Ruslan Zaedinov
VP of Datacenter & Cloud services
CROC Incorporated
WHAT CAN YOU REALLY ACHIEVE WITH
CLOUD COMPUTING?
SESSION’S GOALS
• Become realistic about what one can achieve with CC
o Promise vs. reality
o Marketing buzz vs. true capabilities
• Know what to expect in the nearest future
o Your demand is important to public cloud providers
o As well as to private cloud technology vendors
• Prepare your company for the cloud
o Become more efficient now even before broad cloud adoption
o Make sure your entrance to inevitable cloud future will be smooth
YET ANOTHER CLOUD COMPUTING TAXONOMY
SaaS
PaaSAPI
IaaS
Virtualization: Xen, KVM,
VMware, Hyper-V, zVM, …
Servers Storage
Virtualization
Network
:
Convergence
& virtualization
GoogleAppsMS Azure
IBM WS
OnDemand
OpSourceAmazon
Rackspace
GoogleDocs IBM
LotusLive
SalesForce.
com
IaaS PaaS SaaS
✔
✔ ✔
✔ ✔ ✔
FOCAL POINTS
• HW infrastructure
o Servers
o Storage
o Networking
• SW infrastructure
o Tier I applications
o Tier II applications
• Enterprise class features
o Compliance
o Security
o SLA
SERVERS IN THE CLOUD
• Completely virtualized solution, “elasticity” in provisioning
capacity
o Xen – the most popular public cloud hypervisor
o VMware – the most popular server virtualization solution
o KVM
• Scale-out hardware architecture
o x86 platform
o Limited number of HW server types
• Automated provisioning and deprovisioning
o API
o Web interface
o Server images
Cloud server 1
OS and apps
Cloud server 2
OS and apps
Free resources
SERVERS IN THE CLOUD:modifying HW resources on the fly
CPU CPU CPU
CPU
RAM
RAM
RAM RAM
CPU
CPU
RAM
RAM
Cloud hypervisor and API
SERVERS IN THE CLOUD:modifying HW resources on the fly
• x86 operating systems were not made for it
o Expect problems if your application scales only up
o Cannot fully leverage cloud flexibility
o Pay-per-use approach would require application
downtime for reboot
• Cannot exceed HW server limits
o Overcome performance limits only by scaling out
OS
SERVERS IN THE CLOUD:public cloud-to-cloud migration issues
• Cloud provider/vendor lock-in
o Different format of virtual machine images
o Different management utilities
o Incompatible APIs
o Architectural limitations, especially for live migrations
Provider 1 Provider 2
SERVERS IN THE CLOUD:hybrid cloud implementation issues
Internet
Private cloud/datacenter Public cloud
replication
$$ $
storage costs
data integrity
violation
$$$
data transfer
costs
SERVERS IN THE CLOUD:hybrid cloud implementation issues
• Data replication
o Replication technology mismatch
o Data transfer costs
o Extra storage costs
o Data integrity may be compromised in active-active configurations
• Need for management simplification
o No reliable out-of-the-box implementation of public cloud’s private replicas
o Compute capacity bursting requires you constantly keep your machine
images in the cloud
o Updating cloud machine images can be a pain
• Security concerns
o To be discussed later on…
STORAGE IN THE CLOUD
• Performance issues
• Reliability issues
o Reliability of the storage platform
o Stability of the provider as a company
• Legal issues – weak SLAs
• Connectivity issues
• Organizational issues
STORAGE IN THE CLOUD:technical issues
Internet
Own datacenter Public cloud
• Fast FC or flash drives
• Often dedicated per task
• No or some virtualization
• Storage tiering
• Decent SATA drives
• Poor or no means to
dedicate throughput per
task/customer
• Completely virtualized
• All data is on slow tier
Cloud provider
SLA domain.
The Internet
connection is out
of control
!
STORAGE IN THE CLOUD:the good news
• “Elasticity” in provisioning capacity
• Ideal for Tier 2 and Tier 3 storage
o Speed matters less
o Achieve significant storage cost reduction quickly
o Compression and deduplication will further decrease storage costs
• Security can be ensured by encrypting archives as a whole
• True remote vault for archives
o Two remote storage sites from two different providers – 99.9(9)%
availability
NETWORKS IN THE CLOUD:typical pain points
• Poor programmatic
control
• Limited multi-tenancy
• Inflexible workload
placement
Both customer
and provider
are affected
NETWORKS IN THE CLOUD:typical pain points
• Poor programmatic control
o Networks managed device-by-device
o State is spread across data center
o No consistent interface across physical & virtual
hosting
o Reconfiguration required on migration/fail‐over
o Configuring devices (e.g., CLI) is specific to a
particular vendor
NETWORKS IN THE CLOUD:typical pain points
• Limited multi-tenancy
o VLANs don’t scale
o Customer can't control IP addressing
o Difficult to guarantee network capacity, meet SLAs
o Hard to associate traffic with a customer for
bandwidth billing
o Hard to split physical devices implementing L3-L7
services (e.g. load balancer) among tenants
NETWORKS IN THE CLOUD:typical pain points
• Inflexible workload placement
o VM bound to a single pod by IP addresses/VLAN
o Incremental customer growth leads to capacity
problems, no scale-out
o At odds with desire to spread workloads across
failure zones
o L3-L7 chokepoints (e.g., firewall) compound the
issueExpect networks
to become highly
virtualized
SECURITY IN THE CLOUD
Who is
responsible?
Provider is responsible
for security
Customer is
responsible for security
IaaS
PaaS
SaaS
SECURITY IN THE CLOUD:a great deal of change is required
• Internal SLAs and policies have to be
changed because cloud services are very
standard
• Need new processes to govern data and
services when they go outside
• What is appropriate to go to the cloud?
• Security concerns may get lost behind
other advantages of the cloud
SECURITY IN THE CLOUD:is there a standard?
• Cloud Security Alliance
o http://www.cloudsecurityalliance.org/
• Thirteen focus areas
1. Cloud Computing Architectural
Framework
2. Governance and Enterprise Risk
Management
3. Legal and Electronic Discovery
4. Compliance and Audit
5. Information Lifecycle Management
6. Portability and Interoperability
7. Traditional Security, Business
Continuity, and Disaster Recovery
8. Data Center Operations
9. Incident Response, Notification, and
Remediation
10.Application Security
11.Encryption and Key Management
12. Identity and Access Management
13.Virtualization
SECURITY IN THE CLOUD:what can go outside?
• Data classification
o Traditional data classification may not work:
classification must be fine-grain, dynamic and
proactive
• Proactive risk evaluation process
o “Penalty” for the advantages of the cloud
o Cloud computing is a form of outsourcing: high
process maturity is mandatory
• Internal awareness of the cloud
o Corporate culture for information handling
IT TRANSFORMATION SHALL NOT STOP
Future of IT
is cloud
computing
Ruslan Zaedinov
VP of Datacenter & Cloud services
CROC Incorporated
t: +7 (495) 974 2274f: +7 (495) 974 2277
E-mail: [email protected]
WHAT CAN YOU REALLY ACHIEVE WITH
CLOUD COMPUTING?