 Cloud economics Graphic credit Luca Simonetti, ENGINE Networks Blog, http://blog.enginenetworks.net/2009/09/why-use-cloud-computing-for-web-applications/ 36

Chapter 2 - Cloud Computing Value Proposition 2.9 Cloud economics Graphic credit Luca Simonetti, ENGINE Networks Blog, http://blog.enginenetworks.net/2009/09/why-use-cloud-computing-for-web-applications/ 2.10 Cloud economics Dave Powers, Eli Lilly Company ($20B global pharmaceuticals company): We were recently able to launch a 64-machine cluster computer working on bioinformatics sequence information, complete the work, and shut it down in 20 minutes," he says, describing a project the firm executed using Amazon's Elastic Compute Cloud (EC2) service. "It cost $6.40. To do that internally to go from nothing to getting a 64-machine cluster installed and qualified is a 12-week process." 2.11 Do Clouds Compute? Determining a true value for a cloud solution involves several steps Select expected benefits from the cloud solution Identify an applicable cost scenario Calculate the initial, simple return (if any) 37

Chapter 2 - Cloud Computing Value Proposition Keeping the benefits constant, calculate the returns for the second and subsequent implementations 2.12 1. Select Expected Benefits Possible benefits Cost savings Lower fixed costs Lower variable costs Lower operating costs during peak demand Better service quality Availability improvements Concurrency / performance improvements Better team composition Workforce reduction Staffing re-alignment Service consumer 2.13 2. Identify applicable cost scenario Costs associated with developing front-end service consumption interfaces Costs associated with governing the consumption of cloud services Service provider Costs associated with Cloud infrastructure Costs associated with service interface(s) Costs associated underlying business systems Service consumer and provider Add applicable costs from both categories 38

Chapter 2 - Cloud Computing Value Proposition 2.14 3. Calculate initial, simple return A very simple ROI formula can be applied Benefits you ve assigned to Cloud divided by the cost scenario The initial, simple return is simply calculated based upon whether or not the initial deployment of these services yield an immediate return If moving to a cloud model eliminates certain fixed costs, then an immediate ROI can be realized from your initial Cloud deployment Other returns may only be realized over time 2.15 4. Calculate returns for on-going usage Keeping the benefits constant, returns are calculated for the on-going utilization of this new solution Simple calculations may assume a linear profitability driver (via savings and/or revenue) More advanced calculations may follow a non-linear, even exponential profitability curve The key here is to project savings and or new revenue based upon likely usage scenarios You may even find it useful to develop several models, factoring in different usage figures 2.16 Summary Cloud Computing holds considerable value for enterprises Efficiency Frugality Reliability Scalability Business cases abound 39

Chapter 2 - Cloud Computing Value Proposition Cloud desktop Cloud software Cloud service Cloud processing Effective tracking and monitoring is essential in order to protect and preserve a return on your cloud investment 40

Chapter 3 - Cloud Computing Myths Objectives Key objectives of this chapter Understand common myths surrounding Cloud Computing. Identify the subtle distinctions between Cloud Computing and the common understanding regarding what it is and what it is not. Explain how Cloud Computing differs from these common misconceptions. 3.1 Myth #1: Cloud == Virtualization Myth #1 Cloud Computing is really just virtualization with a web-based interface put in front. Reality Cloud Computing designs often rely heavily upon virtualization technology for server consolidation, better resource utilization, management and driving operational costs down, but encompass a much broader set of supporting technologies. Cloud Computing solutions are rarely implemented without virtualization, but do not explicitly require resource virtualization. Cloud Computing supports a broad set of business cases (cloud dekstop, cloud service, cloud software, cloud storage). Cloud Computing delivers solutions via an elastic, utility computing model (pay per use), shifting fixed costs to variable costs. Cloud Computing supports loosely-coupled integration techniques through the use of standardized Web service interface technologies. 3.2 Myth #2: Cloud == Grid Myth #2 Cloud Computing is just a new term for Grid Computing. Reality They are similar in their efforts to optimize resources and support smooth scaling of capacity. Grid computing helps with resource provisioning on service demand, but it is nearly opposite in its objectives to

Chapter 3 - Cloud Computing Myths Cloud computing. Grids are designed for one user to have all resources. Clouds are designed for one user to have a fraction of available resources. Grids are designed to carry the notion of federation to the nth degree. Even ethernet connections are federated. If this design strategy were applied to a Cloud, it would result in a colossal policy challenge to disentangle as multiple users compete for resources. Clouds are designed to virtualize and abstract a portion of resources in order to support elastic demand and scalable solutions. 3.3 Myth #3: Cloud == SAAS Myth #3 Cloud Computing is just the next generation of Application Service Providers (ASPs) in the form of Software As a Service (SAAS) like Salesforce.com, Web-based Email, Twitter, and others. Reality Cloud Computing supports various design strategies and business cases, with SAAS being a common but not exclusive model. Multiple Cloud service models exist, including Infrastructure-As-A- Service (IAAS), Platform-As-A-Service (PAAS), and Software-As-A- Service (SAAS) For examples of IAAS vs PAAS vs SAAS, see notes section Notes Myth #3: Cloud == SAAS Examples Please! IAAS Amazon Web Services, Google Compute Engine, RackSpace, OpenStack, GoGrid, and RightScale PAAS Force.com, Google App Engine, Microsoft s Azure Services Platform, and Rackspace Cloud SAAS Salesforce.com, Web-based email (various), Netsuite, SAP Business ByDesign, Rackspace Email & Apps 3.4 Myth #4: Cloud == SOA Myth #4 Cloud Computing is basically Service Oriented Architecture (SOA) sitting on top of Virtualization. 42

Chapter 3 - Cloud Computing Myths Reality Clouds tend to incorporate service-oriented architectural principles, but incorporate additional considerations beyond the scope of most SOA environments. Cloud services have added requirements to support configurable / declarative data storage, configurable / declarative security, as well as interfacing with cloud controllers and/or agents Clouds tend to leverage SOA design patterns, interface and messaging standards, and service policy enforcement mechanisms SOA carries with it proven governance and service portfolio management strategies and supporting toolsets that Cloud solutions can utilize 3.5 Myth #5: Cloud == Security Risk Myth #5 Cloud Computing represents a huge security risk, exposing critical enterprise resources and valuable intellectual property in the public domain. Reality Not all clouds are created equally. Private clouds can be constructed behind a company firewall, in which an enterprise-level organization serves as the cloud provider for various divisions and business units. Public clouds can be used selectively, moving sensitive data to the cloud and/or moving processing blocks to the cloud out-of-context so as to off-load their processing without revealing their usage. Many organizations house data in 3rd party data centers today and are reasonably confident of the providers security measures, storing data with a Cloud provider could be handled in much the same way. 3.6 Summary 1/2 Myth #1: Cloud == Virtualization Cloud Computing designs often rely heavily upon virtualization technology, but encompass a much broader set of supporting technologies. 43

Chapter 3 - Cloud Computing Myths Myth #2: Cloud == Grid They are similar in their efforts to optimize resources and support smooth scaling of capacity, but they are nearly opposite in their objectives. Myth #3: Cloud == SAAS Cloud Computing supports various design strategies and business cases, with SAAS being a common but not exclusive model. 3.7 Summary 2/2 Myth #4: Cloud == SOA Clouds tend to incorporate service-oriented architectural principles, but incorporate additional considerations beyond the scope of most SOA environments. Myth #5: Cloud == Security Risk Not all clouds are created equally. Private clouds can internalize risks behind a corporate firewall. Public clouds can be used selectively and securely. 44