Deploying and Managing Private Clouds: The Essentials Series

Dan Sullivan
Deploying
and Managing
Private Clouds
The Essentials Series
sponsored by
TheEssentialsSeries:DeployingandManagingPrivateClouds DanSullivan
i
IntroductiontoRealtimePublishers
by Don Jones, Series Editor

Forseveralyearsnow,Realtimehasproduceddozensanddozensofhighqualitybooks
thatjusthappentobedeliveredinelectronicformatatnocosttoyou,thereader.Weve
madethisuniquepublishingmodelworkthroughthegeneroussupportandcooperationof
oursponsors,whoagreetobeareachbooksproductionexpensesforthebenefitofour
readers.
Althoughwevealwaysofferedourpublicationstoyouforfree,dontthinkforamoment
thatqualityisanythinglessthanourtoppriority.Myjobistomakesurethatourbooksare
asgoodasandinmostcasesbetterthananyprintedbookthatwouldcostyou$40or
more.Ourelectronicpublishingmodeloffersseveraladvantagesoverprintedbooks:You
receivechaptersliterallyasfastasourauthorsproducethem(hencetherealtimeaspect
ofourmodel),andwecanupdatechapterstoreflectthelatestchangesintechnology.
Iwanttopointoutthatourbooksarebynomeanspaidadvertisementsorwhitepapers.
Wereanindependentpublishingcompany,andanimportantaspectofmyjobistomake
surethatourauthorsarefreetovoicetheirexpertiseandopinionswithoutreservationor
restriction.Wemaintaincompleteeditorialcontrolofourpublications,andImproudthat
weveproducedsomanyqualitybooksoverthepastyears.
Iwanttoextendaninvitationtovisitusathttp://nexus.realtimepublishers.com,especially
ifyouvereceivedthispublicationfromafriendorcolleague.Wehaveawidevarietyof
additionalbooksonarangeoftopics,andyouresuretofindsomethingthatsofinterestto
youanditwontcostyouathing.WehopeyoullcontinuetocometoRealtimeforyour
farintothefuture. educationalneeds
enjoy. Untilthen,
DonJones
ii
IntroductiontoRealtimePublishers.................................................................................................................i
Ar
ticle1:StepstoMigratingtoaPrivateCloud..........................................................................................1
Ad vantagesofaPrivateCloud.......................................................................................................................1
ImprovedHardwareOptimization..........................................................................................................2
ReducedSupportCostswithSelfServiceManagement................................................................3
ReducedCapitalExpenditures..................................................................................................................3
ReducedTimetoDeployApplicationsandServices.......................................................................3
WhenaPrivateCloudIsNottheRightOption........................................................................................3
AssessingtheCurrentStateofReadinessforaPrivateCloud.........................................................4
IncrementallyMovingtoaPrivateCloud..................................................................................................5
Summary.................................................................................................................................................................5
Ar ticle2:TipsandBestPracticesforManagingaPrivateCloud.........................................................6
Es tablishingPoliciesandProcedures.........................................................................................................6
CostAllocationandReporting..................................................................................................................7
ImageManagement........................................................................................................................................7
SecurityandPatchManagement..............................................................................................................8
BackupandDisasterRecovery.................................................................................................................9
StandardizingHardwareandApplicationStacks..................................................................................9
FormalizeDiscoveryandMonitoringProcedures.............................................................................10
Summary..............................................................................................................................................................11
Article3:ManagingfortheLongTerm:KeystoSecuring,Troubleshooting,andMonitoring
aP rivateCloud........................................................................................................................................................12
Se curingaPrivateCloud................................................................................................................................12
IdentityManagement.................................................................................................................................13
ImageManagement.....................................................................................................................................13
NetworkSecurity.........................................................................................................................................14
TroubleshootingPrivateCloudInfrastructure...............................................................................14
KeyAreastoMonitor......................................................................................................................................15
Summary..............................................................................................................................................................16
iii
Copyright Statement
2011 Realtime Publishers. All rights reserved. This site contains materials that have
been created, developed, or commissioned by, and published with the permission of,
Realtime Publishers (the Materials) and this site and any such Materials are protected
by international copyright and trademark laws.
THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice
and do not represent a commitment on the part of Realtime Publishers its web site
sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for
technical or editorial errors or omissions contained in the Materials, including without
limitation, for any direct, indirect, incidental, special, exemplary or consequential
damages whatsoever resulting from the use of any information contained in the Materials.
The Materials (including but not limited to the text, images, audio, and/or video) may not
be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any
way, in whole or in part, except that one copy may be downloaded for your personal, non-
commercial use on a single computer. In connection with such use, you may not modify
or obscure any copyright or other proprietary notice.
The Materials may contain trademarks, services marks and logos that are the property of
third parties. You are not permitted to use these trademarks, services marks or logos
without prior written consent of such third parties.
Realtime Publishers and the Realtime Publishers logo are registered in the US Patent &
Trademark Office. All other product or service names are the property of their respective
owners.
If you have any questions about these terms, or if you would like information about
licensing materials from Realtime Publishers, please contact us via e-mail at
info@realtimepublishers.com.
[EditorsNote:ThisbookwasdownloadedfromRealtimeNexusTheDigitalLibraryforIT
rofessionals.AllleadingtechnologybooksfromRealtimePublisherscanbefoundat
ttp://nexus.realtimepublishers.com
P
h .]
Article1:StepstoMigratingtoaPrivate
Cloud
Advancesinserverhardware,networkinfrastructure,andvirtualizationallowforarange
ofITarchitectures,includingtheuseofcomputingclouds.Cloudsarecollectionsof
computing,storage,andnetworkservicesthatcanberapidlyallocatedforparticularjobs
andtheneasilyreleasedtobeemployedforothertaskswhenthejobsarecompleted.The
adoptionandcontinueduseofpubliccloudservicesdemonstratetheeffectivenessand
efficiencyofthiscomputingmodel.Businessesandotherorganizationswithunderutilized
servercapacitymaybewellservedbyredeployingtheirhardwareinaprivatecloud
configuration.
Thisseriesprovidesanoverviewofprivateclouds,theiradvantagesanddisadvantages,
andasuggestedplanformigratingtoaprivatecloudarchitecture.Thisarticlewillbegin
thediscuss ssandtalkabout: ionwithanassessmentproce
Advantagesofaprivatecloud
Whenaprivatecloudisnottherightoption
ud Currentstateofreadinessforaprivateclo
Incrementalmovementtoaprivatecloud
Anobviousquestionyoumustfirstanswerinthisprocessis,Whyuseaprivatecloud?
AdvantagesofaPrivateCloud
Theadvantagesofaprivatecloudstemfromfourcommoncharacteristicsfoundincloud
environments:
Improvedhardwareoptimization
lfservicemanagement Reducedsupportcostswithse
Reducedcapitalexpenditures
Reducedtimetodeployapplicationsandservices
achofthesecharacteristicsisaproductofthecloudarchitecture. E

2
ImprovedHardwareOptimization
Traditionalmethodsofdeployingasingleservertorunasingleapplicationoftenresultin
underutilizationofservercapacity.Serversdesignedtomaintainacceptablethroughput
duringperiodsofpeakdemandwastecomputingcapacityduringnonpeakperiods.
Runningmultiplevirtualserversonasinglehardwareservercanhelptoimprove
utilization,butbecausetheseconfigurationsarerelativelystatic,theremaycontinuetobe
periodsoflowutilization.
Consideranexample.Afinancereportingserverexperiencespeakdemandsinthemiddle
ofthenightandearlymorningasdailyreportsaregenerated.Ahumanresources
applicationserverexperiencesthegreatestdemandduringnormalbusinesshours,
especiallythelatemorningandearlyafternoon.Thesetwoapplicationscouldrunona
singleserverusingvirtualizedhosts,improvingtheoverallutilizationrate.Therearestill,
however,periodswhentheCPUsandotherserverresourcesaresignificantly
underutilized.
AsweseeinFigure1,evenwithvirtualization,therearetimeswhenanothervirtual
machinecouldmakeuseofthephysicalserver.Adrawbackofvirtualizationisthatit
requiressignificantefforttoinstall,configure,andmonitoreachnewvirtualmachine.
AlthoughwehaveavailableCPUcapacity,thetimeandeffortrequiredtoinstallanother
virtualmachineoutweighthebenefitsofmoreefficientserverutilization.Cloudcomputing
softwareeliminatesthistypeofadministrativeoverheadandallowsforrapiddeployment
ofvirtualmachines.
Figure1:Virtualizationcanimproveutilizationbuttheremaycontinuetobeperiods
ofunderutilization.

3
ReducedSupportCostswithSelfServiceManagement
Withaprivatecloud,ITdepartmentscanestablishcatalogsofvirtualmachineimages,
sometimesreferredtoasaservicecatalog.Enduserscanselectanimagefromtheservice
catalogandhaveitrunononeormorevirtualmachinesintheprivatecloud.Asystems
administratorisnolongerneededtostartanewvirtualmachine.Endusersdecidewhento
startandstoptheirvirtualmachines.Asaresult,hardwarecanbemoreefficientlyutilized
whileatthesametimereducingsupportcoststhroughselfservicemanagement.
ReducedCapitalExpenditures
Moreefficientuseofserverhardwarecanquicklyleadtoreducedcapitalexpenditures.In
thepast,anewbusinessservicemayhaverequiredadditionalhardwaretosupportthat
service.Usingaprivatecloud,anITdepartmentcanpoolitsserverresourcesandallocate
virtualserversasneeded.Newbusinessservicescantapintothesamepoolofservers
withouthavingtopurchasehardwarebasedonpeakdemandexpectations.Cloud
administratorsmonitorusageandplanforexpansionbasedontheaggregateneedsofall
usersnotonthepeakdemandperiodsofeachindividualapplication.
ReducedTimetoDeployApplicationsandServices
Eliminatingorreducingtheneedtotightlycouplehardwaretoapplicationscanalsoreduce
thetimerequiredtodeploynewapplicationsandservices.Applicationownersandsystem
architectscandesignanddeploynewservicestothecloudwithouthavingtowaitto
procure,install,andconfigurenewhardware.
Theadvantagesofcloudcomputingarecompellingreasonstoshifttothismodel,butisit
alwaystherightchoice?
WhenaPrivateCloudIsNottheRightOption
Idealsolutionsinsomecircumstancesarenotidealinothers.Cloudcomputingisno
exception.Ingeneral,cloudcomputingcanbeanefficientandcosteffectivewayof
deploying met: ITresourceswhenthefollowingconditionsare
Thecloudproviderhasstandardizedhardware
Thecloudproviderhasstandardizedoperatingsystem(OS)andapplication
stacks
ing Sufficientnetworkinginfrastructureisinplacetosupportcloudcomput
Managementtools,suchasserverandnetworkmonitoring,areinplace
ms
Thedistributionofjobslendsthemselvestodistributedcomputingplatfor
Aprivatecloudmaynotbethebestoptionifthehardwareyouplantodeployisnot
standardized.Acommonhardwarefoundationwillmakedeploymentandmanagement
mucheasier.Ifdifferentplatformsrequiredifferentdriversandseparateversionsof
machineimages,thecloudwillrequireadditionalmanagementandunderminesomeofthe
costadvantagesofacloud.
Ifjobsarenoteasilydividedamongvirtualmachines,aprivatecloudmaynotbe
appropriate.Forexample,abusinessintelligenceapplicationthatgeneratesalargenumber
ofreportscanbesplitoverseveralvirtualmachineswitheachinstancegeneratingreports
fordifferentdepartments.Incontrast,anoptimizationproblemthatrequiresalarge
amountofsharedmemoryonasinglemachineoragraphicsrenderingapplicationthat
requiresspecializedgraphicshardwarearebestrunondedicatedhardware.
Anotherrequirementthatiseasilyoverlookedishavingpropermanagementtoolsinplace.
Cloudsrequiremonitoringtoensureservicesarerunningasexpectedintheshorttermand
toprovidedataforlongertermcapacityplanning.Ifappropriatemonitoringtoolsarenot
inplacealready,theyshouldbeincludedintheplansfordeployingaprivatecloud.Thisis
justoneoftherequirementsthatyoushouldassessbeforemigratingtoaprivatecloud.
AssessingtheCurrentStateofReadinessforaPrivateCloud
Planningistheprocessofidentifyinghowtogetfromwhereyouaretowhereyouwantto
be.Thefirststepinthecaseofprivateclouddeploymentsisunderstandingwhereyouare
intermsof re,includinganassessmentof: existingITinfrastructu
Existinginfrastructure
Resourceutilizationlevels
ations PoliciesandproceduresgoverningIToper
Reportingandcostallocationprocedures
Eachoftheserepresentsimportantelementsforsuccessfullydeliveringprivatecloud
services.
Existinginfrastructureincludesservers,storagesystems,andnetworkinginfrastructure.
Ideally,privatecloudsmakeuseofsimilarservers.TheyhavethesameCPUcores,amounts
ofmemory,typesofpowersupplies,andnetworkinterfacecomponents.Asyouinventory
yourhardware,determinehowmanyofyourexistingserverscanbeusedinacloud.
Serversthatareatorneartheendoftheirusefullifeshouldnotbeincludedinacloud.
. Olderhardwaremaystillbeusefulforlessdemandingapplications,suchasprintservers
Similarly,plantodeploystoragearraysbasedonsimilartechnologies.Themoreweuse
standardizedhardware,themorewecanreducethemanagementoverheadofthecloud.
Assessnetworkcapacity.Aretheresegmentsofthenetworkwithhighlatency?Isexisting
bandwidthsufficientforcurrentneeds?Itisimportanttounderstandifanypartsofthe
networkinfrastructurewillneedtobeupgradedpriortomovingtoaprivatecloud.Itis
possiblethatashifttoacloudmodelwillnotsignificantlyalterthedemandfornetwork
services,butmonitoringisessentialtounderstandtherequirementsforyourparticular
environment.Forexample,itmaybedifficulttoestimatethegrowthindemandfor
networkserviceswhendeployingaprivatecloud.Withreducedcoststodeploynew
servicesandgreaterselfmanagement,businessunitsmaybegintoexperimentwithnew
applicationsandincreasethenumberofjobstheyrun.
Formalpoliciesandproceduresshouldbeinplacepriortomigratingtoaprivatecloud.
Manyaspectsofthesepolicieswillbeembodiedinsystemsthatimplementthecloud.User
authenticationpolicies,forexample,mustbeinplaceinordertocontrolaccesstocloud
resources.Similarly,billingandcostrecoverypoliciesmustbedefinedsothatuserscan
makechoicesaboutthetypesandamountsofcloudservicestouse.Proceduresshouldbe
inplacetoautomateasmuchaspossibletheaccountingandbillingaspectsofdelivering
cloudservices.
IncrementallyMovingtoaPrivateCloud
Deployingaprivateclouddoesnothavetooccurinashortperiodoftime;itmaybe
advantageoustotakeanincrementalapproachtoimplementingacloud.Thiscanbedone
followingabasicthreepartprocess:
Identifyhardwareandapplicationsthatcanbemovedtoaprivatecloud.Again,
notalljobsaresuitableforacloudenvironment,butmanybusinessapplications
are.
Determinetheutilizationlevelsneededtosupportaninitialsetofcloud
applications.Usemonitoringlogsonexistingserverstounderstandpeak
demandlevels,thedurationofpeakdemandperiods,aswellasaverageCPU,
memory,storage,andnetworkutilizationoveranextendedperiodoftime.
Establishamonitoringprogramtocapturedataabouthowthecloud
infrastructureisused.
Onceaprivatecloudisdeployed,youwillstilllikelyhavenoncloudresourcesoperatingas
partofthebroaderITinfrastructure.Itisimportanttocontinuetomonitortheseresources
aswell.Asbusinessusersmigratetheirapplicationstothecloud,additionalresourcesmay
beneededintheprivatecloud.Someofthisneedmaybemetbyserversthatoperate
outsidethecloud.Acomprehensivemonitoringprogramwillhelptooptimizethe
allocationofresourcesbetweencloudandnonclouddeployments.
Summary
Privatecloudcomputingenvironmentsofferanumberofadvantagesforoptimizingtheuse
ofservers,storage,andnetworkservices.Althoughcloudarchitecturesarenotappropriate
forallrequirements,manybusinessapplicationsarewellservedbycloudcomputing.
Organizationsplanningamovetoaprivatecloudshouldconductareadinessassessment
priortodeployingaprivatecloud.Aspartoftheimplementation,ensurepoliciesand
proceduresareinplacetoeffectivelymanagethecloudandhavemonitoringtoolsinplace
tocollectthedatathatwillbeneededtoensureboththeshorttermavailabilityandlong
termefficiencyoftheprivatecloud.

6
Article2:TipsandBestPracticesfor
ManagingaPrivateCloud
Privatecloudsarearelativelynewmodelfordeliveringcomputingandstorageservices,
butthismodelbuildsonalonghistoryofITinfrastructuremanagement.Privatecloudsare
adeliverymodelthatbuildsonwellestablishedITpractices,suchasvirtualization,
networkmanagement,systemsadministration,andoperationsmanagement.These
practiceshavedevelopedoveryearsofrepeateduseandrefinementinawidevarietyof
applicationareas.Wedrawfromthesepracticeshereandhighlightthreeareasthatare
especially nt: applicabletoprivatecloudmanageme
Establishingpoliciesandprocedures
Standardizinghardwareandapplicationstacks
Formalizingdiscoveryandmonitoringprocedures
Together,thesehelptoestablishasustainablemanagementframeworkthatpromotesthe
efficientuseofcloudresourceswithoutcreatingunnecessarymanagementburdensforIT
staff.
EstablishingPoliciesandProcedures
Thefirstsetoftipsandbestpracticesisnotaboutsomearcanetechnologythatenables
cloudcomputingbutisinsteadaboutmanagementpractices.Inmanyways,thebest
hardwareintheoptimalconfigurationwillonlycontinuetoperformwellforsolongbefore
changesindemands,hardwarefailures,andsoftwarerevisionsstarttoadverselyimpact
operations.Privatecloudsrequireaminimalsetofoperatingpoliciesandproceduresthat
areimplementedbyautomatedsystemsandsupportstafftoensuretheprivatecloud
vices. continuestodelivercomputing,storage,andnetworkingser
Someofth proceduresentail: emostimportantpoliciesand
eporting Costallocationandr
Imagemanagement
patchmanagement Securityand
Monitoring
Backupanddisasterrecovery

7
CostAllocationandReporting
Cloudcomputingallowsyoutoefficientlyallocatecomputingandstorageresourceson
demandonanasneededbasis.Whenthefinancedepartmenthasalargenumberofendof
quarterreportstogenerate,theycanallocatemultiplevirtualserversintheprivatecloud
foraslongasneededtocompletethereports.Adatawarehouseprojectwithalarge
amountoflegacydatacanusethecloudfortheinitialdataextraction,transformation,and
loadprocesstorapidlyaddlegacydatatoanewdatawarehouse.Whenadvertising
campaignsaremoresuccessfulthananticipatedandathereisasurgeinorders,theonline
businesscanscaleupbyaddingapplicationserversandWebserverstoaccommodatethe
demand.Unlessalloftheseservicesareprovidedwithoutchargetoendusers,youmust
haveamechanisminplacetotrackusage.
Acostrecoverysystemcanusedatafromtheselfservicemanagementsystemtotrack
whichusersareallocatingvirtualservers,howlongtheyrun,andwhichapplicationsare
runonthevirtualservers.Thelatterisimportanttorecoverthecostofsoftwarelicenses.
Similardataisrequiredontheamountofdatastorageusedovertimeaswellastheamount
ofnetworkbandwidthusedwhilerunningapplicationsintheprivatecloud.
PoliciesareneededsothatITproviderscanplantorecovertheircostsandpossiblybuild
capitaltofinanceadditionalinfrastructurepurchase.Usersneedthesepoliciessothatthey
canplanhowtoefficientlyusethecloud.Anadvantageofcostrecoverypoliciesisthatthey
canbeusedtodistributejobsacrosstime.Forexample,ifthecostofanhourofCPUtimeis
thesameatalltimesoftheday,usershavenoincentivetoruntheirjobsatanyparticular
timeoftheday.If,however,thecostofaCPUhourwas50%lessduringnonbusiness
hours,userswithbatchreportingjobsmightmovetheirjobstooffhoursleavingmore
resourcestotimecriticalapplications.
ImageManagement
Partofaprivatecloudsserviceofferingsisaservicecatalog.Thissetofvirtualmachine
imagesisavailableforuseinthecloud.Policiesandproceduresshouldbeinplacethat
definewhattypesofimageswillbeavailableintheservicecatalogaswellasrules
governingtheuseofprivatelycreatedandmanagedimagesinthecloud.
Policiesshoulddefineaprocessforaddingnewimagestotheservicecatalogand
reviewing,andpossiblyremoving,images.Thegoalistomaintainthesetofimagesthatare
neededbyuserswhilestayingincompliancewithsoftwarelicensesandreducingsecurity
riskstovulnerabilitiesthatmayexistintheoperatingsystems(OSs)andapplications
ithintheseimages.Thisbeginstogetintotherealmofsecuritywithintheprivatecloud. w

8
SecurityandPatchManagement
Theneedforpreservingtheconfidentialityofinformation,theintegrityofdata,andthe
availabilityofresourcesarethekeydriversbehindITsecurity.Aprivatecloudshouldbuild
onexisting to: securitypolicies,especiallywithregard
Userauthenticationandauthorizations
onITmanagedhardware Softwareallowedtorun
Vulnerabilityscanning
ing Operationsmonitor
Patchmanagement
Aprivatecloudbydefinitionisrestrictedtoaspecificsetofpotentialusers.Policiesand
proceduresshouldbeinplacetoensurethatonlyqualifiedusersareallowedtoaccess
cloudresources,thatauthorizationstousesoftwareandhardwarearealignedwithausers
rolesandresponsibilities,andthatthoseauthorizationsandprivilegescanbeeasily
modifiedasneeded.
PoliciescanalsobeusedtobalancetheneedofITadministratorstocontrolwhich
application : sruninthecloudwiththespecializedneedsofsomeusers.Forexample
Ifadepartmenthiresateamofconsultantstodesignacustomdatabase
cloud? application,whatkindofreviewprocessisrequiredtoaddittoruninthe
Canusersrunanyapplicationthatusesastandarddatabasemanagement
system,suchasMicrosoftSQLServer?
WhatifitusesadatabasemanagementsystemnotsupportedbyIT?
Planningforhowtomakedecisionssuchasthisarebestdonewhileplanningforthe
privatecloud;thishelpstoreducetheneedforadhocdecisionmakingwithregardsto
policiesandprocedures.
Complexsoftwarecanharborvulnerabilitiesthatcanbeexploitedformaliciouspurposes.
VulnerabilityscanningisanestablishedpracticeofcheckingdeployedapplicationsandOSs
forknownrisks.Thistypeofpracticeshouldcontinuewithprivateclouds.Bothpublic
imagesintheservicecatalogandprivatelymanagedimagesshouldbecheckedaccording
toapolicydefinedscheduleusingvulnerabilityscanningtoolsthatmeetfunctional
requirementsdefinedinthosepolicies.
Policiesshouldalsodefinethetypeofoperationaldatatocollectandthefrequencywith
whichitshouldbecollected.ThegoalofthispolicyistoensureITadministratorshavethe
informationtheyneedtooptimallymanagetheprivatecloudonadaytodaybasis.This
policyalsoprovidesbaselinedataandtrendinformationthatmanagerscanusefor
planningforthelongtermgrowthoftheprivatecloud.

Anotherpolicyshouldgovernthepatchmanagementprocessandtherelatedprocessof
rebuildingimages.Afteranimageisbuiltandstoredintheservicecatalog,theremaybeOS
upgradesandpatchestoapplicationsthatshouldbeapplied.Apolicyshoulddescribe
conditionsunderwhichapatchisconsideredcriticalandshouldbeappliedimmediately;it
shouldalsodefineroutinepatchschedulesfornoncriticalupdates.Aswithotherpolicies,
itisimportanttohavethispolicyinplacewhendeployingaprivatecloudtoreducethe
needforadhocpolicymaking.
BackupandDisasterRecovery
Aprivatecloudmaybeusedforproductionoperations,soitisimportanttohaveabackup
anddisasterrecoverypolicyinplace.Thebackuppolicyshoulddefinewhatdataisbacked
up,howlongbackupsarekept,aswellascostsassociatedwiththoseservices.Similarly,in
theeventofacatastrophicfailureofaprivatecloud,afailoverplanshouldbeinplace.This
planmayincludeusingmultipledatacenterstohostaprivatecloudorrunningjobsina
moreconventionallyorganizedclusterenvironmentwithmanualmanagementofjobs.The
detailsofhowtoimplementbackupanddisasterrecoverywillvarybyyourneedsand
resources,butitisessentialforbusinesscontinuityplanningtohavesomepolicyinplace.
StandardizingHardwareandApplicationStacks
Anothersetofbestpracticesfocusesonstandardizinghardwareandapplicationstacks.It
isnotthatavarietyofhardwareorsoftwareisnecessarilyabadthing,butitoftenrequires
additionaltimetomanage.Considerasimplescenario:Supposeyoubuildacloudwith
serversfromthreevendorswithdifferentnetworkandstoragecontrollers.Inorderto
minimizedowntime,youmaintainspareparts;however,youhavemultipleconfigurations,
soyoumustmaintainalargersetofsparesthanifyouhadasinglestandardconfiguration.
Theadditionaloverheaddoesnotstopwithhardware.Itisnothardtoimaginethatone
configurationofLinuxmightworkoptimallygivenonehardwareconfigurationbutsub
optimallyinanotherconfigurationand,asaresult,youstarttomaintaintwoormore
configurations.
Themanagementobjectivewithregardstostandardizingistohavetheminimalnumberof
distincthardwareandsoftwareconfigurationsthatmeetalluserrequirements.
Fortunately,itisfairlyeasytostandardizehardware,especiallyifyouarepurchasingnew
serversandstoragearrays.Evenifyouareworkingwithlegacyhardware,youcan
ardwareisretiredorrepurposed. incrementallymovetostandardconfigurationsasolderh

10
Businesseswithawiderangeofapplicationneedswillfindthattheymustmaintainafairly
broadservicecatalogofimages.Thisisnotnecessarilyaproblemifyoucanatleast
standardizeonsomeofthekeycomponentsintheapplicationstack:
OS
s Applicationserver
Networkservices
Transactionprocessingservers
Forexample,abusinessmayhaveoneortwoversionsofWindowsServerandtwoorthree
versionsofLinuxOSsfordifferenttasks.Buildingonthese,theITdepartmentcanoffer.Net
FrameworkapplicationsontheWindowsserverswhileprovidingJavaapplicationsonthe
Linuxservers.Applicationsthatrequiredirectoryservicesmaybeabletorunastandard
LDAPserver.Similarly,theprivatecloudmayofferapreconfiguredtransactionprocessing
serverthatisgeneralizedenoughtomeetmostuserrequirements.
Standardizationdoesnotrequirethatyoufiteveryonesneedsintoasinglesetof
applicationimages.Therewillbeexceptionsandthoseshouldbeaccommodated.The
purposeofstandardizationistoreducemanagementoverhead,notconstrainbusiness
requirements.
FormalizeDiscoveryandMonitoringProcedures
Knowingwhatyouaremanagingandunderstandinghowitisusedisessentialtoefficiently
deliveringcloudservices.Businessesthatdeployprivatecloudswilllikelyhavesome
resourcesdedicatedtothecloudandothersusedoutsidethecloud.Anongoingobjective
willbetoallocateservers,storage,andnetworkservicesoptimallybetweentheprivate
cloudandotheruses.Ifserversareunderutilizedoutsidethecloudwhileatthesametime
jobqueuesaregrowinginthecloudbecausethereisnotsufficientCPUcapacity,thenyou
shouldconsiderreallocatingresources.Tocollectthiskindofdata,youneedtohave
discoveryandmonitoringproceduresinplace.

11
Discoveryandmonitoringsoftwarecanmeetatleastthreemanagementneeds.Automated
discoveryhelpstomaintainanaccurateinventoryofresources.Thisisespeciallyimportant
whenhardwareisfrequentlymovedandrepurposed;manualrecordkeepingcaneasilyfall
behind.Asecondobjectiveistousethenetworkandservermonitoringtocollectdataon
utilizationandavailability.Cloudadministratorscanusethisdatatoidentifybottlenecks,
potentialhardwarefailures,andotherareasthatneedtheirattention.Bothdiscoveryand
monitoringdataisusefulforestablishingoperationalbaselinesandplanningforgrowth.
Thisdatacanhelpjustifytheneedfornewhardwareaswellaschangestopolicies;for
example,ifjobqueuesarefilledduringthedayandrelativelyemptyatnight,achangein
pricingpolicycouldbeusedtospreaddemandmoreevenlythroughouttheday.
Summary
Asprivatecloudsevolve,sotoowilltheirmanagement.Fortunately,youcanleveragemany
ITbestpractices,particularlywithrespecttoestablishingpoliciesandprocedures,
standardizinghardwareandapplications,andformalizingassetdiscoveryandmonitoring
procedures.

12
Article3:ManagingfortheLongTerm:
KeystoSecuring,Troubleshooting,and
MonitoringaPrivateCloud
Privatecloudsaredynamicsystemswithconstantlychangingapplicationloads,hardware
components,andgroupsofusers.Managingforthelongtermrequiresthatyouadopttools
andproceduresthatallowyoutosecurecloudresources,troubleshootcomponents,and
rapidlyperformrootcauseanalysis,aswellasmonitorkeyareastoensurecontinued
availabilityandmeetservicelevelagreements(SLAs).Inthisfinalarticleintheseries,we
willconsiderthreetopicsthatwillbeaconstantconcernforcloudmanagersand
administrators:
Securingaprivatecloud
Troubleshootingaprivatecloudinfrastructure
Monitoringcriticalcomponentsofaprivatecloud
Withtherighttoolsandproceduresinplace,thesetaskscanbeaccomplishedefficiently
andeffectivelyevenasthesizeoftheprivatecloudgrowsandusageincreases.
SecuringaPrivateCloud
ManysecuritypracticescommoninITworkwellincloudenvironments.Therewillbe,of
course,cloudspecificadaptationsandpractices,butforthemostpart,theprinciplesare
thesamewithinandoutsideofacloud.Threetopicsofparticularinterestinprivatecloud
securityare:
t Identitymanagemen
t Imagemanagemen
Networksecurity
Theseareastouchonthreedistinctaspectsofprivatecloudcomputing:whoisallallowed
tousethecloud,whatisallowedtoruninthecloud,andhowthecloudinfrastructureis
rotected. p

13
IdentityManagement
Managinguseridentitiesisafundamentalprocess.Withinaprivatecloud,identity
managementcombinesanumberofsecurityfunctions:authentication,authorization,and
someamountofauditingandlogging.Theyareallbasedontheconceptofauserasan
agentwhoisallowedtoperformoperationsinthecloud.
Authenticationistheprocessofverifyingwhoauserclaimstobe.Simplybecauseauser
identifiesherselfasasystemsadministratorisinsufficientreasontoallowthispersonto
executerootleveloperations.Authenticationisoftenbasedonknowledgeofapasswordor
possessionofatoken.Directoryservicesinacloudcanbeusedtotrackuseridentity
informationandstoreauthenticationdata,suchasencryptedpasswords.Itcanalsobe
usedtostoreinformationaboutauthenticationservicesthatperformverification
operationsbeforegrantingaccesstothecloud.
Onceauserhasbeenauthenticated,theremayberestrictionsonwhatthatpersoncando.
Forexample,mostuserswillbeallowedtoselectanimagefromtheservicecatalogandrun
itonavirtualinstancewithinthecloud.Some,butnotall,usersmaybeabletoinstall
additionalsoftwareonaninstanceandsavethenewversiontotheservicecatalog.Still
otherusersmayhaveprivilegestoalterbillingandaccountingrecordstocorrectforerrors,
suchasforgettingtoshutdownaserverwhenajobwascompleteandbeingchargedfor
theadditionaltime.Thesedifferentlevelsofprivilegesareassociatedwithvarying
authorizations.
Inadditiontosupportingsecurity,identitymanagementsystemsareusefulforaccounting
purposes.Auditingrecordsandoperationallogswithidentityinformationcanbeusedto
determinewhoperformedwhatoperationsinthecloud.Thisisusefulforbothforensic
operationsaswellascostaccounting.
ImageManagement
Besidesknowingwhoisrunningoperationsinaprivatecloud,weneedtobeableto
controlwhatkindsofapplicationsandoperatingsystems(OSs)areruninthecloud.Asa
generalstartingpoint,wewillwanttorestrictapplicationstothosethatmeetaminimalset
ofcriteriaforrunninginthecloud,suchas:
applications Runningsoftwarefromanapprovedsetof
Runninginservicetobusinessoperations
Notrunninganytypeofmalicioussoftware
ergovernancerequirements Notviolatingprivacy,confidentialityoroth
Notviolatingsoftwarelicenseagreements
collectionprocedures Notunderminingauditingandaccountingdata

14
Tomeettheserequirements,theservicecatalogmustimplementaccesscontrolstolimit
whocanadd,remove,andmodifyimagesinthecatalog.Theimagesintheservicecatalog
shouldbeperiodicallyscannedformalwareandvulnerabilitiesandpatchedasneeded.
NetworkSecurity
Applicationsrunninginthecloudshouldoperatewithinassecureanetworkenvironment
aspossiblewhilestillallowingfornecessarybusinessservices.Theperimeterofthecloud
shouldbecontrolledtomitigatetheriskofexternalthreats.Forexample,onlyvirtual
privatenetwork(VPN)usersmaybegrantedaccesstocloudresourceswhenarequest
comesfromanexternalnetworksource.Networktrafficshouldbemonitoredtowatchfor
suspiciousactivity,suchaslargefiledownloadsoutsidethecloudoutsideofnormal
businesshours.Similarly,frequentfailedattemptstoauthenticatetoacloudserviceor
methodicalprobesofportscanindicateunauthorizedattemptstoaccesscloudservices.
Monitoringnetworkandserveractivityhelpswithtroubleshootingaswellaswithsecurity.
TroubleshootingPrivateCloudInfrastructure
Inordertokeepaprivatecloudfunctioning,weneedtobeabletoquicklyidentify
problemsandcorrectthem.Therearetwokeyfunctionsweneedfromournetworkand
infrastructuremanagementsoftware:supportforproblemdetectionandrootcause
analysis.
Monitoringsoftwareshouldbeinplacetoalertsystemsadministratorswhenaproblem
conditionexists.Rulescanbeestablishedtodefinethresholdsforproblemevents.For
example,ifacertainnumberofattemptstopingaserverfailinagiventimeperiod,an
administratormaybealerted.Similarly,ifthenumberofwriteerrorstoadiskexceeds
somethreshold,analertissenttoinformamanagerofapotentialhardwareproblem.In
manycases,though,thecauseofaproblemmaynotbeobviousandanalertmaybemore
ofanindicationofasymptomthanofanunderlyingproblem.
Rootcauseanalysisistheprocessofidentifyingtheunderlyingcauseofaproblem.For
example,ifanapplicationgeneratesanerrorbecauseitcannotupdateadatabaserecord,
theremaybemultiplecauses:
Ahardwareproblemwiththestoragearraythatispreventingdatablockstobe
writtenfromcachebacktothedisk
Anetworkproblembetweenthedatabaseserverandthestoragearray,whichis
preventingthestoragedevicefromacknowledgingthatthedatablockhasbeen
writtentodisk
gicaltransactioneventhough
llworkingcorrectly
Anapplicationerrorthatfailstocompletealo
server,storage,andnetworkingservicesarea

15
Whentroubleshootingproblemsinacloudenvironment,itishelpfultohavetoolsthatcan
quicklyisolateparticularaspectsofaproblem,suchasdeterminingwhetherthereis
connectivitybetweenaserverandastoragedevice,ifastoragedevicecancorrectlyread
andwritefromadisk,andwhetheraservercansuccessfullywriteblocksofdatato
storage.
Toolsthatsupportrootcauseanalysisareimportantformaintainingadequatelevelsof
performanceandavailability.Thelongeraserver,storage,ornetworkproblempersists,
themoreusersitcanadverselyaffect.Also,thelongerittakestodiagnoseaproblem,the
greaterthecostofdiagnosis.Quicklyisolatingthecauseofafailureinaprivatecloudhelps
toimproveavailabilityandtokeepmaintenancecostsundercontrol.
KeyAreastoMonitor
Longtermprivatecloudmanagementisbestbuiltonasolidfoundationofoperational
data.Businesseshaveawiderangeofusecasesforrunningjobsinaprivatecloud.
Differentdepartmentsmayhavedifferentpeakdemandperiods,andworkloadsacross
departmentswillvaryfromdaytoday.Themoredatayouhaveabouttheseusagepatterns,
thebetterableyouaretomanagegrowth.
Fourareas estforprivatecloudmonitoringare: ofparticularinter
Serverutilization
dwidthutilization Networkban
Availability
Imageuse
ServerutilizationisameasureofhowmuchavailableCPUtimeisactuallyusedfor
productivework.Improvingthisonemetricisacommonbusinessdriverforadoptinga
privatecloud.Toooften,wepurchasesingleserversforsingleapplicationsandfind
ourselveswithexcesscapacity.Ongoingmonitoringcanhelpidentifyperiodswhensome
serverscanbeshutdowntosaveonpowerwithoutadverselyaffectingperformance.Itcan
alsoprovideinformationoncommonpatterns,suchastimesoftheweek,month,or
quarterwheredemandisunusuallyhighorlow.Withdetailedinformationaboutserver
utilizationandnetworkbandwidthutilization,privatecloudmanagerscanbetterassess
theirabilitytosupportnewbusinessservicesthatwouldputadditionaldemandsonthe
cloud.
Youshouldalsomonitorimageuse.Doingsocanhelpyoutounderstandpatternsof
applicationuseandsupportcompliancewithsoftwarelicensing.Insomecases,image
managementcanhelpidentifysituationsinwhichexcesssoftwarelicenseshavebeen
urchasedandcanbescaledbackinthefuture. p

16
Summary
Longtermmanagementofaprivateclouddependsonseveralfactors,suchassecuring
privatecloudinfrastructure,troubleshootingoperationproblems,andmonitoringassets
andusagepatterns.Bystartingwiththerighttools,youcansecureandmonitoraprivate
cloudefficientlyandeffectively.Careshouldbetakenwhenselectingtoolstomaximize
theiruse;ideallyatoolthatsupportstroubleshootingwillalsohaveadequatelogging
eaturestosupportmonitoringeffortsaswell. f
DownloadAdditionalBooksfromRealtimeNexus!
RealtimeNexusTheDigitalLibraryprovidesworldclassexpertresourcesthatIT
professionalsdependontolearnaboutthenewesttechnologies.Ifyoufoundthisbookto
beinformative,weencourageyoutodownloadmoreofourindustryleadingtechnology
booksandvideoguidesatRealtimeNexus.Pleasevisit
ttp://nexus.realtimepublishers.com h .

Deploying and Managing Private Clouds: The Essentials Series

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Deploying and Managing Private Clouds: The Essentials Series

Încărcat de

Drepturi de autor:

Formate disponibile

Dan Sullivan

S-ar putea să vă placă și