In Part 1 of this article, we defined private clouds, talked about the differences between deploying server virtualization and implementing a private cloud, described the risks associated with deploying private clouds and listed the phases and steps involved in transitioning to a private cloud.
In this part we delve deeper into the technology choices needed for the virtualisation, management and automation required for a private cloud. We talk to some who have made the move to a private cloud, or are doing so.
In general, selecting the technologies to implement a private cloud is easier than figuring out the business rules and operational procedures you'll need. Regardless, choosing the software to virtualis your data centre and then picking the automation and orchestration management tools is very important.
While some view automation and orchestration tools as "extra" cloud management tools, implementers and experts say they're just as necessary as the basic tools for managing servers and storage. Without the "extra" tools, you will not be able to reduce the administration costs in private clouds.
How you go about building a private cloud depends on what you have to start with. The legacy of your environment may dictate what you do first. If you are starting from scratch, then you have to start by virtualizing your servers. Then you begin to virtualize your storage and your networks, and build out from there.
These steps are prerequisites if you want to fully realize the benefits of private clouds. You need to be able to provision hardware and software to customers who request it, and then deploy the hardware or services; you need a way to manage and control the environment. You also need to be able to manage the private-to-public paradigm -- that is, the ability to move workloads back and forth between private and public clouds.
So far, how private clouds are built differs from enterprise to enterprise.
When preparing for a private cloud, you have to ask and answer questions such as:
- What is going to be running in the private cloud and what is not?
- What applications can I scale well to take advantage of the cloud?
- If I have two data centres, to what extent can I migrate applications and share capacity between them? Where does cloud help? Where does it hurt?
These questions are part of an iterative process; businesses need to work their way toward mature business processes for their private clouds.
Paul Cameron, head of enterprise services at Suncorp, a major financial services provider in Brisbane, Australia, says that when his company began planning and strategizing for its private cloud, two of the first things it did was create a service-based operating model and create a service catalog. The service catalog contains the list of services being automated for internal use and is available to business users via a self-service portal.
First a framework, then a configuration database
Key to this catalog was the implementation of an ITIL framework that resulted in storing information around Suncorp's assets and business application relationships in a CMDB (configuration management database). All of Suncorp's major IT processes - incident, problem, asset and change -- leverage the CMDB.
Populating a service catalog can be time consuming. But if you are using IT service management and change management tools such as BMC Remedy or Service-now.com and have an existing CMDB in place, it can be easier. You can work through the appropriate services in the CMDB to provide the automated services listed in a service catalog. This is what Suncorp is doing with its BMC Remedy-based CMDB.
Cameron said that Suncorp is deploying a private cloud because it has to serve its customers better and take care of them more quickly. In traditional data centers, enterprises often take a week or even months to provision a server depending on how heavy IT staff workloads are and how long queues are for various tasks required by users.
Now, at Suncorp, a user goes to the self-service portal and requests resources and services. Once the requests are made, the fulfillment of these services is automated. Suncorp has now virtualized most of its data centers around servers, storage and so on, resulting in about 80% of its data center services now being covered by automated self-service portal(s).
Most enterprises that have private clouds use some type of method, such as chargeback or physical limits on the amount of capacity that users can request, to keep the lid on demand. Otherwise, users might just keep provisioning virtual servers and use up the capacity quickly.
Essential cloud components
Jeffrey Driscoll, a systems engineer at consultancy Precision IT, advises that when companies start building a private cloud, the basic building blocks are servers, storage such as a SAN, and virtualization software. "Then you start building a cluster," he says, and after that cluster is complete, "capacity planning becomes critical."
Capacity planning involves figuring out what happens when you add servers and other resources to the cluster as needed to keep up with business demand. Capacity planning is a major component of the cluster and the cloud's performance. If it's done wrong, you might end up with useless systems or have to shoehorn in traditional, non-cloud systems to keep things running.
Most organisations are not good at monitoring and keeping ahead of capacity. To be able to satisfy user demands, you always have to have some extra capacity on the data center floor, which means a certain amount of hardware sitting around in idle mode. Keeping a history of capacity usage in your enterprise can help you make sure that you have sufficient - but not too much - capacity.
One solution is to create a hybrid cloud environment and, when capacity is not available in the private cloud, move requests for capacity to public clouds such as Amazon Elastic Compute Cloud.
Once the cluster is up and running, you can start provisioning virtual servers. The result is a tiered architecture with a server layer, a network layer and a virtualisation layer. There is a management tool at each layer. "Now you can start thinking about automation," Driscoll says.
Some security concerns
Driscoll says that private clouds are great for businesses with security concerns or regulatory requirements, although Suncorp's Cameron says that private clouds force implementers to rethink how they do security.
For example, the way in which firewalls are handled in traditional data centres is not going to always work in cloud environments where workloads can be moved around. The reason: In a virtualised environment, servers may be organised into different security groups, and the security of the target host may not be satisfactory for a virtual machine (VM) being migrated to it.
Suncorp is now well advanced in virtualising its firewalls. Virtualised firewalls are important because multiple VMs may be connected using virtualised network switches and other virtualised components, as opposed to a network running entirely over physical hardware and cabling.
Bottom line is that the security issues in virtual environments are not always the same as those in non-virtual environments.
Managing the storage piece
Storage isn't always as big an issue as some would have you think. If storage problems exist in your virtualized environment, there are some ways of dealing with them, including deduplication, thin provisioning and becoming more savvy about the way you purchase storage.
"All we needed to do was to move storage up a tier" -- from Serial ATA to Integrated Drive Electronics -- "to resolve some initial performance issues," says Craig Baughn, vice president of hosting services at Concur. At first, the company had "slightly underestimated" the I/O requirements of the virtualized environment, he explains. "We found that it's critical to profile the storage demand of a given server/application before moving it to a VM so we can place it on the correct storage tier out of the gate."
The architecture that Concur deployed "allowed us to leverage deduplication wisely," Baughn says, and achieve greater than 40x compression without sacrificing performance. Deduplication is a storage-based means of eliminating duplicate or redundant information. One benefit of doing this, he explains, is that the VM reboot time is twice as fast, on average, when compared to that of physical servers.
Baughn says, "We are focused on making the capacity in our private cloud elastic, expanding dynamically when the needs of our clients and employees require more capacity." Concur chose VMware for its virtualization software, CA's Service Assurance Suite for monitoring and BMC's BladeLogic Server Automation Suite to help manage its private cloud.
The case for management tools
The first step in managing private clouds is to get management tools that can bridge the physical infrastructure and the virtual infrastructure. You will have to manage physical servers running no virtualization software and physical servers hosting virtual machines, because not all servers are likely to be resources in the private cloud.
You'll want to choose software that provides you with a consistent environment -- whether you are running a workload on an operating system platform (with or without virtualization) or running an application in a private cloud. In other words, choose tools that let you see the same view across execution environments.
You also want the same type of consistency for software licensing across all of the environments in which you are running applications - private and public cloud, etc.
Infrastructure management includes managing VMs, storage, backup/recovery and so on. Vendors that sell tools here include Abiquo, Nimsoft, 3Tera, Terremark, CA, Cloud.com, Enomaly, Citrix, Platform Computing, Red Hat, Microsoft, Surgient and VMware. While vendors often claim that their products are targeted for private cloud infrastructures, they sometimes use a very loose definition of 'cloud.' You should use caution and carefully investigate the functionality of each product.
Another thing to consider is that small firms and some medium-sized enterprises often do not have the skill sets and experience to take on the task of building a private cloud. These organizations would likely need to hire an IT consultant.
There is a second layer of management, service-level management, which involves managing workloads at a level of abstraction above virtual servers. This is where automation is applied. It is also where traditional management tools such as IBM Tivoli and HP InSight work within the private-cloud stack. The list of vendors that claim to have automation-management tools includes IBM Tivoli, HP, CA, Oblicore, LineSider Technologies, DynamicOps, VMware and BMC.
Private clouds in smaller businesses
The trick to implementing a cloud in smaller companies is to make it act like a cloud but not look like one.
"Small business owners have a very traditional mindset," says Jeffrey Driscoll, a systems engineer at consultancy Precision IT. "So we try to make a virtualized environment look like the traditional environment." This generally involves an Exchange server, an ftp server and so on. Each one of the servers is virtualized. "Then we manage the virtual machines just like they would manage a physical server," he adds.
Small businesses that deploy private clouds are much more likely than their larger counterparts to end up in a hybrid situation - for example, their QuickBooks and Exchange applications are hosted from a public cloud provider and their other applications run on a private cloud.
Tony Iams, vice president and senior analyst at Ideas International, a comparative intelligence firm for enterprise IT infrastructures, says that almost all system and hardware vendors are pursuing some type of virtualization or cloud management tools.
Some vendors are looking at integrating at the operating system level. Microsoft has done a lot of work here, with its System Center management product, to give visibility over what is happening within the hypervisors and inside virtual servers.
Iams also says that when building a private cloud you should plan for having to manage multiple hypervisors -- VMware's ESX, Microsoft's Hyper-V, Red Hat and other implementations of the Linux-based KVM and the open-source Xen. Microsoft can manage Hyper-V virtual servers and some aspects of ESX virtual servers. Other cloud vendors, such as VMware and Red Hat, can also manage VMs created by multiple hypervisors. Ideally, you want to control multiple hypervisors from a single interface.
Commercial versus homegrown tools
The downside of commercial, off-the-shelf tools is that they will likely need to be customized to work with your environment. On the other hand, the downside of rolling your own tools is that your in-house IT group needs to maintain them, make feature enhancements and so on.
One alternative to home-grown tools includes building mixed-component cloud stacks by acquiring various third-party components and putting them together. The question then becomes: Who do you call when there is a problem? Another possibility is to lock yourself into a single vendor such as Microsoft or VMware.
Each alternative has its pluses and minuses, so weigh your options carefully. And keep in mind that turning back from any of them once you're underway is expensive and time-consuming.
Open source tools
Open source software is a good choice for building private clouds because the software is essentially free, and it does not impede the flexibility gained by virtualization and cloud computing the way that proprietary software licensed on physical CPUs sometimes does. For example, proprietary software licensing can create issues with migrating VMs from host to host.
Abiquo, Cloud.com and Red Hat sell open-source tools for managing clouds.
You do not want to lock yourself into a single vendor's cloud stack. Especially avoid vendors with cloud stacks that perform well when using only their components. Reserve the option to plug in your home-grown or third-party tools.
Integrating multiple toolsets
Jeff Deacon, cloud-computing principal for Verizon Business, says that more sophisticated enterprises are integrating multiple management toolsets -- for instance, Hewlett-Packard's Server Automation Suite and BMC's Patrol Automation Suite. Security, firewall, networking and storage elements can be orchestrated from within both BMC Patrol and HP Server Automation Suite. Companies that do not link multiple toolsets may have to write a lot of their own software to get the necessary automation capabilities.
It is not yet possible to buy one commercial product that will do everything that most IT managers need to do for private clouds. You have to stitch together a number of different products from various vendors and place your own GUI on the front end.
Is single-console management a reality for private clouds? Iams says that not everyone will be able to get by with just one console, but even two or three consoles represent a huge improvement over the dozen that some shops use today.
Deacon thinks that single-console management is in the cards. He says that Verizon Business has built a high-level console management layer that calls APIs from VMware vCenter, HP Network Automation and HP Virtual Connect, among other products.
Frank Gillett, vice president and principal analyst at Forrester, says, "It is unrealistic to think that we are going to get many of these management tools to work together." Instead, what will likely happen over time, he predicts, is that " the market shrinks dramatically" and the handful of vendors left offer "much more integrated capabilities."
IT shops need federation and interoperability, Gillett adds, "and we are very early in those efforts. We may be able to bring private cloud management tools together, but it will be a messy interim period."
Some IT managers have indicated that they are looking to go with large established companies for cloud technology because they cannot trust their data center to startups that may not be in business in a year or two.
Deacon agrees. He says that the large companies like HP and IBM will likely buy up cloud-based startups and add the startups' software to their existing portfolios. This is what HP did with OpsWare and BMC did with BladeLogic. And CA has been on a buying spree, acquiring Nimsoft, Oblicore, 3Tera and others.
Transitioning to a private cloud: Summary
Implementing a private cloud is not easy. Some enterprises use homegrown tools. Others create cloud stacks consisting of components from multiple vendors. Still others buy all their software from Microsoft or VMware, thereby locking them into a single vendor.
Regardless of the differences in approach, organizations that take on the task of deploying a private cloud are generally doing it for the same reasons: to lower costs and to provide more agile provisioning. However, many of the processes and procedures that have been used in data centers for many years require changes.
This is probably the most difficult part of implementing a private cloud. IT organisations have many processes and requirements in the provisioning process, including budget requirements, discussions with storage, network and server groups - and lots of paperwork. These methods are directly opposed to the streamlined, short-duration provisioning associated with private cloud computing using automation and orchestration.
There will be enormous pressure from business users to start using clouds. If the data center operations group cannot respond quickly with its private cloud, then expect your business users to look at public clouds as an alternative.
This is why, in the past year, some IT organizations have begun to work quickly on deploying private clouds. To successfully compete with public cloud providers, IT staff need to deploy similar services in-house, making it better and more attractive to use their private cloud than to have applications groups go outside the enterprise to public clouds.
Bill Claybrook is an analyst with more than 30 years of experience in the computer industry, specialising in Linux, open source, virtualisation and cloud computing. He is president of New River Marketing Research in Concord, Mass., and holds a Ph.D. in computer science. He can be reached at [email protected]