iaas
TRANSCRIPT
IaaS Introduction
Dr. Kenny Huang
Chair, Mind Extension Inc. Executive Council, APNIC Board, TWNIC
IaaS
Agenda
• Introduction
• Virtualisation
• Delivery Model
• Deployment Model
• Business & Finance
• Research
• Policy
2
Driving Force
• IDC projection
– Annual growth rate 21.6%
– $11Billion 2009
– $30 Billion 2014
• Benefits
– Cut cost
– Share resources
• Technological evolution
3
4
5
6
Benefits Recap
• No upfront costs
• Market more quickly
• No servers to manage
• Automatic software updates
• Easily scalable
• Global growth and integration
• Enhance agility
7
Virtualisation
IaaS
From Virtualisation to Cloud
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Delivery Model
IaaS
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
IaaS Deployment Model
IaaS
• Self service model – “immediate” satisfaction
• Guaranteed service attributes (SLA)
• Scalability
• Billing for actual services/resources consumed
• Supported by high levels of automation
• Based on a highly virtualized infrastructure
IT Services Deployment Model
47
Iaas Benefits
• Benefits for consumers – Dramatic improvements in “time to market”
– Automating backend billing brings a new cost conscious awareness
– Ability to use OpEx for short term needs
• Benefits for IT – Recognition of IT as a competitive service supplier
– Now you can say “yes” and here’s what it would cost
– High levels of automation provide savings
– Consolidation provides savings
– Turn on/off OpEx provides savings
48
The Journey to the Cloud
• Transition – So how do you transition an IT operation from 7x24 crisis
with a backlog of incidents and service requests a mile long to this smoothly functioning Cloud machine
• Foundation – The foundational answer has been around for some years
– It is called the service provider model (SPM, ref. ITIL)
• Rationale – Instead of managing 5000 servers running 5000 apps, the
server provider model transitions the management effort to some 5+/- tiers of service with service level guaranteed
– Managing 5 entities is doable, but it’s difficult to manage 5000 entities
49
What is the Service Provider Model
• Service Level Agreements – A service focus separates the “what” from the “how” of service delivery – A service level agreement between IT and users of technology providers a
pragmatic basis for alignment of IT capabilities with business objectives
• Standard service offerings – Standard services and technical architecture – A stratification of service offerings allows different service level requirements
to be satisfied at appropriate cost levels
• Mature policy and procedure – Management practices are the processes, policies, and organizational model
used to deliver services – As process mature, they become repeatable, documented, measured and
finally have continuous review for improvement
• Cost model and key performance metrics – External and internal metrics define the progress of the service model – A complete cost models is critical to understanding the true cost of service
delivery
50
IT Maturity Model
51
Understanding and Awareness
Training and Communication
Process and Practice Techniques and Automation
Compliance Expertise
1 Recognition Sporadic communication on issues
Ad hoc approach to process and practice
2 Awareness Communication on the overall issue and needs
Similar but intuitive process emerges
Common tools are appearing
Inconsistent monitoring on isolated issues
3 Understanding of need to act
Informal training supports individual initiatives
Practices are defined, standardized and documented; sharing of better practices begins
Tool set is standardized; currently available practices are used and enforced
Inconsistent monitoring; measurement emerges; balanced score card adopted; root cause analysis is intuitive
Involvement of IT specialists in business processes
4 Understand full requirements
Formal training supports a managed program
Process ownership and responsibilities are set; process is sound and complete; internal best practices are applied
Mature techniques are used; standard tools are enforced; limited tactical use of technology
Balanced scorecard are used in some areas; root cause analysis is standardized
Involvement of all internal domain experts
5 Advanced. Forward-looking understanding
Training and communications support external best practices and use leading edge concepts
Best external practices are applied
Sophisticated techniques are deployed; extensive optimized use of technology
Balanced scorecard is globally applied; root cause analysis is always applied
Use of external experts and industry leaders for guidance
7 step plan to build IaaS
• 1 build a service catalog
• 2 create a service level agreement
• 3 Build key performance indicator capabilities
• 4 inventory infrastructure components
• 5 Implement billing per consumable resource
• 6 rationalize the infrastructure
• 7 automate provisioning and de-provioning
52
Step 1 –Create a Service Catalog
• Key points
– 3 to 5 service tiers based on consumer facing attributes
– Tier differentiation will be based on performance and recoverability attributes
– Cost differentials will be driven by configured consumable to meet service attributes
53
Key takeaways – Create a Service Catalog
• Key Takeaways
– Performance, scalability and protection attributes are what consumers care about
– Only IT cares about technology specifications and configuration
– Typically tier cost differentials approximate 50%
– “Right tiering” drives additional savings
54
Step 2 – Build a Service Level Agreement
• Key points
– SLA guarantees service attribute delivery
– A written guarantee changes the whole IT/consumer dynamic
– The service level agreement should include
• The information on both parties
• Each party’s responsibilities
• Mutual responsibilities
• Escalation and remediation clauses
55
Step 3 – Build KPI Capabilities
• Key points – What is happening right now
– Who is using what
– What is available
– Consumption patterns, trends and forecasts
– Alerts and escalations
• Key Takeaways – If you don’t know what’s happening you will
always be surprised • Monitor and alert IT’s service delivery capability
• Monitor and alert the supply/demand situation
56
Step 3 – Build KPI Capabilities (2)
• Key points – Metrics separate Fact from opinion
• What is server demand for storage?
– Interfaces/APIs are needed • Performance of specific hardware or software components
• Resource allocation, availability, consumption and resource release
• Resource performance to SLA attributes
• Key takeaways – Metrics justify your recommendations
– Trended metrics are the first step to continuous improvement
57
Step 4 – Inventory your Infrastructure
• Key points – Mission critical to know exactly
• What is on the floor
• What is running on it
• What its connected to
• What its dependent on
• Key takeaways – Change and release management is key to a stable
environment
– Without CMDB, changes will only generate more incidents and outage
58
Step 5 – Implement Back End Billing
• Key Points – Visibility is more important than charge back – Cost model provides cost of the deployable unit – Cost model includes
• Hardware and software costs • Software licensing • Hardware and software maintenance • Facility, power and cooling • Administration
• Key takeaways – Basis for cost justification and ROI – Speak with CFO in the same language – Visibility to cost impacts resource usage
59
Step 6 – Rationalize the Infrastructure (virtualization)
• Key points
– Not all resources can be automatically provisioned
– Big box unix will require some IT manual effort
– The obvious target today is the virtualized x86 platform
– Storage has been virtualized since the early NAS
• Key takeaways
– Virtualization is key to automated provisioning
– Automated provisioning needs automated de-provisioning
60
Step 7 – Automate Provisioning
• Key points – Consumers want rapid self-provisioning (time to
market) • Provisioning is the most important step from the end
consumer viewpoint
• It should be like buying something on the web from a catalog
• Key provisioning functions allow consumers to – Search the catalog
– Selection the service
– Receive and accept a price
– Have immediately availability to the resource
– Track usage vs. allocation
61
Step 7 – Automate Provisioning
• Key takeaways – Make a list of provisioning features and functions
– Identify the platforms and APIs your allocations will need
– Use this list of requirements to compare vendors
– Mature organization may consider self-development using APIs to native functionality
• Note – A number of hardware vendors are developing
released front end web based platforms that provide the end consumer with IT provisioning
62
Summary
• Hard parts – Front end provisioning, backend invoicing, and
virtualization of your x86 platform
• Easy parts – Building the disciplines and the services to provide a
priced service catalog, service level agreements, key performance indicators, and mature processes
• Outcomes – Move from managing 5000 entities to managing 5
tiers of service
– A disciplined framework where you know what you’ve got and metrics to manage it
63
Conclusion
• Internal IaaS is doable
• Much of the work is IT best practice
• Rationalization is the most challenging
• Auto provisioning is least mature
• Next steps
– Build the SPM
– Classify your applications
– Plan the migration
– execute
64
Business and Finance
IaaS
Recap Benefits of Cloud Computing
• Subscription-based
• Reduce maintenance cost
• Increased reliability
• Portability
• Efficient use of computing resources
66
Principle of Finance
67
Sales Sales
Co
ntr
ibu
tio
n
Fixe
d-C
ost
s
Sales
BEP P&L=Contribution – Fixed-costs
Quick BEP Exercise
68
A B
C D
Build IaaS over Infrastructure
69
Bargain Power
Build your own infra
Option 1
Option2
Google Practice
70
Reduce CapEx by eliminating Cost of Power Gen & UPS
Owned Submarine Cable/ Capacity
Valuation Talks
71
$3B
$1.2M B/L $6M Series A
$100B $171B
$12B
$20B $13B
$1.2B
Buzzword Evolving
2000 ASP
2006 SaaS
2007 PaaS
2011 Social computing
72
Business Model Evolving: Freemium Model
Offering one level of software for free, and then charging a premium for additional features
“if you adopt a freemium business model, your marketing cost is the free users"
COGS=75%= $400B revenue
73
The Journey to Profitability
74
• IaaS business is like a car racing game on a distorted field. Two factors determine the winner:
– Track
– Speed
• Track is determined by :
– IaaS size and design - the larger, the more distorted (higher track).
• Speed is determined by :
– Contribution margin – the higher, the faster
– Recurring revenue base
Track 1
Track 2
Track 3
Cash flow breakeven
Surviva
l Zon
e
Dea
th Zo
ne
Pro
fit Zon
e
Breakeven
EPS indifference line
IaaS Size
Revenue
Track 4
The Journey to Profitability
75
• Two factors determine the journey to profitability in IaaS business:
– Fixed cost
– Contribution margin (CM)
• Fixed cost depends on:
– IaaS size and design (Rent, Utility and Circuit)
– Operation efficiency (SG&A)
• Contribution margin depends on:
– Service mix
– Technological independency
– Vendor bargaining power
D&A
SG&A
Rent
Utility
Circuit
Cost @CM=80%
Cost @CM=50%
Fixed Cost
Sales $
Breakeven Point
Fixed Cost
Survival or not is pretty much determined at the very beginning
The Journey to Profitability
76
EPS ($)
Sales
CM=80%
CM=50%
Fixed Cost
EPS is correlated to sales on the journey of profitability
CM=80% CM=50%
Gross Margin (%)
Sales ($)
80% 50%
Gross Profit
Fixed Cost
Long term profitability is largely determined by CM
The Journey to Profitability
77
• The IaaS business is a recurring revenue business model:
– The previous year’s efforts count
– Sales growth speed outpaces the sales efforts
• Previous year’s efforts count:
– Do not need to start from scratch every year
– Less vulnerable and volatile
• Sales growth outpaces sales efforts:
– Explosive growth at upward economic environment
– Stable growth at downward economic environment
Recurring
Sales
Time t 2t 3t
$
t
2t
Sales base from existing recurring customers
Sales growth outpaces sales efforts
Does Size Matter ?
78
Space
Co
st
Utility – A/C
Co
st
UPS/Power-Gen
Co
st
Utility – Power
Co
st
Linear growth of COGS
Business & Finance Review
• Subscription-based; reduce maintenance cost; increased reliability – COGS remained and converted to other liabilities. It
has to be paid one way or another. – 97% Google’s revenue is from advertisement. – Majority of cloud services are financed by equity
market, not by product market
• Portability – It’s decided by business competition/cooperation, not
by technology
• Efficient use of computing resources – Market prices are largely determined by competition,
not by efficient use of resources 79
Research
IaaS
Companies are still afraid to use clouds
81
Causes of Problems Associated with Cloud Computing
• Most security problems stem from:
– Loss of control
– Lack of trust (mechanisms)
– Multi-tenancy
• These problems exist mainly in 3rd party management models
– Self-managed clouds still have security issues, but not related to above
82
Loss of Control in the Cloud
• Consumer’s loss of control
– Data, applications, resources are located with provider
– User identity management is handled by the cloud
– User access control rules, security policies and enforcement are managed by the cloud provider
– Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources
83
Lack of Trust in the Cloud
• Trusting a third party requires taking risks • Defining trust and risk
– Opposite sides of the same coin (J. Camp) – People only trust when it pays (Economist’s view) – Need for trust arises only in risky situations
• Defunct third party management schemes – Hard to balance trust and risk – e.g. Key Escrow (Clipper chip) NSA 1993-1996
– Is the cloud headed toward the same path?
84
source: therepublic.com
Multi-tenancy Issues in the Cloud
• Conflict between tenants’ opposing goals – Tenants share a pool of resources and have opposing goals
• How does multi-tenancy deal with conflict of interest? – Can tenants get along together and ‘play nicely’ ?
– If they can’t, can we isolate them?
• How to provide separation between tenants?
• Cloud Computing brings new threats – Multiple independent users share the same physical infrastructure
– Thus an attacker can legitimately be in the same physical machine as the target
85
Taxonomy of Fear
• Confidentiality – Fear of loss of control over data
• Will the sensitive data stored on a cloud remain confidential?
• Will cloud compromises leak confidential client data
– Will the cloud provider itself be honest and won’t peek into the data?
• Integrity – How do I know that the cloud provider is doing
the computations correctly? – How do I ensure that the cloud provider really
stored my data without tampering with it?
86
Taxonomy of Fear (cont.)
• Availability
– Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack?
– What happens if cloud provider goes out of business?
– Would cloud scale well-enough?
– Often-voiced concern
• Although cloud providers argue their downtime compares well with cloud user’s own data centers
87
Taxonomy of Fear (cont.)
• Privacy issues raised via massive data mining
– Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients
• Increased attack surface
– Entity outside the organization now stores and computes data, and so
– Attackers can now target the communication link between cloud provider and client
– Cloud provider employees can be phished
88
Taxonomy of Fear (cont.)
• Auditability and forensics (out of control of data)
– Difficult to audit data held outside organization in a cloud
– Forensics also made difficult since now clients don’t maintain data locally
• Legal and trust issues
– Who is responsible for complying with regulations?
• e.g., SOX, HIPAA, GLBA ?
– If cloud provider subcontracts to third party clouds (web2.0, 3.0, ..), will the data still be secure?
89
Challenges for the attacker
• How to find out where the target is located?
• How to be co-located with the target in the same (physical) machine?
• How to gather information about the target?
90
Critical Issues from governments
Jurisdiction for cloud services Business monopoly (e.g. Google, F/B)
Cloud data privacy and security Protocol development and standardization Utility model stimulate innovation or impede
creativity Green environment requirement
By IGF (Internet Governance Forum) 2011 KL
91
Policy Government Cloud Computing Policy
IaaS
93
Source: “Above the Clouds: A Berkeley View of Cloud Computing” Feb. 4, 2009 & Revision
vs.
Software industry
Cloud Computing
Software Service Without data center
Pro
du
ce
Clo
ud
Device
Semiconductor industry
(TSMC, UMC)
IC design without factory
Produce
Equ
ipm
en
t and
device
s
Service
Information industry
Tier 1 industry
impact
rebuild
impact IC Design
Policy Rationale Cloud Computing bring the Opportunity of Industrial Transition
94
Policy Strategy
Solutions Devices
Data Center
Infrastruc ture
Client
Connectivity
Commerce
Cloud
NetBook
TV Phone
Hardware
Fiber WiMax
3G/4G
telecommunication
G-Cloud
Edu-Cloud HC-Cloud
SME-Cloud
Software/service
server
storage switch
system software
Security IDC, ISP
Hardware,software
Full Scale / 4C Integrated ECO Sytem
95
G-Cloud Program
•G2C)
•(G2B)
•(G2G)
Infrastructure as a Service (IaaS) GSN , GPKI , N-SOC, shared data center
Management service
Platform as a Service (PaaS)
Software as a Service (SaaS)
SLA & Auditing
Service management & Security management
Data center and network management
Agility Sh
ared
Service
Co
nso
lidatio
n Sh
ared
facility
Shared Service
Platform
AP Dev. Platform
AP Validatoin
DB & Mgt Platform
Agency service
Education E-Tax E-Trade
Healthcare
f
SME Service
Transportation
G-Cloud
Project Name Budget Lead Organization
Cloud computing technology development plan $3.7B MOEA/DOIT
Research Experimental Data Center plan $0.1B MOEA/DOIT
Cloud Computing Corporation plan $1B MOEA/DOIT
Global Firms R&D Investment plan $1.5B MOEA/DOIT
Cloud Computing Industrial Applications Plan $0.7B MOEA/IDB
Government Cloud Computing Infrastructure $6.5B RDEC
Fire Prevention Cloud Computing Service $0.4B MOI/NFA
Education Cloud Computing Service $1.7B MOE
Road Traffic Cloud Computing Infrastructure $0.6B MOTC
Cloud Computing Promotion for SME $0.6B MOEA/SMEA
Cloud Computing Trade Service $0.4B MOEA/BOFT
Cloud Computing Invoice Service $1.3B MOF
Tax Information System Integration & Reform $4B MOF
Harbor Single Window Service Plan $0.8B MOF
Technology & Research Cloud Computing Platform $0.8B NSC
2010 2011 2012 2013 2014
Service access visitor (10M) 0.5M 1M 2M 3M 3.5M
Firm R&D Investment ($12.7B) $1.4B $2.3B $3B $3B $3B
Indirect Investment HW, Serv.($100B) $5B $8B $22B $30B $35B
Employee Increase 50,000 (person) 2500 4000 11000 15000 17500
Cloud Computing Industry Value($1T) $8B $20B $64B $308B $600B
What’s going wrong • Set the standard
– Policy value should be measurable at specific facets • Improved constituent value
– Demonstration needed • Improved operational efficiency
– Demonstration needed
– Lack of Strategy Model • Value/Cost justification model • Lack of Cross-agency integration
– Committee driven model
• Committee representative – IT experts are not professional in financial/business evaluation
• Stakeholder representative – Committee members have no position to claim construction
for target stakeholders – Weak causal analysis
• Lack of problem declaration, causal model, reasoning methodology, solution alternatives, outcome justification
Strategy vs. Operation
• Separate strategy and operation issues
– Deal with operations separately from strategy
– Pushing operational performance and making strategic decisions are distinctive activities
• GIGO (garbage in / garbage out)
– Measure goals with goals indicators
• Goals indicator validation
– Measure performance with performance indicators
Issue Resolution Process
• Issue identification – Strategic [S]
• Improve performance to target stakeholders • Reduce cost to target stakeholders
– Non-strategic [NS] : otherwise – Exception Fallacy [EF] : not a real issue
• Propose solution items, with the following context – Fact-based : demonstrate how it create stakeholders’ value – Alternative driven : at least 3 alternatives presented – Consequential
• Financial implication : how much it cost (CapEx, OpEx ?) • Performance implication : how well it perform? scale of improvement?
how to monitor? • Time Scale : Short/Mid/Long-term solution, straw-man proposal,
migration strategy
• Conclusion Validity : Are they causal (solutions vs. issues)
The Prioritization Matrix
Deprioritize Pursue
Opportunistically
Explore ways of
Improving stakeholders’
value
Investigate
further
immediately
Cloud Computing
TWIX
Low
High
High [S]
Cost
of
Imple
ment
ation
Issue Strategic Value
Cyberspace
Strategy
Cost
of
Imple
ment
ation
Issue Strategic Value
High Low
Recommendations
• Issue strategic value – Given the issue resolved, how it improve performance ? How it create
value? A general understanding should be given
• Prioritization Matrix – [Strategic]>[Non-Strategic]
• Put real choice on the table : alternative driven
• Solve the problem – Solution and problem should have casual relationship
• Time scaling : phased implementation with coherent strategy
• You can not control what you can not measure
Government Role & Responsibility
104