Six Tips to Supercharge Your Cloud Deployment

When it comes to cloud infrastructure, there’s a lot more marketing hype out there than there is real advice based on field experience. I was lucky to help Telstra, Sensis, and other companies build large shared infrastructures, and recently I saw first hand how other large enterprises built dynamic infrastructure services. What NetApp learned in building these environments contributed directly to the creation of the NetApp Dynamic Data Center, which encapsulates NetApp best practices for cloud deployment in a flexible cloud-storage solution.

In this article, I give you a few of what I believe are the most important things to consider for enterprise-class cloud services. These tips should apply equally well to enterprises looking to deploy internal cloud infrastructure and service providers interested in offering enterprise service levels to demanding cloud customers. A companion case study in this issue of Tech OnTap looks at one service provider who has gone down this road and put many of the tips I provide here into practice.

Cloud is all about offering technology that’s packaged, priced, and offered as a standardized and repeatable service offering. The first two tips I provide focus on how you can define your cloud offering; later tips drill down on the technology.

Tip #1: Determine the Type of Cloud You Need

The first thing you have to decide is where to demarcate your cloud service. What will be provisioned? What will you manage? What are the physical bounds of the service in terms of compute, network, storage, OS, applications, and data protection? You need to be crystal clear on what you provide—and what the customer provides—in order to meet service-level agreements (SLAs). NetApp uses four subcategories of service under the broad heading of IT as a service (ITaaS), as illustrated in Figure 1.

Figure 1) Types of cloud services to consider.

When choosing the cloud that suits your needs, start with realistic goals. Start simply with storage as a service or infrastructure as a service, or perhaps desktop as a service (built on IaaS). Figure out what you’ll offer, the line of demarcation for management, and the layer at which secure multi-tenancy is required (do you securely separate clients within the application or within the infrastructure)? Get the foundation right—once you successfully launch your initial capability you can add capabilities on top of it.

You should also ask yourself what you can cloud source. For instance, many application teams use external cloud services to satisfy their needs for development and test infrastructure. Some enterprises outsource their full production IT. A number of the biggest cloud service providers offer not only IaaS in the form of a hosting environment with virtual compute, network, and storage, but also provide managed operating systems and managed application and development environments—effectively offering IaaS, PaaS, and SaaS—such that even very large enterprises can completely cloud source their IT if desired. T-Systems is a great example of this. The company built enterprise-grade IaaS, PaaS, and SaaS clouds servicing several hundred large enterprises.

A final piece of advice regarding your choices here is to make sure you have executive support for whatever decisions you make, including policy, governance, security, and centralization of procurement. Moving to a cloud offering often involves new processes and organization change and that needs champions in all levels of the company.

Tip #2: Apply the 80-20 Rule to Figure Out What Services to Offer
If you try to build a cloud that satisfies 100% of the requests you receive from your customers, you’re probably doomed to failure. In accordance with Pareto's 80-20 Principle, you should be able to satisfy 80% of your application requirements with a set of standard offerings that require 20% of the effort. Build a catalog or menu of standard services targeted at meeting this 80% of requests. A typical service catalog provides:

• Storage tiers, so that applications can be matched with their capacity and performance needs
• Different levels of data protection to meet varying RPO and RTO requirements
• Support for a standard set of physical and virtual operating systems and server types
• Activation guides to provide standards for application connectivity and data layout that have been tested for throughput and latency
• A long-term retention option for archive or compliance needs

For each catalog item, you should also consider the service-level agreements, security and isolation expectations, how customers will be charged, the metrics you’ll track, and how you will bill back to each department. You need to be able to report on conformance for all SLAs.

The remaining 20% of requests can easily absorb 80% of your effort if you let them. These will take a much longer time to fulfill—since they can’t be met through your standard cloud offering—and, as a result, will cost more. However, over time requestors will begin to realize the benefits of using the standard offering (faster time to market and lower cost), and you’ll likely find that 90% or more of the new requests you receive are for your standard offering.

Tip #3: Use 10-Gigabit Ethernet as a Foundation

If you’ve got a big investment in Fibre Channel storage area networks, you might be tempted to use Fibre Channel as part of your cloud infrastructure. I recommend against it. Almost all of the large cloud services—at service providers and within enterprises—are based on Ethernet for the greater flexibility, scalability, and visibility it provides, as well as for the fact that greater economies of scale lead to continuing cost reductions.

The clouds I’ve been involved in primarily use NFS and some iSCSI, and we’re seeing interest in Fibre Channel over Ethernet (FCoE). NFS is the protocol of choice for large providers such as T-Systems, Thomson-Reuters, Oracle, and Telstra for its low cost, simplicity, ease of thin provisioning and cloning, and the visibility of the file system within the storage cloud. These guys use NFS for all the large Oracle databases as well as for their VMware® infrastructure.

If you want to be able to move virtual servers and storage across data centers or have your storage and compute networks span multiple data centers, Ethernet and Internet Protocol (IP) are typically required. They also simplify mobility of workloads and applications.

10-Gigabit Ethernet is now widespread, and 40-Gigabit Ethernet is coming, so, from the standpoint of both higher bandwidth and lower latency, it makes sense to choose Ethernet as your backbone for both data and user traffic. Because Ethernet storage is the wave of the future, choosing Ethernet storage provides investment protection.

As you may know, Cisco is investing heavily in Ethernet technology, including research and development for FCoE and Data Center Ethernet (aka Data Center Bridging, DCB), to ensure its success. DCE/DCB not only makes Ethernet lossless for storage traffic, but also provides different priorities to split traffic based on importance, adding queuing per priority and, hence, QoS capabilities. Cisco UCS is arguably one of the biggest changes in server design in the last decade, and it’s optimized for 10 GbE.

Tip #4: Automate Networks, Servers, and Storage First to Simplify Infrastructure Orchestration

The cloud is about being able to treat each layer of infrastructure as a large pool of resources with a few different classes of service in each. You no longer have to care what physical system the resources reside on; you simply draw on resources as needed and then give them back when they are no longer necessary. Choosing the right tool set is what makes this possible.

For each layer in the infrastructure you need an automation tool to hide the complexity of managing all the individual devices and abstract them into a pool of resources. For example, NetApp® Protection Manager is based on three key concepts that make it simple to make broad changes with a few clicks:

• Data sets. A data set is a collection of data objects with similar protection requirements.
• Policies. You can use an existing policy or create a new policy to accommodate different procedures and/or schedules.
• Resource pools. Secondary storage resources are grouped into "resource pools."

These concepts remove the need to manage individual storage systems and give you a lot of power. For instance, if you want to provide a class of service in which data is replicated to a secondary site, you define a data set containing the volumes or LUNs you want to be replicated and apply a replication policy. To give the same protection to new volumes you only have to add them to the data set.

Once you have separate tools in place that can pool server, storage, and network resources, tying the complete cloud service together becomes easier for orchestration tools such as BMC Atrium Orchestrator, IBM TPM, HP Orchestrator, VMware Lifecycle Manager, or one of the more than 50 other cloud orchestration vendors. This allows the orchestration engine to easily request resources without worrying about managing capacity and performance on storage and so on. Instead it manages workflow and approvals, connects resources to customers, configures billing, and can be used to build the all-important self-service portal that clients use to access the cloud.

Tip #5: Build in Security from the Ground Up

When you think about deploying enterprise applications on cloud infrastructure, security becomes a key consideration. How can you be certain that applications, data, and customers are securely isolated in an infrastructure in which servers, networks, and storage are all shared resources?
You need technologies that effectively partition data and applications on servers, networks, and storage without resorting to the inefficient, siloed architectures of the past. You can achieve this by layering security throughout your infrastructure. You should have at least two layers of security in each infrastructure layer to prevent operator mistakes from creating exposure. Key technologies you should consider include NetApp MultiStore®, vFiler® units, VLANs, virtual data centers (VDCs), ACLs, port ACLs, the Cisco Nexus 1000v, and VMware VShield Zones. All of these help with secure multi-tenancy throughout the infrastructure stack.

I’ll cite the technology I know best as an example. NetApp MultiStore software lets you achieve secure multi-tenancy through the creation of separate, private logical partitions on a single storage system so that no information on a secured virtual partition can be viewed, used, or downloaded by unauthorized users. MultiStore is like a hypervisor for storage controllers. A recent independent security analysis of MultiStore validated its strength. Large cloud providers using NetApp storage almost always choose MultiStore.

Tip #6: Create an Always-On Infrastructure

One thing that people often fail to realize soon enough is that, once you have 50 applications sharing the same physical infrastructure, there’s no way to shut it down for maintenance. It took 18 months to plan downtime for a shared storage system at one of the sites I’m involved with. We could never get an outage window that suited the five large clients using the infrastructure—one of which is the largest CRM environment in the southern hemisphere.

You have to plan ahead and be able to manage workloads without infrastructure outages; this means using technologies that allow you to provide live application migration for equipment maintenance, hardware replacement, or software upgrades. You can leverage these same technologies to balance the load across your infrastructure.

For live data migration, NetApp offers Data ONTAP® 8 and NetApp Data Motion™ to manage storage infrastructure capacity, performance, and equipment. NetApp Data Motion integrates with NetApp MultiStore, SnapMirror®, and Provisioning Manager to provide both live migration and secure multi-tenancy for Ethernet-storage workloads. All data migration operations are performed while your applications continue to run, with just a short pause in I/O during the cutover. There is no impact on host systems because the operation occurs at the storage system level. Once data migration completes, applications and clients make the transition to the destination system with no service disruption.

VMware VMotion™, XenServer XenMotion, and Microsoft® Hyper-V™ Quick Migration let you do the same thing with virtual machines that NetApp Data Motion lets you do with storage: You can migrate VMs between physical servers without application disruption. In addition to its use for nondisruptive maintenance and upgrades, this capability is used by virtual infrastructure managers to optimize per-machine performance or meet other requirements.

Conclusion

The recommendations above are based on solutions that are currently available (NetApp Data Motion will be available in Data ONTAP 7.3.3). By paying attention to current best practices and ignoring the hype, you can create a flexible cloud infrastructure that increases efficiency to lower your costs without sacrificing the service levels that your internal and external customers expect.

The key is to have good information and to study what has worked for other companies. If you’re relatively new to cloud computing, you can learn more in a recent Tech OnTap article and white paper. To read relevant customer stories go to the NetApp Library and search on “cloud” or click on any of the links associated with customer names in this article. You can access information on all NetApp cloud technologies at cloud.netapp.com or read our new Cloud Team blog for the latest developments

 

Hamish McGovern Senior Product Manager NetApp Hamish joined NetApp in 2000 to lead the technical team for Telstra, one of NetApp’s largest customers. He is currently product manager for the NetApp dynamic data center solution, enabling IT as a service with a secure multi-tenancy infrastructure, NetApp’s infrastructure-as-a-service cloud offering, and NetApp Data Motion for live migration. Prior to working at NetApp, Hamish led the systems integration team at Australia’s largest ISP and spent 10 years in the telco and online services industry.