Guidewire InsuranceSuite 9 · embrace cloud technology, which is becoming much more relevant for...

GuidewireInsuranceSuite9CloudDeploymentConsiderations

WHITEPAPER

WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS

TableofContents1 PurposeofThisDocument...................................................................................................................1

1.1 DocumentScopeandContents....................................................................................................1

2 CloudOverview....................................................................................................................................2

2.1 DefinitionofCloudComputing.....................................................................................................2

2.2 TypesofClouds............................................................................................................................4

2.2.1 PublicCloud..........................................................................................................................4

2.2.2 PrivateCloud........................................................................................................................5

2.2.3 Hybrid...................................................................................................................................6

2.3 PotentialCloudBenefitsforP&CInsurance.................................................................................6

2.3.1 LowerTCO............................................................................................................................62.3.2 ImprovedUserExperience...................................................................................................7

2.3.3 GreaterBusinessAgility........................................................................................................7

2.3.4 IncreasedCostTransparency................................................................................................8

2.3.5 ImprovedSecurityandCompliance......................................................................................9

2.3.6 SimplifiedDisasterRecovery................................................................................................9

2.4 PotentialCloudChallengesforP&CInsurance.............................................................................9

2.4.1 LackofCloudSkillsandMindset..........................................................................................9

2.4.2 LackofAutomation............................................................................................................10

2.4.3 InsufficientOversight.........................................................................................................11

2.4.4 FalseComparisons..............................................................................................................11

2.5 ArchitectingfortheCloud..........................................................................................................12

3 SelectingaCloudServiceProvider.....................................................................................................14

3.1 Services.......................................................................................................................................14

3.1.1 IaaSServices.......................................................................................................................14

3.1.2 PaaSServices......................................................................................................................15

3.2 Locations....................................................................................................................................15

3.3 Pricing.........................................................................................................................................16

3.4 AvailabilityandSLAs...................................................................................................................16

3.5 Security.......................................................................................................................................16

3.5.1 ISO/IEC270xx.....................................................................................................................17

3.5.2 ServiceOrganizationControls(SOC)..................................................................................17

3.5.3 Industry-SpecificRequirements.........................................................................................18

3.6 IndustryExpertise.......................................................................................................................18

3.7 MarketplacesandDatasets........................................................................................................18

4 CloudDeploymentConsiderations.....................................................................................................20


4.1 Cloud-ReadyFeaturesinInsuranceSuite9.................................................................................20

4.1.1 ImprovedScalability...........................................................................................................20

4.1.2 NewClusteringManagement.............................................................................................20

4.1.3 RedesignedServerProcessing............................................................................................20

4.2 CloudDesignPrinciples..............................................................................................................20

4.3 PerformanceandResourceConsiderations...............................................................................21

4.3.1 SystemResources...............................................................................................................21

4.3.2 NetworkDesign..................................................................................................................22

4.3.3 LoadCharacteristics...........................................................................................................23

4.4 ScalabilityConsiderations...........................................................................................................24

4.4.1 ScalingInsuranceSuiteintheCloud....................................................................................24

4.4.2 WebUITierScaling.............................................................................................................26

4.4.3 WebServicesScaling..........................................................................................................26

4.4.4 ApplicationTierScaling......................................................................................................26

4.4.5 DatabaseTierScaling..........................................................................................................274.4.6 StorageTierScaling............................................................................................................27

4.4.7 LoadBalancerScaling.........................................................................................................28

4.5 AvailabilityConsiderations.........................................................................................................29

4.5.1 High-AvailabilityStrategies.................................................................................................29

4.5.2 WorkloadDistributionandPlacement...............................................................................29

4.5.3 HAfortheApplicationTier.................................................................................................30

4.5.4 HAfortheDatabase...........................................................................................................30

4.5.5 HAforStorage....................................................................................................................31

4.5.6 HAfortheFront-EndTier...................................................................................................31

4.5.7 Monitoring..........................................................................................................................31

4.6 DisasterRecoveryConsiderations..............................................................................................32

4.6.1 RTOandRPO......................................................................................................................32

4.6.2 Cloud-BasedDR..................................................................................................................324.6.3 DataManagementforDR...................................................................................................33

4.7 SecurityandComplianceConsiderations...................................................................................34

4.7.1 SecurityPrinciples..............................................................................................................344.7.2 IdentityandAccessManagement(IAM)............................................................................34

4.7.3 SecurityPerimeterManagement.......................................................................................35

4.7.4 DataProtectionandCompliance........................................................................................36

4.7.5 Logging...............................................................................................................................38

4.8 CostManagement......................................................................................................................38

4.8.1 UsageAttribution...............................................................................................................39


4.8.2 CostControl........................................................................................................................40

4.8.3 ConsumptionManagement................................................................................................42

4.8.4 SystemTuning....................................................................................................................43

5 DeploymentApproaches....................................................................................................................45

5.1 Self-DeployinaPublicCloud......................................................................................................45

5.1.1 Neededcloudexpertise......................................................................................................45

5.1.2 VendorSupport..................................................................................................................46

5.1.3 Service-LevelAgreements..................................................................................................46

5.2 WorkingwithaPartner..............................................................................................................47

5.2.1 IaaSspecializations.............................................................................................................47

5.2.2 Integrations........................................................................................................................47

5.2.3 Ongoingsupport.................................................................................................................47

6 Appendix:GuidewireDeploymentInformation.................................................................................48

6.1 ClassesofEnvironments.............................................................................................................48

6.2 Environmentdeploymenttimeline............................................................................................49

6.3 GuidewireApplicationsandComponents..................................................................................49

6.3.1 CoreProducts.....................................................................................................................49

6.3.2 DataProducts.....................................................................................................................49

6.3.3 DigitalPortalsProducts......................................................................................................50

6.3.4 OtherComponentDetails...................................................................................................50

6.4 NodeTypes.................................................................................................................................51

6.4.1 AlternateNodeTypes.........................................................................................................52

6.5 ServerRoles(version9andlatercoreproducts).......................................................................54

6.5.1 CloudDeploymentandServerRoles..................................................................................55

6.6 ProcessorCapacityEffects..........................................................................................................56

6.7 EnvironmentDescriptions..........................................................................................................56

6.7.1 SimilarityAcrossProduction-ClassEnvironments..............................................................56


TableofFigures

Figure1VisualModelofNISTDefinitionofCloud.......................................................................................3Figure2MatchingCapacitytoDemand.......................................................................................................4Figure3CloudDeploymentModels.............................................................................................................6Figure4Time-to-CapacityComparison........................................................................................................8Figure5GartnerAutomationClock...........................................................................................................10Figure6TraditionalITOrgChart................................................................................................................12Figure7ServiceCatalogforAmazonWebServices...................................................................................12Figure8InsuranceSuiteLayeredDesign....................................................................................................14Figure9ExamplesofCloudProviderSecurityAttestations.......................................................................17Figure10GuidewireInsurancePlatform™.................................................................................................19Figure11ApplicationLoadPatterns..........................................................................................................23Figure12Verticalvs.HorizontalScaling....................................................................................................24Figure13AWSRAIDConfigurations...........................................................................................................28Figure14DataProtectionApproaches......................................................................................................31Figure15AWSSharedResponsibilityModel.............................................................................................35Figure16PrivateConnectivitytotheCloud..............................................................................................37Figure17CommonCloudResourceTagTypes..........................................................................................39

1


1 PurposeofThisDocumentGuidewire’smissionistohelppropertyandcasualty(P&C)insurersadaptandsucceedatatimeofrapidindustrychangeandtoensureourcustomersaresuccessfulintheirjourney.Successforcustomersmeansincreasingspeedtomarket;drivingmoremeaningfulcustomerinteractionsthroughdigitalengagement;providingdifferentiatedproductsandservices;streamliningclaimshandling;makingbetterdecisions;andmore.Successalsomeanshavingacontinuallylowertotalcostofownership(TCO).ItisincumbentonGuidewiretokeepevolvingourproductsandarchitecturetoensureourcustomershavethetechnologytheyneedtodayandinthefuture.Onekeyaspectofourstrategyistoincreasinglyembracecloudtechnology,whichisbecomingmuchmorerelevantforP&Cinsurersandtheindustryasawhole.Cloudenablesnewsourcesofvaluetobeprovidedfasterandatalowercost.Ithelpsinsurerstoimprovespecificpartsoftheirbusiness.Anditenablesinsurerstosignificantlylowertheircapitalcostsofdeployingandowningapplicationsbyrelyingonthirdpartiestoprovidecomputinginfrastructureandrelatedservices.ThisdocumentisintendedtohelpGuidewirecustomersdeployandoperateInsuranceSuitev9softwareinthecloud.

1.1 DocumentScopeandContentsWiththereleaseofGuidewireInsuranceSuite™version9(IS9),Guidewire’scoreproductsarecloud-ready.ThismeansthatcustomersandimplementationpartnerscandeployandrunIS9inaprivatecloudaswellasonpubliccloudinfrastructuressuchasAWSorAzurewithnoapplicationmodifications.

ThiswhitepaperprovideshelpfulinformationaboutdeployingGuidewiresoftwareinapubliccloudenvironment.Itsmajorsectionsprovidethefollowingcontent:

• Section1(thissection):Abriefintroductiontothedocument• Section2:Backgroundinformationaboutcloudcomputing,includingcloudfeaturesand

typesaswellasmotivationsforconsideringthecloud• Section3:Guidancewhenevaluatingandselectingcloudserviceproviders(CSP),including

suchfactorsasservices,locations,pricing,security,andrelatedtopics• Section4:Considerationswhendeployingenterpriseapplicationsinthecloud(some

aspectsapplybroadly,whileotherarespecifictoInsuranceSuite)• Section5:Approachesfordeployingtothecloud,includingself-deploymentandworking

withapartner• Appendix:Guidanceoninfrastructuresizing

TheprimaryaudienceforthisdocumentincludesbusinessownerswhoareconsideringrunningGuidewiresoftwareinapubliccloud,enterprisearchitectsresponsibleforapplicationanddatastrategy,andITprofessionalswhodesign,deploy,operate,andsupportapplicationinfrastructure.

2


2 CloudOverview2.1 DefinitionofCloudComputingAccordingtotheU.S.NationalInstituteofStandardsandTechnology,cloudcomputinghasfiveessentialcharacteristics1:

• On-demandself-service:Aconsumercanunilaterallyprovisioncomputingcapabilities,suchasservertimeandnetworkstorage,asneededautomaticallywithoutrequiringhumaninteractionwitheachserviceprovider.

• Broadnetworkaccess:Capabilitiesareavailableoverthenetworkandaccessedthroughstandardmechanismsthatpromoteusebyheterogeneousthin-orthick-clientplatforms(e.g.,mobilephones,tablets,laptops,andworkstations).

• Resourcepooling:Theprovider’scomputingresourcesarepooledtoservemultipleconsumersusingamulti-tenantmodel,withdifferentphysicalandvirtualresourcesdynamicallyassignedandreassignedaccordingtoconsumerdemand.Thereisasenseoflocationindependenceinthatthecustomergenerallyhasnocontrolorknowledgeoftheexactlocationoftheprovidedresourcesbutmaybeabletospecifylocationatahigherlevelofabstraction(e.g.,country,state,ordatacenter).Examplesofresourcesincludestorage,processing,memory,andnetworkbandwidth.

• Rapidelasticity:Capabilitiescanbeelasticallyprovisionedandreleased,insomecasesautomatically,toscalerapidlyoutwardandinwardcommensuratewithdemand.Totheconsumer,thecapabilitiesavailableforprovisioningoftenappeartobeunlimitedandcanbeappropriatedinanyquantityatanytime.

• Measuredservice:Cloudsystemsautomaticallycontrolandoptimizeresourceusebyleveragingameteringcapabilityatsomelevelofabstractionappropriatetothetypeofservice(e.g.,storage,processing,bandwidth,andactiveuseraccounts).Resourceusagecanbemonitored,controlled,andreported,providingtransparencyforboththeproviderandconsumeroftheutilizedservice.

Figure1illustratestherelationshipbetweencloudcharacteristics,servicemodels,anddeploymentmodelsaccordingtotheNISTtaxonomy.

1http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

3


Figure1VisualModelofNISTDefinitionofCloud

Thesefeaturesresultininformationtechnology(IT)asautility,tobeconsumedwhenandasneeded.ThisisaprofoundchangefromtraditionalIT,withitshighupfrontcostsandlongprovisioningtimes.Theon-demandnatureofcloudcomputingenablesuserstodeploycapacityquickly.RatherthanwaitingforanITservicedesktofulfillservicerequests,developersgainrapidaccesstoenvironments.InsteadofbuildingdatacentersanddeployingITequipment,companiescanessentiallyrentcapacityfromacloudserviceprovider(CSP)inthelocationsandamountsdesired.

Thedifferencebetweentraditionalandcloud-basedITisillustratedinFigure2.Inthetraditionalmodel,build-outofanowneddatacenterrequiressubstantialtimeandmoney.Italsorequiresfuturedemandforecastingthatcanprofoundlyimpactabusiness.Ifnotenoughcapacityisavailable,usershaveanegativeexperience.Ifcapacityisover-provisioned,assetsgounused.Bycontrast,cloudcomputingdeliverscapacityindirectresponsetodemandalongwithpay-as-you-gopricing,ratherthanrepeatedlyattemptingtooptimizecapacityofownedfacilitiesandinfrastructure.Thisavoidstyingupworkingcapitalandthusisparticularlyappealingtogrowingbusinesses.Italsoenablesproviderstodeliveraconsistentlygooduserexperience.

4


Figure2MatchingCapacitytoDemand

2.2 TypesofClouds2.2.1 PublicCloudInsuranceSuite9canbedeployedonmostInfrastructureasaService(IaaS)platforms,includingAmazonWebServices(AWS),MicrosoftAzure,andIBMSoftLayer.Inapubliccloud,ITresourcesaredeliveredasnetwork-basedservicesthatarehostedinproviderdatacentersanddesignedformulti-tenantuse.Thiseliminatestheneedforinsurerstobuild,deploy,andmaintaincapital-intensiveinfrastructuresuchasdatacentersandservers,whichcansignificantlyreducetheiroperatingcosts.

Advantagesofapubliccloudincludepay-as-you-goconsumption,rapidresourceelasticity,andtheabilitytoshiftfinancingfromCapExtoOpEx.Inaddition,themassivecapacityofpubliccloudprovidersenablesgreaterapplicationflexibilityandscalability.AndbecausemanagingITinfrastructureisthecorecompetencyofcloudproviders,theyoperatehigher-qualityfacilitieswithbetteruptimethanalmostanyenterprise-owneddatacenter.

BydeployingandrunningInsuranceSuite9onapubliccloudplatform,insurershaveaccesstohighlyscalableandflexibleinfrastructure.Additionalbenefitsinclude:

• Automateddeployment• Rapidelasticity• Improvedfaulttolerance• Serviceproviderchoice

5


DeploymentAutomationInadditiontohighlyscalablecomputingresources,IaaSprovidersoffertoolstoautomatethedeploymentofcomplexapplicationstacks.ThisenablesITorganizationstoquicklyandeasilydeployfullyconfiguredenvironmentsinthecloud.

RapidElasticityAsmentionedinsection2.1,rapidelasticityisanessentialcharacteristicofcloudcomputing.Thisenablesuserstoaddandremoveresourcesasneededratherthanhavingtobuildinfrastructureinadvanceofanticipateddemand.

ImprovedFaultToleranceWithmostpubliccloudproviders,customerscandistributeapplicationsacrossmultiplephysicalsites.ThiscapabilityenablesInsuranceSuitetobedeployedinahighavailabilityconfiguration.Intheeventofunexpectedfailure,InsuranceSuite9canrespondgracefully,maintainingessentialfunctionalitybyshiftingloadtosystemsthattakesoverforthefailedsystem.

ChoiceofServiceProvidersInsuranceSuite9runsonindustry-standardinfrastructure.Thismakesitcloud-agnostic,meaningthatInsuranceSuiteworkswithallmajorIaaSplatforms.Customersarefreetochoosethecloudthatprovidesthebestcombinationofcost,performance,andfeaturesforeachdeploymentlocation.

2.2.2 PrivateCloudPrivatecloudsareownedandusedexclusivelybyasingleentity.Infrastructurecanbelocatedon-premisesoratadatacentercolocationprovider.Formanyorganizations,deploymentofaprivatecloudisalogicalextensionoftheirexistingphysicalandvirtualinfrastructure.

Privatecloudsoffermanyofthesamebenefitsaspubliccloudsbutwithsomeimportantdifferences,includingconfigurationflexibility,complianceanddatasovereigntyconsiderations,single-tenantoperation,andcapacitymanagement.

ConfigurationFlexibilityIncontrasttopublicclouds—whichofferserviceswithpre-definedsizes—privatecloudsareconfiguredandadministeredbytheirowners.Thisgivesprivatecloudsgreaterconfigurationflexibilityandcontrolthanpublicclouds.

ComplianceandDataSovereigntyConsiderationsPubliccloudtechnologystackscanbeopaque,withtheexactlocationofsystemsanddatauncertain.Thiscanleadtocomplianceanddatasovereigntychallenges.Bycontrast,aprivatecloudremainscompletelywithinitsowner’scontrol.

Single-TenantOperationOnedisadvantageofamulti-tenantenvironmentlikeapubliccloudisthepotentialforoneuser’sconsumptiontoimpactadjacentusers.Privatecloudshavegreatercontroloverthis“noisyneighbor”problemduetotheirabilitytodefineandenforceusagepoliciesforallworkloads.

CapacityManagementUnlikethemassivescaleandcapacityofpublicclouds,privatecloudcapacitymustbeplannedandbuiltoutinadvanceofdemand.Asaresult,privatecloudsdonotofferthesameelasticityandOpExflexibilityaspublicclouds.

6


2.2.3 HybridTherespectivebenefitsandchallengesofpublicandprivatecloudsleadsomeorganizationstoadoptahybridcloudapproach.Hybridcloudsmixpublicandprivatecloudservicestosatisfydifferentworkloadsandapplicationrequirements.Forexample,organizationsmayusepubliccloudfordev/testenvironmentswhiledeployingproductionworkloadsonaprivatecloud.

TheclouddeploymentmodelsaresummarizedinFigure3.

Figure3CloudDeploymentModels

2.3 PotentialCloudBenefitsforP&CInsuranceTheP&Cinsuranceindustryisfacingrapidchange,includingconsumerexpectationsforfasterserviceandon-demandaccess,competitivepressuresinnewandexistingmarkets,andincreasedregulatoryandsecurityrequirements.Atthesametime,ITorganizationsfaceconstantdemandstolowercostswhileintroducingandsupportingnewproductsandservices.Cloudcomputingoffersseveralwaystoimproveapplicationdeliveryandresiliencywhileloweringcosts.

2.3.1 LowerTCOOn-premisesinfrastructuretypicallyconsistsofdiscretesourcesofcapacity—servers,storagearrays,networkswitches,andsoon.Evenwhentheseresourcesarevirtualized,theyhavefinitelimits.Asaresult,mostapplicationdeploymentsinvolveaninitialsizingexercisedfollowedbyacapacitybuild-outinanticipationofdemand.Newproductionapplicationenvironmentsareusuallysizedforanticipatedpeakload.Ifactualpeakloadishigherthananticipated,performanceand(byextension)user

7


experiencesuffer.Despiteaccuratecapacityestimates,applicationloadsalmostalwaysvaryovertime.Atoff-peaktimes,resourcesareunderutilized.

AsdepictedinFigure1,cloudcapacityishighlyelastic.Becauseresourcesareavailableondemand,capacitycanbequicklyaddedandremovedasloadchanges.Automaticscalingofresourcesmeansthatsystemscanbesizedforminimumloadandthenscaledupanddownasneeded.Serversizescanalsobeeasilyadjustedpost-deployment.ByincorporatinghorizontalscalingofInsuranceSuiteapplicationclusters,Guidewirecustomerscangroworshrinkcapacityinresponsetodemand.Capacityoptimizationreducesoperationalcostsandenablesscalabilityoverawiderrangeofloads.

Thesameistrueforstorage.Astoragevolumeonatypicalenterprisestoragearrayconsistsofoneormorestoragecontrollerswithdatacaching,disksforstorage,disksforredundancy,andhot-sparedisksincaseofafailure.Asaresult,usablespacecanbelessthanhalfofpurchasedcapacity.Withcloudstorage,usersprovisionvolumesbasedonactualspaceandperformancerequirements.

Non-productionenvironmentsareanotherpotentialsourceofsavings.CapacitycanbedifficulttoobtainwithtraditionalIT,sodevelopersareoftenreluctanttodecommissiondev/testenvironmentsafterinitialdevelopment.Becausethecloudenablesuserstoquicklyprovisionanddecommissioncapacity,thishoardingmentalitycanbeeliminated.Andsinceenvironmentscanbeappropriatelysizedforthecurrenttask,usageandcorrespondingcostscanmorecloselymatchactualneed.

Networkandtelecomcostsareanotherareaforpotentialsavingswithapubliccloud.Company-ownedfacilitiesrequirenetworkconnectivityfromoneormoretelecommunicationsproviders.Aswithapplicationload,circuitcapacitymustbeestimatedinadvance.Forapplicationsentirelyinthecloud,networkingistheresponsibilityofthecloudserviceprovider.Costsarebasedondatatransfer—oftenlimitedtoegresstrafficonly—andreflectactualusage.

Useofpubliccloudservicesalsoreducesadministrativeoverhead.Costsforfacilities,deployment,basicsystemsadministration,maintenanceandrepair,andhardwarerefreshareallincluded.ThisenablesITdepartmentstoshiftfromapredominantlybusiness-as-usual(BAU)focustomoreofaconsultativepartnerrelationshipwiththebusiness.

2.3.2 ImprovedUserExperienceCompaniesthatservegeographicallydisperseduserpopulationsfromoneorafewlocationsoftenencounterapplicationperformancechallengesduetonetworklatency.Useofcontentdistributionnetworks(CDNs)canhelpwithstaticcontent,butdynamiccontentsuchasdatabaselookupsorreal-timedatafeedscanstillbeproblematic.

Largecloudserviceprovidersoperateinmanylocationsaroundtheworld.Theycanmakeiteasiertodeployapplicationsinmorelocationsandclosertomajoruserpopulations.Betterapplicationperformancetranslatesintomoreproductivebusinessusersandanimprovedend-userexperienceforcustomers.

Additionally,publiccloudproviderscanserveasintegrationhubsfordatafeedsandserviceinterconnections.Systemsthatarelinkedincommonlocationsoveroptimizedconnectionpointsperformsignificantlybetterthanonesspreadacrossmanydisparatelocations.

2.3.3 GreaterBusinessAgilityIntraditionalITenvironments,bringingadditionalcapacityonlinecantakeweeksorevenmonths.Thisaddssignificantbusinessdragandcanresultinfewernewbusinessinitiatives.ForGuidewirecustomers

8


thatareimplementinganewapplication,thetimespentoninitialinfrastructurebuild-outcanbeasignificantproportionoftheoverallprojecttimeline.

Cloudservicesemployend-to-endautomationtoenablesoftware-definedinfrastructure.Thisenablessystemsandenvironmentstobeprovisionedinminutesinsteadofmonths.ThedifferenceisillustratedinFigure4.

Figure4Time-to-CapacityComparison

Rapidavailabilityofcapacitycanbenefitthebusinessinmultipleways.Developerscanspendlesstimewaitingforenvironmentsandmoretimeworkingonnewcapabilitiesorintegrations.Businessownerscanbringnewlinesonlinefaster.

2.3.4 IncreasedCostTransparencyOwnedphysicalsystemssuchasserversandenterprisestoragearraysmayhavemanyusers.Thismakesitdifficulttoassignchargesbasedonusage.Manyorganizationsthatattempttoimplementchargeback/showback/shamebackschemesfindthechallengetoogreatandeventuallygiveup.

Cloudcomputingiscomposedofdiscreetservices.Userspayonlyforwhattheyuse,andusageiscloselymetered.Assignmentandtrackingofcharges—and,byextension,chargeback—ismucheasierwithcloudresources.Andbecauseusageisproportionaltodemand,cloudcostchangescangenerallybetiedtospecificevents.

9


Byexposingtheactualcostsofcloudserviceusage,businessmanagerscanmoredirectlyencourageanddriveresponsibleusage.Theycanalsoidentifyandexposeareasofwastealongwithopportunitiesforcostsavings.

2.3.5 ImprovedSecurityandComplianceThereisacommonmisperceptionthatpubliccloudservices,becausetheyaremulti-tenant,arelesssecurethanowneddatacenters.Infact,mostcloudserviceprovidersdevotemoretime,personnel,andresourcestosecuritythananyotherenterprise.Cloudserviceprovidersundergoawiderangeofsecuritycertificationsandareabletoprovideappropriateattestationstoauditorsandcomplianceofficers(fordetails,seeSecurityinsection3).

Encryptionofcloud-baseddatacanbeaseasyasselectingacheckboxwhenprovisioninganewvolume.Encryptionofdatain-transitissimilarlysimple.Encryptionkeymanagementisoftenavailableaswell,alongwithcertificatemanagement,identityandaccessmanagement,andothersecurity-relatedservices.Inaddition,geo-diversesourcesofcapacityenableuserstoenternewmarketsmoreeasilywhilemaintainingcompliancewithdatasovereigntyrequirements.

2.3.6 SimplifiedDisasterRecoveryFortheP&Cinsuranceindustry,disasterpreparednessisacrucialconcern.Widespreaddisastersarepreciselywheninsurersareneededmost.Applicationsthataccesspoliciesandprocessclaimsmustberesilient.

Foron-premisesdeployments,disasterrecovery(DR)involvessettingupduplicatesystemsinasecondarylocationandperiodicallyreplicatingdata.Systemconfigurationandcapacitymustmirrorprimarysystemscloselyenoughtobebroughtonlinequickly.Thiscapabilitycanmorethandoublethecostofapplicationinfrastructure.Failovertoanalternatesiteoftenreliesonmanualprocesses.

Becausepubliccloudprovidersoffercapacity-on-demandinmultiplelocations,theycangreatlysimplifyDRplanningwhilereducingDRcosts.Duplicateenvironmentscanbeconfiguredinsecondarylocationswithminimumratherthanfullcapacityrequirements.Asdataisreplicated,itcanbeautomaticallystagedandingestedtobereadyifneeded.Ifatriggeringeventoccurs,processingcanbeautomaticallyshiftedtothealternatesite.Capacityatthesecondarysitecanthenbeauto-scaledtomeetthefullload.Cloudservicesandtoolscanbeconfiguredtoautomatedatareplication,failover,capacityscaling,andnetworkaddressresolution.

2.4 PotentialCloudChallengesforP&CInsuranceBecausecloudcomputingrepresentsanewwayofconsumingITservices,itrequiresadifferentapproachtoapplicationdesign,deployment,consumption,andmanagement.Thefollowingaresometypicalchallengesandthingstoavoidwhenadoptingcloudtechnologies.

2.4.1 LackofCloudSkillsandMindsetAlthoughcloudcomputingisgrowinginmaturityandadoption,thedemandforexperiencedclouddevelopersandadministratorsstilloutpacesdemand.Manyorganizationsattempttomovetocloudcomputingwithexistingstaffandprocesses,oftenwithoutadditionaltraining.Asaresult,ITstafffrequentlytakeasimple“liftandshift”approachwhenmovingon-premisesworkloadstothecloud.Theysimplyreplicateon-premisesvirtualserverswithequivalentlysizedcloudinstances.Theycontinuesizingdeploymentsformaximumanticipatedworkloadratherthantakingadvantageofautomaticscaling.Theymayalsoextendexistingmanagementutilitiesandtoolstoclouddeployments.

10


Whenthishappens,theresultsareusuallydisappointing.Actualcostsavingsmaybefarlessthanprojections.Andiforganizationsdon’timplementuserself-service(oneoftheessentialcloudcharacteristicslistedinsection2.1),userswilllikelyfindthatdeploymenttimesremainfrustratinglylong.Inresponse,usersmaycontinuetocreateunsanctionedpocketsof“shadowIT2”thatbypasstheofficialITorganization.

Tobefullysuccessful,aswitchtocloudcomputingrequiresachangeofapproachtoIT.Cloudcomputingisfundamentallybusinessfocused.RatherthanthinkingofITintermsoftechnologies—servers,storage,networking,software—businessownersneedtodefinerequirementsintermsofworkloadsandusagevolumes.ThisshiftmakesanycomparisonbetweentraditionalITandcloudcomputingdifficultbecausetheyarebasedondifferentcriteria.Businessleadersmustfocusonthetotalcostofapplicationandservicedeliveryratherthanoncloudcomponentcosts.

2.4.2 LackofAutomationManyorganizationsrequireallITrequeststobefunneledthroughahelpdeskprocess.Requestsmaythenbesubjectedtoextensivereviewandapprovalprocesses,afterwhichtheyaresplitintoaseriesofsubtasks.Eachsubtaskmaybeownedbyadifferentgroup.ThevarioustypesofautomationrequiredareshowninFigure5,whichdepictstheGartnerAutomationClock.Sowhileautomationmayexist,unlessitisintegratedandend-to-enditwillstillbesubjecttomanualhand-offsanddelays.

Figure5GartnerAutomationClock

Insteadofone-offdeployments,applicationdeploymentandintegrationneedtobefullyautomatedthroughthecreationofreusabletemplates.Theprovisioningofcloudcomponentservicesisalreadyhighlyautomated.Thismodelneedstobeembracedandextendedthroughouttheapplicationstackand

2https://en.wikipedia.org/wiki/Shadow_IT

11


lifecycletobefullyeffective.Onceitisinplace,fullautomationdeliversonthecloud’spromiseofgreaterbusinessagility.

2.4.3 InsufficientOversightEaseofuseandrapidtime-to-capacityaretwoofcloudcomputing’smostappealingbenefits.However,whenusersaregiventheabilitytoconsumeresourcesondemand,demandfrequentlyincreases.Theresultis“cloudsprawl,”whereusersprovisionmoreandmoreenvironments,oftenwithoutshuttingdownolderones.ThisbehaviorhasitsoriginsintraditionalIT,wherecapacityishardtoobtain.

Inresponse,organizationsmustimplementdetailedcostandusageoversighttomakeconsumersawareoftheimpactoftheirusageandtodrivemoreresponsiblebehavior.Thefollowingapproachesareespeciallyimportant.

Chargeback/Showback/ShamebackUsersandtheirmanagersneedtoseehowmuchtheirconsumptioniscosting.Responsiblebehaviormustbeencouragedandrewarded.

AutomaticExpirationRatherthanrelyingonuserstoremembertoshutdownunneededsystems,allnon-productionsystemsshouldbeconfiguredwithafiniteservicelifetime.

RegularReviewsIT,engineering,andbusinessownersshouldmeetregularlytoreviewusagetrendsandestablishfuturecapacityprojections.

2.4.4 FalseComparisonsCostcomparisonsforon-premisesversuscloudcomputingoftenfailtoproducealike-for-likeresult.Manycomparisonsfocusoncloudequivalentstoexistingcapitaloutlayssuchasservers,storagearrays,andnetworkinggear.Forexample,howmanycloudinstancesofagivensizeequalaparticularphysicalserver?Becausecloudusageisvariable,thesecomparisonsoftenassumeconstantutilizationwhenactualusageislower.Ortheymayfailtoincludediscountsforpre-purchasedreservedcapacity.

Comparisonsmayalsoneglectconsiderationssuchassystemsrefreshcycles.Cloudinfrastructureisconstantlybeingrefreshedwiththemostcurrent(orevenspecialized)gear.Thisprocessishandledautomatically,whereasinon-premisesenvironmentsitcanbebothdisruptiveandcostly.

Asdiscussedinsection2.3.1,cloudservicesincludesystemsadministrationcoststhatcanconsumesignificantresourcesinon-premisesenvironments.Manycomparisonsfailtoincludethesecosts.

Inaddition,costcomparisonsoftenexcludefactorssuchasserviceavailabilityanddisasterrecoverycapabilities.Mostcloudservicesaredeliveredfromstate-of-the-artdatacenterswithbuilt-inredundancy.Socomparingthecostof,say,asingle10GBnetworkportonanownedswitchwitha10GBcloudcircuitfailstoaccountforthehighlyredundantnatureofthecloudservice.

Finally,theavailabilityofcloudcapacityinmanylocationsaroundtheworldmayoffersignificantadvantagesoverowneddatacentersintermsofoperatingcosts,licensing,equipmenttariffs,andadministrativepersonnel.

12


2.5 ArchitectingfortheCloudFormanyyears,enterpriseapplicationdeliveryhasinvolvedprocurement,deployment,operation,andsupportofon-premisesITinfrastructure.IToperations—whethercompanymanagedoroutsourcedtoservicepartners—isoftenbrokenoutbyspecifictechnicalexpertise.Figure6isatraditionalIToperationsorganizationalchart.

Figure6TraditionalITOrgChart

Thisspecializationbyfunctionaldisciplineleadstoorganizationalsilos.Asaresult,ownershipfornewdeploymentscanchangemanytimesbetweeninitialrequestandrelease-to-production.Recallthatrequestfulfillmentinsuchenvironmentsisoftenmeasuredinweeksandmonths(seeFigure4).

Bycontrast,cloudcomputingconsistsofacatalogofpre-definedserviceswithfullyautomatedprovisioninganddelivery(Figure7).Enduserscanselectandprocuretheservicestheyneedinminutes.

Figure7ServiceCatalogforAmazonWebServices

ChiefInformation

Officer

ITApplications InformationSecurity ServiceDesk ITProcurement ITOperations

DataCenterTeam

FacilitiesManagement

CapacityPlanning

ServerTeam

WindowsAdmin

UNIX/LinuxAdmin

StorageTeam

StorageAdmin

Backup&Recovery

NetworkTeam

LANAdmin

WAN&MobileAdmin

DatabaseTeam

DatabaseAdmin

DataWarehouse&Reporting

OpsEngineering

TechnologyEvaluation

Tools&Utilities

NetworkOperationsCenter(NOC)

OperationsReporting

Monitoring&Alerting

13


Thisservices-basedapproachfundamentallychangesthewayITisstructuredanddeployed.Itshiftsthedesignbasisfromboxestoservices—whichcanbebothliberatingandconfusing.WhendeployingGuidewireInsuranceSuite9inacloudenvironment,usersneedtounderstandandtakefulladvantageofcloud’sservices-baseddeliverymodel.

14


3 SelectingaCloudServiceProviderThisdocumentassumesthatGuidewireInsuranceSuitewillbedeployedinapubliccloud.Manyfactorsinfluencethechoiceofaclouddeploymentmodel.Whilepubliccloudcomputing’spromiseofnear-limitlesscapacityandpay-as-you-gobillingmaybeappealing,itisnotsuitableforallsituations.Functionalorregulatoryrequirementsmaymakeaprivatecloudabetteroptionforsomeworkloads.Insuchsituations,organizationswillstillgainmanyofthesameagilityandelasticitybenefitsthatpubliccloudsoffer.Theeconomicsarelikelytobedifferent,however,sinceinfrastructuresystemsmustbesized,purchased,deployed,andmanagedinternally.

Afteradecisionhasbeenmadetouseapubliccloud,thenextstepistopickoneormorecloudserviceproviders(CSPs).AlthoughCSPofferingsmayappeartobeverysimilar,therearesignificantdifferences.Eachprovideroffersauniquemixofservices,locations,pricing,andothercapabilities.ThissectioncoversimportantfactorstoconsiderwhenchoosingacloudproviderforInsuranceSuite.

3.1 ServicesCloudcomputingdeliversITasacollectionofservices,manyofwhichhavephysicalanalogssuchasservers,storagearrays,andnetworkdevices.Otherservicesfunctionhigherupintheapplicationstackandmayextendintospecificdomainssuchasdataanalyticsandend-usercomputing.ThissectioncoverscloudservicesthatarerequiredtorunInsuranceSuiteinapubliccloud.

3.1.1 IaaSServicesGuidewireInsuranceSuiteisdesignedwithalayeredarchitecture.ITinfrastructureformsthebaselayeronwhichapplicationsarebuiltanddelivered.

Figure8InsuranceSuiteLayeredDesign

WhenInsuranceSuiteisdeployedinthecloud,infrastructureconsiderationsinclude:

• Compatibility:SystemsmustsupporttheGuidewirePlatformSupportMatrix,whichspecifiestheapplicationstackonwhichIS9runs.Thisincludesoperatingsystems,relationaldatabasemanagementsystems(RDBMS),applicationservers,andrelatedcomponents.Whendesigningforacloud-baseddeployment,itisimportanttoensurethatbaseservicesandinstancetypesarefullyfunctionalandsupportedbytherespectivesoftwarevendors.

15


• Capacity:Systemsmustbesizedtomeetprojectedtransactionvolumeanduserexperienceneeds.Cloudcomputingtypicallyoffersmanyinstancesizesforcomponentservices,resultinginconsiderableflexibility.Thechoiceofverticalscaling(largersystems)versushorizontalscaling(moresystems)affectsperformance,scalability,resilience,andcost.Ifavailable,historicalloadpatternsareveryhelpfulinestablishingcapacityneedsforInsuranceSuite.Thevariationbetweentypicalbaseandpeakloadsisparticularlyimportant.

• Performance:Themulti-tenantnatureofcloudcomputingmeansthatmuchoftheunderlyinginfrastructuremaybeshared.Thiscanresultinperformanceissuesifa“noisyneighbor”startsrunningaresource-intensiveworkload.ManyCSPsofferservicetierswithdifferentlevelsofqualityofservice(QoS).Someofferdedicatedresourcesorevenbare-metalenvironments.Whencustomersdeployacloud-basedIS9environment,Guidewirestronglyrecommendsperformingrepresentativeloadstresstestingtoensurethatthesystemcanhandlealloperationalrequirements.

• Availability:High-availabilitydesignseekstoreduceoreliminateapplicationdowntimeintheeventofthefailureofunderlyinginfrastructure.WhendeployingInsuranceSuite—whetheron-premisesorinthecloud—itisimportanttoplanforcomponentfailuresandtotakestepstomitigatetheirimpact.

MostCSPsdeliverservicesfromtheirowndatacenters.Althoughgenerallybuilttoveryhighstandards,thesedatacenterscanstillexperiencefailures.Toreducerisk,manyCSPsoperatemultipledatacenterswithineachgeographicregionwheretheyhaveapresence.Thisenablescustomerstodesignhighlyavailableinfrastructureacrosseachdeploymentlocation.Guidewirerecommendsdeployingsystemsacrossmultiplelocationstomeetbusinesscontinuityanddisasterrecover(BC/DR)requirements.Businessobjectivesandphysicaldistanceswilldeterminewhetheranactive-activeoractive-passivedesignismostappropriate.

3.1.2 PaaSServicesPlatformasaService(PaaS)extendsInfrastructureasaService(IaaS)withmiddlewareandframeworkstoformanapplicationdevelopmentanddeliveryenvironment.WikipediadefinesPaaSasfollows3:

“Platformasaservice(PaaS)isacategoryofcloudcomputingservicesthatprovidesaplatformallowingcustomerstodevelop,run,andmanageapplicationswithoutthecomplexityofbuildingandmaintainingtheinfrastructuretypicallyassociatedwithdevelopingandlaunchinganapp.”

Althoughthisdefinitionseemsstraightforward,thedistinctionbetweenwhatisandisnotaPaaSenvironmentisfarfromclear.NearlyallIaaSprovidersaugmenttheirbaseofferingswithservicesthatenableapplicationdelivery.Ultimately,thedefinitionofPaaSislessimportantthantheabilitytomeetspecificrequirements.IntermsofGuidewireapplications,anyclouddeliveryplatformmustbeabletosatisfytherequirementsoftheInsuranceSuite9PlatformSupportMatrix.

3.2 LocationsCloudserviceprovidersdeliverservicesfromtheirdatacenters.Somehaveoperationsinasinglecountry,someareregional,andsomeareglobal.ThelocationswhereCSPsoperateisanimportantselectioncriterionforthefollowingreasons:

3https://en.wikipedia.org/wiki/Platform_as_a_service

16


PerformanceBecauseapplicationlatencyisafunctionofdistance,itisimportanttochooseCSPsthatarephysicallyclosetomajoruserpopulations.

RegulatoryRequirementsDatasovereigntyandgovernancerequirementsmayplacerestrictionsonthephysicallocationwhereuserandapplicationdataismaintained.

VendorManagementItispossibletochoosedifferentCSPsineachdeploymentlocation.Whilethismayprovidelocaladvantages,itresultsingreatervendormanagementoverhead.Choosingasinglevendoroffersconsolidatedbillingandcontractnegotiations.

AvailableServicesFormostmulti-siteCSPs,servicesandcapacityvarybylocation.Somesitesmaybemajorcapacityhubsforaregionorcountry,whileothersmaybeedgelocationswithlimitednetworkanddataservices.

3.3 PricingPubliccloudeconomicsrelyheavilyoneconomiesofscale.Thehandfulof“hyperscale”CSPsinvestbillionsofdollarsincloudinfrastructureeachyear.Providerswithlargerdeploymentscangenerallyspreadtheircostsacrossmoreusersandofferlowerpricesthansmallregionalproviders.Thisdeliverssignificanteconomies.Italsodrivesongoingcompetitionthatresultsinlowercostsforusers.Althoughlowerpricesareappealing,servicecostscanvaryconsiderablybetweenlocations.Servicesinregionswithhighlocalelectricityandinfrastructurecosts,forexample,canbemuchmoreexpensive.CustomersshouldcomparepricingofallcloudservicesandalldeploymentlocationswhenyoucreatecostmodelsfordeployingandoperatingInsuranceSuiteinapubliccloud.

3.4 AvailabilityandSLAsMostcloudserviceprovidersofferservicelevelagreements(SLAs)basedontheavailabilityofunderlyingservices.TypicalSLAstargetuptimebetween99.8%and99.95%.Whilethismaysoundattractive,it’simportanttounderstandthatpenaltiesforfailuretomeettheseSLAsisalmostalwayslimitedtoservicecredits.CSP’sdonotreimbursecustomersforbusinesslossesresultingfromservicedowntime.ThismakeshighavailabilityarchitectureparticularlyimportantwhendeployingInsuranceSuiteinthecloud.

AvailablecapacityisanotherfactortoconsiderwhenselectingaCSP.Businesscontinuityanddisasterrecovery(BC/DR)planninginvolvesavoidingorminimizingdisruptiontoservice.Intheeventofacatastrophicregionalevent,businessesmayplantotransferoperationstocloudservicesinanothergeographicregion.Butiftheincidentiswidespreadandaffectsmanybusinesses,demandinthealternateregioncanquicklyexceedsupply.SomeCSPsofferguaranteedcapacityforcertainservicetypes.Examplesincludedeploymentondedicatedorbare-metalservers,orthepurchaseofreservedcapacityforacontractedperiodoftime.

3.5 SecuritySecurityofdataandapplications,whetheron-premisesorinthecloud,isamajorconcernfororganizations.AllmajorCSPsoffersecuritycertificationsforareasrelevanttothesefunctions,asillustratedinFigure9.

17


Figure9ExamplesofCloudProviderSecurityAttestations

ManyCSPsalsoofferlocation-andindustry-specificattestations.TheCloudSecurityAlliance4offersmanyresourcesforunderstandingandassessingthesecuritycapabilitiesofcloudservices.

Whenevaluatingeachcloudserviceprovider’ssecuritycapabilities,youshouldcheckwhenattestationswherecertifiedandhowfrequentlytheyareupdated.ThefollowingsectioncoverssomesecurityareasthatareparticularlyimportantwhenchoosingaCSPtohostInsuranceSuite.

3.5.1 ISO/IEC270xxPublishedbyajointsubcommitteeoftheInternationalOrganizationforStandardization(ISO)andtheInternationalElectrotechnicalCommission(IEC),theISO/IEC27000familyofstandardsoutlineshundredsofcontrolsandcontrolmechanismstohelporganizationsofalltypesandsizeskeepinformationassetssecure.Theseglobalstandardsprovideaframeworkforpoliciesandproceduresthatincludealllegal,physical,andtechnicalcontrolsinvolvedinanorganization’sinformationriskmanagementprocesses.

3.5.2 ServiceOrganizationControls(SOC)TheSOCframeworkhasbeendevelopedbytheAmericanInstituteofCertifiedPublicAccountants(AICPA)asastandardforcontrolsthatsafeguardtheconfidentialityandprivacyofinformationstoredandprocessedinthecloud.ThisalignswiththeInternationalStandardonAssuranceEngagements(ISAE),thereportingstandardforinternationalserviceorganizations.

4https://cloudsecurityalliance.org/

18


ServiceauditsbasedontheSOCframeworkfallintothefollowingtwocategoriesthatapplytoin-scopecloudservices:

• SOC1audit:ForCPAfirmsthatauditfinancialstatements,SOC1auditsevaluatetheeffectivenessofaCSP’sinternalcontrolsthataffectthefinancialreportsofacustomerusingtheprovider’scloudservices.TheStatementonStandardsforAttestationEngagements(SSAE16)andtheInternationalStandardsforAssuranceEngagementsNo.3402(ISAE3402)arethestandardsunderwhichtheauditisperformedandformthebasisofaSOC1report.

• SOC2audit:BasedontheAICPATrustServicePrinciplesandCriteria,SOC2auditsmeasuretheeffectivenessofaCSP’ssystem.AnAttestEngagementunderAttestationStandards(AT)Section101isthebasisofSOC2aswellasSOC3reports.

3.5.3 Industry-SpecificRequirementsCSPsmayofferadditionalindustry-specificcertificationsforthepartoftheapplicationthattheycontrol.Forexample,someCSPsofferHIPPAattestationsforU.S.-basedhealthcaredata.Othersoffergovernment-specifichostingcapabilities.Suchcapabilitiescansimplifyauditandgovernancereporting.

3.6 IndustryExpertiseThedeliveryofinfrastructureservicesisacorecapabilityforallCSPs.Insuranceindustryexperience,ontheotherhand,variesconsiderablyamongproviders.Thismaybeanimportantconsiderationwhenchoosingacloudprovider.Avendorthatunderstandstheindustrywillbebetterabletoanticipateneedsanddeliverservicesthatalignwithinsurerrequirements.Factorslikedatasovereignty,compliance,andavailabilityofinsuranceecosystempartnersmayjustifytheselectionofonevendoroveranother.

TheGuidewireInsuranceCloud™Solutionspartnerprogram5isanotheroptionforcompaniesthatwanttorunInsuranceSuiteinthecloud.TheprogramauthorizesselectGuidewireconsultingpartnerstodelivercloudsolutionsthatcombineGuidewireproductswiththeirowndifferentiatedcontentandservicesalongwithcomplementarythird-partysystemsforpropertyandcasualty(P&C)insurers.

EachGuidewireInsuranceCloudSolutionspartnerpackagesitsofferingstomeettheuniqueneedsofinsurers.TheythendeliverandmaintainthesolutionsinhostedenvironmentstoenableP&Cinsurerstoreplacetheirlegacysystems,transformtheirbusinesses,andoptimizecosts.

3.7 MarketplacesandDatasetsInadditiontotheirownserviceofferings,mostlargecloudserviceprovidersmaintainmarketplacesofservicesfrompartnersoperatingontheircloudplatform.Thesemarketplacesincludepre-configuredapplications,tools,andutilitiesthatcanbequicklydeployed.Someservicesarefree;othersofferconsumption-basedpricing.Thesemarketplacescanofferspeedandconvenienceforcustomersseekingcomplementaryservices.Forexample,afirewallthatsupportssessiondrainingisdesirablewhendeployingInsuranceSuite.IftheCSP’sloadbalancerdoesnotsupportthiscapability,alternativecloud-basedcommercialloadbalancersmaybeavailableintheCSP’smarketplace.

ManyCSPsalsoofferaccesstobothpublicandprivatedatasets.Somearefreewhileothersarepaid.Examplesincludecensusdata,address-verificationdata,geographicinformationsystemdata,and

5https://www.guidewire.com/partners/insurancecloud-solutions

19


consumerdemographics.Bypublishingthesedatasetsinthecloud,theCSPsimplifiesdataaccessandmanagementwhilepotentiallyreducingdatastorageandaccesscosts.

SeveralGuidewireservicesanddatasourcesalreadyruninthecloud.TheirintegrationwithInsuranceSuitecoreapplicationsformsadigitalsupplychainbuiltofservices,asillustratedinFigure10:

Figure10GuidewireInsurancePlatform™

20


4 CloudDeploymentConsiderationsThissectionprovidesconsiderationsforrunningGuidewireInsuranceSuite9(IS9)inacloudenvironment.WhilesomeaspectsarespecifictoIS9,muchoftheinformationisbroadlyapplicable.Thegoalsaretoensuresuccessfulapplicationdeploymentandtomakeoptimaluseofcloudcapabilities.

4.1 Cloud-ReadyFeaturesinInsuranceSuite9InsuranceSuite9deliversacompletesetofcoreprocessing,digitalengagement,anddataanalyticscapabilitiestosupportcriticalbusinessrequirements.Itcanbedeployedbothon-premisesandinapubliccloud.TheIS9designincludesthefollowingfeaturestosupportclouddeployment.

4.1.1 ImprovedScalabilityHorizontalscalabilityenablesanapplicationtoincreaseordecreaseresourcesbasedonload.IS9improveshorizontalscalabilitybyprovidingtheabilitytoquicklyadjustthenumberofnodes,servers,orinstancesinacluster.Serverresourcescanbeautomaticallyincreasedinresponsetoloadwithoutapplicationinterruption.Similarly,resourceusagecanbescaleddownasloaddecreases,therebyfreeingresourcesandreducingoperationalcosts.

4.1.2 NewClusteringManagementAclusterisagroupofserversandotherresourcesthatactlikeasinglesystemandenablehighavailability,loadbalancing,andparallelprocessing.Clusterscanperformmultiplecomplexinstructionsbydistributingworkloadsacrossallconnectedservers

PreviousversionsofInsuranceSuitereliedonUDPmulticastforclustercommunications.However,mostcloudprovidersdon’tsupportmulticast.Initsplace,IS9usesapluggableclusteringoptionthathandlesserver-levelmessagingthroughthecentraldatabase.

4.1.3 RedesignedServerProcessingIS9introducesserverrolestoimproveworkloaddistributionacrossclusters.Themappingofrolestoserversisspecifiedeitherintheserverregistryoraspartoftheinitialsystemsetup.

Theredesignofservermanagementaroundrolesintroducesalayerofabstractionthat:

• Permitsadministratorstorestrictthetypesofworkloadsthatrunonaparticularserver• PreventsserversthathostUIservicesfromrunningCPU-intensivebackgroundtasks• Addsservercapacityforonlyspecifiedworkloads

Theresultison-demandprovisioningofjobs,improvedfaulttolerance,andbetterrequest-processingperformance.Inaddition,thesinglebatchservernodeofpriorversionshasbeenreplacedwithabatchrolethatcanbesharedacrossmultiplenodes,thusaddingresiliencyandflexibility.

4.2 CloudDesignPrinciplesCloudcomputingconsistsofpre-definedservices.Theseservicesareusedasthebuildingblocksofmorecomplexapplicationstacks.Manyofthefundamentalprinciplesofcloud-baseddesignarelaidoutinJamesHamilton’sseminalpaper“OnDesigningandDeployingInternet-ScaleServices.”6Bytaking

6https://www.usenix.org/legacy/events/lisa07/tech/full_papers/hamilton/hamilton.pdf

21


advantageofcloud’sstrengths,applicationscanbemorecost-effective,morescalable,andbetterperformingthantraditionalon-premisesinfrastructure.

Thefollowingarefourimportantstepswhenplanningapplicationdeploymentinthecloud.

1. Identifydifferentworkloadtypesandoperatingmodes:Foratypicalthree-tierapplication,workloadsinclude:

o Awebworkloadformanagingtheincomingconnectionsandinterfacepresentationo Anapplicationserverworkloadforhandlingapplicationlogicanddatabaseinteractiono Ahighlyavailabledatabaseworkloadfordataandquerymanagement.

Workloadscanalsobedividedintoclassessuchasinteractiveandbatch-oriented.

2. Establishoperationalandperformancerequirementsforeachworkload:Workloadsaredefinedbytheirdifferingoperationalneeds.Thesecanincludeavailability,securityandcompliancerequirements,responsetime,andworkloadvariability.Operationalcharacteristicsstronglyinfluencearchitecturalandtechnologicaldecisions.

3. Selectappropriateexecutionlocationsandtechnologiesforeachworkload:Properworkloadplacementisvitalforsuccessfulapplicationdelivery.Insomecases,workloadsmayhavecompetingrequirements.Forexample,highlyinteractiveworkloadsshouldberunincloseproximitytomajoruserbasestominimizelatencyandoptimizeuserexperience.However,dataprivacylawsmayrestrictthestorageofpersonallyidentifiableinformationtoaparticularcountryorgeographicregion.

4. Test,test,test:Evenwhenpublishedreferencearchitecturesexist,specificapplicationdeploymentsneedtobethoroughlytested.Diligenceintestingwillensuredesiredfunctionality,optimalapplicationperformance,andlowest-possibledeliverycost.

4.3 PerformanceandResourceConsiderationsApplicationperformanceisacriticalconsiderationwhendeployingInsuranceSuite.Factorsthataffectperformanceincludesystemresources,networkdesign,andloadcharacteristics.

4.3.1 SystemResourcesOneofcloud’smostcompellingfeaturesisitsabilitytodelivercapacityondemand.Ratherthanbuildingoutinfrastructurebasedonanticipatedcurrentandfutureneeds,cloudenablesuserstoscaleresourcesasneeded.Cloudalsoenablesadministratorstoadjustandoptimizeserviceelementsovertime.

ComputeResourcesCloudprovidersoffermanytypesofservervirtualmachines(VMs).VMvariablesincludenumberofCPUs,amountofrandomaccessmemory(RAM),networkbandwidthandqualityofservice(QoS),typeandcapacityoflocalstorage,andoperatingsystem.VMinstancetypesshouldbechosentobestsupporttheworkloadtheywillrun.Withcloudcomputing,VMsizingcanbeadjustedovertimethroughverticalscaling(largerinstances)and/orhorizontalscaling(moreinstances).Scalingiscoveredintheupcomingsection“ScalabilityConsiderations.”

Multi-tenantcloudenvironmentsmayexperienceresourcecontentionissues—oftenreferredtoasthe“noisyneighborproblem.”7Inresponse,somecloudserviceproviders(CSPs)offeravarietyofquality-of-service(QoS)options.Somealsoofferdedicatedorbare-metalservers.Theseareessentiallysingle-

7http://searchcloudcomputing.techtarget.com/definition/noisy-neighbor-cloud-computing-performance

22


tenantenvironments,althoughtheymayshareinfrastructureelementssuchascorenetworkingswitches.

StorageResourcesStorageselectionandconfigurationaffectoverallsystemperformance.Publiccloudstypicallyoffermultipletypesofstorage.Thefollowingareconsiderationsfordifferentstoragetypesinapublicclouddeployment.

• VMinstancestorage:Localinstancestorageistypicallyephemeral.Iftheinstanceisterminated,thestoragegoesaway.Whilethismaybesufficientforstatelessandnon-productionworkloads,othersrequirepersistentstorage.Itisalsoimportanttoselectinstancestoragewithsufficientinput/outputpersecond(IOPS)capability.

• Blockstorage:Cloud-basedblockstoragebehaveslikeastorageareanetwork(SAN)inon-premisesdeployments.StoragevolumescanbeattachedtoasingleVMatatimeandarepersistent.AvarietyofblockstorageoptionsaregenerallyavailablewithdifferentIOPSandthroughputoptions.

• Filestorage:Somepubliccloudvendorsofferfile-basedstoragethatcanbemountedbyoneormoreserverinstancesusingprotocolslikeCIFSandNFS.Inadditiontotheunderlyingstoragetechnology,performanceisaffectedbynetworkbandwidthandlatency.

• Objectstorage:Thisstoragearchitecturemanagesdataanditsassociatedmetadataasobjects.EachobjecthasauniqueURL,andstoragepoliciescanincludecapabilitiessuchasgeographicredundancyanddataretention.BecauseobjectstorageisusuallyaccessedthroughaRESTAPI,applicationsmustsupportthisaccessmethodbeforetheycanuseobjectstorage.Inaddition,thisaccessmethodmayresultinlowerperformanceduetonetworkoverhead.Objectstorageisusuallyfreefromvolumesizelimitationsandcanbeagoodchoiceforworkloadsincludingbigdata,contentdistribution,anddatabackup.

• Otherstoragetypes:Inadditiontotheprecedingstoragetechnologies,somecloudvendorsofferlow-costnear-lineandarchivestorage.Thiscanbeacost-effectivealternativetolong-termtape,optical,anddisk-basedbackupandarchivesystems.

4.3.2 NetworkDesignPubliccloudservicesaredeliveredoveranetwork.Theperformanceofcloud-basedapplicationsdependsonthecapacity,performance,robustness,andsecurityoftheunderlyingnetworkonwhichtheyarebuilt.

Networklatencyandbandwidthcanhaveaprofoundimpactonapplicationperformance.Increasingnetworkbandwidthisrelativelyeasy,butthishelpsonlytotheextentthatbandwidthisconstrained.8Networklatency,ontheotherhand,isdirectlyproportionaltodistance.Ifnetworklatencynegativelyaffectsapplicationperformanceanduserexperience,themosteffectivesolutionistomoveclosertousers.Cloudserviceproviderscanhelpbyofferingcapacityinmultiplegeographicregions.

Ifapplicationinfrastructurehassignificanthorizontalscale(coveredintheupcomingsection“ScalabilityConsiderations”),networkloadbalancers(NLBs)canbeusedtodistributeworktomultiplenodes.Thetypeofloadbalancersuseddependsontheworkload.Forexample,interactiveuserapplicationsoftenmaintainsessionstateandrequiresessiondrainingtopreventuserinterruption.Ontheotherhand,

8MikeBelshe,“MoreBandwidthDoesn’tMatter(much)”,https://goo.gl/61BEQG,2010.

23


webservicesnodesthatprocessrequestsfrominsuranceaggregatorsites,forexample,areessentiallystateless,socomponentnodescanbeaddedandremovedasnecessary.

Finally,mostcloudserviceprovidersofferprivateconnectivityservices.ExamplesincludeAWSDirectConnect,9AzureExpressRoute,10andGoogleDirectPeering.11Somearebasedonlayer2VLANswhileothersrequirelayer3BGPconfiguration.Allofferprivateconnectivitybetweenthecloudserviceprovider(CSP)andtheconsumer.Circuitbandwidthoptionsrangefrom100Mbpsto10Gbps,andmultiplelinkscanbeaggregated.CircuitlatencydependsonthedistancebetweentheaccesspointandtheCSPdatacenter.Inadditiontogreatersecurityandbandwidth,privatecloudconnectivityoftenhassubstantiallylowerdataegresscharges.

4.3.3 LoadCharacteristicsComputingworkloadshavemultiplecharacteristics,allofwhichcanimpactoverallperformance.

Capacity:Resources(compute,memory,storage,networkbandwidth)thatareneededtodeliveraunitofwork(transaction,session,andsoon)withinadesiredperiodoftime

Security:Howinformationisstored,accessed,transmitted,andused(considerationsincludingcompliance,datasovereignty,encryption,andsoon)

Reliability:Theimpactiftheserviceisunavailableforaperiodoftime

Readvs.Write:Theproportionofdatathatisreadfromadatasourcecomparedwithwhatiswritten;hasimplicationsforstoragedesignandcapacitygrowth,andalsoaffectswheredataneedstobelocated

Variability:Theapplicationloadpatternovertime,asillustratedintheFigure11.

Figure11ApplicationLoadPatterns

9https://aws.amazon.com/directconnect/10https://azure.microsoft.com/en-us/services/expressroute/11https://cloud.google.com/interconnect/direct-peering

24


4.4 ScalabilityConsiderationsScalabilityistheabilitytoadjustavailablecapacityinanticipationof,andinresponseto,changesindemand.Thetwomaintypesofscaling—horizontalandvertical—canbecombined.

• Horizontalscalingisachievedbyadjustingthenumberofnodesofagiventype.Forexample,applicationnodescanbeadded,eachrunninganidenticalPolicyCenterapplication,withuserrequestsroutedtothedifferentnodesbyaloadbalancer.

• Verticalscalingisachievedbychangingtheresourcesofanexistingnode.Forexample,moreCPUsareaddedtoanexistingPolicyCenternode(byincreasingCPUcoresfrom2to4).

• Combinedscalingisacombinationofhorizontalandverticalscaling.

Figure12Verticalvs.HorizontalScaling

4.4.1 ScalingInsuranceSuiteintheCloudGuidewireapplicationssupportbothhorizontalandverticalscaling.Workloadsthatcanbedistributedacrossmultiplenodes(suchaswebandapplicationtiers)aregoodcandidatesforhorizontalscaling,whiledatabaseworkloadsgenerallyrelyonverticalscaling.Thissectioncoverscloudscalability,includingtypesandconsiderations.

HorizontalCloudScalingAswithphysicalinfrastructure,cloudcapacitycanbemanuallyaddedandremovedasneeded.Therealpowerofcloudscalability,however,istheabilitytoprogrammaticallyadjustresourcesbasedonload.Thiscapabilityiscalledautomaticscaling(auto-scalingforshort).

Auto-scalingdependsonsystemsmonitoringand/orrulestotriggerdesiredactions.Forexample,workloadscanbemonitoredforCPUandmemoryutilization.Ifausagethresholdisexceededforsomeperiodoftime,thesystemcanscalehorizontallybyaddingmoreserverVMs(scaleout).Byplacingnodesbehindanetworkloadbalancer(NLB),newrequestsaredistributedacrossmoreendpoints.Asloaddecreases,nodescanberemoved(scalein).

HorizontalScalingConsiderationsandBestPracticesAutomaticscalingisaverypowerfulcapability.Usedcorrectly,itcanoptimizeresourceutilizationandcosts.Ifmisconfigured,however,auto-scalingcanresultinrunawayresourceconsumptionand“thescarybill.”Thefollowingaresomeconsiderationsforensuringtheeffectiveuseofauto-scaling.

25


• Workloadcharacteristics:Workloadsthatarehighlyparallelizablearegoodcandidatesforauto-scaling.Thosethatinvolvelargemonolithicprocessesareusuallynot.

• Settingaminimumandmaximumnumberofnodes:Nodeminimumsestablishabaselineofavailablecapacity.Theyalsopreventprocessesfromshuttingdowntoomany—orpossiblyall—nodeswhenloadisverylow.Settingamaximumnumberofnodesisalsoveryimportant.Thispreventsrunawayconsumptionduetoamisconfiguredormalfunctioningmonitor,orresultingfromanexternaleventsuchasadenial-of-serviceattack.Allowingnodeincreaseswithoutapresetmaximumcanresultinmassivecostoverruns.

• Delaytimers.Althoughcloudcomputingoffersrapidelasticity,itstilltakestimetobringupadditionalVMs.Duringsystemstartuptime,monitoringtriggerswillstillindicateinsufficientresourceavailability.Adelayor“cooldown”timerisanauto-scalingfeaturethatwaitsapresetamountoftimeafteratriggereventbeforerespondingtoadditionalscalingevents.

• Effectivescale-down.Whiletherulesforscalingupareusuallyclear,noderemovalfromascalingclustermustbedonewithcare.Scale-downissimplestwithstatelessworkloads.Ontheotherhand,noderemovalforworkloadsthatmaintainsessionorstateinformationcanresultinlostworkandfrustratedusers.Inthelattercase,sessiondraining—essentiallywaitingforallworktocompleteonanodebeforeturningitoff—isagoodpractice.NotallcloudNLBservicessupportsessiondraining.Ifthiscapabilityisneeded,athird-partyloadbalancermayberequired.Manythird-partyloadbalancersareavailableasVMsthatcanberuninthecloud.

VerticalCloudScalingWithmostcloudserviceproviders,userschooseaVMsizewheninstantiatingaserverfromabaseimage.IftheVMneedstoberesized,theprocesscanbeassimpleasshuttingdowntheinstanceandre-creatingitwithalargerorsmallerinstancesize.Persistentblock,file,and/orobjectstorageisre-attached,andverticalscalingiscomplete.Thisprocessrequiresasystemrestart,soitshouldbeperformedduringanapplicationmaintenancewindow.

Somecloudserviceproviders(suchasEMCVirtustream)enabletheverticalscalingofinstancecapacitydynamicallywithnodowntime.

VerticalScalingConsiderationsandBestPractices• Thesystemrootdevicemaybelocal,ephemeralstorageorpersistentstoragemountedat

startup.Forsystemsthatwillbescaledvertically,onlypersistentstorageshouldbeusedfordatathatmustberetainedbetweenscalingevents.

• NotallVMtypesareinterchangeable.Besuretocheckforcompatibilitybeforeattemptingtomigrateaninstance.

• Administratorsshouldperformapplicationperformanceprofiletestingtomakesurethatcapacityscalingofonetierdoesnotadverselyimpactothertiers.

CombinedCloudScalingItispossibletoscalecloudservercapacitybothhorizontallyandvertically.Themostcommonusecasewouldbetoincreasethenodesizeofanauto-scalingcluster.Thiscanbedonewithoutdowntimebychangingtheauto-scalingnodeconfiguration.Newnodescanbeintroducedandoldnodescanberemoveduntilallnodeshavethenewconfiguration.Aftertheprocessiscompleted,thenumberofnodesinthegroupcanbeadjustedbasedonthenewcapacity.

26


CombinedScalingConsiderationsandBestPractices• Itisgenerallydesirableforallnodesinanauto-scalinggrouptobeofthesamesize.Forthis

reason,itmaybepreferabletoperformverticalscalingofnodesduringamaintenancewindow.• Auto-scalingtriggersaswellasminimumandmaximumnodecountsshouldbereviewedand

adjustedwhenperformingcombinedscaling.

4.4.2 WebUITierScalingChangestobusinessvolumesmayhaveanimpactontheresourcerequirementsofthewebuserinterface(webUI)tier.Becauseofthis,thewebUItierisacandidateforscalingifvolumesarehighenough.

HorizontalScalingSincerequestsforstaticcontent(aswellasloadbalancingandreverseproxythatmaybeperformedatthewebserver)arestatelessinnature,thewebUItiercaneasilyscalehorizontallybyaddingadditionalidenticalnodes.BecausewebserverworkloadsassociatedwithGuidewireproductsaretypicallysmall,theremaybelittleneedtoconsiderhorizontalscalingpastacertainminimumnumberofnodes.ThewebUIserversareusuallyplacedbehindaloadbalancer,andtheydonotstoreanytransactionaldata.Asaresult,horizontalscalingbothinandoutshouldbestraightforward.

VerticalScalingBecausetheworkloadsassociatedwithservingstaticcontentandrequestrouting—thewebserverworkloadsassociatedwithGuidewireproducts—aretypicallysmall,thereislittlereasontoconsiderverticalscalingafterproductionloadrequirementsareestablished.

4.4.3 WebServicesScalingThewebservicestierisusedbyexternalapplicationsforprogrammaticrequestprocessing.

HorizontalScalingHorizontalscalingofthewebservicestiercanbeaccomplishedbyplacingwebserverinstancesbehindaloadbalancerthatacceptsHTTPSrequestsfromexternalapplicationsandthatmakecallstotheGuidewireapplications.Thistierisdeployedinaprivatesubnetandshouldonlyacceptincomingrequestsfromtheloadbalancer.Asnodesareaddedandremoved,theloadbalancerautomaticallydistributestraffictotheavailablenodes.

VerticalScalingWebservernodescanbescaledupordowndependingonbasesystemload.Forexample,iftheminimumnumberofnodesintheclusterarehighlyutilizedmostofthetime,itmaymakesensetoincreasethenodesize.Similarly,ifnodesareverylightlyused,theycanbemadesmaller.

4.4.4 ApplicationTierScalingResourcerequirementsoftheapplicationtierareverysensitivetobusinessvolume.LoadchangestypicallyimpacttheCPUandRAMresourcerequirementsofthistier.

HorizontalApplicationTierScalingTheapplicationtiercanscalewellhorizontallybyaddingadditionalnodesofthesamesizetoanexistingGuidewirecluster.Thiscanbeaccomplishedbycreatinganauto-scalinggroupthatgrowsandshrinksinresponsetodemand.Addingaverylargenumberofnodesincreasestheclusteringoverheadduetoincreasednetworkmessages—mostlyrelatedtonodehealthandcacheeviction.Appropriate

27


configurationoftheclusteringsubsystemcangenerallyremedysuchoverheads,atleastuptoverylargescales.

Scaleoutoftheapplicationtierissimple.Morenodesareaddedbehindaloadbalancer,whichdistributesrequestsacrossavailablenodes.Becauseapplicationserversarenotstateless,scaleinrequiresmorecare.Theenvironmentshouldbeconfiguredwithaloadbalancerthatsupportssessiondrainingandsessionstickiness.Topreventuserinterruption,allin-processsessionsonanodeshouldbeallowedtocompletebeforethenodeisbroughtofflineandterminated.

VerticalApplicationTierScalingVerticalscalingcanbeachievedbychangingtheVMinstancetypeoftheapplicationnodetoonewithmoreappropriateresources(CPU,memory,andsoon).Whenthisisdone,itisgoodpracticetoadjusttheassociatedapplicationJVMsettings.

4.4.5 DatabaseTierScalingDatabasetierutilizationissomewhatsensitivetosignificantbusinessvolumechanges,buttypicallylesssothantheapplicationservertier.

HorizontalDatabaseScalingForOracleimplementations,OracleRealApplicationClusters(RAC)canbeusedforhorizontalscalingbyaddingmultipleRACnodestoaRACcluster.However,despitethefactthatmanycloudprovidersofferreferencematerialsfordeployingOracleRACintheirclouds,thesedeploymentsaregenerallynotcertifiedbyOracle.Oracle’sowncloudistheonlyexception.Todate,GuidewirehasobservedthatOracleRACdoesnotprovidebetteroverallthroughputthananequivalentlysizedsingledatabasenode—probablyduetotheincreasedoverheadoflockingandsynchronizingdataonothernodes.Also,OracleRACisnotsupportedforallGuidewireproductsandversions(refertotheappropriateGuidewireProductSupportMatrix).

VerticalDatabaseScalingVerticalscalingisthepreferredscalingapproachforthedatabasetier.Databasevendorssupportverticalscalingverywell,andthisisthetypicalwaytoaccommodateincreasingdatabaseloads.Moreresources(CPU,memory,disk,IO,andsoon)canbeaddedtoanexistingdatabaseserverinstance.Asofthiswriting,MicrosoftSQLServerandOracleDatabase(non-RAC)supportonlyverticalscaling.

Becausetypicaldatabaselicensingcostsforcloud-baseddeploymentsarebasedonthenumberofvCPUs,verticalscalingmayresultinadditionaldatabaselicensingcharges.

4.4.6 StorageTierScalingStoragetierutilizationissomewhatsensitivetosignificantbusinessvolumechanges,butistypicallylesssothantheapplicationservertier.Changesinbusinessvolumemayimpacttheresourcerequirementsofthestoragetier,butatamuchslowerratethanwiththeapplicationservertier.Certaininfrequentloads,suchasadatabaseupgrade,cansignificantlyincreaseresourceutilizationinthistier.

Cloudvendorsofferarangeofstorageserviceswithdifferenttechnology,performance,andaccesscharacteristics.BlockstorageistheprimarymeansofstoringandaccessingdatainInsuranceSuite.Itisclassifiedintermsofcapacity,input/outputrate(IOPS),throughput,andcost.Ofthesefactors,capacityandIOPShavethemostsignificantimpactonapplicationperformance.

28


HorizontalStorageScalingCloud-basedblockstorageisconfiguredasvolumes.Formostuses,Guidewirerecommendsindividualstoragevolumesforsimplicity.Ifhighercapacityorperformanceisrequired,multiplevolumescanbecombined.UtilitiessuchasOracleAutomaticStorageManagement(ASM)andLinuxLogicalVolumeManager(LVM)canbeusedtomanagemultiplevolumes.RAIDvolumescanalsobeused,althoughtheypresentsomedrawbacks.RAID0isfragile,andsnapshotsrequirecomplexconfiguration;RAID1halvesavailablestoragebandwidth;andRAID5/6loses20%to30%ofusableI/Otoparity.ThetableinFigure13listscommonRAIDconfigurationsandcharacteristicsforAmazonElasticBlockStorage(EBS).

Figure13AWSRAIDConfigurations

Configuration Use Advantages Disadvantages

RAID0 WhenI/OperformanceismoreimportantthanfaulttoleranceExample:Aheavilyuseddatabasewheredatareplicationisalreadysetupseparately

I/Oisdistributedacrossthevolumesinastripe.Ifyouaddavolume,yougetthestraightadditionofthroughput.

Performanceofthestripeislimitedtotheworst-performingvolumeintheset.Lossofasinglevolumeresultsincompletedatalossforthearray.

RAID1 WhenfaulttoleranceismoreimportantthanI/OperformanceExample:Acriticalapplication

Saferfromthestandpointofdatadurability

Thereisnowriteperformanceimprovement.RAID1requiresmoreAmazonEC2toAmazonEBSbandwidththannon-RAIDconfigurationsbecausedataiswrittentomultiplevolumessimultaneously.

VerticalStorageScalingBlockstoragevolumesizecanbedecreasedorincreaseduptothemaximumsetbytheprovider.Vendorsmayormaynotofferprogrammaticwaystodothis.Iftheprocessmustbedonemanually,thetypicalapproachistoperformthefollowingsteps:

1. Createabackupofexistingdatabyusingbackupsoftwareorbytakingasnapshot.2. Createanewstoragevolumewiththedesiredsize.3. MountbotholdandnewvolumestoatemporaryVMinstanceandcopydatafromoldtonew.4. ShutdownthetemporaryinstanceandremountthenewinstancetotheoriginalVM.5. Whenalldatahasbeenverified,deletetheoldvolume.

4.4.7 LoadBalancerScalingChangestobusinessvolumesgenerallydonothaveasignificantimpactontheresourcesneededbytheloadbalancingtier.Althoughincreasingthetransactionvolumesplacesahigherloadontheloadbalancer,production-gradedevices—whenusedtosupportGuidewireapplications—usuallyprovidesomuchexcesscapacitythatperformanceinthistierremainsstableevenatveryhighworkloads.

29


HorizontalScalingAsingleproduction-gradeloadbalancerisnormallysufficienttosupportaGuidewireimplementation.Foraddedredundancy,somecustomersmaynonethelessusemultipleloadbalancers,whicharethemselvestypicallyload-balancedinanactive/activeconfigurationbyaDNSsystemupstream.

VerticalScalingVerticalscalingofaloadbalancer(byaddingmoreCPUorRAMresourcestoit)isusuallynotneeded.

4.5 AvailabilityConsiderationsThissectioncoverstheavailabilityofInsuranceSuiteapplicationswhenrunninginapubliccloud.Availabilityisdefinedasthepercentageoftimethatasystemiscapableofperformingitsintendedfunction.Periodsofunavailability,calleddowntime,arecausedbythelossofoneormorecriticalelementsorsubsystems.Individualelementsthatcancausedowntimeoftheentiresystemarecalledsinglepointsoffailure(SPOFs).RobustapplicationdesignseekstoeliminateSPOFsandtolimitfailuremodes.Italsoincorporatesinstrumentationandactivemonitoringofinfrastructureelementstodetectandrespondtoabnormalconditions.

4.5.1 High-AvailabilityStrategiesFromanapplicationperspective,high-availability(HA)strategiesofteninvolvesomeformofclustering.Clustersizecanbestaticordynamic(dynamicclusterswerecoveredinthesection“ScalabilityConsiderations”).Thepropertiesofcomputerclusters12varydependingontheirobjectives.HAclustersaregenerallyclassifiedintothefollowingcategories.

Active/Active:Strategieswheremultiplenodessimultaneouslyshareworkloadprocessing.Ifonenodefails,theothernodescontinuetoprocesswork.ThisformofHAalsoprovideshorizontalscalability.Guidewireonlinenodesareinthiscategory,asareGuidewiredatabasenodesthatrunOracleRAC(exceptforRACOne).MicrosoftSQLServerAlwaysOnAvailabilityGroupsenableasecondaryread-onlynode,whichisnotfullyactive/active.

Active/Passive(alsocalled“Active/Failover”):Strategieswhereoneormoresecondary(alsocalled“backup”)nodescanreplacetheprimarynodeifitfails.Passivenodesareusuallyonlineatthetimeofthefailure,andthepromotionofafailovernodetoprimarymaybeamanualorautomatedprocess.GuidewiredatabasenodesthatrunonMicrosoftSQLServerorOracleDatabasecanbesetupinanactive/passiveconfiguration.

4.5.2 WorkloadDistributionandPlacementManypubliccloudprovidersoffermultipleservicelocationsorzoneswithinageographicregion.Insuchcases,servicenodescanbedistributedacrossmultiplezones.Thiscanprotectagainstthelossofanindividualzone.However,notethefollowinglimitationsandcautions:

• Lossofazoneresultsindroppedsessionsforactiveusersinthatzone.• Theloadbalancertiershouldbeconfiguredtodistributetrafficacrosszonesbasedonloadand

performancemetrics.Ifazoneislost,theloadbalancershoulddirectallnewtraffictotheremainingnodes.

12Fordetails,seehttps://en.wikipedia.org/wiki/Computer_cluster.

30


• Distributedapplicationtiernodesmuststillcommunicatewithaback-enddatabase.Fortheapplicationtocontinuetofunction,alltiersmustbeabletorecoverfromazonefailure.(Seethesection“HAfortheDatabase”forwaystomitigatethisrisk.)

• Networklatencybetweenzonescannegativelyimpactapplicationperformance.Forthisreason,performancestresstestingshouldbeperformedonanyconfigurationthatdistributesnodesacrossmultiplelocationsorzones.

4.5.3 HAfortheApplicationTierHAforapplicationnodescanbeaccomplishedbydistributingclusternodesacrossmultiplezones.Nodesshouldbedistributedsothatsufficientcapacityremainstohandletheapplicationworkloadifazoneislost.Forexample,iffournodesareneededtohandletheapplicationworkloadandtherearethreezones,aminimumoftwonodesshouldbedeployedtoeachzone.Ifallzonesareavailable,sixnodeswillbeactive.Ifazoneislost,therewillstillbefouractivenodes.Nodescanbepartofanauto-scalinggroupthatscalesoutandindependingonload,withnodesdistributedequallyacrosszones.Theclusterisplacedbehindaloadbalancer,whichdistributesworktotheactivenodes.

4.5.4 HAfortheDatabaseActive/activeHAofthedatabasetiercanbeachievedusinghorizontalscalingwithOracleRAC.OneormoreadditionalRACnodes(buttypicallyonlyone)areaddedabovetherequiredminimum.Theseareclusteredwiththeothernodesandshareworkload,providingactive/activeHA.Somepubliccloudproviders(suchasAmazon)offerdocumentationfordeployingOracleRAC,buttheonlycloudthatOracleofficiallysupportsisOracleCloud.13

Active/passiveisacommondatabaseHAstrategy.GuidewiredatabasenodesthatrunonMicrosoftSQLServerAvailabilityGroups,oronOracleRACinaRACOneconfiguration,areinthiscategory.OracleDataGuardcanbeusedinmostpublicclouds.Whendeployedacrossmultiplezones,DataGuardenablesrapiddatabasefailover.

13Formoreinformation,seehttps://aws.amazon.com/articles/7455908317389540andhttp://www.oracle.com/technetwork/database/options/clustering/overview/rac-cloud-support-2843861.pdf.

31


4.5.5 HAforStorageForapplications,theimpactofdatalosscanbesevere.ThetableinFigure14listscommonwaystomitigatestoragerisk.Additionalinformationisprovidedinthesection“DisasterRecoveryConsiderations.”

Figure14DataProtectionApproaches

Technology ConsiderationsRAIDarrays RAIDtechnologygroupsstoragedevicesintoarraysthatofferimprovedresiliency

and/orperformance.ThevariousRAIDlevelsprovidevaryinglevelsofperformanceandprotection.Someprotectagainstasingledrivefailure,whileotherscanhandlethefailureofmultipledevices.Mostwillincuraperformancepenaltywhenrecoveringfromafailure.Theindependentstoragevolumesinacloud-basedRAIDgroupareusuallyalreadyvirtualized.Managementofcloud-basedRAIDarraysisusuallyperformedbyasoftwareRAIDcontrollerthatispartoftheserveroperatingsystem.SoftwareRAIDisusuallyslowerandhasmorelimitationsthanhardware-basedRAIDcontrollers.

DataBackup Backupandrecoveryservicesarethemostcommonmeansofprotectingdata.Databackuptechnologiesincludetape,disk,andcloud-basedtargets.Abackupapplicationmanagesacatalogofbacked-upfilesandobjects.Italsohandlesdataencryptionandaccess.Manybackupapplicationsareabletoworkwithcloud-basedtargetsfordatabackup.

Snapshots Snapshotsareessentiallyincrementalbackupsofexistingvolumes.Theycapturechangestodatablockssincethelastsnapshotandenablerapidpoint-in-timecaptureofthestateofadatavolume.Mostpubliccloudprovidersofferdatasnapshottingcapabilitiesthatenablerapidcopy,rollback,andrecoveryofdatavolumes,oftentodifferentzones.Snapshotscanalsobereplicatedbetweenregionsfordisasterrecovery.

Replication Datareplicationistheduplicationofdatatomultiplelocations.Thismakesdatarecoverypossibleiftheprimarysiteislost.Avarietyofdatareplicationtoolsareavailable(vendor-specificaswellasOpenSource).Manycloudprovidersalsoofferintra-regionandinter-regionreplicationservices.

Archiving Dataarchivinginvolvestheextractionofinfrequentlyaccesseddataforlong-termstorage.Thisisoftendoneforregulatorycomplianceaswellasforfreeingupcapacityonexpensive,high-performancestorage.Archivingtoolscreateread-onlycopiestoensurethatdatacannotbechanged.Thespeedofaccessingarchiveddatacanvaryfromnear-real-timetohoursorevendays.Somepubliccloudprovidersofferarchivalstoragethatissignificantlylessexpensiveandmorereliablethanlegacyequivalents.

4.5.6 HAfortheFront-EndTierAddingasecondloadbalancerforredundancy(HA)iscommonpractice.Thisisusuallyconfiguredinanactive/activepair.

4.5.7 MonitoringMonitoringisakeyconsiderationwhendeployingapplicationsinapubliccloudenvironment.Activemonitoringandmanagementofalllayersoftheapplicationstackarerequiredforreliabilityandeaseoftroubleshooting.Attheapplicationlayer,GuidewireapplicationsincludeManagementBeansthatcanbeintegratedwithsystemsmonitoringandalertingtoolsaswellasprocessworkflows.

Cloudserviceprovidersoffermonitoring,alerting,andworkflowaspartoftheircatalogofservices.ThechoiceofwhethertouseCSP-providedservicesorotherproductsmaybebasedonexistingsupport

32


toolsandprocesses.Fororganizationsthatalreadyhaveanestablishednetworkoperationscenter(NOC)andmonitoringapplication,itcanbemoreexpedienttoextendexistingmonitoringtothecloud.Withgreenfieldenvironments,cloud-nativemonitoringservicesareofteneasiertodeployandintegrate.

Anotherfactortoconsiderwhenchoosingmonitoringtoolsisservicedependencies.Forexample,automaticservicescalingmaybetriggeredbysystemevents—CPUormemoryload,nodefailure,orotherinfrastructure-relatedtriggers.Thismaynecessitatetheuseofsomecloud-basedmonitoringservicesevenwhenthird-partytoolsarealsodeployed.

Finally,application-specificmonitorsshouldbeconfiguredtodetectissuesandnotifyoperatorswhenabnormalbehaviorisidentified.Forexample,InsuranceSuite9canbeconfiguredtosendalertsbasedonclusterefficiencyandreliability,applicationevents,andoperationalhistory.

4.6 DisasterRecoveryConsiderationsUnlikeavailabilityplanning,whichfocusesonavoidingdowntime,disasterrecovery(DR)planningfocusesonrespondingtothelossofprimaryprocessingcapacity.Thistypicallyinvolvesthecompleteduplicationofallsystems,software,anddataatasecondarylocation.DRplanningincludesdetailedproceduresthatshiftprocessingtothefailoversiteaswellasongoingprocessestoensurethatprimaryandDRsiteconfigurationsarekeptinsync.

BecauseDRplanninginvolvesconsiderabletime,effort,andexpense,businessownersmustdecidewhatlevelofDReffortandinvestmenttheyarewillingtomake.DRinvestmentisjustifiedtotheextentthatitmitigatesanticipatedbusinesslosses.Thisisusuallybasedonsomeformofbusinessimpactanalysis(BIA).TwokeyoutputsofaBIAareapplicationrecoverytimeobjective(RTO)andrecoverypointobjective(RPO).

4.6.1 RTOandRPORecoverytimeisthedurationthatanapplicationorbusinessprocessisunavailable.InaDRcontext,itincludesthetimerequiredtodetectanddeclareadisasteraswellasthetimetoswitchprocessingtoasecondarysiteandrestoretheapplicationtoaknowngoodstate.

Therecoverypointobjectiveisthemaximumallowabledataloss.Fortransactionalapplications,thisincludeslosttransactions.Althoughbusinessownersdonotwanttoloseanydata,ashorterRPOmeanshigherDRcosts.

4.6.2 Cloud-BasedDRPubliccloudserviceproviderscansignificantlyreducedisasterrecoverycostsandcomplexity.RentingcapacityfromaCSPenablescompaniestoavoidthelargecapitalandongoingoperationalexpenseofbuildingoutaduplicatedatacenterandcorrespondingITinfrastructureinanotherlocation.Largeprovidersnotonlyoperateinmultiple,geographicallydiverseregions;theyalsoofferautomationtoolstosimplifydeployments.AllserverimagesandcurrentsourcecodemustbeavailableinthetargetDRregion.Adatabasecopymustalsobemaintained,withadatareplicationfrequencythatmeetstheRTOandRPOrequiredbythebusiness.Additionaladministrativefilessuchasbootstrapscriptsshouldalsobeincluded.Allfilesthatarerequiredfordeploymentorongoingoperationsshouldbereplicatedinthefailoverregion(seethefollowingsection).ThisprocessshouldbeautomatedtoensurethatprimaryandDRenvironmentsarekeptinsync.

33


Althoughlargecloudprovidersmaintainsubstantialexcesscapacity,thereisstillariskthatdemandresultingfromawidespreaddisastermightoutstripsupply.SomeCSPsallowcustomerstooffsetthisriskbypre-purchasingreservedcapacity.TheresultingdecreaseinriskcanoftenjustifythecorrespondingincreaseinDRcosts.

4.6.3 DataManagementforDROneofthemainDRchallengesisthereplicationofapplicationdatatotheDRsiteatafrequencythatmeetsthedesiredRPO.ThissectioncoversanumberofDRdatamanagementoptions.

DataReplication

Asmentionedinsection4.5.5“HAforStorage,”replicationcopiesdatatomultiplelocations.Replicationissynchronousifthedatainalllocationsisidenticalatalltimes.Forperformancereasons,synchronousdatareplicationistypicallylimitedtodistancesof100kmorless.Asynchronousreplicationinvolvesperiodictransfersofchangeddata.TheintervalbetweentransfersistheprimarydeterminantoftheRPO.

LogShipping

“Logshippingistheprocessofautomatingthebackupofadatabaseandtransactionlogfilesonaprimary(production)databaseserver,andthenrestoringthemontoastandby(replica)server.”14MicrosoftSQLServersupportslogshipping.Oracle’simplementationoflogshippingisbrandedasOracleDataGuard.

Thelogshippingprocesscanbeclassifiedasfollows:

• Synchronouslogshipping:Transactiondatafromtheprimarylogissent,andacommitacknowledgementisreceivedfromthereplicabeforethetransactioncommitsontheprimarysystem.

• Asynchronouslogshipping:Transactiondatafromtheprimarylogissent,andthetransactioncommitsontheprimarysystem.Thetransactionislaterreplayedfromthelogfile,andacommitisacknowledgedonthereplica.

Ofthesetwostrategies,asynchronoushasbetterperformancebecausetheprimarydatabasedoesnotwaitforacommitacknowledgementfromthereplica.Thiscan,however,resultinsomedataloss.BecauseGuidewireapplicationscanhaveahighrateofdatachange,asynchronouslogshippingisusuallythepreferredoption.

Storage-LevelReplication

Mostenterprisestoragevendorshaveproprietarytoolsforstoragemanagementandreplication.Suchtechnologiescanbeanattractivealternativetologshipping,becausethey:

• Operatedirectlyinthestoragetier,andsodonotplaceadditionalloadonthedatabase• Havemoregranularmirroring,versioning,andsnapshottingcapabilitiesthanlogshipping

(Thiscanbeimportantifdatabecomescorrupted,especiallyifthecorrupteddataissubsequentlyreplicated.Insuchcases,versioningandsnapshotsallowrollbacktoaprior,known-goodstate.)

14Formoreinformation,seehttps://en.wikipedia.org/wiki/Log_shipping.

34


• Canmaintainlogicalconsistencybetweenreplicasofmultipledatasets

On-premisesphysicalstoragearraysareanotherwaytomaintainapplicationdata.Bothstorageandcloudvendorsofferstoragegatewaystointerconnecton-premisesandcloud-basedstorage.Inaddition,someenterprisestoragevendorsoffercloud-basedvirtualappliancesthatsupporttheirproprietarystorageutilities.Thisenablesintegrationbetweenon-premisesandcloud-basedstoragearrays.Finally,itispossibletointegratephysicalstoragedeviceswithpubliccloudsoverlow-latency,high-bandwidthnetworklinks,allowingdatatoresideonphysicaldeviceswhileusingcloud-basedcomputeandrelatedservices.NetAppPrivateStorageforCloud15isanexampleofthistechnology.

4.7 SecurityandComplianceConsiderationsInformationsecurityfocusesontheprotectionandsafemanagementofinformationsystemsanddata.ThissectioncoverssecurityandcomplianceconsiderationswhenInsuranceSuite9runsinapubliccloudenvironment.

4.7.1 SecurityPrinciplesAlthoughinformationsecurityencompassesawiderangeoftopicareas,itisguidedbyacoresetofunderlyingprinciples.

Limitedaccess:Usersshouldhaveaccesstoonlytheinformationandapplicationsthattheyneedfortheirroles.Systemelementsshouldbedeployedwitha“deny-all,permit-by-exception”approach.

Secureallelements:Oneweaknessinthesecurityperimetercancompromiseallothersecurityelements.Systemsecurityshouldbeimplementedforallelements,withno“backdoors”orexceptions.

Auditandlogallactivities:Activityloggingcoversallaspectsofoperations,includingphysicalaccesstofacilities,useraccesstosystemelements,andserverandapplicationlogs.Thisinformationisvaluableinbothdiagnosingapplicationproblemsandconductingforensicanalysisofsecurityissues.

Automateeverything:Thescaleandcomplexityofinformationvolumemakemanualmonitoringnearlyimpossible.Exceptionmonitoringandeventresponseshouldbeautomatedandtunedovertimetoensurethatallrelevantconditionsaredetectedandactedupon.

Manageallchanges:Inuncontrolledenvironments,configurationsdriftovertimefromestablishedstandards.Infrastructurethatisdrivenbytemplatesandcontrolledprocessesavoidthisproblem.Configurationsshouldbeperiodicallyauditedforcompliancewithtemplatesandstandards.

Defenseindepth:Thisprincipleinvolvesapplyingindependentsecuritymethodsateverylayeroftheapplicationstack.Theresultisthatanincursiontoonelayerdoesnotautomaticallyexposeunderlyinglayers.

4.7.2 IdentityandAccessManagement(IAM)Thegoalofidentityandaccessmanagementistoensurethatauthorizeduserscanaccesstheinformationandapplicationsthatareappropriatetotheirroles,andthatunauthorizedusersdonothaveaccess.Thisisaccomplishedusingcredentialswithcorrespondingmechanismsforcontrollingaccess.

15Seedetailsathttp://www.netapp.com/us/solutions/cloud/private-storage-cloud/.

35


CloudprovidersofferavarietyofIAMcapabilities,includingmanageddirectoryservices,federationwithexistingdirectoryservices,securitytokenservices,SecurityAssertionMarkupLanguage(SAML)integration,andfederatedidentityservices.Someoftheseservicesapplyonlytocloudinfrastructureelements,whileothersintegrateattheapplicationlayer.

Role-BasedAccessControlsForstandardizationandscalability,privilegemanagementshouldbedefinedbasedontheroleoftheuserorservice.Role-basedaccesscontrols(RBAC)enabletheefficientgroupingandcontrolofusersandresources.Useraccesscanbemanagedwithusergroups.Systemobjectscanbemanagedusingaccesscontrollists(ACLs).

Multi-factorAuthentication(MFA)MFAaddsanextrarequirementlayerbeyondsimplecombinationsofuserIDandpassword.Ithelpspreventwidersecuritybreachesifusercredentialsarecompromised.MostcloudvendorsofferMFAcapabilitiessuchasdevicesorapplications.CloudbestpracticesrequireMFAforprivilegedadministrativeaccounts—particularlythoseofrootorsuper-useridentities.

4.7.3 SecurityPerimeterManagementAninformationsystem’ssecurityperimeterisdefinedbythepointswheredatatravelsandthetypeofinformationthatisavailableateachpoint.Forexample,alaptopwithfilesthatcontainusers’personallyidentifiableinformation(PII)suchascreditcardnumbersandhealthinformationrecordsrepresentsapointinthesecurityperimeter.Ifthelaptopislost,theperimeterisbreached.Withcloudcomputing,theresponsibilityforsecurityfallsbothontheproviderandthecustomer.TheAWSSharedResponsibilityModelsaysthis:16

WhileAWSmanagessecurityofthecloud,securityinthecloudistheresponsibilityofthecustomer.Customersretaincontrolofwhatsecuritytheychoosetoimplementtoprotecttheirowncontent,platform,applications,systemsandnetworks,nodifferentlythantheywouldforapplicationsinanon-sitedatacenter.

Figure15AWSSharedResponsibilityModel

16Formoreinformationaboutthemodel,refertohttps://aws.amazon.com/compliance/shared-responsibility-model/.

36


NetworkSecurityTraditionalcorporatenetworksareprotectedusingphysicalandvirtualsecuritydeviceslikefirewalls,virtualprivatenetwork(VPN)concentrators,packetfilters,intrusiondetectionandpreventionsystems(IDSandIPS),andmobiledevicemanagementtools.Thesameistrueforclouddeployments,althoughsomeofthesewillbeservices.Aswithon-premisesdeployments,applicationtierscanbeseparatedbyfirewallstoformDMZs,withingressandegresscontrolledbyACLsandsecuritygroups.

NetworkaccesstocloudresourcesforadministrativepurposesisgenerallycontrolledusingeitheraVPNorencryptednetworksession.VPNendpointscanbehardware-orsoftware-based,andtheyformasecure,encryptedtunnelbetweencloudandcustomersystems.NetworksessionsoverSSHorRDPrelyonencryptionkeysforauthentication.Identitykeysmustbecloselycontrolled,ideallybyusingakeymanagementservice(KMS).

Manylargecloudprovidersalsoofferprivateconnectivity.Thesemayoperateatlayer2orlayer3ofthenetworkstack,andtheyprovidesecure,high-bandwidthconnectivitywithoutgoingthroughanetworkserviceprovider.Thistypicallyrequirestheestablishmentofanetworkedgelocationwithacolocationproviderthatprovidesdirectconnectivitytothecloudserviceprovider.Privateconnectivitycanhavetheaddedbenefitofreducingbothnetworkanddatatransfercharges.

CertificateManagementSecure,encryptedtransmissionofweb-basedtraffictypicallyinvolvesuseofSecureSocketsLayer(SSL)certificates.MostcloudserviceprovidersofferservicesforprovisioningandmanagementofSSLcertificates.Theyalsocanbeconfiguredwithcertificatesfromstandardcertificateauthorities.

IntrusionDetectionandPreventionAnintrusiondetectionsystem(IDS)comparestrafficwithknownattacksignaturesorotherabnormalbehavior.Anintrusionpreventionsystem(IPS)isessentiallyafirewallthatblockssuspicioustraffic.Bothsystemscanbeeithernetwork-basedorhost-based.IDSwatchesinboundandoutboundtrafficonanetwork,whileIPSwatchestraffictoandfromaserver.Inthecloud,IDSandIPScanrunasapplicationsorascloud-basedvirtualappliances.

4.7.4 DataProtectionandComplianceEncryptionandKeyManagementDataencryptioninvolvesconversionofdataintoaformatthatcannotbeunderstoodbyunauthorizedparties.Thiscanincludebothdataresidinginapersistentstoragevolume—knownasdataatrest—anddatamovingonthenetworkorwithinaserver—knownasdataintransit.ForclouddeploymentsofInsuranceSuite9,bothdataatrestanddataintransitshouldbeencrypted.

Encryptionofdataintransitiscoveredin“NetworkSecurity”intheprecedingsection.Encryptionofdataatrestcanincludebothclient-sideandserver-sidetools.Client-sideencryptiontoolsincludeoperatingsystemutilitiesandbothopen-sourceandcommercialapplications.Manycloud-basedstorageandrelatedservicesofferbuilt-inserversideencryption.Inaddition,manydatabasemanagementsystemsmanagedataencryptionandoffermoregranularcontroldowntothefieldlevel.

Dataencryptioninvolvestheuseofdataencryptionkeys.Managementofthesekeysisanintegralpartofdataprotection.Ifprivatekeysarelost,dataisirretrievable.Keyvaultingisawayofsafeguardingencryptionkeystocontrolaccesswhileensuringthatkeysarenotlost.Largepubliccloudvendorsofferkeymanagementservices(KMS)forcreating,controlling,andsafeguardingencryptionkeys.

37


DataSovereigntyDataprivacyandsovereigntylawsregulatewhatkindsofdatacanbemaintainedandwhere.Thereareanumberofpublicationscoveringdatasovereigntyasitrelatestoinsurancedata.Aparticularlyusefulreferenceis“DataSovereigntyandtheCloud:ABoardandExecutiveOfficer’sGuide.”17

Simplyput,cloudprovidersoperatephysicaldatacenters.Thesefacilitiesresideinalimitednumberoflocations,afactthatcanhavedatasovereigntyimplications.Ascoveredinthe“Locations”sectionof“SelectingaCloudServiceProvider,”locationisakeyconsiderationwhenplanningaclouddeployment.

DataLossPrevention(DLP)Datalosspreventionisanotherstrategyforsafeguardingdata.Unlikeencryptiontechnologiesthattreatalldataequally,DLPseekstopreventtheunauthorizedtransmissionofcertaintypesofdatabeyondthesecurityperimeter.DLPsystemscanalsomonitortrafficbetweensystemstodiscoverunusualorunauthorizedcommunications.

KeepingDataOutoftheCloudEvenwithencryptionandDLP,somecompaniesstilldonotwanttostoretheirdata—orsubsetsofdata—inapubliccloud.Insuchcases,itispossibletolinksystemsinanon-premisesorcolocationdatacenterwithpubliccloudservicesandresources.Thiscanbeaccomplishedinmultipleways.Oneoptionistouseacloudstoragegateway18thatlinksthestoragewiththecloudprovider.Inasimilarway,acompanycansetupaprivate,high-capacitylinkbetweenitsdatacenterandthecloudserviceprovider.Conceptually,thisinvolvesextendingthecorporatenetworkedgeintoacarrier-neutralhostingproviderthatoffersprivateconnectivitytocloudserviceproviders,asdepictedinFigure16.

Figure16PrivateConnectivitytotheCloud

Ifnetworklatencyandthroughputareissues,thisapproachcanbeaugmentedbydeployinganenterprisestoragearray(suchasNetApp,EMC,andsimilartools)inthethird-partydatacenterandlinkingittothecloudproviderusingprivateconnectivity.AnexampleisNetAppPrivateStorageforCloud19.Withthisarchitecture,thestorageprotocolcanbeblock(iSCSI)orfile(CIFS,NFS).Theresultis

17Thefullreportcanbeaccessedathttp://www.cyberlawcentre.org/data_sovereignty/.18Seehttps://en.wikipedia.org/wiki/Cloud_storage_gateway.19Seehttps://www.netapp.com/us/media/ds-3620.pdf.

38


datathatismanagedandmaintainedonaprivate,physicalstoragesystemwithapplicationserversandservicessuppliedinthecloud.

Fordatastoredinadatabase,somecloudvendorsofferservicesthatlinkon-premisesandclouddata.OneexampleisMicrosoftAzure’sSQLServerStretchDatabase.20

4.7.5 LoggingSystemandapplicationlogsareanimportantsourceofsecurityandoperationalinformation.Logsnotonlyprovideaudittrails;theyalsocontaininsightstoassistwithproblemtriageandprovideearlyindicatorsoffutureproblems.Loggingservicesconsolidatethelogoutputfromapplications,services,andinfrastructure,enablingthecollectivesearchandanalysisoflogdata.Becausesystemlogscancontainsensitiveinformation,accesstologrecordsshouldbecarefullycontrolled.Logsourcesandtypesinclude:

Networkdevices:Thisincludesfirewalls,routers,IPS,andsimilardevicesthatrecordtrafficbysource,destination,port,protocol,andrelatedinformation.Examplesofconditionstomonitorincludedistributeddenialofservice(DDoS)attacksorsubstantialtrafficfromcountrieswheretherearenocustomers.

Systems:Serversgeneratemanytypesoflogs,includingsecurity,application,operatingsystem,andperformance.Storagevolumesandrepositoriescanalsogeneratesignificantlogdata.Inthecloud,nodescaneasilybeadded,removed,orreplaced.Forthisreason,cloudsystemlogsshouldbecentralized.

Cloudservices:Cloudservicesoffervariouslevelsoflogging.Thiscanincludesystemandservicelogsaswellasbothinteractiveandprogrammaticaccess.Forneworhighlyvariableservices,thisinformationcanbeusedforsystemtuningandrefinement.Asservicesbecomemorematureandpredictable,itmaybepossibletoreducethelevelofloggingdetail.

APIcalls:AllAPIcallsshouldbeloggedandmonitoredforsuspiciousorabnormalactivities.Somecloudserviceprovidersofferthismonitoringasaservice.Forexample,AWSCloudTrail21providesahistoryofallAPIcalls.

LoganalyticsBecauseofthesheervolumeoflogdata,specializedtoolsareneededforloganalysis.ExamplesincludeSplunk,Loggly,andSumoLogic.Thesecanbepowerfultoolsformonitoring,alerting,andanalyzingsystemsoperationsandsecurity.

4.8 CostManagementDeployingInsuranceSuite9inthecloudrequiresadifferentapproachtoITcostmanagement.Cloudcomputingoffersawidearrayofservicesandpricingstructures,andusersmustpickandchooseservicesandoptions.Infrastructurecostsshiftfromthecapital-intensivepurchaseandprovisioningofhardwaretoconsumption-basedchargesforservicesused.

20Seehttps://azure.microsoft.com/en-us/services/sql-server-stretch-database/.21Fordetails,gotohttps://aws.amazon.com/cloudtrail/.

39


4.8.1 UsageAttributionThesinglemostimportantthingorganizationscandotomanagecloudcostsistotrackresourceusage.Becauseitisconsumedasservices,cloudusageiseasiertotrackthanphysicalinfrastructure.

ResourceTaggingThefirststepincloudcostmanagementisthetaggingofallresources.Tagsshouldbedefinedtoenableresourcetrackingandreporting.Resourcescanhavemultipletags,enablingmulti-dimensionalmanagement.ExamplesoftagtypesarelistedinFigure17.

Figure17CommonCloudResourceTagTypes

TagType UseApplication Tagallsystemsthatcompriseaparticularapplication.TierorRole Allowactionsonallsystemsofaparticulartype,suchasweb,app,database,

etc.Environment CreateenvironmenttagsforDev,QA,Prod,DR,andsoon.DepartmentorCostCenter

Enableeasycostreporting.

Version Trackdifferentapplicationversions.Criticality Monitorandrankfortriage.Automation Supportautomationactivitiessuchasperiodicshutdown,active-standby,etc.Security Defineandcontrolspecificsecuritylevels,accesscontrols,andactions.CustomerorProject Thisisparticularlyusefulinmulti-tenantenvironments.

Inaddition,tagscanbemandatoryoroptional.Acommonmanagementstrategyistomakeatleastonetagmandatory.Anyuntaggedresourcesareflaggedforremoval.Dependingontheenvironment,theremovalprocesscanbeautomaticormanual.

Chargeback,Showback,ShamebackCostchargebackhaslongbeenagoalofITdepartments.Thishasprovenchallenging,though,duetotheuseofsharedresourcessuchasdatacenters,corenetworkinggear,datastoragearrays,softwarelicenses,andadministrativestaff.Insteadofchargingspecificusersforactualconsumptions,costsareoftensimplyallocatedasaformof“corporatetaxation.”Asaresult,usersdonotdirectlyseethecostimpactoftheiractionsanddonotfeelcompelledtomanageconsumption.Bycontrast,cloudenablesmuchmoreprecisealignmentofusageandcosts.

Tagginggreatlysimplifiesthereportingofcloudresourceusage,whichcanbetrackedinanumberofways,includingbuilt-incloudserviceproviderreports,standardanalysisandreportingapplications,andspecializedthird-partyapplications.

SharedMonitoringandOperationsCostsWhilemanycostsofcloudoperationsaredirectlyattributabletoaparticularapplicationenvironment,someexpenseswillcontinuetobeshared.Theseshouldbeincludedinanycloudeconomicanalysis.Examplesofsharedcostsinclude:

• Systemsadministrators,architects,andrelatedpersonnel• Monitoringandsupportsystemsandpersonnel• Integrationswithon-premisessystemsandtools• Networkconnectivitycharges• Datareplicationandothercostsrelatedtodisasterrecovery

40


QuotasandApprovalWorkflowsForusers,oneofcloudcomputing’smostappealingfeaturesisself-service.Whilethisisagreatconvenience,ifunmanageditcanalsoleadtoasubstantialincreaseinresourceconsumption.Topreventrunawaycloudcosts,itisagoodpracticetoinstitutequotalimitsaswellasrequestapprovalprocesses.UnliketraditionalIT,however,theseprocessesaredesignedanddrivenbybusinessconsiderationsratherthantechnicalrequirements.Somecloudvendorsofferrequestandapprovalservicesfortheirenvironments.Otheroptionsincludeservice-deskapplicationssuchasServiceNow22aswellasawidevarietyofcloudmanagementplatformapplications.23

4.8.2 CostControlCloudcomputinghasthepotentialtosignificantlylowerinfrastructurecosts.However,manyfirst-timecloudusersaredisappointedtofindthatcostsavingsarenotautomatic:savingmoneydoesrequireeffort.Billingforvariouscloudservicescanquicklybecomecomplex.Asaresult,unnecessaryandavoidablechargesmaygounnoticed.Andbecausebillingisbasedonusage,costschangewithload—whichcanresultinlesspredictability.Carefulmanagementofusageandspendingisneededtopreventunanticipatedmonthlycloudbills.

SettingBillingAlertsCloudprovidesuserswithcapacity-on-demand.Whilethisoffersagilityandflexibility,variableusagecanalsoleadtounexpectedusagespikesand“thescarybill.”Thiscanbeparticularlytrueforneworhighlyvariableworkloads.Forthisreason,cloudconsumersshouldestablishexpectedconsumptionthresholdswithcorrespondingalertsifthosethresholdsareexceeded.Manycloudvendorsofferprogrammaticbillingalertsasastandardservice.

IdentifyingUnusedandOrphanedResourcesAsoutlinedabove,resourcetagshelptoidentifyhowparticularresourcesareallocatedandused.Inon-premisesenvironments,itisverycommontouncoverorphanedsystemsthatcontinuetorunlongaftertheyareneeded.Whencloudenvironmentsareredesignedordecommissioned,allrelatedresourcesshouldbeauditedtomakesurethattheyarestillneededandthattheirtagsreflecttheircurrentroles.Resourcesthatarenolongerneededshouldbeshutdown.

Inaddition,resourcesshouldbemonitoredforutilizationandusefulness.Cloudstoragevolumesareoftengoodcandidates.Forexample,cloud-basedvirtualserversoftenhaveassociatedpersistentstoragevolumes.Evenwhenaserverinstanceisdecommissioned,itsstoragemaynotbe.Thesamecouldbetrueforbackupsandsnapshots,whichcontinuetoincurmonthlycharges.Identificationanddeletionofunneededstorageshouldbepartofaperiodiccostmanagementprocess.

ManagingConnectivityCostsCloudservicesarenetwork-based.Iftheyarelinkedwithon-premisesdataandsystems,connectivitychargescanbesubstantial.Thisisalsotrueifdataisreplicatedbetweencloudregionsforredundancyanddisasterrecoverypurposes.Networkcircuitsizingandcharacteristicsareimportantconsiderationsintermsofbothperformanceandcost.

22DetailsaboutServiceNowareathttp://wiki.servicenow.com/index.php?title=Cloud_Provisioning.23Seethetableathttps://www.whatmatrix.com/comparison/Cloud-Management-Platforms.

41


Ascoveredinthe“KeepingDataOutoftheCloud”sectionofsection4.7.4“DataProtectionandCompliance,”privateconnectivitycansignificantlyreducenetworkcostswhileincreasingbandwidthandsecurity.TheconfigurationwasshowninFigure16.

UnderstandingLicensingandSupportCostsGuidewireprovidestheflexibilitytouseInsuranceSuite9licensesinbothon-premisesandcloudenvironments,withnoneedtopurchaseseparatelicenses.Customerswithexistinglicenseswhowanttomovefromanon-premisestoaclouddeploymentcansimplytransfertheirlicenses.

Somecloudservicesincludesoftwarelicensecosts.Forthosethatdonot,itisimportanttounderstandandcontrolsoftwarelicenses.Databasesareagoodexample.Optionsinclude:

• Self-installedandmanaged:Insuchcases,InsuranceSuitesupportsbothOracleDatabaseandMicrosoftSQLServer.Whenruninacloudenvironment,licensecostsforOracleDatabasearebasedonthenumberofvirtualcoresinvolved.24LicensecostsforMicrosoftSQLServerrunninginthecloud25aremorecomplex.Inbothcases,vendordiscountsshouldbenegotiatedaspartofanongoingenterpriseorvolumediscountagreementwiththerespectivevendor.

• ManageddatabaseservicessuchasAWSRDSorAzureCloudDatabaseasaservice:Thesemayincludelicensecosts,ortheymayoperateina“bringyourownlicense”model.

• Pre-configuredthird-partycloudinstanceswiththedatabasepre-installed:Theseareoftenavailableinthecloudprovider’smarketplaceandcanincludelicensechargesbasedonusage.

Inadditiontodatabases,otherapplicationsthatmayincurlicenseorsupportchargesincludemonitoring,logmanagement,applicationservers,reporting,middleware,andmanagementutilities.

Pre-purchasedandSpotCapacityAlthoughon-demandconsumptionofcloud-basedresourcescanbeveryconvenient,continuouson-demandconsumptioncanbeverycostly.Afterbaseloadpatternsareknownforeachworkload,cloudusersshouldconsiderpurchasingreservedcapacitythatmatchestheirbaseloadrequirements.Thiscanbesupplementedwithon-demandinstancesforvariabledemandfollowingavariationofthe“ownthebase,rentthespike”strategydescribedinthe“HybridCloud”sectionof“TypesofClouds.”Pre-purchasedinstancesofferdiscountedcapacityinexchangeforalonger-termcommitment.Asdescribedinthe“Cloud-BasedDR”sectionof“DisasterRecoveryConsiderations,”reservedcapacitycanhavetheaddedbenefitofbeingguaranteedifthecloudproviderexperiencescapacityconstraints.

Spotinstancesareanotheroptionforcontrollingcloudcosts.Basically,thisinvolvesbiddingonunusedcloudcapacity.Biddersmakeoffersforspecifictypesofinstances;acceptedofferscanbeusedatthebidprice.Sincethepricevariesbasedonavailabilityanddemand,spotinstancescangoawayatanytime.Forthisreason,theiruseshouldbelimitedtocompatibleworkloadssuchasloadtestingorhighlyparallelizedanalysisjobs.

CostManagementApplicationsManycompaniesoffercloudbillingmanagementapplicationsandservices,whichprovideenhancedchargebackandusagereporting.Pricingmaybefixed,permanagednode,orapercentageofthecustomer’scloudbill.Advantagesofthird-partycloudbillingapplicationscaninclude:

24ForOracleDatabaselicensing,seehttp://www.oracle.com/us/corporate/pricing/cloud-licensing-070579.pdf.25ForMicrosoftSQLServerlicensing,seehttp://download.microsoft.com/download/9/C/6/9C6EB70A-8D52-48F4-9F04-08970411B7A3/SQL_Server_2016_Licensing_Guide_EN_US.pdf.

42


• Abilitytoaggregatecostsacrossmultiplecloudserviceproviders• Usageanalytics• Customizabledashboards• Servicespendingoptimizationrecommendations• Securityandauditmonitoring

Popularcloudcostmanagementtoolsinclude:

• Cloudability(https://www.cloudability.com)• CloudCruiser(http://www.cloudcruiser.com)• CloudCheckr(http://cloudcheckr.com)• Cloudamize(http://www.cloudamize.com)• Cloudyn(https://www.cloudyn.com)• CloudHealthTechnologies(https://www.cloudhealthtech.com)

4.8.3 ConsumptionManagementClouduserspayfortheservicestheyconsume.Iftheywanttopayless,theyneedtouseless.Tocontrolcloudcosts,cloudcustomersmustcontrolconsumption.Oneofthemostimportantbehaviorchangesthatcloudenablesisbreakingthehabitofretainingsystemsaftertheirprimaryusehasbeenfulfilled.Thisiscommoninenvironmentswhereitisdifficultortime-consumingtoinitiallyobtaintheresources.Throughautomatedtemplatesandcapacityondemand,cloudenablesuserstoquicklyspinupsystemsandenvironmentsasneeded,whichmakescostlyhoardinghabitsunnecessary.

ScalingtoMatchDemandAsillustratedinFigure1,cloudcomputingenablesconsumerstoscalesystemsinfrastructureupanddowninresponsetodemand.Forworkloadswithsignificantloadfluctuation,scalingofferstremendousadvantagesovertraditionalIT.Ratherthanhavingtoestimatefuturedemandandbuildoutinadvanceofit,scalingprovidesflexibility.Italsoenablesaclearerunderstandingofcosts,sinceusagechargesareproportionaltovolume.

SettingResourceLimitsCloudelasticityisaveryappealingfeaturebutmustbecontrolled.Manycloudusershavehadtheunpleasantexperienceofrunawayscalingprocessesresultinginmuchhigherthannormalmonthlybills.Thesecanresultfrommisconfiguration,denialofserviceattacks,legitimatebutunusualtrafficspikes,andsimilarissues.Abestpracticeistosetlimitsonallowablenodesinacluster.Manycloudprovidersdothisbydefault,andcustomersmustrequestincreases.Inmakingtheserequests,customersshouldpickupperlimitsthatarewithintheirmaximumallowablebudget.Inextremecases,itmaybebettertoacceptslowapplicationperformance.

PreventingCloudSprawlUserself-serviceandconsumptionondemandcanresultinsignificantincreasesinresourceconsumptionoveron-premisesresources.Thiscanbeparticularlytruefortestanddevelopmentenvironments,whichmaybespunupforaparticularpurposeandthenleftrunningaftertheyarenolongerneeded.Theseunusedresourcescanresultinsignificantcosts.

Toprevent“cloudsprawl,”cloudadministratorsshouldconductregularsystemauditstoidentifyresourcesthatarenolongerneeded.Anothereffectivestrategyistosetautomaticexpirationsfornon-

43


productionresources.Ifusersknowthatthesystemswillgoawayafterasetperiodoftime,theywillbemoremotivatedtocompletetheirworkontime.

ManagingDataTransferCostsCloudserviceproviderstypicallychargefordatatransferredoutoftheirenvironments.Inbounddatatransfersareoftenfree.Understandingandmanagingdatatransfercostscanhavealargeimpactoncloudusagecharges.Forexample,customerswhorunlargedataanalyticsjobscansaveasignificantamountbytransferringdatasetstothecloudfromon-premisesstoragesystemsbutreturningonlysmallresultsets.Asdescribedin“ManagingConnectivityCosts,”privateconnectivitycanenablethisstrategy.Cloudstoragegatewayscanbeusedasadatainterfacebetweenon-premisesandcloudenvironments.

ManagingStorageVolumesCloudstoragevariesbytype,technology,andperformance.Forexample,SSDstoragetypicallyperformsbetterbutcostsmorethanmagneticstorage.Somecloudserviceprovidersoffertheabilitytorapidlymigratebetweenstoragetypes.Asanexample,withinitsElasticBlockStore(EBS)service,AWSoffersmultipletypesofSSDstorageincludingprovisionedIOPS(io1)andgeneralpurpose(gp2).Theio1typeoffershigherI/Operformanceatahigherprice.Ifthishigherperformanceisneededonlyatcertaintimes(forexample,normalbusinesshoursfromMondaythroughFriday),thestoragecanbeconvertedtogp2off-hoursandconvertedbacktoio1duringbusinesshours.Dependingondatavolumes,thismayresultinworthwhilecostsavings.

4.8.4 SystemTuningCloud’sflexibleconsumptionmodelenablesuserstoadjustusageovertime.Thisabilitytomakedynamicchangesisanimportantelementinmanagingcloudcosts.

BenchmarkingOneofthemostimportantstepsinplanningcloudcapacityisrunningbenchmarktestsforeachworkload.Thisrequirestheuseofatestharnesswithdatavolumeandtypesthatarerepresentativeofactualproductionloads.ForInsuranceSuite,itisimportanttorunbenchmarktestsforeachdeployedapplication.(AppendixAprovidesguidelinesforsizingcharacteristicsbyapplication.)

Benchmarkresultsshouldbeanalyzedforthefollowingcharacteristics:

• Baseload:Howmuchcapacityshouldbekeptavailableatalltimes?Forwebandapplicationtiers,thisinformationisusedtosetthelowerlimitforthenumberofnodesinacluster.

• Peakload:Aswithbaseload,thisinformationisusedtosizeauto-scalinggroupproperties.Inthiscase,peakloadestablishestheupperlimitforclusternodes.

• Performancecharacteristics:Establishapplicationresponsetimesforcommonusagescenarios.Thisisusedforparametertuning,capacityforecasting,andgeneralsizingpurposes.

Itisimportanttorepeatbenchmarktestsperiodicallyasloadpatternsandsoftwareversionschange.Additionally,benchmarktestingshouldbeusedforinstancesizingandperformanceoptimization.Forexample,applicationserverworkloadsmaybemoreefficientwithmore,smallerinstancesratherthanfewer,largerones.Thisshouldbetestedacrossarangeofserversizestodeterminethebestcombinationofperformanceandcostforagivencapacityrequirement.

44


MatchingInstanceTypewithWorkloadInatraditionalITenvironment,itiscommontotrytolimitthenumberofdifferentphysicalconfigurations.Thisisdoneforeaseofconfigurationmanagementandsupportability,butitoftenresultsinsystemsthatareover-provisionedfortheirpurpose.Withcloudcomputing,itismucheasierto“right-size”eachinfrastructureelement.Forexample,allocatedcapacityforaserverthatrequiresthreecoresand28GBofmemorywouldlikelyberoundedupconsiderablyinaphysicalenvironment.Evenwithvirtualization,over-provisioningiscommon.Cloudproviders,ontheotherhand,offerawidevarietyofpredefinedinstancetypesandsizes.Thismakesiteasytomatchcapacitytoloadacrossmultipledimensionswithoutover-provisioningorover-subscribing.Thisleadstolesswasteandlowercosts.

Higher-LevelServicesMostpublicIaaSprovidersofferservicesthatgobeyondinfrastructure.Examplesincludemanageddatabases,dataanalytics,messaging,queuing,caching,contentdistribution,andmanymore.Itcanoftenbemoredifficult,timeconsuming,andcostlytomanuallycreatetheseservicesinthecloudusinglower-levelelements.Forexample,manycloudvendorsoffermanagedrelationaldatabaseservices,whichoftenprovideautomatedmanagementofdeployment,replication,failover,backups,patching,andlicensing.

Whenevaluatinghigher-levelservicesforGuidewiredeployments,thefirststepistocheckcompatibilitywiththePlatformSupportMatrix.Assumingtherearenoissues,thenextstepshouldbeaTCOanalysis.Thetotalcostofthehigher-levelservicemaybesignificantlylessthanforado-it-yourselfapproach.

Re-architectingServicesWhenfirstdeployingtothecloud,thereisacommontendencytosimplytranslateon-premisessystemstocloud-basedones.This“likeforlike”approachoftenfailstotakeadvantageofcloud’suniquecapabilities.Disasterrecoveryisoneexample.Manycompaniesrelyonvendor-specifictoolsandtechnologiesfordatareplicationandmaintenanceofDRcapacity.Cloud’sdemand-basedconsumptionmayenablesimpler,lesscostlyalternativesthatavoidthecapitalcostsandoperationalchallengesofbuildingandmanagingDRsystemsanddatacenters.

Anotherexampleofhowcloudcanofferuniquecapabilitiesisserverlesscomputing.ServiceslikeAWSLambdaabstracteventheservercomponent,enablinguserstosimplysubmitcode.Jobsareautomaticallyrunandresultsarereturnedwithoutrequiringuserstoprovisiondiscreetservers.Usageischargedbasedoncodeexecutiontime.Forsomeworkloadsandusecases,thiscanresultinsubstantialcostsavings.

45


5 DeploymentApproachesCarefulimplementationplanningandexecutionarevitaltothesuccessfuldeploymentofInsuranceSuite9(IS9).Theimplementationteammustestablishaclearandthoroughexecutionplan,andteammembersmusthavetheexpertise,resources,andsupporttodeliveronthatplan.Whenplanningaclouddeployment,thefirstdecisiontobemadeiswhethertheworkwillbeperformedsolelybytheinternalITorganizationorincollaborationwithapartner.Thissectionweighsthepotentialbenefitsandchallengesofeachapproach.

5.1 Self-DeployinaPublicCloudOrganizationsmaychoosetoself-deployIS9usingacloudserviceprovider(CSP).TeamsplanningaclouddeploymentofIS9needtounderstandcloudopportunitiesandchallengestoensureprojectsuccess.

5.1.1 NeededcloudexpertiseManyclouddeploymentsaretreatedasasimplephysical-to-cloudtranslation.Organizationsthattakethisapproachareusuallydisappointedwiththeresults.Togainthegreatestbenefitsfromclouddeployments,implementersmustdesigntheirdeploymentstotakefulladvantageofcloud’sstrengthswhileavoidingpotentialpitfalls.Infrastructureteamsplanningaclouddeploymentshouldhavein-depthunderstandingofthefollowingareas.

Cloudeconomics:UnliketraditionalIT,whichisbasedoncapitaloutlaysandlong-termcapacityprojections,cloudservicesarebuiltandchargedonaconsumptionbasis.Costsaretieddirectlytousage.Cloudcostmanagementandoptimizationrequirein-depthknowledgeofcloudserviceoptionsandcostpoints.Initsannual“StateoftheCloud”report26,RightScalefoundthatservicecostsvariedapproximately12%amongthreeofthelargestpublicCSPs.Italsoestimatedsavingsfromserviceoptimizationtobeinthe30%–45%range.Inshort,therewasfarmorebenefitfromserviceoptimizationforthecloudthanfromshoppingaroundforthelowest-pricedprovider.

Automaticscaling:On-premisesdeploymentstypicallyinvolveestablishmentofapeakestimatedworkloadandbuildingouttosatisfypeakdemand.Bycontrast,cloudoffersrapidscalability.AsillustratedinFigure1,thismeansthatsystemscanbesizedforminimumdemandandscaledupanddowninresponsetoload.Automaticscalingisthesinglemostimportanttoolforoptimizingcloudconsumptionandcost.

Serverinstancesizing:CSPsofferavarietyofservervirtualmachine(VM)sizes,withdifferentmixesofcompute,memory,storage,andperformance.BecausecloudenablesVMtypestobeeasilychanged,cloudusersshouldtesttheirworkloadsacrossavarietyofinstancetypestofindtheonesthatdeliverthebestmixofpriceandperformance.Forexample,usersshouldtestdifferentapplicationserversizeswithavarietyofJavaVirtualMachine(JVM)sizesandnumbertodeterminewhichconfigurationbestmeetscost,scalability,andperformanceneeds.Thissizingshouldbeperiodicallyrevisitedtodetermineifconditionshavechangedorifnewinstancetypesareavailable.

Storageoptimization:Storageisoneofthelargestcostelementsofapplicationdelivery.Cloudprovidersofferavarietyofstoragetechnologies,fromhigh-performancesolidstatedrive(SSD)block

26Thereportcanbeobtainedathttps://www.rightscale.com/lp/state-of-the-cloud.

46


storagetolong-termarchive.CSPsoffermanywaystoautomatedatamanagement.Aswithon-premisesstorage,usersshouldestablishstoragetiersalongwithrulesformovingdatabetweentiers.

Highavailabilityanddisasterrecovery:LargeCSPstypicallyofferservicesinmultiplelocations.Thismayincludebothredundantfacilitieswithinagivengeographicregionaswellasfacilitiesingeographicallydiverseregions.Intra-regionaldiversityenableshigh-availabilityarchitecturesthatprovideresiliencyifaparticularfacilityisbroughtdownforanyreason.Thesedesignstypicallyinvolveactive-activeloadbalancing.Inter-regionaldesignsenabledisasterrecoverywhenaregion-widedisasterimpactsabroaderarea.Thesearetypicallyactive-standbyandrequireeitherautomaticormanualfailoverprocesses.Understandinghowtoemploycloudservicesforhighavailabilityandfordisasterrecoveryisavitalskillsetfororganizationsthatwanttoself-deployenterpriseapplicationstothecloud.

Automation:Cloudinfrastructurecanbeprovisionedandmanagedinanumberofways,includingagraphicaluserinterface(GUI),command-lineinterface(CLI),applicationprogramminginterface(API),andsoftwaredevelopmentkit(SDK).Manyprovidersalsoenableautomationusingtemplatesandthird-partytools.

Useoftheweb-basedcloudmanagementconsolemaybesufficientforsimpleandone-offclouddeployments.Butforautomatedproductionoperations,masteryofaCSP’sapplicationprogrammingAPIsisvital.Thisincludesknowledgeofsyntaxaswellasoperationssuchasprovisioninganddecommissioningservices.Italsorequiresanunderstandingofroles,privileges,trafficmanagement,andauditing.

Connectivitymethods:IfalldataandoperationswillresidewithaCSP,connectivityplanningwillmainlyfocusonclientaccess.However,ifconnectivityisrequiredtoenterprisedatacenters,avarietyofmethodscanbeused.IToperationscanconfigurecommonmethodssuchasIPsecVPNtunnelsbetweenowneddatacentersandcloudnetworks.OrtheycanworkdirectlywithserviceAPIstoqueryandupdateinformation.BecausemostCSPschargefordatatransferoutoftheirenvironments,thecostofdatatransfershouldbeassessedwhenevaluatingconnectivitymethods.

ManyCSPsoffercloudgatewayappliancesforstorageandnetworktraffictoacustomer’sdatacenter.Inaddition,someCSPsofferdedicated,privateconnectivityoptions.Thiswasdescribedthe“KeepingDataOutoftheCloud”sectionofsection4.7.4“DataProtectionandCompliance”andillustratedinFigure16.PrivateconnectivityoffersdirectconnectivitytotheCSP’sinternalnetworkoverhigh-bandwidth,securecircuits.Inaddition,datatransferratesforprivateconnectivityareoftensignificantlylessexpensive.Whenassessingthesuitabilityofprivateconnectivity,itisimportanttounderstandanticipateddatatransfervolumesaswellasnetworklatencyrequirements.

5.1.2 VendorSupportCloudserviceprovidersgenerallyofferdifferentsupporttiers.CompaniesthatwanttodeployservicestothecloudneedtounderstandavailableCSPsupportofferingsandselectthemostappropriatelevelfortheiroperationalrequirements.ITorganizationsshouldalsoassesshowmanyuserswillhaveaccesstosupportservicesandwhatthelevelshouldbe.

5.1.3 Service-LevelAgreementsLargeCSPsoperatestate-of-the-artdatacenterswithhighlevelsofredundancy.Althoughthequalityoffacilitiesexceedsthatofmostcorporatedatacenters,theservice-levelagreement(SLA)offeredbymostCSPsisrarelyhigherthan99.95%.RemediesforfailuretomeetthisSLAarealmostalwaysconfinedtousagerefundsanddoesnotcompensateforbusinesslosses.IfavailabilitybeyondtheCSP’sSLAis

47


required,theresponsibilitybelongstothecustomer,whomustarchitectandoperateapplicationsusingthetechniquesandservicespreviouslydescribed.

5.2 WorkingwithaPartnerPartneringwithasystemsintegratormaybethepreferreddeploymentapproachforcompanieswithlimitedcloudexpertiseandforthosethatwantanexperiencedpartnerwithdeepindustryknowledge.Toaidintheselectionprocess,GuidewirehasestablishedtheGuidewireInsuranceCloud™Solutionspartnerprogram.ItauthorizesselectGuidewirePartnerConnect™Consultingpartnerstodelivercloudsolutionsthatcombinethefollowinginhostedenvironments:

• Guidewireproducts(suchasInsuranceSuite)• Thepartner’sowndifferentiatedcontentandservices• Complementarythird-partysystems

PartnersparticipatingintheprogramdeployandmaintainboththeGuidewiresoftwareandthethird-partyproductsthatroundouttheirrespectiveofferings.27

Thefollowingaresomeofthewayspartnersprovidevalue-addedservicestotheircustomers.

5.2.1 IaaSspecializationsIS9iscloudready.Itwasdesignedtobedeployablebothon-premisesandonpubliccloudinfrastructure.Itisalsocloud-agnostic,meaningthatitincorporatesnopreferencefororspecialfeaturesofanyparticularcloudprovider.Asdiscussedinsection3ofthisdocument,therearemanycloudserviceproviders(CSPs),eachwithitsownuniquecapabilitiesandserviceofferings.EachGuidewireimplementationpartnerhasknowledgeofoneormoreCSPs.GuidewirecustomersthatwanttodeployonaparticularCSPshouldlookforapartnerwithstrongdevelopmentandoperationalexperiencewiththatprovider.Ifapartnershipisalreadyestablished,itisimportanttounderstandwhichCSPsthatpartnersupportswhendeployingGuidewiresoftware.

5.2.2 IntegrationsTypicaldeploymentsofcorepropertyandcasualtyapplicationsinvolvemanyintegrationswithsupportingapplicationsandservices.EachGuidewirepartneroffersavarietyofpre-builtintegrations.Whenassessingwhichpartnertoworkwith,customersshouldlookforthebestoverlapwithneededintegrations.Thiscangreatlyreduceimplementationtimeandeffort.

5.2.3 OngoingsupportSystemsintegrationpartnerstypicallyoffermulti-yearoperationsandsupportasaservice.Customersshouldtakecaretounderstandtheavailableoptionsandselectatermthatbestmeetsbusinessneeds.Determinewhatservicesareincluded,includingservice-levelagreement(SLA)commitments.Othertopicstoreviewwithapotentialpartnerinclude:

• Datasovereigntyandlocationrequirements• Businesscontinuityrequirements,includingrecoverytimeobjectives(RTO)andrecoverypoint

objectives(RPO)• Disaster-recoveryneedsandexpectations• Long-termdataarchivingandretention• Responsibilityforpatchingandversionupgrades

27Formoreinformation,gotohttps://www.guidewire.com/partners/insurancecloud-solutions.

48


6 Appendix:GuidewireDeploymentInformationTheinformationinthisappendixistakenfromGuidewireinfrastructuresizingdocuments.

6.1 ClassesofEnvironmentsDifferentenvironmentsexperienceverydifferentlevelsofloadontheirinfrastructurecomponents.Itisusefultodescribeseveralclassesofenvironments,whosemembersaretypicallyloadedinasimilarfashion.

• Configurationclass(includesDeveloperlaptopsandworkstations,limited“Sandbox”environmentsfordemonstration,and,startingwithPolicyCenter8.0,ProductDesignerenvironments):Theseenvironmentsareusedtoconfigureanddemonstratetheproduct.Asingleuserconfigurestheproductandthenunit-testsitonasingleserverinstance.ProductDesigner,availablestartingwithPolicyCenter8.0,canbeusedstand-aloneonadeveloperlaptoporworkstation,orasamulti-userservercomponent.

• Functionaltestclass(includesBuild,QualityAssuranceAKAQA,andEndUserTraining):Theseenvironmentsareusedtotesttheproductfunctionally.Buildsarecreatedthatincludeworkfrommultipledevelopers,andfunctionaltestandQAareperformedonthem.Typically,atmostafewusersaccesstheproductconcurrently.

• Conversionclass:Theseenvironmentsareusedtoconvert(ormigrate)productiondatafromanoutgoinglegacysystem.Thereistypicallynosignificantapplicationtierloadintermsofuserrequests(theconcurrentusercountisminimal).However,theloadonthedatabaseandstoragetiers,duetothepotentiallylargevolumesofdatatobereadandwritten,canbesignificant.Thisincludesconversiontestandsmall-scaleproductiondatamigrationenvironments.Large-scaleconversionenvironmentsarenotsizedgenerically.

• Non-productionclass(includesPre-productionAKAPre-prod,UserAcceptanceTestingAKAUAT,andSystemIntegrationTestingAKASIT):Theseenvironmentssupportlessseverenon-productionloads,buttheytypicallyhavedistributedarchitecturesthatresemble(butaresmallerthan)Production-classenvironments.Pre-productionistypicallyusedtotestproductionchangesandfixesbeforedeployment,oftenagainstProduction-classdatainapre-productiondatabase.Therefore,insomecasespre-prodmaybeusedmoreasaProduction-classenvironment.

• Productionclass(includesProductionAKAProd,DisasterRecoveryAKADR,andPerformanceTestingAKAPerfTest):Theseenvironmentsmustsupportmaximumloadandarethereforesizedtomeettheloadsexpectedwhilemaintaininggoodonlineresponseandbatchcompletiontimes.

• Production-userclass(enduserworkstations):Typicalendusersaccesstheapplicationthroughawebbrowser.SomeminimumrequirementssupporttheGuidewireuserinterface(WebUI)withacceptableperformance.

49


6.2 EnvironmentdeploymenttimelineAtypicaltimelinefortheestablishmentofthevariousenvironmentsduringanimplementationproject:

1. EndofInception:LocalDeveloperConfiguration(AKADevelopment)environments,Build,QA,SIT,Conversion(AKAMigration,ifinscope)

2. EndofDevelopment(beginningofTestingphase/sprints):Environmentsin(1)stillinuse;addUAT

3. EndofTesting(beginningofPilot/Production):Environmentsin(1)and(2)stillinuse;addPerformanceTesting,Pre-Prod,Prod,andDisasterRecovery

6.3 GuidewireApplicationsandComponents6.3.1 CoreProductsClaimCenter(CC)providesclaimsmanagementfunctionality.PolicyCenter(PC)isusedforunderwritingand(typically)asthepolicysystemofrecord(SOR).BillingCenter(BC)providesautomatedbilling.Collectively,CC,PC,andBCarereferredtoasthecoreproducts.

ContactManager(CM)maybeusedasacontactrepositoryorforCustomerDataManagement(CDM)withoneormoreofthecoreproducts.ItismosttypicallyusedforvendordatawithCC.

GuidewirecoreapplicationsaretypicalJavaEEwebapplicationsandcanbeinstalledandusedwith,ataminimum,anapplicationservertier,adatabasetier,andastoragetier.Insomeenvironments(intheNon-productionandProductionclasses),itisalsocommontointegrateGuidewireapplicationswithexternalsystems.

Animplementation/licensingarrangementincludingCC,PC,BC,andCMisreferredtoasInsuranceSuite(IS).

6.3.2 DataProductsDataHub(DH),InfoCenter(IC),andBusinessIntelligenceforInsuranceSuite(BIIS)arereferredtoastheDataManagement(DMgtorDM)products.Animplementation/licensingarrangementincludingDHandIC,andusedwithonlyGuidewiresourcedata,isreferredtoasBusinessIntelligenceforInsuranceSuite(BIIS).

DHprovidesETLfromGuidewirecoreapplication(orotherexternal)datasourcesintoanOperationalDataStore(ODS)usingSAPBusinessObjectsDataServices(SAPBODS).AnSAPBODSnodeisastand-alone(non-Java)process.ICandBIISuseIBMCognosBusinessIntelligence(CognosReportingorCognos)toprovidereportsfromanenterprisedatawarehouse(EDW).CognosisaJavaEEwebapplicationandrequiresafront-enddispatchcomponent—typicallyawebserversuchasApache.

CognosLoadBalancingThereisadependencybetweenGuidewirecoreapplicationsandCognos,asGuidewiremustprovideameansforauthenticatingdifferentCognosusers.Thisistypicallydonebyhavingthecoreapprunanembedded(withinthesameJVMprocess)LDAPserverprovidingforCognosauthentication.AlthoughsuchLDAPservicesmayrunonmultipleGuidewirecoreproductnodes,thecallsintothem(fromCognos)cannotbeloadbalancedinthesamemanner(asthecoreproducts).ThisisbecausetheCognospluginconfigurationusesafixedlocationfortheGuidewireLDAPservice;thereisnomeansforCognosnodestodeterminetheavailableGuidewireclustermembers.Suchloadbalancing(oftheembedded

50


LDAPservice)canbeprovidedinsteadbyastaticcontentwebserver,althoughafront-endloadbalancingdevicecouldbeusedinstead.

6.3.3 DigitalPortalsProductsQuoteandBuyPortal(QBP),AccountManagementPortal(AMP),andClaimPortal(CP)arereferredtoasthePortalsproducts.

• QBPislicensedasQuoteandBuyPortalforPolicyholdersandinteractswithPC.• AMPislicensedasAccountManagementPortalforPolicyholdersandinteractswithCC,PC,and

BC.• CPislicensedasClaimPortalforPolicyholders,ClaimPortalforAgents,andClaimPortalfor

Vendors;allinteractwithCC.• GPAislicensedasGatewayPortalforAgentsandinteractswithCC,PC,andBC.

Portalproductsconsistofstaticcontent(HTML,JavaScript,etc.)downloadedfromastaticcontentwebserversuchasApacheorIIS.TheJavaScriptprovidesforclientaccessintotherelatedcoreproducts.AnadditionalAuthorizationservice,whichrunsasastand-aloneJavaprocessservice,canbeusedtolimittheaccess(oftheJavaScript-basedstatelessclientrequests)tospecificsetsofclaimorpolicydata.AuthorizationistypicallyusedwithAMP,CP,andGPA;itcanbeusedwithQBPtoallowclientstoreturntoaquoteinprogress.Authorizationnodesrunasstand-aloneJavaprocesses.

6.3.4 OtherComponentDetailsClientAccessandtheWebTierGuidewireapplicationsareaccessedbyusersthroughawebbrowser.Typically,requestsareload-balancedusingoneormorefront-endhardwaredevices,whichforwardintotheapplicationservertier.Insomeenvironments,customersmayrunanadditionalwebservertiertoprovideforstaticcontentcachingandcompression.Thiswebtiermayalsohandleloadbalancingacrosstheapplicationservertier.

GuidewireStudioAdevelopmentIDEcalledStudioisusedbyconfigurationdeveloperstoadaptGuidewireapplicationstocustomers’functionalrequirements.Studioisastand-aloneapplicationthatneedsnoexternaldatabase;laterversionsofGuidewirecoreproductsusetheIntelliJIDEwithStudioplugins.Studioisrunbyasingleuserandconsequentlyhaswell-definedCPUandmemoryrequirements.

SolrSearchSolrsearchprovidesforafaster,non-databasemeansofperformingcommonusersearchfunctionsfromthecoreapplications,suchasclaim,policy,andaccountsearch.WithSolr,textfielddataistypicallyread(asXMLdocuments)fromoneormoreGuidewireproductdatabases,orpropagatedviaGuidewiremessaging.TheXMLisindexedbytheSolrnodes,andsearchesfromthecoreappscanberoutedtotheminsteadofhandledasdatabasequeries.SolrnodesareJavaEEwebapplicationsandtypicallyruninthesametypeofapplicationserverasthecorrespondingcoreapplications(butinaseparateJVMprocess).

51


SolrHAandZooKeeper:InGuidewireenvironmentsneedingSolrsearchwithhighavailability(typicallyProductionclass),aminimumofthree(separate)ZooKeeperJVMprocessesshouldbeusedtokeeptrackoftheSolrnodeconfigurationsandavailability.ZooKeeperisnotpackagedwiththeGuidewirecoreproductsandshouldberunusingaseparatedistribution.ForproductionimplementationswithZooKeeper,customersshoulddownloadasupportedreleaseofZooKeeperfromApacheathttp://zookeeper.apache.org/releases.html.ZooKeepernodesrunasstand-aloneJavaprocesses.

PCHigh-VolumeQuotingInstanceSomecustomerschoosetodeployaseparatePolicyCenterimplementationtohandlehigh-volumequote(HVQ)requests.SuchrequestsaretypicallyfromQuoteAggregatorwebsitesthatquerymultipleinsurersforcomparativequotes.Thisquote-onlyPCimplementationisalsoreferredtoasPolicyCenterAggregator(PCAgg).Toimprovethroughput,PCAggquotesarenotusuallypersisted(asordinaryentities).

6.4 NodeTypesAnoderepresentsasinglepointofservice,suchasanetwork-connectedwebapplication,databaseschema,orJavaprocess.Guidewireapplicationssupporthorizontalscaling,usingapplicationnodeclustering.Nodescanbeclassifieddependingontheworktheyareintendedtoperform,thetypeofservicerequeststheyreceive,andrestrictionsimposedbyGuidewireclustering.

ItisimportanttounderstandthattheconfigurationofallGuidewireapplicationnodeswithinthesameGuidewireclustermustbeidentical,andthatanysuchnodeisthereforecapableofdoinganysortofwork.Differentnodetypesaredistinguishedbythetypesofworktheyperform.

Thecommonnodetypesdescribedininfrastructureestimatesare:

• Online:Receiveswebbrowser(user)requests,aswellasotherrequestsforservicefromexternalsystems,suchaswebservicecalls.Thesenodesshouldbeincludedinloadbalancing.Anynumberofsuchnodesmayruninthesamecluster.

o InGuidewireversion9(andlater)products,multipleserverrolescanbeassignedtoanynode.Typically,mostnodeswillbegiventherolesforWebUIandWebservice(see“ServerRoles”).Theresultisthatthesenodeshaveworkloadslike(pre-version9)onlinenodes.

• Batch:Dedicatedtorunningall“singleton”services,includingdistributedworkwritersandcustombatchprocesses,aswellassendingmessages.AlsoperformsspecialfunctionssuchasDatabaseUpgrade.Thesenodesshouldnotbeincludedinloadbalancing,andthereforedonotreceiveuserorexternalrequestsforservice.Atmostonebatchnodecanruninthesamecluster,andsuchanodeisnormallyalwaysrunning.

o InGuidewireversion9(andlater)products,multipleserverrolescanbeassignedtoanynode.Typically,oneorafewnodeswillbegiventherolesforBatch,Workqueue,

52


Scheduler,Messaging,andStartable(see“ServerRoles”).Theresultisthatthesenodeshaveworkloadslike(pre-version9)batchnodes.

• Reporting:Reporting(Cognos)nodesareofthesametype,andthereisnoconceptofabatchnodeforthisapplication.CognosnodesrunonJavaapplicationserverprocessesandareaccessedviaHTTPcommunications,sotheycanbeincludedinloadbalancingifdesired.

• Dataservices:InfoCenter(IC)andDataHub(DH),alongwithBusinessIntelligenceforInsuranceSuite(BI),aretypicallyrunbyasingleSAPJobServerBusinessObjectsDataServices(BODS)node,whichinteractswithoneormoredatabases.Thereisnoconceptofabatchnodeforthisapplication,anditisnotaJavaprocess.TheresourcesforBODSareincludedintheapplicationservertierforconvenience,sincetheproductinteractswiththedatabasetier.

• Solr:Lucene-basedSolrsearchnodesareusedforindexingandsearchingtextdata.EachSolrnodeisanapplicationserverprocesshostingindividualwebapps—oneforeachGuidewireproductthatusesSolrsearch.Solrnodesareofthesametype,andthereisnoconceptofabatchnodeforthisapplication.ThesenodesdonottakepartintheGuidewireclusterbutaretypicallylocatedwithinthesameinfrastructure.Theydonotusuallyreceivedirectrequestsfromexternalusersorsystems,sotheydonotneedtobeincludedinloadbalancing.

• ZooKeeper:TheseJVMprocessesareusedtokeeptrackofSolrnodelocationsandavailability.ThereisnoconceptofaZooKeeperbatchnode,anditisnotanapplicationserverprocess.ZooKeepersdonottakepartintheGuidewireclusterbutaretypicallylocatedwithinthesameinfrastructure.Theydonotusuallyreceivedirectrequestsfromexternalusersorsystems,sotheydonotneedtobeincludedinloadbalancing.

• Database:Asingledatabaseschema.Astand-alonedatabaseserverinstance(databaseserverprocess)ormultipleprocessesinamulti-instancecluster(suchasOracleRAC)hostoneormoreschemas.Thistypeissometimesreferredtoasa“schemanode.”Fromaprocessperspective,adatabaseserverprocessmaysometimesbedescribedasanode,sincetheothernodetypesaremostlyone-to-onewiththeirhostingprocess.

• Generalwebservice:ForwardsrequestsforthecoreGuidewireapplicationsorCognosReporting,typicallytoprovidereverseproxyandloadbalancing.ThesenodesareservedbywebserverprocessesandareaccessedviaHTTPcommunications,sotheycanbeincludedinloadbalancingfromahardwareloadbalancerifdesired.

• Portal:PortalnodesareservedbywebserverprocessesandareaccessedviaHTTPcommunications,sotheycanbeincludedinloadbalancingifdesired.

• Portalauthorization:TheseareprovidedbyJVMprocessesandareusedforauthorizationofauthenticatedportalrequests,astheseareforwardedintothecoreapplications.Thereisnoconceptofanauthorizationbatchnode,anditisnotanapplicationserverprocess.AuthorizersdonottakepartintheGuidewireclusterbutaretypicallylocatedwithinthesameinfrastructure.Theydonotusuallyreceivedirectrequestsfromexternalusersorsystems,sotheydonotneedtobeincludedinloadbalancing.

6.4.1 AlternateNodeTypesInadditiontothecommonnodetypes,variantsthatcanbeconvenienttodescribeincludethefollowing:

• UI(WebUI)node:Atypeofonlinenode.Insomecases,customersmaywanttofurtherdifferentiateonlinenodesandloadbalanceaccordingly.Forexample,therecouldbesomenodesdedicatedtouserrequestsonly,onaURL,andadifferentsetofnodesonadifferentURLthatreceiveallwebservicecalls.Whenthisisdone,nodesthatreceiveonlyuserrequestcalls

53


arereferredtoasUInodes.Asonlinenodes,theyshouldbeincludedinwhateverloadbalancingisusedforuserrequests,andanynumberofsuchnodesmayruninthesamecluster.

o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforWebUI.

• Webservicenode:Atypeofonlinenode.AswithUInodes,customersmaywanttofurtherdifferentiateonlinenodes,andloadbalanceaccordingly.Nodesthatreceiveonlywebservicecallsarereferredtoaswebservicenodes.Asonlinenodes,theyshouldbeincludedinwhateverloadbalancingisusedforwebservicecalls,andanynumberofsuchnodesmayruninthesamecluster.

o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforwebservice.

• Integrationnode:Likeawebservicenode,andatypeofonlinenode.Aswiththeprecedingnodes,customersmaywanttofurtherdifferentiateonlinenodesandloadbalanceaccordingly.Nodesthatonlycommunicatetoorfromexternalsystems(thismayormaynotbeviawebservicecalls)arereferredtoasintegrationnodes.Asonlinenodes,theyshouldbeincludedinwhateverloadbalancingisusedfortheintegrationcalls,andanynumberofsuchnodesmayruninthesamecluster.

o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforStartableiftheintegrationusesaninboundcalltoastartableplugin.

• Portalservicenode:Atypeofonlinenode.Liketheabove,customersmaywanttodedicateapplicationnodesforprocessingPortalrequests.Theseworkloadsresultinsimilarloadsasforonlineuserrequests.Suchnodesreceiveexternalrequests,sotheyshouldbeincludedinloadbalancing.Anynumberofsuchnodescanruninthesamecluster.

• DistributedWorker(DW)node:Atypeofonlinenode.Liketheabove,customersmaywanttodedicatenodesforprocessingdistributedwork(thatis,torundistributedworkers).Thesedistributedworkloadsresultinsimilarloadsasforbatchprocessing.Suchnodesdonotreceiveexternalrequests,sotheyshouldnotbeincludedinloadbalancing.Anynumberofsuchnodesmayruninthesamecluster.

o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforWorkqueue.

• Online/batchnode:Atypeofbatchnodetypicallyseeninlow-loadenvironments(suchasConfigurationornon-prod),inlow-loadprodenvironments(suchasContactManagerforacustomerwithasmalleramountofcontacts),andinprodenvironmentshavinglittlebatchworkload(suchasPolicyCenterAggregator).Thistypeisabatchnodewhichalsoreceivesexternalrequests.Itiscommonforanonline/batchnodeinanon-prodenvironmenttobetheonlynodeinitscluster,inwhichcasetherewouldalsoeffectivelybenoloadbalancing.

o InGuidewireversion9(andlater)products,suchanodemaybegivenallroles:WebUI,Webservice,Batch,Workqueue,Scheduler,Messaging,andStartable.

• Conversionnode:Atypeofonlinenode.Insomecases,customersmaywanttorunanodeornodesdedicatedtolegacydataconversion.Suchnodesoftenrunforonlyalimitedperiod(untiltheconversioniscompleted)andarethenretired.Suchanodetypicallydoesnotreceiveonlinerequests,soitisnotincludedinloadbalancing.Anynumberofsuchnodesmayruninthesamecluster

54


6.5 ServerRoles(version9andlatercoreproducts)Guidewireversion9coreproductsintroducedserverroles.ThisfeatureprovidestheflexibilityforanynodeinaGuidewireclustertoperformanyofseveralfunctions.Notethatsomeofthesefunctionsaresingleton(mustoccurinonelocationonly),suchasorderedmessagingforaspecificdestinationneedingtooccurononlyonenodeatatime.Generally,failoverforsuchsingletonserviceshappensautomatically,assumingthatanothernodehavingtheappropriateroleisavailable.Otherservicescanrunsimultaneouslyonmultiplenodeshavingtheappropriaterole.Notethatallassignablerolesmustbedefinedintheconfigurationregistryelement,andthatindividualservers(nodes)mayhavemultipleroles.Environments(envparameter)maybeusedtogrouptherolesofmultiplenodeswhichbelongtothesameenvironment.

Theserverrolesusedininfrastructureestimatesare:

• Batch:Batchprocessingisdistributedacrossallserverinstancesintheclusterthathavethebatchrole.Batchprocessesmaybestartedbyanodehavingtheschedulerrole.Suchbatchprocessesarecategorizedasexclusiveandnon-exclusive:o Exclusivebatchprocessesrunonexactlyoneclustermember(havingthebatchrole)ata

time.o Non-exclusivebatchprocessesrunexactlyoncewhenstarted.However,itispossibleto

startnon-exclusivebatchprocessesmultipletimes(beforeanearlierprocesscompletes).Thisallowsanon-exclusivebatchprocesstoberunconcurrentlyonmultiplenodeshavingthebatchrole.

Onceabatchprocessisstartedonanode,ifthatnodefails,thenthebatchprocesswillbemarkedasfailedandcanbererunonadifferentnodeatthenextscheduledtime.

• Messaging:Messageprocessingisdistributedacrossallserverinstancesthathavethemessagingrole.Eachmessagedestinationisassignedtoaspecificnodeatstartup.Ifthatnodegoesdown,anothernodewillautomaticallybegintoprocessitsmessagingdestinations.

• scheduler:Typically,onlyasmallnumberofclusternodeshavetheschedulerrole.Thesenodesrunmultiplesynchronizedinstancesoftheschedulerfunctioninparallel.Intheeventofonenodefailure,otherschedulernodescancontinueprocessing,sincetheyaresynchronized.

• startable:CertainservicesmaybeimplementedassingletonStartableplugins.ThesepluginsimplementtheIStartablePlugininterfaceanddonotcarrytheDistributedannotationontheirimplementation.Asingleinstanceofanon-distributedpluginrunsonanodehavingthestartablerole.Ifthenode(onwhichasingletonstartablepluginisrunning)fails,itwillbestartedonanothernodebytheclusterleasemanagers.Guidewiredefinesanadditionaltypeofclustersingletonplugins,knownasinboundintegrations,intheinbound-integration-config.xmlfile.

Otherstartablepluginscanbedistributed(havethe@Distributedannotation).Thesemayrunonanynodeinthecluster(eitherhavingthestartableroleornot),withoneinstancepernode.

Ifyouhavemultiplenodesthatarerunningthesamedistributedstartables,youmusttrackthepluginstatescarefully.Guidewirerecommendssavingthestarted/stoppedstateintheproductdatabase.Thishandlesedgecases,suchasanodejoiningtheclusterlateafterothernodeshavestarted.Afteryoucommitsuchstatechangestothedatabase,notificationofthestatechangetoothernodeshappensautomatically.

55


• workqueue:Workqueuesaredistributedacrossallnodeshavingtheworkqueuerole.Bydefault,eachworkqueuerunsasingleworkeroneachworkqueuenode,unlessconfiguredotherwise.

• ui:Webrequests(typicallyfromanenduserbrowser),suchasthosethatrenderorupdatewebpages(andwhichmayperformbusinesstransactionsalongtheway),canbedistributedtoanynodehavingtheuirole.Theassumptionisthatonceausersessionisbegunonanode,allfurtherrequestsbelongingtoitaredirectedthere.Userinterfacenodestypicallyoperateinconjunctionwitha(non-Guidewire)loadbalancerthatmanagesthenecessarydispatchandsessionaffinity.

• webservice:AlthoughthereisnoOOBserverrolehavingthisname,anodehavingnorolesiseffectivelyabletoprocessonlywebservicerequests(forwebservicespublishedbytheGuidewireGosuWSIframework).Althoughallnodescanprocesssuchrequests,regardlessoftheirrole(s),aloadbalancercanbeusedtorestrictsendingsuchrequeststoadefinedgroupof“webservice”nodes.

InadditiontothefixedsetofOOBroles,additionalroles(genericallydescribedas"custom"here)maybedefined.

• custom:Acustomrolecanbedefinedintheconfigurationregistryelementandassignedtospecificnodes.Anyuniquenamecanbeusedforacustomrole.ThisprovidesawayofgroupingnodeswithsimilarfunctionstogetheroutsideoftheOOBroles.

Notethataleaserepresentstherightforanodetoperformsomefunctionforaperiod.WithinaGuidewireapplicationcluster,aleasespecificallyrepresentsoneofthefollowing:

• Asinglerunofabatchprocess• Controlofasinglemessagedestination• Controlofasinglestartableplugin,ifitisasingle-instance(nondistributed)startable

EachnodeintheGuidewireclusterhasaleasemanagerforeachleasetype.However,somefunctionalitiesrequireanodehavingaspecificserverrole.Forexample,onlyanodewiththemessagingrolecanacquireandmanagealeaseforamessagedestination.

6.5.1 CloudDeploymentandServerRolesForclouddeployments,asuggestedapproachistohaveseparatescalinggroupsforeachsetoffunctionsthatmayneedtoscaleupordownatdifferentrates.Forexample,ifbatch-typenodesaregroupedtogetherinoneautoscalinggroupandonline-typenodesaregroupedinanother,thenseparateenvironmentscouldbeusedforeach,asfollows:

<registry roles="batch, scheduler, workqueue, messaging, startable, ui">

<server env="sqlserver" serverid="node0" roles="batch, workqueue, scheduler, messaging, startable"/>

<server env="sqlserver" serverid="node1" roles="ui"/>

<server env="sqlserver" serverid="node2" roles="batch, workqueue, scheduler, messaging, startable"/>

<server env="sqlserver" serverid="node3" roles="ui"/>

<server env="oracle" serverid="node0" roles="batch, workqueue, scheduler, messaging, startable"/>

56


<server env="oracle" serverid="node1" roles="ui"/>

<server env="oracle" serverid="node2" roles="batch, workqueue, scheduler, messaging, startable"/>

<server env="oracle" serverid="node3" roles="ui"/>

</registry>

Thisenablesthelaunchingofnewnodesfromacommon.warfile(asrequiredbyGuidewireclustering),butusingseparatemachineinstanceswhichdefinetheirenvironmentsdifferently—asonlineenvorbatchenv.Whenthebatch-typenodesneedscalingup,theylaunchabatch-typemachineinstancewithbatchenvastheenvparam.Similarly,theonline-typenodeswouldscaleupfromtheirmachineimageandbedirectedtheappropriateWebUIrequestsfromascalinggroup-awareloadbalancer(forexample,anAWSELB).

6.6 ProcessorCapacityEffectsGuidewiresystemresponsetimesarepartiallylinkedtotheprocessorchosen;thosewiththefastestcoresgenerallyprovidethebestperformance.Customersshouldnotethatalowerperformingprocessor/corecanresultinalargerhardwarerequirementandpotentiallylongerresponsetimes.

6.7 EnvironmentDescriptions6.7.1 SimilarityAcrossProduction-ClassEnvironmentsGuidewireassumesthatProduction-classenvironments(includingProduction,DisasterRecovery,andPerformancetesting)areeffectivelyidenticalintermsoftheirhardwarerequirements.Thisisbasedonthefollowingunderstanding:

• TheDisasterRecoveryenvironmentneedstosupportthesameproductsandusersastheProductionenvironment,atafullProductionload.

• ThePerformanceTestingenvironmentneedstosupportfullproductionloadduringtests.

Customerscandecidetoconsolidatetheseenvironmentsandreducethecorrespondingcosts.Forexample,acustomercanusetheDisasterRecovery(DR)environmenttoalsosupportPerformanceTesting.ThiscanbedonebecausetheDRenvironmentnormallyrequiresonlyminimalresourcesonthedatabaseservertiertoprocessreplicateddatachangesfromtheprimary(Production)site.SotheDRenvironmentremainsunderutilizedandcanbemadeoccasionallyavailableforotheractivities,suchasperformancetests.

AboutGuidewireGuidewiredeliversthesoftwarethatPropertyandCasualty(P&C)insurersneedtoadaptandsucceedinatimeofrapidindustrychange.Wecombinethreeelements–coreoperations,dataandanalytics,anddigitalengagement–intoatechnologyplatformthatenhancesinsurers’abilitytoengageandempowertheircustomersandemployees.Morethan260P&CinsurersaroundtheworldhaveselectedGuidewire.Formoreinformation,pleasevisitwww.guidewire.comandfollowusontwitter:@Guidewire_PandC.

©2017GuidewireSoftware,Inc.Allrightsreserved.Guidewire,GuidewireSoftware,GuidewireClaimCenter,GuidewirePolicyCenter,GuidewireBillingCenter,GuidewireInsuranceSuite,GuidewireLive,GuidewirePredictiveAnalytics,Adaptandsucceed,andtheGuidewirelogoaretrademarksorregisteredtrademarksofGuidewireSoftware,Inc.intheUnitedStatesand/orothercountries.20170327

Guidewire InsuranceSuite 9 · embrace cloud technology, which is becoming much more relevant for...

Documents

Transcript of Guidewire InsuranceSuite 9 · embrace cloud technology, which is becoming much more relevant for...