a practical approach to delivering cloud platforms using novell solutions: how service provider acs...

A Practical Approach to Delivering Cloud Platforms Using Novell® Solutions: How Service Provider ACS Delivers Value Creation for Its Customers with Cloud Computing Services

Charles A Radi, Sr.Principal Architect – Novell Services ([email protected])

Steve HansenPrincipal Architect – Novell Services ([email protected])

Steve HouserVP and CTO – ACS, ITO Global Strategy and Service Management ([email protected])

© Novell, Inc. All rights reserved.2

Agenda

Cloud Computing Background

ACS Enterprise Cloud Business Overview

ACS AMP 2.0 Delivery Review

ACS AMP 2.0 Architecture Review

Live Demo

Questions and Answers

Cloud Computing Background


Definitions – Cloud Computing Market

SAAS

PAAS

IAAS INFRASTRUCTUREAmazon EC2, GoGrid, Rackspace, Slicehost

PLATFORMGoogle App Engine, Azure, Force.com

SOFTWARESalesforce.com

Thoughts to ponder:

What are your requirements?

Where does your Enterprise cloud fit?


Extending the Enterprise to the Cloud

Software asa Service

Platform asa Service

Infrastructureas a Service

GOVERNANCE AND COMPLIANCE

BusinessServiceManagement

IT ServiceManagement

ExistingInternalCapacity



VirtualizedInternalCapacity



NewExternalCapacity

Firewall

External Cloud (Off-Site)Internal Cloud (On-Site)

Thoughts to ponder:What is your strategy? You may not call it a cloud


The Workload Lifecycle

BuildSecure

ManageMeasure

Intelligent

+ Management+ IdentityWorkload

+ Customized OS

Both Intelligent and Standard Workloads Across Physical, Virtual, and Cloud Environments

Thoughts to ponder:What is your current life cycle? Who owns each stage?


ResourceManagement

General PurposeOperating System

ServiceManagement

Security andComplianceManagement

Isolated Identity Awareness

ResourceManagement

CustomizedOperating

System

ServiceManagement

Security andComplianceManagement

Identity-Managed

Integrating Identity into Management(aka I've already heard too much about the cloud ... what's different?)

1. The workload is intelligent

2. The intelligent workload is managed intelligently

ACS Enterprise Cloud Strategy


Vision Statement

Deliver secured services integrating ACS private cloud and public cloud services to meet our clients’ needs. This ACS Trusted Environment will incorporate a flexible, global approach to provide clients their own enterprise cloud.


• Simplify client access to ACS services– Self-service provisioning of VMs, storage and application components

• Deliver lower-cost service options– Service components aligned with application lifecycle, e.g. SandBox, Dev/Test,

Production– Integrated performance options, e.g. regular versus high-performance storage I/O

• Reduce process cycle times– End-to-end process analysis and refinement– Workflow enabled system and people task automation

• Enhance cloud security– Deeper security for multi-tenant environments– Security visibility / SIEM / Privileged User Management

• Unify management of private and public cloud services– Role-based portal for service and process status– User provisioning / de-provisioning management– Billing aggregation and cost control

Cloud IaaS Design Objectives


• AMP 1.0 / Compass Integration

• Self service portal for VMs and base app. components

• Provisioning approval workflows

• Role Based Access Control , Integrated SIEM, Privileged User Mgmt.

• Basic service status views

Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

• Advanced self service provisioning by service classification and config. options

• Larger selection of OS and application stack service templates

• Additional hypervisors, e.g. Oracle Xen

• Rules based application workload management

• Ability to provision services to multiple resource pools simultaneously

• Complex n-tier application service provisioning

• Drag and drop workflow integrations / task palette

• Enhanced policy based automation

• Migrate VMs between clouds

• Incremental improvements in previously noted areas

• Amazon EC2 support including health status

• Streamlined application workload on-boarding

• Deeper service status views

• Customer specific application templates

• Federated workflow available for advanced process automation

Enterprise Cloud – Base Functionality


GoogleDocs & Wave

MicrosoftOnline & Azure

InovisB2B Connectivity / SFT

IBMLotusLive

ACS - XeroxCollaboration

Amazon EC2 & S3

Salesforce.comSFA & Force.com

Your “Enterprise Cloud” DeliveredAdopt a Strategy That Best Fits Customer Requirements

Client A

Client B

Client C

Client D

Service

Application

ApplicationPlatform

DataPlatform

PhysicalInfrastructure

Web 2.0Services

Software-as-a-Service

(SaaS)

Application Components-as-a-Service (CaaS)

Software Platform-as-a-Service (PaaS)

Virtual Infrastructure-as-a-Service (VaaS)

Physical Infrastructure-as-a-Service (IaaS)

Service

Application

ApplicationPlatform

Virtual Infrastructure-as-a-Service (VaaS)

Physical Infrastructure-as-a-Service (IaaS)

Services Framework

ACS AMP


Service Level Management• Service Availability• Application Availability• Custom SLAs

Network Path Monitoring• Availability

• Performance Trending

• Configuration Validation

Subscriber Management• Utilization Reporting• Billing Aggregation• Business Unit Chargeback

Unified Provisioning• Private and Public Cloud• Role Based Access Control• Approval Workflows

Service and App Monitoring• Availability• End User Experience Mgmt.• Performance Trending

Workload Security• SIEM and SOC Monitoring• Vulnerability Scanning• Privileged User Mgmt.

Identity Management• Directory Federation• Single Sign On• User Deprovisioning

Workload Management• Provisioning Templates• P-to-V and V-to-P Migration• Data Migration

ACS Cloud Management ServicesNew and Modified Services to Support Cloud Deployments


Application WorkloadConsolidation

• Application rationalization and Cloud planning

• Increase percent of server virtualization

• Business Case

Virtual Resource Pools

• Dedicated vs. ACS Community shared resource use

• Application centric workload management

• Application team self service

ServiceManagement

• Business Service Management

• Simplify HA and DR

• Enhanced dashboards

• Best use of ACS and public resource pools

• Business aligned consumption options

• Elastic scaling

EnterpriseCloud

A Path to Enterprise Cloud


• Current state virtualization and objectives / business planning

• Application catalog and classification

• Security – network, data and systems admin.

• Data segregation, regulatory requirements, PI

• Storage tiering / application I/O

• Network / firewalls

• Active Directory, DNS, DHCP

• Database location

• WAN acceleration• Web and application load

balancing• Recovery objectives• Self service provisioning /

business rules• App. provisioning templates• Operational entitlements• Monitoring and performance

management• Existing workload migration• Service Level Management

Cloud Planning and Design


Breakthrough research

§ 55,000 global patents § A top 25 US innovator:

2 patents/day

5,000 world-class scientists and engineers

Fuji-Xerox partnership$1.4B R&D/year

Seventy year heritage of innovation continues

IEEE Corporate Innovation Award

US National Medal of Technology

Xerox Innovation Heritage

ACS AMP 2.0 Delivery Review


Meters workload usage, and reports on billable events based on user roles and customized business policies.

Cloud Life Cycle Overview

Delivery Manager contracts and registers new admin/user

Identity Vault

Novell Identity Manager

Provisions access and associates roles

Authenticates user and authorizes access based on role

Business Service Management

Single pane Helpdesk view to manage environment and provide SLA views

Workload Management Dynamically assembles and starts client virtual machine based on role, policy, and contracted Service offering from Base Templates

PlateSpin Orchestrate

Xen/ESX/Hyper-VHosts the user virtual workload, manages HA, DRS

Novell ZENworksDynamically manages workload and application- Configuration Management- Patch Management- h/w and s/w discovery

Terminates user session

PlateSpin Orchestrate

Admin/User logs into secure URL

Novell Access Manager

Novell Access Manager

Manages/ Recycles Resources

Novell User Application

REST Endpoint interface for self service provisioning, federated workflow, approval, and automation (Start,Stop)

Novell SentinelAudit, Logging of all events (Security, Billing, Operations)

PlateSpinRecon

- software compliance- Application Bundles- Endpoint Security


Novell® Identity Manager

Novell® Access Manager™

Novell® Roles Based Provisioning Module

Novell® Access Governance Suite

Novell® Privileged User Manager

Novell® SecureLogin®

Novell® Cloud Security Service

How Novell® Delivers Intelligent Workload Management

Build Secure Manage MeasureSUSE® Linux Enterprise Server

SUSE® Studio

SUSE® Linux Enterprise JeOS

Novell® ZENworks® Configuration Management

SUSE® Appliance Toolkit

Novell® Workshop

Novell® Business Service Manager

Novell® Business Service Level Manager™

Novell® Business Experience Manager™

Novell® myCMDB™

Novell® Sentinel™

Novell® Sentinel™ Log Manager

Novell® Compliance Automation Solution

* Available by end of 2010

PlateSpin® Migrate

PlateSpin® Orchestrate

Novell® ZENworks® Configuration Management

PlateSpin® Recon

PlateSpin® Protect

PlateSpin® “Atlantic”

PlateSpin® “BlueStar”

Novell® “Workbench”


SUSE® Linux Enterprise Server as a host

PlateSpin® Migrate to move workloads into the cloud

Novell® Identity Manager and Access Manager™ for Employee/ Customer provisioning, authentication, and access

For Directory Synchronization

For Identity Integration with Service Management (Remedy), Monitoring (Netcool)

Novell® Business Service Manager for Internal Dashboards

For correlation of Service Management (Remedy), Monitoring (Netcool) and other CMDB (Atrium) data

For Root Cause Analysis and Impact Analysis

Novell® Sentinel™ for Security Monitoring and Identity Integration

Novell® ZENworks Configuration Management and ZENworks® Linux Management for software packaging, patching of workloads, and for software deployment on base workloads

PlateSpin® Orchestrate for Workload Management

PlateSpin® Recon for metering of VM's for billing

Interim Solution (“Atlantic” coming in 2010) for Self-service provisioning of Cloud services

Build Secure Manage Measure

ACS Milestone 0 Functionality


Build

vPOD

ACS Management Platform (AMP 2.0) CORE(Linux)

vPOD

* Done ahead of time in order to build capacity or move workloads into the cloud

“Day in the Life” of AMP 2.0

SUSE® Linux Enterprise Server as a host

PlateSpin® Migrate to move workloads into the cloud

ACS Enterprise Cloud (AEC)(Vmware, Hyper-V, SLES)


Secure

ACS EmployeeIDV

AMP 2.0 CustomerIDV

ACCESS MANAGEMENT

Identity Integration with other tools (eg. AMP 1.0)

AIM

USERAPP

*Standard implementation of our Identity technology to manage provisioning, authentication and access

Novell® Identity Manager and Access Manager™ for Employee/ Customer provisioning, authentication, and access

For Directory Synchronization

For Identity Integration with Service Management (Remedy), Monitoring (Netcool)



Manage

*Request a Cloud service and it gets deployed

Novell® ZENworks Configuration Management and ZENworks® Linux Management for software packaging, patching of workloads, and for software deployment on base workloads

PlateSpin® Orchestrate for Workload Management

PlateSpin® Recon for metering of VM's for billing

Interim Solution (“Atlantic” coming in 2010) for Self-service provisioning of Cloud services



Measure

*Know what‘s happening with the cloud service

Novell® Business Service Manager for Internal Dashboards

For correlation of Service Management (Remedy), Monitoring (Netcool) and other CMDB (Atrium) data

For Root Cause Analysis and Impact Analysis

Novell® Sentinel™ for Security Monitoring and Identity Integration


AMP 2.0 Architecture Review


AEC1/AMP2.0 Logical Architecture


•Integration Architecture


PS-Orchestrate Logical Architecture

ESX Hosts

ESX-1

ESX-2

ESX-3

Xen Hosts

XEN-1

XEN-2

XEN-3

Hyper-V Hosts

HYPERV-1

HYPERV-2

HYPERV-3

vCenter

SystemCenter VMM

Orchestrate Client PlateSpin Orchestrate

Template Repository

Xen Templates Hyper-V TemplatesVMware Templates


AEC1 Physical Architecture


AMP 2.0 Object Model

Live Demonstration


The AMP user with the proper AEC1 role selects a service offering to be provisioned. They will only be able to select a service offering if the role is assigned and the Customer has been configured in AEC1.

The details for this workflow are defined in the Contracted Services object. This includes the AEC1 approval process information. There are two distinct types of approvals, first the AEC1 Roles based approval process that will be handled by User Application in AEC1. Second, whatever approvals are required as part of the ACS operational processes, these will be handled by Remedy.

If this offering requires customer approval before provisioning, it is accomplished at this time. The process checks for the “customer provisioning manager” user role for this customer. This can be a user or group of users that can approve this request. If no information is provided, this process is skipped.Does this offering require the SDM to approve before provisioning starts. The process checks the “SDM” roles that are related to this customer. Again, groups of users can be used but must have been assigned the proper role and customer relationship. The “Close Workflow” is a process that will be defined in a later functional flow.The condition had been defined that the target hypervisor may be owned by a customer and managed by AMP2.0. In this condition, does the provisioning of this hypervisor require additional approval by the “owner” of the hypervisor. This is where that approval will be gained or denied.

The desire is that a single workflow will be able to handle most all conditions required to deploy a workload into AEC1. However, specific Service Offerings may require additional approvals or process. This is a fork in the process to configure the additional workflow if required.

This is a pre-defined process that follows the object relationships between all the definitions in the IDV to make a “best guess” at the end result state of the provisioned workload. It includes customer networking configuration, the target hypervisor and all the requirements to complete the request.

Provision a Workload Functional Flow (AEC1 Approval Process)

Functional Approval


AMP 2.0 Integration

In the Contracted Services object, we have attribute that defines what Remedy Change Order to call and whether to wait for the process to complete before continuing. If no attribute exists, skip this process.

If we are required to wait until the Change Order is complete, we will keep checking on a schedule until complete. If the return status is complete, we continue. If the return status is “closed” before completed, that means the change order terminated without being approved and we fail the request and run the defined close workflow process.

In the Contracted Services object, we have an attribute that defines what Remedy Service Request to call and whether to wait for the process to complete before continuing. If no attribute exists, skip this process.

If we are required to wait until the Service Request is complete, we will keep checking on a schedule until complete. If the return status is complete, we continue. If the return status is “closed” before completed, that means the change order terminated without being approved and we fail the request and run the defined close workflow process.

There may be additional conditions and processes that must be met for this process to complete. If the Optional Workflow attribute exists, this extended workflow most complete before we continue this process.

Either Exit of continue if all conditions are completed successfully.

Provision a Workload Functional Flow (Remedy Integration)


Compass Link


Request Cloud Service Offering


Service Overview


Approver E-mail Notification


View Request


Request Status with Comments


Workload Owner E-mail Notification


My Workloads


Workloads Details


Event Logging


BSM – Admin View

Appendix

© Novell, Inc. All rights reserved.୪୭

Self Registration

PSO

myMO

Read Only File System

ID Provider

Access Manager

Jim

VMClient

PS Migrate

VMWareHyperV

Kelly

Metrics

Events

Helpdesk Martin

Dashboards

Sentinel Security

Larry

VM

Ware

Xen

HyperV

ApproverServiceDesk

ConfigurationBM Provision

Patch

PeopleSoft

Sentinel Connector

Log File

Adapter (MO)

idM Driver

Legend

Milestone 0: ArchitectureS

L

A

E

S

S

S

L

L

L

L

L

Manager

Model andCMDB

IDMFramework

AD

eDirectoryOtherDirectories

Directory Services

AAA


Service CatalogUI

Kelly

Dashboards

Larry

Dashboards

Milestone 1: Architecture

PSO

ConfigurationBM Provision

Patch

VM

Ware

Xen

HyperV

L

L

Read Only File System

Metrics

Events

Helpdesk

Sentinel

Model andCMDB

AAA

Service Catalog

Sentinel Connector

Log File

Adapter (MO)

idM Driver

Legend

S

L

A

E

Security

Martin

L

L

ID Provider

Access Manager

VMClient

PS Migrate

VMWareHyperV

ApproverServiceDesk

S

S

Manager

IDMFramework

AD


Directory Services

Jim


Enterprise Services Bus

Configuration BM Provision

Workflow

Patch Cost Billing Svc.NetworkStorage

CapacityMgmt

Milestone 2: Architecture (SDDC V1.0)

ID Provider

Access Manager

VMClient

PS Migrate

VMWareHyperV

ApproverServiceDesk

S

S

Manager

IDMFramework

AD


Directory Services

Jim

Sentinel Connector

Log File

Adapter (MO)

idM Driver

Legend

Cloud

VM

ware

Xen

HyperV

L

Atlantic1

Kelly

Dashboards

Larry

Metrics (PlateSpin Recon)

Events

Helpdesk

Model andCMDB

Service Catalog

DashboardsMartin

S

L

A

EA

L

Glassfish

L

L

L

L L

Sentinel Security

L


Milestone 3: Architecture (SDDC v1.5)

Enterprise Services Bus

Configuration BM Provision

Workflow

Patch Cost Billing Svc.NetworkStorage

CapacityMgmt

ID Provider

Access Manager

VMClient

PS Migrate

VMWareHyperV

ApproverServiceDesk

S

S

Manager

IDMFramework

AD


Directory Services

Sentinel Connector

Log File

Adapter (MO)

idM Driver

Legend

Cloud

VM

ware

Xen

HyperV

L

Atlantic.2

Kelly

Dashboards

Larry

Metrics (PlateSpin Recon)

Events

Helpdesk

Model andCMDB

ServiceCatalog (MO)

Dashboards

S

L

A

EA

L

Glassfish

L

L

L

L L

Sentinel

L

Martin

Security

Jim

S

Novell Secure Login

ComplianceReport

L

ComplianceReport Eng

ACM RuleEngine

Sourcefire

DSL

L

License

LVDI

L

PSO


Questions and Answers

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

a practical approach to delivering cloud platforms using novell solutions: how service provider acs...

Technology

cloud internal cloud

external cloud

acs cloud management

acsprivate cloud

cloud platforms

service platform

acs enterprise cloud

service iaasas