Cloud Computing Guide: Management, architecture, security, networking, and services

Source: Internet
Author: User
Keywords Providers can cloud computing providers can cloud computing
Tags access application applications apps backup bandwidth based basic

I. Management articles

The beauty of cloud computing is that users can start using their IDs and credit cards, but that's the problem. Such a simple service is bound to bring many challenges to the unprepared IT department.

We've been through this many times before: the benefits of a technology that are easy to use end up being an unexpected management challenge, such as virtualization, which causes virtual machines to become fragmented, new security risks to smartphones, and instant messaging that triggers corporate governance problems.

This article is designed to show IT managers how to maximize the benefits of cloud computing, including simplicity, flexibility, and low cost, while minimizing risk. This practical guide includes licensing, management tools, bandwidth, security, and architecture.

This article shows that we are still in the early stages of cloud computing, which means that relevant tools and technologies are still being perfected. For example, after two years of testing, Amazon Network services company's flexible computing Cloud (elastic Compute Cloud) services to the market at the end of last year, monitoring, management and load balancing enterprise-class features are still in its planning. Similarly, the Google Application engine (app Engine) is a preview version. Microsoft's Azure cloud service is also a preview version, and currently only Windows developers can use limited functionality that other early adopters cannot use.

But now you can start planning, you can actually feel this new IT delivery model (including understanding the various faults and defects), and can be a step ahead of other company colleagues who are considering using cloud services alone.

I. Management articles

Firmly control cloud computing

The tools for managing cloud computing services are diverse, with simple dashboards that allow you to create virtual software stacks in minutes, as well as enterprise-class platforms that handle a variety of configuration and management tasks. The wider the use of cloud computing, the more high-end tools are needed.

Amazon, Google and other cloud service providers provide the basic tools to help customers get started. For example, the Google Application engine's management console can show traffic size, bandwidth, CPU utilization, and the error rate of Google's managed applications, which can help you delve into log files, get additional details, and use it to control administrative permissions and manage upgrades to your applications.

However, the application engine still belongs to the "preview" version; This means that these tools will not be able to meet the requirements as the requirements get higher. Pete Koomen, Google's product manager, admits: "We're missing a part of the function." ”

We see cloud service providers, start-ups, and system management vendors competing to provide customers with more full-featured tools to manage resources in the cloud environment. Amazon said it would "soon" launch a new management console and cloud monitoring capabilities for the flexible computing cloud service. Amazon already offers some basic features, such as the ability to create Amazon Machine Images using a command-line interface. The management console gives users the ability to configure and manage EC2 resources, and the monitoring feature will contain real-time metrics for EC2 instances and "available zones" (availability zones)-The available areas are part of the Amazon infrastructure that customers choose to ensure redundancy and highest availability. Amazon also plans to provide load balancing and automatic expansion in 2009.

A company specializing in cloud management is another option. Rightscale's Managed services platform includes managing dashboards, database and Web site management, batch processing, multi-server deployment capabilities, and automatic extension capabilities. Development versions that provide basic functionality are available free of charge, but most IT departments will need another three versions of Rightscale (Web, grid, and advanced), starting at $500 a month, plus a one-time fee of 2500 dollars.

Founded in 2007 to manage Amazon's Web services, Rightscale is now expanding its business to manage other public cloud services, including Flexiscale and Gogrid cloud services. Rightscale also provides a platform for the Eucalyptus Public cloud at the University of California, Santa Barbara, to deploy Open-source Eucalyptus software for cloud computing to clustered servers. It is actually a research test project, but the goal is to manage the public cloud and proprietary cloud based on eucalyptus through the Rightscale dashboard.

As simple as a Web application

It organizations with experience in managing Web applications and infrastructure will find that cloud computing has similarities. "If you manage Web applications, you can manage cloud applications," said Javier Soltero, chief executive of Hyperic. "The company has a version of Web application monitoring software running on Amazon Web services."

Hyperic HQ consists of a central management Server and agent software that is typically run on servers that are deployed internally, while the latter resides on a Web server and reports availability, performance, and other metrics to the central management Server. The newly released HQ 4.0,hyperic server can be configured as an Amazon machine image in EC2. For IT administrators, this means simple deployment, lower subscription fees, and higher performance. Hyperic HQ features Automated discovery Software, diagnostics, alerting, analysis and reporting, and other tools.

Some argue that this attitude is problematic for cloud applications that are "out of sight". "Some people think that because you deploy applications in the cloud, there is no need for monitoring and management, which is one of the biggest lies in cloud computing," Soltero said. The code is inherently flawed and technology can be problematic, so you need to monitor the functionality. ”

Kaavo Company also specializes in multiple cloud management. The emerging company platform supports server monitoring, lamp software configuration in the cloud, load management, software audits, patch management, runtime Configuration management, notification, and alerting. It has launched a free beta version of on-demand infrastructure and middleware (infrastructure and middleware on Demand); Kaavo's strength lies with its management team: Founder and CEO Jamal Mazhar is the Sun-certified Java EE Architect, chief technology officer Shahzad Pervez previously served as it head and Enterprise Architect in a large company.

Well-known system management software vendors have also brought new control tools to the cloud environment. IBM's Tivoli Department plans to integrate cloud management functionality into the Service Request manager, the Configuration Manager (provisioning), said Dennis Quan, director of independent Computing development Manager) and monitoring (monitoring) and other product lines. IBM also wants to give customers greater "control" over the systems that put data in the cloud, raising customers ' confidence in cloud security, but Quan did not disclose how IBM would do that.

Microsoft is still developing solutions to cloud management challenges. It launched the Windows Azure operating system and its associated Azure service platform last October, but did not indicate when Azure cloud services were enabled, but developers can start with development tools and basic building blocks. Microsoft Senior Vice President Bob Muglia, in the same one months, demonstrated the System Center enterprise Management platform code-named Atlanta, which will run in Microsoft's cloud.

All of these activities show that vendors are racing to develop enterprise-class control tools for emerging cloud services. The challenge for IT administrators is to deploy the relevant tools in place before the cloud services are used in leaps and bounds.


Second, the underlying architecture: Amazon, Google and Microsoft platform comparison

It's easy to overlook the technology behind cloud services, which is a myth. The company's technicians must ensure that cloud services are integrated with the enterprise's infrastructure. This requires an infrastructure that can combine both.

The various parts of cloud computing, like all parts of the enterprise data Center, also include many programming languages, operating systems, databases, Web servers, protocols, and application programming interfaces (APIs). The key is to identify which cloud services are truly appropriate for your internal systems, applications, and expertise. Let's compare Amazon's flexible computing cloud, Google Apps engine and Windows Azure to see which one works for you.

Amazon's EC2 offers customers a wide range of software choices: Windows Server, OpenSolaris, and seven Linux versions, MySQL, SQL Server, and Oracle 11g databases; and Java, JBoss, and Ruby on Development environment such as rails.

Google's expertise is simple and easy to use. Application engines allow users to take advantage of Google's homegrown database and other infrastructure software, and can use caching, mirroring, messaging, and other application services through APIs. Python is the only supported programming language, but Google intends to support other programming languages in the future.

The Windows Azure and Azure service platform is in line with Microsoft's in-house deployment enterprise software family. Azure includes managed versions of SQL Server, SharePoint, Dynamics CRM, and. NET services, developed with Visual Studio and the. NET Framework. Microsoft says Azure will support open protocols (HTTP, REST, Soap and XML) and non-Microsoft programming languages (Eclipse, Ruby, PHP, and Python).

If the IT staff is to understand the cloud architecture profile, the cloud service provider's Web site provides many details. Amazon has a white paper on cloud architecture that wants to take a look at it as soon as possible.

Your design blueprint should take into account that cloud services may be provided by multiple vendors, so think about how to ensure interoperability and application integration. Stuart Charlton, senior software architect Elastra of cloud computing start-ups, recommends that the rest and Atom (Atom syndication format) be used as the underlying specification in the global cloud architecture. He said the criteria for joint identity management were also important.

Dennis Quan, IBM's independent computing development director, says the service-oriented architecture (SOA) has made it possible to connect cloud services through a "standard-compliant Way". The next key is to migrate services from one cloud to another. Quan says the specification for this feature is still in its early stages of development.

Iii. Data Protection Articles

Pay attention to security

Developers prefer the "cloud-free Deployment" feature; companies want to reduce infrastructure costs through cloud computing; users prefer new features to be launched more quickly. However, people who are responsible for information security are scratching their heads about how to safely transfer applications and data to the cloud.

One of the goals pursued by the IT community is to integrate identity management technologies and processes;

Many companies may extend directory service validation beyond their internal environment to handle applications and even systems in the cloud, but if the security of Third-party systems is compromised, this can lead to a compromise of the verification system. Companies may be able to implement a new solution that allows cloud infrastructure management to be independent of existing infrastructure management. The downside, however, is that multiple identities and access management systems must be integrated. Another way is to go back in time and manage the cloud alone, but this is unattractive.

Fortunately, some cloud service providers are struggling to solve the problem. Google provides this functionality by combining Google Apps with the currently implemented single sign-on technology to enhance security and simplify management. A leading internet company has deployed edge authentication servers to enable cloud systems to authenticate through Lightweight Directory Access Protocol (LDAP). Another company expands the web-based authentication protocol, validates it through Web services, and accesses its internal system by validating it.

Data loss and backup

Where is the data stored? Who can access it? Data security? These are major issues because few cloud service providers have proven reliable in handling sensitive data, except for many software services (SaaS) providers. If your data is stored on a shared storage system, expect to be at risk. In fact, even the data we put inside our own company is at risk. The same set of measures to measure the benefits and risks of internal data needs to be used to measure the cloud, and then to determine what data can be put on the cloud and how to protect it. This requires knowing and verifying the standards used by the providers and the flexibility of the changes.

Companies using Amazon's flexible computing cloud services can use data encryption in operating systems, applications, or database management systems that run in virtual instances. Other services, such as applying managed services providers, need more comprehensive consideration when developing applications, ensuring that security measures such as encryption are included.

Companies should guard against data loss regardless of where their data is. Amazon knows that the computer will fail, so it advises the company to use redundancy and backup measures to plan for the prevention of failure. Some cloud service providers provide backup services or export data in such a way that companies can back up their own data, while others require customers to use custom or third-party applications.

Therefore, we may wish to bear in mind the following key factors:

--How does backup work? Some cloud service providers are backing up, but it is more likely that you want to make backups yourself. Many customers in the Amazon EC2 also use Amazon's simple storage service (easy Storage service,s3) or resilient block storage (elastic blocks Storage) to store backup files.

--can backup withstand testing? Can you access backup data if the service is not available?

--Where will the backup data be placed? It may be on a cloud storage system, hosted by a provider, or transferred to your own infrastructure. Anyway, you need to know how the data is protected in storage and transmission.

Management and Monitoring

Many companies ' information security teams regularly monitor vulnerabilities in mailing lists, patches to the system, and rewrite code to resolve defects. In the cloud, they believe that the provider has investigated at least some aspects beforehand. Few providers have allowed customers to verify their own security practices, but some providers have become more willing to cooperate. When using cloud systems such as Joyent or Amazon's EC3, companies can take security measures at the operating system, database, and application levels, but they still rely on their own providers to secure the network, storage, and virtual infrastructure.

Although cloud service users do not control actual patching and vulnerability monitoring, they are still responsible for managing their own risks. So they want to evaluate which assets need to be protected and how to protect them, including adding security on the cloud infrastructure. Even so, industry regulations such as the Payment Card Industry (PCI) standards are likely to be taken aback because the PCI board does not specify how to classify cloud service providers. This could mean that different auditors have slightly different standards for cloud service providers.

Cloud service customers must require assurances that they can monitor who is accessing their data. If the company requires a detailed audit trail, data encryption should be used, or only applications that are not particularly sensitive to the data being processed are handed over to the cloud service provider.

This aspect may be quickly improved. Google recently said that Google Apps security process has passed the SAS Type II audit standards. More providers are expected to claim their safety standards, as security remains a major impediment to the company's fear of moving applications into the cloud.

Of course, the internal information security team should not wait for the provider to enhance security. From desktop applications to server-hosted applications, cloud computing becomes increasingly tempting. Applications that require a higher level of security, such as the Health Insurance Portability and Accountability Act (HIPAA) or PCI-related applications, may be more difficult to secure in the cloud and therefore more appropriate within the company. Community applications and content sites are more suitable for the cloud. The company's technical team must decide what data to put in the cloud will not be a problem, but they also need to understand that the cloud will eventually be part of the entire infrastructure, and you have to figure out how to securely connect the enterprise system to the cloud infrastructure.

Iv. Network Articles

A regional bank decided to fully use the service after a successful trial, but did not take into account the need for more bandwidth later. When the employees ' Internet connection suddenly became sluggish, the bank paid the price for the mistake. The rapid growth of data transmitted on the Internet suggests that companies that do not invest in more bandwidth will face a bandwidth crisis. But bandwidth is not the only potential network problem. The problem of delay is caused by the long distance of data transmission, while the stability of the Internet is uncertain, and the data center of service provider is full of unknown factors, which brings the reliability problem.

The company can alleviate some of these problems by simply upgrading the bandwidth. A medical company has increased its bandwidth by five times times, transferring back-end batch transactions to Amazon's network services. Fortunately, bandwidth prices are falling, but companies still need to plan carefully.

Some techniques help to evaluate analytical traffic, such as the Packeteer company's packetshaper; Most firewall vendors allow customers to free up to 30 days of reporting, a service that tells the company how much bandwidth is used. The bandwidth requirements of cloud service providers are often unreliable or difficult to obtain, so companies should assess bandwidth requirements based on trial data at least on the one hand, said Mike Healey, chief technology officer for Network Integrator Greenpages. To prepare for peak demand, Healey said, companies should plan to ensure sufficient bandwidth so that their bandwidth utilization averages no more than 75%.

Redundancy is as important as the extra bandwidth. Failure to plan for failover "is the biggest mistake we have ever made in seeing customers," Healey said. Many telecoms companies offer the last mile of Internet access in most big cities.

In addition, even if the company upgrades bandwidth, the cloud service provider's closest data center may also be a performance-weakening problem if it is thousands of miles away. "People talk only about connectivity and throughput, but latency also matters, even in the cloud, because you're dealing with a distributed environment where customers need to be in touch," said Glenn Dasmalchi, technical director at Cisco's Chief technology Officer office. ”

Some applications require high performance, low latency, such as applications that calculate market risk or combine components into modular applications. Amazon is not only building data centers around the world, but also building content distribution networks, on the one hand, for this reason, Akamai or limelight previously provided similar caching services. So you might want to ask the provider how they reduce the latency.

If companies need more efficient bandwidth for cloud computing, they can also use load balancers. A software start-up has shifted most of its infrastructure: storage, computing, and development environments into the cloud, and invested in 10 50Mbps Verizon Fibre Service (FiOS) lines, using a radware load balancer to aggregate bandwidth into a line equivalent to 500Mbps. Due to the impending WAN optimization standards and data-intensive communication between the cloud environment and the internal deployment environment, Dasmalchi predicts that WAN optimization will also work to accelerate traffic between cloud providers, Internet service providers (ISPs), and cloud users.

Cloud computing can also solve other network challenges while bringing new network challenges. For applications that migrate to the cloud, network administrators are expected to reduce the amount of effort to change the internal network architecture as long as they ensure that the data center is connected to the cloud service provider.

While potential cloud service customers are getting their networks ready to use the service, they also ask the cloud service provider about their network: who offers a return link? Is the connection redundant? Where is the data center built? "Ideally, you can look at the network design framework of the provider," Healey said. "Although cloud service providers have an obligation to build a qualified network, it is necessary for customers to prepare to ensure that the network is stable and reliable."


V. Service contract

Serious negotiation

When it comes to contract terms, buying a cloud service is very different from buying a software package. If it is the most basic cloud computing, just fill out a few forms online, almost anyone can order and use the service. However, most companies would like to see some more formal license agreements for their own requirements, and this can be complicated. Providers typically use two methods for cloud services and SaaS licenses: by number or by usage. For example, the Microsoft Exchange Online version of the fee is 10 dollars per user per month. Other providers charge by transaction volume or amount of data exchanged. Amazon's S3 storage service charge is 12 to 15 cents per storage for 1GB data, and 10 to 17 cents for each 1GB data transfer in the United States. Some providers use both of these methods in combination.

While extensibility is one of the main advantages of cloud computing, companies should be aware of the limitations. Aria BAE provides billing services to cloud service providers, and the company's chief executive, Ed Sullivan, says service providers often limit the highest service levels according to their perceived customer affordability. If it is a small company, it may limit customers to only 10,000 dollars a month of service.

For SaaS, vendors are increasingly selling bundled services, ranging from basic to high-end versions. Microsoft sells the lower-cost deskless worker version of Exchange online, and customers can use the basic version of Outlook Web access to use Outlook client software. There is also a free version of Google Apps and a premium version of some commercial security.

As with any technology, the larger the amount of SaaS and cloud computing services a company buys, the more concessions it may receive in terms of contracts and prices. For example, if a customer buys a service in bulk according to the Microsoft Enterprise Agreement (Enterprise Agreement), Microsoft offers discounts. If customers use more S3 and EC3, Amazon will charge less. As cloud computing becomes more popular, companies are starting to make bigger lists, and providers must be flexible in terms of price.

Clear responsibility

SaaS and cloud computing are uncertain in terms of security, uptime, performance, and stability. If it is a packaged software, IT staff within the company can handle the problem on its own. Counsel Robert Scott provides services for the design of the license Terms provider and the company customers who negotiate cloud service contracts; He said that in the cloud, companies can only rely on service providers to minimize risk, which needs to be clarified in the contract.

The standard terms often rarely involve many important aspects of risk, Scott says. For example, if a service has a security problem that compromises financial data, the provider may need to notify the customer under U.S. state or federal law, otherwise it will lawsuit. "Who's going to pay for it?" asked Scott. ”

Cloud services to negotiate very much like the outsourcing agreement to negotiate, read the license terms carefully to think of the other side. The Company shall ensure that the terms of the contract make it clear how to return data if it is decided not to continue using the service, to pay the fees, or when the provider suddenly goes out of business. Customers need to know how to get data from a service provider, and how to use the data once they have access to the data.

Complexity and limitations of service-level agreements

Service-level agreements are equivalent to another piece of puzzle. If the service outage takes up a percentage of the month-as measured by the service provider's response to a customer's data request-most cloud service providers return a portion of the fee. Capgemini, the global head of IT product marketing at the consulting firm, says that if the negotiated service-level agreements are high, this would mean expensive, because the cost of services becomes higher if a dedicated service-level agreement is attached.

Most providers, such as, do not include planned downtime in service level agreements, so if the provider tells you that this is a planned outage, you will not get a refund. SaaS Billing and Measurement Divakar Jandhyala, chief executive of Evapt, an emerging company, said the value of service-level agreements was compromised because of the often long planned downtime.

Nevertheless, service-level agreements have become more robust and, in some cases, more complex, as web hosting services have entered the mainstream. Microsoft's Exchange Managed filtering (Exchange Hosted filtering) service has five service-level agreements: for uptime, anti-spam effects, anti-virus effects, latency, and performance.

Microsoft offers a multi-level service-level agreement for Exchange online and SharePoint Online editions. The most basic is commitment 99.9% availability Service level agreements, and if this requirement is not met, the customer can get 25% of the rebate per month. If less than 99%, the customer can get 50% of the rebate. If there is a serious deactivation or virus outbreak, the customer can get a full refund for the month. But many companies are negotiating service-level agreements in the hope of not getting a refund in the future. If a retailer's Web site is not available at the peak of sales, what is the use of getting a 5% refund for the month's cost?

Other content of the cloud license should include a written confirmation that the service provider meets regulatory requirements and protects intellectual property.

Buying a license for a cloud service is simpler and more complex than using a packaged software. Cloud services are easy to buy, and many are accompanied by standard service-level agreements that provide a fairly high level of protection. But in order to ensure that all aspects of risk and responsibility are taken into account, it is necessary to use those negotiating skills at all times and to keep a lawyer's telephone number.

Beware of being locked by a vendor

It people are familiar with the consequences of the company's tight stranglehold on proprietary programming languages, information storage, and other technologies.

If there are open standards, how much can reduce the future cost of migration, the possibility of a high degree of difficulty. But if there is almost no standard--the current cloud computing is so, if necessary to exchange providers, switching costs will be quite large.

Data is one of the most worrying issues. The internal deployment system has greater control over how the application saves data and where it is saved. For cloud-based systems, especially turnkey solutions, data schemas are for specific solutions. Because it is possible to download data from a cloud, it is a problem if data is easily migrated to a competitor's platform.

The source code could be another problem, especially for a platform in the cloud. Can the actual code and any forms developed in the cloud be reused elsewhere? Or do you need to rewrite it? When Sun's project Caroline debut, one of the features that people expect of it is an extensible cloud that can run Java code. While there is no mention of where the data is kept, one of the advantages of Java is portability-not only porting to an in-house deployment solution, but also porting to other environments, such as Java application servers that run in the Amazon's resilient computing cloud.

If you use virtualization technology, there is another possible vendor lock-in. If your system is supported by virtualization, it's important to realize that not all virtualization technologies are inherently the same.

Many providers advocate using virtual machines to combine internal deployment computing with cloud computing. For example, virtualize servers locally and migrate them to the cloud. But does the target cloud support the virtualization technology you choose? In this area, the lack of standards has created professional firms like Rpath to help different platforms eliminate differences.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.