Private PaaS 101: What It Is and Why You Need It Insulate Your Cloud with the Stackato Secure Middleware Layer
Private PaaS 101: What It Is and Why You Need It Insulate Your Cloud with the Stackato Secure Middleware Layer For the real-world enterprise, the cloud promises flexibility, efficiency, and convenience. The CIO wants ROI. The DevOps lead wants to scale. And the developer wants to launch apps fast. But those attractions mask realistic potential risks to data integrity, privacy, and even peace of mind. Cloud computing particularly the public-cloud model delivers flexibility, efficiency, and convenience, but at the potential cost of a loss of data governance, application oversight, and risk management. And that s enough to make even the earliest of early adopters hesitate to move to the cloud. Stackato from ActiveState is the application platform for creating a private PaaS using any language on any stack on any cloud. Private Platform-as-a-Service, or private PaaS, enables the real-world enterprise to reap the benefits of cloud computing while preserving the order of on-premise managed IT. And that s the promise of the cloud delivered. Cloud Computing: What it is and why you need it In general form, cloud computing is computing power offered as a service. An enterprise deployed to the cloud connects and works; with infrastructure, platform, and software management outsourced to a service provider (or service providers). The cloud is the abstracted residence of the enterprise s data and applications. In reality, the enterprise s data is stored in (and mirrored between) the service provider s datacenters, the data s physical location most often hidden from its owners. Cloud computing offers elastic software services for enterprise customers. One of the great things about virtualization is the virtual part: Abstracting software as a service shields end users from the challenges of managing scalability. Without cloud virtualization, scaling apps to meet growing business needs requires resource, time, and hardware investment. In the cloud, that scalable capacity accommodation is there for the taking (and the right price). Clouds can (and should) take several forms, depending on the business needs of the cloud implementing organization: On a public PaaS, you need to ask several questions: In a public cloud, service providers offer application and data-hosting on their hardware in their datacenters. They price by storage space, number of virtual machines served, or even traffic. A private cloud is the self-hosted equivalent of the public cloud, with infrastructure and applications served from on-premise hardware. As its name suggests, a hybrid cloud combines both models, with some data and applications delivered locally, and some deployed to a third party public cloud (as business needs dictate). The basic value proposition for public and private clouds is the same: Use shared computing resources on an as-needed basis for minimizing costs and increasing flexibility. The key difference is who is in charge of providing those shared resources. If an organization is big enough, it can justify being its own service provider. 2
There are many proprietary and open-source cloud computing platforms supporting private cloud deployment. Vendors like OpenStack, Eucalyptus, ware, CloudStack, and others provide virtualization management functionality for setting up and running cloud computing infrastructure. Many companies have already made investments in this technology and are in the process of populating their private clouds with applications. However, virtualization alone does not make a private cloud. The challenge is to provide an easy way for internal consumers of these services, such as developers, to use them efficiently, effectively, and safely without the intervention of an already overburdened IT staff. How to bake a cloud cake There are three layers to the cloud cake. The bottom layer is the Infrastructure-as-a-Service layer, or IaaS. In a public cloud model, cloud service providers like Amazon or Rackspace or HP Cloud Services provide this foundation for developers and enterprises to build upon. In a private cloud environment, the IaaS is hosted internally within an organization using solutions such as OpenStack, CloudStack, Eucalyptus, or OpenNebula. The top layer is Software-as-a-Service, or SaaS, the application frosting, as it were, and that s what s ultimately served to the end users, be they internal employees or external customers. Stackato: A Cloud Application Platform for Creating a Private PaaS 3
Between the infrastructure and application cloud cake layers lies the Platform-as-a-Service layer, or PaaS. The PaaS presents data and applications to end users, providing the connection between the cloud cake s infrastructure and software. In one sense, PaaS acts as a translator, facilitating different applications to communicate with and be served from different types of infrastructure. PaaS is essential to cloud-computing efficiency: Without a PaaS, each application would have to be customized to run on each type (and in some cases, each instance) of infrastructure an expensive and impractical option. PaaS 101: The good, the bad, and the expensive PaaS abstracts application hosting from physical or virtualized hardware, so that the people deploying applications do not have to concern themselves with anything but the application code. Source code is pushed to the PaaS, which configures everything the application needs to run. Developers have moved to this model in droves as it saves significant time and effort that would otherwise be spent configuring the application hosting environment. From the perspective of the single-stack PaaS or shared hosting provider, it s an efficient model that allows them to share virtualized hardware between multiple tenants very efficiently. However, applications have to conform to strict coding standards, since choice of language runtimes, application framework modules, web servers, and database engines are typically limited by the provider to keep the stack simple and maintainable. An enterprise can spend time and money to develop or refactor code to run on a specific PaaS, but that introduces daunting switching costs. In the worst case, the tenant becomes locked in to the PaaS provider s technology and proprietary pricing model. An enterprise starting development from scratch might be able to commit to a single vendor and produce new apps to fit a hosting provider s guidelines. But most enterprises aren t starting from scratch, and face the prohibitively expensive hurdle of rewriting legacy applications when they move to a new service provider. PaaS 102: In search of security in an elastic world To provide elasticity, public cloud architectures rely on multitenancy Picture a shared cloud playground for applications. As long as there s a big wall around that playground, no problem. Right? Not exactly. The public PaaS security model one wall surrounding multiple apps isn t secure enough for the real-world enterprise. The public PaaS conceptually protects apps from the big bad world outside the public cloud provider s datacenter(s). Multitenancy is part of what makes the cloud attractively elastic Multiple apps share the storage playground, moving around to accommodate shifts in business application or data demand. In the best case, that flexible movement is transparent auto-scaling. At worst, it s apps in a confined space slamming into each other like bumper cars. 4
PaaS runs on the cloud infrastructure chosen by the provider. Applications separated by system user-level permissions. Public Cloud LANGUAGE RUNTIME WEB SERVER Web server and runtime shared by all applications. Tenants and applications share the operating system. OPERATING SYSTEM VIRTUAL MACHINE Public PaaS Public-cloud hosting provides a public PaaS security wall to protect apps and data from outside threats. But the shared tenancy model is only as safe as its tenants weakest vulnerability. A successful data attack on one application can compromise all applications within that multi-tenant space. (Steal the keys to one bumper car and drive them all!) The solution to the operational limitations of a public PaaS? Stackato, the application platform for creating a private platform as a service using any language on any stack on any cloud. Introducing Stackato, the secure middleware layer for any cloud Stackato is private PaaS in a box, a cloud application hosting platform under direct control. Using Stackato, developers, release engineers, or administrators can push applications developed in any language or framework to a multi-language, multi-framework, flexible private PaaS. With Stackato, those enterprises can take advantage of PaaS capabilities, while maintaining control and governance over systems and data. Stackato intelligently packages, extends, and integrates the capabilities of various proven open source packages, including Cloud Foundry, to meet the ever-evolving needs of enterprise development and IT departments. 5
Stackato can be deployed on any hypervisor or cloud infrastructure (public or private). JAVA TOMCAT PYTHON uwsgi PHP APACHE CONTAINER CONTAINER CONTAINER Any Cloud RUBY THIN PERL uwsgi JAVA TOMCAT Application instances have their own secure virtual container, webserver and runtime. Applications are fully isolated from each other. Host system is protected from applications and can properly enforce CPU and memory limits. CONTAINER CONTAINER CONTAINER OPERATING SYSTEM VIRTUAL MACHINE Private PaaS A Stackato private PaaS is inherently more secure than a one-bigwall public PaaS alternative, and brings calm to the potentially contentious cloud playground. Whether deployed to a private, public, or even hybrid cloud, Stackato s innovative containerization technology envelops individual applications, shielding them from shared-playground rogue applications potential bad behavior, be it space-hogging encroachment or something more malicious. Maintaining data security means staying ahead of attacks, and there s no way to say with absolute certainty that a data protection wall cannot be breached. But with Stackato s secure middleware technology in place, there s no hack-once-compromise-all reward. In the Stackato private PaaS model, an organization s IT department becomes the platform provider, cutting out the middleman and keeping the application hosting framework and data storage completely under the control of the organization s own IT department. For enterprises that have already implemented a private cloud, Stackato adds a conduit for developers and DevOps groups to push applications to that cloud without the intervention of IT staff. The same easy workflow provided by third-party PaaS can be offered in house, under the control of corporate IT. But even more critically, with Stackato, data stays under control. Instead of relying on third parties, corporate IT manages its own applications and enjoys complete oversight. 6
The Stackato is available in popular hypervisor formats (VirtualBox, ware Player/Fusion, vsphere, K, EC2 AMI), and can be run on its own as a single-node Micro Cloud providing all of the services offered by a full cluster. Developers can use the Stackato Micro Cloud on a local machine to emulate a production environment and test applications before deploying to the corporate cloud. Stackato is available in Enterprise and Micro Cloud editions, and can be accessed from many popular cloud infrastructure providers (such as Amazon and HP Cloud Services). Developers and enterprises can also trial Stackato on the ActiveState Stackato Sandbox. Learn more at http://www. activestate.com/stackato. Conclusion: Get secure. Get flexible. Get Stackato. Stackato empowers enterprises and developers to develop, deploy, and manage their cloud applications. The CIO gets ROI. The DevOps lead gets flexibility to scale. And the developer can launch apps fast. Stackato protects data from rogue apps and security breaches, and that s the most effective form of cloud control. An enterprise with a Stackato private PaaS middleware layer will preserve cloud order, reduce risk, and most importantly, enjoy peace of mind. 7
Learn More. Try Stackato. Are you interested in a private PaaS? Sign up for the Stackato Micro Cloud to try it today, or test it out on a Sandbox on Amazon EC2. Go to /stackato Looking for pricing information? Contact us for options and a quote today. What s Included in Stackato Web Servers Data & Messaging Services Languages Web Frameworks Nginx MySQL ActivePython Django Sinatra Apache PostgreSQL ActivePerl Pyramid Spring Apache Tomcat MongoDB Java Flask Rack Apache TomEE Redis PHP Bottle Standalone RabbitMQ Ruby Mojolicious Grails Filesystem Node.js Catalyst Lift Memcached Erlang Dancer Play Mono Scala Rails Clojure ActiveState Software Inc. 1700-409 Granville Street Vancouver, BC V6C 1T2 Canada stackato-sales@activestate.com Phone: +1.778.786.1100 Fax: +1.778.786.1133 Toll-free in North America: 1.866.631.4581 About ActiveState ActiveState empowers innovation from code to cloud smarter, safer, and faster. ActiveState s cutting-edge solutions give developers and enterprises the power and flexibility to develop in Java, Ruby, Python, Perl, Node.js, PHP, Tcl, and more. Stackato is ActiveState s groundbreaking cloud platform for creating a private platform as a service (PaaS), and is the cost-effective, secure, and portable way to develop and deploy apps to the cloud. ActiveState is proven for the enterprise: More than two million developers and 97% of Fortune-1000 companies use ActiveStateís end-to-end solutions to develop, distribute, and manage their software applications. Global customers like Cisco, CA, HP, Bank of America, Siemens, and Lockheed Martin look to ActiveState to save time, save money, minimize risk, ensure compliance, and reduce time to market. 2013 ActiveState Software Inc. All rights reserved. ActiveState, Komodo,, ActivePerl, ActivePython and Stackato are trademarks or registered trademarks of ActiveState. All other marks are property of their respective owners.