Shared Services Canada. Cloud Computing

(1)

1

Shared Services Canada

Cloud Computing

Architecture Framework Advisory Committee

(2)

2

Agenda

TIME

TOPICS

PRESENTER(S)

09:00 – 9:15 Opening Remarks and Objectives December 17th_{Meeting Review}

B. Long, Chair W. Daley, Vice-Chair 09:15 – 09:25 From Cloud Framework to Cloud Service P. Littlefield 09:25 – 09:35 Cloud Use Cases for Discussion P. Littlefield 09:35 – 10:15 Breakout Group Discussions All

10:15 – 10:30 Health Break

10:30 –11:00 Report from Group Leads Group Leads 11:00 – 11:30 Cloud Platforms for Discussion P. Littlefield

(3)

3

Cloud Computing: Defining SSC’s Role

Internal Private Cloud and External Cloud services should be defined

by the same service architecture?

• SSC could be the

Cloud Broker and

could also be a Cloud

Provider

• Some private cloud

services could be

provided by SSC

• This would be the

“Community Cloud”

• The Cloud Broker

would ensure

multi-vendor management

SaaS PaaS IaaS SaaS PaaS IaaS

Resource Abstraction and Control Layer Physical Resource Layer

Hardware Facility Cloud Service Management Service Layer Business Support Provisioning / Configuration Portability /Interoperability Cloud Provider Cloud Broker Service Intermediation Service Aggregation Service Arbitrage Security Audit Cloud Auditor Privacy Impact Audit Performance Audit Cloud Consumer Cloud Carrier

Cross Cutting Concerns: Security, Privacy, etc.

(4)

4

(5)

5

(6)

6

(7)

7

(8)

8

Cloud Deployment Models

Cloud

Deployment

Model

GC Dedicated

Physical

Infrastructure

GC Controlled

and Dedicated DC

Facility

Vendor Controlled

and Shared DC

Facility

GC Private Cloud

On-Premise

Yes

n/a

GC Private Cloud

Off-Premise

Yes

No

Yes

GC Virtual Private

Cloud

No

(virtual dedicated only)

No

Yes

(9)

9

Challenges Revisited – Requirements

• Connecting resources across clouds and vendor premises

• Managing identity, federation, and access control

• Appropriate segregation of data in a multi-tenancy

environment

• Extending on-premises security and operations management

practices to the cloud

• Government of Canada as one tenant

• Latency and other performance-related considerations

• Network capacity and capability

1. How should SSC address these challenges?

2. What architectural artefacts and supports are required to support SSC

leveraging cloud services going forward?

(10)

10

Use Case Scenarios

Recapitulation of your feedback from December 17:

• Don’t do too much all at once

• Keep it simple

• Crawl, walk, run

• Start with a couple of simple “Use Cases”

Three use cases for infrastructure as a service (IaaS)

• # 1 Simple File-based Storage

• # 2 Table/Block-based Storage

• # 3 Linux/Windows Computing as a Service

• Discussion on Attributes / Definitions / Feasibility /

(11)

11

Use Case # 1 – File Based Storage

Description

• File-based storage

• 20GB of new data per day

• Scale to 200GB per day of

new data

• Graduated price: price /

volume

• Monthly service uptime:

99.99 (measured monthly)

• Annual uptime: 99.99 (52.56

minutes per year)

• Uptime Credits:

• 99.99 – 99.9 - 5% • 99.9 – 99.95 - 10% • 99.94 – 99.0 - 25% • Less than 99.0 - 40%

• Three-year contract – month

to month commitment

• Data must be resident In

Canada

• Data must be inside the SSC

Operational Zone (OZ)

Service Levels

• Tier 1 Primary Storage:

• 0-29 days old

• Access latency: 100ms

• Recovery Point Objective: 4 Hours • Recovery Time Objective: 8 Hours

• Provisioning Time for 1PB – Less than 60 Minutes

• Tier 2 Secondary Storage:

• 30-89 days old

• Security: Must be within the SSC Operational Zone (OZ) • Data Residency: Data must stay in Canada

• Provisioning Time: 1PB – less than 120 minutes

• Archive Storage

• Day 90 or older: Archive or Tier 3 Storage • Access latency: 5 minutes

• Data Residency: Data must stay in Canada

(12)

12

Use Case # 2 – Table/Block Storage

Description

• 20GB of new data per day

• Scale to 200GB per day of new

data

• Graduated price: price / volume

• Monthly service uptime: 99.99

• Annual uptime: 99.99 (52.56

minutes per year)

• Uptime Credits:

• 99.99 – 99.9 - 5% • 99.9 – 99.95 - 10% • 99.94 – 99.0 - 25% • Less than 99.0 - 40%

• Three year contract – month to

month commitment

• Data must be resident In

Canada

• Data must be inside the SSC

Operational Zone (OZ)

• Three year contract with month

to month commitment

• Pay only for volume used

Service Levels

• Tier 1 Primary Storage:

• 0-29 days old

• Security: Must be within the SSC Operational Zone • Data residency: Must stay in Canada

• Provisioning Time: less than 60 minutes

• Tier 2 Secondary Storage:

• 30-89 days old

• Security: Must be within the SSC Operational Zone (OZ) • Data Residency: Data must stay in Canada

• Provisioning Time: Less than 60 minutes

• Archive Storage

• Day 90 or older: Archive or Tier 3 Storage • Access latency: 5 minutes

• Data Residency: Data must stay in Canada

(13)

13

Use Case # 3 – Wintel/Lintel IaaS

Description

• Service must provide virtual machine, storage,

network and additional features such as firewall and

security

• Must be able to provision in less than one (1) hour

• Include operating systems software:

• Windows / Linux OS • All versions N-1 and N-2

• Optional ordering in the following increments

• Small – 1 VCU, 2 VMU,100GB Storage (including OS) • Medium – 2 VCU, 4VMU, 200GB Storage (including

OS)

• Large – 4 VCU, 8 VMU, 600GB Storage (including OS)

• Incremental computing, memory and storage units

• VCU = Virtual Compute Unit = equivalent to 1.0 GHz single-core Xeon processing

• VMU = Virtual Memory Unit = 4GB RAM Memory • VSU = Virtual Storage Unit = 10GB storage

• Dynamic re-allocation of running virtual machines

from one physical server to another with no impact

to end users

Service Levels

• Security:

• Supports a security profile of Protected B with Medium Integrity and Medium Availability – in a multi-tenant environment

• Basic Service Levels:

• Hours of Service – 24 x 7

• Availability Target – 99.9% up-time measured monthly

• Service Desk – 24 x 7 • Technical Support – 12 x 7

standard, 24 x 7 optional

• Service Delivery – On-demand • Provisioning time: Less than 60

minutes

• Real-time failover as an optional • Capacity upgrades – both

computing and storage available on-demand on a 24 x 7 basis without operator intervention • Business continuity and DR

(14)

14

Use Cases: Breakout Questions

1. Is this a relevant Use Case?

1a) If so – Why?

1b) If not – Why not?

2. Can we comply with the NIST Cloud standard definition

and meet these service levels?

2a) If so – How?

(15)

15

Data Centre Platform Technologies –

Options

Selection Criteria

• Performance

• Security

• Reliability/Availability

• Skills availability

• Ecosystem support

• Market trend

• Application support

• Interoperability

• GC current state

• Open standards

compliance

Technology Landscape

Application Framework Open

Source .Net J2EE COTS Platform as a Service Target Services • Web Hosting • Application Hosting • Enterprise Resource Planning • Document Mgmt. • Collaboration

• Virtual Desktop Infra. • File Services • DB/Data Warehouse Web/Application Apache/ PHP IIS/ASP Java Web/App Server JDBC/ODBC/Native

Database MySQL MS SQL Oracle DB2

Infrastructure as a Service • Utility Computing

OS

Container Linux Windows UNIX z/OS

Virtualization

Hardware

(16)

16

x86 RISC System z

Linux Windows UNIX z/OS Virtualization MySQL MS SQL Oracle DB2 JDBC/ODBC/Native Apache/ PHP Java Web/App Server IIS/ASP Open

Source .Net J2EE COTS

Infrastructure as a Service Platform as a Service Database OS Container Hardware Web/Application Application Framework • Utility Computing Target Services • Web Hosting • Application Hosting • Enterprise Resource Planning • Document Mgmt. • Collaboration