Date post: | 17-Oct-2014 |
Category: |
Technology |
View: | 876 times |
Download: | 3 times |
A PERSPECTIVE ON CLOUD COMPUTING
AND ENTERPRISE SAAS
APPLICATIONSGeorge Milliken
February 8, 2012
Copyright © George Milliken and Todd Varland portions copyright their respective owners as noted in reference section
Who Am I?
George Milliken, Director of Solution Delivery in CA Technologies SaaS Hosting division
Manage the Database Architecture and the Service Introduction teams
Provide the technical architecture and program management necessary to introduce new enterprise applications into production as Software as a Service (SaaS)
Objectives
• Quickly cover some basic terms• Outline the challenge and opportunity cloud
computing presents to enterprises• Talk about some things to consider as both a
consumer and provider of SaaS• Emphasize key concepts
Cloud Computing is a Pervasive TopicSearch Google and you
get 327,000,000 hits
Scholastic (K-12) Education – Articles in Cloud applications in K12
80% of enterprises surveyed have already deployed at least one cloud service.
Over 50% have deployed six or more cloud services, while maintaining legacy infrastructures.
Enterprises are rapidly adopting cloud services to gain efficiencies and speed time to market for new business services
Automation
DistributedInternet
Virtual
Cloud
Mainframe
5Image copyright © CA Technologies 2012 All Rights Reserved
What is Cloud Computing?
• Extension of SaaS• Why buy when you can rent?• Cost-effective for consumers of Cloud• Highly profitable for large data centers
Economic Shift Positive
TCO ShiftEconomies of ScaleMoore’s Law ReduxNew Buyers (Business not IT)Opex v. CapexDepartmental v. EnterpriseBusiness Unit Decision Maker v. Central IT
Economic Shift Negative
Financial DistortionsNot counting capital in a sensible mannerNot counting labor costsNot tracking the costs of outagesImpact of Failing to Achieve Economies of ScaleTragedy of the CommonsCosts need to factor in new requirements driven by
cloudAre you good at running data centers? Really?
IT will be accountable for management and security across a diverse range of cloud and traditional models
The New Heterogeneity
Which applications do we move to which cloud models when?
How do we minimize security, compliance and availability risks?
How do we avoid vendor lock-in?
Which operational processes do we keep, tweak or transform?
How do we make sure it is all working together for business value?
New Questions
Fabric
Converged infrastructure
New datacenter
Existing datacenter
Virtualization
HybridCloud
Use IaaS
Traditionalservices
Build on PaaS
Use SaaS
Privatecloud
Cloud burst
9
Image copyright © CA Technologies 2012 All Rights Reserved
10
SaaS
Middleware
Database
Virtualization/ Operating System
Cloud Computing/ SaaS
Applications
Enterprise Data Center/Private Cloud
Additional complexity is created by the cloud
Top 5 challenges of cloud computing– Management of
hybrid world– Performance
monitoring– Reliability/service
assurance– Automating
service delivery across platforms
– Security
Middleware
Database
Virtualization/ Operating System
Public Cloud
SaaS Infrastructure
SaaS Applications
Virtualization / Operating System
Database
Middleware
Servers Storage Networking
Applications
All trademarks, trade names, service marks and logos referenced herein belong to their respective companies
Image copyright © CA Technologies 2012 All Rights Reserved
11
Storage Storage Storage
Network
z/OS
Unix
Linux
Window
s
NetworkHyper Storage
Private IaaS
Private IaaS
Hosted PaaS
Hosted PaaS
Integrated
L W
L W
Hyp
L W
L W
Hyp
W W
W W
Hyp
Physical Virtual Cloud
infrastructure layercomplex technologies, many vendors and deployment models
Automate Manage SecureInfrastructureLayer
What’s in your portfolio?
Image copyright © CA Technologies 2012 All Rights Reserved
12
Enterprise Applications
CompositeApplications SaaS Applications
CRM ERP
Email Office
Automate Manage SecureInfrastructure
Layer
application layer
What’s in your portfolio?
ApplicationLayer Automate Manage Secure
Image copyright © CA Technologies 2012 All Rights Reserved
13
Automate Manage SecureInfrastructure
Layer
services layerfocus on delivery and consumption of IT as a service
ApplicationLayer Automate Manage Secure
TechnologyServices
InformationServices
CloudServices
What’s in your portfolio?
ServicesLayer Automate Manage Secure
Image copyright © CA Technologies 2012 All Rights Reserved
Cloud, Iaas, SaaS, PaaSSaaS CA Clarity Nimsoft Salesforce Netsuite Gmail SuccessFactors
PaaS Force.com Heroku OpenShift Azure
Cloud Amazon Google IBM
IaaS Rackspace Opsource Carpathia
On Premise Delivery ModelOn PremiseMore controlTraditional revenue modelMore customization possible
SaaSNot necessarily multi-tenantDifferent revenue modelTrade off cost savings for loss of controlLoss of control is not a bad thingShift TCO to the vendor!
Please Point this Application at the Internet!On premise to SaaS Pit Falls
Who’s the Line of Business “owner”?What’s the service catalog2 or 3 customers is easy - 600 is hard - requires a
number of systems to be in place“as a Service” Gaps (a cautionary tale)
Identity, Backup, Restore, Refresh….Metering and billing
Common “as a Service” Gaps
ProvisioningRefreshUsage meteringSupport PortalDiagnostics & instrumentationCMDB & CRMNotificationTenant Placement / Move tenant
OrchestrationRequired to build and deploy complex services
cost-effectivelyMore than just imaging, it’s about the fulfillment
process used to deliver a defined serviceInvolves combining business processes with
technology processes to deliver a business solutionWorking applicationBilling and meteringScaling
Orchestration VendorsCA TechnologiesGale TechnologiesTIBCOOracle IBM
Open Source Options – Check Out JuJu PuppetChefOpenStack
Think Services Services are what mattersCan you efficiently leverage the cloud to provide
services?Can you move or fail a service between clouds?Can you scale up if needed (cloud burst)?
Successful SaaS Development
Agile Scrum team focused on SaaS issuesBe the Product Owner v. CustomerMore than release planning, what’s the
mechanism look like?Automate everything, touch nothing (write
scripts that write scripts)Consider DevOps ApproachExamine your ITIL alignment
Dev OpsDevOps is a lean approach to operations
Minimize the information loss during handoffs by blending teamsDev->Test->QA-> Prod
Image copyright © Damon Edwards 2012 All Rights Reserved
Think Dev OpsBuild internal Expertise
Outsource a well-defined objective (offering)
BenefitsRelease cycle timeSoftware mostly works (as opposed to mostly doesn’t)Lower deployment costsAbility to instrument and measure deployment cyclePrevent “aaS” as a service gaps
Talk to Operations to Gather Operational Requirements
Get Your Operational Groups InputDon’t Build Cloud Orchestration in a vacuum You have a wealth of knowledge in houseTap that knowledge to understand the
operational issues you faceThis will greatly assist you in deciding what to
orchestrate, how to do it
The Ideal – White Cloud Apps
Everyone runs the same versionGreat new features released oftenBugs are fixed rapidly
(often without the user even knowing it existed)Customer Service is Exceptional
Reality the “Dirty cloud” Multiple versions in productionReleases still take a long timeBugs fixes and patching complicate the
serviceCustomer Service is more complex
Why Many Company Build Dirty Clouds
Central IT has powerWe have idle serversWe think we’re good at ITBut are you good at rendering a service?
Attributes of real cloud offerings
Orchestrated Services Auto-provision / De-provision Pay as you go – Metered and measured serviceChoice can be exercised up to the point of purchase Self-service Capacity on demandAPI – Programmatic interfaceChargeback and Showback visibility
Multiple Clouds Vendors Can Add Complexity Why would you use multiple vendors?Issues Common to Multi Vendor (or data center)
situationsMultiple VPNs can be a painIntegrated on call support call trees is a painCMDB is critical
Multiple Clouds Vendors As a Strategy
Prevent lock inAddress regional concernsKeep your options open
What’s my SLA?
Is it up?What does “up” mean?How measured?What’s planned v. unplanned maintenance?What’s the remediation for missed SLAs?
99.9% Uptime
What’s it mean?What’s it take?Practical Considerations
99.5 = 43.2 hours a year99.9 = 8.76 hours a year (3 nines)99.999 = 5.26 minutes a year (5 nines)
Deployment Considerations
Interlocking Development Life cyclesChange ControlOperational Readiness Testing (ORT)What is ORTNeed for ORT
SaaS Operational Readiness Testing (ORT)
• Support Access to • Logs• Customer Environments• Performance Reports• Configuration Interfaces• Monitoring Systems• Alerts
• Performance Testing• Batch Processing• Outside In Performance
• Upgrade Testing• Upgrade to new version(s)
• Migration Testing• Migrate to new version(s) /
platform• Release Testing
• Release process verification• Contingency Plan
• Rollback during Cutover
• Technical Testing• Failover / HA• End-to-End Testing• Applications/HW/SW/Network• Backup / Restore• Monitoring/Alerts• Security Testing• Log-on / Authentication /
Authorization• Operations Testing
• Run Books Simulation• SLA/SLO Confirmation• Compliance Readiness• Impacted Apps (e.g. CHSOPS)• Patching• Provisioning• Environment Refresh• Top 10 Service Catalog Items• Top 5 Troubleshooting Requests
Support Considerations
Interlocking Support OrganizationsTicket FlowCMDB
InfoSec Concerns
Embedded Passwords (at rest)Password changesPersonally Identifiable InformationEncryptionFederated Identity
Privacy
Where’s my data?Who has access?Can I have access?Regional considerationsWhere are you?Where are your customers?Patriot Act
Compliance
SAS70, SSAE16 - what is this?why it’s important, why it can be misleading
Summary
For SaaS remember Product != ServiceFor the cloud think Multi-vendorUse of ITIL, Agile and DevOps methods are
pieces to the puzzleSaaS Customers expect more thank on
premise
QUESTIONS?
References
• Defense Information Systems Agency http://disa.mil
• Above the Clouds: A Berkeley View of Cloud Computing
• CA Technologies Corporate Overview Portions Copyright © 2011 CA. All rights reserved.
• Guidelines on Security and Privacy in Public Cloud Computing (NIST Special Publication 800-144) http://
www.nist.gov/manuscript-publication-search.cfm?pub_id=909494
• NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
• National Institute of Science and Technology. Retrieved 24 July 2011. "The NIST Definition of Cloud Computing". • Wikipedia “High Availability Calculations” http://en.wikipedia.org/wiki/High_availability• “Continuous Delivery” by Jez Humble http://continuousdelivery.com/• http://www.businessweek.com/news/2011-12-15/white-house-seeks-to-spur-cloud-computing-use-by-agencies.html
• “Continuous Delivery Patterns and Antipatterns in the Software Lifecycle” by Paul M. Duvall http://refcardz.com
• Software as a Service: Strategic Backgrounder; SIIA 2001
• “DevOps is not a Technology Problem” by Damon Edwards
http://dev2ops.org/blog/2010/11/7/devops-is-not-a-technology-problem-devops-is-a-business-prob.html
TERMINOLOGY
SaaS: Software as a service
PaaS: Platform as a service
IaaS: Infrastructure as a service
Cloud: Combination of IaaS, PaaS, and SaaS which is elastic, metered, elastic and has the illusion of infinite capacity.
FISMA: Federal Information Security Management Act
Hosting: a service that runs Internet servers such as an ISP
ISP: Internet service provider. A company that hosts web sites and provide virtual servers in a traditional hosting mode.
Single Tenant Apps: Traditional N tier enterprise application stack.
Multi Tenant Apps:
SLA: Service Level Agreement TCO: Total Cost Of Ownership SOA
TERMINOLOGY (CONT’D)
VPN: Virtual Private Network
SDLC: Software Development Life Cycle
CMDB: Configuration Management Database.
CRM: Customer Relationship Management
API: Application Programming Interface
ORT: Operational Readiness Testing
ITIL: Information Technology Infrastructure Library
IDM: Identity Management
ASP: Application Service Provider