Cloud Computing in Action - for Better Service and Better Life

(1)

1 The University of Hong Kong

Information Technology Services

Cloud Computing in Action -

for Better Service and Better Life

Dr. P. T. Ho

Deputy Director, Computer Centre

The University of Hong Kong Information Technology Services

(2)

Agenda

(I) Context (HKU Computer Centre)

(II) Strategy and Developments

(III) Deployment

(IV) Foreseen and Unexpected issues

(3)

HKU Computer Centre

HKU - founded 1911, 10 Faculties,~25000 students

Computer Centre (ITS) - established in 1969

Provides wide varieties of

Central IT Services

to

support the University community in

learning

,

teaching

,

research

and

administration

:

Email, network, web & information services, IT security

Learning Management System, learning environment, …

Research support – HPC, Grid, Bioinformatics

Administrative applications – HR, Student Information,

Finance, …

(4)

(I) Strategy & Developments

Cloud Strategy at HKU:

Consolidation of disjointed IT resources

Opportunities for

cost/resource reduction

Alignment with

technology

trends &

standards

Balancing

benefits and risks

Towards

on-demand IT resources

(5)

(II) Deployment Status at HKU

Past/Current Developments

Server and Storage Virtualization

Cloud Infrastructure in Service

Phase Deployment at HKU

Charging-basis VM Subscription

Service Out-sourcing

From Grid to Cloud for Research Computing

Support

(6)

(II) Deployment: Virtualization

Virtualization started in 2008:

Consolidate physical servers to

virtual servers & adopt storage

virtualization for efficient disk

capacity management

Current situation of VM consolidation:

> 400 virtual servers on 38 physical machines

364 physical servers saved as a result.

30TB disk storage saved by “thin-provisioning”.

Substantial electricity power and space saved.

(7)

(II) Current Cloud Infrastructure

A Reliable Linux/Windows/UNIX platform on Cloud Infrastructure

Category Items (by mid-2012)

X86-based

Blade Servers Dell and HP blade servers (of total 36 servers), each has two sockets of Intel 6-core/4-core CPU with 64GB – 128GB RAM

UNIX-based

Servers IBM servers (of total 2 servers), each has a Power7 8-cores CPU and 64GB RAM

Virtualized Storage

HDS, HP and IBM SAN storage systems (total capacity of around 100TB, provisioned around 130TB) managed by IBM SVC storage virtualization

Network Brocade, Dell & HP 10GbE/1GbE network switches Hypervisor

Technology VMWare Vsphere v5.0/v4.1 (x86 platform) IBM PowerVM (Unix platform) Cloud

Management

(8)

(II) Stages of Developments

Deployment to internal major services

Server Virtualization (IaaS, Started in 2008):

Pilot test on some Web Servers, File Servers, Database Servers at the beginning

Then massively deploy VM on most of the core services, including ERP Administrative, E-mail, E-learning systems, etc. All the new projects are deployed on VM by default

Storage Virtualization (IaaS, Started in 2009):

Virtualize heterogeneous SAN storages

Good for online data migration across different brands and models of storage appliances

Easy to enable data replication and data

(9)

(II) Stages of Developments

Deployment to departments

Web Server VM (PaaS, Started in 2009):

We offer Linux Web Server VM to replace departmental

website servers (as a

free opt-in

option)

A good solution to isolate system and security incidents of

departmental web servers from other central web services

160+ departmental web server VM are deployed

VM Subscription (IaaS, Started from 2011):

Implemented a Cloud Management System with automatic workflow to provide self-service portal for HKU departments to

subscribe VM with charge

Flexible choices: Windows VM or Linux VM, with pre-configured Small/Medium/Large size VM platform

(10)

(II) VM Subscription from the Cloud

Charging Model (for HKU departments):

We provides x86-based Windows or Linux VM subscription

Two Choices for Windows: Windows 2003 (32-bit) & Windows 2008 (64-bit)

Subscription period can be 6-month or 1-year period

Pre-defined small, medium or large size VM package are offered Additional CPU, RAM and disk can be requested with additional

charging cost

A portion of the involved hardware cost, management software cost and operational cost are included at the VM subscription cost OS License cost are also included

Reference Prices for 64-bit Linux VM 6-month subscription cost: Small (1 x 2GHz vCPU / 2GB RAM / 50GB Disk): HK$2,900

Medium (2 x 2GHz vCPU / 4GB RAM / 100GB Disk): HK$3,900 Large (4 x 2GHz vCPU / 8GB RAM / 200GB Disk): HK$5,900

(11)

(II) VM Subscription from the Cloud

The Automated Cloud Management System Portal:

Self-service portal interface to make new request Multiple Level Approval workflows engine to streamline the administrative work

(12)

(II) Outsourced Service in Public Cloud

E-mail Out-Sourcing (SaaS):

Starting from early 2012, the new Alumni and new Student

E-mail are already out-sourced to Google Gmail

Will continue the feasibility study to out-source HKU staff

E-mail to either Google GE-mail or Microsoft Office 365

Data Centre Out-Sourcing (private cloud held in public

service):

Starting from 2011, part of the ITS hardware equipment are

relocated to the outsourced Data Centre Server Room provide by external ISP Company

It is located outside the HKU Campus, it serves part of the disaster recovery service.

(13)

(II) Research Computing Moving to Cloud

A trend to shift from Grid Computing to Cloud Computing in

Research Computing

Grid Computing: You adapt your application to the infrastructure Cloud Computing: You adapt the infrastructure to your application

- Quoted from Philip Papadopoulos UCSD

PRAGMA

– Pacific Rim Applications and Grid Middleware

Assembly: an International Research Computing

Collaboration Community and Pioneer of Grid/Cloud

Computing in Scientific Computing areas

HKU is one of PRAGMA Member Institute since 2009

(14)

(15)

(II) Research Computing Moving to Cloud

(16)

(II) Moving Research Computing to Cloud

Develop GeoGrid Execution Pools across PRAGMA sites

Deploy Scientific VMs across resources in the PRAGMA cloud,

but Networking is difficult and Data is vitally important

(17)

(II) Research Computing Moving to Cloud

HKU Department of Computer Science (CS) research project

- a P2P Cloud enable

live VM migration over WAN

Wide-Area Network Virtualization Technique for Virtual

Private Cloud (

WavNet

): Dr. CL Wang et al.

(18)

(II) Research Computing Moving to Cloud

Experiments of WavNet on VM live migration at Pacific Rim by Dr. CL Wang Et al.

北京高能物理所

IHEP, Beijing

深圳先进院 (SIAT)

香港大学 (HKU)

中央研究院

(Sinica, Taiwan)

静宜大学

(Providence University)

SDSC, San Diego

日本产业技术综合研究所

(19)

(II) Research Computing Moving to Cloud

BetterLife 2.0: Personalized recommendation service on Cloud by Dr. CL Wang et al.

Send user ID, barcode, and GPS location, timestamp

Locations of convenient stores in Hong Kong based on social closeness of 103 users using Elgg Social Networking Engine.

(20)

(II) Continuing Development

Enhancement of HKU Cloud Infrastructure:

Expand the Cloud Server/Storage Infrastructures from existing HKU main campus RRS building Server Room to the New Centennial Campus Server Room

Target to form an Active-Active DataCentre across 2 sites

Greatly improve the service reliability with

online VM migration across two separated active sites

Enhancement of Cloud Management System:

Provide automated Software-as-a-Service workflow

Provide automated Generic Request Services (such as Rack Space rental service, Sharepoint Site Collection rental service)

(21)

(II) Continuing Development

New Cloud Services

Cloud Printing: Print-at-anywhere solution from desktop PC,

notebook, and mobile tablet/phone devices

VDI: Pilot deploy Virtual Desktop Infrastructure (VDI) to the

existing communal PC laboratories. Deliver both the persistent and sharing virtual desktops to University communities

Explore user-friendly Cloud Storage for HKU communities, target for cross platform solution for data synchronization and backup More development and support of Mobile Device Applications

(22)

(III) Foreseen and Unexpected issues

(of the private cloud services at HKU)

Foreseen Issues: Security issues

Pros:

i. The prepared PAAS VM templates are already configured with OS hardening procedures and host-based firewall

policies, our clients pay less effort to apply OS basic security measures.

ii. Isolated VM reduce the impact of infected system to each others.

(23)

(III) Foreseen and Unexpected issues

Foreseen Issues: Security issues

Cons:

i. Some clients may not have sufficient skills to maintain pre-configured security policies

ii. Some subscribed VMs may become the targets for external professional hackers

iii. In case of DDoS attack on specific VM, it may cause

excessive network bandwidth that may affect other VMs iv. Some clients may hire software house to develop web

applications on the subscribed VM. The self-developed applications, webpages or databases by clients may have security holes or issues.

(24)

(III) Foreseen and Unexpected issues

Foreseen Issues: Monitoring & Utilization

Pros:

i. We can capture the system utilization at VM level to monitor for any over-utilize or under-utilize situations. ii. Strictly enforce charging scheme to prevent the

under-utilize and over-subscription situation.

Cons:

i. Client may not like their data and applications are being monitored

(25)

(III) Foreseen and Unexpected issues

Unexpected Issues: Resources Management

Pros: Flexible to scale-up IT resources rapidly under unexpected loading or at urgent situation

Cons:

i. Client seldom do capacity planning or sizing

ii. Client seldom do stress test before service production iii. Clients wants paying less and doing much more than the

capacity subscribed (reality vs expectation)

iv. Some subscribed VM may be involved in unexpected incidents without prior notice. We may spend extra administrative efforts on follow-up issues.

(26)

(III) Foreseen and Unexpected issues

Unexpected Issues: Others

How to handle data restore request from client about the backup version of several months or years ago?

How to charge for the data restore request?

Any compensation to client in case of service outage such as server outage? Network outage? Or data leakage? Or other possible lost?

How to compensate the client? Money? Service time? Others? Cloud Service Provider have to define them at Terms and

Condition, Policies and Service Level Agreement (SLA) documents carefully

(27)

(IV) Vision to become Computing Utility

Resource capacity & Scalability to match loading

demand

Small pool => Slow to scale up but smaller wastage

Large pool => Quick to scale up but bigger wastage

Can it be scale-up and maintain QoS at all levels?

Hardware: CPU, RAM, Disk Capacity, Network Bandwidth, Load Sharing, Security, etc.

Software: Databases, Licenses, Application Servers & Logic, Data Integrity, Workflow

Backup/Recovery: Backup Capacity, Backup Window, Recovery time

(28)

(IV) Vision to become Computing Utility

Standardization

Moving toward

Standardization

for interoperability

and dynamic consumption of computing resource

Private Cloud can easily ‘adapt’ to Public Cloud Service

Provider with standards to subscribe IT resources

Many players in Cloud Standards: (a long way to go)

The Institute of Electrical and Electronics Engineers (IEEE) Distributed Management Task Force (DMTF)