a practical approach to delivering cloud platforms using novell solutions: how service provider acs...
DESCRIPTION
n this session, you will see how Affiliated Computer Services (ACS) provides a client-directed cloud solution focused on what customers want to do today. ACS has created a private cloud-based service that offers many of the benefits of a public cloud computing environment. The difference is that in a private cloud-based service, data and processes are managed within an ACS trusted environment without the security exposures and legal requirements that come with using public cloud services across open, public networks. Additionally, private cloud services can offer the enterprise greater control, thus improving security and resiliency as user access and the networks are restricted and designated.Novell and ACS teamed together to build the ACS Management Platform, which enables you to fully manage the cloud service offerings, from the core management services to distributed multiple clouds running in multiple data centers. Learn how the ACS Management Platform provides streamlined service provisioning of application tiers and performance levels in a multi-tenant, virtualized, cross-cloud computing platforms. Additionally, it provides ITIL 3.0, Pharma and SOX compliance to ensure you have high levels of services at a much lower price than traditional service providers.Learn how Novell and ACS are working together to help customers with the creation of various business models, which include the integration of services from different providers (public and private) to support and drive business innovation and optimization. This session will demonstrate a multi-phase delivery engagement model to define, integrate, and implement the technologies and processes necessary to deliver cloud-based services.TRANSCRIPT
A Practical Approach to Delivering Cloud Platforms Using Novell® Solutions: How Service Provider ACS Delivers Value Creation for Its Customers with Cloud Computing Services
Charles A Radi, Sr.Principal Architect – Novell Services ([email protected])
Steve HansenPrincipal Architect – Novell Services ([email protected])
Steve HouserVP and CTO – ACS, ITO Global Strategy and Service Management ([email protected])
© Novell, Inc. All rights reserved.2
Agenda
Cloud Computing Background
ACS Enterprise Cloud Business Overview
ACS AMP 2.0 Delivery Review
ACS AMP 2.0 Architecture Review
Live Demo
Questions and Answers
Cloud Computing Background
© Novell, Inc. All rights reserved.4
Definitions – Cloud Computing Market
SAAS
PAAS
IAAS INFRASTRUCTUREAmazon EC2, GoGrid, Rackspace, Slicehost
PLATFORMGoogle App Engine, Azure, Force.com
SOFTWARESalesforce.com
Thoughts to ponder:
What are your requirements?
Where does your Enterprise cloud fit?
© Novell, Inc. All rights reserved.5
Extending the Enterprise to the Cloud
Software asa Service
Platform asa Service
Infrastructureas a Service
GOVERNANCE AND COMPLIANCE
BusinessServiceManagement
IT ServiceManagement
ExistingInternalCapacity
BusinessServiceManagement
IT ServiceManagement
VirtualizedInternalCapacity
BusinessServiceManagement
IT ServiceManagement
NewExternalCapacity
Firewall
External Cloud (Off-Site)Internal Cloud (On-Site)
Thoughts to ponder:What is your strategy? You may not call it a cloud
© Novell, Inc. All rights reserved.6
The Workload Lifecycle
BuildSecure
ManageMeasure
Intelligent
+ Management+ IdentityWorkload
+ Customized OS
Both Intelligent and Standard Workloads Across Physical, Virtual, and Cloud Environments
Thoughts to ponder:What is your current life cycle? Who owns each stage?
© Novell, Inc. All rights reserved.7
ResourceManagement
General PurposeOperating System
ServiceManagement
Security andComplianceManagement
Isolated Identity Awareness
ResourceManagement
CustomizedOperating
System
ServiceManagement
Security andComplianceManagement
Identity-Managed
Integrating Identity into Management(aka I've already heard too much about the cloud ... what's different?)
1. The workload is intelligent
2. The intelligent workload is managed intelligently
ACS Enterprise Cloud Strategy
© Novell, Inc. All rights reserved.9
Vision Statement
Deliver secured services integrating ACS private cloud and public cloud services to meet our clients’ needs. This ACS Trusted Environment will incorporate a flexible, global approach to provide clients their own enterprise cloud.
© Novell, Inc. All rights reserved.10
• Simplify client access to ACS services– Self-service provisioning of VMs, storage and application components
• Deliver lower-cost service options– Service components aligned with application lifecycle, e.g. SandBox, Dev/Test,
Production– Integrated performance options, e.g. regular versus high-performance storage I/O
• Reduce process cycle times– End-to-end process analysis and refinement– Workflow enabled system and people task automation
• Enhance cloud security– Deeper security for multi-tenant environments– Security visibility / SIEM / Privileged User Management
• Unify management of private and public cloud services– Role-based portal for service and process status– User provisioning / de-provisioning management– Billing aggregation and cost control
Cloud IaaS Design Objectives
© Novell, Inc. All rights reserved.11
• AMP 1.0 / Compass Integration
• Self service portal for VMs and base app. components
• Provisioning approval workflows
• Role Based Access Control , Integrated SIEM, Privileged User Mgmt.
• Basic service status views
Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
• Advanced self service provisioning by service classification and config. options
• Larger selection of OS and application stack service templates
• Additional hypervisors, e.g. Oracle Xen
• Rules based application workload management
• Ability to provision services to multiple resource pools simultaneously
• Complex n-tier application service provisioning
• Drag and drop workflow integrations / task palette
• Enhanced policy based automation
• Migrate VMs between clouds
• Incremental improvements in previously noted areas
• Amazon EC2 support including health status
• Streamlined application workload on-boarding
• Deeper service status views
• Customer specific application templates
• Federated workflow available for advanced process automation
Enterprise Cloud – Base Functionality
© Novell, Inc. All rights reserved.12
GoogleDocs & Wave
MicrosoftOnline & Azure
InovisB2B Connectivity / SFT
IBMLotusLive
ACS - XeroxCollaboration
Amazon EC2 & S3
Salesforce.comSFA & Force.com
Your “Enterprise Cloud” DeliveredAdopt a Strategy That Best Fits Customer Requirements
Client A
Client B
Client C
Client D
Service
Application
ApplicationPlatform
DataPlatform
PhysicalInfrastructure
Web 2.0Services
Software-as-a-Service
(SaaS)
Application Components-as-a-Service (CaaS)
Software Platform-as-a-Service (PaaS)
Virtual Infrastructure-as-a-Service (VaaS)
Physical Infrastructure-as-a-Service (IaaS)
Service
Application
ApplicationPlatform
Virtual Infrastructure-as-a-Service (VaaS)
Physical Infrastructure-as-a-Service (IaaS)
Services Framework
ACS AMP
© Novell, Inc. All rights reserved.13
Service Level Management• Service Availability• Application Availability• Custom SLAs
Network Path Monitoring• Availability
• Performance Trending
• Configuration Validation
Subscriber Management• Utilization Reporting• Billing Aggregation• Business Unit Chargeback
Unified Provisioning• Private and Public Cloud• Role Based Access Control• Approval Workflows
Service and App Monitoring• Availability• End User Experience Mgmt.• Performance Trending
Workload Security• SIEM and SOC Monitoring• Vulnerability Scanning• Privileged User Mgmt.
Identity Management• Directory Federation• Single Sign On• User Deprovisioning
Workload Management• Provisioning Templates• P-to-V and V-to-P Migration• Data Migration
ACS Cloud Management ServicesNew and Modified Services to Support Cloud Deployments
© Novell, Inc. All rights reserved.14
Application WorkloadConsolidation
• Application rationalization and Cloud planning
• Increase percent of server virtualization
• Business Case
Virtual Resource Pools
• Dedicated vs. ACS Community shared resource use
• Application centric workload management
• Application team self service
ServiceManagement
• Business Service Management
• Simplify HA and DR
• Enhanced dashboards
• Best use of ACS and public resource pools
• Business aligned consumption options
• Elastic scaling
EnterpriseCloud
A Path to Enterprise Cloud
© Novell, Inc. All rights reserved.15
• Current state virtualization and objectives / business planning
• Application catalog and classification
• Security – network, data and systems admin.
• Data segregation, regulatory requirements, PI
• Storage tiering / application I/O
• Network / firewalls
• Active Directory, DNS, DHCP
• Database location
• WAN acceleration• Web and application load
balancing• Recovery objectives• Self service provisioning /
business rules• App. provisioning templates• Operational entitlements• Monitoring and performance
management• Existing workload migration• Service Level Management
Cloud Planning and Design
© Novell, Inc. All rights reserved.16
Breakthrough research
§ 55,000 global patents § A top 25 US innovator:
2 patents/day
5,000 world-class scientists and engineers
Fuji-Xerox partnership$1.4B R&D/year
Seventy year heritage of innovation continues
IEEE Corporate Innovation Award
US National Medal of Technology
Xerox Innovation Heritage
ACS AMP 2.0 Delivery Review
© Novell, Inc. All rights reserved.18
Meters workload usage, and reports on billable events based on user roles and customized business policies.
Cloud Life Cycle Overview
Delivery Manager contracts and registers new admin/user
Identity Vault
Novell Identity Manager
Provisions access and associates roles
Authenticates user and authorizes access based on role
Business Service Management
Single pane Helpdesk view to manage environment and provide SLA views
Workload Management Dynamically assembles and starts client virtual machine based on role, policy, and contracted Service offering from Base Templates
PlateSpin Orchestrate
Xen/ESX/Hyper-VHosts the user virtual workload, manages HA, DRS
Novell ZENworksDynamically manages workload and application- Configuration Management- Patch Management- h/w and s/w discovery
Terminates user session
PlateSpin Orchestrate
Admin/User logs into secure URL
Novell Access Manager
Novell Access Manager
Manages/ Recycles Resources
Novell User Application
REST Endpoint interface for self service provisioning, federated workflow, approval, and automation (Start,Stop)
Novell SentinelAudit, Logging of all events (Security, Billing, Operations)
PlateSpinRecon
- software compliance- Application Bundles- Endpoint Security
© Novell, Inc. All rights reserved.19
Novell® Identity Manager
Novell® Access Manager™
Novell® Roles Based Provisioning Module
Novell® Access Governance Suite
Novell® Privileged User Manager
Novell® SecureLogin®
Novell® Cloud Security Service
How Novell® Delivers Intelligent Workload Management
Build Secure Manage MeasureSUSE® Linux Enterprise Server
SUSE® Studio
SUSE® Linux Enterprise JeOS
Novell® ZENworks® Configuration Management
SUSE® Appliance Toolkit
Novell® Workshop
Novell® Business Service Manager
Novell® Business Service Level Manager™
Novell® Business Experience Manager™
Novell® myCMDB™
Novell® Sentinel™
Novell® Sentinel™ Log Manager
Novell® Compliance Automation Solution
* Available by end of 2010
PlateSpin® Migrate
PlateSpin® Orchestrate
Novell® ZENworks® Configuration Management
PlateSpin® Recon
PlateSpin® Protect
PlateSpin® “Atlantic”
PlateSpin® “BlueStar”
Novell® “Workbench”
© Novell, Inc. All rights reserved.20
SUSE® Linux Enterprise Server as a host
PlateSpin® Migrate to move workloads into the cloud
Novell® Identity Manager and Access Manager™ for Employee/ Customer provisioning, authentication, and access
For Directory Synchronization
For Identity Integration with Service Management (Remedy), Monitoring (Netcool)
Novell® Business Service Manager for Internal Dashboards
For correlation of Service Management (Remedy), Monitoring (Netcool) and other CMDB (Atrium) data
For Root Cause Analysis and Impact Analysis
Novell® Sentinel™ for Security Monitoring and Identity Integration
Novell® ZENworks Configuration Management and ZENworks® Linux Management for software packaging, patching of workloads, and for software deployment on base workloads
PlateSpin® Orchestrate for Workload Management
PlateSpin® Recon for metering of VM's for billing
Interim Solution (“Atlantic” coming in 2010) for Self-service provisioning of Cloud services
Build Secure Manage Measure
ACS Milestone 0 Functionality
© Novell, Inc. All rights reserved.21
Build
vPOD
ACS Management Platform (AMP 2.0) CORE(Linux)
vPOD
* Done ahead of time in order to build capacity or move workloads into the cloud
“Day in the Life” of AMP 2.0
SUSE® Linux Enterprise Server as a host
PlateSpin® Migrate to move workloads into the cloud
ACS Enterprise Cloud (AEC)(Vmware, Hyper-V, SLES)
© Novell, Inc. All rights reserved.22
Secure
ACS EmployeeIDV
AMP 2.0 CustomerIDV
ACCESS MANAGEMENT
Identity Integration with other tools (eg. AMP 1.0)
AIM
USERAPP
*Standard implementation of our Identity technology to manage provisioning, authentication and access
Novell® Identity Manager and Access Manager™ for Employee/ Customer provisioning, authentication, and access
For Directory Synchronization
For Identity Integration with Service Management (Remedy), Monitoring (Netcool)
“Day in the Life” of AMP 2.0
© Novell, Inc. All rights reserved.23
Manage
*Request a Cloud service and it gets deployed
Novell® ZENworks Configuration Management and ZENworks® Linux Management for software packaging, patching of workloads, and for software deployment on base workloads
PlateSpin® Orchestrate for Workload Management
PlateSpin® Recon for metering of VM's for billing
Interim Solution (“Atlantic” coming in 2010) for Self-service provisioning of Cloud services
“Day in the Life” of AMP 2.0
© Novell, Inc. All rights reserved.24
Measure
*Know what‘s happening with the cloud service
Novell® Business Service Manager for Internal Dashboards
For correlation of Service Management (Remedy), Monitoring (Netcool) and other CMDB (Atrium) data
For Root Cause Analysis and Impact Analysis
Novell® Sentinel™ for Security Monitoring and Identity Integration
“Day in the Life” of AMP 2.0
AMP 2.0 Architecture Review
© Novell, Inc. All rights reserved.26
AEC1/AMP2.0 Logical Architecture
© Novell, Inc. All rights reserved.27
•Integration Architecture
© Novell, Inc. All rights reserved.28
PS-Orchestrate Logical Architecture
ESX Hosts
ESX-1
ESX-2
ESX-3
Xen Hosts
XEN-1
XEN-2
XEN-3
Hyper-V Hosts
HYPERV-1
HYPERV-2
HYPERV-3
vCenter
SystemCenter VMM
Orchestrate Client PlateSpin Orchestrate
Template Repository
Xen Templates Hyper-V TemplatesVMware Templates
© Novell, Inc. All rights reserved.29
AEC1 Physical Architecture
© Novell, Inc. All rights reserved.30
AEC1 Physical Architecture
© Novell, Inc. All rights reserved.31
AMP 2.0 Object Model
Live Demonstration
© Novell, Inc. All rights reserved.33
The AMP user with the proper AEC1 role selects a service offering to be provisioned. They will only be able to select a service offering if the role is assigned and the Customer has been configured in AEC1.
The details for this workflow are defined in the Contracted Services object. This includes the AEC1 approval process information. There are two distinct types of approvals, first the AEC1 Roles based approval process that will be handled by User Application in AEC1. Second, whatever approvals are required as part of the ACS operational processes, these will be handled by Remedy.
If this offering requires customer approval before provisioning, it is accomplished at this time. The process checks for the “customer provisioning manager” user role for this customer. This can be a user or group of users that can approve this request. If no information is provided, this process is skipped.Does this offering require the SDM to approve before provisioning starts. The process checks the “SDM” roles that are related to this customer. Again, groups of users can be used but must have been assigned the proper role and customer relationship. The “Close Workflow” is a process that will be defined in a later functional flow.The condition had been defined that the target hypervisor may be owned by a customer and managed by AMP2.0. In this condition, does the provisioning of this hypervisor require additional approval by the “owner” of the hypervisor. This is where that approval will be gained or denied.
The desire is that a single workflow will be able to handle most all conditions required to deploy a workload into AEC1. However, specific Service Offerings may require additional approvals or process. This is a fork in the process to configure the additional workflow if required.
This is a pre-defined process that follows the object relationships between all the definitions in the IDV to make a “best guess” at the end result state of the provisioned workload. It includes customer networking configuration, the target hypervisor and all the requirements to complete the request.
Provision a Workload Functional Flow (AEC1 Approval Process)
Functional Approval
© Novell, Inc. All rights reserved.34
AMP 2.0 Integration
In the Contracted Services object, we have attribute that defines what Remedy Change Order to call and whether to wait for the process to complete before continuing. If no attribute exists, skip this process.
If we are required to wait until the Change Order is complete, we will keep checking on a schedule until complete. If the return status is complete, we continue. If the return status is “closed” before completed, that means the change order terminated without being approved and we fail the request and run the defined close workflow process.
In the Contracted Services object, we have an attribute that defines what Remedy Service Request to call and whether to wait for the process to complete before continuing. If no attribute exists, skip this process.
If we are required to wait until the Service Request is complete, we will keep checking on a schedule until complete. If the return status is complete, we continue. If the return status is “closed” before completed, that means the change order terminated without being approved and we fail the request and run the defined close workflow process.
There may be additional conditions and processes that must be met for this process to complete. If the Optional Workflow attribute exists, this extended workflow most complete before we continue this process.
Either Exit of continue if all conditions are completed successfully.
Provision a Workload Functional Flow (Remedy Integration)
© Novell, Inc. All rights reserved.35
Compass Link
© Novell, Inc. All rights reserved.36
Request Cloud Service Offering
© Novell, Inc. All rights reserved.37
Service Overview
© Novell, Inc. All rights reserved.38
Approver E-mail Notification
© Novell, Inc. All rights reserved.39
View Request
© Novell, Inc. All rights reserved.40
Request Status with Comments
© Novell, Inc. All rights reserved.41
Workload Owner E-mail Notification
© Novell, Inc. All rights reserved.42
My Workloads
© Novell, Inc. All rights reserved.43
Workloads Details
© Novell, Inc. All rights reserved.44
Event Logging
© Novell, Inc. All rights reserved.45
BSM – Admin View
Appendix
© Novell, Inc. All rights reserved.୪୭
Self Registration
PSO
myMO
Read Only File System
ID Provider
Access Manager
Jim
VMClient
PS Migrate
VMWareHyperV
Kelly
Metrics
Events
Helpdesk Martin
Dashboards
Sentinel Security
Larry
VM
Ware
Xen
HyperV
ApproverServiceDesk
ConfigurationBM Provision
Patch
PeopleSoft
Sentinel Connector
Log File
Adapter (MO)
idM Driver
Legend
Milestone 0: ArchitectureS
L
A
E
S
S
S
L
L
L
L
L
Manager
Model andCMDB
IDMFramework
AD
eDirectoryOtherDirectories
Directory Services
AAA
© Novell, Inc. All rights reserved.48
Service CatalogUI
Kelly
Dashboards
Larry
Dashboards
Milestone 1: Architecture
PSO
ConfigurationBM Provision
Patch
VM
Ware
Xen
HyperV
L
L
Read Only File System
Metrics
Events
Helpdesk
Sentinel
Model andCMDB
AAA
Service Catalog
Sentinel Connector
Log File
Adapter (MO)
idM Driver
Legend
S
L
A
E
Security
Martin
L
L
ID Provider
Access Manager
VMClient
PS Migrate
VMWareHyperV
ApproverServiceDesk
S
S
Manager
IDMFramework
AD
eDirectoryOtherDirectories
Directory Services
Jim
© Novell, Inc. All rights reserved.49
Enterprise Services Bus
Configuration BM Provision
Workflow
Patch Cost Billing Svc.NetworkStorage
CapacityMgmt
Milestone 2: Architecture (SDDC V1.0)
ID Provider
Access Manager
VMClient
PS Migrate
VMWareHyperV
ApproverServiceDesk
S
S
Manager
IDMFramework
AD
eDirectoryOtherDirectories
Directory Services
Jim
Sentinel Connector
Log File
Adapter (MO)
idM Driver
Legend
Cloud
VM
ware
Xen
HyperV
L
Atlantic1
Kelly
Dashboards
Larry
Metrics (PlateSpin Recon)
Events
Helpdesk
Model andCMDB
Service Catalog
DashboardsMartin
S
L
A
EA
L
Glassfish
L
L
L
L L
Sentinel Security
L
© Novell, Inc. All rights reserved.50
Milestone 3: Architecture (SDDC v1.5)
Enterprise Services Bus
Configuration BM Provision
Workflow
Patch Cost Billing Svc.NetworkStorage
CapacityMgmt
ID Provider
Access Manager
VMClient
PS Migrate
VMWareHyperV
ApproverServiceDesk
S
S
Manager
IDMFramework
AD
eDirectoryOtherDirectories
Directory Services
Sentinel Connector
Log File
Adapter (MO)
idM Driver
Legend
Cloud
VM
ware
Xen
HyperV
L
Atlantic.2
Kelly
Dashboards
Larry
Metrics (PlateSpin Recon)
Events
Helpdesk
Model andCMDB
ServiceCatalog (MO)
Dashboards
S
L
A
EA
L
Glassfish
L
L
L
L L
Sentinel
L
Martin
Security
Jim
S
Novell Secure Login
ComplianceReport
L
ComplianceReport Eng
ACM RuleEngine
Sourcefire
DSL
L
License
LVDI
L
PSO
© Novell, Inc. All rights reserved.51
Questions and Answers
Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.