Technical Overview

Abstract A technical overview detailing the architectural design, capabilities, benefits and features of CloudBolt Command and Control (C2), the Next-Generation Cloud Manager. CloudBolt C2 Cloud Management technology layers a fully integrated, and customizable private cloud that enables hybrid cloud capabilities across multiple cloud platforms and frameworks, including software-defined networking (SDN) products such as network virtualization platform (NVP) technology. CloudBolt C2 addresses an enterprise organization’s requirements with regards to a scalable shared IT infrastructure using a common enterprise model that can deploy IT and networks as a service, increase agility, and remain sustainable in the face of rapid changes in IT requirements.

51 Monroe Street, Suite 805, Rockville, MD 20850 P: 703-665-1060 • F: 703-665-1061 www.cloudboltsoftware.com CLOUDBOLTA CLOUDBOLT • TECHNICAL WHITE OVERVIEW PAPER

Contents Cloud CIO: Own The Disruption Introduction 3

1.0 How Deploying CloudBolt C2 Impacts IT Operations 5 1.1 Centralized Point of Command and Control over IT Configuration, Utilization, Management and Delivery of Services in a Single Pane of Glass 5 1.2 Integration of Data Centers 6 1.3 Innovativeness 6 1.4 Uniqueness 6

2.0 Technical Synopsis 8 2.1 Overview of CloudBolt C2 Architectural Design 8 2.2 Technical Objectives for a CloudBolt C2 Implementation 11 2.2.1 Installation Prerequisites 11 2.2.2 User Authentication 11 2.2.3 Integration with Existing Resources 11 2.2.4 Network Virtualization Platform (NVP) Technology Integration 11 2.2.5 Modeling of Groups and Environments 12 2.2.6 Automated Self-service Provisioning 12 2.3 Comparison to the State of the Art 14 2.4 Degree of New and Innovative Research 14

3.0 Benefits 15 3.1 Seamless Resource Management 15 3.2 Present and Future Scalability 15 3.3 Centralized Point of IT Control via a Unified User Interface 15 3.4 Secure 16 3.5 Agility 17 3.6 Vendor Agnostic and Agentless = Upgrade Safe and Sustainable 17 3.7 Leverage and Manage Capacity 17 3.8 Manage Software Licenses and Track Data Analytics 18 3.9 Maintain Existing Policies and Procedures 18 3.10 Configure Parameters 19

4.0 Key Performance Indicators (KPIs) 20 4.1 Improved Efficiencies 20 4.2 Increased Productivity 20 4.3 Reduction in Costs 20

5.0 Stage of Development 22

6.0 Technical Approach for Installation 23 6.1 CloudBolt C2 Virtualization Edition 23 6.2 CloudBolt C2 Enterprise Edition 23

7.0 Potential Risks of Product Implementation 25

Introduction

Cloud computing is about enabling cost-effective business by sharing the compute power of resources; however, if metrics don’t translate into a measurable gain in productivity, return on investment from existing investments in IT, and cost savings that increase profit margins, a cloud solution can become just another weight burdening the IT infrastructure. Enterprise organizations that have made significant investments in virtualized IT and are constrained by them are especially concerned with what cost benefits and business capabilities are achieved on implementation of a cloud computing platform.

Historically, managing and maintaining IT investments in hardware vested an organization in an infrastructure that required considerable capital and operating expenditures to keep up. Many enterprise organizations moved quickly to embrace the commoditization of proprietary hardware with virtualization in order to reduce those costs. Virtualization effectively decouples computing power from physical hardware. Resources can be managed better and virtual machines can be spun up as needed, but virtualization is not cloud. Even though network and server virtualization effectively decouples computing power from physical hardware and shifts this burden closer to the end-user, virtualized workloads still need management. A secure Cloud Manager can organize these resources, and provide a way to manage capacity that delivers access to these resources as Infrastructure as a Service (IaaS).

Managing capacity and successfully delivering IaaS requires effective management of IT resources and infrastructure across multiple platforms, tools, public clouds and cloud frameworks using a common management solution on a cloud platform. CloudBolt C2 provides a Cloud Manager that delivers an IT resource management technology solution and a means to deliver IaaS with the flexibility to evolve with an organization’s IT business strategy, and successfully control costs to ensure business growth.

CloudBolt C2 technology significantly simplifies and changes the way virtualized IT resources and networks are configured, managed and delivered by standardizing the automation of workloads. A single unified user interface provides a view of the entirety of IT and a centralized point of control, making it possible to build, manage and support highly scalable and secure single and multi-tenant environments without regard for how the underlying physical infrastructure is designed and deployed.

Enterprise organizations maintain and operate a wide range of IT resources and technologies to meet rapidly changing requirements and strategies. IT admins have severely limited abilities to deliver these resources for end user needs at scale, and on-demand. At present, the two most difficult and time-consuming system delivery operations are the configuration and delivery of servers, networks and storage. Configuration and delivery functions require highly skilled personnel who are oftentimes challenged with an overwhelming number of requests to fulfill.

CloudBolt C2 enables the sharing and complete utilization of the compute power of resources across multiple platforms and clouds by rapidly deploying an on-premise private cloud that enables hybrid cloud capabilities. With functionality across multiple platforms, resource management tools and cloud frameworks, CloudBolt C2 makes it possible to leverage and manage the entirety of IT resources using a single resource management tool. That translates into rapid responses to changes in requirements that are securely controlled by IT admin, significantly increasing efficiencies and productivity. End users access to data, resources, environments and

© 2013 CloudBolt Software, Inc. | www.CloudBoltSoftware.com 3 © CloudBolt Software, 2012 • CloudBolt Publication v.20121204 CLOUDBOLT • TECHNICAL OVERVIEW networks is controlled by IT admin with highly configurable role based privileges and permissions that may be restricted or granted with just a few clicks.

On deployment, CloudBolt C2 makes IT resources highly visible and presents them as cloud. The innovative design of CloudBolt C2 architecture opens the door to exceptional functionality, both as a resource management tool with extensive metering and reporting features, and as a cloud solution. It layers on top of IT resources and makes them available as cloud without altering the resource pool or attaching itself to IT, making it future proof and upgrade safe. As it is agentless and vendor agnostic, it can be integrated with products from multiple vendors, including Network Virtualization Platform (NVP) such as VMware network virtualization (formally known as Nicira), as well as proprietary software applications without attaching itself to any part of the installation. New technologies can be rapidly integrated into the existing pool of resources for configuration of environments, or phased out. These capabilities are on-demand and without ripping or replacing any existing IT. CloudBolt C2 makes it possible to create solutions that can free up an enterprise organization’s internal business units to focus on their core business, and move forward with new strategies that aren’t tied to IT restrictions.

1.0 How Deploying CloudBolt C2 Impacts IT Operations Figure 1: CloudBolt C2 Impact on IT Operations (in Enterprise Environments)

CloudBolt C2 provides key capabilities in a virtualized enterprise environment by facilitating:

Fully transparent IT presented as cloud via a unified user interface that provides command and control over the management, maintenance, delivery and utilization of IT from a centralized point of access

Rapid integration and interoperability of existing IT assets in multiple data centers

Scalable shared IT infrastructure using a common enterprise model that can manage capacity and deploy IaaS across multiple cloud frameworks and platforms

Increased agility in meeting strategic and operational IT goals

On-demand deployment of shared, customized environments on-demand, restricting or granting end users access to data, resources and environments with highly configurable role based privileges

Sustainable IT resources even as requirements and technologies change

Agentless and vendor agnostic, making it possible to implement strategies of services in any environment or data center(s) and support the adoption or phasing out of technologies on- demand

Management of software licenses

Automated workflows for provisioning, maintaining and managing IT

Enables long-term strategic planning of IT and operational goals that isn’t tied to restrictions from IT

1.1 Centralized Point of Command and Control over IT Configuration, Utilization, Management and Delivery of Services in a Single Pane of Glass

Managing utilization of complex IT resources is becoming increasingly difficult to effectively coordinate. CloudBolt C2 provides a central point of command and control over the orchestration of multiple cloud and data center technologies, and enables viewing and managing the entirety of IT resources in a single pane of glass. CloudBolt C2 provides flexibility in the delivery and management of computing resources and networks via a unified user interface with highly configurable parameters. Role based permissions and privileges can be configured to restrict or grant access to data, resources and environments on-demand. End users can request and access IT resources using a self-service web-based portal that implements an automated customized ordering and provisioning system.

CloudBolt C2 provides IT admin with a single interface for managing IT resource capacity and software licenses, maintaining IT, and creating recipes that determine how and where workloads are delivered. Implementing CloudBolt C2 enables a streamlined vendor agnostic cross coordination of access rights and use of IT resources, and this significantly impacts an enterprise organization’s ability to deliver the necessary compute, network and storage resources in a controlled, secure way to end users.

1.2 Integration of Data Centers CloudBolt C2 layers on the top of IT resources, and is vendor agnostic and agentless so it can work with products and product categories from multiple vendors without attaching itself to the installation. This approach allows for integration of data centers using new or existing IT assets, without requiring replacement or the purchasing of new IT.

CloudBolt C2 integrates with and supports enterprise virtualization products such as VMware and Xen, as well as frameworks such as OpenStack, Eucalyptus, and Amazon Web Services for VM provisioning in private and public clouds. CloudBolt C2 has advanced capabilities for integration with SDNs such as Nicira, and can enable an enterprise organization’s users to easily and efficiently create software-defined networks (SDNs) and provision VM workloads that are automatically set to communicate on these virtual networks. Providing this functionality on-demand empowers an enterprise organization to rapidly create, deploy, use and destroy workloads made up of compute, network and storage.

1.3 Innovativeness CloudBolt C2 is the Next-Generation Cloud Manager, a relatively new introduction in cloud technology. The purpose of a Cloud Manager is to organize and pull together the myriad of IT resources an organization must manage, maintain and operate, and provide a means to elastically meter and deliver these resources in a centralized and secure way. CloudBolt C2 removes obstacles that restrict interoperability of IT resources, and enables some very unique capabilities that are of particular importance to an enterprise organization.

One of these capabilities is integration with NVP technology such as VMware network virtualization (formally Nicira), which provides a method to deliver SDNs. CloudBolt C2 has innovative architecture that enables exceptional functionality and provides the necessary link between NVP, server virtualization and server and software provisioning technologies. This enables delivering virtualized workloads that utilize NVP networks. CloudBolt C2 enables IT admin to rapidly incorporate and stand up environments using new IT resources as they are needed, upgrade or phase out unnecessary technologies.

1.4 Uniqueness CloudBolt C2 provides a unique technology that significantly improves and enhances utilization and delivery of virtual computing resources by deploying an agentless, vendor agnostic private / hybrid cloud that integrates and manages cloud based resources in multiple locations and across platforms of computational resources.

Enterprise organizations have continuously changing and demanding requirements for providing secure access to IT resources. CloudBolt C2 is designed to integrate with and link together many of these resources so that they can be dispensed to organizations or groups in a controlled, customizable fashion while allowing for management of capacity, designating specifications for built-out resources, and tracking resource

© 2013 CloudBolt Software, Inc. | www.CloudBoltSoftware.com 6 CLOUDBOLT • TECHNICAL OVERVIEW consumption. For an enterprise organization that has already included virtual computing and networking in its strategy to improve resource utilization and delivery of IT resources, CloudBolt C2 provides the glue that binds together all of the disparate pieces of their IT puzzle.

At the present time, CloudBolt C2 is the only Cloud Manager offering that combines management of enterprise class server virtualization (e.g., VMware, Xen), virtual networks, as well as public and private cloud resources (e.g., Amazon Web Services, OpenStack, Eucalyptus) into a common platform that enables the delivery of Infrastructure as a Service (IAAS) for an enterprise organization’s IT consumers. This translates into capabilities that allow an enterprise organization to deliver access to both internal IT resources and external private-public cloud resources from a centralized point of control.

2.0 Technical Synopsis

Enterprise organizations maintain and operate a wide range of IT resources, and the ability of IT admins to deliver these resources for end user needs at scale and on demand is severely restricted. Implementing CloudBolt C2 simplifies, and significantly increases efficiencies for the most difficult and time-consuming operations in IT:

• system delivery operations: server, network and storage configuration and delivery • tracking, maintaining, and managing IT resources • software license management

CloudBolt C2 effectively integrates with and manages IT and infrastructure across multiple platforms, tools, public clouds and cloud frameworks enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing that can be rapidly provisioned and released with minimal management effort.

The architectural design of CloudBolt C2 provides highly configurable options for delivering Infrastructure as a Service (IaaS) and managing capacity by deploying an IT resource management technology solution with the flexibility to evolve with rapidly changing IT requirements. The architectural design of CloudBolt C2 offers exceptional functionality that enables an enterprise organization to transform core IT activities, yielding significant capabilities and benefits. A technical understanding of the architecture is essential to understanding how CloudBolt C2 enables this functionality, remains upgrade safe, vendor agnostic, agentless and evolves with an enterprise organization’s future IT requirements.

2.1 Overview of CloudBolt C2 Architectural Design CloudBolt C2 consolidates visibility to IT assets, presenting them as a tightly integrated resource pool that offers seamless operations across multiple platforms and IT resources. The innovative CloudBolt C2 architecture is specially designed to manage a heterogeneous mix of technologies, maintain complex configurations, and obviate the need to interact with a series of different product interfaces in order to accomplish a single task. CloudBolt C2 features an elegant data model, an orchestration engine, and an abstraction layer that enable an enterprise organization to achieve strategic IT goals while lowering the costs associated with operations, empowering users of resources, and providing greater visibility into resource usage patterns.

CloudBolt C2 architecture enables capabilities and provides benefits that make it possible to maximize efficiencies across the board once it is integrated, securely and readily deploying customized environments. CloudBolt C2 is designed to integrate with and enable interoperability of a heterogeneous mix of IT resources, and deliver extensive IT maintenance, provisioning, and management capabilities. The inherent power of the C2 design model is what makes it possible to create solutions that can free up an enterprise organization’s internal units to focus on their core mission, and move forward with new strategies that aren’t tied to constraints from IT restrictions.

The Security Layer The Command and User Authentication Control interface provides • Supports PKI a single point of entry for • Enables use of LDAP or Active Directory (AD) self-servicing provisioning and • C2 can maintain its own database administration of IT. The unified • Integration with customized security software user interface only exposes data, Role Based Access (RBAC) resources and networks that are • Flexible parameter configuration that exposes made available to an end user by only the options for data, resources and networks IT admin. that have been made available to the end user Orchestration Engine and Orchestration Hooks The Orchestration Engine is an IT Resource IT Personnel and Executives internal method of handling Consumers workflows and jobs. The recipes RESTful API for executing jobs are handled REST makes use of Self-Service Portal Command & Control Interface Private Cloud asynchronously. It communicates standard HTTP verbs, with the abstraction layer to hand URIs and Internet media Single Sign-on — LDAP/AD Role-Based Access Control Security Layer off tasks to external systems and types. Requests are PKI Authentication then follows their progress writing made via HTTP to make significant events back to the C2 a driver or program Orchestration Engine data model so that all activities are module available in the RESTful Orchestration API Hooks tracked as part of the audit log for computer to perform the Data Model servers. operation or that soft- Workow Recipe Org Structure Con g Info ware must be linked into The Orchestration Engine also Abstraction Layer the existing program to allows for customer extensibility; perform the tasks. Data is Hypervisors Physical Automation Frameworks Network & Storage it checks for relevant customer- Hardware1 Vendor Hardware2 Vendor Hardware3 Vendor Hardware4 Vendor Hardware5 Vendor returned in XML, JSON or AutomationDCA 1 AutomationDCA 2 AutomationDCA 3 AutomationDCA 4 AutomationDCA 5

Framework 1 Framework 2 Framework 3 Framework 4 Framework 5 provided hooks and runs them if Hypervisor 1 Hypervisor 2 Hypervisor 3 Hypervisor 4 Hypervisor 5 Hypervisor 1 Network Network Network Network other data formats. Storage Storage they apply. In addition, each job 1 2 2 3 can define additional hook points where a customer can add their own custom logic to the process..

Abstraction Layer Data Model Offers a well-defined interface for C2 to talks to Designed capture and store a cus- different classes of plug-in connectors, allowing tomer’s organizational hierarchies, for rapid addition of plug-ins for previously server environments, networks, unsupported technologies. Integration with ordering processes and parameters, products or product categories from multiple the cost of resources over time, and vendors: hypervisors, physical hardware, IPMI the mapping between them all. The enabled, automation technology, storage, data model allows for great specificity cloud frameworks and platforms, and network in the customization of the ordering virtualization platform (NVP). process, and the choices that are made available to end users.

Figure 2: CloudBolt C2 Architecture

The Data Model The CloudBolt C2 data model is designed to capture and store a customer’s organizational hierarchies, server environments, networks, ordering processes and parameters, the cost of resources over time, and the mapping between them all. CloudBolt C2 has a unique approach to modeling server ordering parameters that allows for easily extending and customizing the ordering process for each different data center environment and organizational hierarchy of groups or internal business units. For example, a QA team may be given a much simpler set of questions to answer when ordering servers than a production deployment team. Similarly, both of those teams may need to answer slightly different questions when ordering servers in different data centers. The power to customize the ordering process is in the hands of the group and environment IT admins, and is simple and intuitive using the web interface for CloudBolt C2.

The Abstraction Layer CloudBolt C2 has been designed with a two-part separation between its own core logic and the external systems with which it interacts. This abstraction layer features a well-defined interface through which CloudBolt C2 talks to different classes of plug-in connectors, allowing for rapid addition of plug-ins for previously unsupported technologies. This allows CloudBolt C2 field engineers to add new capabilities in the field, so that customers do not have to wait for new CloudBolt releases to have their technologies supported. Built with object-oriented design principles, the abstraction layer also defines a relationship between a particular technology and different versions of that technology. This allows changes in APIs from one version of a product to the next to be accommodated with minimal effort, and without creating new copies of an entire connector for each new version.

The Orchestration Engine Internally, CloudBolt C2 contains a system for handling jobs and workflows that is referred to as the Orchestration Engine. This component asynchronously manages complex orders (such as the build out of an IT service consisting of many individual, distinctively configured servers), taking them through an approval process that may differ depending on the group or environment, communicating with the abstraction layer to hand off tasks to external systems and then follow their progress, and writing significant events back to the CloudBolt data model so that all activities are tracked as part of the audit log for servers.

The Orchestration Engine also allows for customer extensibility. Four times in the execution of all jobs, it checks for relevant customer-provided hooks and runs them if they apply. In addition, each job can define additional hook points; for example, the provisioning job has an additional seven points where a customer can add their own custom logic to the process. This feature would enable an enterprise organization to achieve goals such as provisioning physical storage based on customer input, emailing certain groups if the build matches specific criteria, and contacting customer monitoring systems to enable monitoring if a user selected that option.

The backend extensibility of CloudBolt C2 is especially potent when combined with the extensibility of the data model. By using both of these systems, customers have the ability to customize the front and back end ordering parameters, and then to use those parameters in orchestration hooks during the orchestration engine’s provisioning process. The combined front end and back end extensibility of CloudBolt C2 makes it unparalleled in the power that it puts back in the hands of IT admins.

2.2 Technical Objectives for a CloudBolt C2 Implementation 2.2.1 Installation Prerequisites In order for a successful installation to take place, end users must make certain that specific requirements are met, and that instructions for installation are carried out properly. CloudBolt C2 is distributed as an open virtualization appliance (OVA), which is an open standard for packaging VM images that is easily installed.

Prerequisite Architecture Checklist A running VCenter 5.0 installation Virtual capacity for: • 2 CPUs • 4 GB memory • 10 GB storage

Figure 3: Prerequisites for Installation

2.2.2 User Authentication CloudBolt C2’s Security Layer has been designed to incorporate PKI based user authentication. In addition to supporting PKI, it also enables the use of LDAP or Active Directory authentication schemes as well. If none of these methods are available, it maintains its own database for authentication of users.

2.2.3 Integration with Existing Resources CloudBolt Software integrates with IT resources and with NVP technology to provide a fully functional method of delivery for IaaS. CloudBolt C2 does not require any additional software or hardware to make it work, nor does it require the de-installing or installing of any other software or hardware. Extensible modular connectors to configuration management and DCA tools like hypervisors, IPMI enabled hardware, networks, cloud frameworks, storage, security software and public cloud providers, allow the full range of IT products to be managed, maintained and provisioned with automated workflows using CloudBolt C2.

2.2.4 Network Virtualization Platform (NVP) Technology Integration In an enterprise organization without virtualization technology, the creation and configuration of new networks requires a network engineering team to manually configure network devices. The process is often difficult and arduous as a lengthy troubleshooting process ensues between network engineers and the server team when the network does not function as expected. The advent of server virtualization has added the virtualization administrator to this process to make the new network available within the hypervisor. The process is sufficiently cumbersome enough that IT administrators aggres- sively avoid the activity, and instead reuse and overload existing networks to the detriment of the end users of IT. Avoiding the creation of new networks impacts development and quality assurance more adversely than production as it causes pre-production environments to drift from production. That cre- ates unexpected environmental problems when applications are promoted to production (e.g., hours after the site goes down, “ah, it doesn’t work when service X is not on the same subnet!”).

The level of difficulty of a technical procedure should not dictate the processes undertaken. Technology should act as a catalyst of change, rather than an inhibitor. NVP moves the state of technology forward by abstracting the network from the underlying hardware, and eliminates dependency on high-end networking hardware and specialists trained in the configuration of proprietary hardware. This advancement provides an opportunity and a challenge. The opportunity is to move the task of configuring networking closer to the groups that need the networking. The challenge is to expose this functionality in a way that is simple enough that the average consumer of IT can take advantage of it. CloudBolt C2 solves this challenge for an array of technology, including NVP, and is currently the only Cloud Manager with NVP management capabilities.

Combining CloudBolt C2 cloud management capabilities with network virtualization technology offers significant advantages that make it possible to transform physical network and compute assets into a consumable pool of resources that can be repurposed, on demand. Network virtualization products (e.g., VMware network virtualization, formerly Nicira NVP) provide a method by which to implement Software Defined Networks (SDNs). Integrating C2 with a network virtualization product is a powerful tool that fully leverages network virtualization APIs and self-service provisioning to allow users to create complex, secure networks independent of the underlying network hardware entirely in software.

How Does It Work?

Network virtualization abstracts the network from the underlying hardware, and minimizes the need for high-end networking hardware and specialists trained in the configuration of proprietary hardware to create complex network topologies. This advancement moves the task of configuring networking closer to the groups that need the networks; however, exposing this functionality in a way that is simple enough for an average consumer of IT to take advantage of it to create SDNs is not possible with a network virtualization product alone. CloudBolt C2 solves this challenge with a cloud management platform with the capability to define and deploy new logical networks within and across hypervisors while simultaneously provisioning VMs into those networks.

CloudBolt C2 provides an exceedingly simple web interface for end users requesting new virtual networks as well as servers. C2 guides these requests through an approval process and then takes action on them, taking care of communication and orchestration with complex back-end systems like network and server virtualization, and configuration management systems. The CloudBolt C2 Enterprise Edition enables features such as adding fine-grained permission controls around the creation and deletion of virtual networks; granting end users the ability to save a composite network- server order as an “application” for rapid re-deployment of complex services. This functionality makes it possible for end users to easily create entire labs and data center environments in minutes with just a few graphically-driven choices. Not only does this accelerate and automate existing tasks facing IT organization, it also enables them to work in ways that were heretofore impractical or impossible, granting end users an unsurpassed level of self-sufficiency.

2.2.5 Modeling of Groups and Environments Utilization of a group hierarchy allows for delegating authority and responsibility downward in an organization. Groups in CloudBolt C2 reflect how an organization’s hierarchy is structured, and may be configured by any parameter according to an organization’s hierarchy structures.

Groups in C2 map users to roles for a specified set of environments. The concept that group and environment selections can determine the parameters for server construction is central to C2. End users on a group are assigned a role or multiple roles. Each type of role allows for specific privileges to be designated with regards to the environments and resources available to them individually, and in their group.

2.2.6 Automated Self-service Provisioning The CloudBolt C2 Order Request and Approval System is a self-service portal for IT resources. Request- ing a server(s) by an end user is accomplished in the Order Request and Approval System. End users specify resources and configurations by adding items to an order. The order is then submitted to an authorized user for approval. Generally, orders are then reviewed by an administrator with approval privileges and the request is either approved or denied. Once an order is approved, resources are automatically provisioned and made available.

The Order Request and Approval System can be configured to support various business processes, and can bypass approvals completely by enabling auto-approval on a per-group basis. Orders can also be routed to third-party catalogs of inventory, or purchasing systems. Users can modify server resources and configuration by submitting a modification order which follows the same approval process as an order placement. Once an order or modification is approved, CloudBolt C2 orchestrates the provisioning process.

Role Based User Interface for Self-Servicing Provisioning The self-service portal for provisioning utilizes two roles: Requestor and Approver.

Role Role Definition Permissions Requestor End user placing an order for • Submit provision orders a server(s) • Submit decommission orders for any servers that they own, even if they have lost the Requestor role • Can only view environments and servers that have been exposed to them • Limited to designated available actions via role-based access control (RBAC) as set by an administrator • Can choose from pre-configured options limited to request options and choices made available to them

Approver End user who has permission • Approval of requests for end users, groups and sub-groups for which to approve a server request(s) they have the Approver role

Figure 4: Self-Service Portal Roles Pre-configurations CloudBolt C2 offers a great deal of flexibility in provisioning, and in what can be offered to end users. The customizable order request and approval system can provide pre-configurations that are simple, limiting requestors to just a few choices, or more complex options if required. Complex pre- configurations open up choices (e.g., for networks and environments), allowing end users with more specificity in their requirements to further customize their requests.

Pre-configurations reduce the need for configuration management expertise from subject matter experts (SMEs), and reduce end user training requirements. The ordering system may be configured to point to an external catalog, and then point back to have the job automatically provisioned in

CloudBolt C2. Whether orders are placed from within CloudBolt C2 or from an external catalog, order approvals can be set be to provision automatically if they fall under a quota, or receive permission based approvals, and can be set with customizable options for timed email reminders.

Figure 5: Order Entry Form for Simple Pre-configuration

A unique feature of CloudBolt C2 is that it can remove the obstacles inherent in utilizing networks in a virtualized environment. IT admins can access, manage, and utilize existing virtual and fixed networks as well as ones created using NVP, and make those network options available to end users for use on- demand.

2.3 Comparison to the State of the Art CloudBolt C2 is currently the only Cloud Manager that offers software license management and integration with network virtualization technologies. New features have been and continue to be rapidly developed and integrated since the original release of version 2.0 in September 2012. Version 3.5 was released December 21, 2012.

2.4 Degree of New and Innovative Research Innovative CloudBolt C2 capabilities are the result of its singular architectural design. The engineering and development team is currently expanding the features that can be developed according to a road map outlined by CloudBolt Software’s CTO which is available to enterprise customers upon request. CloudBolt Software can provide further research and development that is in accordance with an enterprise organization’s requirements when it is mutually agreed upon.

3.0 Benefits

3.1 Seamless Resource Management Seamless operations translate into features that free up IT admins by making the whole of IT fully visible and available as cloud, while automating job provisioning and workflows across multiple platforms, and cloud frameworks from various vendors in a single pane of glass. A single user interface provides the means to configure, allocate, provision, manage and maintain IT.

Figure 6: CloudBolt C2 IT Admin UI

3.2 Present and Future Scalability CloudBolt C2 architecture enables interoperability so an IT admin can deploy any configurable environment using customized parameters for end users, mission-critical data, or test environments in minutes, using new or existing resources and technologies. CloudBolt C2 provides scalable shared IT infrastructure using a common enterprise model that can deploy IT and networks as a service, increase agility, and remain sustainable in the face of rapid changes in IT requirements. CloudBolt C2 will provide an enterprise organization with elastic scalability that can work with existing IT resources, and may be further developed to integrate with, and enable interoperability of future IT technologies.

3.3 Centralized Point of IT Control via a Unified User Interface The unified user interface of CloudBolt C2 centralizes control and management of IT and provides an enterprise organization with a view of the entirety of IT resources in use. Role based access can be used to grant or restrict permissions and privileges, allowing for automated provisioning that only exposes options available to an end user without exposing data or resources unnecessarily.

At the present time, CloudBolt C2 is the only Cloud Manager offering that combines management of enterprise class server virtualization (e.g., VMware, Xen), virtual networks, as well as public and private cloud resources (e.g., Amazon Web Services, OpenStack, Eucalyptus) into a common platform that enables the delivery of IaaS for an enterprise organization’s IT consumers. This translates into capabilities that allow an enterprise organization to deliver access to both internal IT resources and external private-public cloud resources from a centralized point of control.

Figure 7: Unified User Interface (UUI)

3.4 Secure Configurable permissions and permissions using role based access control (RBAC), and integration with PKI, existing LDAP or Active Directory (AD), and other security products; as such, it is possible to securely operate across clouds, restrict access to data and environments, and control usage of resources without losing control of IT security or opening up new attack vectors.

Figure 8: RBAC is granted or restricted with a clicking a checkbox; updates immediately.

3.5 Agility CloudBolt C2 enables rapid responses to changing environments, strategies and requirements in IT by providing a means to: • make IT resources fully transparent and present them as cloud • deploy single or multi-tenant environments on-demand • offer pre-configured provisioning options • deliver and manage IaaS data, resources and environments with a few clicks • centralize IT admin • automate workflows for provisioning, maintenance and management of IT

3.6 Vendor Agnostic and Agentless = Upgrade Safe and Sustainable CloudBolt C2 is delivered as a VM appliance, and is agentless because it layers on top of IT resources without attaching a piece of itself to the installation or the provisioning process. The value of an agentless Cloud Manager is that it can talk to a product or product category without altering anything, leaving the resource pool intact and sustainable even in the face of changing IT. The powerful abstraction layer and orchestration engine leverage IT resources for use, and enable interoperability as well as make it possible to upgrade, adopt new technologies, phase out usage of legacy or unneeded technologies, and open up silos of data and resources on-demand. This makes it possible to upgrade to newer versions of products in the IT mix, adopt new technologies, or phase out usage of legacy systems and unnecessary technologies. It is vendor agnostic and can work with products or product categories from and with multiple vendors.

3.7 Leverage and Manage Capacity CloudBolt C2 enables a scalable shared IT infrastructure using a common enterprise model that can deploy IT and networks as a service. CloudBolt C2 provides an enterprise organization with a means to manage capacity, meter usage, and leverage existing IT assets while managing use of cloud frameworks, public clouds, and consumable resources.

Figure 9: Mapping Feature

3.8 Manage Software Licenses and Track Data Analytics CloudBolt C2 can manage software licenses, allocating, recycling or decommissioning them on-demand. Resource allocation, quotas, and usage can be set with hard limits, and expiration dates. A mapping feature with reporting makes it easy to locate, track, and control IT assets by location. Reporting and mapping features give IT admin unparalleled visibility into overall resource utilization and how virtual machines are being consumed by users and groups.

The extensive reporting features in CloudBolt C2 create data analytics for forecasting, budgeting, managing software licenses, and usage of resource consumption. Data analytics combined with complete control over usage metering across clouds provides an enterprise organization with a powerful tool for leveraging and controlling use of existing IT assets while managing the use of cloud frameworks, public clouds, and consumable resources.

Figure 10: Adding a New Parameter

3.9 Maintain Existing Policies and Procedures Enterprise organizations frequently institute and maintain business policies and procedures for allocating resources to end users, groups and data centers. Successful deployment of a Cloud Manager must allow for maintaining these policies and procedures. CloudBolt C2 has features that enable these policies and procedures to be maintained, or even instituted. C2 has features that simplify choosing and then making available the data, resources and environments available to end users by:

• allowing IT admin to configure parameters • providing highly configurable options for RBAC permissions and privileges that utilize those parameters

An organization’s hierarchical structure can be modeled in a group tree that can be changed with just a few clicks to:

• change permissions to restrict or grant access to IT data, networks, IT resources and environments for end users or groups based on requirements

• set expiration dates • allocate resources as per budgeting guidelines • meter usage of IT resources

Orders are automatically provisioned following a customized approval process that has options to set email reminders. Orders can be set to provision automatically if they fall under the quota for an end user or group, and the approval process can be bypassed it altogether if desired.

3.10 Configure Parameters A parameter is any value passed to a program by the user or by another program in order to customize the program for a particular purpose. A parameter may be anything; e.g, a file name, a coordinate, a range of values, a fixed amount or a code of some kind. CloudBolt C2 allows for creating custom parameters as well as setting ones that are installed as part of C2, providing controls for managing the use of IT resources.

Figure 11: Parameter Configuration

4.0 Key Performance Indicators (KPIs)

Developing clear and useful KPIs for selecting a Cloud Manager and defining the important features that are essential for functionality are vital components of a successful implementation. This is an overview of the salient factors to consider when developing internal KPIs for selecting a Cloud Manager in an enterprise environment.

4.1 Improved Efficiencies CloudBolt C2 significantly impacts and increases efficiencies in the configuring, provisioning, maintenance and management of IT. The self-service portal provides ordering options that only expose IT resources, data, networks and environments that are made available to end users using pre-configurations. Pre-configurations reduce the need for subject matter experts (SMEs) and can be configured to provide choices that are specific to end users or groups. An order form can offer everything from very simple choices to much more complex ones that include SDN options that allow end users with production or testing requirements to place an order, and automatically provision and deploy it.

The incredibly improved efficiencies in the configuring, allocating, provisioning, maintenance and management of IT resources reduction operating costs and capital expenditures come from:

• automated workflows for managing and maintaining IT using a single unified user interface that com- mands and controls the entirety of IT resources, freeing up IT staff • self-service portal with pre-configured choices and automated job provisioning • delivery of IaaS that is integrates IT infrastructure, makes IT highly visible, and presents it as cloud for effective utilization • reduced training time and need for SMEs • utilization of existing IT assets • integration and management of multiple data centers

4.2 Increased Productivity Enterprise organizations using CloudBolt C2 have sharply increased rates of productivity among end users and IT admin alike. C2 frees a business to from focusing on IT and allows them to focus on their core business.

4.3 Reduction in Costs 4.3.1 Usage Metering of Resources: In-house and Public Clouds CloudBolt C2 has built-in capabilities for metering usage of in-house IT resources as well as features that make it possible to manage and meter public cloud usage.

4.3.2 Vendor Compliance CloudBolt C2 has a singular, unique feature: management of software licenses and consumable IT resources. Vendor compliance and maintaining SLAs are vitally important to controlling costs and negotiating with vendors. Using C2, it is possible to strictly meter and control usage of IT resources. Licenses and consumable IT resources can be identified, tracked, provisioned, recycled or decommissioned on-demand. C2 offers options to set quotas and expiration dates with hard limits.

Extensive reporting features make it possible to create detailed data analytics for budgeting and forecasting, as well as utilization reports. Integrated with a suite of virtualization products, CloudBolt C2 makes it possible to negotiate with vendors from a position of strength.

4.3.3 Utilization of Existing Assets and Phasing Out Legacy IT CloudBolt C2 integrates with and leverages existing IT assets, and works with products from multiple vendors. It does not require the ripping or replacing of any IT. Existing IT resources can be leveraged for maximum usage, preserving investments in IT. C2 also allows for phasing out legacy IT and adopting new technologies on demand, a feature that Cloud Managers built into a big vendor’s product suite do not enable.

4.3.4 Rapid Deployment Environments CloudBolt C2 can rapidly stand up environments with customized RBAC. IT admin can configure and deploy highly customized environments utilizing new or existing IT resources on-demand and make them available to end users with a few clicks.

4.3.5 Integration with NVP CloudBolt C2 has deep integration with network virtualization technology. C2 end user privileges can be configured to grant access to fixed networks, or offer options for provisioning their own networks using a network virtualization technology such as VMware’s (formally Nicira). End users can stand up their own networks and bypass the network department in their organization altogether.

5.0 Stage of Development

The base capabilities of C2 have been in development for a number of years, and are a result of development and customization efforts from both government and non-government professional services engagements. CloudBolt Software is seeking potential partners to apply this technology for specific use cases, and to receive input on the functionality, capabilities and appropriateness of C2 Enterprise Edition features.

CloudBolt C2 has attained and validated a development stage that will allow for integration with any virtualized computing resource, application or environment by customizing the product to suit an enterprise organization’s requirements. C2 is ready to plug into an enterprise organization’s environment and can begin delivering real value immediately with a significant set of features that are of significance to an enterprise organization.

Incorporating CloudBold C2 Enterprise Edition Requires:

• Determining which set of IT resources will be brought under management

• Determining and defining the desired outcomes and deliverable IT workloads

• Organizing and modeling the structure of an enterprise organization’s consumers of IT assets

• Configuring C2 to manage this set of IT resources, deliver IT workloads and provide access to end users

Figure 12: Incorporating CloudBolt C2

CloudBolt Software is in the process of furthering development of additional abstraction layer plug-ins for new technologies, providing support for remote data center management, and other functionality as new technologies are created.

6.0 Technical Approach for Installation

6.1 CloudBolt C2 Virtualization Edition CloudBolt C2 is distributed as an open virtualization appliance (OVA), which is an open standard for packaging VM images that is easily installed. In general, the run time from download to installation to a fully running instance of CloudBolt C2 Virtualization Edition is under 30 to 45 minutes. Prerequisites for a successful installation must meet these requirements before continuing:

CloudBolt C2 Installation Requirements Virtualization or Enterprise Edition 1. A running Vcenter 5.0 installation 2. Virtual capacity for: • 2 CPUs • 4 GB Memory • 10 GB Storage

Figure 13: Requirements for Installing CloudBolt C2

6.2 CloudBolt C2 Enterprise Edition CloudBolt C2 Enterprise Edition enables the use of IT resources across multiple platforms, cloud frameworks and public cloud providers. The technical approach detailed below allows for a phased implementation with identifiable checkpoints for the first phase of deployment. It also engages an enterprise organization to par- ticipate and provide input to maximize the effectiveness of testing and to seamlessly integrate data centers without any technical disruptions for end users.

Stage Process Steps Involved Time Frame 1 Install a test • Deploy CloudBolt Software Depends on complexity of instance of C2 • Configure the Software requirements. Usually within 1 Enterprise Edition • Align Software with existing IT resources to 2 days.

2 Prepare use cases • Refine use cases for managing IT resources Depends on complexity of re- • Add users and assign to groups quirements and number of data • Model groups hierarchy, configure RBAC centers and end users. Usually • Model VM delivery such as OS flavors, sizes, runs 3 to 5 days. etc… • Assign IT Resource Capacity to groups: quotas, set chargeback rates, software license usage • Identify and plan specific test cases

3 Demonstrate use • Demonstrate successful integration of One demo session cases CloudBolt C2 into an enterprise organization’s environment • Demonstrate how CloudBolt operates for the specific use cases

4 Create a transition Work with organization’s IT team to create a plan Depends on complexity of re- plan for transitioning data centers and end users to quirements and number of data using CloudBolt C2 for the configuring, allocating, centers and end users; depen- provisioning, maintenance, and management of dent on organization deploying IT resources. C2.

Stage Process Steps Involved Time Frame 5 Integrate Integrate CloudBolt C2 with IT resources in desig- 1 to 3 days nated data centers following the same steps as in preparation of the use cases.

6 Rollout Deploy CloudBolt C2 in a data center. Provide 1 day for each data center deployment and short training session and user manual for end us- deployment and training session provide manuals ers to help ensure high adoption rates. Provide IT for end users and training admin with training, manuals, web and tech docu- ments and other support services as contracted.

Figure 14: CloudBolt C2 Enterprise Edition Implementation

7.0 Potential Risks of Product Implementation

Installing CloudBolt C2 in a virtualized environment is low risk as the technology has already been extensively tested. CloudBolt Software’s technical team will interact with an enterprise organization to create effective and appropriate use cases that will enable proper evaluation of this software. The product layers on top of IT and is deployed as a virtual appliance, and is agentless, so it does not attach itself to the installation. De- installing the product will leave IT resources as before installation.

To learn more about CloudBoltTM C2 visit: cloudboltsoftware.com [email protected] or contact your CloudBoltTM representative