an overview of iaas cloud architecture and its benefits to ...99.995% uptime service level...
TRANSCRIPT
An Overview of IaaS Cloud Architecture and its Benefits to Businesses
Featuring research from
Indian Enterprises growth goes skyward with the Cloud
Infrastructure as a Service
About CtrlS, Asia’s largest Tier 4 Datacenter
Issue 4
2
5 17
2
Indian Enterprises growth goes skyward with the Cloud
Infrastructure as a Service or IaaS is the buzzword of the year amongst CTOs in India. As organisations of all sizes try to rein in their costs and squeeze more utility out of shrinking or stalled IT budgets, an increasing number of companies are turning to IaaS as the solution. A recent survey by consulting giant Ernst & Young shows that the uptake of Cloud services by Indian businesses has seen a sharp upward trend in the last year and this growth will only increase in the next 3-5 years.
What is Infrastructure as a Service?IaaS is cloud-based access to computing power, storage and network bandwidth, all offered as a service by a provider, on an on-demand basis with a self-service interface to manage utilisation and scaling. It also helps arrive at usage information in a transparent manner to control costs.
Many datacenters in India currently use the term IaaS to describe their Cloud solutions, without actually offering all the prerequisites. According to the American National Institute for Standards and Technology (NIST) there are five essential features any offering should have, to be considered an Infrastructure as a Service product.
1. Pooled Resources
All computing capacity, memory, storage and bandwidth resources should be pooled and available on-demand to customers, allowing for a usage based payment model and the
opportunity for massive cost savings. This is one of the key characteristics of any IaaS offering and is the basis of many of the advantages.
2. On-Demand Resources with Self-Service for Scaling
The service provider should be able to provide instant scaling up and down of all processing, memory, storage and network bandwidth resources. The customer should be able to scale all these resources on their own, through the Cloud with an easy web interface that removes the need for any interaction with the service provider.
3. Broad Network Access and Platform-Agnostic
The IaaS provider should have high-speed internet connectivity with redundancy and bandwidth to spare, to be able to scale up to increasing network traffic demands rapidly. The Cloud services offered on the IaaS platform should be platform-agnostic and run on a variety of desktop and mobile operating systems.
4. Instant Scaling
The customer should be able to instantly scale their order for physical or virtual resources from the provider, basis their requirement. This should possible in both directions, with the ability to easily deploy and deactivate resources in real-time to cope with changing operational and business needs.
3
5. Transparent and Readily Available Usage Data
For the customer to benefit from the usage-based payment model, they should have access to real-time usage data to be able to control costs and delegate their resources accordingly.
Why are Indian companies flocking to the IaaS model?According to a recent study by Ernst & Young, India is forecasted to have the highest IT expenditure growth rates over the next 3-5 years. E&Y also predicts that the increasing ubiquity of high-speed internet access across India and the rollout of 3G / 4G services will drive the adoption of IaaS.
During the study, Ernst & Young found that over 81% of companies responding to the study were aware of the Infrastructure as a Service model and were aware of the potential benefits that it held for their business. Nearly 25% of companies reported that they saw Infrastructure as a Service and Cloud services as the primary growth driver for the next wave of IT innovation in the country. The study also shows that a surprising 70% of responding companies have deployed or plan to deploy IaaS offerings in the next 3 years.
Apart from the obvious cost advantages, many Indian companies have cited operational and business benefits as the more compelling reasons to adopt IaaS. They are:
Speed of Deployment
Indian enterprises are operating in one of the most competitive markets of the world. Many such organisations cite ease and speed of deployment of IaaS as one of the primary reasons for adoption. Deploying their own infrastructure and getting it up and running takes months and in some cases years. But with IaaS, a company can have IT infrastructure up and running in a matter of weeks, if not days.
Reliability
Top tiered IaaS providers of the country, like CtrlS - offer near 100% uptime with service level agreements that guarantee this level of availability. This is done through a high level of redundancy built in to all the physical and virtual systems and on every level of the platform. This is the most important benefit for many companies, from an operational standpoint. Many companies do not have the
IT budgets or skillsets allocated, to configure such high levels of redundancy in in-house infrastructure. With IaaS, the infrastructure is highly dependable and ready instantly.
Scalability & Agility
In an unpredictable market scenario, IaaS removes the need for accurate forecasting with a view far into the future. IaaS allows companies to scale their infrastructure both up and down, something that is not possible when companies use in-house infrastructure.
IaaS’s near instant scaling of all resources and the facility to pay for resources based on usage on a monthly or quarterly frequency, means that companies can adapt to rapidly changing scenarios at will. This also allows companies to concentrate more on their core business without the need for IT provisioning.
Zero Capital Investment and Low TCO
For many Indian businesses, the ability to leverage world-class infrastructure like the kind CtrlS has to offer, with no capital investment, is a huge business advantage.
The inherent flexibility built into IaaS and transparent usage-based billing system allows companies to make continued savings and keep a tight check on their costs. Studies have shown that whether the loads are static or erratic, using IaaS provides a proven TCO savings over owned infrastructure.
Why are top Indian Companies choosing CtrlS for their IaaS needs?Indian companies prefer working with CtrlS for their IaaS needs because we have the best IaaS solution that is backed by world-class infrastructure and a 99.995% uptime service level agreement.
India’s largest companies and most respected brands in the public and private sector trust CtrlS with their IT infrastructure. From Ranbaxy and NTPC to Bajaj and the State Bank of India, our client roster speaks for itself. Here is what a few of CtrlS’ clients have to say about its IaaS offering.
4
Here’s why no one does IaaS as well as CtrlS does.We understand how to make the Cloud work better for Enterprises.
Not many service providers understand Cloud as well as CtrlS does. All of CtrlS’ cloud-based offerings are based on deep insights, which ensure that these offerings are designed to meet CIO’s expectations and address their business problems. The fact that CtrlS was the first to launch innovative cloud-based products like DR on Demand and Zero Data Loss stands testimony to this.
CtrlS’ cloud platform and architecture are designed to accommodate any and all of its client’s requirements. Which means CtrlS’ cloud infrastructure can seamlessly integrate with all hypervisors, platforms, locations and still provide the client a single interface.
CtrlS is among the few service providers that has a wide and deep understanding of what its offerings should accomplish. CtrlS has invested heavily in both core areas such as computing, storage and perimeter aspects like security.
Also, CtrlS’ cloud infrastructure components like orchestration layers and cloud engine is completely automated. This helps ensure that clients reap all the benefits of the service they subscribe to.
We have best-in-class Infrastructure.
If your business wants to buy Infrastructure as a Service, you should buy it from a company that has the best infrastructure. CtrlS owns and operates two Tier 4 datacenters, in Mumbai and Hyderabad. Three more Tier 4 facilities are being built in New Delhi, Bangalore and Chennai.
We wrote the book on Datacenters in India.
Of the many hundreds or more datacenters around the world, only 26 are Tier 4 certified for the highest levels of availability, redundancy, security and data protection. CtrlS built India’s first Tier 4 datacenter in Hyderabad and then built Asia’s largest datacenter in Mumbai.
We have the best Hardware and Services.
CtrlS partners with the best in the computing business to power all IaaS infrastructure, like VMware, Dell, HP and Cisco Systems. All hardware and software partners are the biggest and most respected names in the industry. CtrlS has also tied up with all major data carriers at its Tier 4 datacenters in Mumbai and Hyderabad, to offer the widest choice of data service providers and redundancy to clients.
We can grow with your Business.
At the datacenters in Mumbai and Hyderabad, CtrlS has a combined raised floor area of over 340,000 square feet – to address the largest and most demanding IaaS needs of its customers. Each of the Tier 4 datacenters has over 3TB of network capacity and enough dark fibre in the ground, to cater to the network demands for the next two decades or more.
We have Economies of Scale.
As a leading provider of IaaS in the country, CtrlS has tremendous economies of scale, which translates to the most competitive pricing in the IaaS space. Give us a call to find out how quickly, simply and for how little money, your company can start using Infrastructure as a Service from the best in the business.
We go by the Total Ownership Philosophy.
CtrlS’ governing philosophy of Total Ownership, ensures that customers’ business requirements are placed above all. This policy has ensured the development of capabilities to provide a complete suite of offerings from platform level services which include datacenter infrastructure, storage, backup, hardware to OS layers, network and security layers. CtrlS has developed alliances which cater to the business application layer for automating its customers’ business processes, thereby developing the capability of providing end to end custom solutions catering to their unique requirements.
Source: CtrlS Datacenters Pvt. Ltd.
“They offer the cloud
and the infrastructure,
so that flexibility comes
to us when we move; a
major benefit.”
- Rajiv Panikath, Senior VP, ITE & RO – NI, CTO, Axis Bank
“They were extremely
supportive and round
the clock; we were up
and running in no time.”
- Bharati Lele, CTO, L&T Infotech
“Cost effectiveness
and 100% availability;
not a single failure;
dedicated team”
- Ajay Kumar Pashine, GM, NTPC
“They’ve done a
fabulous job here. The
way they have been
scaling up is fantastic.”
- V. Srinivas, CIO, Nagarjuna Group
5
Research from Gartner
Infrastructure as a Service
IT organizations are increasingly looking to build cloud-based infrastructures to reduce cost of ownership while improving agility and business continuity. However, designing cloud-based infrastructure as a service (IaaS) architecture brings numerous challenges, especially in regard to mobility, security, interoperability, and management. In this Reference Architecture template, Research VP Chris Wolf and Research Director Alessandro Perilli outline the core components for an IaaS cloud architectural model that leverages virtualization technologies to successfully deliver IaaS.
Template Applicability
What is the architectural model for internal or external cloud infrastructure as a service?
This template applies to an IT organization that leverages virtualization technologies to deliver IT infrastructure as a service (IaaS) to business units, application owners, and users. This template is designed to help IT decision makers leverage virtualization technologies and management tools to efficiently and securely deliver IT infrastructure services.
This template addresses IT organizations that plan to build or optimize internal or external IaaS cloud services with the following characteristics:
• Service-oriented: The IaaS cloud delivers services via an intuitive interface that is easily understood by consumers (e.g., users, business
units, application owners, other clouds, or applications). The IaaS cloud also includes the necessary metering, accounting, and chargeback mechanisms to support billing consumers for the services it delivers.
• Virtualized: The IaaS cloud relies on x86 virtualization to provide hardware independence, mobility, scalability, and business continuity.
• On-demand provisioning: Resources are allocated from shared or dedicated infrastructure and are dynamically provisioned at the time of the service request.
• Shared infrastructure: The IaaS cloud virtualization layers reside on shared physical infrastructure, which is necessary for IT to provide on-demand services (e.g., servers, storage, or networks) to multiple tenants (e.g., business units) as needed while meeting required service levels.
• Elastic and scalable: The IaaS cloud is capable of growing dynamically to meet scalability requirements of consumers (i.e., consumption scalability) and IT organizations (i.e., infrastructure scalability). To achieve elasticity and scalability, the cloud service may also integrate with other cloud infrastructures (e.g., external or public) to expand capacity beyond local resource constraint.
FIGURE 1 IaaS Template Map
Source: Gartner (June 2012)
Hybrid Infrastructure as a Service
Software as a Service (SaaS)
Cloud Computing Tiered Architecture
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Cloud Characteristics, Principles and Patterns
You are here.
6
FIGURE 2 IaaS Template Diagram
Source: Gartner (June 2012)
Template Map
The IaaS template is a “leaf” template; it is referenced by the “Cloud Computing Tiered Architecture” template.
Template Diagram
The IaaS template diagram above includes the following components to deliver the IaaS cloud attributes described in the Template Applicability section:
• Self-service provisioning
• Service catalog
• Chargeback
• Capacity management
• Performance management
• Configuration and change management
• Life cycle management
• Virtual infrastructure management (VIM):
• Virtual infrastructure:
• Virtual service (VS)
• Physical infrastructure
• External cloud connector
• Orchestration
• Service governor (SG)
• Enterprise service management
• Identity and access management (IAM)
Some building blocks above increase the efficiency of an IaaS cloud but are not mandatory to operate it. Gartner recommends implementing and evolving preferred components according to the cloud maturity model described in “Stuck Between Stations: From Traditional Data Center to Internal Cloud.”
Template Description
This template describes the core components of an IaaS cloud.
Information on data-center-wide architectural components (e.g., storage and compute infrastructure) is available in “Enterprise Data Center.” Details on standard cloud definitions and deployment models are available in “Cloud Computing: Transforming IT.”
Iden
tity
and
acce
ss m
anag
emen
t
Physical infrastructure
Ente
rpris
e se
rvic
e m
anag
emen
t
Virtual infrastructure management
Virtual infrastructureaaaa
Self-service provisioning
Service catalog
Performance management
Orc
hest
ratio
n
Chargeback
Life cycle management
Capacity management
Exte
rnal
clo
ud c
onne
ctor
Configuration and change management
VSVS
Cloud Management Platform
7
The Cloud Management PlatformVendors implement most of the components described in this template as stand-alone products or bundled in cloud management platforms (CMPs). CMPs usually include a self-service provisioning portal, a service catalog, and an orchestration engine (also known as IT process automation). Additionally, CMPs may include capabilities like life cycle management, performance management, capacity management (aka IT resource management), configuration and change management, and chargeback.
A CMP can feature a monolithic or a modular architecture. In a monolithic architecture, the CMP offers all available components as a single, all-in-one software product. Accordingly, product licensing has limited flexibility.
The monolithic architecture approach is more common among startups. Such vendors develop CMPs from the ground up to tackle new management challenges, and they focus on tight integration between included components. In early maturity stages, all-in-one CMPs often feature limited integration with third-party tools, and included management modules rarely offer best-in-class capabilities. As all-in-one CMPs mature, Gartner expects vendors to shift toward a modular architecture and licensing structure while enriching capabilities and integration.
The modular architecture is more common among more mature players, including enterprise management vendors and virtualization players. Modular CMPs often come as repurposed and repackaged collections of stand-alone enterprise management tools. Sometimes such CMP components are already part of a vendor’s product portfolio; other times, the tools come from multiple acquisitions in different market segments. Accordingly, some modular CMPs include mature components that feature best-in-class capabilities and great integration with some third-party tools but not necessarily great integration with each other.
CMPs do not always come as commercial solutions. IT organizations can build their own modular CMPs by combining repurposed management tools and homegrown components (e.g., the self-service provisioning portal). Although homegrown components generally lack the maturity of their commercial counterparts, such components are highly customized to IT organization’s needs and business goals. Modularity allows organizations to drop the homegrown parts as soon as commercial alternatives evolve and IT organizations are ready for the next maturity stage.
Self-Service Provisioning
The self-service provisioning portal provides the IaaS cloud’s front-end interface while acting as a gateway to other cloud resources. IaaS delivery requires the presence of a provisioning portal, as a stand-alone component, part of a service catalog, or part of a CMP. A comprehensive provisioning portal is responsible for:
• Presenting service catalog objects (e.g., virtual machines/virtual services [VMs/VSs]) to end users (e.g., business managers and marketing and sales specialists), IT specialists (e.g., IT ops staff, developers, and QA engineers) and other clouds (e.g., an external IaaS cloud) through a browsable and searchable interface
• Integrating with identity and access management mechanisms to authenticate and authorize users to view and interact with some or all catalog objects
• Accepting order customization (e.g., select “Large Instance” rather than “Small Instance”), if allowed by the IT organization, and placement as part of a provisioning request
• Providing application programming interfaces (APIs) or other mechanisms to integrate with cloud management tools (e.g., orchestrators)
• Forwarding provisioning requests to integrated cloud management tools for fulfillment
• Providing a self-service interface to manage provisioned objects (e.g., delegate control, transfer ownership) and, sometimes, to operate them (e.g., start/stop, clone, and destroy)
A mature provisioning portal should provide different self-service experiences according to user permissions and role within the organization. To business-oriented users (e.g., a sales specialist), the provisioning portal should present a service-centric interface and expose business services (e.g., a CRM) and allowing customization according to relevant key performance indicators (e.g., number of expected concurrent users). Conversely, to tech-oriented users (e.g., IT developers), the provisioning portal should present an infrastructure-centric interface and expose VMs/VSs and allow customization according to configuration parameters (e.g., amount of vRAM).
8
Additional information on the role of self-service provisioning portals in IaaS cloud infrastructures is available in the following Gartner documents:
• “Virtual Lab Automation: The Foundation for Private Cloud Infrastructure Service Delivery”
• “Self-Service Provisioning for Internal Clouds: Buy or Build?”
Service Catalog
The service catalog stores the objects that users order through the self-service provisioning portal. IaaS delivery requires the presence of a service catalog, either purposely built for cloud-based application and service delivery or integrated within the enterprise service catalog infrastructure. The cloud service catalog is responsible for one or more of the following actions:
• Integrating with configuration management databases (CMDBs) to retrieve information about physical and virtual infrastructure assets that will be combined in catalog object definitions
• Allowing IT organizations to create, edit, and save the definitions of catalog objects (e.g., VSs) exposed through the self-service provisioning portal
• Allowing IT organizations to define access permissions for catalog objects based on role, group membership, physical location, or endpoint device:
• The catalog presentation should be dynamic such that a user will only see services to which he or she is entitled.
• Allowing IT organizations to assign predefined catalog objects to specific users without the need to interact with the provisioning portal (task workers, for example, would not need these levels of self-service)
• Allowing users to subscribe to specific IT services to receive object updates and new objects
• Providing application programming interfaces (APIs) or other mechanisms to integrate with other cloud management tools (e.g., self-service provisioning portals and orchestrators)
Additional information on service catalogs is available in “ITIL Service Management Practices: Third Time’s the Charm.”
Chargeback
The chargeback system meters and accounts internal cloud resources usage. The chargeback system is responsible for one or more of the following actions:
• Metering resource allocation (e.g., provisioning of a new VM with 2GB virtual memory [vRAM]) through integration with the orchestrator or the self-service provisioning portal and consumption (e.g., use of 1GB vRAM out of 2GB allocated for 12 hours/day) through integration with the performance management tool or the virtual infrastructure management tool
• Reporting resource consumption (i.e., show-back) through a native reporting engine or through integration with third-party reporting tools
• Charging internal cloud users (e.g., end users and the IT organization) or departments for resource allocation or consumption through integration with third-party IT financial management tools
• Charging internal cloud users via an allocation-based model (e.g., static VM size, storage, and availability requirements):
• Consumption-based models (e.g., pay for resources used for the time they are used) should be considered optional because the accounting departments in most enterprise organizations are not equipped to handle billing in extremely small increments.
Capacity Management
Capacity management (aka IT resource management) determines efficient resource allocation and optimal workload placement across the IaaS cloud. The capacity management system is responsible for one or more of the following actions:
• Modeling capacity allocation to guarantee service levels, according to:
• Resource availability at compute, storage, and network layers of the cloud infrastructure
• Technical, business, and compliance constraints associated to the services available in the service catalog
• End-to-end performance analysis of running services that performance management tools provide at infrastructure and application levels
9
• Resource consumption trends as defined by factors like linear regression, what-if simulation, and system event awareness
• Verifying available capacity and providing clearance to proceed with a provisioning request placed thought the self-service provisioning portal
• Requesting capacity reservation, through the integration with the orchestrator, according to provisioning requests placed through the provisioning portal
• Requesting the capacity plan execution, through the integration with the orchestrator or the request management system, according to provisioning requests placed through the provisioning portal:
• Request management systems can be part of the service catalog or the life cycle management tool or they can come as stand-alone solutions
• Requesting resource reallocation and workload re-arrangement, through integration with the orchestrator, according to continual capacity analysis
Capacity management is fundamental to reducing infrastructure capacity waste, optimizing resource allocation according to application performance, mitigating virtual machine sprawl caused by self-service provisioning, and forecasting resource consumption driven by business growth or infrastructure configuration changes.
Additional information on the role of capacity management in IaaS cloud infrastructures is available in the following guidance document:
• “The Big Mind Shift: Capacity Management for Virtual and Cloud Infrastructures”
Performance Management
Infrastructure and application performance management is a fundamental component to enforce service-level agreements in an IaaS cloud. The performance management system is responsible for one or more of the following actions:
• Measuring infrastructure resource utilization across all IT silos (e.g., virtualization, compute, network, storage, and security)
• Establishing and documenting a performance baseline for monitored assets through manual
definition of thresholds or self-learning predictive analysis
• Discovering and updating topology of business services contained within one or more VS
• Assessing service levels through end-to-end application performance analysis (e.g., hops latency and response time)
• Integrating with other cloud management tools (e.g., capacity management tools and orchestrators) to provide inputs for capacity modeling
• Providing real-time and trending reports about infrastructure and application-level performance
Configuration and Change Management
Configuration management is fundamental to creating and maintaining a complete and accurate picture of configurations across various elements of the IaaS cloud. IT service delivery and change management processes depend on the accuracy of the configuration information.
The configuration management layer is responsible for one or more of the following actions:
• Discovering the software configuration, including service dependencies and interrelationships, of all layers of the IaaS cloud:
• Physical infrastructure
• Virtual infrastructure
• Virtual infrastructure management
• Cloud infrastructure management
• VMs/VSs
• Virtualized applications and business services
• Performing the software configuration and patching of all layers of the IaaS cloud, including service dependencies and interrelationships, through the native engine or integration with other cloud management components (e.g., the orchestrator)
• Versioning the software configuration of all layers of the IaaS cloud
• Storing and updating the IaaS cloud CMDB and the management metadata
10
• Ensuring that the cloud CMDB and management metadata are highly available and resilient to a single point of failure
• Packaging, storing, and serving application to VMs/VSs through native engines (e.g., application virtualization and streaming) or through integration with other cloud management components (e.g., orchestrators, life cycle management tools, and virtual infrastructure management tools)
• Allowing software distribution in compliance with proper licensing terms
• Reporting cloud asset configurations
Change management tools guarantee that the IaaS cloud configuration remains compliant to organizational policies and compliance regulation after changes manually implemented by the IT staff or customization requested through the self-service provisioning portal. Along with the self-service provisioning portal, change management can help enforce standardization.
Change management is responsible for one or more of the following actions:
• Auditing changes involving:
• Configuration of physical infrastructure elements (e.g., virtualization hosts, storage area network [SAN] arrays, and network switches)
• Configuration of virtual infrastructure elements (e.g., local firewall, networking services, and quality of service [QoS] mechanisms)
• Configuration of virtual infrastructure management elements (e.g., resource pools, distributed virtual networking, physical storage mapping, and power management policies) and its CMDB
• Configuration of cloud infrastructure management elements (e.g., self-service provisioning requests ownership, service catalog object definition, and performance management baselines)
• Configuration of VMs’ virtual hardware (e.g., virtual CPU [vCPU] numbers and types, amount of vRAM, and virtual network interface card [vNIC] settings)
• Configuration of VSs’ virtual network and storage (e.g., virtual network topology, IP addressing, and virtual storage assignment)
• Configuration of guest OSs and their virtualized applications
• Configuration of access permissions and auditing for all IaaS cloud assets
• Patching of all IaaS assets and management layers
• Requesting organization management approval for audited changes that are non-compliant with organizational policies, constraints (e.g., software licensing), or law regulations
• Providing or denying clearance to provisioning requests through integration with the orchestrator or with the self-service provisioning portal
• Requesting remediation for unapproved configuration changes through integration with the orchestrator or with the configuration management tool
• Requesting reversion to a previously saved configuration state through integration with the orchestrator or with the configuration management tool
• Reporting cloud asset configuration changes
Life Cycle Management
Life cycle management in IaaS clouds controls VMs/VSs from provisioning time to retirement. The life cycle management tool is responsible for one or more of the following actions:
• Managing provisioning workflow approval steps by:
• Forwarding provisioning requests coming through the self-service provisioning portal to corporate management for approval
• Enforcing approval or rejection of provisioning requests coming through the provisioning portal, according to:
• Clearance provided by capacity management, change management, and chargeback systems
• Corporate management authorization
11
• Assigning ownership of VMs/VSs to a user or a department
• Tagging VMs/VSs, virtual hardware, guest OSs, applications, and other IaaS cloud assets with customizable attributes
• Managing lease time of VMs/VSs (defined by the user on the provisioning portal) by sending reminder notifications approving lease time extension and enforcing VMs/VSs retirement
• Operating VMs/VSs (e.g., start/stop, clone, and destroy) across multiple virtual infrastructures within internal cloud:
• Life cycle management tools can operate heterogeneous virtual infrastructure by coordinating different virtual infrastructure management layers or bypassing them altogether.
• Operating VMs/VSs (e.g., start/stop, clone, and destroy) across multiple clouds (e.g., internal, external, public, and private IaaS clouds; platform as a service [PaaS]; and software as a service [SaaS]) and leveraging the external cloud connector for access and the identity and access management layer for identity federation
• Requesting execution of decommissioning workflows through integration with the orchestrator
• Managing life cycle of VMs/VSs located on external clouds through the external cloud connector
Virtual Infrastructure Management
The virtual infrastructure management (VIM) layer manages multiple VMs/VSs and their virtual hardware across multiple virtual infrastructures. The VIM layer is responsible for:
• Provisioning VMs/VSs and their virtual hardware through native administration user interfaces (e.g., binary and Web-based clients) and providing provisioning APIs for other cloud management tools (e.g., self-service provisioning portals and orchestrators)
• Configuring VMs/VSs and their virtual hardware and providing configuration APIs for other cloud management tools (e.g., configuration management and change management tools)
• Operating VMs/VSs and providing life cycle management APIs for other cloud management tools (e.g., life cycle management tools)
• Tracking utilization for virtual infrastructure resources and providing monitoring APIs for other cloud management tools (e.g., performance management and chargeback)
• Providing fault tolerance mechanisms for VMs/VSs high availability (e.g., using a heartbeat to check a VM guest OS’s alive status and failing VM over to a new virtualization host following a predetermined non-response interval or redundant array of independent disks [RAID] Level 5 for a storage service)
• Providing basic dynamic resource management (i.e., vCPU, vRAM, virtual network, and virtual storage allocation) according to technical constraints (e.g., VMs affinity) and resource management APIs for other cloud management tools (e.g., capacity management)
• Providing dynamic power management through integration with power management features within the physical-infrastructure and power-management APIs for other cloud management tools (e.g., life cycle management):
• The VIM layer can dynamically reduce power consumption by:
• Leveraging CPU advanced power management features (e.g., CPU core parking, frequency, or voltage reduction)
• Suspending or shutting down unneeded servers in a compute pool
• Dynamically reprovisioning the LAN to minimize the number of network ports in use based on load
• Leveraging power management features in storage (e.g., spinning down idle drives)
• Monitoring, logging, and enforcing security through various mechanisms (e.g., role-based access control, network traffic filtering, and zone isolation) and security APIs for other cloud management tools (e.g., infrastructure authority) or third-party security products
12
Virtual Infrastructure
The virtual infrastructure includes one or more virtualization platforms (e.g., hypervisors, virtual storage, and network virtualization layers). Each virtualization platform provides the virtual hardware interfaces that abstracts and connects physical resources to VMs/VSs and their virtualized applications. Virtual infrastructure is responsible for:
• Connecting to physical resources (e.g., compute, networking, and storage) through optimized OS kernels (e.g., VMware vmkernel), device drivers, and hardware-assisted virtualization features (e.g., I/O virtualization [IOV] or N_Port ID Virtualization [NPIV])
• Exposing physical resources through one or more abstraction layers (e.g., virtual hardware, distributed virtual file systems, distributed virtual networking, and resource pools)
• Serving and isolating VMs/VSs
• Managing VM/VS access to physical resources through resource scheduling and QoS mechanisms
• Providing native tools for hypervisor and VM/VS management
• Providing API interfaces for third-party network, storage, security, and management tools
Additional information on virtual infrastructure architecture for production IaaS cloud infrastructures is available in the following documents:
• “Virtualization Physical Infrastructure: Production”
• “Virtualization Physical Server”
Virtual Service
The service catalog can store different kind of objects with different levels of complexity and abstraction. Such objects include virtual machines (VMs) and virtual services (VSs).
The VS is a virtual container for any or all of the following:
• A set of VMs and virtualized applications to deliver one or more business services (e.g., a CRM platform)
• One or more service VMs to protect or manage business services within the VS (e.g., a virtual firewall or a virtual load balancer)
• Virtual compute, storage, and network resources
The cloud management layers isolate VSs in order to support multi-tenancy on shared physical infrastructure. The security isolation, inspection, and enforcement capabilities vary by cloud management tool. Typical isolation features include virtual firewalls, intrusion detection systems (IDSs), intrusion prevention systems (IPSs), data encryption (for VS metadata and associated storage), and virtual LANs (VLANs).
The VS definition includes details like:
• Number of VMs
• VM load order
• Virtual hardware configuration (e.g., vCPUs, vRAM, local virtual hard disks [VHDs] and storage pools, and vNICs) for each VM
• Virtual network topology to interconnect all VMs within the VS
• Guest OS for each VM
• Virtualized applications for each VM
The VS definition must also include metadata to define technical, business, and compliance requirements that the cloud management layers enforce. For example, the VS metadata can include:
• Technical requirements (e.g., virtualization platform and hardware-assisted virtualization features)
• Service level requirements (e.g., availability and performance)
• Security requirements (e.g., zoning, encryption, and tagging)
• Compliance requirements (e.g., data export restrictions and product licensing)
Currently, packaging and distribution formats like Open Virtualization Format (OVF) only allow the definition of technical requirements. The OVF 1.1.0 format still lacks the capability to define runtime metadata for service-level, security, and compliance requirements.1 Albeit OVF is a standard and extensible format, any extension to define additional attributes requires vendor support to enforce the associated runtime metadata.
13
Physical Infrastructure
Physical infrastructure provides the foundation for the IaaS cloud and consists of the physical compute, network, and storage assets the IT organization needs to meet all required service levels.
The physical infrastructure connects to traditional infrastructure through the enterprise service management layer in order to access data or resources that are not included in the IaaS cloud or to send data to legacy applications.
Physical infrastructure devices may also include embedded software that extends to the virtual infrastructure layer. Examples of embedded virtualization software include:
• Server virtualization hypervisors that load from flash memory on a physical server system
• Single-root IOV (SR-IOV)-enabled input/output (I/O) devices such as Ethernet adapters
• Multi-root IOV (MR-IOV)-enabled shared I/O devices
Additional background information on SR-IOV and MR-IOV is available in “The Commodity Server Is Being Reshaped by Server Virtualization.”
For additional information on data center physical infrastructure architecture, consult the following:
• “Data Center Network”
• “Compute Ecosystem”
• “Compute Node for Server Virtualization”
• “Storage Ecosystem”
• “Data Center Cooling”
• “Data Center Availability”
• “Information Security Architecture Model”
External Cloud Connector
The external cloud connector is a component that serves to connect internal cloud environments to external and public cloud services. To connect environments, organizations may implement one or more external cloud connectors. External cloud connectors can come in a variety of offerings (e.g., hardware appliances, virtual appliances, software packages, logical networks, and SaaS proxies) and include capabilities such as:
• Providing a gateway for internal cloud management software (e.g., capacity management tools, chargeback systems, and disaster recovery tools) to manage external cloud assets
• Providing a secure network tunnel between internal and external cloud environments
• Performing data encryption and decryption
• Enforcing network transparency by bridging internal and external network topologies
• Enhancing network performance across distance through techniques such as compression, acceleration, optimization, deduplication, and/or replication
• Converting virtual machines between formats before transmission
• Propagating security and service level requirements (e.g., performance, availability, recovery time objective [RTO], and recovery point objective [RPO]) defined in the service catalog
Orchestration
The orchestrator (aka the IT process automation tool) in IaaS clouds automates IT operation processes across all components of the cloud stack according to one or more policies. The orchestrator is responsible for one or more of the following actions:
• Allowing the definition, administration, and monitoring of process workflows and policies for various IT operations (e.g., service provisioning, service and data replication for business continuity, and disaster recovery) through a drag and drop user interface and predefined action libraries
• Coordinating and automating IT process execution across multiple IT silos (e.g., virtualization, compute, network, storage, and security)
• Integrating with all other cloud management tools (e.g., virtual infrastructure management, life cycle management, and external cloud connectors) to execute process workflows on the internal or external cloud infrastructure through predefined integration packs and/or code development
14
Orchestration has a fundamental role in cloud management because it represents the most efficient way to scale IT operations while reducing the risks associated with human intervention.
Additional information about orchestration is available in the following documents:
• “IT Process Automation: Run Book Automation Tools Mature to Broader Use”
• “IT Process Automation: Minding the Machines”
Service Governor
The service governor (SG) is a logical construct and may not be available as a stand-alone product. SG functionality is starting to emerge in various parts of the IaaS stack, including:
• Orchestrator
• Capacity management
• Service catalog
The SG may also implement itself through a series of upgrades to the organization’s core cloud IaaS management infrastructure. Regardless of where the SG is implemented, IT organizations should still discuss the management problems the SG should solve when discussing cloud management solutions with various vendors. The remainder of this section discusses relevant and critical functionality that the logical SG offers to cloud IaaS.
To realize the potential of public, private, and hybrid cloud IaaS, infrastructure must be capable of not just dynamically provisioning and optimizing systems, but also adhering to any security, regulatory, or organizational policy constraints. In many enterprise environments, dynamic IT consists of several disjointed solutions and often requires blind faith that policy, security, or regulatory constraints will not be broken. A common example of this problem is VM load-balancing and orchestration tools that exclusively use performance metrics to determine VM placement. The orchestration or provisioning tool has no way of knowing if a security-zoning restriction would be violated by placing a VM on a particular host. The lack of operational cooperation among enterprise management tools is nothing new. However, the emergence of cloud computing and IaaS is causing enterprises to take a new look at their expectations for enterprise and virtual infrastructure management. The bottom line:
Someone has to be in charge, and that someone is the service governor (SG). Note that the SG is also known as a service governor, although SG functionality is heavily biased to infrastructure intelligence as it relates to policy constraints.
Typical questions answered by the SG include:
• Do any organizational policy constraints prevent placement of a VM on a given physical host?
• Do operational constraints such as a backup window or recovery point objective (RPO) restrict a service to a single physical location?
• Do any data latency requirements limit the distance between an application and its back-end data?
• Do any policy restrictions (e.g., data export restrictions) prevent VMs from migrating to different data centers or to public cloud infrastructure?
• Are adequate resources (e.g., power, CPU, memory, and I/O) available to run new virtual workloads on a given physical infrastructure?
• Are capacity management tools incorporating all facets of organizational, security, and regulatory compliance when determining available capacity and predicting future requirements?
Among the many abilities the SG possesses are:
• Integrates with third-party management and orchestration tools to authorize IT operations such as provisioning or relocation before they proceed
• Maintains physical, virtual, and policy dependency maps
• Ensures security and regulatory compliance
• Enforces organizational policy
• Ensures accurate capacity forecasts
• Interfaces with external cloud brokers
The cloud-enabled infrastructure will leverage the SG to ensure policy compliance, and issues such as service levels or power availability are not compromised when provisioning or moving VMs or their dependent cloud services.
15
Enterprise Service Management
Enterprise service management includes the top-level system management consoles into which other management components integrate. The enterprise service management layer is responsible for enterprise management functions related to physical and virtual assets that belong to the cloud infrastructure as well as to the traditional infrastructure.
Enterprise service management includes one or more of the following capabilities:
• Business process management (BPM) and business continuity
• Configuration and change management
• Infrastructure and application performance management
• IT asset management and configuration management databases (CMDBs)
• IT finance management
• Life cycle management of physical assets
• Resource and capacity management
• Security management (e.g., event and audit logging and policy enforcement)
• Help desk management, service request management, and incident management
Enterprise service management tools manage the traditional infrastructure assets and their integration with the IaaS cloud at multiple levels (e.g., access, QoS, and security).
Traditional infrastructure consists of hardware and software that connect to the IaaS cloud through the enterprise service management layer but that cloud management tools do not manage directly. Examples of traditional infrastructure include:
• x86 applications deployed to bare metal systems
• Mainframes
• Proprietary reduced instruction set computer (RISC)/Unix platforms
• Network and storage infrastructure associated with non-cloud compute platform
Identity and Access Management
Identity and access management (IAM) services are required components of IaaS clouds. The IAM layer manages subject identities (e.g., users, services, and external clouds) and controls the access to local assets or assets in federated clouds.
The IAM layer is responsible for:
• Storing and modifying identity attributes (e.g., user identity, permissions, and role) through identity data services (e.g., directory services)
• Federating subject identities defined by cloud service providers (CSPs) for access to external cloud assets
• Granting, restricting, or denying access to local and external cloud assets (e.g., self-service provisioning portal, management interfaces, and VMs) based on identity attributes and according to organizational policies
Additional information on the role of the identity and access management layer is available in:
• “Identity Management”
Revision History
June 2012
• Revised to include updated figures, template map and section titles.
May 2012
• Revised to include updated figures and template map.
November 2011
• Second edition.
January 2010
• First edition.
16
Notes 1Open Virtualization Format (OVF)
Acronym Key and Glossary Terms
API application programming interface
BPM business process management
CMDB configuration management database
CMP cloud management platform
CSP cloud service provider
I/O input/output
IaaS infrastructure as a service
IAM identity and access management
IDS intrusion detection system
IOV I/O virtualization
IPS intrusion prevention system
MR-IOV multi-root IOV
NPIV N_Port ID Virtualization
OVF Open Virtualization Format
PaaS platform as a service
QoS quality of service
RAID redundant array of independent disks
RISC reduced instruction set computer
RPO recovery point objective
RTO recovery time objective
SaaS software as a service
SAN storage area network
SG service governor
SR-IOV single-root IOV
vCPUs virtual CPUs
VHDs virtual hard disks
VIM virtual infrastructure management
VLAN virtual LAN
VM virtual machine
vNIC virtual network interface card
vRAM virtual memory
VS virtual service
Source: Gartner Research, G00234846, Chris Wolf, Alessandro Perilli, 09 July 2012
17
An Overview of IaaS Cloud Architecture and its Benefits to Businesses is published by CtrlS Datacenters Pvt. Ltd. Editorial content supplied by CtrlS Datacenters Pvt Ltd is independent of Gartner analysis. All Gartner research is used with Gartner’s permission, and was originally published as part of Gartner’s syndicated research service available to all entitled Gartner clients. © 2013 Gartner, Inc. and/or its affiliates. All rights reserved. The use of Gartner research in this publication does not indicate Gartner’s endorsement of CtrlS Datacenters Pvt Ltd’s products and/or strategies. Reproduction or distribution of this publication in any form without Gartner’s prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp.
About CtrlS
Headquartered in Hyderabad, CtrlS Datacenters Pvt. Ltd. was founded in 2007 by the INR 750 Crores Pioneer Group, which has been building the largest available infrastructure in the Datacenter segment and is already into FMS and SI functions. The Pioneer Group has been growing at a CAGR exceeding 100 percent in the past 15 years.
CtrlS owns and operates datacenters in Hyderabad and Mumbai, with upcoming facilities in Delhi, Bangalore and Chennai. With built-up infrastructure spanning over 340,000 square feet, the company has developed capabilities to provide platform level services like datacenter infrastructure, storage, backup, hardware, OS layers, network and security layers. It offers a host of outsourced business solutions and services such as Disaster Recovery on Demand, Managed Services and Private Cloud-On-Demand to enable clients make the paradigm shift from the captive datacenter model to an outsourced third party model.
CtrlS’ datacenters are Tier 4 certified and provide 99.995% uptime guarantee, less than 22 minutes of downtime in a year and N+N redundancy. With 1.42 PUE, it is the most power efficient datacenter in India. Dual power sources and an additional captive power plant ensure uninterrupted power and cooling systems. It also provides high bandwidth availability and a choice from India’s leading TELCOs.
It is also the only one of its kind in India to provide 8-zone security, scalability for up to 10 years, guaranteeing the highest availability and least energy consumption. Armed with top-of-the-line features and the very best of infrastructure and technology, it offers clients an array of benefits which can drive a saving of up to 40 percent on total cost of ownership. It has ISO- 20000-1, ISO-27001 and BS 25999 certifications.
CtrlS’ datacenters are widely recognized as the best in its class. CtrlS has received the following awards:
• CII Award for the Most Energy Efficient Unit
• CII Award for the Most Innovative Energy Efficient unit
• NASSCOM Award for Top 50 Emerging Companies, 2 years in a row
• CIO Choice Award: Best Datacenter in the Managed Services Space
Delhi HyderabadMumbai