Six Common Challenges of Cloud Implementations Private cloud—as an approach to IT operations—calls for organizations to transform their data centers, including the network. Using strategic points of control to aggregate and dynamically provision IT resources can help organizations meet network-related challenges and move past the hype to successfully build, deploy, and secure private clouds.

by Lori MacVittie

Senior Technical Marketing Manager

White Paper

2

White PaperSix Common Challenges of Cloud Implementations

Contents

Introduction 3

Six Common Challenges to Four Cloud Goals 5

Goal: Self-Service IT (IT as a Service) 5

Goal: Automate and Orchestrate 7

Goal: Transition to a Hybrid Model 9

Goal: Virtualize the Network 12

Conclusion 14

3

White PaperSix Common Challenges of Cloud Implementations

IntroductionAsk several different organizations why they are implementing a private cloud, and

you’re likely to receive several different reasons. Ask several people within any one

organization why they are implementing a private cloud, and you’re still likely to

receive several very different reasons, especially if those people span business and

operational teams. Ask any of them if they have realized the benefits they thought

they would, and they’re likely to say “not yet” or “not quite.”

Three Surveys—Three Different Top Reasons to Adopt Cloud

%

Flexibility1 31%

Consolidate IT infrastructure2 42%

Scalability3 61%

Figure 1: Three different surveys about cloud adoption produced three different top results.

While many technologies focus on solving specific pain points, and thus there are

clear reasons for implementing them, technologies that cross into the realm of

architecture and data center models are less focused on specific problems. Rather,

they focus more on providing multiple hard and soft benefits. The result is that

organizations justify implementation based on the particular benefit they deem

most applicable to their business and operational needs—which is very likely to

be different from that of other businesses, even in the same vertical industry.

Inhibitors to cloud adoption, too, show similar fragmentation across organizations,

although security remains in the top two or three most often cited reasons why

organizations continue to shy away from cloud.Surveys—Three Different Top Inhibitors of Cloud Adoption

3

F5 Customers are Embracing Private Cloud

68% of surveyed IT organizations have deployed private cloud in production.

Source: TechValidate

TVID: DD6-314-00B

1 Fulton, Scott M. Survey: Companies Adopt the Cloud to Use Tablets, End Up Saving Less. www.readwriteweb.com; December 5, 2011.

2 Powell, James E. Enterprise Cloud Use, Plans Revealed in New Survey. www.esj.com; May 26, 2011.

3 100 Best Cloud and Data Stats of 2011…So Far

4

White PaperSix Common Challenges of Cloud Implementations

Three Surveys—Three Different Top Inhibitors of Cloud Adoption

%

Security4 20%

Lack of cloud training5 43%

SLAs6 45%

Figure 2: Three surveys about what inhibits organizations from cloud adoption produced three different top results.

But what no survey asks is how organizations intend to achieve these goals and

overcome the obstacles. For example, flexibility is a benefit that can be achieved

through automation and orchestration. It can be achieved through consolidation

and virtualization, or through a self-service approach to IT services.

By knowing how it intends to realize the benefits associated with cloud

computing, an organization can better identify and address the challenges they

will meet along the way. In this way, they can define a clear path to confidently

implementing the solutions and technologies required to achieve the goal.

One of the more significant challenges in cloud deployment remains in the

network: 61 percent of respondents in a 2012 Network World Cloud Computing

survey indicated they were “still not fully confident in their network infrastructure

preparedness” as it related to cloud computing initiatives. Over half of those not

confident in the network infrastructure preparedness still harbored concerns

regarding security and control over data, and many were still unsure of IT’s ability

to manage virtual resources.

Viewing private cloud implementations through the lens of organizational goals

brings to light six common network-related challenges that, if met, will enable

organizations to successfully realize the desired benefits of private cloud initiatives.

F5 Supports Global 500 Computer Services Company

A global 500 computer services company addressed the following issues by deploying F5 for their private cloud environment:

· Decreasing OpEx

· Improving performance

· Increasing availability

· Consolidating management

Senior IT Architect, Global 500 Computer Services Company

Source: TechValidate

TVID: 815-A1C-2BD

4 100 Best Cloud and Data Stats of 2011…So Far

5 100 Best Cloud and Data Stats of 2011…So Far

6 Cloud barriers: a failure of technology or communication? www.infosecurity-magazine.com; February 17, 2012.

5

White PaperSix Common Challenges of Cloud Implementations

Six Common Challenges to Four Cloud Goals A private cloud, in general, is one path to achieving specific goals for IT, each offering

a variety of benefits:

Goal Benefits

Self-service IT • Flexibility• Reduced costs• Reduced time to market

Automation and orchestration • Reduced costs• Reduced time to market• Reliability• Scalability

Transition to a hybrid model • Flexibility• Scalability• Reduced costs

Virtualization of the network • Scalability• Reduced costs• Infrastructure consolidation

Figure 3: The goals and benefits of implementing a private cloud.

The benefits of successfully implementing a model that achieves the intended goal

come with challenges that must be met and overcome.

Each implementation goal faces network-related challenges, many of which are shared

regardless of the reason for undertaking a private cloud implementation.

Goal: Self-Service IT (IT as a Service)

With IT as a Service, business and operational consumers can easily provision and

manage resources. IT as a Service ultimately enables the consumer to easily “order” IT

services to fulfill the application-specific requirements associated with an application

deployment, including availability, scalability, security, monitoring, and performance.

6

White PaperSix Common Challenges of Cloud Implementations

End Users(Customers: Internal or External)

Self-Service Provisioning Applications

Infrastructure Services

Network API Hypervisor API Storage API Security API

Hypervisor

APP APP APP Infrastructure 2.0

IT as a Service

Cloud

Figure 4: IT as a Service requires a private cloud implementation, which offers the easy management and provisioning required for self-service consumption.

IT as a Service requires a dynamic foundation of infrastructure services as well as an

automation and orchestration framework. Without such a foundation, consumers

may be able to rapidly provision the compute or storage resources necessary for an

application, but will not be able to specify the delivery services they need to meet

security, access management, availability, and performance requirements.

This requires service-enabling infrastructure and integration with provisioning and

management systems. Service enablement can be challenging due to the lack of

standards across the infrastructure spectrum, and in some cases organizations lack

an API through which they can achieve service enablement.

Integration becomes an obstacle when pre-packaged integration between

infrastructure and provisioning/orchestration engines is not provided, as this requires

organizations to dedicate time and resources to enabling the integration themselves.

7

White PaperSix Common Challenges of Cloud Implementations

Challenge #1: Service-enabling the infrastructure

Service-enabling the infrastructure is necessary to automate and ultimately

orchestrate operational tasks and processes, respectively. Service enablement is

a challenge because there is a lack of standardization within the infrastructure

demesne. While many components today are enabled with a control plane API

or SDK and have standardized on XML and web services, the depth and breadth

of these access methods vary widely and often require skills not commonly found

in IT operations today.

Furthermore, these APIs and SDKs are often very granular and specific to the

infrastructure component technology. Common operational tasks may require

multiple API calls, with each infrastructure component requiring a different set of

calls with its own unique terminology. The creation of a VLAN, for example, can

require very different service calls on a switch than a load balancer requires. These

differences necessitate not only product-specific expertise, but strong knowledge

about development tools and methodologies, as well as networking. This makes

it difficult to find people with the right mix of operational and development skills

to service-enable the infrastructure.

The F5 solution

The F5 control plane API, iControl®, can be invoked and managed in a wide variety

of languages and development environments. Python, Java, PHP, PowerShell, and

PERL are among the many languages through which F5® BIG-IP® solutions are

service-enabled.

F5’s user community, DevCentral, serves over 98,000 registered members with a

plurality of the community focused on service enablement and the use of iControl

to integrate and manage F5 BIG-IP solutions in their architectures. This support for

service enablement efforts, provided by such a vibrant community, is invaluable

to organizations seeking to expand the integration of the BIG-IP system within

their environments.

Goal: Automate and Orchestrate

Automation and orchestration are often blended, but they are two separate concepts.

Automation is the codification of an operational task, for example, “add this server

to the load balancing pool” or “redirect web requests to another data center.”

Orchestration is the codification of a process, such as “deploy an application,”

and usually comprises multiple tasks that have been automated.

8

White PaperSix Common Challenges of Cloud Implementations

Automation and orchestration are critical to achieving higher efficiency and greater

scale of operations in the data center, as well as enabling IT as a Service. Task

automation enables the creation of repeatable processes—orchestration—that

can lead to further efficiency gains through the streamlining of deployment and

maintenance processes.

Codifying policies that describe tasks, however, can be challenging because of

the wide variety of devices and systems that are involved. No single policy system

encompasses all devices and systems, leaving operations with the need to define

policies that span multiple systems and address multiple concerns. Integration with

the orchestration and automation engines that are responsible for executing these

processes can also be fraught with perils similar to those experienced by organizations

on an IT as a Service path.

Challenge #2: Integration with provisioning and orchestration engines

Achieving true elasticity requires the orchestration of multiple components within the

data center. Provisioning or decommissioning an application instance is but the first

step in a much more comprehensive process that involves load balancing, acceleration

and optimization, security, and networking components across the infrastructure.

Equally important to elasticity and automated deployment are triggers that initiate

provisioning and decommissioning of application instances. These triggers generally

act upon thresholds set by business and operational requirements for performance

and availability, and thus need metrics against which such thresholds can be

evaluated. Not only is it necessary to have visibility of metrics, but the means by

which those metrics can be communicated, such as triggers and integration with

reporting systems, must also be enabled.

The most common way to address this challenge is by integrating infrastructure

components with provisioning and orchestration engines. While such integration

handily addresses most of this challenge, it raises others. Not every component is

integrated with every provisioning and orchestration engine. Careful consideration

with respect to the integrations available for infrastructure components is required

to ensure this critical support is not overlooked.

The F5 solution

F5 has a long and proven history of support for and integration with the most

strategic data center partners in the world. From Microsoft to Oracle, IBM to HP,

9

White PaperSix Common Challenges of Cloud Implementations

and VMware to Dell, F5 maintains infrastructure and application alliances that

ensure the integration required not only exists, but is tested and proven by

both organizations.

F5 tightly integrates with the leading provisioning and orchestration engines,

enabling organizations to take immediate advantage of these integrations to form

the foundation for a private cloud implementation. F5 is also supported by popular

devops frameworks such as Opscode Chef, Puppet Labs Puppet, and CloudStack for

organizations implementing private cloud who are building their own provisioning

and management frameworks.

Challenge #3: Codifying deployment policies

Whether the goal is IT as a Service, transitioning to a hybrid architecture, or

operational consistency, the codification of reusable policies is a must. An application

control plane that can accept and apply the proper policies that govern security,

performance, and availability enable organizations to achieve greater economies

of scale within operations and ensure consistency of application deployments

regardless of the environment in which they reside.

Such policies must be flexible, however, to ensure location- and application-specific

parameters can be applied on a per-application or per-project basis. This means

accepting input in a way that abstracts the policy without losing any of its

configuration-specific implementation.

The F5 solution

F5 addresses this challenge with iApps™. iApps enables IT operations to define

application-specific deployments in a way that requires very little specific network

knowledge and no product-specific knowledge to configure. Each iApp codifies

the configuration and operational policies governing security, performance, and

availability of the application, and can be simply configured by application owners

either directly through a user interface or as part of an automated application

deployment lifecycle process.

iApps Templates can be invoked via the iControl API to ensure integration with

existing automation frameworks and orchestration engines.

Today, the F5 BIG-IP system integrates with:

· VMware vCloud Director and vSphere

· IBM PureSystems

· HP Cloud Maps

· Microsoft System Center 2012

· CloudStack

· Puppet Labs Puppet

· Opscode Chef

10

White PaperSix Common Challenges of Cloud Implementations

Goal: Transition to a Hybrid Model

For some organizations the end goal is a hybrid cloud architecture, one in

which public cloud resources are integrated into data center management and

infrastructure systems to enable cost reduction, elasticity, and flexibility. While

it’s not required to implement a hybrid model, some organizations normalize the

data center on a cloud computing–based architecture to ease integration efforts

with public cloud environments.

Regardless, organizations on the path to a hybrid model must have an architectural

approach that can support inter-cloud needs. The ability to bridge environments is

crucial in hybrid architectures, and organizations must consider identity and access

management in a multi-cloud environment.

Hybrid architectures necessitate the distributed deployment of infrastructure

and compute services, which includes policies that govern security, availability,

and access management. When this disjointed set of policies is deployed, it can

lead to operational inconsistencies in application delivery, ultimately causing

unpredictable availability and performance and failing to meet acceptable

operational and business requirements.

Challenge #4: Inter-cloud architecture

Designing a private cloud with the intention of transitioning to a hybrid architecture

can be intimidating. Hybrid architectures may necessitate significant changes to the

data center architecture in order to accommodate specific inter-cloud needs and

requirements at a later date. These requirements include secure interconnectivity

between the private and public cloud environments, and forethought about how

processes will span environments and what infrastructure components will need

to be replicated in the public cloud portion of a hybrid model.

The F5 solution

The BIG-IP system supports inter-cloud bridging via its iSession® capabilities.

iSession provides a secure and accelerated tunnel between private and public

cloud environments. Combined with support for network overlay technology such

as EtherIP, the BIG-IP system ensures network connectivity and IP routing that treats

the public cloud components as an extension of an organization’s private cloud.

Adding the WAN optimization functionality of BIG-IP® WAN Optimization Manager™

(WOM) optimizes traffic flowing between securely connected sites. Achieving

11

White PaperSix Common Challenges of Cloud Implementations

optimal performance enables organizations to perform live migration of virtual

machines and maintain performance levels required by business stakeholders.

In addition to supporting network-layer integration of cloud computing environments,

F5 solutions can broker application layer services required to integrate Software as

a Service (SaaS) and cloud-deployed applications. Integration at the service layer

enables single sign-on (SSO) in hybrid environments by consolidating authentication

and authorization inside the data center where the BIG-IP system can efficiently

control identity and access management.

By treating components and applications deployed in the public cloud as though they

were local components, the BIG-IP system can continue to integrate resources and

manage applications consistently across environments.

Data Center 2

Router

Storage Replication

Data Center

Router BIG-IP Global Traffic Manager

BIG-IP Local Traffic Manager

BIG-IP Local Traffic Manager

VM Replication

APP APP APP

APP APP APP

APP APP APP

APP APP APP

APP APP APP

APP APP APP

APP APP APP

APP APP APP

Clients

InternetCloud

BIG-IP Global Traffic Manager

Storage

ARX4000

ARX ARX Cloud Extender

Storage

Figure 5: F5 solutions enable inter-cloud architectures through bridging and virtualization.

Challenge #5: Operational consistency

Whether as part of a private or hybrid cloud implementation, maintaining consistency

in operational processes is critical to realizing the benefits of cloud-based models.

When operations is required to manage local resources via one methodology and

cloud-deployed resources use another, processes and policies become disjointed

12

White PaperSix Common Challenges of Cloud Implementations

and out of sync. These kinds of inconsistencies increase the cost of managing

the implementation and operational risk.

Performance, security, and availability may be compromised by inconsistent

or overlooked policies. Monitoring and visibility can be impaired by a lack of

functionality in cloud environments or by an operator’s failure to configure such

capabilities during the deployment process. While it’s more likely in an inter-

cloud environment, the multi-tenant nature of private cloud encourages silos of

application deployments that may suffer the same operational inconsistencies.

Such missteps jeopardize the realization of benefits of a private or hybrid cloud

initiative as well as the success of its deployment.

The F5 solution

The BIG-IP system addresses this challenge with a combination of technologies.

First, BIG-IP virtual editions are available for deployment in a variety of hypervisors,

so organizations can duplicate critical infrastructure whether for business unit,

department, or public cloud deployment. With F5 Device Service Clusters (DSCs),

the BIG-IP system can share and synchronize policies that govern application

security, performance, and availability, ensuring consistent management of

operational risk.

Finally, F5 BIG-IP solutions share a common operational interface and management

model regardless of form factor or location. This ensures that all F5 services,

including acceleration, access control, security, and availability, can be managed

consistently across and within cloud computing environments.

Goal: Virtualize the Network

Virtualized infrastructure, by its nature, makes less agile network dependencies

problematic. Traditional data center network designs rely heavily on integration

changes between virtualized network elements, like VMware vSwitches, and

traditional infrastructure deployments to work properly. The management policies

of the physical infrastructure can hardly keep pace with the rate of change in the

virtualized infrastructure. In fact, even if the physical infrastructure had mechanisms

for change notifications in the virtualized infrastructure, it would still be ill-suited

to do anything about it.

To address this disparity between the rate of change possible with virtualized

network elements and the rest of the infrastructure, the network must become

F5 BIG-IP Testimonial: Manufacturer Utilizes vCMP for Private Cloud

“Using the F5 vCMP for our private cloud, we are finally able to separate the management planes of different customers without proliferating physical appliances.”

Engineer, Global 500 Industrial Manufacturing Company

Source: TechValidate

TVID: 1D4-B25-544

Watch this F5 video to learn more about Virtual Clustered Multiprocessing (vCMP®).

13

White PaperSix Common Challenges of Cloud Implementations

service-enabled. There are solutions in various areas of the network that provide

service enablement, but other areas remain without APIs or service-enabled

control planes. This leaves whole areas of existing networks blind to changes,

making it impossible to use them to control network- and security-related policies.

Alternatively, network operators are facing complete redesigns with unknown

protocols or expensive upgrades to keep the current players in the game.

Challenge #6: Addressing topological dependencies

As virtualization has become the norm in server infrastructure, its benefits and the

challenges it was designed to meet—elasticity and portability—have shifted their

focus to the network.

Many organizations, having experienced success and realized multiple benefits

from their server virtualization initiatives, have begun to examine the virtualization

of the network. Such a transition is logical, but fraught with challenges unlike

those experienced during the server virtualization phase.

Most serious amongst these challenges is the impact of moving from primarily

static to dynamic network architectures. Failure to recognize that moving

from static to dynamic, from physical to virtual, requires the same functional

components—the same services—as the physical world can lead to failure

of the whole initiative. Firewall, load balancing, and security services are still

required as part of the overall network architecture. The network must still

exist—and perform—once it is virtualized.

The solution to this challenge lies with existing solutions for managing dynamism

in the server infrastructure. The ability to manage virtualized network services and

benefit from increased elasticity and resource utilization requires the same layer of

abstraction that provides the strategic control for virtualized application services:

an application delivery tier.

An application delivery tier is responsible for virtualizing the network service

and enabling the elasticity, flexibility, and lower costs sought by those whose

goal for private cloud is virtualization of the network.

The F5 solution

The BIG-IP platform is designed for scalability of services. With its ability to

support any IP-based architecture, it can provide a layer of abstraction for

virtually any service, network, or application. By abstracting network and

14

White PaperSix Common Challenges of Cloud Implementations

application infrastructure services through the BIG-IP platform, organizations can

virtualize network services without sacrificing the scalability and performance of

their hardware counterparts.

CONTROL PLANE

DATA PLANE

DNS UCS IAM AUDIT SECURITY

TMOS

Global Server Load Balancing

High Availability

Web Application

Firewall

Web Performance Optimization and Front-End Optimization

Deep Content

Inspection

NETWORK ABSTRACTION

GSLB

HA

WPO & FEO

DCI

WAF

Figure 6: The BIG-IP platform isolates control and data plane responsibilities, enabling organizations to virtualize the network by abstracting services.

Conclusion One of the advantages of using public cloud computing is that the abstraction

of the network infrastructure has already been achieved, and thus challenges

with network preparation for cloud computing have already been addressed.

As organizations move forward in their own private cloud initiatives, they will

invariably run head-on into the same or similar challenges, regardless of their

reason for building their own cloud computing environment.

While those goals may vary from organization to organization or even over time,

there are common network-related challenges. Understanding these challenges—

and their solutions—will enable organizations to chart a less perilous path toward

successful implementation. In particular, the readiness of the network in terms of

service-enablement, integration, and automation are paramount to architecting

a flexible but reliable foundation upon which cloud models can be based.

White PaperSix Common Challenges of Cloud Implementations

F5 Networks, Inc.Corporate Headquartersinfo@f5.com

F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com

F5 NetworksAsia-Pacificapacinfo@f5.com

F5 Networks Ltd.Europe/Middle-East/Africaemeainfo@f5.com

F5 NetworksJapan K.K.f5j-info@f5.com

©2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. CS01-00106 0612

F5 solutions are uniquely suited to enabling successful private cloud implementations

by helping organizations meet the network-related challenges they will encounter

along the way. Whether these challenges lie in the infrastructure and systems

integrations required to implement a private cloud, or in the need for consistent,

repeatable application deployments, F5 BIG-IP solutions and technologies provide

the foundation for a flexible, elastic application delivery tier for both private and

hybrid cloud architectures.