Update on the Cloud Demonstration Project

Update  on  the  Cloud  Demonstration  

Project  

Khalil  Yazdi  and  Steven  Wallace  

Spring  Member  Meeting  

BACKGROUND  

2  –  5/27/11  

• 

Project  Par4cipants  

Eleven  Universi1es:  Caltech,  Carnegie  Mellon,  George  Mason,  Indiana  University,   Penn  State,  Stanford  University,  UC  Berkeley,  University  of  Michigan,  University  of   Utah,  University  of  Virginia,  University  of  Wisconsin  

• 

Objec4ve  

A  technical  and  business  model  for  the  provisioning  of  mul1-­‐vendor  cloud  services   leveraging  the  Internet2  Network  and  InCommon  Federated  Authen1ca1on  and   encouraging  of  an  interoperable  marketplace  for  services  where  individual  

ins1tu1ons  might  procure  services  from  a  wide  range  of  cloud  services  providers.    

• 

Ini4al  Outreach  

Solicita1on  in  the  Fall  of  2010  was  sent  to  over  40  vendors  (primarily  Internet2   corporate  members)

Mo4va4on  

• 

Capacity  on  Demand  

 Commercial  cloud  infrastructure  services  a  major  step  toward  a  cost-­‐effec1ve,  u1lity   compu1ng  resources  on  demand  much  like  the  electrical  power  grid  

• 

Large-­‐scale  adop4on  hampered  by  price,  performance  and  portability  

•  Can  we  leverage  Internet2  resources,  ability  to  aggregate  demand  to  lower  costs?   •  Can  we  work  with  vendors  to  meet  performance,  usability  and  security  requirements?   •  Can  we  work  collabora1vely  to  develop  sustainable  solu1ons  that  support  the  migra1on  

of  mission-­‐cri1cal  services  to  the  cloud?  

• 

Approach:    

•  Establish  partnerships  with  those  interested  in  a  developing  a  mul1-­‐vendor  cloud   •  Explore  alterna1ve  specifica1ons,  interoperability  requirements,  user  and  program  

interfaces,  service  level  defini1ons,  business  services  and  pricing  models  

Objec4ves  

• 

To  be]er  understand  the  management  challenges  for  both  service  providers  

and  ins1tu1onal  users  

• 

Address  known  challenges  and  hopefully  lead  to  the  iden1fica1on  of  new  

challenges    

• 

The  scope  of  known  issues  includes:    

1)

 Integra1on  of  ins1tu1onal  “private”  clouds  to  mul1ple  cloud    

 services  providers;      

2)

 Management  of  security,  privacy,  data  replica1on  and  protec1on;    

3)  

 Systems  monitoring  and  audi1ng  requirements  under  mul1-­‐tenancy  

 and  with  mul1ple  vendors  and  services  loca1ons;    

4)  

 Business  con1nuity  exposure  and  mi1ga1on  challenges;    

5)  

 Service-­‐level-­‐agreements  to  ensure  the  portability  of  services;  and    

6)  

 Technical  specifica1ons,  requirements  and  recommended  technical  

 architectures.    

Opportuni4es  

5  –  5/27/11  

• 

_{High  level  of  interest}  

• 

_{Many  ins1tu1ons  interested}  

• 

_{Many  providers  interested}  

• 

_{Many  ways  to  connect  and  provision  services}  

• 

Broad  Scope  of  Interest  

• 

Infrastructure  (with  HPC  as  a  special  case)  

• 

Pla[orm  

• 

Applica1ons  

• 

And  where  do  you  put  VOIP,  Virtual  Desktop,  

Virtual  Compu1ng  Labs,  Drop-­‐boxes  and  content  

repositories,  large-­‐scale  archiving,  etc…  

LESSONS  LEARNED  

6  –  5/27/11  

What  we  learned  about  Cloud  Services  

• 

Cloud  standards  will  remain  proprietary  for  some  1me  to  come  

•  Focus  should  be  on  interoperability   •  Over  40  different  standards  groups  

•  NIST  is  working  on  describing  use  cases  that  test  func1onality  and   abstract  from  “standards”  per-­‐se  

• 

Provisioning  to  IaaS  requirements    

•  Depends  cri1cally  on  PaaS  and  SaaS  offerings   •  Can  only  be  coarsely  tuned  at  this  point  

• 

EVERYONE  wants  some  form  of  cloud  services  yesterday  

•  NO  ONE  is  sure  how  to  get  there  –  but  everyone  is  trying  something   •  Not  something  we  can  figure  out  on  paper  

•  Broad  agreement  that  we  need  to  figure  it  out  in  prac3ce  

LESSONS  LEARNED  

7  –  5/27/11  

What  we  learned  about  Cloud  Providers  

• 

Lots  of  interest,  many  flavors  

•  Each  vendor  has  approached  the  cloud  from  a  slightly  different  perspec1ve   •  There  are  many  “public  cloud”  providers  and  “private  cloud”  builders  

• 

“Community  cloud”  is  easily  said  and  widely  accepted,  but…  

•  No  one  has  a  business  and  provisioning  model  to  support  a  mul1-­‐ enterprise,  mul1-­‐vendor  cloud  

•  More  like  building  a  marketplace  for  cloud  than  a  point  solu1on   •  Lots  and  lots  of  challenging  ques1ons  

• 

Infrastructure-­‐as-­‐a-­‐Service  is  an  important  star1ng  point,  but  

•  Understanding  future  growth  depends  on  emerging  needs  for  PaaS  and   SaaS  offerings  

• 

We  will  get  “there”  in  fits  and  starts  

•  Faster  than  we  expected  for  some  things   •  Slower  than  expected  for  others  

Models  that  have  Emerged  

8  –  5/27/11  

• 

Leveraging  the  Internet2  Network,  federated  authen1ca1on  

• 

Four  poten1al  roles  for  Internet2  

• 

Contract  Intermedia1on  (master  contracts)  

• 

Demand  aggrega1on  (pre-­‐commitments  to  volume)  

• 

Value-­‐added  reseller  (provisioning    and  procurement  services)  

• 

Direct  services  provider  (provisioning  services)  

• 

Roles  are  not  mutually  exclusive  

• 

Cloud  providers  are  not  the  same  

• 

Tend  toward  different  types  of  partnerships  with  Internet2  

• 

For  some  corporate  partners,  role  is  in  op1mizing  network  

The  Internet2  Value  Proposi4on  

9  –  5/27/11  

Access  to  cloud  services  through  a  trusted   network  managed  to  community  requirements   Use  of  the  Internet2  R&E  network  and  using  

InCommon  –  lowering  costs  of  transport,   controlling  costs  of  data  transfers  

Accessing  cloud  services  through  the  Internet2  Network  provides  value:  

1)  Unparalleled  performance  

2)  Can  be  op1mized  to  support  diverse  use  cases  

3)  Can  be  op1mized  to  maximize  security  and  data  privacy  in  transit   4)  Uniquely  supports  collabora1ons  world-­‐wide  

U4lizing  InCommon  authen4ca4on  to  access  cloud  services  provides  value:  

1)  Uniquely  recognizes  individuals  without  loss  of  ins1tu1onal  affilia1on   2)  Allows  greater  individual  autonomy  to  access  services  

3)  Allows  the  provisioning  and  licensing  of  services  directly  to  individuals  while  respec1ng  ins1tu1onal   obliga1ons  rela1ve  to  that  use  

4)  Provides  a  market  mechanism  that  support  the  authorized  use  of  services  without  requiring  direct   ins1tu1onal  involvement  in  services  acquisi1on  

10  –  5/27/11  

Access  to  cloud  services  via  a  trusted  

network  to  community  requirements   transport,  controlling  costs  of  data  transfers  Use  of  the  network,  lowering  costs  of   Internet2  master  agreement,  universi1es  &  

users  purchase  from  vendor  directly   lower  prices  based  on  pre-­‐commitments  to  

volume  on  behalf  of  the  membership   Internet2  contract  holder  with  vendor  (as  

reseller),  intermediates  transac1ons  

Internet2  partners  with  vendors  to  support   Internet2  branded  services,  both  technical   and  business  services  provisioning  and  end-­‐

user  support   Access  to  defined  services  without  need  

for  addi1onal  contrac1ng  

Lowering  costs  of  storage  and  compute   through  volume  discounts  

Transparent  access  to  defined  services  

Services  through  trusted  en1ty   accountable  for  maintenance  and   enhancement  of  services,  support  for  

pla[orm  and  applica1on  services  

Delivering  Capacity-­‐on-­‐Demand  

Leverage  network  and   federated  

authen1ca1on   Contract   intermedia1on   Demand  aggrega1on  

Value-­‐added  resale  of   services  

Direct  provisioning  of   services  

Value-­‐added  

Opportunity  and  Challenges  

11  –  5/27/11  

Willingness  to  connect  services  to  the   network,  to  using  InCommon  and   working  to  lower  or  eliminate  data  

transfer  charges  

Costs  associated  with  establishing   connec1ons,  some  fixed,  some  variable  

-­‐-­‐  data  transfer  charges  are  shiped  to   connec1on  based  costs  

Single  contrac1ng  agent  lowers  costs     (opportunity  to  discount  services)  

Par1cipa1on  agreements  may  need   modifica1on.  Overhead  for  contract  

management   30%-­‐60%  discoun1ng  possible  with  

pre-­‐commitment  to  IaaS  services   expected  demand  levels  difficult  Obtaining  reliable  es1mates  of   Single  billing  lowers  costs  (opportunity  

to  discount  services)   Internet2  incurs  overhead  costs  Requires  pre-­‐commitment  and   “White  labeled”  services,  business  

opera1ons  and  user  support.   Opportunity  to  shape  offerings,  other  

valued  services  and  support  for  R&E  

Requires  pre-­‐commitment  to  volumes,   con1nuing  engagement  on  services  and  

Internet2  incurs  overhead  costs  

Use  of   Internet2   Network  and   InCommon   Federa1on   Contract   intermedia1on   Demand   aggrega1on   Value-­‐added   resale  of   services   Direct   provisioning  of   services   Interest?   Challenges   Value-­‐added   Yes   Yes   Yes   Yes   Yes   Opportunity  

Technical  Challenges  

12  –  5/27/11  

• 

Op1ons  for  providing  connec1vity    

•  Alterna1ve  models  for  extending  university  DC  networks  to  a  remote  cloud   •  Need  to  ensure  mul1ple  paths  to  services  

•  Use  cases  will  drive  the  decision  on  connec1on  paths  

• 

Interoperable  and  integrated  clouds  

•  Transparent  extension  of  campus  cloud  services  to  an  external  cloud  

Extending  university  VMware  environments  to  include  community  cloud  services  

•  Replica1ng/extending  local  policies  (e.g.,  security,  privacy,  compliance)  

•  Extending  local  iden1ty  management  –  understanding  the  roles  of  Shibboleth/ InCommon  in  suppor1ng  ubiquitous  authen1ca1on  

• 

Other  challenges  

•  Data  storage,  protec1on  and  availability  requirements   •  How  ready  are  we  for    

‘True’  HPC  in  the  cloud?    

Moving  Forward  

13  –  5/27/11  

• 

_{Phases  and  Timelines}  

Ques4ons?  

THANK  YOU