More blog posts in Cloud Builder ForumWhere is this place located?

Cloud Builder Forum

April 2011 Previous month Next month

When one hears of the advantages of cloud computing, the same benefits come up again and again.

 

  • The IT consumer gets real agility. This means instant response times to provisioning and deprovisioning requests – no red tape, no trouble tickets – just go.  The consumer also gets a radically different economic model – no pre-planning, no reservation, no sunk costs – the consumer uses as much as they want, grow and shrink in whatever size increment they want, and keep hold of the resources for only as long as they want.  Lastly, the consumer gets true transparency in their spending – each cent spent is tied to a specific resource used over a specific length of time.
  • If a proper cloud infrastructure is built, acquired, or assembled, the operations costs for the datacenter administrator are much lower than with traditional IT. Cloud infrastructure software, if done right, gives scale-out management of commodity parts by introducing (a) load balancing and rapid automated recovery of stateless components and (b) policy-based automation of workload placement and resource allocation.  Customer requests automatically trigger provisioning activity, and if anything goes wrong, the system automatically corrects.  The datacenter admin is relieved of the day-to-day burdens of end user provisioning and break/fix systems management.

 

The challenge in this world stems from the fact that for all this to be delivered, clouds must span organizational units. There needs to be economy of scale to drive down costs. There need to be many workloads from multiple customers peaking at different times to achieve the “law of large numbers” to achieve high utilization and predictable growth. Once you have multiple customers on the same shared infrastructure, you get the inevitable concerns – is my data secure, do I have guaranteed resources, can another tenant through malice or accident, compromise my work.

 

Clouds, both public and private, strive to provide secure multi-tenancy. Each service provider and each cloud software vendor promise that tenants are completely isolated from each other tenant. Obviously, different providers do this with varying levels of competency and sophistication, but there is no controversy regarding the need for this isolation.

 

Once you are comfortable with your cloud’s isolation strategy, though, you should turn around and ask, “How do I take advantage of multi-tenancy?”  We live in an ever more interconnected world and different organizations need to collaborate on projects large and small, short-term and long term. If two collaborators share a common cloud, or two or more clouds that can communicate with each other, shouldn’t the cloud facilitate controlled and responsible sharing of applications and data? Shouldn’t we turn multi-tenancy from the cloud’s biggest risk into its biggest long-term benefit?

 

To answer this challenge, we need to ask

  1. Why would we need to do this?
  2. Are there any specific examples of this today?
  3. How would we go about achieving a more generalized solution?

 

First, why would we do this?   There are many examples in many sectors.

  • Within large enterprises, different business units generally need to be isolated from one another, for privacy or regulatory reasons, or simply to keep trade secrets on a need to know basis. But, when large cross-functional teams are asked to deliver a complex project together, sharing becomes necessary.
  • Also in business, external contractors are used for some projects. How can they work as truly part of the team for one assignment, while being safely locked out of all other projects?
  • In education, universities collaborate on some projects and compete on others. How can the right teams work together openly while others are completely isolated?
  • In government and law enforcement at all levels, collaboration can save lives and property, but proper separation must be enforced to protect civil rights and personal privacy.
  • In medicine, doctors and insurance need to share certain records and results in order to streamline care, facilitate approvals, and reduce mistakes.   But, privacy must be protected with only the proper and allowed sharing taking place.

 

Since this seems like a nirvana state, the second question is what is practically being done along these lines today? To this, I would say that the SaaS providers have been on this path for some time. Google calendar allows you to selectively share your schedule in a fine-grained manner – who can see your availability, who can see your details, and who can edit your meetings. LinkedIn allows you to share your profile at varying levels of depth and regulate inbound messages based on your level of connection and common interests.

 

This leads to the third question – how can we do this more generally? How can a single cloud or a group of clouds facilitate generic sharing of any application or data without breaking the base isolation that multi-tenancy generally requires? Obviously, in a blog we can’t answer in gory detail, but we can discus some high level requirements.

 

1. Recognize distributed authority and have a permissions scheme that models this well

 

In all the examples we discussed in the “why” section, there was no shared authority. From the point of view of someone who wants to access something of someone else’s, there are two completely different and independent sources of authority. First, does my manager authorize me to be working on this project with these collaborators? Second, do those collaborators want to share with me, what exactly do they want to share, and what level of control over their objects do they allow me? A cloud that facilitates collaboration must have a permissions system that allows these different authorities to independently delegate rights without the need for an arbitrating force. Imagine if two government agencies needed to go to the president to settle an access control issue.  With doctors and insurance companies, who would a central authority even be? Once you have a permissions system capable of encoding multiple authority sources, you need the ability to apply that system to compute, storage, and network resources. You need to apply it to data and applications. You need to apply it to built-in cloud services and third party services.

 

2. Provide extremely flexible networking connectivity and security

 

Permissions speak to who can do what on what objects shared on a cloud network. The next part is about the network traffic itself. The cloud needs to govern connectivity in a secure, but still self-service manner. It will be impossible to build a responsive and agile collaborative environment over legacy VLANs and static firewalls. Once collaboration is setup politically, project owners need to be able to flip the switch to start the communication flow immediately. If a project ends, they need to be able to turn it off just as quickly if not faster. Given a project that already has network connectivity, as that project expands, new workloads added to the project need to be instantly granted the same network access as all the other workloads. For all this to happen, there need to be network policies that govern communications. These policies need to instantly regulate all new workloads on the cloud.  They need to be created, destroyed, and modified by the actual collaborators, not network admins. Lastly, these policies need to be governed by the collaborative permissions system described in requirement #1 so that proper governance is achieved without requiring a common authority.

 

3. Have a way to extend these systems across clouds

 

Once you have a permissions model and a networking model that work within a cloud, you need to extend those functions to work across clouds so that multiple organizations can share their resources amongst each other, not just when they share a common public or community cloud, but even when hosted in their own separate private clouds. For this to happen, identity must be agreed upon. User permissions from one cloud must be trusted by the second cloud so that those permissions can be mapped against what has been delegated by that second cloud. The networking policy mechanisms must be transferable across the Internet and take into account various levels of routing, NAT’ing, and firewalling.

 

Nimbula believes that we are on the path to providing general purpose collaborative clouds. Our flagship product, Nimbula Director, is architected to deliver this value in the long term and has taken substantial steps in this direction in our generally available 1.0 release. We recently completed a podcast and Webcast where you can learn more about Nimbula Director and the reference architecture we completed for the Intel Cloud Builders program.

 

Visit us at http://nimbula.com to use Nimbula Director on 40 cores for free and to download whitepapers and product documentation.

Last week “cloudgate”  entered the twitter-sphere and the concepts of cloud availability and security went from analytical  concepts to gut wrenching concerns (especially for my friends on Foursquare… would they still be mayor once  the app came back online?).  All kidding aside, cloud computing industry  hubris was provided a healthy dose of reality.  An  interesting perspective on this event was provided by George Reese.

 

Chicago_cloud_gate.jpg

 

While the future of cloud computing continues unabated as a  fantastic opportunity (and looks more like the real Cloud Gate shown above than  the doom and gloom of last week’s prognosticators), the need for hardened  solutions based on thoughtful, enterprise ready design has never been more  evident.  This starts with development at the confluence of hardware and  software and excellent engineering insight to build layer upon layer of cloud  infrastructure, something I spoke about in my recent blog on Day  in the Cloud in Beijing.

 

A perfect example of this engineering insight  was displayed in a recent conversation on cloud  security I had with Hytrust CTO Hemma Prafullchandra.   Hemma is one of those people who almost vibrate from too much intelligence… She  understands IT compliance issues inside and out as well as the layers of challenges in IT compliance and  security when applying virtualization and cloud to the data center.  She  was nice enough to provide me with a primer on the challenges IT managers face  and how Hytrust is delivering security controls that are as agile as workload  virtualization policies inside a cloud environment.  I found the  conversation incredibly insightful and reflective of IT’s continued focus on  security as a key requirement to address for widespread cloud computing  adoption.  If you’ve got questions for Hemma and the folks at Hytrust  after listening to this podcast please comment.

Maybe it’s because I’m in the capital city of a thousands  year old culture, but I found myself being philosophical in viewing the Day  in the Cloud event in Beijing yesterday.  As I walked around  the room looking at partners showcasing their cloud computing solutions developed in partnership with our Cloud  Builders program, I thought back on a quote from Thoreau that I’ve  always liked:

 

If you have built  castles in the air, your work need not be lost; that is where they should be.  Now put the foundations under them.


Listening to the cloud zeitgeist over the past couple of  years, one could easily surmise that cloud meant many things to many  people.  Software services, the next wave of virtualization…or web.   The death of the corporate data center perhaps or a one fits all model offered  by a large solutions provider.  To say that the industry has spent a lot  of time talking about cloud would be an understatement, but as you pull back the  curtains on the hype real value is revealed.  We see an ability to deliver  IT resources when and where they’re needed and to empower users the access to  the services they need in a timeframe that is inconceivable in traditional  terms.  With this change we also see the capability of IT organizations to  streamline operations and place their investment in solution innovation and  business value, not the steady stream of money going to oversight of current  assets that bleeds IT budgets today.  And ultimately, if done well, we see  a world where data centers can interconnect to flow compute capacity where  required and provide both individual users and corporations the security of  having the right IT compute capacity without the cost of  over-provisioning.  So perhaps the industry is correct in building our  castles in the air as we know that as an industry that’s where we’ve always  placed them and that’s where the greatest visions of the future can become  reality.

 

But just as we dream about this bold vision of a new  computing reality, we must reflect on the fact that the data centers of  tomorrow will continue to be run on hardware, and this hardware working  together with software developed to provide the security, efficiency and  automation the cloud requires, will form the foundation of our computing  future.  Intel  Cloud Builders is all about building that foundation in the form of  industry collaboration on focused cloud  computing reference architectures that address unique challenges  facing the evolution of data center computing to cloud models.  These are  the sticky technical requirements that IT is seek…things like trusted compute  pools, data center level automated efficiency…standard approaches to cloud  on-boarding…that will let cloud infrastructure grow from the early deployments  of today to the expected ubiquity of tomorrow’s vision.  And it’s in this  ubiquity that cloud delivers its real value and the wide scale federation of  data centers become a reality. Our second Day in the Cloud event featured eight  of our most recent reference architectures from some of the leading cloud  computing solutions providers in the China market as well as some of  our global partners.  For details on each of the reference architectures check out my teammate Rekha  Raghu’s blog.

 

What was fascinating about the  event for me as we started with presentations from Intel’s Jason Waxman and  Billy Cox, and as they told the story of Intel’s vision for cloud and the  details of the cloud builders program one editor raised his hand and said “I  have a simple question...why Intel and cloud”.  It’s a question I’ve heard  before (not unique to China), and it’s an understandable one that usually comes  from people who have heard all about the vision of cloud but not reflected on  the technology stacks required to deliver this vision.  Billy described  our deep engagement with leaders in the industry on our collaborative solutions  delivery, but I think the editor still didn’t buy it.

 

Intel Cloud Builders Day in the Cloud demonstrations to the press.

 

But then we moved  into the reference architecture room, with leading partners highlighting things like cloud on-boarding, trusted compute pools, and efficient data center  delivery.  There was Lenovo’s solution that provided a client aware  experience based on embedded APIs from Intel running on the hardware.  There were senior executives from Vmware and Microsoft speaking passionately  about how their reference architecture solutions are solving customer  requirements. There were senior technologists talking about the value  reference architecture collaboration with Intel has represented in hardening  their solutions. As groups of editors moved from solution to solution in a  frantic dance that Reuven Cohen CTO of Enomaly called “speed dating for the  cloud”, the rare glow of the results of deep collaboration was in there air,  and I think our guests saw the foundation being poured for broad cloud  deployments. We like to view it that as it has many times in the past, Intel  architecture forms the heart of this foundation with the performance engine to  fuel cloud technology integration and workloads such as Intel Trusted  Compute Technology (pdf) and Intel  Power Node Manager that help deliver the capabilities that will make  cloud evolution something IT can confidently navigate in driving to that vision  of cloud ubiquity.  Why Intel in the cloud? Because we want to continue to  enable the industry to build their castles in the air and provide the industry  the platform foundations to make these dreams a reality.

你好! Ni Hao! What a beautiful day here in Beijing at Day 0 of Intel Developer Forum!! Not a single cloud in the sky... Not a problem! We will make our own clouds with Intel Cloud Builders Program After an outstanding success at the USA Day in the Cloud event, I am here at the Day in the Cloud PRC event where a number of local Press Analysts and local cloud vendors are getting together to demonstrate the Intel Cloud Builders Reference Architectures. A great collaboration from our cloud builders partners in bringing this event together. The event highlighted how we, along with key industry advocates, are delivering on a cloud computing strategy of “Listen to customers --> Deliver technologies --> Develop the ecosystem.”  Some of the reference architectures that are being demoed today include several regional vendors, Fujitsu, Inspur, Huawei, Neusoft, Lenovo, PowerLeader and global vendors including VMware, Microsoft, Dell and Enomaly.  The goal of each of these refererence architectures are to help customers deploy their cloud by taking a set of use cases and solve a specific customer problem like power management, secure client access and building a cloud infrastruture. Any questions on what is in a reference architecture? Listen to my Conversations in the Cloud podcast for more information.

 

The event was kicked off by Jason Waxman, General Manager for High Density Computing. Jason highlighted the importance of this event where several partners are getting together to demonstrate how to address the problems of building and deploying a cloud infrastructure. He articulated our Cloud Vision 2015 around being federated—sharing data securely across public and private clouds; automated—so IT can focus on innovation and less on management; and client aware—optimizing services based on device capability to enable a secure and consistent experience across the IA-based compute continuum. He reinforced the value of the Open Data Center Alliance, with a membership of over 100 companies; they are focused on creating a usage model roadmap to set requirements for inter-operable data center solutions

 

Here are the details of each of the reference architectures being demonstrated today:

photo.JPG

Build Real Clouds with Enomaly ECP and Dell: The Enomaly Elastic Computing Platform Service Provider Edition (ECP SPE) running on top of Dell based hardware built on Intel® Xeon® processors form an ideal platform for high-density and multi-tenant cloud infrastructure. When IT architects combine scalable Dell systems, efficient Intel Xeon processor 5600 series, and ECP SPE, they can support very large clouds with many thousands of servers in complex designs. This reference architecture will help IT professionals to quickly achieve the benefits of infrastructure as a service (IaaS) in very large organizations. It will be of most interest to organizations with unique, cloud-ready workloads that need to remain under close control. Check out Rueven Cohen, CTO of Enomaly Inc's blog to learn more about Enomaly cloud products.

 

Simplify Cloud Deployments with Fujitsu Primergy CX100 and VMware vCloud* Director:This Fujitsu Dynamic Cloud reference architecture is built on the PRIMERGY CX1000, an innovative scale-out cloud server infrastructure platform that allows companies to scale big by packaging 38 industry-standard x86 server nodes, based on Intel® Xeon® processor technology, into a dedicated datacenter rack with shared cooling architecture and a small footprint. PRIMERGY CX1000 optimizes the data center density, power consumption and heat dissipation problems in a one step approach with its innovative shared cooling architecture, Cool-Central*. This architecture enables companies to see significant reduction in energy consumption and dramatic savings in data center space, thus removing the strong inhibitors for cloud data center setup. VMware vCloud Director works with this solution to provide the interface, automation, and management features that allow enterprises and service providers to supply vSphere resources as a Web-based service.

Check out this awesome hardware with preconfigured vCloud stack being demonstrated today!

 

Accelerate to the Cloud with Huawei SingleCLOUD: Huawei SingleCLOUD* solution is designed for the cloud computing data centers of Cloud Service Providers and enterprise customers. Based on the SingleCLOUD solution, Cloud Service Providers construct network-based office environments which provide “pay as you go” server and storage services for enterprises, especially small and medium enterprises. This reference architecture discusses the Huawei SingleCLOUD solution optimized on Intel Xeon® processor-based platforms and describes how to implement a base-solution to build a more elastic and complex environment of cloud computing.

 

Efficient power management with Neusoft Aclome Cloud:Neusoft Aclome* provides a complete cloud computing solution for enterprise IT infrastructure, enabling customers to receive the benefits of the cloud without too much additional work to build and validate the solution. This reference architecture provides a step by step guide to build a cloud and optimzie power management using Neusoft Aclome and Intel Intelligent Power Node Manager.

 

Simplify your private cloud deployments with Microsoft System Center Virtual Machine Manager and Power Leader Rack Servers: For cloud service providers, hosters and enterprise IT organizations who are looking to build their own cloud infrastructure, the decision to use a cloud for the delivery of IT services is best done by starting with the knowledge and experience gained from previous work. This reference architecture outlines a private cloud setup using Windows Server, Hyper-V* and the Microsoft System Center Virtual Machine Manager Self-Service Portal* 2.0 (VMMSSP) on the Powerleader Power-Rack* (PR) Series Servers, powered by the Intel® Xeon® processor. VMMSSP is a free, partner-extensible portal that enables private cloud and IT as a Service with Windows Server, Hyper-V and System Center Virtual Machine Manager. With the portal, customers and partners can dynamically pool, allocate, and manage resources to offer Infrastructure as a Service (IaaS).

 

Policy based Power Management with Dell and VMware: VMware vSphere* and Intel® Intelligent Power Node Manager (Intel Node Manager), integrated by using Intel® Data Center Manager (Intel DCM), extend the ability of cloud and virtualization resource management engines. This solution reduces total cost of ownership by enabling users to monitor and cap power in real time at the server, rack, zone, and data center levels. This reference architecture details how the use of Intel Node Manager, Intel DCM and VMware vSphere on Dell* PowerEdge* servers yielded power savings through the deactivation of unnecessary hosts and the migration of workloads to fewer servers during periods of low resource utilization. It will be of most interest to administrators and enterprise IT professionals who seek power management solutions to achieve better power efficiency within new or existing data centers.

 

Client-aware Cloud Demo with Lenovo and Stoneware: Lenovo and their ISV partner Stoneware along with Intel have collaborated to enable platform optimized delivery of cloud services.  Secure cloud access (SCA) is based on a balanced approach to delivery of cloud services that takes advantage of the intelligent infrastructure enabled by Intel end to end cloud solutions.  Together with Lenovo and Intel, Stoneware has enabled their application detect compute, context and capabilities of ThinkPad and ThinkCentre platforms based on 2nd Generation Intel Core and Core vPro Processors .  Equipped with this information, users can dynamically optimize service delivery based on the ability to execute all or some portion of the application in either the cloud data center or on the end point device.

 

Design and deploy a cloud with Inspur Vertical Cloud: “Inspur Vertical Cloud” is focused on addressing the specific requirements defined and maintained by a particular vertical business or a group of businesses in the same vertical segment. This reference architecture is focused on helping industry partners to build cloud platforms that meet the basic needs of  the vertical customers, so that the cloud solutions will be simplified, energy efficient, secured, and intelligent. It will allow users to easily access cloud services provided by such cloud platforms and enjoy the full benefit of cloud computing.

 

Dont worry if you are not at the event. We will be posting more information on the demos on the Intel Day in the Cloud website.  To learn more about each of these reference architectures being demostrated today, please visit the Intel Cloud Builders reference architecture library.

 

Signing off from Beijing! Have a great time at Intel Developer Forum! 再见 zài jiàn!

Filter Blog

By author:
By date: By tag: