From Virtualization to Cloud optimize and automate it in the Cloud

White paper series from virtualization to private Cloud In 2011, the IT Process Institute (ITPI) published Visible Ops Private Cloud: From virtualization to private cloud in 4 practical steps. This no-nonsense guide draws conclusions from an in-depth ITPI study of 30-plus successful private cloud deployments. The book presents a proven, four-phased approach that guides IT professionals as they build on virtualization and consolidation efforts to deploy a private cloud. The RedHat From Virtualization to Private Cloud white paper series builds on the concepts in the book to help IT professionals launch successful private cloud initiatives. Specifically, the series will help you: 1. Cut through the cloud clutter 2. Design cloud services, not systems 3. Optimize and automate IT in the cloud 4. Accelerate business results with your cloud Cloud suCCess depends on optimizing run-time operations to inCrease ongoing operating effiCienCy and effeCtiveness. Provisioning services on demand through a private or hybrid cloud deployment can transform how IT is delivered and how IT services are consumed. Successful cloud deployments, however, depend on more than self-service access and automated deployment of workloads from a service catalog. Success happens only when cloud run-time activities are optimized. Automated provisioning isnt enough. To ensure ongoing service delivery of cloud services, IT must also standardize and automate a wide range of application lifecycle, infrastructure maintenance, and security and compliance activities. Managing dynamic workloads and shared resource pools requires greater infrastructure and configuration standardization, higher levels of automation, and an increased focus on process definition and control than is necessary for static virtual environments. Fortunately, improvements in these areas can significantly enhance resource utilization and operating efficiency. This paper offers practical advice for optimizing run-time activities to strengthen ongoing management of private and hybrid cloud environments. Key activities highlighted in this paper include: Expanding the level of automation to manage resource changes, workload moves, and application lifecycle management Managing hybrid and heterogeneous cloud environments Updating service management processes and documentation Enabling continuous compliance

From Virtualization to Cloud Optimize and automate IT in the cloud

overvieW - optimize and automate in the Cloud The cloud computing buzz often centers on giving users self-service on-demand access to various IT services. The promise is building a private or hybrid cloud enables users to deploy, scale, and redeploy resources as needed. The flexibility can both dramatically increases business agility and improve resource utilization in the data center. But what about after the workload is deployed? Who maintains and updates the cloud?

But what about after the workload is deployed? Who maintains and updates the cloud? How does IT ensure ongoing security and compliance? The reality is that while private cloud utilizes virtualized resources, it is built, run, and governed differently than the static virtualized data center. As a result, there are unique run-time challenges that IT must address: shared resources. Workloads are deployed to resource pools that are shared by users. Run-time management focus shifts from managing individual servers to managing resource pools. Although monitoring resource-level performance, availability, and security continues to be important, the primary run-time focus is on user-facing service levels. massive scalability. In a cloud infrastructure, workloads are provisioned at normal usage level. Scale-out and redundant architectures preserve service levels. When usage increases beyond pre-set levels, triggers initiate specific automated actions to add resources or move workloads to ensure service and performance. Cloud resource management models can simultaneously optimize both service levels and resource utilization. standardized systems management. Manual, ad hoc system management activities dont scale in the cloud. By increasing standardization and use of workflow automation, administrators can improve their effectiveness and reduce the labor-intensive and error-prone work that so often causes change-related service outages. hybrid and heterogeneous solutions. A hybrid environment taps both public and private cloud resources and links them together in a cohesive run-time environment. Cloud workloads may also span a mix of technologies, operating systems, and computing platforms. IT must find appropriate ways to govern and control hybrid and heterogeneous environments. Understanding and addressing these differences is critical for cloud success. So is taking the right steps to optimize run-time activities. Those steps are: expanding automation by leveraging tools to automate resource changes, workload moves, and application lifecycle management tasks. managing hybrid heterogeneous cloud environments by managing multi-tier applications and expanding or contracting resources to and from third-party clouds. updating service management processes and documentation, which involves refreshing key processes based on shared resource pools and dynamic workloads. enabling continuous compliance by controlling and verifying security and regulatory compliance for cloud deployments. Automating and optimizing the ongoing run-time activities related to the cloud deployment is essential to ensuring service delivery, maximizing resource utilization, and improving operating efficiency. The remainder of this paper details these four activities to help you optimize your cloud run-time activities.

From Virtualization to Cloud Optimize and automate IT in the cloud

expand automation Consider higher levels of automation prerequisite for cloud success. A hybrid approach can provide more options for scalability while maximizing the utilization of internal computing resources. Automated provisioning provides on-demand access to services in service catalog. But automating build and deploy is only part of managing a cloud environment. Ad hoc and manual management of labor-intensive, error-prone cloud management activities doesnt address cloud scalability requirements, nor does it allow you to optimize service delivery and resource utilization. To address those goals, youll have to ratchet up the level of automation. If you have tools, processes, and skills in place to automate build and deploy, then it makes leverage your investment in those capabilities to gain the benefits of automating other activities. Several areas to consider for run-time automation include:

resource scaling. Automation enables resource scaling in response to increasing demand. Cloud services are typically provisioned at normal usage levels. Triggers based on CPU usage or other resource-level metrics initiate allocation of more resource from a resource pool or the addition of nodes to the resource pool. Triggers also initiate scale-back and the release of resources that are no longer needed. Automated scale is vital to increasing utilization levels beyond those possible in static virtual environments. Workload moves. Moving workloads to different pools is another way to respond to higher demand. The action might be to move a high-priority workload to another pool that has room to support the higher usage level. Or the action might be to leave the high-priority workload in place and move lower-priority workloads somewhere else. As you plan for workload moves, dont overlook restrictions on co-mingling in scope workloads with those that dont require higher levels of control. In addition to considering these security and compliance requirements, also monitor application performance to detect issues that may arise due to frequent moves. Backup and disaster recovery. Integrate these activities with processes that implement preventive, detective, and corrective controls. Automating configuration drift detection is especially important as reprovisioning or restoring service from a blueprint may fail if the configuration has drifted in production. application lifecycle management. The blueprint approach used for automated provisioning can also be used to patch or upgrade server operating systems, middleware, and applications. Consider systems that dont require restarting virtual resources to implement an update. Actively manage differences between application versions in development and in production. Also consider automation limitations that prevent updating multitier workloads that run across physical, virtual, and cloud environments. deprovisioning. The key to achieving higher utilization of key resources in the cloud is turning off unused workloads. Make sure cloud service requests include a deprovision date. Turning workloads off when they are no longer needed frees resources for other users and minimizes cloud sprawl. The bottom line is this: Cloud run-time management requires automation. And automating time-consuming, error-prone maintenance activities is essential for efficient and reliable cloud service delivery.

From Virtualization to Cloud Optimize and automate IT in the cloud

red hat Cloudforms appliCation lifeCyCle management CloudForms manages the lifecycle of applications to both accelerate deployment in the cloud, and standardize across environments such as development, test and production. CloudForms Application Engine provides a template-based approach to define and manage applications from one or more components and then deploy those to either physical, virtual or cloud-based environments. CloudForms System Engine supplies and manages the content and configuration used to build components and application blueprints. System Engine is the canonical source for the content and configuration that make up the application components. These components can come from Red Hat such as a Red Hat Enterprise Linux build, from 3rd party components like Apache server, or any of your own software.

manage hyBrid and heterogeneous Cloud environments Adding cloud software to a pool of computing resources enables selfservice deployment of services and allows IT to respond to changing usage levels. But achieving very high degrees of scalability in a private cloud environment may result in underutilized resources that sit idle during normal usage levels. Heterogeneous cloud workloads also require special run-time considerations.

To optimize utilization and achieve extreme scalability, consider a hybrid cloud strategy in which workloads are deployed across both internal resource pools and resources managed by third-party Infrastructure as a Service (IaaS) cloud providers. A hybrid approach can offer more options for scalability while maximizing the utilization of internal computing resources. Use cases that augment private cloud deployments with public cloud resources include: Leveraging public cloud for backup and disaster recovery of private cloud deployments Using public cloud for development and test, and then pulling workloads into private cloud for production Starting new production workloads in a public cloud, then repatriating them to internal resource pools once usage levels stabilize All three scenarios have advantages and disadvantages. But all are relatively new to the IT scene. Heterogeneous workloads are not new to the IT scene, however, and are in fact common in most enterprise data centers. Heterogeneous workloads may include resources that: Span multiple computing stack tiers, including databases, application tiers, clients, and web tiers Use multiple technologies, such as various operating systems, virtualization, middleware, and programming languages May be physically spread across multiple computing environments, from physical to virtual and cloud Heterogeneous cloud workloads also require special run-time considerations. They may use a mix of licensing models as well as a mix of monitoring and security agents. They may include a combination of product or platform specific management tools.

From Virtualization to Cloud Optimize and automate IT in the cloud

With both hybrid approach and heterogeneous workloads, you must be more aware of complexities and dependencies than in a static physical or virtualized environment. You may choose to start a private cloud deployment in limited environment isolated from the rest of your production environment. Eventually, however, you would integrate and manage the deployment using the standardized tools and best practice processes you already have in place. Some considerations for managing hybrid and heterogeneous cloud environments include: security. The configuration and maintenance of run-time environments has a significant impact on security posture. Both private and hybrid cloud environments require focus on run-time activities to maintain security and compliance. mix of operating systems. Most data centers include multiple operating systems. Forcing your cloud to a single operating system limits the number of workloads that you can deploy. That, in turn, limits adoption. So, plan on managing a mix of operating systems in your private or hybrid cloud. mix of virtual machines. Encapsulating workloads in a virtual machine enables portability in a shared resource pool. Many data centers use a variety of virtualization technologies. The more VMs you support, the more workloads you can move to the cloud. mix of programming languages. Support for traditional Java programming languages as well as newer web models such as PHP and Ruby, is essential. Not every cloud needs to work with every one of them. However, make sure you understand the language limitations of public cloud providers that you plan to include in your hybrid solution. range of application programming interfaces (apis). APIs are key to configuring and deploying workloads and configuring infrastructure. Existing applications may need to be modified to work with modern REST (Representational State Transfer) and SOAP (Simple Object Access Protocol) APIs that are prevalent in cloud environments. Unified management. Coordination of private cloud and off-premise public cloud resources may require multiple management tools. Some monitoring and security tools may work in both private and public settings. Some public cloud environments allow access to key performance data through APIs. data portability. Moving data seamlessly across private and public cloud environments is more complicated than simply copying and moving files. Data nonportability often results in separating application tiers across computing environments. Make sure public cloud providers support data import and export in a manner that meets your requirements before you commit to a specific solution. license management. Software license models may not match your plans for dynamic workload management. Make sure your automation solutions enable automated tracking to ensure license compliance. Cloud management that addresses these considerations is more likely to support the broad range of workloads found in typical data center and better utilize existing resources and technologies.

From Virtualization to Cloud Optimize and automate IT in the cloud

red hat Cloudforms portaBility aCross environments CloudForms integrates with existing products and technologies, including physical servers and virtualization platforms from other vendors, to provide the easiest on-ramp to an on-premise cloud. It simultaneously allows deployment to multiple public or community cloud providers, including those running software tack from a different vendors. With CloudForms, you can import existing VM images created elsewhere or build them from scratch in whatever formats are needed for their deployment. Images created for a specific destination can be quickly replicated out for scalability across physical servers, a variety of virtualization platforms, and a choice of public and community clouds.

update serviCe management proCesses and doCumentation Because clouds are built, run, and governed differently than static virtual environments, the processes you use to manage the run-time environment must be updated for cloud. Provisioning a normal workload into shared resource pools changes capacity planning, which, in the past, was typically tied to a static project funding and planning cycle. Automation of resource changes and workload moves poses tracking, monitoring, and support issues not found in static environments. Giving users self-service access to production resources violates traditional controls that require advisory board review of every production change.

Private or hybrid cloud is built, run and governed differently than a static virtual environment.

In light of these differences, those responsible for meeting availability service level agreements (SLAs) and handling overall data center operations should consider modifying standard operating procedure for cloud environments. Items to consider include: performance and availability. Changing resource levels during peak usage, not to mention the remote location of hybrid cloud resources, can impact service levels. It isnt sufficient to measure performance and availability based on underlying resources. You must also monitor the user experience to understand and maintain appropriate service levels. application dependency mapping. A cloud is a system. It includes more layers in the technology stack than a traditional static physical or virtual environment. More dependencies mean more potential points of failure. Understanding all dependencies is crucial to ensuring proper run-time performance. incident and problem management. Although scale-out architectures can more easily adapt to service outages via rebuild instead of repair strategies, they can be harder to troubleshoot. To facilitate incident and problem management in this environment, give support personnel adequate technical and functional documentation about the workload as well as the automation used to deploy and manage cloud resources. Change and configuration management. Control in a dynamic computing environment is more important than in a static environment. Be sure to specify and certify the automated actions that are used to build, deploy, and update production systems. IT Infrastructure Library (ITIL) shops may need to update change models to include automated actions and pre-approved changes. Moreover, they may need to update component-level configuration Item (CI) naming schemes to account for temporary scale-out of resources. Capacity planning and optimization. Increased scalability of cloud resources does not eliminate the need for capacity planning. However, the focus and responsibility shifts from users and developers concerned with server level capacity, to operations focused on capacity at the resource pool level. 6

From Virtualization to Cloud Optimize and automate IT in the cloud

Overall, private and hybrid cloud environments require more documentation than static environments. Dont count on development and production sharing tacit knowledge. Give those supporting production the information they need to respond to normal operations and service disruptions. Clearly document and share functional and technical specifications of workloads. Also require documentation about rules and policies as well as automated response. enaBle Continuous ComplianCe A fire and forget approach for deploying cloud services can jeopardize cloud goals. Compliance issues in a highly automated cloud are different from those in a static environment. If you manually change a production system that was generated by an automated routine, you are opening the door to whole range of problems. At best, you are in uncharted territory from a security and risk standpoint. At worst, the next time you run the automation routine, it may cause an outage that is extremely difficult to troubleshoot.

In cloud environments, you should strive for a state of operations in which machines build and maintain machines, and continually sense and respond to unauthorized changes. A fire and forget approach for deploying cloud services can jeopardize cloud goals. Compliance in traditional IT environments includes doing things a predetermined way as directed by external regulations, security policy and best practices. Compliance is achieved through preventive, detective, and corrective controls that make it hard to do the wrong thing, that immediately detect when right thing hasnt been done, and then alert staff and/or restore conditions to the desired state. Preventive controls keep people from changing target systems without using tools, process, and blueprints. Detective controls work nonstop. Tools continually scan the cloud environment for configuration drift and other undesirable conditions. The cloud is not the place for fire and forget deployment. Corrective controls automatically restore components to the last known good blueprint. At a minimum, these controls must automatically notify the staff and allow push-button control of restoration. In a highly standardized and automated cloud environment, the definition of compliance must expand to include compliance with: Build and deploy blueprints Automated workflow To accomplish this, you need a way to check compliance not based solely on audit output or artifacts of build routines, but also on audit blueprint and automation rules that produce the artifacts. It may sound more complicated, but its actually good news: Instead of checking every server to verify that it is at patch level, you audit to see that every server matches your blueprint and verify that the blueprint is at the desired patch level. Documentation is essential to achieving compliance in the cloud. At a minimum, you must document: Technical and functional specifications of cloud services Blueprint and workflow used to generate and instantiate workload Operating procedures, including how to start and stop service and regenerate a workload Maintenance procedures using blueprints and automated workflow 7

From Virtualization to Cloud Optimize and automate IT in the cloud

red hat Cloudforms Continuous ComplianCe CloudForms provides operational management for running applications and systems across physical, virtual, and cloud environments. It provides automated control over applications while they are running, meaning that administrators can be highly confident that their infrastructure is under control at all times and not just at the instant a new image starts up. It provides continuous compliance of content and configurations and helps ensure that cloud-deployed applications are consistent with the application definitions outlined in the application blueprint. Users can then monitor and update their systems and applications, while they are running on an ongoing basis. This enables key features like being able to do a live update of a running production application, when the application blueprint is updated. This also enables users to detect configuration drift on a running application instance due to changes made by end-users (i.e. updating a software library) that bring the instance out of compliance. Administrators can synchronize the instance of an application deployed by CloudForms with the canonical application blueprint held by the Application Engine. Configuration drift can be detected and remediated without having to restart the application instance. ConClusion Private and hybrid cloud solutions present unique run-time challenges related to managing shared resource pools, providing massive scalability, and managing hybrid and heterogeneous cloud environments. Your success moving from a virtualized data center to a private or hybrid cloud environment will depend in part on how effectively you address these challenges. To ensure ongoing service delivery of cloud services, standardize and automate a wide range of application lifecycle, infrastructure maintenance, and security and compliance activities. Service management processes should be revisited to optimize standard operating procedures for more dynamic cloud environments. Using automated tools and processes to manage the lifecycle of all components that enable cloud services can also achieve ongoing security and regulatory compliance. Fortunately, improvements in these areas can not only help achieve business outcome objectives, but also help enhance the utilization and operating efficiency of IT resources. The completion of key activities in this paper lays the groundwork for activities recommended in Align and Accelerate Business Results, the fourth and final paper in the From Virtualization to Private Cloud white paper series. The fourth paper focuses on driving user adoption and ensuring business benefits of your private or hybrid cloud solution.

Copyright 2012 IT Process Institute. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or transmitted in any form other than PDF by any means (electronic, mechanical, photocopying, recording, or otherwise) without the prior written authorization of the IT Process Institute. Submit requests to info@itpi.org. Distributed by RedHat with permission from the IT Process Institute v100511

#8618677_0112