|By Michael A. Salsburg||
|February 3, 2014 07:00 AM EST||
We all know the story of Goldilocks and the three bears, but have you heard the one about Goldie Locks and the three clouds? This tale is playing out throughout the IT marketplace.
Goldie Locks - an IT executive for a state government - has once again found herself in a dilemma. "If only I could choose one of the three options," she sighs. Goldie's dilemma is a result of competing requirements within her enterprise. Regarding infrastructure costs, Goldie has been told to "do more with less."
"If someone says that one more time, they're going to have porridge thrown at them," she huffs. Goldie knows that standardizing infrastructure requirements to serve the business and its processes securely, reliably and quickly is a proven way to reduce capital and operational costs. On the other hand, various business units and their departments have specific requirements for their mission-critical applications. They are resisting giving up control.
While many of her colleagues suggest she use the public cloud, Goldie believes that the security implications would be a deterrent to acceptance within her enterprise. Though she has done a thorough job investigating various cloud computing models, she needs to put together a request for proposal (RFP) to start searching for outside help with her dilemma.
She begins by taking into consideration the three standard deployment models of cloud infrastructure and their hybrid combinations - as defined by the U.S. National Institute of Standards and Technology (NIST) - and determining whether these are a fit for her enterprise:
- Private cloud: Provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units).
- Public cloud: Provisioned for open use by the general public.
- Community cloud: Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations)
- Hybrid cloud: A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds)
"Death by Committee" is her thought after analyzing these models. Each is too narrow for her enterprise. These cloud deployment models only provide the "how" without truly understanding the "what" and "why" of her situation. The IT side of the decision is obvious - drive down operational and capital costs to give the IT team time and money to solve strategic issues for the business. The best way to do this is to standardize processes, automate tasks and share infrastructure and administrative resources as much as possible. This is, in general, what a cloud provides.
But IT is serving a set of key stakeholders who have requirements beyond infrastructure. These stakeholders are the application/business owners who rely on IT to support delivery of their revenue-generating services and products. They are not well served with the three deployment models defined above, nor are they served by a hybrid of those models.
A Look into Goldie's Enterprise
In general, an enterprise consists of distinct parts (such as business units) that serve different customers, have different financial results and offer different products and services. They are fairly autonomous, but all operate from a common set of financial resources and processes, a common strategy and common metrics that determine success.
Consider Goldie's enterprise, which is a consolidation of a number of state agencies:
Her enterprise is partitioned into two high level branches (State Police and Transportation), where each branch consists of multiple, semi-autonomous departments. Each of those departments is interested in controlling their own infrastructure. Furthermore, their security and administrative processes differ from one department to another. Different departments must comply with their own levels of privacy, availability and service metrics.
For example, the Department of Public Info Office, within the State Police branch, may require highly predictable, millisecond response times for public users. In this instance, it may make sense to use public cloud infrastructure for the web servers, since there may be a requirement to scale up very quickly to reach high workload demands.
The Department of the Deputy Commissioner, also within the State Police branch, may also require specific infrastructure services, processes, automation and regulations, such as "hardened" OS images and encryption for all transmission of information.
The Department of Highway Administration, within the Transportation branch, must guarantee that their web site is available 99.999% of the time. They may have high availability requirements that demand duplicate resources at a disaster recovery site, as well as requirements for high-availability configurations.
NIST Deployment Models and the Enterprise - Square Peg, Round Hole
Goldie's enterprise cloud must be structured to support these multiple "parts." In turn, these parts can themselves have parts, and so on. This is similar to many of today's enterprises, which are the result of consolidating other businesses and agencies that need to function in a semi-autonomous fashion, but are still members of the larger organization.
A cloud needs to be more than an infrastructure dispenser - providing small/medium/large chunks of infrastructure for each user, without considering the unique requirements for different groups of users. Goldie knows that today's cloud products and services do not meet the needs of her enterprise stakeholders. She would like to deploy a single, centralized enterprise cloud that allows business units and their sub-units to:
- Share underlying virtual resources as one large collection of cloud resources
- Allow end users, such as developers, testers, demonstrators and system admins, to use a simple service catalog to manage the lifecycle of all cloud resources in the same manner
- Set up autonomous administration, with unique policies and processes, as required
- Allow business units to deploy their entire spectrum of applications, with unique service level objectives for development, test, production, mission-critical and regulated workloads
Now, let's see why the current cloud models cannot address these requirements.
Goldie has looked at all of the currently available private cloud products. "These are too small-minded," she thinks. Every private cloud offers "multi-tenancy," which allows each business unit to manage its allotted set of cloud resources. But none of them offers any additional structure beneath the first level. Many of Goldie's business units have their own autonomous sub-units that require unique policies, processes and resources. They will want their own cloud, which does not meet her first requirement.
She then turns to the available public clouds. "They are big and cheap, but my stakeholders do not want to expose their mission-critical or regulated applications." She chuckles thinking about a specific security dink she knows who actually turned pale when she suggested a public cloud for his application. On the other hand, she is painfully aware of some development teams that are slipping under the radar and deploying virtual resources in a public cloud for test and development. It's cheap and cheerful, but it's not handled by the centralized IT department and it exposes the business to risks.
A community cloud offers cloud resources to a like-minded set of users / administrators. These users have agency-specific requirements, such as service levels, privacy, etc. If individual community clouds are deployed, then Goldie cannot optimize the sharing of all of the cloud resources. "This just isn't right at all," she says.
The final NIST deployment model does not provide any capabilities over and above the first three models. Instead, it is defined as one or more distinct instantiations of either a private, public or community cloud. Goldie has looked at all of the hybrid cloud management services and products, compared them to her requirements and decided that it doesn't meet her needs.
The Rise of an Enterprise Cloud
Through her analysis of the traditional cloud models, Goldie concludes that none of them are quite right. What she's looking for is a cloud that can address requirements unique to her enterprise. Let's refer to this as an "Enterprise Cloud." An Enterprise Cloud provides the capabilities of private, public and community clouds within a single cloud management platform that can support heterogeneous processes and requirements.
Goldie eventually conceived of the Enterprise Cloud illustrated below. It consists of a blend of internal datacenter resources, as well as resources provided by one or more public clouds. These are the "raw ingredients" that are abstracted into "cloud resources." Each agency can choose the specific cloud resources it needs to meet its requirements, including high availability, speed of deployment, cost, compliance with regulations and low latency response times.
Cloud-wide administrators, as well as specific agency and sub-agency administrators, are responsible for managing cloud resources through one "single pane of glass" interface. Aside from the properties of the cloud resources, their life cycles are all managed in the same manner, independent of where the raw materials came from. The end users of the cloud (e.g., testers, developers, infrastructure administrators) can be isolated from the underlying source of the raw resources. For example, an application could use public cloud for its web-facing tier, a low-cost set of internal cloud resources for its application tier and a highly regulated, encrypted and hardened set of cloud resources for its data layer. Goldie thinks of this as a "Hybrid Enterprise Application."
Goldie concludes that she needs to strike out on her own and develop a unique RFP that reflects her mental image of an Enterprise Cloud. If she settles for the types of clouds that are enumerated in the NIST document, she will never convince the various stakeholders to share a single cloud.
By focusing on key requirements, such as a single management framework across the enterprise, using public clouds and the datacenter to store virtual resources and providing a hierarchical multi-level tenancy structure, Goldie decides that she has finally found an Enterprise Cloud that is "juuuuuust riiiight."
While poor system performance occurs for any number of reasons (poor code, understaffed teams, inadequate legacy systems), this week’s post should help you quickly diagnose and fix a few common problems, while setting yourself up for a more stable future at the same time. Modern application frameworks have made it very easy to build not only powerful back-ends, but also rich, web-based user interfaces that are pushed out to the client in real-time. Often this involves a lot of data being transf...
Apr. 1, 2015 04:12 PM EDT Reads: 316
InfoScout in San Francisco gleans new levels of accurate insights into retail buyer behavior by collecting data directly from consumers’ sales receipts. In order to better analyze actual retail behaviors and patterns, InfoScout provides incentives for buyers to share their receipts, but InfoScout is then faced with the daunting task of managing and cleansing that essential data to provide actionable and understandable insights.
Apr. 1, 2015 03:45 PM EDT Reads: 332
Best practices for helping DevOps and Test collaborate in ways that make your SDLC leaner and more scalable. The business demand for "more innovative software, faster" is driving a surge of interest in DevOps, Agile and Lean software development practices. However, today's testing processes are typically bogged down by weighty burdens such as the difficulty of 1) accessing complete Dev/Test environments; 2) acquiring complete, sanitized test data; and 3) configuring the behavior of the environm...
Apr. 1, 2015 03:20 PM EDT Reads: 356
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
Apr. 1, 2015 03:00 PM EDT Reads: 3,277
As a group of concepts, DevOps has converged on several prominent themes including continuous software delivery, automation, and configuration management (CM). These integral pieces often form the pillars of an organization’s DevOps efforts, even as other bigger pieces like overarching best practices and guidelines are still being tried and tested. Being that DevOps is a relatively new paradigm - movement - methodology - [insert your own label here], standards around it have yet to be codified a...
Apr. 1, 2015 03:00 PM EDT Reads: 950
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional S...
Apr. 1, 2015 03:00 PM EDT Reads: 3,104
Learn the top API testing issues that organizations encounter and how automation plus a DevOps team approach can address these top API testing challenges. Ensuring API integrity is difficult in today's complex application cloud, on-premises and hybrid environment scenarios. In this interview with TechTarget, Parasoft solution architect manager Spencer Debrosse shares his experiences about the top API testing issues that organizations encounter and how automation and a DevOps team approach can a...
Apr. 1, 2015 02:00 PM EDT Reads: 494
Chef and Canonical announced a partnership to integrate and distribute Chef with Ubuntu. Canonical is integrating the Chef automation platform with Canonical's Machine-As-A-Service (MAAS), enabling users to automate the provisioning, configuration and deployment of bare metal compute resources in the data center. Canonical is packaging Chef 12 server in upcoming distributions of its Ubuntu open source operating system and will provide commercial support for Chef within its user base.
Apr. 1, 2015 01:00 PM EDT Reads: 580
When it comes to microservices there are myths and uncertainty about the journey ahead. Deploying a “Hello World” app on Docker is a long way from making microservices work in real enterprises with large applications, complex environments and existing organizational structures. February 19, 2015 10:00am PT / 1:00pm ET → 45 Minutes Join our four experts: Special host Gene Kim, Gary Gruver, Randy Shoup and XebiaLabs’ Andrew Phillips as they explore the realities of microservices in today’s IT worl...
Apr. 1, 2015 12:45 PM EDT Reads: 1,943
After what feel like an interminable cycle of media frenzy followed by hype and hysteria cycles, the practical elements of real world cloud implementations are starting to become better documented. But what is really different in the cloud? How do software applications behave, live, interact and interconnect inside the cloud? Where do cloud architectures differ so markedly from their predecessors that we need to learn a new set of mechanics – and, when do we start to refer to software progra...
Apr. 1, 2015 12:45 PM EDT Reads: 537
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
Apr. 1, 2015 12:00 PM EDT Reads: 1,608
Even though it’s now Microservices Journal, long-time fans of SOA World Magazine can take comfort in the fact that the URL – soa.sys-con.com – remains unchanged. And that’s no mistake, as microservices are really nothing more than a new and improved take on the Service-Oriented Architecture (SOA) best practices we struggled to hammer out over the last decade. Skeptics, however, might say that this change is nothing more than an exercise in buzzword-hopping. SOA is passé, and now that people are ...
Apr. 1, 2015 12:00 PM EDT Reads: 1,477
Hosted PaaS providers have given independent developers and startups huge advantages in efficiency and reduced time-to-market over their more process-bound counterparts in enterprises. Software frameworks are now available that allow enterprise IT departments to provide these same advantages for developers in their own organization. In his workshop session at DevOps Summit, Troy Topnik, ActiveState’s Technical Product Manager, will show how on-prem or cloud-hosted Private PaaS can enable organ...
Apr. 1, 2015 12:00 PM EDT Reads: 1,447
For those of us that have been practicing SOA for over a decade, it's surprising that there's so much interest in microservices. In fairness microservices don't look like the vendor play that was early SOA in the early noughties. But experienced SOA practitioners everywhere will be wondering if microservices is actually a good thing. You see microservices is basically an SOA pattern that inherits all the well-known SOA principles and adds characteristics that address the use of SOA for distribut...
Apr. 1, 2015 11:00 AM EDT Reads: 1,125
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
Apr. 1, 2015 11:00 AM EDT Reads: 2,278
Microservice architectures are the new hotness, even though they aren't really all that different (in principle) from the paradigm described by SOA (which is dead, or not dead, depending on whom you ask). One of the things this decompositional approach to application architecture does is encourage developers and operations (some might even say DevOps) to re-evaluate scaling strategies. In particular, the notion is forwarded that an application should be built to scale and then infrastructure sho...
Apr. 1, 2015 11:00 AM EDT Reads: 2,603
Our guest on the podcast this week is Jason Bloomberg, President at Intellyx. When we build services we want them to be lightweight, stateless and scalable while doing one thing really well. In today's cloud world, we're revisiting what to takes to make a good service in the first place. Listen in to learn why following "the book" doesn't necessarily mean that you're solving key business problems.
Apr. 1, 2015 10:45 AM EDT Reads: 1,392
Microservices are the result of decomposing applications. That may sound a lot like SOA, but SOA was based on an object-oriented (noun) premise; that is, services were built around an object - like a customer - with all the necessary operations (functions) that go along with it. SOA was also founded on a variety of standards (most of them coming out of OASIS) like SOAP, WSDL, XML and UDDI. Microservices have no standards (at least none deriving from a standards body or organization) and can be b...
Apr. 1, 2015 10:45 AM EDT Reads: 2,313
Right off the bat, Newman advises that we should "think of microservices as a specific approach for SOA in the same way that XP or Scrum are specific approaches for Agile Software development". These analogies are very interesting because my expectation was that microservices is a pattern. So I might infer that microservices is a set of process techniques as opposed to an architectural approach. Yet in the book, Newman clearly includes some elements of concept model and architecture as well as p...
Apr. 1, 2015 10:15 AM EDT Reads: 2,237
SYS-CON Events announced today the DevOps Foundation Certification Course, being held June ?, 2015, in conjunction with DevOps Summit and 16th Cloud Expo at the Javits Center in New York City, NY. This sixteen (16) hour course provides an introduction to DevOps – the cultural and professional movement that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will res...
Apr. 1, 2015 10:00 AM EDT Reads: 1,803