six common challenges of cloud implementations - ndm · through automation and orchestration. ......
TRANSCRIPT
Six Common Challenges of Cloud Implementations Private cloud—as an approach to IT operations—calls for organizations to transform their data centers, including the network. Using strategic points of control to aggregate and dynamically provision IT resources can help organizations meet network-related challenges and move past the hype to successfully build, deploy, and secure private clouds.
by Lori MacVittie
Senior Technical Marketing Manager
White Paper
2
White PaperSix Common Challenges of Cloud Implementations
Contents
Introduction 3
Six Common Challenges to Four Cloud Goals 5
Goal: Self-Service IT (IT as a Service) 5
Goal: Automate and Orchestrate 7
Goal: Transition to a Hybrid Model 9
Goal: Virtualize the Network 12
Conclusion 14
3
White PaperSix Common Challenges of Cloud Implementations
IntroductionAsk several different organizations why they are implementing a private cloud, and
you’re likely to receive several different reasons. Ask several people within any one
organization why they are implementing a private cloud, and you’re still likely to
receive several very different reasons, especially if those people span business and
operational teams. Ask any of them if they have realized the benefits they thought
they would, and they’re likely to say “not yet” or “not quite.”
Three Surveys—Three Different Top Reasons to Adopt Cloud
%
Flexibility1 31%
Consolidate IT infrastructure2 42%
Scalability3 61%
Figure 1: Three different surveys about cloud adoption produced three different top results.
While many technologies focus on solving specific pain points, and thus there are
clear reasons for implementing them, technologies that cross into the realm of
architecture and data center models are less focused on specific problems. Rather,
they focus more on providing multiple hard and soft benefits. The result is that
organizations justify implementation based on the particular benefit they deem
most applicable to their business and operational needs—which is very likely to
be different from that of other businesses, even in the same vertical industry.
Inhibitors to cloud adoption, too, show similar fragmentation across organizations,
although security remains in the top two or three most often cited reasons why
organizations continue to shy away from cloud.Surveys—Three Different Top Inhibitors of Cloud Adoption
3
F5 Customers are Embracing Private Cloud
68% of surveyed IT organizations have deployed private cloud in production.
Source: TechValidate
TVID: DD6-314-00B
1 Fulton, Scott M. Survey: Companies Adopt the Cloud to Use Tablets, End Up Saving Less. www.readwriteweb.com; December 5, 2011.
2 Powell, James E. Enterprise Cloud Use, Plans Revealed in New Survey. www.esj.com; May 26, 2011.
3 100 Best Cloud and Data Stats of 2011…So Far
4
White PaperSix Common Challenges of Cloud Implementations
Three Surveys—Three Different Top Inhibitors of Cloud Adoption
%
Security4 20%
Lack of cloud training5 43%
SLAs6 45%
Figure 2: Three surveys about what inhibits organizations from cloud adoption produced three different top results.
But what no survey asks is how organizations intend to achieve these goals and
overcome the obstacles. For example, flexibility is a benefit that can be achieved
through automation and orchestration. It can be achieved through consolidation
and virtualization, or through a self-service approach to IT services.
By knowing how it intends to realize the benefits associated with cloud
computing, an organization can better identify and address the challenges they
will meet along the way. In this way, they can define a clear path to confidently
implementing the solutions and technologies required to achieve the goal.
One of the more significant challenges in cloud deployment remains in the
network: 61 percent of respondents in a 2012 Network World Cloud Computing
survey indicated they were “still not fully confident in their network infrastructure
preparedness” as it related to cloud computing initiatives. Over half of those not
confident in the network infrastructure preparedness still harbored concerns
regarding security and control over data, and many were still unsure of IT’s ability
to manage virtual resources.
Viewing private cloud implementations through the lens of organizational goals
brings to light six common network-related challenges that, if met, will enable
organizations to successfully realize the desired benefits of private cloud initiatives.
F5 Supports Global 500 Computer Services Company
A global 500 computer services company addressed the following issues by deploying F5 for their private cloud environment:
· Decreasing OpEx
· Improving performance
· Increasing availability
· Consolidating management
Senior IT Architect, Global 500 Computer Services Company
Source: TechValidate
TVID: 815-A1C-2BD
4 100 Best Cloud and Data Stats of 2011…So Far
5 100 Best Cloud and Data Stats of 2011…So Far
6 Cloud barriers: a failure of technology or communication? www.infosecurity-magazine.com; February 17, 2012.
5
White PaperSix Common Challenges of Cloud Implementations
Six Common Challenges to Four Cloud Goals A private cloud, in general, is one path to achieving specific goals for IT, each offering
a variety of benefits:
Goal Benefits
Self-service IT • Flexibility• Reduced costs• Reduced time to market
Automation and orchestration • Reduced costs• Reduced time to market• Reliability• Scalability
Transition to a hybrid model • Flexibility• Scalability• Reduced costs
Virtualization of the network • Scalability• Reduced costs• Infrastructure consolidation
Figure 3: The goals and benefits of implementing a private cloud.
The benefits of successfully implementing a model that achieves the intended goal
come with challenges that must be met and overcome.
Each implementation goal faces network-related challenges, many of which are shared
regardless of the reason for undertaking a private cloud implementation.
Goal: Self-Service IT (IT as a Service)
With IT as a Service, business and operational consumers can easily provision and
manage resources. IT as a Service ultimately enables the consumer to easily “order” IT
services to fulfill the application-specific requirements associated with an application
deployment, including availability, scalability, security, monitoring, and performance.
6
White PaperSix Common Challenges of Cloud Implementations
End Users(Customers: Internal or External)
Self-Service Provisioning Applications
Infrastructure Services
Network API Hypervisor API Storage API Security API
Hypervisor
APP APP APP Infrastructure 2.0
IT as a Service
Cloud
Figure 4: IT as a Service requires a private cloud implementation, which offers the easy management and provisioning required for self-service consumption.
IT as a Service requires a dynamic foundation of infrastructure services as well as an
automation and orchestration framework. Without such a foundation, consumers
may be able to rapidly provision the compute or storage resources necessary for an
application, but will not be able to specify the delivery services they need to meet
security, access management, availability, and performance requirements.
This requires service-enabling infrastructure and integration with provisioning and
management systems. Service enablement can be challenging due to the lack of
standards across the infrastructure spectrum, and in some cases organizations lack
an API through which they can achieve service enablement.
Integration becomes an obstacle when pre-packaged integration between
infrastructure and provisioning/orchestration engines is not provided, as this requires
organizations to dedicate time and resources to enabling the integration themselves.
7
White PaperSix Common Challenges of Cloud Implementations
Challenge #1: Service-enabling the infrastructure
Service-enabling the infrastructure is necessary to automate and ultimately
orchestrate operational tasks and processes, respectively. Service enablement is
a challenge because there is a lack of standardization within the infrastructure
demesne. While many components today are enabled with a control plane API
or SDK and have standardized on XML and web services, the depth and breadth
of these access methods vary widely and often require skills not commonly found
in IT operations today.
Furthermore, these APIs and SDKs are often very granular and specific to the
infrastructure component technology. Common operational tasks may require
multiple API calls, with each infrastructure component requiring a different set of
calls with its own unique terminology. The creation of a VLAN, for example, can
require very different service calls on a switch than a load balancer requires. These
differences necessitate not only product-specific expertise, but strong knowledge
about development tools and methodologies, as well as networking. This makes
it difficult to find people with the right mix of operational and development skills
to service-enable the infrastructure.
The F5 solution
The F5 control plane API, iControl®, can be invoked and managed in a wide variety
of languages and development environments. Python, Java, PHP, PowerShell, and
PERL are among the many languages through which F5® BIG-IP® solutions are
service-enabled.
F5’s user community, DevCentral, serves over 98,000 registered members with a
plurality of the community focused on service enablement and the use of iControl
to integrate and manage F5 BIG-IP solutions in their architectures. This support for
service enablement efforts, provided by such a vibrant community, is invaluable
to organizations seeking to expand the integration of the BIG-IP system within
their environments.
Goal: Automate and Orchestrate
Automation and orchestration are often blended, but they are two separate concepts.
Automation is the codification of an operational task, for example, “add this server
to the load balancing pool” or “redirect web requests to another data center.”
Orchestration is the codification of a process, such as “deploy an application,”
and usually comprises multiple tasks that have been automated.
8
White PaperSix Common Challenges of Cloud Implementations
Automation and orchestration are critical to achieving higher efficiency and greater
scale of operations in the data center, as well as enabling IT as a Service. Task
automation enables the creation of repeatable processes—orchestration—that
can lead to further efficiency gains through the streamlining of deployment and
maintenance processes.
Codifying policies that describe tasks, however, can be challenging because of
the wide variety of devices and systems that are involved. No single policy system
encompasses all devices and systems, leaving operations with the need to define
policies that span multiple systems and address multiple concerns. Integration with
the orchestration and automation engines that are responsible for executing these
processes can also be fraught with perils similar to those experienced by organizations
on an IT as a Service path.
Challenge #2: Integration with provisioning and orchestration engines
Achieving true elasticity requires the orchestration of multiple components within the
data center. Provisioning or decommissioning an application instance is but the first
step in a much more comprehensive process that involves load balancing, acceleration
and optimization, security, and networking components across the infrastructure.
Equally important to elasticity and automated deployment are triggers that initiate
provisioning and decommissioning of application instances. These triggers generally
act upon thresholds set by business and operational requirements for performance
and availability, and thus need metrics against which such thresholds can be
evaluated. Not only is it necessary to have visibility of metrics, but the means by
which those metrics can be communicated, such as triggers and integration with
reporting systems, must also be enabled.
The most common way to address this challenge is by integrating infrastructure
components with provisioning and orchestration engines. While such integration
handily addresses most of this challenge, it raises others. Not every component is
integrated with every provisioning and orchestration engine. Careful consideration
with respect to the integrations available for infrastructure components is required
to ensure this critical support is not overlooked.
The F5 solution
F5 has a long and proven history of support for and integration with the most
strategic data center partners in the world. From Microsoft to Oracle, IBM to HP,
9
White PaperSix Common Challenges of Cloud Implementations
and VMware to Dell, F5 maintains infrastructure and application alliances that
ensure the integration required not only exists, but is tested and proven by
both organizations.
F5 tightly integrates with the leading provisioning and orchestration engines,
enabling organizations to take immediate advantage of these integrations to form
the foundation for a private cloud implementation. F5 is also supported by popular
devops frameworks such as Opscode Chef, Puppet Labs Puppet, and CloudStack for
organizations implementing private cloud who are building their own provisioning
and management frameworks.
Challenge #3: Codifying deployment policies
Whether the goal is IT as a Service, transitioning to a hybrid architecture, or
operational consistency, the codification of reusable policies is a must. An application
control plane that can accept and apply the proper policies that govern security,
performance, and availability enable organizations to achieve greater economies
of scale within operations and ensure consistency of application deployments
regardless of the environment in which they reside.
Such policies must be flexible, however, to ensure location- and application-specific
parameters can be applied on a per-application or per-project basis. This means
accepting input in a way that abstracts the policy without losing any of its
configuration-specific implementation.
The F5 solution
F5 addresses this challenge with iApps™. iApps enables IT operations to define
application-specific deployments in a way that requires very little specific network
knowledge and no product-specific knowledge to configure. Each iApp codifies
the configuration and operational policies governing security, performance, and
availability of the application, and can be simply configured by application owners
either directly through a user interface or as part of an automated application
deployment lifecycle process.
iApps Templates can be invoked via the iControl API to ensure integration with
existing automation frameworks and orchestration engines.
Today, the F5 BIG-IP system integrates with:
· VMware vCloud Director and vSphere
· IBM PureSystems
· HP Cloud Maps
· Microsoft System Center 2012
· CloudStack
· Puppet Labs Puppet
· Opscode Chef
10
White PaperSix Common Challenges of Cloud Implementations
Goal: Transition to a Hybrid Model
For some organizations the end goal is a hybrid cloud architecture, one in
which public cloud resources are integrated into data center management and
infrastructure systems to enable cost reduction, elasticity, and flexibility. While
it’s not required to implement a hybrid model, some organizations normalize the
data center on a cloud computing–based architecture to ease integration efforts
with public cloud environments.
Regardless, organizations on the path to a hybrid model must have an architectural
approach that can support inter-cloud needs. The ability to bridge environments is
crucial in hybrid architectures, and organizations must consider identity and access
management in a multi-cloud environment.
Hybrid architectures necessitate the distributed deployment of infrastructure
and compute services, which includes policies that govern security, availability,
and access management. When this disjointed set of policies is deployed, it can
lead to operational inconsistencies in application delivery, ultimately causing
unpredictable availability and performance and failing to meet acceptable
operational and business requirements.
Challenge #4: Inter-cloud architecture
Designing a private cloud with the intention of transitioning to a hybrid architecture
can be intimidating. Hybrid architectures may necessitate significant changes to the
data center architecture in order to accommodate specific inter-cloud needs and
requirements at a later date. These requirements include secure interconnectivity
between the private and public cloud environments, and forethought about how
processes will span environments and what infrastructure components will need
to be replicated in the public cloud portion of a hybrid model.
The F5 solution
The BIG-IP system supports inter-cloud bridging via its iSession® capabilities.
iSession provides a secure and accelerated tunnel between private and public
cloud environments. Combined with support for network overlay technology such
as EtherIP, the BIG-IP system ensures network connectivity and IP routing that treats
the public cloud components as an extension of an organization’s private cloud.
Adding the WAN optimization functionality of BIG-IP® WAN Optimization Manager™
(WOM) optimizes traffic flowing between securely connected sites. Achieving
11
White PaperSix Common Challenges of Cloud Implementations
optimal performance enables organizations to perform live migration of virtual
machines and maintain performance levels required by business stakeholders.
In addition to supporting network-layer integration of cloud computing environments,
F5 solutions can broker application layer services required to integrate Software as
a Service (SaaS) and cloud-deployed applications. Integration at the service layer
enables single sign-on (SSO) in hybrid environments by consolidating authentication
and authorization inside the data center where the BIG-IP system can efficiently
control identity and access management.
By treating components and applications deployed in the public cloud as though they
were local components, the BIG-IP system can continue to integrate resources and
manage applications consistently across environments.
Data Center 2
Router
Storage Replication
Data Center
Router BIG-IP Global Traffic Manager
BIG-IP Local Traffic Manager
BIG-IP Local Traffic Manager
VM Replication
APP APP APP
APP APP APP
APP APP APP
APP APP APP
APP APP APP
APP APP APP
APP APP APP
APP APP APP
Clients
InternetCloud
BIG-IP Global Traffic Manager
Storage
ARX4000
ARX ARX Cloud Extender
Storage
Figure 5: F5 solutions enable inter-cloud architectures through bridging and virtualization.
Challenge #5: Operational consistency
Whether as part of a private or hybrid cloud implementation, maintaining consistency
in operational processes is critical to realizing the benefits of cloud-based models.
When operations is required to manage local resources via one methodology and
cloud-deployed resources use another, processes and policies become disjointed
12
White PaperSix Common Challenges of Cloud Implementations
and out of sync. These kinds of inconsistencies increase the cost of managing
the implementation and operational risk.
Performance, security, and availability may be compromised by inconsistent
or overlooked policies. Monitoring and visibility can be impaired by a lack of
functionality in cloud environments or by an operator’s failure to configure such
capabilities during the deployment process. While it’s more likely in an inter-
cloud environment, the multi-tenant nature of private cloud encourages silos of
application deployments that may suffer the same operational inconsistencies.
Such missteps jeopardize the realization of benefits of a private or hybrid cloud
initiative as well as the success of its deployment.
The F5 solution
The BIG-IP system addresses this challenge with a combination of technologies.
First, BIG-IP virtual editions are available for deployment in a variety of hypervisors,
so organizations can duplicate critical infrastructure whether for business unit,
department, or public cloud deployment. With F5 Device Service Clusters (DSCs),
the BIG-IP system can share and synchronize policies that govern application
security, performance, and availability, ensuring consistent management of
operational risk.
Finally, F5 BIG-IP solutions share a common operational interface and management
model regardless of form factor or location. This ensures that all F5 services,
including acceleration, access control, security, and availability, can be managed
consistently across and within cloud computing environments.
Goal: Virtualize the Network
Virtualized infrastructure, by its nature, makes less agile network dependencies
problematic. Traditional data center network designs rely heavily on integration
changes between virtualized network elements, like VMware vSwitches, and
traditional infrastructure deployments to work properly. The management policies
of the physical infrastructure can hardly keep pace with the rate of change in the
virtualized infrastructure. In fact, even if the physical infrastructure had mechanisms
for change notifications in the virtualized infrastructure, it would still be ill-suited
to do anything about it.
To address this disparity between the rate of change possible with virtualized
network elements and the rest of the infrastructure, the network must become
F5 BIG-IP Testimonial: Manufacturer Utilizes vCMP for Private Cloud
“Using the F5 vCMP for our private cloud, we are finally able to separate the management planes of different customers without proliferating physical appliances.”
Engineer, Global 500 Industrial Manufacturing Company
Source: TechValidate
TVID: 1D4-B25-544
Watch this F5 video to learn more about Virtual Clustered Multiprocessing (vCMP®).
13
White PaperSix Common Challenges of Cloud Implementations
service-enabled. There are solutions in various areas of the network that provide
service enablement, but other areas remain without APIs or service-enabled
control planes. This leaves whole areas of existing networks blind to changes,
making it impossible to use them to control network- and security-related policies.
Alternatively, network operators are facing complete redesigns with unknown
protocols or expensive upgrades to keep the current players in the game.
Challenge #6: Addressing topological dependencies
As virtualization has become the norm in server infrastructure, its benefits and the
challenges it was designed to meet—elasticity and portability—have shifted their
focus to the network.
Many organizations, having experienced success and realized multiple benefits
from their server virtualization initiatives, have begun to examine the virtualization
of the network. Such a transition is logical, but fraught with challenges unlike
those experienced during the server virtualization phase.
Most serious amongst these challenges is the impact of moving from primarily
static to dynamic network architectures. Failure to recognize that moving
from static to dynamic, from physical to virtual, requires the same functional
components—the same services—as the physical world can lead to failure
of the whole initiative. Firewall, load balancing, and security services are still
required as part of the overall network architecture. The network must still
exist—and perform—once it is virtualized.
The solution to this challenge lies with existing solutions for managing dynamism
in the server infrastructure. The ability to manage virtualized network services and
benefit from increased elasticity and resource utilization requires the same layer of
abstraction that provides the strategic control for virtualized application services:
an application delivery tier.
An application delivery tier is responsible for virtualizing the network service
and enabling the elasticity, flexibility, and lower costs sought by those whose
goal for private cloud is virtualization of the network.
The F5 solution
The BIG-IP platform is designed for scalability of services. With its ability to
support any IP-based architecture, it can provide a layer of abstraction for
virtually any service, network, or application. By abstracting network and
14
White PaperSix Common Challenges of Cloud Implementations
application infrastructure services through the BIG-IP platform, organizations can
virtualize network services without sacrificing the scalability and performance of
their hardware counterparts.
CONTROL PLANE
DATA PLANE
DNS UCS IAM AUDIT SECURITY
TMOS
Global Server Load Balancing
High Availability
Web Application
Firewall
Web Performance Optimization and Front-End Optimization
Deep Content
Inspection
NETWORK ABSTRACTION
GSLB
HA
WPO & FEO
DCI
WAF
Figure 6: The BIG-IP platform isolates control and data plane responsibilities, enabling organizations to virtualize the network by abstracting services.
Conclusion One of the advantages of using public cloud computing is that the abstraction
of the network infrastructure has already been achieved, and thus challenges
with network preparation for cloud computing have already been addressed.
As organizations move forward in their own private cloud initiatives, they will
invariably run head-on into the same or similar challenges, regardless of their
reason for building their own cloud computing environment.
While those goals may vary from organization to organization or even over time,
there are common network-related challenges. Understanding these challenges—
and their solutions—will enable organizations to chart a less perilous path toward
successful implementation. In particular, the readiness of the network in terms of
service-enablement, integration, and automation are paramount to architecting
a flexible but reliable foundation upon which cloud models can be based.
White PaperSix Common Challenges of Cloud Implementations
F5 Networks, Inc.Corporate [email protected]
F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com
F5 Networks Ltd.Europe/Middle-East/[email protected]
F5 NetworksJapan [email protected]
©2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. CS01-00106 0612
F5 solutions are uniquely suited to enabling successful private cloud implementations
by helping organizations meet the network-related challenges they will encounter
along the way. Whether these challenges lie in the infrastructure and systems
integrations required to implement a private cloud, or in the need for consistent,
repeatable application deployments, F5 BIG-IP solutions and technologies provide
the foundation for a flexible, elastic application delivery tier for both private and
hybrid cloud architectures.