[PDF]Cloud Computing Concepts - Rackcdn.comhttps://c368768.ssl.cf1.rackcdn.com/...
2 downloads
163 Views
175KB Size
CLOUD COMPUTING CONCEPTS Understanding the core components of a cloud computing infrastructure and how to use enStratus to make them work for your organization.
December 5, 2009 Version 1.0
Copyright © 2009-2010 enStratus Networks LLC
1201 Marquette Ave Suite 150 Minneapolis, MN 55403
http://www.enstratus.com
enStratus System Documentation – Cloud Computing Concepts
OVERVIEW The term “cloud computing” carries a wealth of contextual baggage into any conversation. While this document presents its own definition of cloud computing, it’s objective is not to sell a specific definition to you. Instead, we discuss what cloud computing means in the context of deploying IT systems traditionally managed in a corporate data center or a managed hosting environment into a cloud infrastructure controlled through enStratus.
Who Should Read This Guide This guide is for anyone trying to understand how enStratus talks about cloud computing. It provides a high-level overview of cloud computing from the enStratus perspective as well as definitions for concepts critical to succeeding with enStratus in the cloud.
Required Knowledge This guide is for a general audience. Both non-technical people as well as technically proficient readers will benefit from the foundation established in this guide. Understanding the concepts in this guide is also critical to understanding the content provided in most all other enStratus documentation.
Contents We start with the enStratus answer to the basic question, “What is cloud computing?”
Copyright © 2009-2010 enStratus Networks LLC
1
enStratus System Documentation – Cloud Computing Concepts
WHAT IS THE CLOUD? Though cloud computing is a technical concept, it is not any particular technology. You will likely disagree with elements of any definition of cloud computing we might provide you. That’s OK. We simply want to explain what we think the essentially characteristics of cloud computing are, why they matter to most business, and how enStratus looks at them.
Hardware Is Not My Problem The simplest (and perhaps a bit oversimplified) definition of cloud computing from our perspective is any technology service in which the hardware supporting that service simply isn’t your problem. By “not your problem”, we mean: • You don’t have to worry about procurement • You don’t have to budget for a capital expense • You do not hold an asset that will depreciate over time • You do not have to fix the asset if it fails • You do not have to worry about obsolescence of the asset Think about the impact on your business of all these things.
Copyright © 2009-2010 enStratus Networks LLC
2
enStratus System Documentation – Cloud Computing Concepts
Procurement When you decide you need new hardware, how much time elapses between the time you commit to getting the hardware and it is available to use in a usable state? In start-ups (assuming the cash is on hand to make the purchase), the elapsed time is a few days to two weeks. In larger organizations we have seen situations in which procurement of new hardware can take from six weeks to six months. This lost time has a tremendous cost on a business in terms of missed opportunity costs and the impediments it creates to taking on smaller projects. Cloud computing eliminates the period of time between commitment and possession. Once your project is approved, you can have the equivalent cloud assets serving your needs within 10 minutes. Because there is no capital cost, the approval process also tends to be much simpler.
Capital Expenses Any capital expense is a drain on business. In its most basic form, a capital expense is something you have today that will not provided all of its benefits until some period in the future. When you purchase a server, for example, you are paying for all of the benefits today—yet you receive them gradually over time. In most cases, the highest benefits come towards the end of the asset’s lifecycle. Capital expenses are risky because you are committed to the expense, but you may never see any benefits associated with the expense. The server might break down. The company may cancel the project. Yet, any time a company purchases hardware, they are accepting this risk. Cloud computing eliminates capital expenses from the equation. You pay for computing resources on-demand. In other words, you pay for them when you start using them and
Copyright © 2009-2010 enStratus Networks LLC
3
enStratus System Documentation – Cloud Computing Concepts
you pay for them only as long as you use them. If the project is canceled, you simply shutdown your cloud resources and having nothing further to pay for.
Depreciation We’ve talked about the difference between the time you have to shell out money for a capital expense and the time across which you receive benefits for the assets it purchased. Because of this difference, accountants treat capital purchases different from other kinds of expenses. When you buy a server, you lose the cash today, but it is not considered an actual expense today. Instead, from an accounting perspective, it becomes a depreciable asset whose cost is expensed over the course of the lifetime of the asset. Depreciation does not rank as one of the biggest issues with traditional computing models, but it is a significant headache for smaller companies and can complicate ROI calculations for project teams in larger companies. With cloud computing, the concept of depreciation goes away because you are paying for assets as you use them up.
No Repairs What happens when a server fails? If you are lucky, you have a spare on hand that you can bring up to replace the failed server within hours. Most people aren’t that lucky, and the annoyances with hardware failures don’t simply end with downtime. Many people don’t have spares ready to launch. Instead, it’s not uncommon for smaller companies to have to go through some kind of procurement process or a return merchandise process or hardware repair process to get the system fixed. In larger companies, the turnaround on fixes might be quicker, but there’s still some downtime or loss in system performance associated with most hardware failures. Even if you’re setup with fully redundant systems that suffer now downtime or performance degradation when you lose components, you still have to deal with the process of taking a server out of service and repairing or replacing it. That’s a lot of hassle. Copyright © 2009-2010 enStratus Networks LLC
4
enStratus System Documentation – Cloud Computing Concepts
In the cloud, server failures are not generally your problem. They fail in the middle of the night and you never know anything happened. Even when the virtual machines that have replaced your servers fail, you can leverage enStratus to make sure their recovery occurs automatically.
Obsolescence What happens when your needs outgrow the hardware you carefully procured a year ago? You probably have to go through another procurement process to justify the replacement of the obsolete hardware and the pain of replacing the hardware. Cloud systems enable you to scale horizontally very well, and vertically in some ways that exceed traditional systems. By horizontally, we mean you can add another virtual server into the mix and get additional processing power without having to take down your system. It also means you can shutdown systems when they are no longer needed. Vertical scalability in the cloud is both easier and harder than traditional scaling. Vertical scaling means adding more power to existing hardware or purchasing special-purpose hardware to support the unique needs of a particular application. The cloud is very good at the former, but terrible at the latter. If your application needs more CPU or RAM, enStratus can migrate you to more RAM or CPU while the system is running.
Formally Defining Cloud Computing The most commonly accepted definition of cloud computing comes from NIST (the National Institute of Standards and Technology). You can download the definition in their words from http://csrc.nist.gov/groups/SNS/cloud-computing. Briefly, they define cloud computing in terms of five essential characteristics, three service models, and four deployment models. We don’t use this definition very often because of its technical nature, but it’s useful to be familiar with it.
Copyright © 2009-2010 enStratus Networks LLC
5
enStratus System Documentation – Cloud Computing Concepts
Essential Characteristics The five essential characteristics of cloud computing according to NIST are: • On-demand self service • Broad network access • Resource pooling • Rapid elasticity • Measured service
Service Models Service models define how your consume cloud services. NIST’s definition allows for three different service models: • Cloud Software as a Service (SaaS) • Cloud Platform as a Service (PaaS) • Cloud Infrastructure as a Service (IaaS) enStratus is a SaaS application that enables you to manage IaaS (and some PaaS) elements.
Deployment Models Deployment models describe the deployment infrastructure supporting a cloud system. NIST identifies four deployment models: • Public clouds • Hybrid clouds
Copyright © 2009-2010 enStratus Networks LLC
6
enStratus System Documentation – Cloud Computing Concepts
• Private clouds • Community clouds The key distinguisher among these deployment models is how much of the hardware sits outside of your control.
Terminology cloud storage Cloud storage has no real analog in the traditional computing space. Cloud storage enables you to place data objects “in the cloud” with the confidence that they can survive just about anything. Typically, data you store in the cloud is replicated around the globe (you have some controls over this) so that it is recoverable no matter what kind of failure may occur. Unfortunately, some cloud vendors call their cloud storage-like services cloud storage, but they don’t have the resiliency of true cloud storage. If a single data center can catch fire and destroy your data, then it isn’t true cloud storage. CloudFiles The name of the cloud storage system of the Rackspace Cloud. CloudServers The name of the compute cloud provided by the Rackspace Cloud. block storage device A block storage device is any kind of low-level storage system that behaves roughly in the same manner as a disk attached to a server or a SAN connected to a server via a network. A server can format and use a block storage device just like it would use any other attached disk drive. Copyright © 2009-2010 enStratus Networks LLC
7
enStratus System Documentation – Cloud Computing Concepts
EBS volume Elastic block storage volume. Amazon’s term for a block storage device. EC2 Amazon’s compute cloud, also known as the Elastic Compute Cloud. Elastic IP address A static IP address allocated to you by Amazon Web Services. Infrastructure as a Service (IaaS) Infrastructure as a Service is the delivery of virtualized equivalents of raw hardware resources as a cloud service. There are typically three major kinds of IaaS services: • Compute services, or access to computing power and the basic elements of servers and networking in a virtualized environment • Storage services, or distributed, storage and replication unstructured data • Database services, or virtualized storage and replication of structured data instance An instance is an Amazon term for a virtual server running in its cloud. Platform as a Service Platform as a service is the delivery of a platform on which you can deploy specially crafted software. You know nothing about the hardware on which it is deployed. persistent compute There are two kinds of compute resources in the cloud: persistent and ephemeral. Until recently, AWS was ephemeral and everyone else was persistent. Since the introduction of boot EBS volumes, you have the option to make AWS persistent. Persistent compute Copyright © 2009-2010 enStratus Networks LLC
8
enStratus System Documentation – Cloud Computing Concepts
instances/virtual servers are instances that whose state is preserved in the event of shutdown or failure. S3 Amazon’s cloud storage service, also known as Simple Storage Service. snapshot A backup of a block storage device that represents the state of the device at a specific period in time. Snapshots happen instantaneously and thus are the least intrusive form of backup available. Unfortunately, they are not portable across clouds. Software as a Service (SaaS) Software as a Service is the delivery of software over the Internet through a browser interface. SaaS is the cloud replacement for software traditionally sold as packaged software. Oracle becomes SalesForce.com. Microsoft Exchange becomes Google Apps for Business. QuickBooks becomes Xero. virtualization Virtualization is a technology that enables you to run any number of virtual servers on top of a single server. The most widely encountered form of virtualization is the kind that Mac users employ to run Windows on their Macs. The Windows instance running inside a Window on your Mac is the “virtual machine”. It thinks it is running on real hardware, but in reality it is running in a protected environment within the Mac operating system. The kind of virtualization in cloud computing is much more sophisticated.
Copyright © 2009-2010 enStratus Networks LLC
9
enStratus System Documentation – Cloud Computing Concepts
CLOUD PROVIDERS A cloud provider is an organization that provides cloud computing services. In this sense, enStratus is a cloud provider supporting a Software as a Service platform that enables you to manage your cloud infrastructure. Throughout enStratus documentation, however, we have a more specific meaning for “cloud provider”. In the enStratus world, a cloud provider is any source of virtual hardware or software services that enStratus manages. As of the writing of this document, enStratus manages the following cloud providers: • Amazon Web Services (http://aws.amazon.com) • The Rackspace Cloud (http://www.rackspacecloud.com) • ReliaCloud (http://www.reliacloud.com) • Any private cloud using VMware, VMOps, Xen, or KVM via Eucalyptus We will soon be supporting GoGrid and VMware private clouds via vCloud. By the team you read this guide, it’s likely we’ll be supporting many more. More abstractly, we can likely support any cloud that allows you to procure virtual hardware assets on-demand via API.
Amazon Web Services Amazon Web Services created the business model around Infrastructure as a Service. They provide a number of different cloud infrastructure services:
Copyright © 2009-2010 enStratus Networks LLC
10
enStratus System Documentation – Cloud Computing Concepts
• Amazon EC2 • Amazon S3 • Amazon CloudFront • Amazon SimpleDB • Amazon Relational Database Services • Amazon Virtual Private Cloud We support most all elements of these services with plans to implement any parts we don’t currently support.
Amazon EC2 Amazon EC2 stands for “Elastic Compute Cloud”. It’s essentially virtual servers by the hour. There are other aspects to EC2; nevertheless, people are mostly referring to the virtual server aspect and its supporting elements when they refer to EC2. Amazon refers to virtual servers as EC2 instance. You create EC2 instances by launching a server from an “Amazon Machine Image” (AMI). An AMI is basically your raw system configuration stored away somewhere from which many copies of a server can be launched. After you launch an EC2 instance, you can create a new AMI from that instance and launch new instances based on that new AMI. To store your data, you can attach any number of block storage devices called EBS volumes to the instance. You can take regular backups of these EBS volumes in the form of snapshots.
Amazon S3 Amazon Simple Storage Service (S3) is Amazon’s cloud storage service. This system is capable of replicating your data all over the world. You also have control over the Copyright © 2009-2010 enStratus Networks LLC
11
enStratus System Documentation – Cloud Computing Concepts
replication regions in case you are required not to share data outside of a specific region (like Europe, for example).
Amazon CloudFront Amazon CloudFront is a content distribution network (CDN) like Akamai that uses Amazon S3 to push your public-facing content closer to the people consuming it. When you place data in S3 and make it available via Amazon CloudFront, a person requesting that data will generally get it from a location closest to them.
Amazon Simple DB Amazon Simple DB is a key/value database management system. It is great for the scalable, rapid storage and retrieval of data that does not require the overhead of a relational database management system.
Amazon Relational Database Services Amazon Relational Database Services (RDS) is the relational version of Amazon Simple DB. Amazon provides relational endpoints (currently MySQL 5.1 databases) to which you can store complex data.
Amazon Virtual Private Cloud Amazon Virtual Private Cloud (VPC) enables you to extend your internal network into the Amazon cloud. You can set up a VPN connection between AWS and your internal network, provisioning AWS resources like EC2 instances that are hidden from the rest of the world and routed through your VPN.
Copyright © 2009-2010 enStratus Networks LLC
12
enStratus System Documentation – Cloud Computing Concepts
The Rackspace Cloud The Rackspace Cloud is a combination of three main cloud service offerings from Rackspace: • CloudServers • CloudSites • CloudFiles In addition, the Rackspace Cloud integrates with the Limelight network CDN.
CloudServers CloudServers provides persistent cloud compute services. You have the ability to create servers in the Rackspace Cloud on-demand and assign them any number of IP addresses. Because Rackspace Cloud servers are always persistent, they will specifically survive until you destroy them.
CloudSites CloudSites is a web site hosting system that enables you to manage the deployment of web sites into an auto-scaling cloud platform.
CloudFiles CloudFiles is the cloud storage system for the Rackspace Cloud. You can place critical files in CloudFiles and have them replicated across the Rackspace infrastructure for redundancy.
Copyright © 2009-2010 enStratus Networks LLC
13
enStratus System Documentation – Cloud Computing Concepts
ReliaCloud ReliaCloud is a cloud infrastructure offering from Minneapolis-based VISI. It is a recent entry in the cloud computing market focused on providing a local face for cloud computing in the Upper Midwest. As of the writing of this guide, ReliaCloud is a compute-only service in beta with plans to introduce a storage service very soon. ReliaCloud compute resources are both persistent and high-availability. As persistent compute, ReliaCloud instances survive the shutdown or failure of the virtual machine. They are also high-availability in that ReliaCloud instances will migrate at runtime from failed physical infrastructure so that you don’t see any downtime associated with the underlying hardware failure.
Eucalyptus Eucalyptus is not a cloud provider, but instead an interface for tools like enStratus to talk to different kinds of clouds. Eucalyptus essentially makes a cloud using Eucalyptus look like AWS to enStratus. You can implement virtualization in your own infrastructure, install Eucalyptus, and then leverage enStratus to manage your private cloud environment. You will typically setup virtualization in the form of VMware, Xen, or KVM and then let Eucalyptus serve as an interface into that virtualization infrastructure.
Copyright © 2009-2010 enStratus Networks LLC
14
enStratus System Documentation – Cloud Computing Concepts
PICKING A PROVIDER A full comparison of all the clouds we support is beyond the scope of this document. Nevertheless, we thought we’d spend a page or two helping you know what to look for in a cloud infrastructure provider.
Features The first issue is what features you are looking for. If you have very specific computing requirements, your choice may be defined entirely by those requirements. If, for example, you require a single host to support multiple IP addresses, you cannot use the Amazon cloud. On the other hand, a need for true NAT eliminates Rackspace. You also need to pay attention to where the market is going. Cloud computing is evolving rapidly. It’s entirely likely that by the time you read this guide, what I stated in the paragraphs above about Amazon and Rackspace won’t be true. Finally, if you have selected enStratus to take advantage of a specific enStratus capability, you should check that enStratus supports that capability in the cloud you are looking at. Some clouds lack features that prevent certain enStratus features from operating in those clouds.
Copyright © 2009-2010 enStratus Networks LLC
15
enStratus System Documentation – Cloud Computing Concepts
Physical Presence In some cases, it’s really important to an organization to have a local “neck to choke” when dealing with vendors. In other cases, a global footprint is what’s needed. You should understand the channels through which you will be interacting with your cloud provider and where they have their cloud data centers. In most cases, not all of the vendor’s data centers are for cloud computing. Even the ones that are for cloud computing may support different services. With Amazon, for example, S3 is a global cloud service but EC2 is only in two areas of the United States and one in Europe.
Pricing You’d think that comparing pricing between two vendors was easy. It’s not. There’s rarely “apples to apples” views of the services between two cloud providers. Rackspace, for example, has no 32-bit computing options and Amazon has no RAM options below 1.7GB RAM. You can only compare the low-end offerings of the different vendors by weighting which configuration best matches your processing needs. In addition, Amazon provides reserved instance pricing at a fraction of their normal price plan. If you are going to operate your systems for more than three months, reserved pricing is always the way you should go. Bandwidth charges and the components of bandwidth for which you get charged are also very different from cloud-to-cloud.
Compliance As of the writing of this guide, all cloud vendors enStratus supports are SAS-70 certified. It’s likely, however, that some added after the creation of this guide will not be. If SAS-70 is
Copyright © 2009-2010 enStratus Networks LLC
16
enStratus System Documentation – Cloud Computing Concepts
a requirement of your hosting vendor, you need to validate that your cloud vendor meets this need. You may have other compliance needs as well. In general, you can use a cloud infrastructure and comply with just about any standard or regulation. We’ve done PCI Level 1, HIPAA, ISO-27002, and more in the cloud. But not every standard can be met by each cloud provider.
Security enStratus help you secure a cloud infrastructure and implement your IT security policies for managing that infrastructure. Nevertheless, each cloud has its strengths and weaknesses when it comes to securing an infrastructure. Look at how the solution is architected and how enStratus works with that cloud to determine the cloud that will be support your needs.
Availability Until recently, the big difference between AWS and everyone else was the lack of support for persistent computing in AWS. Tools like enStratus could maintain an infrastructure that looked like it was persistent; in the end, however, AWS compute instances are not persistent. With the introduction of bootable EBS volumes, however, AWS has sidestepped the persistent compute issue and provided an equivalent option. Persistent, however, is not necessarily high availability. A persistent VM can shutdown. Persistent simply means that it will come back up again. Some cloud vendors like ReliaCloud support high-availability compute units. With a high-availability compute instance, your instance will migrate away from failed servers in the event of a failure. Finally, you should look at the track record that vendor has established for providing reliable cloud computing services.
Copyright © 2009-2010 enStratus Networks LLC
17
enStratus System Documentation – Cloud Computing Concepts
ENSTRATUS enStratus sits outside of the cloud and watches over your cloud infrastructure. enStratus knows when things are starting to fail in each cloud in general, and with your assets in particular. enStratus can warn you about potential trouble and notify you when actual trouble occurs. enStratus can automatically recover your infrastructure from a variety of failure conditions and automate the process of disaster recovery across clouds.
System Design Because we are watching over your cloud environments, our operational infrastructure is not itself in the cloud. Three main components make up the enStratus management architecture: • The enStratus Console • The Provisioning system • The Credentials system The figure on the next page shows how this works with the cloud provider and your infrastructure in the cloud.
Copyright © 2009-2010 enStratus Networks LLC
18
enStratus System Documentation – Cloud Computing Concepts
Cloud Provider
enStratus Not in the Cloud Redundant Infrastructure Physically secure
Cloud Server Instance
Firewall
No provider Access to Guest OS No passwords stored on file system No permanent user accounts Intrusion detection installed
Public Web Console
enStratus Agent
Cloud Storage
Firewall Internet
Local Volume
Firewall
2-step file system encryption Backup scheduling & encryption Add/remove users Secure image bundling
Provisioning/Monitoring
Firewall Backups
File System Data
Credential Storage AES256 encryption of keys Unique keys for each customer Keys never in this network segment Versioned encryption No enStratus staff access to keys Customer Keys
The only piece in the cloud is an optional agent you can place on your server to provide extended enStratus functionality.
enStratus Functionality Regardless of what cloud provider you select, the most basic functionality enStratus provides is a multi-user console through which you can control your cloud assets. enStratus features break down into what you can do from the console and what the Provisioning system does on your behalf.
Copyright © 2009-2010 enStratus Networks LLC
19
enStratus System Documentation – Cloud Computing Concepts
The enStratus Console The console is the web interface through which you manage the cloud. You access it via https://cloud.enstratus.com. This interface is broken down into four main areas: • The Console • Cluster Management • Cloud Management • User Management The Console is your “at-a-glance” window into your infrastructure with access to reports, alerts, and job information. The Cluster Manager enables you to define your uptime objectives, application architecture, and system configuration and rely on enStratus to manage the deployment and operation of applications. In the Cluster Manager, you essentially tell enStratus everything about your system and then the Provisioning system takes over from there. Most customers have some systems that they let enStratus manage and some systems they manage themselves. The Cloud Manager is where you take direct control over the cloud resources you are managing. You essentially get a complete console for doing everything to your cloud infrastructure that your underlying cloud provider supports. The final piece of the enStratus Console is the User Manager. As its name implies, the User Manager is where you setup and manage the users who have access to enStratus as well as to the servers running in the cloud. You can define different roles for users and know that when a user is removed from enStratus, their full access to the console and all cloud resources is gone.
Copyright © 2009-2010 enStratus Networks LLC
20
enStratus System Documentation – Cloud Computing Concepts
The Provisioning System The Provisioning system is the liaison between you and the cloud. It stores all of your critical configuration data and takes actions like backup management, auto-scaling, autorecovery, and more on your behalf. It also monitors your cloud systems and alerts you when events that require your attention are happening. The first part of the Provisioning system accepts requests from the enStratus Console and either passes them on to the underlying cloud or alters your configuration. It talks to your cloud provider using the API key from your cloud provider and manages the infrastructure. The next part is a monitoring element that watches over the cloud, looking for changes and trouble. It is almost always the first to know when a server is running into trouble in the cloud, and can even alert you that other customers are seeing widespread issues even if you are not yet impacted. It also listens to agents on servers with agents installed so that it can report on alerts and audit information provided from your cloud applications. The final part is an active intelligence system that executes actions on your behalf. It will scale up (and down) when demand changes on your systems based on criteria you specify. When a server fails or becomes impaired, it will take actions to recover that server. Finally, it performs multiple levels of backups—even cloud-independent cross-cloud backups for disaster recovery purposes.
The Credentials System The Credentials system is a storage system that is not routable from the Internet for storing all authentication and encryption credentials—all encrypted using customer-specific encryption keys that are never stored on the file system or are otherwise accessible to humans. The Credentials system itself never has any of the keys for encrypting or decrypting the data it stores. In other words, a compromise of the Credentials system alone has no impact on the security or integrity of your data.
Copyright © 2009-2010 enStratus Networks LLC
21
enStratus System Documentation – Cloud Computing Concepts
Because your keys sit encrypted outside the cloud on a server not accessible from the cloud, you have the ability to separate the data you are encrypting in the cloud from the keys that encrypt it. What’s unique about this approach, however, is not simply the physical separation of keys from data—but also the organizational separation that prevents a government or other entity from leveraging access to one system to compromise your encrypted data.
Copyright © 2009-2010 enStratus Networks LLC
22
