Post on 18-Jun-2015
description
transcript
Key considerations when adopting the cloud
Expectations Hurdles
About me
• Sebastian Stadil (@sebastianstadil)
• Founded the Silicon Valley Cloud Computing Group
• Founded Scalr
• Talk to me: sebastian@scalr.com
About Scalr (1)
• Cloud Management company
• In business for the past 6 years
About Scalr (2)
• Customer driven company – We listen to / interview customers – Learn from them and the problems they face – Find and implement solutions with them
• Talk to us: www.scalr.com
This talk: What you should expect (1)
• This talk is driven by experience
• Problems we’ve seen
• Problems we’ve solved
This talk: What you should expect (2)
• 100%: Real-life examples that our customers have been through – And horror stories!
• 0%: Nonsense
This talk: What you should expect (3)
• Why cloud? Your end goals • What hurdles? What you should expect
YOUR END GOALS What are the promises of the cloud?
Why get cloud?
• Two reasons – Agility – Cost
#1: AGILITY What are the promises of the cloud?
Agility (1)
• Reduce time to market
Agility (2)
• Cloud promise: Developers don’t have to wait on IT.
• What you expect: – Code: “Days instead of months” – Hardware: “Minutes instead of weeks” – Incident response: “Seconds instead of hours”
Agility (3)
• Check out Adrian Cockcroft’s (Netflix) “Dystopia As a Service” talk
#2: COST What are the promises of the cloud?
Cost (1)
• Pay less for the same end user experience
Cost (2)
• Cloud promise: The same service will cost less to run, but give the same performance
• What you expect: – Higher average usage, lower overall capacity – How? Autoscaling, different services evening
out
THE HURDLES ALONG YOUR WAY
What you’ll get
What hurdles?
• Education about cloud • Strategy for cost accountability • Strategy for security & compliance
#1: CLOUD EDUCATION Is your team trained?
Education
• Are your developers and IT people familiar with cloud intricacies?
• Are they embracing the architectures that work? Rejecting those that don’t?
Examples of cloud best practices
• When an instance is gone, it’s gone.
• Build for failure and Think “Cattle, not pets”
• Adopt appropriate tooling (e.g. Chef)
CUSTOMER STORY
Customer story (1)
• Enterprise IT at BigCo (no names!) doesn’t like the idea of a instance being gone
Customer story (2)
• Terminated instances stay around for a “few minutes” – Undo for the cloud!
• The API says the instance is terminated. Except it’s not.
Customer story (3)
• Good luck transferring those volumes for your database promotion – They look detached but are still being written to!
• You can’t design for failure – If MySQL is malfunctioning, better figure out why
and fix it: replacing it isn’t going to happen – “Pets, not cattle” : (
Customer story (4)
• Consequences: – IT was unhappy because cloud wasn’t
delivering the results they wanted – Developers were unhappy because cloud
wasn’t working
LESSONS LEARNED
Cloud is not (only) a technology
• It’s about changing the way your company works – Cloud is usually associated with DevOps
Cloud users need education
• Developers should build cloud architectures
• IT should approve of cloud architectures
• Devs and IT should work together on operating those
Remember
• It’s not about whether it’s “hard”
• It’s about whether your company is adopting cloud practices
#2: YOUR STRATEGY FOR COST MANAGEMENT
How will you rein in runaway costs?
Cost management problems using cloud
• VM sprawl • Oversized VMs
• And you don’t control who launches what
VM Sprawl
• Idle VMs that don’t get terminated – They stick around unused
• You’re afraid to terminate – Maybe the VM is running a non-resource
intensive yet critical task!
Oversized VMs
• Using 64 gigs of RAM on a development VM? No problem!
• There’s no incentive for developers to get smaller VMs – Devs would waste a few precious seconds
waiting on a package install, and there is absolutely no upside
Why can’t you stop it?
• You don’t know who owns a resource
• If you did, you could: – Hold them accountable for those costs – Ask them whether it’s OK to downsize /
terminate
CUSTOMER (HORROR) STORY
Customer Story (1)
• The company had a yearly budget for cloud
• One developer provisioned many many VMs, and forgot about them
Customer Story (2)
• The company needed two full weeks to realize what was going on
• They used up their yearly budget in a month
Customer Story (3)
• This happened on a Public Cloud
• On a Private Cloud, we’ve seen customers buying new hardware every month to “support growth”
LESSONS LEARNED
It’s not about carelessness
• The entire IT department knew that there was VM sprawl going on – Although maybe not at this scale
• But there was nothing they could do about it – Who do you ask before terminating a VM?
You need a strategy for cost accountability
• The objective is the ability to look at a resource (instance, volume…) and say: – “This resource is used by project A for service
B. Services C and D depend on B. The resource is owned by developer E.”
Start with tagging everything
• Asking developers to tag everything is a start
• But they might not want to spend the time
• It’s better to automate through your cloud management service
Apply industry standard methods (1)
• Fight VM Sprawl with lease management – You know the owner, so you know who to
contact about lease expiry!
Apply industry standard methods (2)
• Fight oversized VMs and deployments with accountability – You know the project that’s responsible for
those costs! – Showback, Chargeback
#3: YOUR STRATEGY FOR SECURITY AND GOVERNANCE
How will you ensure security and compliance?
Two objectives to consider
• Keeping the bad guys out
• Letting the good guys in
Two tools
• Network security
• Authentication systems
Governance isn’t cloud-specific
• These problems also exist without cloud
• Two differences with clouds: – Instances come and go à need automation – Developers are in charge à need policies
CUSTOMER STORY
Customer Story (1)
• Instances use SSH Key management as built in to the cloud platform – One key, multiple instances
Customer Story (2)
• When someone needs a key to access infrastructure, they have to ask around for it – Infosec can’t get the keys when they “really”
need them – New employees lose time asking for keys – Email isn’t a secure key exchange
mechanism!
Customer Story (3)
• When an employee leaves the company, enterprise IT has no way to ensure their access is revoked
• Instead, they rely on firewalls and shutting down VPN access
LESSONS LEARNED
Authentication
• Invest in integrating your cloud and instances with a centralized revokable source of authentication – e.g. LDAP, Kerberos
• Don’t share SSH keys when you can avoid it – And certainly not Cloud keys!
Networking
• Ensure that developers aren’t allowed to launch insecure setups – Public IP + Open ports = Disaster
• Balance with the need to preserve developer productivity – Automate policy enforcement
PARTING WORDS
Recap (1)
• Cloud can get you: – Business agility – Cost effectiveness
Recap (2)
• You’ll find hurdles along the way: – Are your people ready to adopt cloud? – Do you have a strategy for cost management? – Do you have a strategy for governance?
Next steps (1)
• CloudStack is easy to get started with and production-ready. It’s a great choice – Our customer Samsung is using CloudStack
to power mobile app backends for millions of devices (smartphones, smart TVs…)
Next steps (2)
• Of course, come and talk to us if you think we can help you overcome those hurdles we talked about!
THANK YOU!
Sebastian Stadil — Founder of Scalr Scalr Cloud Management — www.scalr.com