In 2009, Intel IT began offering private on-demand, self-service cloud computing to better realize the full business value of the cloud computing environment. The design goal was to enable Intel IT to provide capacity without getting in the way of business user demand by automating the business processes that handle the majority of IT workflow. At the core of the self-service functionality is a hosting automation framework comprised of web services for receiving and responding to service requests, a database to track the status and progress of these requests, a scheduler to help ensure requests are being fulfilled, and an orchestration engine with a set of workflows to complete the tasks. Self-service options are accessed via a consumer-focused portal for users and developers; a second portal is used by IT to manage and monitor measured services.
This successful transformation was delivered by the implementation of Infrastructure-as-a-Service (Iaas). IaaS is the virtualized, multitenant infrastructure that underpins your private cloud and enables multiple applications for business groups across the enterprise to share. IaaS is built and delivered using a set of technologies that start with virtualization as the basic building block. A cloud management platform enables you to run a multitenant environment using the resources from the virtual infrastructure and security technologies at every level. Although clouds are built with IaaS, PaaS, and SaaS service layers, infrastructure services are the most typical private cloud services offered today.
Step 1: Implement Pervasive Virtualization
Virtualization is the foundation for an agile, scalable cloud—and the first practical step—for building cloud infrastructure. Virtualization abstracts and isolates the underlying hardware as virtual machines (VMs) in their own runtime environment and with multiple VMs for computing, storage, and networking resources in a single hosting environment. These virtualized resources are critical for managing data, moving it into and out of the cloud, and running applications with high utilization and high availability.
Virtualization is managed by a host server running a hypervisor—software, firmware, or hardware that creates and runs VMs. The VMs are referred to as guest machines. The hypervisor serves as a virtual operating platform that executes the guest operating system for an application. Host servers are designed to run multiple VMs sharing multiple instances of guest operating systems.
Virtualization also provides several key capabilities for cloud computing, including resource sharing, VM isolation, and load balancing. In a cloud environment, these capabilities enable scalability, high utilization of pooled resources, rapid provisioning, workload isolation, and increased uptime.
Infrastructure as a service is built on pooled resources for computing, storage, and networking.
(From An Enterprise Private Cloud Architecture and Implementation Roadmap. Intel IT [June 2010])
Today, the trend in virtualization has moved from reducing costs by consolidating data centers to increasing flexibility and agility through the pervasive use of virtualization for faster service deployment and dynamic placement of workloads. Pervasive virtualization is a strategic approach that provides a method for judiciously bringing legacy applications into your cloud to meet your strategic goals or as time and budget allow. Its benefits include better quality of service, improved availability and business continuity, faster resource deployment, and lower energy consumption.
Step 2: Select Your Cloud Management Platform
With increased virtualization infrastructure, you also need greater management capabilities, a technical challenge that can be achieved in parallel to your transition to a cloud environment. At this juncture you can decide to:
• Use a virtualization management platform that can also be used or extended easily for the cloud.
• Augment existing tools with an expanded set of cloud management capabilities on top of your existing virtualization management platform.
• Add a new cloud management platform (CMP) that can run the cloud and your existing virtualization environment.
A cloud management platform is integrated software that delivers service quality, security, and availability for workloads running in cloud environments. CMP offerings vary widely in terms of platform maturity, architecture complexity, and capabilities. At minimum, it should provide:
• Direct user access to the system
• Self-service capabilities and interfaces
• Workflow engine
• Automated provisioning
• Metering and chargeback functionality
More advanced capabilities might include performance and capacity management, interoperability between private and public IaaS offerings, connectivity to and management of external clouds, application life-cycle support, back-end service catalogs, and integration with external enterprise management systems.
The cloud management platform you choose should be based on organization size and complexity, the degree of heterogeneity in your virtualized infrastructure, and the cloud functionality you require. With heterogeneous infrastructure, you are more likely to benefit from using IT operations management architectures to manage both legacy and cloud environments. For data centers with homogeneous infrastructure, evaluating the vendor as your supplier is a good place to start.
Step 3: Automate Workflows and Other System Capabilities
Automation is a key capability of elastic, high-performing cloud environments. By eliminating or minimizing manual processes and requiring minimal human control points, you can optimize and manage resources faster, deliver services, manage service life cycle, and respond to changing conditions.
In a cloud environment, automated workflows integrate across heterogeneous and disparate systems that manage provisioning, scaling, VM configuration, identity and access controls, network resources, workflow monitoring, patching, and backup. More advanced automation capabilities can include release management, load balancing, firewalls, and management of more complex VMs.
Step 4: Orchestrate Services End to End
Orchestration software provides the automated intelligence that dynamically arranges, coordinates, and manages the elements of your cloud environment. Orchestration of end-to-end services enables the flexibility, economy of scale, and on-demand delivery for virtualized resources and provides the ease and convenience users expect when they access the cloud.
Orchestration has two main jobs: aligning service requests with available resources and monitoring the health of the physical and virtualized environment. These functions enable your cloud to scale up or down based on demand at specified performance levels. To accomplish this, orchestration manages across different systems to:
• Connect and automate workflows to deliver a specified service.
• Manage configuration, capacity, metering, and chargeback.
• Track and report on cloud performance and availability.
• Monitor and manage power, including energy consumption and cooling requirements.
• Monitor security threats and adherence to security policies, including access, authorization, and identity management.
• Take effective actions and make adjustments based on feedback from monitoring tools.
• Predict potential issues so they can be addressed before they become major issues.
Step 5: Implement Cloud Security
As you move beyond virtualizing your data centers to building your private cloud, security must evolve to support both traditional and new vulnerabilities. Cloud environments require a new take on security with challenges around resource isolation, security event management, and data protection, including VM isolation, secure VM migration, virtual network isolation, and security event and access monitoring. Plus, with multiple business groups accessing cloud resources, visibility into secure data flow and compliance with business-specific security policies are critical. Cloud security must be adaptive to an environment in which workloads are decoupled from the physical hardware and delivered from a fabric of pooled resources. At the same time, security must protect the physical boundaries of the network edge.
As you plan your security approach to your private cloud, you can also lay the groundwork for eventually moving certain workloads into a public cloud. One way to do this is to provide security as a set of on-demand, scalable services. In this approach, policies are tied to logical attributes that create adaptive trust zones to separate multiple tenants.
Workloads and the appropriate security policies can then be associated throughout the workload’s life cycle. This approach involves virtualizing security controls throughout the environment, isolating applications, and building context awareness into applications that informs security decisions and delivers compound security policies independent of network topology.
This blog is part 3 of 4 in a series focused on planning your organization’s cloud strategy. For a full report, please click here.
For practical information on how to integrate security planning into cloud computing initiatives, click here.
For more conversations about IT Center and cloud solutions, click on the hashtags below: