Platform as a Service: Evaluating the Landscape for Enterprise Adoption

Similar documents
Amazon Elastic Beanstalk

Drive new Revenue With PaaS/IaaS. Ruslan Synytsky CTO, Jelastic

Alfresco Enterprise on AWS: Reference Architecture

APP DEVELOPMENT ON THE CLOUD MADE EASY WITH PAAS

Scalable Architecture on Amazon AWS Cloud

Amazon Relational Database Service (RDS)

Cloud Hosting. QCLUG presentation - Aaron Johnson. Amazon AWS Heroku OpenShift

Cloud Computing: Making the right choices

IAN MASSINGHAM. Technical Evangelist Amazon Web Services

DLT Solutions and Amazon Web Services

Using ArcGIS for Server in the Amazon Cloud

Scaling in the Cloud with AWS. By: Eli White (CTO & mojolive) eliw.com - mojolive.com

TECHNOLOGY WHITE PAPER Jun 2012

Introduction to DevOps on AWS

Running Oracle Applications on AWS

NCTA Cloud Architecture

Amazon Web Services Yu Xiao

RemoteApp Publishing on AWS

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

Building an AWS-Compatible Hybrid Cloud with OpenStack

TECHNOLOGY WHITE PAPER Jan 2016

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

WE RUN SEVERAL ON AWS BECAUSE WE CRITICAL APPLICATIONS CAN SCALE AND USE THE INFRASTRUCTURE EFFICIENTLY.

Hybrid and Multi Cloud Deployments Via Cloud Exchange

Application Security Best Practices. Matt Tavis Principal Solutions Architect

2015 Techstravaganza The Microsoft Cloud

Demystifying the Cloud Computing

JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON

Cloud Computing with Amazon Web Services and the DevOps Methodology.

Fujitsu Cloud IaaS Trusted Public S5. shaping tomorrow with you

How AWS Pricing Works

Preparing Your IT for the Holidays. A quick start guide to take your e-commerce to the Cloud

Proactively Secure Your Cloud Computing Platform

How AWS Pricing Works May 2015

DevOps with Containers. for Microservices

Logentries Insights: The State of Log Management & Analytics for AWS

Razvoj Java aplikacija u Amazon AWS Cloud: Praktična demonstracija

Microsoft Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions

Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings

Interoute Virtual Data Centre. Hands on cloud control.

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

SINGTEL BUSINESS - PRODUCT FACTSHEET MANAGED CLOUD POWERED BY MICROSOFT

Implementing Microsoft Azure Infrastructure Solutions

VIRTUAL PRIVATE CLOUD FOR ENTERPRISES

EXECUTIVE SUMMARY CONTENTS. 1. Summary 2. Objectives 3. Methodology and Approach 4. Results 5. Next Steps 6. Glossary 7. Appendix. 1.

ON-PREMISE OR IN THE CLOUD, A SINGLE JAVA EE APPLICATION PLATFORM

Servers. Servers. NAT Public Subnet: /20. Internet Gateway. VPC Gateway VPC: /16

White paper Reaping Business Value from a Hybrid Cloud Strategy

Moving to the Cloud. Sam Hornstein Jetline Jason Nokes President, Distributor Central Garrett Ausfeldt Starline

A Comparison of Clouds: Amazon Web Services, Windows Azure, Google Cloud Platform, VMWare and Others (Fall 2012)

Every Silver Lining Has a Vault in the Cloud

Cloud Models and Platforms

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

How To Use Arcgis For Free On A Gdb (For A Gis Server) For A Small Business

OTM in the Cloud. Ryan Haney

Cloud Based Application Architectures using Smart Computing

Alfresco Enterprise on Azure: Reference Architecture. September 2014

RED HAT CLOUD SUITE FOR APPLICATIONS

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

Amazon Compute - EC2 and Related Services

Primex Wireless OneVue Architecture Statement

CLOUD COMPUTING An Overview

Last time. Today. IaaS Providers. Amazon Web Services, overview

Java PaaS Enabling CI, CD, and DevOps

Scale Cloud Across the Enterprise

Build A private PaaS.

AIST Data Symposium. Ed Lenta. Managing Director, ANZ Amazon Web Services

Assignment # 1 (Cloud Computing Security)

Implementing Microsoft Azure Infrastructure Solutions

NEXT-GENERATION, CLOUD-BASED SERVER MONITORING AND SYSTEMS MANAGEMENT

Implementing Microsoft Azure Infrastructure Solutions

Java, PHP & Ruby - Cloud Hosting

Cloud Security with Stackato

Planning the Migration of Enterprise Applications to the Cloud

ArcGIS for Server: In the Cloud

Transformation of IT Operations. Realizing IT as a Service through Comprehensive Cloud Services

Extending your Enterprise IT with Amazon Virtual Private Cloud. Oyvind Roti Principal Solutions Architect, AWS

How To Choose Between A Relational Database Service From Aws.Com

Cloud Computing Trends

The Need for Service Catalog Design in Cloud Services Development

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

Service Organization Controls 3 Report

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Web Application Hosting Cloud Architecture

Accenture Cloud Platform Unlocks Agility and Control

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Invest in your business with Ubuntu Advantage.

CA Cloud Overview Benefits of the Hyper-V Cloud

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series

OpenShift. OpenShift platform features. Benefits Document. openshift. Feature Benefit OpenShift. Enterprise

Making the Business and IT Case for Dedicated Hosting

Transcription:

Platform as a Service: Evaluating the Landscape for Enterprise Adoption www.citihub.com

CONTENTS 3 Executive Summary 3 Highlights 4 Introduction 5 Challenges of Adopting PaaS for Financial Institutions Managing Sensitive Data Sets Architecting for Different Use Cases 7 Selecting the Right PaaS Partner 8 Web Application PaaS Providers AWS Elastic Beanstalk Google AWS OpsWorks Heroku CenturyLink Engine Yard 12 Relational Database PaaS Providers Microsoft Azure Cloud Services RedHat OpenShift AWS RDS Microsoft Azure CenturyLink Rackspace Google 15 Conclusion Disclaimer: Citihub Consulting does not warrant that the information in this whitepaper is either complete or that it should be relied on to support final procurement decisions. 2

Executive Summary Platform-as-a-Service (PaaS) providers offer an attractive proposition for enterprises looking to reap the benefits of cloud delivery models. By offering a stack of re-usable software and service management components such as load balancing for Web applications or automated back-ups and patching of databases PaaS offerings can help accelerate time-to-market with new developments, simplify ongoing maintenance, and further strengthen the economies of scale inherent in Infrastructure-as-a-Service (IaaS) delivery models. To select the right PaaS provider, each enterprise will need to create a structured set of requirements against which to judge the different offerings. Those requirements will include functional and non-functional capabilities, ease of integration with existing ecosystems, along with capabilities aimed at addressing risk, security and compliance requirements. All of these categories present potential stumbling blocks for enterprise adoption of PaaS. For financial services institutions, the barriers to adoption are even greater than in most other verticals. A number of impediments stand in their way, ranging from regulatory constraints, heightened concerns relating to information security, latency sensitive workflows, along with high levels of technical debt from legacy application architectures. PaaS offerings can help accelerate time-to-market with new developments, simplify ongoing maintenance, and further strengthen the economies of scale inherent in IaaS delivery models. Alternatively, for enterprises that are reluctant to adopt public cloud services and have opted instead to invest in their own private cloud infrastructures, building a PaaS layer over internal IaaS could be seen as a natural evolution. This paper, however, focuses exclusively on evaluating public PaaS providers. Highlights By engaging further up the technology stack, there will invariably be greater concerns regarding vendor lock-in when adopting PaaS as opposed to IaaS. Enterprises will need to take care to ensure their partner does not impose unnecessary restrictions with regards to functionality, performance, ecosystem integration, risk or compliance. However, as PaaS providers continue to build out their toolkits and support for a greater range of development languages, their architectural and functional limitations are diminishing. Firms need to carefully evaluate and select the right applications and use cases for PaaS deployment. For enterprises that are relative cloud novices, it makes sense to start with simpler use cases, such as internal-facing applications that do not contain sensitive data but still benefit from auto-scaling capabilities. Once an enterprise has built up sufficient familiarity and expertise with their chosen PaaS partner(s), they can look to tackle more complex applications. Ultimately, high-volume client- facing web applications could benefit significantly from elastic compute and storage resources, but may require additional components that do not come out of the box with typical PaaS offerings. 3

Introduction Platform-as-a-Service (PaaS) providers can offer a compelling proposition for many enterprise use cases. However, while having access to re-usable core software and service management capabilities can save time and money, there will invariably be some architectural limitations by engaging further up the stack. Those limitations could apply to the range of languages or database engines supported, the strength and openness of monitoring capabilities, ability to access underlying IaaS resources, or other features deemed necessary to support certain use cases, such as location guarantees to satisfy data sovereignty rules requiring certain data does not leave a specific geography. Firms that choose to deploy enterprise applications using PaaS, as opposed to IaaS, will therefore need to take extra care in evaluating their choice of partner and mitigating the risk of vendor lock-in. To support that process, Citihub Consulting has applied its Accelerated Vendor Discovery (AVD) methodology to evaluate leading PaaS providers supporting two key enterprise technologies: Web applications and databases. Only summary results are published within this report. For a more detailed breakdown of the findings, please contact us at enquiries@citihub.com 4

Challenges of Adopting PaaS for Financial Institutions Financial Institutions face significant barriers that need to be overcome for successful adoption of cloud services. More than many other organisations, they tend to be encumbered by high levels of technical debt, strict requirements around information security, systems availability, latency and regulatory compliance; along with rigid IT processes and controls to accommodate those requirements. Furthermore, on average, most enterprises tend to operate heterogenerous IT estates, with a number of legacy applications that would require significant re-architecture to make them suitable for cloud deployment, thereby limiting the cost/benefit equation for take-up of public PaaS. Choosing the right applications and use cases will therefore be crucial in making most effective use of cloud delivery models. When looking to migrate existing enterprise Web applications or database instances to a PaaS environment, there are two key questions that technology managers should be asking: 1. Does the application / database handle sensitive data sets? 2. Will users of the application / database be internal or external? These two simple questions should help guide available migration options and determine the level of encryption and security required to support your application. Managing Sensitive Data Sets Web applications and databases containing sensitive data 1 will typically need to encrypt that data, both in-transit and at-rest. Furthermore, best practice would also dictate further restrictions in access controls. Finally, for certain data sets that are simply not suited to be stored in a cloud, the solution could be a hybrid architecture where confidential data is stored in an on-site database with the Web application tier hosted with a PaaS provider. Techniques for addressing these requirements are detailed below: Encrypting data-in-transit Encrypting data-at-rest Managing access control Hybrid architectures to address data sovereignty Utilise encrypted database connectivity via SSL or NNE (Oracle). This can be configured with little effort. However, it is important to note the performance impact imposed by SSL and cater for this when provisioning VMs. Implement application level encryption on sensitive data or use AWS Oracle (enterprise edition) or MS SQL server with TDE (Transparent Data Encryption). Deploy the database in its own subnet and secure access via a properly configured firewall/security group. Only allow inbound traffic from on-premise IP address range and applications server subnet within the cloud. An alternative approach would be to keep the database tier on-premise and only migrate the web tier to the public cloud. This could allow firms to address regulatory or commercial restrictions over data storage, while also taking advantage of simple, cost effective load balancing, better integration with CDN for latency benefits, and the elastic nature of cloud services to support Web applications. 1 Data sets that need to be treated as sensitive, with restrictions imposed in terms of how they are managed, include: customer data such as name, contact details, identifying information such as passport numbers, account information, transaction and tax records, positions or order data, HR records. 5

Architecting for Different Use Cases Whether users of web applications or databases are internal (employees of a firm) or external (clients and/or members of the public) will also be a key consideration in architecting a PaaS solution appropriately. The user and usage profile of an application is likely to determine not only the benefits of hosting that application via a PaaS provider, but also the techniques that should be adopted in doing so. User Type Internal External Example applications Concurrent user requirements Benefits of PaaS deployment Tips to ensure secure PaaS deployment Bug tracking systems, informational wikis, configuration management portals, reporting tools, volumetric tools Typically small number of concurrent users limited to subset of specialised employees Helps to avoid over-provisioning IT resources to service small user base Sizeable cost savings for minimum spec requirements Push button scaling if user numbers or application complexity grows over time All subnets for different tiers should only allow access from corporate IP range No public DNS or IP should be attached to any instances Corporate network should connect with Cloud Provider via leased line or VPN This may even negate the need to encrypt data-at-rest Marketing microsites, product information and research portals, basic financial planning and calculation tools Much larger user numbers, particularly for retail operations In-built load balancing and multi-zone high availability In-built auto-scaling for fully horizontal scalability Elastic pay-per-use compute resources can be particularly cost effective for Web applications that experience changeable usage profiles (e.g. marketing microsites) Perform all standard OS hardening and security measures as for on-premise public facing web server (this requires access to underlying IaaS layer) Segregate Web/App server tier and Database tier in separate public and private subnets Restrict inbound traffic on private subnet to allow only database access from the public subnets and corporate network Restrict inbound traffic on the public subnet to allow http and https access from the Load balancers group only Enable SSL on the Load Balancer Setup a Bastion host with corporate standard auditing for host level access only and restrict all host access only from the Bastion host 6

Selecting the Right PaaS Partner To evaluate competing PaaS providers, Citihub has developed a matrix of capabilities spanning four key groups: 1. Functional requirements 2. Non-functional requirements 3. Ecosystem integration 4. Risk, security, and compliance Although commercial terms, including total cost of ownership and strength of service level agreements, are another key consideration, they have been left out of scope for the purpose of this evaluation. The attributes evaluated, and their importance, are summarised below. 1. Functional Requirements For database PaaS, Citihub evaluated providers based on the different database technologies supported, focusing on MySQL, Oracle, PostgreSQL, and Microsoft SQL. For Web Application PaaS, Citihub evaluated providers on their support for a range of programming and scripting languages including Java,.Net, PHP, Node.js, Python and Ruby as well as the increasingly popular Docker application container technology, and their ability to offer managed database integration. 2. Non Functional Requirements For database PaaS, Citihub compared providers on the basis of their I/O performance and the maximum size of database supported before sharding was required. Web application PaaS providers were compared on a wider range of criteria, including their ability to support multiple environments; Memcached distributed caching; containers and/or virtual machines; automated configuration management tools like Chef; along with application life cycle integration tools like Git, Eclipse, Web deploy, TeamCity, Jenkins, Maven and Ant. 3. Ecosystem Integration Firms evaluating partners in this space need to make sure their cloud provider complements existing enterprise infrastructure and can be easily integrated into production services operations. Database PaaS providers were scored on the merits of their monitoring tools and ability to offer automated patching. Citihub evaluated Web Application PaaS providers on the basis of their monitoring tools, access to underlying IaaS components and strength of configuration interfaces (either Command Line or Graphical User Interfaces). 4. Risk, Security and Compliance The evaluation criteria in this category spanned a broad range of characteristics. Database PaaS providers were compared on the basis of location (geographic coverage and guarantees that data will be stored in required locations); encryption capabilities (for data in transit and at rest); as well as availability, business continuity (BC) and disaster recovery (DR) features (such as strength of service level agreements (SLAs), auto-failover, automated back-up and read replica capabilities). Web Application PaaS providers were compared on the basis of their support for HTTPS/SSL encryption, location criteria (geographic presence and abilities to offer location guarantees), along with a range of features relating to availability, BC and DR, including automated scaling, load balancing and the ability to support multiple availability zones. 7

Web Application PaaS Providers Citihub evaluated the capabilities of eight Web application PaaS solutions in total, including two from market leader Amazon Web Services (AWS) Elastic Beanstalk and OpsWorks. All of the solutions had their merits, helping to address common challenges such as load balancing and scaling. In our opinion, most institutions are likely to focus their selection criteria on language support, geographic coverage, high availability and monitoring capabilities. In terms of language support, most providers supported a fairly broad set of languages, although the AWS offerings were the most complete. Not all offered support for Docker, which Citihub sees as becoming increasingly relevant to facilitate standard container-based deployment and management of web applications. Geographic coverage was seen as important given that Web applications often serve customers in different regions, which typically requires a globally distributed Content Delivery Network (CDN). PaaS providers must therefore enable customers to deploy CDN nodes in each region. Some (including Redhat, Google and Heroku) did not support all three regions, which we consider a significant shortcoming in selecting a strategic enterprise partner for global institutions. Finally, in the monitoring category, AWS also led with its CloudWatch solution, which provides capabilities to monitor the vendor s underlying EC2 cloud infrastructure and database instances, alongside other custom application metrics that app developers can tailor themselves. Another important aspect to note was that not all providers offered access to the underlying IaaS layer, which may be an important consideration for firms looking to add their own customisation or automations to fill any gaps in their PaaS provider s capabilities. Vendor Landscape Both AWS service offerings are perceived as market leaders, along with Engine Yard, which has built its PaaS solution on top of AWS Infrastructure. Microsoft Azure, CenturyLink and Heroku are also seen to offer significant benefits, although each with their own limitations. Enterprises that are largely Microsoft shops could see Azure as the logical solution, although a lack of encryption for data-at-rest may limit its use cases. A more detailed comparison is available on request by contacting us at enquiries@citihub.com In terms of high availability features, AWS and CenturyLink led the way with a full range of auto-scaling, load balancing capabilities and support for multiple availability zones. 8

AWS Elastic Beanstalk Of the two AWS offerings evaluated, Elastic Beanstalk was significantly simpler to use. From a functional perspective, it supports all of the development and scripting languages that we evaluated, including Java,.Net, PHP, Node.js, Python and Ruby. In addition, it offers off-the-shelf compatibility with Docker, enabling a standardised container-based approach to application deployment and management, which is becoming increasingly popular. Virtual Private Cloud (VPC) is another core feature of both AWS platforms, which allows users to provision logically isolated sections of the cloud and define virtual network resources. The VPC capabilities offer control over virtual networking environments, including IP address range, creation of subnets, and configuration of route tables and network gateways. These features work well when using AWS as an extension of onpremise networks, helping to enhance security by complementing the security group feature (hypervisorbased firewall) provided by AWS. Finally, AWS also has the best stability track record supported by its availability zone (AZ) concept, which adds further resilience to its multi-region capabilities. + VPC for software defined networking and multi-az + features for improved application availability + Simple to use with good load balancing / scaling + capability while still allowing access to underlying + infrastructure + Comprehensive geographical coverage (US, EU, + and APAC including separate regions for + Singapore, Tokyo, and Sydney + CloudWatch monitoring metrics can be integrated + with other tools such as New Relic Lacks support for Memcached and Chef AWS OpsWorks AWS OpsWorks is a lot more flexible than its sibling Elastic Beanstalk since it uses template configuration to define resource and software configuration. It supports both Chef and Puppet for automated software deployment/configuration and the open source Memcached distributed memory object caching system. Although AWS OpsWorks is one of the most flexible PaaS solution on the market today, it does require a steep learning curve and dedicated expertise to maintain. Citihub would therefore not recommended it for basic tactical deployments of Web Applications. + Flexible and powerful, allowing for complex + environments + Comprehensive geographical coverage + (including Singapore, Tokyo, and Sydney) + Access to underlying IaaS + VPC for software defined networking and multi-az + features for improved application availability Steep learning curve, requiring dedicated expertise and know-how to maintain 9

CenturyLink CenturyLink s AppFog multi-cloud PaaS solution offers strong functional capabilities. Although lacking support for.net and Docker, it offers a good range of managed database engines, including MySQL, MongoDB and PostgreSQL. Interestingly, while the provider uses underlying AWS IaaS to support its existing PaaS offering in the US and Asia, it plans to leverage Microsoft s Azure cloud in Europe. + Comprehensive language support + Hosted Graphite monitoring tool + Leverage AWS and Azure (soon) More expensive than IaaS providers European coverage not yet available Engine Yard Engine Yard s strength as an orchestration and automation engine, which runs on top of AWS Infrastructure, is further complemented by a range of add-ons for simple integration with other systems (such as New Relic). However, the platform does not support the same breadth of languages as AWS s Elastic Beanstalk service. + Runs on AWS IaaS so shares many strengths + Provides expert support in using PaaS + Add-ons to integrate with third-party tools More expensive than AWS Google Google s App Engine solution was seen to impose a significant number of functional limitations, including a lack of support for.net, Node.js, Ruby and Docker. Developers have to use its App Engine API to specifically take advantage of Google s ecosystem which would limit the portability of the application. In terms of cloud migration it is not as simple to deploy existing applications compared to other offerings evaluated. Google s lack of presence in Europe and of a location guarantee may also pose limitations for use cases requiring compliance with data sovereignty laws. Overall, Citihub does not see the solution to be geared up for enterprise use cases. + RPC Appstat monitoring tool + Supports its own ecosystem No European coverage Lack of location guarantee Not geared towards enterprise use cases 10

Heroku Heroku is another PaaS provider that has built its service on top of AWS infrastructure. It offers solid functional and non-functional capabilities, with a particularly strong set of lifecycle integration tools, and support for duplicate environments via Fork. However, the fact that it does not cover APAC could be a stumbling block for global enterprises. In addition, it does not explicitly mention its integration or utilisation of AWS multiavailability zones for resiliency. + Comprehensive language support + Strong release management capabilities + Leverage AWS IaaS More expensive than contracting directly with underlying cloud provider Microsoft Azure Cloud Services Microsoft Azure offers solid functional and nonfunctional capabilities. Like both AWS offerings, it provides support for a full range of languages, although only offers managed database integration for Microsoft SQL and MySQL database engines, which could be seen as a key limitation for firms that use Oracle. Although Microsoft is investing a significant amount in building out Azure s global geographic presence, it does not specifically document multi-zone capabilities. Furthermore, access to underlying IaaS components is not provided, which some may see as significant. + Easy to use and comprehensive language support + Good geographical coverage + A natural choice for Microsoft shops + Making strong investments to bolster capabilities No Oracle support Non-explicit on multiple zone (data centres) support for resiliency No direct access to underlying infrastructure RedHat OpenShift RedHat OpenShift is relatively strong in terms of language support, and its support for SELinux-based secure containers is a unique selling point. It relies on partner solutions for monitoring. Perhaps most importantly, OpenShift s lack of presence in APAC could be a potential deal blocker for global enterprises. + Good language coverage + Support for SELinux-based secure containers Lack of APAC presence 11

Relational Database PaaS Providers All of the evaluated database PaaS providers offer basic benefits of routine database administration and maintenance tasks, (such as patching and creating backups), along with high availability features (such as providing multiple location replication with automatic failover) without complicated setups or administrative overheads. Even so, the divergence in capabilities between providers was more significant than for Web Application PaaS offerings. We view AWS as the leader for database, although enterprises may have specific use cases that will better suit other providers, such as Azure for Microsoft SQL usage or CenturyLink for a replicated secondary DR database. Of particular relevance for enterprises that support a range of database engines was AWS broad functional capabilities, as it is the only provider to offer MySQL, Oracle, PostgreSQL and Microsoft SQL solutions. Equally, in terms of non-functional requirements, AWS led the way in scalability, offering support for databases up to 3TB in maximum size, with the second best provider at only 500GB. That provides ample headroom before sharding is required. Enterprise customers with significant regulatory and compliance restrictions relating to cloud adoption will also see encryption as a key requirement. Although all of the cloud service providers offered support for SSL or equivalent secure connectivity for transporting data in transit, only AWS (with Oracle and MS SQL TDE), CenturyLink (MS SQL TDE) and Google (AES-128) offered capabilities to encrypt data-at-rest. Interestingly, while AWS offers Microsoft SQL Transparent Data Encryption (TDE), this feature is still not supported by Azure. This may change in the near future, which would certainly strengthen the case for Azure as a provider for Microsoft SQL database instances. Vendor Landscape A more detailed comparison is available on request by contacting us at enquiries@citihub.com AWS Relational Database Service AWS RDS (Relational Database Service) scored highest in both functional and non-functional capabilities. In addition, its CloudWatch monitoring service can be integrated with other tools such as New Relic, it offers strong availability features that include read replica for MySQL databases across availability zones and regions, it supports single database instances of up to 3TB (significantly larger than its nearest competitors), and it also has strong security and compliance features. + Full coverage of leading database engines + (including Oracle Enterprise Edition under + Bring Your Own License scheme) + Comprehensive geographical coverage + (including Singapore, Tokyo, and Sydney), along + with location guarantees + Transparent Data Encryption support for both + Oracle (EE) and MS SQL No OS level access and cannot act as a secondary DR database (although it provides multi- availability zone high availability features itself) 12

CenturyLink CenturyLink s Cloud Database service is targeted at enterprise customers and as such is built like a managed database service with SFTP access for download and upload of database files. Given its target audience, it makes sense that it only offers MS SQL and Oracle. One interesting feature is that CenturyLink MS SQL supports log shipping, which is a rare feature for Cloud PaaS. This means that an enterprise can use CenturyLink s Cloud Database service to build a disaster recovery solution where the secondary database is located in the provider s cloud. Although its lack of APAC presence was seen as a key weakness in its current capabilities, we expect this to be resolved as CenturyLink builds out its APAC presence. + One of few vendors to support Oracle and MS SQL + Log shipping for off-site DR solutions Lack of APAC presence Google Google s Cloud SQL service is not seen as a viable option for most enterprises. A lack of support for Oracle, Microsoft SQL or Postgre SQL database engines would certainly limit its use cases. Furthermore, an absence of location guarantees would rule out any use cases that need to accommodate data sovereignty or regulatory compliance. + Good integration with Google s ecosystem Lack of support for Oracle, MS SQL or Postgre SQL No location guarantee Microsoft Azure Microsoft Azure offers a highly resilient and cost effective way to manage Microsoft SQL database instances, supported by strong high availability, BCP and DR features. However, it currently does not offer the capability to encrypt data-at-rest, which would limit its use cases to non-sensitive data. + Good geographic coverage and location + guarantees + Strong high availability, BCP/DR features No encryption for data-at-rest 13

Rackspace Rackspace s Cloud Database service offers strong ecosystem integration capabilities, with APIs that allow developers to query an extensive set of OS and database metrics, for integration with existing monitoring and visualisation tools. However, the fact that it only supports MySQL databases, with a maximum size of 150GB, could be seen as restrictive by most enterprise customers. + Good monitoring tools No encryption for data-at-rest Weak for high availability: only SAN-based replication, with no automated back-up or read replica capabilities sad 14

Conclusion The long term trend towards enterprise adoption of public cloud services is unquestionable. As part of that trend, PaaS providers offer a compelling proposition, helping to accelerate time-to-market with new software developments, simplify ongoing maintenance, and further strengthen the economies of scale inherent in IaaS delivery models. In addition, as providers continue to invest in their platforms, the architectural limitations of engaging further up the technology stack are diminishing, strengthening the case for adoption. This paper provides a high level evaluation of eight leading Web application and five database PaaS solutions. Only summary findings have been presented, and this report is not intended to support final procurement decisions, only to serve as a high level summary of the landscape. In order to select the right PaaS provider, each enterprise will need to create a structured set of requirements based on their target use cases against which to judge the different offerings. Those requirements will include functional and non-functional capabilities, ease of integration with existing ecosystems, along with capabilities aimed at addressing risk, security and compliance requirements. All of these categories present potential stumbling blocks for enterprise adoption of PaaS. For more information, please contact us at enquiries@citihub. com Author Mark Wong Mark is a certified AWS solutions architect working from our Hong Kong office. He was previously with Deutsche Bank, responsible for their equity derivatives market making and proprietary trading platform in the APAC region. 16

Contact Us EMEA Richard Hamstead, Richard.Hamstead@citihub.com 1 Canada Square London E14 5AB +44 207 536 5801 Bellerivestrasse 201 CH-8008 Zurich +41 44 562 7101 AMERICAS Keith Maitland, Keith.Maitland@citihub.com 757 3 rd Avenue, 20 th Floor New York, NY 10017 +1 212 878 8840 The Dineen Building 140 Yonge Street, Suite 200 Toronto, Ontario M5C 1X6 +1 416 848 1499 ASIA PACIFIC Chris Allison, Chris.Allison@citihub.com 20 th Floor, 1 IFC Hong Kong +852 8108 2777 137 Market Street Level 5, Office 505 Singapore 048943 +65 3152 2777 About Citihub Consulting Citihub Consulting is a global, independent IT advisory firm with deep domain expertise across every layer of the technology stack from business applications and data platforms down to core infrastructure. From IT strategy, architecture and solution development, through to cost optimisation, risk assessment and implementation our trusted experts deliver the right results for your business. For us consultancy is personal. We have a relentless commitment to great execution, integrity and client success. We aim to redefine perceptions of our industry and our commitment to delivering the right results for our clients has never changed, even as the business has grown consistently over the last decades. 2013/14 clients include 7 of the top 10 investment banks and 2 of the top 5 hedge funds. For more information, please visit www.citihub.com 16

2014 Citihub Consulting. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information