By proactively managing the cloud delivery and security
services found within the network, you can significantly
improve performance, adhere to corporate security standards
and governance, and improve your bottom line through the
CapEx and OpEx optimizations that cloud computing offers.
Cloud Computing: Redefining how Services are Provided From Within the Cloud
1. Cloud Computing:
Cloud Computing: Redefning oo eeriiee ee eorided eom
Redefining How Services
Are Provided from Within
the Network
By proactively managing the cloud delivery and security
services found within the network, you can significantly
improve performance, adhere to corporate security standards
and governance, and improve your bottom line through the
CapEx and OpEx optimizations that cloud computing offers.
ittin tte etooer
By Bill Erdman
1
3. T
he European railway system is consid- and effective way to schedule, provision, and
Cloud Computing: Redefning oo eeriiee ee eorided eom
ered among the best rail networks in manage the services within the network.
the world. It connects 30 countries in
Europe and provides flexible travel options for Some elements of managing the network in
people and efficient transportation of goods. the cloud are simple extensions of the physi-
Through its interconnectivity, it also provides cal model. Others, necessarily, must change.
access to countries outside of Europe. All are focused on the same fundamental
goals of managing the pipe ― however
In the cloud, the network is similar to an effi- broad or limited ― to ensure optimal perfor-
cient and widespread railway system. It links mance, maintain requisite levels of security,
the compute and storage resources that make and facilitate the ongoing flexibility of the
up the private cloud, and it provides connectiv- cloud environment.
ity to the public cloud. And like the railway
system, when provisioned intelligently, clouds Again, like a railroad, the network is not the
can deliver a wide variety of payloads across end goal. It is the means by which the ends are
the same set of networking pipes. achieved. But, like any transportation system,
the less differentiated the service over time,
By taring a peoaitire etanie tooaed the more consumers will seek alternative
ittin tte etooer
managing tte netooer in tte iloud, offerings that have better guarantees to meet
enteepeieee ian deamatiially impeore their needs. The cost of failures in service
pee oemanie, maintain elaetiiity, can be widespread. By taking a proactive
and optimize eetuen on ttie eignifiant stance toward managing the network in the
cloud, enterprises can dramatically improve
IT inreetment.
performance, maintain elasticity, and optimize
The cloud relies on flexible interconnections return on this significant IT investment.
that facilitate dynamic provisioning, motion,
and elasticity, all of which would be impossible Cloud eeriiee Erolution: Tte
without network resources. A cloud without Role o etooer eorieioning
networking services is undifferentiated — all utomation (oe Oeiteeteation)
payloads are delivered equally with little secu- For many services, whether they be trains
rity, segmentation, per-customer tracking, or or clouds, the first-to-market offerings are
individual accounting. often very basic and increase their service
capabilities over time. Trains today have first-,
Like the modern-day railway system, the second-, and third-class; express trains;
same set of tracks is used to haul different freight trains; grain trains; and so on — all
classes of passengers and freight, all with for handling a wide variety of service needs.
different delivery requirements. The evolution And as the train system increased its service
of clouds must expand to offer differentiated capabilities, the need for more robust sched-
services like the railway system. This goal uling and capacity management to maintain
can be achieved only through a more efficient a viable system increased as well.
3
4. Similarly, when you begin to add a diverse and compression are already common in
set of virtual machines into a cloud (beyond traditional physical environments — and have
the early adopters of clouds who had very been adopted by cloud service providers as
basic needs), you need an enhanced set of well. As customers convert to clouds, these
services. And while these services may be services remain important yet are provisioned
hosted differently within a cloud, moving from in a much more dynamic and automated
physical to logical, the need for service at the way. Again the needs do not change, but the
application level still exists. What is different platforms in which the services are hosted
is that the application is now within a shared and provisioned do change. Continuing to
infrastructure and must be scheduled and develop a cloud environment without these
managed with other applications sharing components can significantly lessen the value
the same physical resources, yet logically of the infrastructure for your users.
segmented.
By looring at tte moee adranied
Nonetheless, many enterprises have paid neede o eeeriie peorideee oe guid-
limited attention to the role of the network, anie, enteepeieee ian eee tte utuee
having deployed “only” a few thousand virtual o netooer eeeriiee and tte ability to
machines (VMs) in their young cloud environ- dynamiially ionfguee ttem in tteie
ments, primarily geared toward application
iloud enrieonmente.
developers and testing teams. In contrast,
a tier one or tier two service provider might A case in point with regard to these network
deploy hundreds of thousands of VMs for services is dynamic load balancing, which
hundreds of customers. As enterprises deploy improves the end-user experience when
more production, multi-tier applications in the accessing Web pages from a physical or
cloud (each with a database, business logic, virtual server. For example, when an enter-
and Web tier), actively managing the network prise faces the end-of-the-quarter close,
and its services will become more important the holiday shopping season, or even just a
to them as well. surge of traffic to its Web site, load balancing
within the network can offload the process-
e enteepeieee deploy moee peoduition, multi- ing on the server farm while improving the
tiee appliiatione in tte iloud, aitirely managing response time. This capability offers enhanced
tte netooer and ite eeeriiee oill beiome moee application delivery performance and ensures
impoetant to ttem ae oell. productivity within the user community.
By looking at the more advanced needs of Many of the applications initially hosted within
service providers for guidance, enterprises clouds were not Web front-end-based and
can see the future of network services and therefore did not require these services. As
the ability to dynamically configure them the adoption of clouds increases, customers
in their cloud environments. Security (fire- will want to host their Web applications within
walls), quality of service, load balancing, the cloud and will require load balancing
4
5. services from the network to ensure applica- to complex, multi-tier production applications,
Cloud Computing: Redefning oo eeriiee ee eorided eom
tion performance. While many of the same proactive network management becomes
load balancing rules still apply whether imperative to the scalability and value of the
the environment is a dedicated physical cloud environment.
infrastructure or now virtual within a cloud,
the load balancing platform within the cloud ialing oe Ctange: Extending
needs the ability to partition and segment Teaditional Management
customer Web traffic into virtual contexts and While many of the traditional best practices of
to scale to thousands of Web sessions. network management apply to cloud environ-
ments, some elements of the cloud extend
Tte earinge aitiered tteougt those traditions to meet the more taxing
teaditional data iompeeeeion applied demands of a dynamic infrastructure. Just
in a iloud enrieonment ie beioming as the scheduling of trains that can add
ieuiial oe eeeriie peorideee ae oell capacity dynamically bears a resemblance
ae oe indiridual enteepeieee. to simple scheduling — but with added
complexity — the role of standards and
This demand often requires bigger, more automation in a cloud environment is like
powerful load balancers, while highly leverag- their physical equivalents — but customized
ittin tte etooer
ing across a great number of customers and for on-demand requirements.
virtual machines. Moreover, also needed is
an intelligent scheduling and configuration To get tte moet beneft eom tte iloud, bott
system that can manage hundreds of load
enteepeieee and eeeriie peorideee muet
balancing instances across many customers.
dynamiially peorieion and ionfguee iloud
eeeriiee automatiially.
Data compression is another network-based
service that can reduce the costs of storage
and of the local- and wide-area networks Defne eeriie tandaede
required to carry backup and restore traffic. Some railroad lines can accommodate
In a cloud environment, where the number high-speed trains. Others are strictly slow-
and scale of workloads increase, the criticality train lines. Some trains, of course, can clear
of these services is growing, and the potential 100 miles an hour, while others are designed to
network burden can be great. The savings be local. Luckily, it is easy to tell the difference
achieved through traditional data compression between the trains and their requirements,
applied in a cloud environment is becoming because they adhere to a set of standards that
crucial for service providers with their mas- the operators can easily consume.
sive, multi-customer data requirements, as
well as for individual enterprises as their use Managing and moving a cloud service requires
of cloud-based services increases. some metadata about the service itself, codi-
fied in a standard descriptor. While incredible
As enterprise cloud environments grow from progress has been made on the VM front in this
serving primarily development and test needs regard, the network side continues to develop.
5
6. Cisco is working with major service provid- properly leveraging network resources and
ers to enhance those standards to describe services are appropriately applied.
some of the networking services a cloud
service might require, such as multi-tenant utomate to Meet Requieemente
provisioning, network partitioning, firewalls, To get the most benefit from the cloud, both
load balancing, or compression services. Once enterprises and service providers must
implemented, these standards will provide dynamically provision and configure cloud
an abstracted definition of the virtualized services automatically to meet their users’
resource that an enterprise or a service needs. Given the scale of a cloud-based
provider could use to provision a cloud service infrastructure ― tens of thousands of servers
within any data center, private or public. Until and storage devices — as well as the speed
then, the onus will remain on the enterprise or with which load balancers can move services
service provider to ensure cloud services are around the environment, it is impossible for
5 UNIQUE REQUIREMENTS
for Service Provider Networks
When it comes to basic network management and network services, enterprises and service
providers have many of the same needs. But there are five areas where service providers,
by virtue of their scale, their business model, and their customers, have very different needs.
They are:
» The configuration tools and processes to host hundreds of thousands of services within
a single cloud — building hundreds or thousands of smaller clouds for individual customers,
or even groups of customers, doesn’t provide the economies of scale that generate the
maximum ROI
» Multi-tenant partitioning provided by network container provisioning, executed with a level
of rigor and auditability that may not be required by enterprise customers managing
private clouds
» Very complete self-service portals that make it easy for large numbers of external customers
to establish an account; create, manage, and delete cloud services; and review their bill
without the need for manual support or calls to a help desk
» Service level monitoring and transparency, ensuring that public cloud customers are
consistently apprised of both the service levels delivered and the areas of potential latency
in the environment
» Billing and service level agreement (SLA) monitoring capabilities, which include tracking
the metrics (CPU cycles, storage consumed, number of users, etc.) for each customer and
the ability to feed these metrics to customer billing systems
6
7. humans to make the necessary decisions cloud service automatically. In the Japanese
Cloud Computing: Redefning oo eeriiee ee eorided eom
quickly enough, even if a company could afford train system, the concept of the women’s car
enough trained staff. is similar. Regardless of which train and what
time, the women’s car enforces the women-
All the functions within the traditional FCAPS only rule.
network management model ― fault, con-
figuration, accounting, performance, and oerload poetability ie one o tte majoe benefte
security ― are also required in the cloud. But o tte iloud.
in the cloud, where all are abstracted, execu-
tion of those management functions must Managing network containers (the ability to
operate without the benefit of hard physical create, change, delete, and take other action
visibility. Just as a railway company wouldn’t on the containers) enables automated control
manage its train system and traffic flow by of connectivity throughout the infrastructure,
analyzing ticket sales data alone, the chal- allowing services to move more flexibly
lenge of ensuring service continuity without throughout the cloud while maintaining the
the traditional physical cues and correlations appropriate separation from each other.
is a task best left to automation. Greater movement means greater ability
to optimize capacity, performance, and return
ittin tte etooer
Geeatee morement meane geeatee on investment (ROI) in the cloud.
ability to optimize iapaiity,
pee oemanie, and ROI in tte iloud. et eo Requieemente:
Only in tte Cloud
Enterprises and ser vice providers can Not all network management changes are
also automate the provisioning of network natural extensions of their physical brethren.
resources. Network containers, a cloud- Some are net new functions required by the
ready extension of the virtual local area dynamic environment. Like a swap to driverless
network (VLAN) concept, can be created trains might prompt the need for an entirely
or allocated at the time the cloud service is different approach to braking — potentially
provisioned. Either based on policy or user giving passengers much less whiplash — the
selections, the network container defines change to the cloud has enabled some interest-
the security rules that govern every cloud ing new network management use cases.
service within, and associates firewalls and
load balancers accordingly. Eneuee oerload oetability
Workload portability is one of the major ben-
The network container is abstracted from efits of the cloud, allowing you to move cloud
the physical network to which it is connected. services from overburdened servers, storage,
Regardless of where the cloud service is or network resources to peer resources that
placed, the network container enforces the can better meet performance and reliability
connectivity policies associated with that needs. This portability can range from moving
7
8. an application that needs higher performance uppoet Multi-tenaniy
to a server that has excess capacity all the Multi-tenancy is a software architecture that
way to migrating complete groups of appli- enables support of multiple clients or tenants
cations to a different data center to reduce on a single instance of the software. Rather
network latency. than creating and managing separate, individ-
ual instances for each tenant, one installation
Such portability allows an enterprise to better allows consolidation of physical resources,
manage capacity during peak and off-peak change processes, and the IT expertise nec-
periods, and allows service providers to essary to maintain the environment. Service
make the most efficient use of their massive providers in particular prefer multi-tenant soft-
data centers by shifting new workloads to ware architectures, because they maximize the
infrastructure that has the most capacity (or provider’s ability to provide the same service
even the lowest power costs) at any time. to many customers simultaneously.
While the origin and the destination of the Multi-tenant provisioning segregates the
workload is often the highlight of any conver- applications and data of different users or
sation on workload portability, the network is customers to ensure their isolation and privacy.
the means by which it travels. Very much like With privacy and security a longstanding con-
the railway system of the cloud, the network cern in their market, service providers routinely
and its support for portability are critical to publicize how their multi-tenant architectures
the achievement of this type of flexibility in ensure one customer cannot access informa-
the infrastructure. tion that belongs to another. However, this
network service is becoming more critical for
Multi-tenant eoftoaee aeititeitueee maximize enterprises, too, as their clouds serve greater
tte peoridee’e ability to peoride tte eame eeeriie portions of their businesses.
to many iuetomeee eimultaneouely.
The goal of multi-tenancy is to ensure that
The proximity of the network aggregation cloud services are not able to identify their
point, the bandwidth capacity for moving peers on the same physical infrastructure.
applications and the associated data, and They should be isolated from each other,
the configuration of different network con- ensuring that no data can be gathered about
tainers can all impact the portability of the each other by any means. The primary mecha-
workload. Without the correct identification of nism by which data could be shared is through
dependencies between multi-tiered applica- the network traffic reaching the physical server,
tions and the maintenance of appropriate intended for another, peer VM on that server.
connectivity, the movement of a cloud service Thus, support for multi-tenant infrastructures
can wreak havoc on its operations. While often requires network controls.
the workload may be portable, the network
ensures it can move — and function — when Even within the private cloud of an enterprise,
it reaches its destination. such multi-tenant support might be critical.
8
9. For example, in some industries, regulations components together. Whether the cloud is
Cloud Computing: Redefning oo eeriiee ee eorided eom
mandate that the employee who requisitions operated by an enterprise or a service provider,
the purchase of goods or services cannot also the network requires many of the traditional
approve the purchase. To meet customer network management functions — and a
security requirements, a retailer might need few new ones — to deliver value to the cloud
to separate the databases that contain infrastructure. Proper cloud management
customer-specific credit card information and services are necessary to deliver the core
from those that pool anonymous customer cloud benefits, such as workload portability,
data for business intelligence. In such cases, multi-tenancy for capacity management, and
an organization might use multi-tenancy to reduced capital and operational expenses.
enable both applications to share a cloud envi-
ronment, but prevent unauthorized access to tettee tte iloud ie opeeated by an enteepeiee
data or applications. oe a eeeriie peoridee, tte netooer eequieee many
o tte teaditional netooer management unitione —
By implementing multi-tenancy within the and a eo neo onee — to deliree ralue to tte
cloud infrastructure, organizations can lend iloud in eaeteuituee.
additional flexibility to their capacity planning
efforts. If cloud services are blind to each To ensure they support the goals of their cloud
ittin tte etooer
others’ existence, they can more readily inter- initiatives, both the enterprise and the service
mingle throughout the infrastructure’s large provider need to consider carefully how to
pool of resources, significantly increasing best deploy network services such as load
utilization across the infrastructure, and thus balancing, compression, multi-tenancy, and
lowering the overall cost for all concerned. basic network provisioning. The payoff will
be better optimization, faster ROI, and a more
Realize tte Benefte flexible, adaptable cloud environment.
Many people think of only virtual servers and
virtualized storage when they hear “cloud As with rail travel, we often consider the
computing.” In reality, though, no such cloud departure point and the destination. But
could exist without a network to link its sometimes, as in life, it’s about the journey. ●
About the Author
Bill Eedman is a senior director within Cisco’s Service Provider Systems unit
and is leading a cloud provisioning and systems management integration
team. He has extensive product, market, and customer experience in the
cloud market. Erdman is a 16-year veteran within Cisco and has experience
in the areas of systems management, high-performance switching, storage
area networking, infrastructure convergence, voice, and wireless. Previous to Cisco, Erdman
worked for 3Com Corporation, Digital Equipment Corporation, and General Electric. He holds
a master’s degree in business administration from Babson College.
This article appears in VIEWPOINT, Focus on: Cloud Computing, published by BMC Software. To order a complimentary copy
of VIEWPOINT, please click here tttp://go.bmi.iom/ oeme/E M_TL_Vieopoint_Cloud_BMCCom_E _Mae2011.
9