Out of Control Clouds.How to take back control and successfully ride your cloud into the sunset Matthew Finnie CTO, Interoute

Out of Control

Clouds….How to

take back control

and successfully

ride your cloud into

the sunset

Matthew Finnie CTO,

Interoute

Interoute’s Platform as a Service (PaaS) is accessible globally

With a dense European fibre footprint, cable stations and OLO interconnects, we support

customers in 90+ countries

Diverse Customers across Compute, Connectivity and Communications

From the Ground to the Cloud

The key principle

•

Interoute’s Ground to Cloud

principle allows customers to

start at any point on a service

continuum and either move to

an asset ownership or managed

infrastructure model without

sacrificing control

Duct – Fibre and Colocation

Optical Private Network &

Colocation

Channel VPN & Colocation

Channel VPN & Virtual Colo (VDC)

CloudStore & VDC

CLOUD

In Western Europe, cloud data center traffic

• 64% of total datacenter traffic by 2016, compared to 39% in 2011.

• 964 Exabytes per year in 2016, up from 156 Exabytes per year (13 Exabytes per month) in 2011.

• consumer will be 85% of cloud data center

We love the cloud. We hate the cloud.

Smartphones and tablets are driving growth

• Fixed networks are expected to grow 50% per annum over the next 3 years

• Mobile networks will double year on year over the same period

• There is a direct corresponding growth in data transfer from 9660 PB per month now to an estimated 116,000 PB per month by 2015

Enterprise IT spending will be flat

• 54% will spend on some form of public cloud

• 2014 only 53% of server shipments will be to in house data centres

The channel is a tale of those who embrace and those who don’t

•Hang onto familiar discounts, working practices and die

•Change and revenues grow at 2.5 times or those who don’t

•60% of the current channel will not be in 5 years.

Much of the wisdom being passed on is based on a very narrow

assessment of the way services can be built

• Security and predictability

– ‘takes a lot of engineering to bring private cloud security and reliability to the public cloud’

• Too easy to get locked-in

– ‘The future of cloud computing should be much more focused on separating the data from the service’

• Control

– "You can't go to the public cloud and say I want another 64GB of memory here. They look at you and say ‘buy another instance of this type,”"

• Reliability The cloud is going to fail – “The best way to avoid failure is to

fail constantly”

• Speed

– “It was too slow, so we abandoned it” [compared to my on-premise solution]

Flight to the cloud is based on a need to gain flexibility fast

• Many users have already made the switch

• Only the very bravest of start-ups would entertain something other than the cloud for infrastructure

• The simplicity of access, immediacy of experience means for many they are leaving rigid and constraining nature of their ‘on-premise’ data centre and embracing the cloud on a discrete basis

• Run the risk that an ‘tactical

adoption’ of applications leads to a fragmentation of business process, infrastructure ownership and

operational stability

CRM Office Apps

Security IAAS

Its easy to move from one SILO to another

•

Freedom to choose gives you

mobility avoids lock-in and lets you

dodge “the bad day”

•

Most scalable service providers are

paranoid about freedom and choice

and therefore religiously guard

independence

•

It is the approach the major providers

use – all with an aversion to vendor

lock in and a love of open standards

•

The convenience of some clouds can

lead to the creation of your own

cloud silo

•

Simple to get in hard to out

•

The cloud should be a liberation

giving you new focus, better cost,

performance and flexibility

_Network

Compute and Storage

OS

Application

CLOUD

SILO

So I should hang on until the dust settles and I have clarity?

•

No…. however optimised your platform is

today the cost of maintaining it will be

severely challenged by the next generation

of the cloud

•

Previous evolutions tell us it will change

faster than we anticipate BUT there will be

a long and niche tail. Best start now

•

Waiting simply WIDEN’s The GAP

•

Cloud Computing in isolation isn’t the

solution alone but it should be a

catalyst to rethink your architecture

and infrastructure

Choose your cloud, mix up your cloud?

•

The challenge

becomes one of

trying to

understand the

best path that

suits your

business

•

Often the

confusion leads

to ‘we’re not

ready

statements’

•

You are –

however not

everybody is

ready to ‘serve’

you

Vendor

CLOUDS

_Open

CLOUDS

Consumer

CLOUDS

Network

Network

Computing &

Storage

Computing &

Storage

The open approach – how real can we make it?

Database

Application

Web tier

Infrastructure

protection

Application

Active Directory

Enterprise

Web Presence

• The open approach simply assumes you want to leave your options open and retain as much of your best practice and architectures that you had in the physical world BUT with the

benefits of cloud – on-demand, elasticity, utility billing etc…

• It is the solution that

provides the lowest barrier to entry

• Invariably offers the same benefits as the traditional approaches but with some substantially helpful perks

Thinking it through – the “open

approach”

Primary concern for many is data confidentiality and availability of the

platform

• Confidentiality and integrity preserves the value of the data you are running

• Challenges to data integrity and confidentiality may include:

• Subverted through the infiltration of shared systems, shared LAN subnets, shared management challenges or inadequate separation of environments

• Inadequate or poorly enforced access controls

Confidentiality

& Integrity

_Availability

High

• High Availability defines the utility value of the system

• Challenges to continuous operation may include:

• Operator error, or software error: a lack of

diligence or quality control; E.g. Database upgrade

• Deliberate subversion: the malicious and motivated exploit of vulnerable systems,

• Natural physical events: component age, weather, acts of God, or other uncontrollable inputs,

• Unintended coincident activities: switch failure, patch failure

1999

2003

2007

2011

Pick a platform you can work with

• The internet has driven technology development for the past 20 years

• The network is always assumed the same and dumb

• Gradual migration and integration of services to where the ‘network is the computer’

• MPLS is the ‘gold standard’ for corporate WAN connectivity defining private infrastructure

– “MPLS is now the lynchpin of enterprise WAN connectivity’ (IDC)

• MPLS Enterprise services are delivered over “my own private internet”

– Same speeds, same simplicity…. But secure

• MPLS is fundamentally a virtualised approach that ensures logical separation…sounds familiar

• It is virtual and multi-tenanted which makes it efficient to. use (your own private internet) and exceptionally efficient to manage (better use of asset)

Network

Network

Computing &

Storage

Computing &

Storage

The open approach – how real can the computer be?

• The open approach simply assumes you want to leave your options open and retain as much of your best practice and architectures that you had in the physical world BUT with the benefits of cloud –

on-demand, elasticity, utility billing etc…

• Whether that is building the next Facebook or consolidating your enterprise infrastructure

Database

Application

Web tier

Infrastructure

protection

Application

Active Directory

Enterprise

Web Presence

Networks naturally support hybrids – inexpensively, more flexible and

NOT APPLICATION dependent

• The underlying network relationships is the most economic way to establish commonality across disparate elements

• Networking is the simplest, most economic and proven way to securely scale enterprises

• Most designs are made that much easier with network infrastructure

Common Compute & Storage

VDC

COLO

Common Virtualised Network

MPLS/VPLS

CloudStore

Notes:

VDC = Interoute Virtual Data Centre CloudStore is Interoute’s application marketplace, for use with Interoute Virtual Data Centre

Insert the Computing and Storage capability into the network

• Virtualise the “normally complex network” - SDN etc…..

• The Interoute Virtual Data Centre is directly attached to the MPLS core providing public or private networking natively

• Allow the computing to request networking resources either private or public or both

• The hypervisor VLAN is mapped directly to the MPLS VRF ensuring separation as in “REAL DATA CENTRES”

Multiple locations under strict audited certification provides a

confidentiality and integrity framework

• Interoute Virtual Data Centre spread across multiple geographies

• You choose where you put the data

• You choose where you put your applications

• Network is free between all locations

• Only charge you for what you use in ANY location

• For example,

you could have 5 locations and only will be billed for consumption if you use them LONDO N AMS PARIS BERLIN GENEVA Geneva ISO 27001 PCI DSS ISAE 3402 Zurich ISO 27001 PCI DSS Berlin BSI PCI DSS ISAE 3402 Amsterdam ISO 27001 PCI DSS ISAE 3402 London ISO 27001 PCI DSS ISAE 3402 Paris ISO 7001 PCI DSS Ghent (colo) ISO 27001 Stockholm ISO 27001

Confidentiality and Integrity + High Availability

• Confidentiality and Integrity is preserved through Logical Separation through VLAN to MPLS VRF encapsulation**

• Confidentiality and integrity is preserved by only allowing to exist within the scope of the customer organisation

• Data is at the sole control of the customer organisation

• Separation makes it impossible for traffic from one customer domain to enter another customer domain.

• Prevents data leakage, and it also prevents interference by entities outside of the organisation.

• High Availability is achieved through Multiple locations with integrated network

• Global load balancing across symmetrical latencies

• Network availability achieved through – IS-IS and LDP interior routing

protocols, LACP Ethernet control protocol, BGP exterior routing protocol. **IETF RFC 3031, BGP-based MPLS VPNs, IETF RFC 4364 and Virtual Routing/Forwarding Tables

Confidentiality

& Integrity

High

Availability

You have a resilient, open, secure

platform what about?

Build Solutions using the technologies YOU CHOOSE without

compromise

•

Interoute’s CloudStore has

the essential components

to build your solution

natively

•

You get to choose the

technologies that you

prefer and configure them

independent of constraint

•

You have complete

portability of solution to

move, consolidate or

migrate from physical to

virtual or back again

Not only secure, resilient, private and open but much much… faster*

and more resilient by design – reduces requirement to “learn to fail”

•

Tight integration and

strict allocation of core

backbone to RAM

ensures consistency of

performance and

maximum throughput

•

Direct access to the

core network

eliminates latency

variability (fix fibre

latencies)

•

Close proximity of

zones allows for high

availability low latency

applications

EC2

• Instance: m1.xlarge

• RAM: 16 GB

• CPU: 8 EC2 Compute Units (4

virtual cores, 2 EC2 Compute units each).

• Cost: EUR 280 (approx.)

• Peak GFLOPS: 6.7412

VDC

• CPU: 3CPU

• RAM: 16GB RAM

• Cost: EUR 269 (approx.)

• Peak GFLOPS: 25.7707

Virtual Data Centre

*Testing was carried out to using Intel’s LINPACK. The Intel Optimized LINPACK benchmark is based on the LINPACK 1000 benchmark, and solves a dense (real*8) system of linear equations (Ax=b), it converts the time it takes to factor and solve the system into a performance rate.

Interoute Virtual Data Centre. Redefining the cloud and the network

• From football to space exploration Interoute’s VDC is not only a flexible platform but powerful enough, secure enough and scalable to handle the world’s most demanding applications

• Interoute’s platform is based on real open standards.

Gartner Magic Quadrant for European Managed Hosting. Published: 19 June 2013

Taking back control – Don’t just survive, thrive!

• Avoid Lock in

– Don’t wait for the seas to part and consensus to reign – go with what you know gives you independence, retain the freedom and choice you fought hard to establish – its still early

• Stick with Security You Know

– Secure your data and resources implicitly. Trust what you know - it works

• Reliable

– Simple enough. an SLA should reflect what happens not some form of nano value service credit

– Extend your options for availability by building luxuriating in multiple zones with the same legacy

• Faster

– Your chosen option should be quicker, they (we) are building at scale on infrastructure many times bigger than what you are used to or can practically justify

• Predictable

– Compromising and re-writing everything just to get onto the cloud is ok if you need to but

consistency of performance is a function of resource management go with the most consistent

• Keep control and take back control

– Until you know better always retain the option to have complete oversight and control, trust is best judged with experience

Interoute, Walbrook Building, 195 Marsh Wall, London E14 9SG UK

Telephone: +44 20 7025 9000 Email: [email protected] © Interoute Communications Limited

Find out more

Visit

www.interoute.com/vdc

to find out

more about Interoute’s Cloud services and

sign up for a free 14 day trial of Interoute

virtual Data centre.