Cloud Computing Architecture – How to reconcile
business, technical, and legal requirements
Introduction
Cloud Computing Architecture
Cloud Computing Architecture
Architecture Forces: Legal,
Security, Scalability, Latency
Summary
Corporate Research and
Technologies
Munich, Germany
27
thJan. 2011
Munich, Germany
Gerald Kaefer
gerald.kaefer@siemens.com
* 4thGeneration DatacenterSiemens and Cloud Computing
Business views on cloud computing?
Customer/ User
Use cloud offerings for
Corporate IT
Example E.g. Use of 4Success for Talent Mngt., SalesForce for CRM activities in US
Corporate IT
Software and Product Vendor
Provide cloud enabled software
and products. Operated by
Siemens or customers .
Infrastructure and Service Provider,
Example E.g. Syngo.CRX CAD from Healthcare Sector or
Syngal mass notification from Industry Sector
Oct-10
Community Clouds Vertical Business Integration
S e c u ri ty H y b rid M o d e ls Cloud Architecture System Integration IT-Provisioning IT-Infrastructure Software as a Service Platform as a Service Infrastructure as a Service Cloud Consulting & Services
Infrastructure and Service Provider,
Integrator
Provide cloud and cloud service
products on IaaS, PaaS, and SaaS
layers, plus related integration and
solution development services.
Example E.g. Portfolio of Siemens IT Solutions e.g. Remote Service Platform, Managed Server on Demand
Cloud Computing Hype
Why, where, and how to benefit?
Our business agility could be improved, and TCOs are
increasing caused by complexity.
Maybe cloud computing
Cloud Computing will reduce your TCO, no
CAPEX, only OPEX increase your flexibility What is Cloud
Computing at all?
Maybe cloud computing could help? What happens if
others use it?
SaaS, PaaS, IaaS, you do not need your on premise software…
Cloud Sales
Consultant
Business Owner
How should I tackle How does cloud
IT Architect
How should I tackle that? New technologies, high complexity, legacy applications, security,
SLAs, compliance ….. How does cloud
computing impact our industrial business to
reduce TCO and increase business agility. Of course, compliant and at highest security level…
Forces to Balance for Your Cloud Solutions
Cloud Computing architecture is backbone of discussions
Compliance
Business Goals
Approach:
Separation of Concerns
plus multiple
Design and Verification
cycles
Cloud
Computing
Architecture
Compliance
- legal
- regulation
- national,
international
Deployment and
Partner Strategy
Business Goals
- lower TCO
- agility
- reduced CAPEX
- new sales models
- stakeholder satisfaction
Technical Application
Operation
-Customer Environment
- Integration constraints
- Legacy constraints
- National, international
- single Provider Partner
- redundant Provider
Partner
- Partners of customers
Technical Application
constraints &
requirements
- legacy components
- security, multi-tenancy,
- scalability, reliability
- on-demand, pay per use
- ….
Motivation for Cloud Computing Architecture
From Cloud Awareness to Cloud Understanding
•
Cope with Cloud Computing paradigm in complex
enterprise and industrial environments in the roles as
customer, provider, and ISV
customer, provider, and ISV
•
Provide common understanding in projects between
business, compliance, and technical roles
•
Support for re-engineering existing on-premise
applications for the Cloud Computing paradigm
•
Coping with required break to existing IT and software
•
Coping with required break to existing IT and software
architectures (data (storage, distribution), processing,
transactions, caching, workflows, access control, etc.)
•
Design guidelines for native cloud applications for industrial
domains
Cloud Computing – Working Definition
….focus on automation, resource sharing and business
Software-"Finished services"
Service Offering View (What?)
Service Offering View (What?) Technical View (How?)Technical View (How?)
e.g. Salesforce, CRM,
Cloud computing
is a model for enabling convenient,
on-demand
network access to ashared pool
of configurablecomputing resources (e.g., networks, servers, storage, applications, and services) that can be
rapidly
provisioned and released
withSoftware-as-a-Service Infrastructure-as-a-Service Platform-as-a-Service "Finished services" "Building blocks" "Foundations" CRM, Office 365 e.g. Azure, AppEngine, Force e.g. Amazon, GoGrid, Rackspace
provisioned and released
withminimal management effort
or service provider interaction.
(Source: NIST) Hybrid Cloud
Private Cloud Public Cloud
Deployment View (Where? For Whom?) Deployment View (Where? For Whom?)
Cloud Computing – Working Definition
….some more clarifications to avoid cloud misunderstandings
•
Cloud computing is not only Internet and Browser-based computing
•
Cloud computing is not virtualization. Virtualization is an enabler
•
Moving to a cloud is not a fix for bad practices
•
Moving to a cloud is not a fix for bad practices
•
Security is what you make of it, cloud or no cloud
Virtualized Data Center
Private Cloud
virtualized infrastructure virtualized plus multi-tenancy Procurement for capacity request Self-servive portal
Days or hours for provisioning <15min provisioning time
Fixed cost Pay per use or charge back
Fixed cost Pay per use or charge back
CAPEX model from IT to business units OPEX mdel Business units takes risk of under
utilization
e.g.
CRM
User,
Application
Customer View
“XaaS” Stack Views
Customer View vs. Provider View
SaaS
PaaS
VMs and
e.g.
Access
Control
Application
Administrator
Software
Architect,
Developer
IT Architect,
IaaS
VMs and
Networks
IT Architect,
IT Operator
Provider View
Cloud Offerings Segmentation
Standard IT services already offered as cloud service
Service layer
Service layer
Services type: Segmentation of standard IT services
Services type: Segmentation of standard IT services
Software-as-a-Service Infrastructure- Platform-as-a-Service CRM2 SCM3 HR4 ... Backup Application Server Persistency, Caching Commu-nication Integration, Mngt. Identity, Access Control Office … Training CCC1 Search
Infrastructure-as-a-Service Computing Storage Backup
1 Content, communications and collaboration 2 Customer Relation Management 3 Supply Chain Management 4 Human Resources
Network
There is already a huge offering on standard IT cloud services. As a next evolution
industry cloud services will be build them aligned with requrired industry specific
infrastructure and platform offerings (Healthcare, Smart Grid, e-Mobility, …).
Cloud Computing Architecture
Our first working definition
The
Cloud Computing Architecture
of
a cloud solution is the structure of the
system, which comprises on-premise
system, which comprises on-premise
and cloud resources, services,
middleware, and software components,
geo-location, the externally visible
properties of those, and the
relationships between them.
Based on standard architectural
methods there are specific extensions to
cover non-functional requirements of
cover non-functional requirements of
cloud applications, e.g. scalability,
scalability, reliability, availability, and
security. Furthermore, requirements
from legal or business, need further
specific views and concepts, e.g. data
separation for hybrid clouds, or
cost-centric architectures.
Characterize your Cloud Computing Project First
… then select most close architecture approach
High-level Categories
Cloud Service Enterprise Integration (Service Integration Project)
Cloud Service Enterprise Integration (Service Integration Project)
Start with an Enterprise IT Architecture approach.
Cloud enabled Application Development (SW Development Project)
Define a cloud application architecture based on a SOA approach,
designing services for PaaS and SaaS integration. IaaS approaches should
be chosen, if large legacy components need to be integrated, or there are
specific hardware requirements.
Classic IT Service/ Application Migration to Cloud (Dev. or Int.)
Define a cloud target architecture to provide a goal to follow as far as
possible, instead stubbornly migrating classic architectures to cloud.
If there is no source code available, migration on binary assets is only
feasible (limitation for PaaS at application server layer).
Cloud Computing Architecture
Major building blocks
Reference Architecture and Architecture Blue Prints
•
Basis for documentation, project communication
•
Stakeholder and team communication
V ir tu a liz e d A p p lic a tio n SaaS PaaS Application Service Platform Client Infrastructure
•
Partner management, provider selection, acquisitions
•
Payment, contract, and cost models
Technical Architecture
•
Structuring of functional architecture according to XaaS Stack
•
Adopting Cloud Platform paradigms
•
Structuring cloud services and cloud components
•
Showing relationships and external endpoints
IaaS Storage Infrastructure Applications Services Integration, Database, Runtime Virtualization Storage Network Computing Public IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Virtual
•
Showing relationships and external endpoints
•
Middleware and communication
•
Management and security
Deployment Operation Architecture
•
Geo-location check (Legal issues, export control)
•
Operation and monitoring
Classic IT
Private Cloud Public Cloud On Premise On Demand Virtual Private Cloud Provider 1..n
Context: High-level Architectural Approach
… aligned with common attribute driven approaches
Business Goals
• TCO • Quality
• Market share
• Agility & Flexibility
• Stakeholder satisfaction • Compliance • ….
Quality Attributes
• Agility & Flexibility • ….
• Availability • Elasticity • Interoperability • Security • Adaptability • Performance • Usability • Maintainability • Response Time • ….
• Stateless Design • Partitioning
Architectural Tactics
• Stateless Design • Loose Coupling • Caching •Claim based authentication •Scale-out architecture • Pipelining• Divide and Conquer •Firewall traversal • Partitioning • Publish-Subscribe • Strong encryption • Multi-Tenancy • Reliable messaging • Asynchronous communication …
Cloud Platforms - Simpler NFR Engineering
Software architecture becomes deployment architecture
Concept Software Solution IT Operation Solution
Problem Infrastructure
Challenge: Traditional achievement of NFR (Non Functional Requirements) assurance
Abstract problem focus and constraints Concept requirements have to be implemented, software focuses on efficient implementation
Software constraints have to be encountered to fulfill SLA requirements
Infrastructure is selected according to operation
requirements
Advantage: Match of NFRs is verified at higher level (platforms plus SLA), miss-match adaptation is possible through change of concept or change of cloud platform.
Software Developer IT Operators
Problem Concept Software Cloud Platforms
Concept must be aligned with Cloud Platform, blocking points show-up at concept phase
Platform assures non functional requirements as scalability, elasticity, reliability, and features as pay by use, and low cost through economies of scale. adaptation is possible through change of concept or change of cloud platform.
Software Developer
Cloud Computing and Compliance
The outsourcing challenge with new constraints
Employment Aspects (e.g. codetermination, time recording)
Export Control (e.g. storing data, software distribution across country boarders
Information Security (e.g. company intellectual property, strategy, …)
Information Security (e.g. company intellectual property, strategy, …)
Regulatory Requirements (e.g. Domain laws (healthcare (HIPAA),
banking, insurance)
Data Protection laws and regulation (data privacy)
Data Retention (based on tax or accounting law or lawsuit)
Requirements
According to the application domains:
- Requiring certifications, e.g. Safe Harbor
Difference to classical outsourcing
Today’s outsourcing processes are focused on identifying most issues in order to place them - Requiring certifications, e.g. Safe Harbor
- Geo-Location Control of data storage - Disaster Recovery
- …
Most often requiring hybrid cloud approaches Separation of building blocks according to
requirements to keep deployment flexibility
identifying most issues in order to place them at the outsourcing contractor.
Cloud offerings come with fixed SLA contracts, so one must deal with legal issues or collaborate on a different way. E.g. a new cloud service integrator business will be established in future, or more in-house capabilities will be required.
Cloud Computing and Security
Loss of ultimate data control and perimeter protection
What attributes of security are crucial for the business:
Confidentiality
Confidentiality
Limits on who can get what kind of information
Possessions/ Control
Loss of control of the information, regardless of whether there is breach
of confidentiality
Integrity
Information is correct or consistent with its intended state
Authenticity
Correct labeling or attribution of information
Correct labeling or attribution of information
Availability
Timely access to information
Utility
Usefulness of information (e.g. loss of encryption key for encryption data
eliminates its utility or usefulness)
Regulations (related Certifications)
Business decision support on risk management
Three kinds of issues in standards and regulations
„ How issues“:
„ How issues“:
- Govern how an application should operate in order to protect certain concerns
specific to its problem domain (e.g. HIPAA defines how to handle personally identifying
health care data)
„Where issues:
- Govern where data shall be stored or applications are allowed to run (EC Directive
95/46/EC on Data Protection and Safe Harbor)
„What“ issues:
- Standards prescribing very specific components to your infrastructure (e.g. PCI and
the use of antivirus software on all server processing credit card information)
Design Principals and Tactics to deal with
Security and compliance
Encryption, combined with digital signature technology to ensure data
integrity, is most effective as the foundation of an enterprise data
protection strategy, which includes the processes and technologies that
work in tandem to ensure data security.
An effective strategy must include all four of these components:
Protection of the data itself through encryption (storage, transfer)
Controlled Access to data with strong authentication and authorization systems
(e.g. Challenge public cloud storage and access key revocation)
Detection of data at risk to prevent data leakage
Comprehensive management of data throughout its lifecycle from its creation
Comprehensive management of data throughout its lifecycle from its creation
through archive
Segmentation of data in order to treat it according to sensitivity and regulation
Best practices are collected in the ISO/IEC 27002 standard. It lists a comprehensive set of best practicesDesign Challenges – Hybrid Cloud Services
Distributed data and computation in Hybrid Clouds
Cloud
Cloud
Data
Storage
•
Latency
•
Cross-Cloud
Security Challenge
Cloud
Application
Cloud
Data
Storage
•
Bandwidth
•
Latency
•
Reach ability
•
Security Challenge
•
Bandwidth issues
•
Latency
•
Availability
•
Security Challenge
•
Internal provider
security (certified)
•
Availability
Storage
On
Premise-Storage
On Premise
Application
Required on premise provisioning influences cloud cost advantages
• Purchasing hard discs
• Purchasing backup-media
• Rent and operation of facilities
Designing Applications across the XaaS Stack
Selection of XaaS layers and services
Objective & requirements
Applications Services Integration, Database, Runtime Virtualization Storage IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Network Computing Classic IT
Private Cloud Public
Cloud Infrastructure as a Service On Premise On Demand Virtual Private Cloud Provider 1..n
Cloud Computing Application Architecture
Classic service style transferred to cloud
Web Role(s)
Mail Delivery
Store
search
…
Scalability of counters (counters for people, not mail)
SLA: daily mail
Mail office counters
Storage
Cost driver: Number of people
(independent of mail delivered for people)
Availability only during office hours with (challenge of office hours and
resources)
Cloud Computing Application Architecture
Business & cost aware Service: Storage vs. compute cost
SLA: daily mail
Worker Role(s)
Mail Graps batch
for his region
Postman
Mail Office
Storage
Store
Mail boxes could
Advantages:
No office counters for mail required
Scale related to mail independent of people (less postmen)
Cost driver: Mail to distribute
Work according to demand, no office hours required
Storage
Mail boxes could
even be paid by
customer
Cloud Computing Architecture
Latency challenge of service composition
Latency constraints require advanced
caching and pre-fetching strategies
Always test with cloud latencies and real
300 ms
200 ms 200 ms 300 ms
Request Server Response Browser
Timing model for user-centric applications
Cloud
Data
Storage
Region A
> 100 ms
Always test with cloud latencies and real
data loads
REST protocol uses Internet http caching
and local proxy caching.
Request Server Response Browser
App
Cloud
Data
Storage
Region B
<10 ms
Cloud Storage Data Model must avoid multiple requests (Continuation Tokens)
Architecture for Elasticity
…
elasticity and cost requirements impact architecture
Vertical Scale Up
•
Horizontal Scale Out
•
•
Add more resources to a
single computation unit i.e.
buy a bigger box
•
Move a workload to a
computation unit with more
resources
•
Adding additional computation units and
having them act in concert
•
Splitting workload across multiple
computation units
•
Database partitioning
For small scenarios scale up is
probably cheaper - code “just works”
For larger scenarios scale out is the only solution
1x64 Way Server much more expensive that
64x1 Way Servers
Summary
Cloud computing approaches will spread because of
lower TCO and higher flexibility (business, technical)
lower TCO and higher flexibility (business, technical)
Because of today’s cloud computing buzz, agree on an
internal working definition on cloud computing first.
Today, most cloud platform offerings are not yet aligned
for out of box deployment for many business domains.
Consolidate cloud experts to clarify technical, legal, and
business issues first – to know business risks.
business issues first – to know business risks.
Prepare your application and software architecture for
loud computing platform models, because these
Dr. Gerald Kaefer
Thank You for your Attention!
Siemens AG,
Corporate Research and
Technologies
Global Technology Field System
www.ct.siemens.com
Program Managergerald.kaefer@siemens.com
Within Corporate Research and Technologies the Global Technology Field “System Architecture and Platforms” focuses on system and software architectures for a wide range of application domains. This includes
Global Technology Field System
Architecture and Platforms
Otto-Hahn-Ring 6
81739 Munich, Germany
Copyright © Siemens AG 2011. All rights reserved.Copyright © Siemens AG 2010.
architectures for a wide range of application domains. This includes embedded systems, distributed applications, and enterprise software.
The recent field of cloud computing is addressed by a corporate program on cloud computing with specific interest on “Cloud Computing Architecture and Platforms”. Cloud computing architecture is key for meeting technical, legal, and business requirements. These activities are completed by the industry focused evaluation of strategic cloud computing platforms and solutions.
Cloud Computing Architektur - oder wie man geschäftliche,
technische und rechtliche Anforderungen unter einen Hut bringt
Cloud Computing ist am Hype Cycle ganz oben angekommen und somit auf jeder Innovationsagenda gesetzt. Bei der Einführung von Cloud Computing im industriellen Umfeld stellt man aber rasch fest, dass Entscheider sich schwer tun Vorteile von Cloud Computing auf ihre Produktsegmente zu
dass Entscheider sich schwer tun Vorteile von Cloud Computing auf ihre Produktsegmente zu übertragen, obwohl diese unbestritten sind. Ist die Entscheidung für Cloud Computing einmal gefallen und die Umsetzung steht an, zeigt sich, dass Neuentwicklungen oder die Migration von klassischen IT Anwendungen zu Cloud IT Anwendungen nicht trivial sind. Viele die diesen Weg bereits gegangen sind, würden am Ende des Budgets gerne nochmal neu starten. Auch der Sprung vom Software Lieferanten zum „Software as a Service“ Unternehmer darf von rechtlicher Seite nicht unterschätzt werden.
Dieser Vortrag beleuchtet Herausforderungen dieser Art und zeigt Stolperfallen auf. Cloud Dieser Vortrag beleuchtet Herausforderungen dieser Art und zeigt Stolperfallen auf. Cloud Computing Architektur, als Kombination aus Methodik und Erfahrung aus Cloud Computing
Projekten, wird als Hilfsmittel vorgestellt um möglichst beim ersten Versuch die richtige Architektur zu treffen und geschäftliche bzw. rechtliche Anforderungen durch Architekturmuster und Taktiken unter einen Hut zu bringen.