enterprise cloud architecture best practices
TRANSCRIPT
Cloud Service Best Practice Recommendations2015-10-09
Table of Contents•Cloud computing service models: IaaS, SaaS, PaaS•Cloud Service Providers Overview•Cloud Service Price Comparison•Running and Scaling Software in the Cloud•China Firewall Considerations•Cloud Migration Recommendations
Cloud computing service models: IaaS, SaaS, PaaS
Traditional IT Infrastructure Model
The traditional model of providing service to the business: purchase hardware and license or build software to provide services to support business operations.
Problems:◦ Low asset utilization◦ Fragmented demand for resources◦ Duplicative systems◦ Long procurement lead times
SAAS: Software as a Service A cloud application service provider manages an application which provides services to the business. Application typically accessed using a website only.
SaaS Examples: Google Apps, Salesforce, Workday, Concur, Citrix GoToMeeting, Cisco WebEx
Common SaaS Use-Case: Replaces traditional on-device software (email client)
PAAS: Platform as a Service A platform which can be used by other applications. Used as a framework to develop or customized applications. The provider manages OSes, server, storage, networking, and the PaaS platforms. The developers are only responsible for their own applicatyions.
PaaS Examples: Amazon Web Services: AWS Elastic Beanstalk, AWS S3, AWS RDS, Google App Engine, Apache Stratos, Amazon AMIs (pre-packages VMs)
IaaS: Infrastructure as a Service
A self-service platform for accessing, monitoring and managing remote datacenter infrastructures. Instead of having to purchase hardware outright, users can purchase IaaS based on consumption, similar to electricity or other utility billing. Compared to SaaS and PaaS, IaaS users are responsible for managing applications, data, runtime, middleware, and OSes. Providers still manage virtualization, servers, hard drives, storage, and networking.
IAAs Examples: Amazon EC2, Microsoft Azure, Google Compute Engine
Comparison of IAAS, PAAS, SAAS, with Google as example
IAAS : Google Compute Engine (One can develop programs to be run on high performing google's computing infrastructure)
PAAS : Google App Engine (One can develop applications and let them execute on top of Google app engine which take care of the execution)
SAAS : Google Search, Gmail, Google+ etc
Recommendation #1: selecting a cloud service model for new projects
1. Try to find a SAAS service that provides all needed features and avoid any custom development work.
2. If custom development is required, use PAAS infrastructure and allow developers to focus on business logic instead of building architecture.
3. If the project requires hosting applications in a dedicated virtual machine, use IAAS
4. Prefer to use services offered by cloud service providers instead of hosting the same service ourselves.
Cloud Service Provider Overview• AMAZON WEB SERVICES• AMAZON WEB SERVICES CHINA• MICROSOFT AZURE• MICROSOFT AZURE CHINA• ALIYUN
Amazon Web Services: •World’s largest Iaas and Paas provider, by far
•Building block for many SaaS platforms
•Offers “Broad & Deep Core Cloud Infrastructure Services”
•Strong support from SDKs and third party services
Sample media hosting application in AWSAWS Services:• EC2 for Web Website• RDS for SQL Server DB• S3 for Media Storage• CloudFront for CDN• SES for Email Notifications• Route 53 for DNS• Elastic Beanstalk for configuration
management
Could also use:• Elastic Transcoder for media encoding• Lambda for web services• SQS for media processing pipeline• S3 for website
Amazon Web Services - China
Operated by China Net Center
Subset of services provided
by Amazon global.
www.amazonaws.cn
Microsoft Azure - Global•Cloud services from Microsoft.
•Deep integration with Microsoft products
Typical services:
•Web/Mobile Apps(HA & Scalable & Schedulable, .NET + PHP + Node.JS)
•Virtual Machines (Windows/Linux)
•Microsoft SQL Server (2014 and 2016)
•Storage (Blob, Hash Table, Queue)
•HDInsight (HADOOP, HBASE, STORM)
•Network (VPN)
•Active Directory Integration
•Media Services
•CDN
•Scheduler (Scheduled Tasks, supporting any script and exe)
Microsoft Azure China
Operated by 21vianetSubset of services provided by Azure global.
http://www.windowsazure.cn/
Aliyun (in Greater China)•Most popular Chinese provider
•Has a reputation for being unreliable (several outages in the last few years).
•Imitates Amazon Web Services
•Hosting only available in China/Hong Kong
Aliyun services - translated
SDK Overview from Amazon, Azure, Aliyn•Amazon .Net SDK:• Amazon has rich SDKs for all platforms, integration with Visual Studio.
•Azure SDK: • SDKs for all platforms and deep Visual Studio integration.
•Aliyun .Net SDK: • Support seems minimal. The .Net SDK is a 404, and other PHP/python languages have basic SDKs.
•Azure/AWS China support:• Azure CN does not have support for the China region, although some or most of the SDK can be used by
overriding the SDK class.• Amazon CN has (as of 2015) full support for the China region.
Cloud Service Price Comparison
Three products are compared: 1 Compute Unit (1 core, 2gb memory)
1 GB storage per month
1 GB data transfer
Prices for sample cloud services
https://azure.microsoft.com/en-us/pricing/
Third Party Comparisons
Pricing of a sample application in Amazon Global•Windows t2.medium VM
•1 TB S3 Data Storage
•250GB external data transfer
•1 SQL Server RDS DB with 250GB
•Basic Support Plan (Free)
Pricing of a sample application in Azure GlobalService Type Amount Price(USD) Description
Windows VM Basic M 1 133.922 x 1.6GHz
CPU、 3.5GB RAM
Storage Block blob 1 24.58 1024GBSQL Server Standard S0 1 15.03 Size: 250GBData Traffic 0 5TB FREETotal 173.52
NOTE: • CDN is not included.• Basic FREE support is included.
Pricing of a sample application in Azure ChinaService Type Amount Price(CNY) Description
Windows VM Basic M 1 818.42 x 1.6GHz
CPU、 3.5GB RAM
Storage Block blob 1 609.28 1536GBSQL Server Standard S0 1 130 Size: 250GB
Data Traffic 1 1801TB Free +
200GB in Charge
Total 1737.68
NOTE: • CDN is not included.• Basic FREE support is included.
Cloud Services Pricing Summary•Each cloud service provider has a unique bundle of services and pricing model. Different providers have unique price advantages for different products. Provider selection should be based on a typical application mix for our business.
•Azure may have a price advantage over Amazon when using cloud-optimized architecture based on Microsoft products
•Softlayer, Digital Ocean, and Google Compute all have better prices than bost for various scenarios, especially Windows VM, but offer fewer services.
•Chinese versions of Amazon and Azure are cheaper, but have a subset of core services.
•Aliyun has the best prices, but is not known for reliability and requires a China-specific technology stack.
•Cost is just one of many criteria for choosing a provider! No provider has a decisive advantage for all scenarios.
Recommendation #2: Pricing Recommendations
1. Use the pricing calculator offered by each provider to estimate total application cost for specific applications. Keep in mind cloud-optimized architectures may have a much lower cost. (For example, compute functions instantiated on-demand, auto-scaling, etc.)
2. Amazon and Azure have higher pricing than most other providers, but offer many more services, which can improve developer productivity and lower maintenance costs.
3. Do not make pricing the primary consideration in provider selection unless the cost difference is critical to businesses requirements. In general, major service and quality differences between providers are more important than pricing considerations.
4. Developing deep expertise and service integration with a cloud provider is usually more important than cost differences for individual projects.
Amazon Web Services vs Microsoft Azure
Recommendation #3: Provider Selection Criteria•Durability: guarantee against data loss: redundant storage and low-cost multi-availability zone (cross-datacenter) replication
•Availability: uptime guarantee and SLA terms
•Performance: up to date hardware and baseline network performance (SSD by default, latest Xeon CPU, gigabit LAN, etc)
•Capacity cost: cost per storage/computing unit
•Monitoring: pro-active, built-in, automatic long-term monitoring tools
•Life-cycle management: configuration/deployment automation
•Enterprise integration: Virtual Private Cloud support, Active Directory integration
•China compatibility: services should be available in China region (Gartner provides 205 individual criteria for Cloud IaaS selection)
Gartner Magic Quadrant
AWS vs Azure Service Comparison Summary•Amazon Web Service and Microsoft Azure are the only providers offering a broad and deep service stack.
•While they have a similar product line up, some patterns emerge:
•Amazon offers more services, more powerful features for scalability, security, and open-source products, better support from third party products and services
•Azure offers deep integration with Microsoft products, which provides some cost and productivity benefits for Microsoft-stack-based cloud-optimized SAAS applications*.
•So far, China Azure has been more proactive than Amazon in introducing features from Azure Global to China. However both platforms are new to China, so this may change.
•Independent reviews give an edge to Amazon in most or all categories.
Recommendation #4: Provider Recommendation
1. Although neither has the best prices, Amazon and Azure are the best options for :• Standardized and mature toolkit accessible to more developers• A large set of wide and deep services for any kind of projects• Presence in China via partners
2. Amazon is superior in the following areas:• Supporting more services, especially the AMI marketplace• Greater scalability and automation (ex: auto-scaling in Azure limited to pre-provisioned VM)• Local and global availability (regional datacenter and seamless multi-AZ integration)• Most robust feature set.• Security (firewalls & ACL, RBAC (compute/network), automated key rotation
3. Develop expertise in both platforms as cloud landscape can change rapidly, especially in China.
Running and Scaling Software in the CloudELASTIC BEANSTALK AND RELATED AUTO-SCALING FEATURES
Traditional Hardware Allocation Model•Collect requirements for peak usage during the next fiscal year•Acquire hardware that can handle predicted peak load•Add more hardware if performance is not acceptable•= Fixed monthly cost
Scaling in the Cloud•Collect a variety of metrics every few seconds•Dynamically allocate hardware to meet current usage levels•Pay only for the minutes or hours (depending on provider) that you use.•Monthly cost correlates to actually business activity
Recommendation #5 Build cloud systems that scale automatically to meet current demand.
Example: Netflix http://techblog.netflix.com/2012/01/auto-scaling-in-amazon-cloud.html
Red= # of serversGreen = CPU utilization
Netflix - Chaos Monkey Chaos Monkey is a set of services which simulates and detects a variety of problems on Netflix servers in their production. The Netflix auto-scaler detect these malfunctioning servers and destroys them, so that the auto-scaler will automatically replace them with healthy machines.
The simulation includes outages of an entire availability zone (data center) in their production environment. A properly configured Amazon cloud can handle these outages without any customer impact because 100% of the application is distributed and self-healing.
http://techblog.netflix.com/2011/07/netflix-simian-army.html
Cloud Auto-Scaling Models Vertical:
◦ Scale a single system by upgrading hardware configuration: typically requires a reboot to add cores, memory, disk, etc.
◦ Burstable instances: Compute nodes accrue “cpu credits” over a 24 hour period, which can be spent over several hours. Useful for applications with daily load cycles.
Horizontal:◦ Auto-scale with nodes (horizontal): Each compute node can be very small (1
core, .5GB ram, etc). More nodes are added to as load increases◦ Compute service: small cloud service scale automatically and invisibly. Pay
directly for compute time, in units of 100 milliseconds. Closest match of usage to cost. (Amazon Lambda)
Recommendation #6: Cloud Scaling•Don’t scale servers by reconfiguring hardware•Use burstable instances for applications with strong daily load cycles•Make individual nodes a small as practical to permit quick response times for individual request, then scale horizontally.•Automate software deployment and scaling - never deploy software to load-balanced servers by copy/paste.•Target 60% CPU utilization as the scaling threshold.1
•Scale up early (respond quickly – 5 minutes or less), scale down slowly (configure cool-down of 20 minutes)
Deployment In the CloudTraditional (or IaaS) Deployment Model•Allocate Physical/virtual hardware needs for application – servers, firewall, load balancer, etc
• Install all necessary services (load balancer, database, web server, email server, caching service, media encoder, etc)
•Configure IP addresses, host names & firewall rules, security roles to allow components to identity and authenticate to each other
Cloud (PaaS) Deployment Model
• Identify services which application will need.
•Create an Elastic Beanstalk or similar application configuration which specifies the which custom code will be deployed, what resources it requires, what address it will be deployed to, and what security roles each component requires.
•Create post-launch configuration scripts which allow nodes to auto-configure and allocate the resources they need.
•Launch environment via UI or command line.
Software Updates In the Cloud
Software Updates In the Cloud
Traditional Update Model
•Test software in the QA/Staging environment
•Deploy customer’s software to live server by copying application binaries.
•New versions of customer’s software are deployed by overwriting the previous binaries.
Cloud Update Model
•Execute Elastic Beanstalk configuration to deploy a new application version.
•The cloud service either creates a new environment from scratch or updates the existing one. When updating, git is used to only upload/deploy modified files.
•For cloud configuration changes, create and test a new environment. If test passes, switch to new load balancer and destroy the old version.
•https://aws.amazon.com/elasticbeanstalk/details/
Recommendation #7: Test in the cloud•Create test deployments on demand by launching the production configuration to a temporary environment.•Run realistic stress tests at low costs by simulating a complete production environment for a short time. Test environments should auto-scale the same as production.•Run all dev/test environments in the cloud. •For architectural changes, don’t update environments. Create and test a new environment, switch to it, then destroy the old one.
China Firewall ConsiderationsCHINA BASED PROVIDERS:•AMAZON WEB SERVICES CHINA•AZURE CHINA•ALIYUN, BAIDU CLOUD, ETC
Host in China cloud or not?Advantages:
•Best network performance inside China
•No risk of being blocked
•For Amazon and Azure, cost is lower in China
Disadvantages:
•For Chinese providers (Aliyun) reliability is lower
•Amazon and Azure China are run by local partners and provide a subset of services.
•Standard SDKs provided by Amazon and Azure don’t have 100% compatibility with China; SDK by Aliyun offers limited functionality.
• ICP license is required to operate in China
AWS Global vs AWS China
Azure Global vs Azure China
Recommendation #8: Cloud Hosting in China•Create dedicated China-based websites for China-based customers in China. This means deploying an application to both regions.•For applications with a global customer base, try to use the same cloud provider in order to share the technology stack.•Verify if the global application design depends on services which are not available in China.•Expect slow, but reliable access to China-hosted content from outside China
Cloud Migration Recommendations
Recommendation #9: Suggested criteria for cloud adoption or migration
The following criteria should be used when deciding which candidate systems should be hosted in the cloud: •System does not need high-bandwidth interconnectivity with systems hosted in other regions. For example, don't host a website in AWS which connects directly to a database in corporate datacenter.•System can be hosted in the same region (China, Asia, Europe) as the customers. •Secure SOA architecture can be ensured for all interconnectivity with other platforms. Production access to the cloud-hosted system should be over web and authenticated services.•Development team has experience with cloud hosting
Recommendation #10: Non-technical considerations for wider cloud adoption
The following factors should be considered before systems are deployed to the cloud:
•Are there any legal constraints in storing data in a specific cloud? (For example, storing Russian customer data outside of Russia.)
•What regulatory or contract issues must be resolved? For example, an ICP license for the domain is needed in China, and paying to Chinese companies may require a contract or business license documents.
•Evaluate the business risk associated with using services in beta (Amazon and Azure are new in China).
•Consider possible global expansion or need for China support. In other words, select providers which offer the equivalent service inside China for the specific aplication.
Recommendation #11: Technical prerequisites for wider cloud adoption
The following prerequisites may be required in a specific provider region before cloud applications can be deployed:•Configure federated domain authentication for cloud services•Configure VPN endpoint for AD network•Configure VPC (cloud-hosted LAN) to provide proper peer visibility and isolation isolation to cloud recourses•Build secure API for core business services (ODIN+ API)
Recommendation #12: AWS Instance type selection•Use the latest generation of instance types (x4/t2)•Use burstable instances for applications with high daily variability•Evaluate whether applications are CPU, memory, or IO intensive and select the appropriate type – scale up the particular bottleneck which is hit.•For applications with consistent and predicable load, prefer larger instances; for applications with unpredictable load, scale horizontally with more burstable instances.