Ask several different organizations why they are implementing a private cloud, and you're likely to receive several different reasons. Ask several people within any one organization why they are implementing a private cloud, and you're still likely to receive several very different reasons, especially if those people span business and operational teams. Ask any of them if they have realized the benefits they thought they would, and they're likely to say "not yet" or "not quite."
|Three Surveys Three Different Top Reasons to Adopt Cloud||%|
|Consolidate IT infrastructure||42%|
While many technologies focus on solving specific pain points, and thus there are clear reasons for implementing them, technologies that cross into the realm of architecture and data center models are less focused on specific problems. Rather, they focus more on providing multiple hard and soft benefits. The result is that organizations justify implementation based on the particular benefit they deem most applicable to their business and operational needs—which is very likely to be different from that of other businesses, even in the same vertical industry.
68% of surveyed IT organizations have deployed private cloud in production.
Source: TechValidate TVID: DD6-314-00B
Inhibitors to cloud adoption, too, show similar fragmentation across organizations, although security remains in the top two or three most often cited reasons why organizations continue to shy away from cloud.
Surveys Three Different Top Inhibitors of Cloud Adoption
|Three Surveys Three Different Top Inhibitors of Cloud Adoption||%|
|Lack of cloud training||43%|
But what no survey asks is how organizations intend to achieve these goals and overcome the obstacles. For example, flexibility is a benefit that can be achieved through automation and orchestration. It can be achieved through consolidation and virtualization, or through a self-service approach to IT services.
By knowing how it intends to realize the benefits associated with cloud computing, an organization can better identify and address the challenges they will meet along the way. In this way, they can define a clear path to confidently implementing the solutions and technologies required to achieve the goal.
One of the more significant challenges in cloud deployment remains in the network: 61 percent of respondents in a 2012 Network World Cloud Computing survey indicated they were "still not fully confident in their network infrastructure preparedness" as it related to cloud computing initiatives. Over half of those not confident in the network infrastructure preparedness still harbored concerns regarding security and control over data, and many were still unsure of IT's ability to manage virtual resources.
A global 500 computer services company addressed the following issues by deploying F5 for their private cloud environment:
Senior IT Architect, Global 500 Computer Services Company
Source: TechValidate TVID: 815-A1C-2BD
Viewing private cloud implementations through the lens of organizational goals brings to light six common network-related challenges that, if met, will enable organizations to successfully realize the desired benefits of private cloud initiatives.
A private cloud, in general, is one path to achieving specific goals for IT, each offering a variety of benefits:
|Automation and orchestration||
|Transition to a hybrid model||
|Virtualization of the network||
The benefits of successfully implementing a model that achieves the intended goal come with challenges that must be met and overcome.
Each implementation goal faces network-related challenges, many of which are shared regardless of the reason for undertaking a private cloud implementation.
With IT as a Service, business and operational consumers can easily provision and manage resources. IT as a Service ultimately enables the consumer to easily "order" IT services to fulfill the application-specific requirements associated with an application deployment, including availability, scalability, security, monitoring, and performance.
IT as a Service requires a dynamic foundation of infrastructure services as well as an automation and orchestration framework. Without such a foundation, consumers may be able to rapidly provision the compute or storage resources necessary for an application, but will not be able to specify the delivery services they need to meet security, access management, availability, and performance requirements.
This requires service-enabling infrastructure and integration with provisioning and management systems. Service enablement can be challenging due to the lack of standards across the infrastructure spectrum, and in some cases organizations lack an API through which they can achieve service enablement.
Integration becomes an obstacle when pre-packaged integration between infrastructure and provisioning/orchestration engines is not provided, as this requires organizations to dedicate time and resources to enabling the integration themselves.
Service-enabling the infrastructure is necessary to automate and ultimately orchestrate operational tasks and processes, respectively. Service enablement is a challenge because there is a lack of standardization within the infrastructure demesne. While many components today are enabled with a control plane API or SDK and have standardized on XML and web services, the depth and breadth of these access methods vary widely and often require skills not commonly found in IT operations today.
Furthermore, these APIs and SDKs are often very granular and specific to the infrastructure component technology. Common operational tasks may require multiple API calls, with each infrastructure component requiring a different set of calls with its own unique terminology. The creation of a VLAN, for example, can require very different service calls on a switch than a load balancer requires. These differences necessitate not only product-specific expertise, but strong knowledge about development tools and methodologies, as well as networking. This makes it difficult to find people with the right mix of operational and development skills to service-enable the infrastructure.
The F5 control plane API, iControl, can be invoked and managed in a wide variety of languages and development environments. Python, Java, PHP, PowerShell, and PERL are among the many languages through which F5 BIG-IP solutions are service-enabled.
F5's user community, DevCentral, serves over 98,000 registered members with a plurality of the community focused on service enablement and the use of iControl to integrate and manage F5 BIG-IP solutions in their architectures. This support for service enablement efforts, provided by such a vibrant community, is invaluable to organizations seeking to expand the integration of the BIG-IP system within their environments.
Automation and orchestration are often blended, but they are two separate concepts. Automation is the codification of an operational task, for example, "add this server to the load balancing pool" or "redirect web requests to another data center." Orchestration is the codification of a process, such as "deploy an application," and usually comprises multiple tasks that have been automated.
Automation and orchestration are critical to achieving higher efficiency and greater scale of operations in the data center, as well as enabling IT as a Service. Task automation enables the creation of repeatable processes—orchestration—that can lead to further efficiency gains through the streamlining of deployment and maintenance processes.
Codifying policies that describe tasks, however, can be challenging because of the wide variety of devices and systems that are involved. No single policy system encompasses all devices and systems, leaving operations with the need to define policies that span multiple systems and address multiple concerns. Integration with the orchestration and automation engines that are responsible for executing these processes can also be fraught with perils similar to those experienced by organizations on an IT as a Service path.
Achieving true elasticity requires the orchestration of multiple components within the data center. Provisioning or decommissioning an application instance is but the first step in a much more comprehensive process that involves load balancing, acceleration and optimization, security, and networking components across the infrastructure.
Equally important to elasticity and automated deployment are triggers that initiate provisioning and decommissioning of application instances. These triggers generally act upon thresholds set by business and operational requirements for performance and availability, and thus need metrics against which such thresholds can be evaluated. Not only is it necessary to have visibility of metrics, but the means by which those metrics can be communicated, such as triggers and integration with reporting systems, must also be enabled.
The most common way to address this challenge is by integrating infrastructure components with provisioning and orchestration engines. While such integration handily addresses most of this challenge, it raises others. Not every component is integrated with every provisioning and orchestration engine. Careful consideration with respect to the integrations available for infrastructure components is required to ensure this critical support is not overlooked.
F5 has a long and proven history of support for and integration with the most strategic data center partners in the world. From Microsoft to Oracle, IBM to HP, and VMware to Dell, F5 maintains infrastructure and application alliances that ensure the integration required not only exists, but is tested and proven by both organizations.
F5 tightly integrates with the leading provisioning and orchestration engines, enabling organizations to take immediate advantage of these integrations to form the foundation for a private cloud implementation. F5 is also supported by popular devops frameworks such as Opscode Chef, Puppet Labs Puppet, and CloudStack for organizations implementing private cloud who are building their own provisioning and management frameworks.
Whether the goal is IT as a Service, transitioning to a hybrid architecture, or operational consistency, the codification of reusable policies is a must. An application control plane that can accept and apply the proper policies that govern security, performance, and availability enable organizations to achieve greater economies of scale within operations and ensure consistency of application deployments regardless of the environment in which they reside.
Such policies must be flexible, however, to ensure location- and application-specific parameters can be applied on a per-application or per-project basis. This means accepting input in a way that abstracts the policy without losing any of its configuration-specific implementation.
F5 addresses this challenge with iApps. iApps enables IT operations to define application-specific deployments in a way that requires very little specific network knowledge and no product-specific knowledge to configure. Each iApp codifies the configuration and operational policies governing security, performance, and availability of the application, and can be simply configured by application owners either directly through a user interface or as part of an automated application deployment lifecycle process.
iApps Templates can be invoked via the iControl API to ensure integration with existing automation frameworks and orchestration engines.
For some organizations the end goal is a hybrid cloud architecture, one in which public cloud resources are integrated into data center management and infrastructure systems to enable cost reduction, elasticity, and flexibility. While it's not required to implement a hybrid model, some organizations normalize the data center on a cloud computing–based architecture to ease integration efforts with public cloud environments.
Regardless, organizations on the path to a hybrid model must have an architectural approach that can support inter-cloud needs. The ability to bridge environments is crucial in hybrid architectures, and organizations must consider identity and access management in a multi-cloud environment.
Hybrid architectures necessitate the distributed deployment of infrastructure and compute services, which includes policies that govern security, availability, and access management. When this disjointed set of policies is deployed, it can lead to operational inconsistencies in application delivery, ultimately causing unpredictable availability and performance and failing to meet acceptable operational and business requirements.
Designing a private cloud with the intention of transitioning to a hybrid architecture can be intimidating. Hybrid architectures may necessitate significant changes to the data center architecture in order to accommodate specific inter-cloud needs and requirements at a later date. These requirements include secure interconnectivity between the private and public cloud environments, and forethought about how processes will span environments and what infrastructure components will need to be replicated in the public cloud portion of a hybrid model.
The BIG-IP system supports inter-cloud bridging via its iSession capabilities. iSession provides a secure and accelerated tunnel between private and public cloud environments. Combined with support for network overlay technology such as EtherIP, the BIG-IP system ensures network connectivity and IP routing that treats the public cloud components as an extension of an organization's private cloud. Adding the WAN optimization functionality of BIG-IP WAN Optimization Manager (WOM) optimizes traffic flowing between securely connected sites. Achieving optimal performance enables organizations to perform live migration of virtual machines and maintain performance levels required by business stakeholders.
In addition to supporting network-layer integration of cloud computing environments, F5 solutions can broker application layer services required to integrate Software as a Service (SaaS) and cloud-deployed applications. Integration at the service layer enables single sign-on (SSO) in hybrid environments by consolidating authentication and authorization inside the data center where the BIG-IP system can efficiently control identity and access management.
By treating components and applications deployed in the public cloud as though they were local components, the BIG-IP system can continue to integrate resources and manage applications consistently across environments.
Whether as part of a private or hybrid cloud implementation, maintaining consistency in operational processes is critical to realizing the benefits of cloud-based models. When operations is required to manage local resources via one methodology and cloud-deployed resources use another, processes and policies become disjointed and out of sync. These kinds of inconsistencies increase the cost of managing the implementation and operational risk.
Performance, security, and availability may be compromised by inconsistent or overlooked policies. Monitoring and visibility can be impaired by a lack of functionality in cloud environments or by an operator's failure to configure such capabilities during the deployment process. While it's more likely in an inter- cloud environment, the multi-tenant nature of private cloud encourages silos of application deployments that may suffer the same operational inconsistencies.
Such missteps jeopardize the realization of benefits of a private or hybrid cloud initiative as well as the success of its deployment.
The BIG-IP system addresses this challenge with a combination of technologies. First, BIG-IP virtual editions are available for deployment in a variety of hypervisors, so organizations can duplicate critical infrastructure whether for business unit, department, or public cloud deployment. With F5 Device Service Clusters (DSCs), the BIG-IP system can share and synchronize policies that govern application security, performance, and availability, ensuring consistent management of operational risk.
Finally, F5 BIG-IP solutions share a common operational interface and management model regardless of form factor or location. This ensures that all F5 services, including acceleration, access control, security, and availability, can be managed consistently across and within cloud computing environments.
Using the F5 vCMP for our private cloud, we are finally able to separate the management planes of different customers without proliferating physical appliances.
Engineer, Global 500 Industrial Manufacturing Company
Watch this F5 video to learn more about Virtual Clustered Multiprocessing (vCMP).
Virtualized infrastructure, by its nature, makes less agile network dependencies problematic. Traditional data center network designs rely heavily on integration changes between virtualized network elements, like VMware vSwitches, and traditional infrastructure deployments to work properly. The management policies of the physical infrastructure can hardly keep pace with the rate of change in the virtualized infrastructure. In fact, even if the physical infrastructure had mechanisms for change notifications in the virtualized infrastructure, it would still be ill-suited to do anything about it.
To address this disparity between the rate of change possible with virtualized network elements and the rest of the infrastructure, the network must become service-enabled. There are solutions in various areas of the network that provide service enablement, but other areas remain without APIs or service-enabled control planes. This leaves whole areas of existing networks blind to changes, making it impossible to use them to control network- and security-related policies. Alternatively, network operators are facing complete redesigns with unknown protocols or expensive upgrades to keep the current players in the game.
As virtualization has become the norm in server infrastructure, its benefits and the challenges it was designed to meet—elasticity and portability—have shifted their focus to the network.
Many organizations, having experienced success and realized multiple benefits from their server virtualization initiatives, have begun to examine the virtualization of the network. Such a transition is logical, but fraught with challenges unlike those experienced during the server virtualization phase.
Most serious amongst these challenges is the impact of moving from primarily static to dynamic network architectures. Failure to recognize that moving from static to dynamic, from physical to virtual, requires the same functional components—the same services—as the physical world can lead to failure of the whole initiative. Firewall, load balancing, and security services are still required as part of the overall network architecture. The network must still exist—and perform—once it is virtualized.
The solution to this challenge lies with existing solutions for managing dynamism in the server infrastructure. The ability to manage virtualized network services and benefit from increased elasticity and resource utilization requires the same layer of abstraction that provides the strategic control for virtualized application services: an application delivery tier.
An application delivery tier is responsible for virtualizing the network service and enabling the elasticity, flexibility, and lower costs sought by those whose goal for private cloud is virtualization of the network.
The BIG-IP platform is designed for scalability of services. With its ability to support any IP-based architecture, it can provide a layer of abstraction for virtually any service, network, or application. By abstracting network and application infrastructure services through the BIG-IP platform, organizations can virtualize network services without sacrificing the scalability and performance of their hardware counterparts.
One of the advantages of using public cloud computing is that the abstraction of the network infrastructure has already been achieved, and thus challenges with network preparation for cloud computing have already been addressed. As organizations move forward in their own private cloud initiatives, they will invariably run head-on into the same or similar challenges, regardless of their reason for building their own cloud computing environment.
While those goals may vary from organization to organization or even over time, there are common network-related challenges. Understanding these challenges— and their solutions—will enable organizations to chart a less perilous path toward successful implementation. In particular, the readiness of the network in terms of service-enablement, integration, and automation are paramount to architecting a flexible but reliable foundation upon which cloud models can be based.
F5 solutions are uniquely suited to enabling successful private cloud implementations by helping organizations meet the network-related challenges they will encounter along the way. Whether these challenges lie in the infrastructure and systems integrations required to implement a private cloud, or in the need for consistent, repeatable application deployments, F5 BIG-IP solutions and technologies provide the foundation for a flexible, elastic application delivery tier for both private and hybrid cloud architectures.
1 Fulton, Scott M. Survey: Companies Adopt the Cloud to Use Tablets, End Up Saving Less. www.readwriteweb.com; December 5, 2011.
2 Powell, James E. Enterprise Cloud Use, Plans Revealed in New Survey. www.esj.com; May 26, 2011.
3 100 Best Cloud and Data Stats of 2011...So Far
4 100 Best Cloud and Data Stats of 2011...So Far
5 100 Best Cloud and Data Stats of 2011...So Far
6 Cloud barriers: a failure of technology or communication? www.infosecurity-magazine.com; February 17, 2012.