Shared Services Canada Cloud Computing Architecture Framework Advisory Committee Transformation, Service Strategy and Design January 28, 2013 1
Agenda TIME TOPICS PRESENTER(S) 09:00 9:15 Opening Remarks and Objectives December 17 th Meeting Review B. Long, Chair W. Daley, Vice-Chair 09:15 09:25 From Cloud Framework to Cloud Service P. Littlefield 09:25 09:35 Cloud Use Cases for Discussion P. Littlefield 09:35 10:15 Breakout Group Discussions All 10:15 10:30 Health Break 10:30 11:00 Report from Group Leads Group Leads 11:00 11:30 Cloud Platforms for Discussion P. Littlefield All 11:30 11:55 Round Table All 11:55 12:00 Closing Remarks B. Long 2
Cloud Computing: Defining SSC s Role Internal Private Cloud and External Cloud services should be defined by the same service architecture? Cloud Consumer Cloud Auditor Security Audit Privacy Impact Audit Performance Audit Cloud Orchestration Service Layer IaaS IaaS PaaS SaaS PaaS SaaS Resource Abstraction and Control Layer Physical Resource Layer Hardware Facility Cloud Provider Cloud Carrier Cloud Service Management Business Support Provisioning / Configuration Portability /Interoperability Cross Cutting Concerns: Security, Privacy, etc. Cloud Broker Service Intermediation Service Aggregation Service Arbitrage SSC could be the Cloud Broker and could also be a Cloud Provider Some private cloud services could be provided by SSC This would be the Community Cloud The Cloud Broker would ensure multivendor management 3
Taking The National Institute Of Standards And Technology (NIST) To A Service 4
Taking NIST To A Service Continued 5
Taking NIST to a Service Continued 6
Taking NIST to a Service Continued 7
Cloud Deployment Models Cloud Deployment Model GC Private Cloud On-Premise GC Private Cloud Off-Premise GC Virtual Private Cloud GC Dedicated Physical Infrastructure GC Controlled and Dedicated DC Facility Vendor Controlled and Shared DC Facility Yes Yes n/a Yes No Yes No (virtual dedicated only) Public Cloud No No Yes No Yes 8
Challenges Revisited Requirements Connecting resources across clouds and vendor premises Managing identity, federation, and access control Appropriate segregation of data in a multi-tenancy environment Extending on-premises security and operations management practices to the cloud Government of Canada as one tenant Latency and other performance-related considerations Network capacity and capability 1. How should SSC address these challenges? 2. What architectural artefacts and supports are required to support SSC leveraging cloud services going forward? 3. What criteria should SSC use to decide which services would be best for cloud service models? 9
Use Case Scenarios Recapitulation of your feedback from December 17: Don t do too much all at once Keep it simple Crawl, walk, run Start with a couple of simple Use Cases Three use cases for infrastructure as a service (IaaS) # 1 Simple File-based Storage # 2 Table/Block-based Storage # 3 Linux/Windows Computing as a Service Discussion on Attributes / Definitions / Feasibility / Opportunities / Challenges 10
Use Case # 1 File Based Storage Description File-based storage 20GB of new data per day Scale to 200GB per day of new data Graduated price: price / volume Monthly service uptime: 99.99 (measured monthly) Annual uptime: 99.99 (52.56 minutes per year) Uptime Credits: 99.99 99.9-5% 99.9 99.95-10% 99.94 99.0-25% Less than 99.0-40% Three-year contract month to month commitment Data must be resident In Canada Data must be inside the SSC Operational Zone (OZ) Service Levels Tier 1 Primary Storage: 0-29 days old Access latency: 100ms Recovery Point Objective: 4 Hours Recovery Time Objective: 8 Hours Provisioning Time for 1PB Less than 60 Minutes Tier 2 Secondary Storage: 30-89 days old Access latency: 250ms Recovery Point Objective: 4 Hours Recovery Time Objective: 8 Hours Security: Must be within the SSC Operational Zone (OZ) Data Residency: Data must stay in Canada Provisioning Time: 1PB less than 120 minutes Archive Storage Day 90 or older: Archive or Tier 3 Storage Access latency: 5 minutes Data Residency: Data must stay in Canada Security: Must stay within the Operational Zone (OZ) Provisioning Time: 2PB less than 72 hours 11
Use Case # 2 Table/Block Storage Description 20GB of new data per day Scale to 200GB per day of new data Graduated price: price / volume Monthly service uptime: 99.99 Annual uptime: 99.99 (52.56 minutes per year) Uptime Credits: 99.99 99.9-5% 99.9 99.95-10% 99.94 99.0-25% Less than 99.0-40% Three year contract month to month commitment Data must be resident In Canada Data must be inside the SSC Operational Zone (OZ) Three year contract with month to month commitment Pay only for volume used Service Levels Tier 1 Primary Storage: 0-29 days old Access latency: 100ms Recovery Point Objective: 4 Hours Recovery Time Objective: 8 Hours Security: Must be within the SSC Operational Zone Data residency: Must stay in Canada Provisioning Time: less than 60 minutes Tier 2 Secondary Storage: 30-89 days old Access latency: 250ms Recovery Point Objective: 4 Hours Recovery Time Objective: 8 Hours Security: Must be within the SSC Operational Zone (OZ) Data Residency: Data must stay in Canada Provisioning Time: Less than 60 minutes Archive Storage Day 90 or older: Archive or Tier 3 Storage Access latency: 5 minutes Data Residency: Data must stay in Canada Security: Must stay within the Operational Zone (OZ) Provisioning Time: Less than 48 hours 12
Use Case # 3 Wintel/Lintel IaaS Description Service must provide virtual machine, storage, network and additional features such as firewall and security Must be able to provision in less than one (1) hour Include operating systems software: Windows / Linux OS All versions N-1 and N-2 Optional ordering in the following increments Small 1 VCU, 2 VMU,100GB Storage (including OS) Medium 2 VCU, 4VMU, 200GB Storage (including OS) Large 4 VCU, 8 VMU, 600GB Storage (including OS) Incremental computing, memory and storage units VCU = Virtual Compute Unit = equivalent to 1.0 GHz single-core Xeon processing VMU = Virtual Memory Unit = 4GB RAM Memory VSU = Virtual Storage Unit = 10GB storage Dynamic re-allocation of running virtual machines from one physical server to another with no impact to end users Service Levels Security: Supports a security profile of Protected B with Medium Integrity and Medium Availability in a multi-tenant environment Basic Service Levels: Hours of Service 24 x 7 Availability Target 99.9% up-time measured monthly Service Desk 24 x 7 Technical Support 12 x 7 standard, 24 x 7 optional Service Delivery On-demand Provisioning time: Less than 60 minutes Real-time failover as an optional Capacity upgrades both computing and storage available on-demand on a 24 x 7 basis without operator intervention Business continuity and DR provisions 13
Use Cases: Breakout Questions 1. Is this a relevant Use Case? 1a) If so Why? 1b) If not Why not? 2. Can we comply with the NIST Cloud standard definition and meet these service levels? 2a) If so How? 2b) If not Where are the gaps? 2c) Other comments. 14
Data Centre Platform Technologies Options Selection Criteria Performance Security Reliability/Availability Skills availability Ecosystem support Market trend Application support Interoperability GC current state Open standards compliance Application Framework Web/Application Technology Landscape Open Source Apache/ PHP.Net J2EE COTS Platform as a Service IIS/ASP JDBC/ODBC/Native Java Web/App Server Database MySQL MS SQL Oracle DB2 OS Container Infrastructure as a Service Linux Windows UNIX z/os Virtualization Target Services Web Hosting Application Hosting Enterprise Resource Planning Document Mgmt. Collaboration Virtual Desktop Infra. File Services DB/Data Warehouse Utility Computing Hardware x86 RISC System z 15
Data Centre Platform Technologies Example Selection Criteria Performance Security Reliability/Availability Skills availability Ecosystem support Market trend Application support Interoperability GC current state Open standards compliance Application Framework Web/Application Database OS Container Java Application Hosting Open Source MySQL Linux Apache/ PHP.Net JDBC/ODBC/Native MS SQL Windows IIS/ASP J2EE Platform as a Service Oracle UNIX Virtualization Java Web/App Server Infrastructure as a Service COTS DB2 z/os Target Services Web Hosting Application Hosting Enterprise Resource Planning Document Mgmt. Collaboration Virtual Desktop Infra. File Services DB/Data Warehouse Utility Computing Hardware x86 RISC System z 16
Data Centre Platform Technologies - Questions 1. Do we have the Platform Technology options right? 1a) If no, which ones are missing? 1b) If yes, which ones should be Grown vs. Sustained vs. Sunset? 2. Do we have the Selection Criteria right? 2a) If no, which ones are missing or should be changed? 3. Do we have the Target Services right? 3a) If no, which ones are missing or should be changed? TBD Sustain Grow Sunset 17
Closing Remarks and Timeline Feedback by email or by phone always welcome Timeline and next meeting: February 2013 December 17, 2012 January 28, 2013 February 2013 March 2013 GCCC Architectures thoroughly discussed with AFAC members Revised GCCC architectures feedback Incorporated Platform strategy thoroughly discussed Revised GCCC architectures endorsed by AFAC Platform strategy feedback incorporated Revised GCCC Platform endorsed by AFAC ICAM strategy thoroughly discussed with feedback 18