CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

(1)

Open Data Center Alliance, Inc.

3855 SW 153^rd Dr.

INFORMATION TECHNOLOGY

ICApp Platform as a Service

(2)

EXECUTIVE OVERVIEW

Based on the Open Data Center Alliance (ODCA) cloud maturity model, Intel IT¹ is on a multiyear path to cloud maturation in order to achieve optimized costs, balanced workloads, and seamless resource sharing among services for greater end-user productivity. A significant part of the vision is offering application platform as a service (PaaS) capabilities in the Intel enterprise private cloud. A PaaS implementation can

accelerate custom application development and promote cloud-aware application design principles. Intel IT’s stated goal for several years has been to make it possible for Intel developers to land applications in less than a day.

Intel IT’s solution, called Intel Cloud App Platform (ICApp), utilizes Cloud Foundry and Iron Foundry open source projects. It is currently deployed for production use on an OpenStack-based infrastructure as a service (IaaS) in multiple Intel data centers.

The Intel IT application deployment process, referred to as path to production, takes more than a day without ICApp. In fact, it can take months if the development team chooses to use a colocation or dedicated hosting model. An IaaS approach generally takes a few days. While the infrastructure itself is less than an hour to provision, developers then need to build their instances and land their application, including security group configuration, OS and middleware, the

application runtime and storage mechanisms, as well as any application templates/packages for rapid deployments. In contrast, developers are able to deploy applications in ICApp with a single push command in a matter of minutes, without provisioning a single server.

This case study provides an overview of ICApp, the solution architecture, and the related ODCA usage models and resources.

1All information in this document describing or related to Intel/Intel IT, and all other references to Intel/Intel IT’s solutions, processes, or decision-making procedures

(3)

NOTICE TO USERS WHO ARE NOT OPEN DATA CENTER ALLIANCE PARTICIPANTS: Non- Alliance Participants are only granted the right to review, and make reference to or cite this document. Any such references or citations to this document must give the Alliance full attribution and must acknowledge the Alliance’s copyright in this document. The proper copyright notice is as follows: “©2015 Open Data Center Alliance, Inc. ALL RIGHTS RESERVED.” Such users are not permitted to revise, alter, modify, make any derivatives of, or otherwise amend this document in any way without the prior express written permission of the Alliance.

NOTICE TO USERS WHO ARE OPEN DATA CENTER ALLIANCE PARTICIPANTS: Use of this document by Alliance Participants is subject to the Alliance’s bylaws and its other policies and procedures.

NOTICE TO USERS GENERALLY: Users of this document should not reference any initial or recommended methodology, metric, requirements, criteria, or other content that may be contained in this document or in any other document distributed by the Alliance (“Initial Models”) in any way that implies the user and/or its products or services are in compliance with, or have undergone any testing or certification to demonstrate compliance with, any of these Initial Models.

The contents of this document are intended for informational purposes only. Any proposals, recommendations or other content contained in this document, including, without limitation, the scope or content of any methodology, metric, requirements, or other criteria disclosed in this document (collectively, “Criteria”), does not constitute an endorsement or recommendation by Alliance of such Criteria and does not mean that the Alliance will in the future develop any certification or compliance or testing programs to verify any future implementation or compliance with any of the Criteria.

LEGAL DISCLAIMER:

THIS DOCUMENT AND THE INFORMATION CONTAINED HEREIN IS PROVIDED ON AN

“AS IS” BASIS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE ALLIANCE (ALONG WITH THE CONTRIBUTORS TO THIS DOCUMENT) HEREBY DISCLAIM ALL REPRESENTATIONS, WARRANTIES AND/OR COVENANTS, EITHER EXPRESS OR IMPLIED, STATUTORY OR AT COMMON LAW, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, VALIDITY, AND/OR NONINFRINGEMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY AND THE ALLIANCE MAKES NO REPRESENTATIONS, WARRANTIES AND/OR COVENANTS AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF, OR RELIANCE ON, ANY INFORMATION SET FORTH IN THIS DOCUMENT, OR AS TO THE ACCURACY OR RELIABILITY OF SUCH INFORMATION.

EXCEPT AS OTHERWISE EXPRESSLY SET FORTH HEREIN, NOTHING CONTAINED IN THIS DOCUMENT SHALL BE DEEMED AS GRANTING YOU ANY KIND OF LICENSE IN THE DOCUMENT, OR ANY OF ITS CONTENTS, EITHER EXPRESSLY OR IMPLIEDLY, OR TO ANY INTELLECTUAL PROPERTY OWNED OR CONTROLLED BY THE ALLIANCE, INCLUDING, WITHOUT LIMITATION, ANY TRADEMARKS OF THE ALLIANCE.

TRADEMARKS: OPEN CENTER DATA ALLIANCE^SM, ODCA^SM, and the OPEN DATA CENTER ALLIANCE logo® are trade names, trademarks, and/or service marks (collectively “Marks”) owned by Open Data Center Alliance, Inc. and all rights are reserved therein. Unauthorized use is strictly prohibited. This document does not grant any user of this document any rights to use any of the ODCA’s Marks. All other service marks, trademarks and trade names reference herein are those of their respective owners.

LEGAL NOTICE

(5)

This document describes Intel’s specific cloud adoption challenges and how they were solved.

SOLUTION SUMMARY OBJECTIVE

Solution focus Increase developer productivity, optimize the use of IT resources, encourage the development of cloud-aware applications, and support Intel IT’s vision of moving to a hybrid cloud model.

Contributors &

companies

Intel Information Technology

Technical problem statement

Intel application developers need to land custom applications in less than a day.

Granular requirements:

1. Abstract the infrastructure for developers.

2. Deliver a highly optimized platform that provides a faster and easier way to build, test, deploy, and scale applications.

3. Maximize utilization of open standards to develop an agile and cost-effective environment (i.e., Cloud Foundry, BOSH, Iron Foundry).

4. Enforce Intel security and compliance requirements at the platform layer to enable security by default.

5. Automate the application lifecycle and remove the complexity of configuring, deploying, and maintaining applications.

Priority of topic with regard to Intel cloud adoption

Medium—We view platform services as the way most custom applications will be deployed in the Intel IT cloud in the future.

Current ODCA material addressing this topic

• Cloud Maturity Model

• PaaS Interop Usage Model

• Architecting Cloud-Aware Applications

(6)

ICApp is an application PaaS, which enables fast hosting of applications in the Intel enterprise private cloud.

Figure 1 shows how ICApp is positioned conceptually within the Intel IT cloud alongside the database as a service (DBaaS) capability, and how both of these

solutions are tenants of IaaS.

In order to use ICApp for the first time, Intel employees must first register and be approved for access. This is accomplished using an enterprise access management (EAM) capability that Intel IT uses for all entitlements. Through EAM, employees review a short training guide that outlines their responsibilities for using self-service to land applications. This includes the governance process as well as reminders about security and Intel brand identity. This is especially important for applications that are landed in a network zone where they will be exposed on the Internet. After reviewing the training guide and getting approval from their manager, users are able to log in to a platform instance using their enterprise credentials. By default, the system creates some logical areas for development, test, and production applications.

Developers can then access ICApp through a portal, a command line interface (CLI), or an application programming interface( API).

SOLUTION OVERVIEW

Figure 1: Conceptual Architecture

USER EXPERIENCE

(7)

Figure 2 shows the portal interface for pushing an application into the cloud. The developer simply fills in the fields and clicks the upload button.

In this example, the file field specifies a zip file containing the project source code files.

Another important field is the buildpack, which is a self-contained package of instructions that defines the application stack. Buildpacks are available for languages such as Java, .NET, PHP, Ruby, and Python. When an application is pushed, it is built and hosted in a container using the buildpack to specify the framework and runtime.

After the application is deployed, the developer can start, stop, push, scale, or delete the app. The developer can also view logs and application resource utilization. However, we recommend that an application performance management tool also be used in combination with the capabilities provided in ICApp.

The basis for ICApp are two open source projects: Cloud Foundry (CloudFoundry.org) and Iron Foundry (IronFoundry.org). Cloud Foundry provides the base platform for Linux, and Iron Foundry extends it for Windows. This means that a single platform can support both .NET and open source programming languages.

Figure 2: ICApp Portal Interface

TECHNICAL ARCHITECTURE

(8)

Figure 3 shows the technical architecture. The entire system shown here runs in a collection of virtual machines (VMs) on top of IaaS. In the case of Intel IT, the IaaS is based on OpenStack where the platform lifecycle management software (BOSH) calls OpenStack APIs to create and destroy VMs.

Figure 3: Technical Architecture

(9)

Other Key Components

• Routers—These direct all requests of the platform to the appropriate resource, including API calls and requests to published applications.

• Cloud Controllers—These endpoints for the API store all information about the environment, handle state transitions, package and stage apps, and binds services to applications.

• Droplet Execution Agent (DEA) Pool—Group of DEA nodes to which the applications are deployed. The Intel implementation includes two types of DEA nodes, a Windows stack, and a Linux stack. When an application is deployed, it is packaged into

droplets, which include a wrapper for the app with metadata. The DEA manages the droplets in warden containers. Each warden container is akin to a server containing the software stack.

• Health Manager—This monitors the overall health of the

application portfolio and restarts or redeploys components should they fail. It ensures that the running environment is consistent with its system definition in terms of app deployments.

• Messaging—The system uses the popular message bus NATS. It acts as the conduit through which all components communicate.

• BOSH—This lifecycle management system is used to set up an instance of the platform and manage ongoing updates.

• UAA—The Cloud Foundry User Account and Authentication Server is an OAuth2 provider that authenticates developers with their credentials and issues tokens to access the system. It has subsystems for managing user accounts and roles.

Wherever possible, Intel IT deploys multiple instances of each component so that the system is highly available.

(10)

IMPORTANT CONSIDERATIONS

Benefits and considerations in this solution

Detail

Advantage 1 Agility—Time to market for applications

• App and database deployment/configuration goes from weeks to minutes.

• Abstracting the infrastructure for developers enables rapid deployments.

• It promotes innovation, prototypes, and a “fail fast”

environment with minimal cost.

Advantage 2 Efficiency

• Compute density increases (single tenant vs. multi- tenant).

• Development workflow is automated (build, test, deploy, scale).

• Support costs are reduced. We take ownership of the infrastructure support and patching and compliance, and fewer embedded personnel are required for sup- porting infrastructure.

Advantage 3 Security

• Platforms enforce many Intel security/compliance requirements.

• Apps and data are centralized and do not span thou- sands of VMs.

Disadvantage 1 The learning curve for developers is a barrier to adoption.

Limitation 1 Cloud-aware apps

• The abstracted environment requires applications be structured so they are not dependent on the underlying infrastructure. Traditional models for identity and access management, such as Kerberos and Windows Integrated Authentication, will not work properly when the application is deployed and scaled.

(11)

RELATED ODCA RESOURCES

The ODCA Cloud Maturity Model (CMM)

You need to know where you are to determine where you are going.

The CMM provides an end-to-end visualization of how an enterprise cloud develops over time, starting with no cloud services and

progressing through five maturity levels.The journey leads defined enterprise capabilities and requirements for deploying full-scale federated cloud services that are open, secure, and interoperable.

Intel IT has used the CMM to identify where Intel currently is on the cloud maturity model, and then to determine a future state in line with specific business goals and criteria outlined in the CMM. In a project like ICApp, the PaaS evolution described in the CMM provides a framework to leverage for effective abstracted infrastructure and cloud application development.

ODCA PaaS Interoperability Usage Model

The ODCA PaaS Interoperability Usage Model was written to encourage seamless operation of cloud applications across

providers, rapid integration with consumer orchestration engines, and automatable configuration and operation of both the PaaS container and the execution of the application itself. The usage scenarios defined in this ODCA usage model are helpful when planning an IT PaaS offering, encouraging rapid application deployment and reduced lock-in when defining project scope and use cases.

Intel PaaS efforts, as well as those of other ODCA members, informed the PaaS interoperability model. Organizations seeking to deploy PaaS can utilize the requirements from the ODCA PaaS Interoperability Usage Model to help to assess and procure PaaS services.

This section discusses ODCA resources and how they are relevant to Intel ICApp.

(12)

ODCA Architecting Cloud-Aware Applications

The Architecting Cloud-Aware Applications paper provides

guidance to developers who need to build applications for the cloud environments. The paper contains nine design patterns that can be used as examples of how apps should be designed for cloud. This is especially important for ICApp because if the applications depend on a custom operating system or web server configuration, then they won’t scale out correctly.

Intel developers have used this paper as they prepare applications for ICApp. They acquire concepts and techniques, such as how to design small, stateless components that scale out rather than scale up.

ICApp in the Intel enterprise private cloud helps to accelerate time to market for new custom applications and promotes the development of cloud-aware applications.

This approach helps to improve application development processes:

• Simplifies path to production, removing IT hosting processes from the critical path

• Abstracts infrastructure details, so developers can focus on code development

• Increases standardization of application stacks and enables agile business processes

• Improves resource utilization

• Enhances security and business continuity

Intel’s implementation uses open source solutions to provide an application environment that is on-demand, self-service, scalable, elastic, multi-tenant, and metered. It helps developers to land applications in less than a day.