Best practices to architect applications in the IBM Cloud

Discover a list of component features you need to use for a better cloud experience
Skill Level: Introductory Christina Lau Distinguished Engineer IBM Valentina Birsan Senior Developer IBM

15 Feb 2011 If your goal is to leverage cloud environments as an additional avenue to deliver your software, the best practices described in this article (with more to come) demonstrate how to design your applications to achieve a successful cloud-based deployment model. The authors present best practices on provisioning and safeguarding your virtual machines (VMs) and storage, and discuss multi-tenancy in your applications and middleware to help deliver your applications. Articles in this series
Best practices for cloud-based asset-centric collaboration: Achieve collaborative multi-tenancy using Rational Asset Manager Best practices to accelerate web content delivery in the cloud: Use Akamai platform for speed and reliability Best practices for access control in multi-tenant cloud solutions using Tivoli Access Manager Provide tenant awareness and single sign on while protecting your application resources

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 1 of 15

developerWorks

ibm.com/developerWorks

There are clear business and technical benefits to delivering your software using the cloud. A cloud-based deployment model can: Help you accelerate your application's time-to-value (through middleware). Help you spend less time and operating costs on owning and maintaining enterprise middleware. Help you reduce your investment in infrastructure. For several years, we have been looking at how to leverage cloud computing as an alternative delivery model for WebSphere software. Some of the practices that we learned are presented here, and should make it easier for you to adopt cloud computing in your development environment. Advances in both web and mobile technologies let you leverage the open web and create more web-based tools that are more accessible to the masses. When you couple this with the self-service and self-help cloud deployment model, it should enable you and your organization to better collaborate with other companies and partners by making it easier for them to create and share assets beyond the boundaries of their organization and across geography. Also, if you tap into a cloud provider with a pay-as-you-go pricing model, your applications will benefit from the same flexible, usage-based structure as is found in the IBM Smart Business Development and Test in the IBM Cloud. This article describes the components found in a common platform for building software as a service (SaaS) applications (and what your choices are when you construct a platform). Next, it discusses multi-tenancy and its four common technical attributes. To wrap up, it provides a quick lesson on best practices you should know for three main tasks when working in the IBM Cloud: Provisioning your virtual machine, provisioning storage, and saving the virtual machines that run your applications. As a quick guide, the best practices are listed in a sidebar.

A common platform for building SaaS applications

One purpose of this article is to expose the best practices that enable you to manage SaaS cloud applications and to bring new applications online in the future. To start, one best practice involves: Deciding on the components to include in the description of a common SaaS-application-building platform.

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 2 of 15

ibm.com/developerWorks

developerWorks

Understanding why those components are important to this platform. To do this in the real world, we integrated a number of middleware components from IBM and from our partners into the IBM Cloud to achieve an end result that provides a rich and common user experience. Figure 1 shows an architecture overview of this evolving SaaS framework. Figure 1. Frameworks for building out multi-tenant cloud applications

11 best practices for the IBM Cloud and apps

1. The distance between the end users to the data center can impact the response time dramatically and internet bottlenecks can affect applications availability. HTML5, CSS3, Dojo, REST, and Ajax foundation technologies that help us achieve a user experience that is fast, interactive, and easy to use alone are not sufficient to support a cloud environment where we have to dynamically provision applications for our tenants based on their subscription. Self-service is an important key for cloud environments: A community portal is where self-service registration is available for new tenants.

2.

3.

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 3 of 15

developerWorks

ibm.com/developerWorks

4.

A tenant has no visibility to other tenants' assets on the cloud. Research and understand the concepts of authentication and security, repositories to capture and share assets, payment integration and transactions, operations monitoring, and how to design your platform so that others can build their own apps that use your data (through REST APIs, for example). Four technical attributes are common to cloud applications: The notion of tenants and users. The ability to secure the assets of a tenant. The need for the application to be always available. The need to scale up or down based on actual demand.

5.

6.

7.

Saving your VM (with its provisioned storage) should be done when you are at a good point in your development cycle (after you have configured and tested your software on a particular instance). Saving your VM lets you recreate your VM from a private image, so you don't have to start over. Best practices point to how important it is to assume that things will fail in the cloud. Be patient. If your VM has a lot of data in it, it can take awhile to save it as a private image. You should always do a test run re-creation of your VM instance from the saved image at least once to see if everything saved correctly.

8.

9.

10.

11.

Here are the components and functions we consider useful for a successful SaaS framework: Content delivery network integration User interface frameworks Community portals Tenant and users management Authentication and security Asset repositories

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 4 of 15

ibm.com/developerWorks

developerWorks

Payment integration Operations monitoring REST APIs Content delivery network integration Web-based cloud applications are dynamic and highly interactive. It is important to ensure they perform consistently for users accessing them no matter where they are located. However, the distance between the end users to the data center can impact the response time dramatically and Internet bottlenecks can affect applications availability. To address these issues, we incorporated the Akamai Web Application Acceleration service into our SaaS frameworks to provide web content acceleration for our cloud applications. Requests and application responses between users and the data center are sent over the Akamai platform. Dynamic mapping technology directs the request to the closest Akamai server; it identifies the fastest, most reliable path back and employs connection techniques to optimize communication between servers, improving performance and reliability of both retrieval and delivery. User interface frameworks You want to create integrated solutions with a shared look and feel and enable a user experience that is fast, interactive, and easy to use. HTML5, CSS3, Dojo, REST, and Ajax are foundation technologies that help you achieve these goals. However, those technologies alone are not sufficient to support a cloud environment where you have to dynamically provision applications for your tenants based on their subscription. To support this, we incorporated the Business Space frameworks (WebSphere) to provide a common and consistent delivery of the user interface components. Business Space framework implements the iWidget component model so that we can aggregate web components together in a uniform fashion. Community portals A community portal is a place where you can find recent news and connect with others via forums, blogs, or other social media. It's also where self-service registration is available for new tenants. Behind the scenes, the self-service registration provisions the applications and resources for the new tenants based on their subscription requests. There are many excellent free software packages such as WordPress and phpBB that you can use as starting points for blogs and forums. You can easily integrate

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 5 of 15

developerWorks

ibm.com/developerWorks

and customize them into your own unique community portal. Tenant and user management What defines a tenant? A tenant can be logically mapped to a company, an organization, or a team. A tenant can have one or more users. A tenant shares the physical infrastructure such as VMs, storage, network, and middleware in a data center with other tenants. However, tenants have no visibility to each other. Tenant resource isolation is provided at the user interface and database layers. (An important feature of cloud computing, the discussion of tenant resource isolation is complex and involved and is beyond the scope of this article.) The first user to register to a tenant becomes the default account administrator. A tenant provisions its own resources such as its own business spaces where it can create its own assets. The assets the tenant creates are isolated from other tenants unless the originating tenant chooses to share them publicly. A user can be invited into an account. A user can also make a request to join an existing account using the self-service registration portal; in this case, the account administrator needs to approve the request. Authentication and security You need a utility to manage passwords and to ensure proper authentication and authorization to back-end server resources. This can include password rules such as complex passwords with alpha and numeric characters, rules that require users to change passwords at predefined interval, support for single sign-on across multiple applications, the use of reverse proxy to provide additional security and encryption capabilities, and more. We use Tivoli Access Manager to provide authentication and authorization. Asset repositories Many SaaS applications need to capture and share assets. An asset repository plays a crucial role in supporting asset-centric collaboration while maintaining the desired levels of asset isolation and privacy for tenants. It provides tenants a way to publish and search for assets based on industry or domain. An asset repository can help customers adapt to fast growing business by collaborating with partners to

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 6 of 15

ibm.com/developerWorks

developerWorks

evolve their assets to cover new business requirements. We use Rational Asset Manager in the IBM Cloud to make this easier. Payment integration One of the best things about cloud computing is its capability to offer the user more value through its pay-as-you-go delivery model. However, you have to be able to measure and monitor tenant/user activity to implement accurate billing, so this component is essential to providing (and consuming) cloud services. We use the IBM Payment systems solutions in our framework. Operations monitoring As the number of VMs increase in the infrastructure, it is important to monitor the health and well-being of these VMs as well as the applications and databases that run on them. An operations monitoring component is deployed in the cloud to monitor the performance and the availability of cloud instances. By creating a number of agents to monitor URLs, logs, and network connectivity, you are able to detect problems and in many cases automatically recover from the problems without human intervention. To perform these functions, we use IBM Tivoli Monitoring (ITM). REST APIs It is important to design your platform in such a way that others can build their own web or mobile apps to present your platform data in new and different ways. We developed a set of common REST APIs that enable users to read and write data to our platform. For example, APIs that let users: Sign up for an account, login, or invite others to join your account -- useful for others to integrate your SaaS applications into their own site. Search for assets, news, and other items -- useful for sharing public content from your cloud with others. Now let's look at multi-tenancy in cloud applications.

Multi-tenant cloud applications

Multi-tenancy refers to the ability of services to be offered to multiple tenants in a way so that each tenant operates as logically isolated while, in fact, using physically shared resources. Examples of multi-tenant cloud applications start with our early work on IBM LotusLive and expand through our work on IBM BPM BlueWorks and Cast Iron, all the way to our newest IBM Blueworks Live. While each cloud application serves a different business purpose, from online collaboration to integration to documenting and running processes in cloud, they all
Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011 Trademarks Page 7 of 15

developerWorks

ibm.com/developerWorks

share a number of common technical attributes: The notion that users make up a tenant (or a team). A tenant uses a SaaS application as if they own it, but they actually do not own a copy of the application. The ability to secure the assets of a tenant. SaaS applications allow geographically distributed teams to easily collaborate to create assets and accelerate consensus. Just because they have created the assets, it may not mean they want to share them widely across all the stakeholders. Supporting finer grained privacy settings on assets, protecting sensitive data such as personal identification, are examples of things that need to be considered. The need for the offering to be always available. As an offering becomes more popular or more mission critical, reducing any downtime due to application or infrastructure maintenance will become increasingly important. The need to scale up or down based on actual demand. By monitoring the actual usage, the frameworks can dynamically provision and add additional VMs into the system to handle the workload, and remove the VMs if they are not utilized.

Three tasks to know in the IBM Cloud

The IBM Cloud provides a scalable infrastructure for development, test, and other dynamic workloads such as web-based or analytics solutions. In our experience, best practices point to three main tasks you need to learn to get started: 1. 2. 3. Provisioning a VM Provisioning storage Saving a VM

Provision your VM The first task is to provision a virtual machine (VM) on the IBM Cloud. This can be done easily by using the Add Instance wizard shown in Figure 2. Figure 2. Provisioning a virtual machine on the IBM Cloud via the wizard

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 8 of 15

ibm.com/developerWorks

developerWorks

Determine which data center you want your VM to reside and select an existing base image to base your VM from. The IBM Cloud is currently available in Raleigh, North Carolina and Boulder, Colorado, USA; Toronto, Ontario, Canada; and Ehningen, Baden-Wurttemberg, Germany. More geographies are being added over time. Note: It might not matter where cloud applications are physically located, however some locations have government regulations that you must follow. A large number of base images are available to help you reduce the time that is needed to install software. Once you have selected your configurations, submit your request and wait for it to be provisioned. After your VM is provisioned, use a tool

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 9 of 15

developerWorks

ibm.com/developerWorks

such as PuTTY and your own SSH (Secure Shell) key to get into the VM and start installing or configuring additional software. Provision your storage The second task that is useful is to provision storage for your solution. Storage is essential if you want to share files between multiple VMs or if you want to persist some files so that they are still available if you delete your VM. You can easily provision storage on the IBM Cloud by using the Add Storage wizard shown in Figure 3. Figure 3. Provisioning storage on the IBM Cloud via the wizard

Save your VMs The third task is very important. Save your VMs. This should be done when you are at a good point in your development cycle, and have configured and tested your software on a particular instance.

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 10 of 15

ibm.com/developerWorks

developerWorks

By saving your instance, you save all your configuration work such as firewall and other settings. If something happens to your VM, you can recreate it from the private image that you saved without having to start from the beginning. Best practices point to how important it is to assume that things can fail in the cloud. Sa situation that you cannot control. For example, there are outages in the data center and the network can fail By designing applications in ways to recover from failures, you can bring applications back up as fast as possible. To save your VM, use the Create private image wizard shown in Figure 4. Figure 4. Creating an image on the IBM Cloud via the wizard

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 11 of 15

developerWorks

ibm.com/developerWorks

This operation can take a long time if your VM has a lot of data. After your VM is successfully saved, it is a good practice to recreate your instance from the saved image to make sure every thing is recreated properly from the image.

In conclusion
This article introduced you to best practices from our own experiences pertaining to cloud application deployment architectures. It provided a high level overview of some of the key components that you may want to consider when designing your

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 12 of 15

ibm.com/developerWorks

developerWorks

own cloud applications. Future topics will include tenant resource isolation, provide insight into how to leverage the dynamic nature of the cloud, how to ensure your applications are secure and resilient to failure, and the impact of mobile computing on cloud computing development.

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 13 of 15

developerWorks

ibm.com/developerWorks

Resources
Learn Check out the resources mentioned in this article: IBM Blueworks Live IBM LotusLive IBM BPM BlueWorks, a WebSphere cloud experiment WebSphere Cast Iron Cloud Integration Key features of IBM Blueworks Live Akamai Web Application Accelerator IBM payment systems solutions Tivoli Access Manager for e-business and IBM Tivoli Monitoring Rational Asset Manager WordPress.org phpBB open source bulletin board software In the developerWorks cloud developer resources, discover and share knowledge and experience of application and services developers building their projects for cloud deployment. The next steps: Find out how to access IBM Smart Business Development and Test on the IBM Cloud. Get products and technologies See the product images available on the IBM Smart Business Development and Test on the IBM Cloud. Discuss Join a cloud computing group on developerWorks. Read all the great cloud blogs on developerWorks. Join the developerWorks community, a professional network and unified set of community tools for connecting, sharing, and collaborating.

About the authors

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011 Trademarks Page 14 of 15

ibm.com/developerWorks

developerWorks

Christina Lau Christina Lau is a distinguished engineer in WebSphere, experienced in such emerging technologies as cloud and mobile computing. Her current focus is on developing advanced technologies that support the delivery of online cloud services across the BPM, connectivity, and ILOG portfolio.

Valentina Birsan Valentina Birsan is a senior developer in WebSphere, currently focused on cloud projects. Previously Valentina was a technical lead on Rational Application Developer. Valentina was one of the initial members of the Eclipse TPTP open source project and served as the chair of the TPTP Architecture Group. She was the lead architect for the Cosmos Service Modeling Eclipse open source project and member of the SML open standard.

Best practices to architect applications in the IBM Cloud Copyright IBM Corporation 2011

Trademarks Page 15 of 15