Editor: Christof Ebert SOFTWARE Vector Consulting Services TECHNOLOGY [email protected]

Infrastructure and Technologies

Nicolás Serrano, Gorka Gallardo, and Josune Hernantes

Software and infrastructure are increasingly consumed from the cloud. This is more exible and much cheaper than deploying your own infrastructure, especially for smaller organizations. But the cloud obviously bears a lot of risk, as our partner magazine Computer emphasized in its October 2014 issue. Performance, reliability, and security are just a few issues to carefully consider before you use the cloud. The perceived savings immediately turn into a large extra cost if your clients and workforce are disconnected for some minutes or critical infrastructure doesn’t perform as intended— which happens more often than what brokers and providers disclose. In this issue’s column, IT expert Nicolas Serrano and his colleagues examine the enterprise cloud market and technologies. They provide hands-on guidance for making the right decisions. I look forward to hearing from both readers and prospective authors about this column and the technologies you want to know more about. —Christof Ebert

CLOUD COMPUTING’S LOW COST, ever, the core concept is the same: pro- exibility, and agility are well under- viding IT services based on the stood in today’s corporate environment. (the cloud). However, to fully exploit cloud technol- The most-used de nition of cloud ogies, you need to understand their best computing belongs to the US National practices, main players, and limitations. Institute of Standards and Technology The concept of has (NIST): existed for 50 years, since the beginning of the Internet.1 John McCarthy devised Cloud computing is a model for the idea of time-sharing in comput- enabling ubiquitous, convenient, on- ers as a utility in 1957. Since then, the demand network access to a shared concept’s name has undergone several pool of con gurable computing re- changes: from service bureau, to appli- sources (e.g., networks, servers, storage, cation service provider, to the Internet applications, and services) that can be as a service, to cloud computing, and to rapidly provisioned and released with software-de ned datacenters, with each minimal management effort or service name having different nuances. How- provider interaction.2

30 IEEE SOFTWARE | PUBLISHED BY THE IEEE COMPUTER SOCIETY 0740-7459/15/$31.00 © 2015 IEEE

s2swt.indd 30 2/4/15 6:36 PM SOFTWARE TECHNOLOGY

Providers use three well known models (see Figure 1): IaaS (infra- Client structure as a service), PaaS (plat- form as a service), and SaaS (soft- ware as a service). Here, we focus Public Private SaaS cloud cloud on IaaS. The next step is to decide on a model for deploying cloud ser- PaaS vices. In a public cloud, a provider provides the infrastructure to any IaaS IaaS customer. A private cloud is offered Security Security Management Management only to one organization. In a hybrid Hybrid cloud cloud, a company uses a combina- VM VM VM VM VM VM tion of public and private clouds. To choose the most appropriate cloud-computing model for your orga- nization, you must analyze your IT in- Hypervisor Hypervisor frastructure, usage, and needs. To help with this, we present here a picture of Network Storage Computation Network Storage Computation cloud computing’s current status.

Cloud Computing FIGURE 1. The three cloud models. IaaS is infrastructure as a service, SaaS is Best Practices , PaaS is , and VM stands for a virtual As with every new architectural par- machine. adigm, it’s important to design your systems taking into account the new technology’s characteristics. To se- ous complexity and failure points. incurred costs, should lead you to de- lect a cloud provider or technology, Redundancy and fault tolerance are sign with outages and high availabil- you should understand your require- primary design goals. ity in mind. With the ease of creating ments in order to list the needed fea- Besides having an established virtual instances, deploying clus- tures. Here are some best practices backup strategy, to assure business ters of servers or services is a popu- for cloud migration.3 continuity, ensure your system is pre- lar approach. In this scenario, load pared for reboots and relaunches. balancing is a well-established tech- An Elastic Architecture Automation in your deployment nique for operating with clusters; IaaS offers precise scalability. The practice is a must, with recipes for it’s an important feature to consider cloud can outperform physical hard- server configuration and deployment. when selecting a cloud provider. ware’s classic scale-up or scale-out Providing automation requires new It’s also important to use several strategies. To gain as much as you development practices (development available zones or at least different can from this potential, architect and operations management, contin- datacenters to make your system as your systems and application with as uous integration, test-driven develop- robust as possible. Amazon Web Ser- much decoupling as possible, using a ment, and so on) and new tools such vices (AWS) experienced this in April service-oriented architecture and us- as Chef, Puppet, or Ansible. 2011 when its systems didn’t run ing queues between services. or ran intermittently for four days. High Availability Separating clusters into regions and Design for Failure IT resource disruption has a huge datacenters will increase your re- High scalability has limitations. negative impact on any business. sources’ resilience. IaaS technology and architecture Lost control of the underlying infra- lead to a less robust system because structure when moving to the cloud, Performance you’re replacing hardware with sev- and the fact than the service-level You need to consider the technology’s eral software layers, adding obvi- agreement (SLA) won’t cover all the limitations regarding performance—

MARCH/APRIL 2015 | IEEE SOFTWARE 31

s2swt.indd 31 2/4/15 6:36 PM SOFTWARE TECHNOLOGY

Cloud provider characteristics.

Trend 2014– Functionality or features6 2015 (%)*4 TABLE 1 TABLE 5 4 - 7 4 Company (%)* Reported usage Experimenting use to Plan Technology Price (US$, Aug. 2013) or features Advanced functionality cloud Hybrid management Network Service-level agree ment (%) Average service time (yrs.) Datacenters positioning Vendor

Amazon 54 23 9 Proprietary 66 Good Yes Partial 99.95 5+ US East and Leader Web West Coast, Services Ireland, Japan, Singapore, Australia, Brazil, China

Microsoft 6 20 8 Proprietary 65 Good Yes Partial 99.95 4 US, Ireland, Leader Azure (unavailable Netherlands, for Linux) Hong Kong, Japan, Singapore, China, Brazil

Rackspace 12 14 12 OpenStack 116 Adequate Yes No 100 5+ Central and Niche eastern US, player UK, Australia, Hong Kong

HP 4 8 8 OpenStack 87 Good Yes No 99.95 2 Eastern and Niche western US player

IBM 4 9 7 OpenStack 182 Good Yes No 100 5+ US, Niche Netherlands, player Singapore

Google 4 17 13 Proprietary 42 Adequate Yes No 99.95 2 Central US, Visionary Belgium, Taiwan

Others† 24 45 31 — — — — — — — — —

* In these columns, the sum of the percentages is greater than 100 because some companies use several products. † This group includes PaaS (platform as a service) and recent providers.

mainly, lack of isolation and lost ro- instances at the same datacenter. ing a secure infrastructure should bustness. In any multitenant envi- Cloud providers offer some features be an important driver in any cloud ronment, an instance’s performance to deal with this (for example, AWS deployment. Enforce well-­established can be affected by your neighbors. A placement groups). However, if your security practices: firewalls, minimal usage burst in a neighbor’s instance architecture has servers at differ- server services to reduce attack vec- can affect the available resources, no- ent regional datacenters, you should tors, up-to-date operating systems, tably compute units and disks’ IOPS use other techniques (for example, key-based authentication, and so (I/O operations per second). Your caching). on. But challenges might arise from architecture should deal with these the increased number of servers to changes. Security maintain and the use of the cloud Also, bottlenecks might arise ow- Because of a public cloud’s open char- for different development environ- ing to latency issues, even within acteristics, designing and maintain- ments: development, staging, and

32 IEEE SOFTWARE | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE

s2swt.indd 32 2/4/15 6:36 PM SOFTWARE TECHNOLOGY

production. In this scenario, isolat- providers and impact the infrastruc- which is convenient for normal oper- ing and securing each environment ture’s responsiveness. ations but becomes risky when prob- is important because a breach in a The datacenters’ location can af- lems occur. Extensive technical sup- prototyping server can give access fect your decision. The provider port is a premium feature, whereas through the secret keys to the whole should comply with data privacy most of AWS’s competitors offer it as infrastructure. laws and corporate policies; the a standard feature. server locations should be based on Monitoring these considerations. These restric- Azure. Azure (http:// The ease of deploying new resources tions might vary among countries azure.microsoft.com/en-us) entered can make the number of servers and among companies. You might the cloud IaaS market in February grow exponentially. This raises new find you’ll need to have all data un- 2010. It has a large market share issues, and monitoring tools are vital der the same jurisdiction (for exam- and is a good candidate because of to system management. First, they ple, in Europe). In other cases, Safe its market position in other areas. play a basic role in automatic scal- Harbor principles, in which US com- It offers compute and storage ser- ing on a cyclical basis and based on panies comply with EU laws, can be vices similar to those of other IaaS events. Second, they’re part of the good enough. providers, and it allows full control tools needed to ensure a robust archi- Understanding each player’s SLA and management of virtual ma- tecture, as the Netflix Chaos Mon- is important. But because almost chines. Additionally, Azure’s UI is key showed. Finally, they’re impor- every provider offers high-enough easy to use, especially for Windows tant for detecting security breaches service levels (more than 99.95 per- administrators. However, because and forensic investigation, as some cent), it’s important to evaluate the the Azure offering is newer than security breaches have shown. accountability the SLA offers in case Amazon’s or Rackspace’s, it still has of noncompliance. Normally, this many features in “preview” mode Public Clouds won’t cover the costs of outages, so and still has networking and secu- The public cloud was the first type your infrastructure should be pre- rity gaps. of cloud offered to the general pub- pared for them. lic, when AWS offered its experience Rackspace. Rackspace (www with its private cloud to the general Providers .rackspace.com) is a founder of Open- public. When you’re selecting a ven- Once you’ve defined your selection Stack (which we describe later) and dor, it’s important to consider several criteria, you can compare providers. a major player in open source cloud factors, mainly cost, performance, The following are the most relevant IaaS. It hosts more than half of the features, data location, and availabil- ones. Fortune 500 companies at its data- ity. But because the public cloud is a centers, while strongly focusing on fairly recent technology, you should Amazon. AWS (http://aws.amazon SMEs (small-to-medium enterprises). also consider vendor positioning and .com) continues being the dominant Rackspace provides an inexpen- future use trends (see Table 1). player in cloud computing, thanks to sive, intuitive cloud with optional Cloud providers are battling Amazon having been the first com- managed services and an easy-to-use for market position, which is lead- pany to offer cloud services, in 2006. control panel that suit SMEs. It also ing them to reduce their public IaaS AWS is cost effective. Its pay-as- guarantees extensive support. How- cloud prices, offering attractive you-go model lets you scale cloud ever, it has limited pricing options, solutions. capacity up or down without paying providing only month-to-month sub- It’s important to select the most a high price. It also offers many ad- scriptions. Also, it doesn’t offer spe- effective vendor from a perfor- ditional IaaS services and integrated cialized services. mance–cost perspective. However, monitoring tools. It’s particularly your comparison should also con- valuable for startups and agile proj- . Although Google AppEn- sider whether the performance level ects requiring quick, cheap process- gine was a pioneer of cloud comput- is guaranteed, startup times, scal- ing and storage. ing in the PaaS model, Google Com- ability responsiveness, and latency. Because AWS is a general pro- pute Engine (https://cloud.google These factors might vary among vider, you can operate independently, .com/compute) is relatively new

MARCH/APRIL 2015 | IEEE SOFTWARE 33

s2swt.indd 33 2/4/15 6:36 PM SOFTWARE TECHNOLOGY

The main products used to create private clouds.*

4 4 Solution Reported usage (%) License Trend, 2013–2014 curity, managing multiple clouds, VMware 43 Proprietary Down integration with current systems, governance, and lack of expertise. OpenStack 12 Open source Up TABLE 2 TABLE Experienced companies face issues Microsoft 11 Proprietary Down of compliance, cost, performance, managing multiple clouds, and CloudStack 6 Open source Down security. 3 Open source Down The differences are understand- able. Different problems arise on the * Some of the included solutions, as stated in State of the Cloud Report,4 don’t strictly meet all cloud-computing requirements. basis of the degree of advancement of cloud architecture adoption. Early on, to the IaaS market. Nevertheless, /en) offers core computing and stor- the main issues are resource exper- Google’s number of physical servers age services. This IaaS is best for tise and control because the company and global infrastructure make it a large enterprises with heavy data-­ hasn’t acquired enough knowledge of good candidate. Moreover, Google processing needs and security and experience with the architecture. Compute Engine is well integrated concerns. For more experienced companies, with other Google services such IBM Cloud provides a good com- performance and cost are important as Google Cloud SQL and Google bination of management, software, because the architecture’s limitations . and security features for adminis- might have started emerging. is well trators. However, its focus is lim- Both groups must deal with secu- suited for big data, data warehous- ited to medium-to-large enterprises rity, compliance, and managing mul- ing, high-performance computing, and enterprises whose main pro- tiple clouds. Regarding security and and other analytics-focused appli- vider is IBM. compliance, some problems might cations. Its main limitation is that it arise from the multitenant architec- doesn’t integrate administrative fea- Issues and Concerns ture. Some of these problems might tures. So, users must download ex- When considering adoption of a not be solved, which might tip the tra packages. cloud architecture, it’s important balance toward a private or hybrid to understand what the technology cloud. Such a decision is plausible, in HP. HP is still relatively new in the can offer you and the main issues keeping with the issue of managing IaaS game; it launched its service in you’ll have to deal with in each of multiple clouds. December 2012. Its public cloud, these new infrastructures. Only by HP Cloud Compute (www.hpcloud. clearly understanding each of the ap- Private and Hybrid Clouds com), is built on OpenStack and of- proaches’ business and technical op- To solve the issues with public fers a range of cloud-related prod- portunities and limitations will you clouds, cloud-computing providers ucts and services. It’s a good can- be able to select the best option on introduced the private cloud. This didate owing to its positioning in the basis of your needs. cloud might be in the organization’s the server market. Its IaaS offering Besides the economic advantages buildings, in the farm of the organi- supports public, hybrid, and private from a cost perspective, the main zation’s provider, or in another pro- clouds. competitive advantages are the flex- vider’s datacenter. Usually, it will be HP Cloud Compute is a good so- ibility and speed the cloud architec- virtualized, but other combinations lution for companies that want to ture can add to your IT environment. are possible. The important element integrate their existing IT infrastruc- In particular, this kind of architec- is that only the customer’s organiza- ture with public-cloud services and ture can provide faster deployment tion can operate it. invest in a hybrid cloud. of and access to IT resources, and Because all private-cloud prod- fine-grain scalability. ucts allow integration with public IBM. IBM’s resources, size, and A recent survey indicated the is- clouds, we discuss both private and knowledge of datacenters make it an- sues that beginner and experienced hybrid clouds here. Table 2 shows other player to consider. IBM Cloud enterprise cloud users face.4 For the main products used to create pri- (www.ibm.com/cloud-computing/us beginners, the main issues are se- vate clouds.

34 IEEE SOFTWARE | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE

s2swt.indd 34 2/4/15 6:36 PM SOFTWARE TECHNOLOGY

Eucalyptus compatibility with (AWS). Eucalyptus Eucalyptus (www.eucalyptus.com) AWS services Eucalyptus components released its first product in 2008. Amazon Elastic Compute Cloud (EC2) Cloud Controller

Nowadays the company provides its 3 TABLE software as open source products Amazon Elastic Block Storage (EBS) Storage Controller and services. (Recently, Eucalyp- Amazon Machine Image (AMI) Eucalyptus Machine Image tus was bought by HP, a supporter Amazon Simple Storage Service (S3) Walrus Storage of OpenStack.) From the company’s download area, you can install a pri- Amazon Identity and Access Management IAM vate cloud on your computer. From (IAM) its product area, you can contract Auto Scaling Auto Scaling servers for your private cloud. Eucalyptus software’s main ad- Elastic Load Balancing (ELB) ELB vantage is its AWS compatibility (see Amazon CloudWatch CloudWatch Table 3), based on a partnership with Amazon. So, some features that AWS makes available for the public cloud are applicable to Eucalyptus services. users don’t want to be locked into a and vSphere virtualization. Micro- Eucalyptus software’s weak particular provider. However, provid- soft has Windows Azure, Windows points are the limited GUI and the ing the option of portability can be an Server, and Microsoft System Center. risk of uncertainty generated by issue for providers that want to offer These two providers offer a more AWS’s private-cloud strategy: AWS differentiated proprietary features. integrated solution because they own offers Amazon their products, but the disadvantage and a connection to a hardware VPN CloudStack is lack of portability. (virtual private network). Citrix purchased CloudStack (http:// cloudstack.apache.org) from Cloud OpenStack .com. Citrix donated it to the he public-cloud market has OpenStack (www..org) is Apache Software Foundation, which some years of history and the other main player in the private- released it after it spent time in the T well-known players. But re- cloud field. It’s also open source, Apache Incubator. member that the cloud-computing and its greatest strength is its sup- Unlike OpenStack, CloudStack market is growing. Newcomers are port from companies such as AT&T, offers a complete GUI and a mono- always entering, and the leaders in AMD, Cisco, Dell, HP, IBM, Intel, lithic architecture that simplifies in- public- and private-cloud services NEC, Red Hat, VMware, and Yahoo. stalling and managing the product. can change. OpenStack is complex, with dif- Like OpenStack, most installations So, your selection of a cloud- ferent components and multiple belong to service providers. Cloud- computing model and provider must command-line interfaces. Competi- Stack also offers AWS compatibility take into account the factors listed tors say it’s not a product but a tech- through an API translator. in Tables 1 and 2, a service’s specific nology. This can be a barrier for purpose, and the elements of the ap- nontechnical companies but not for Proprietary Solutions plication you want to migrate to the public- and private-cloud providers, VMware (www.vmware.com) and cloud. The approach and reach of which are OpenStack’s main users. Microsoft (www.microsoft.com your cloud adoption efforts will be For them, an open source product is /enterprise/microsoftcloud) empha- limited by each situation. For ex- attractive because, just as with using size the hybrid nature of their offer- ample, your application architecture Linux in server computers, there are ings. They have products for both and the technology involved won’t cost and portability advantages for public and private clouds and pro- be the same if you’re migrating an the end user. vide on-premises servers. application not yet developed or an Portability is another important VMware products include vCloud existing legacy system. feature of OpenStack because end Hybrid Service, vCloud Connector, Regarding a new application,

MARCH/APRIL 2015 | IEEE SOFTWARE 35

s2swt.indd 35 2/4/15 6:36 PM SOFTWARE TECHNOLOGY

might choose the Microsoft solution. BUNTPLANET However, AWS, a market leader and proven feature-rich platform, is al- BuntPlanet (http://buntplanet.com) is a small-to-medium enterprise focusing ways an option. on software engineering. It was founded in 2000 in San Sebastian, Spain. It As you can see, because of the va- offers a range of applications mainly for utilities, and it develops custom ap- riety of choices, different customers plications using agile practices. might choose different platforms. For Although BuntPlanet had some experience with cloud services, it was only example, HP and Rackspace (service in 2009 that it decided to use the cloud for its internal applications. The avail- providers), Cybercom (a consulting ability of Amazon’s European datacenter was a determining factor because company), and eBay (an end user) use BuntPlanet could comply with Spanish data protection laws. During the selec- OpenStack, whereas VMware and tion process, the company compared other alternatives but chose Amazon Microsoft customers use their pro- mainly for the extensive features and competitive price. vider’s solution. For a look at how At rst, BuntPlanet replicated its server architecture in the cloud with one company (BuntPlanet) chose its Amazon EC2 (Elastic Compute Cloud) servers. Since then, it has incrementally cloud provider, see the sidebar. refactored its applications to realize the full potential of a cloud architecture. It now uses other Amazon services such as S3 (Simple Storage Service) for data References storage, Glacier for backups, RDS (Relational Database Service) for relational 1. M. Vouk, “Cloud Computing—Issues, Research and Implementations,” J. Com- databases, SNS (Simple Noti cation Service) for push noti cations, and SQS puting and Information Technology, vol. (Simple Queue Service) for queues. 16, no. 4, 2008, pp. 235–246. To achieve the required service level, BuntPlanet uses reserved instances 2 P. Mell and T. Grance, The NIST De ni- tion of Cloud Computing, US Nat’l Inst. of and a second redundant region in Europe. It’s also self-monitoring its cloud Standards and Technology, 2011. resources and has set alerts for failures. This approach lets the company 3. F. Fehling, F. Leymann, and R. Retter, achieve its desired reliability and availability. “Your Coffee Shop Uses Cloud Comput- ing,” IEEE Internet Computing, vol. 18, BuntPlanet’s experience with the public cloud has been positive from eco- no. 5, 2014, pp. 52–59. nomical and technical viewpoints. Using a public cloud has allowed BuntPlanet 4 State of the Cloud Report, RightScale, to simplify processes and minimize the need to support a big hardware infra- 2014; www..com/lp/2014 -state-of-the-cloud-report. structure and a high bandwidth in its installations. As a result, it’s promoting 5 T. Rodrigues, “Top Cloud IaaS Providers this architecture in its customer projects, using the public cloud for load tests Compared,” Enterprise Cloud, 27 Aug. and production environments. 2013; www.techrepublic.com/blog /the-enterprise-cloud/top-cloud-iaas -providers-compared. 6 “Vendor Landscape: Cloud Infrastructure- as-a-Service,” Info-Tech Research Group, 2014; www.infotech.com/research/ss /select-the-right-cloud-infrastructure you should develop it with an elas- quired. Your priority should be virtual -server-partner. 7 Magic Quadrant for Cloud Infrastructure tic architecture and best practices instances’ robustness and reliability. as a Service, Gartner, May 2014; www in mind. Decouple the presentation, Other scenarios, such as disaster re- .gartner.com/technology/reprints.do?id business, and logic layers in several covery or using the cloud when the de- =1-1UKQQA6&ct=140528&st=sb. services and use a queue system to mand spikes (cloud bursting), require communicate between them. A high speci c cloud technology features. NICOLÁS SERRANO is a professor of com- puter science and software engineering at the number of servers, a fault-tolerant If you’re dealing with a new ap- University of Navarra. Contact him at nserrano@ design, and automatic provisioning plication and provider independence tecnun.es. will require high-level features from is a priority, you might prefer an GORKA GALLARDO is a professor of infor- the cloud provider or technology. OpenStack provider. If you’re mi- mation systems at the University of Navarra. Regarding a complete legacy sys- grating a legacy system and you have Contact him at [email protected]. tem, refactoring the application to IT experience with VMware, you achieve decoupling isn’t feasible. A might select VMware for your cloud. JOSUNE HERNANTES is a professor of computer science and software engineering pure cloud architecture is impossible, Regarding cloud bursting in a Mi- at the University of Navarra. Contact her at and a reduced list of features is re- crosoft Server IT environment, you [email protected].

36 IEEE SOFTWARE | WWW.COMPUTER.ORG/SOFTWARE | @IEEESOFTWARE

s2swt.indd 36 2/4/15 6:36 PM