Priv Cloud

Dan Sullivan

Deploying and Managing Private CloudsThe Essentials Series

sponsored by

The Essentials Series: Deploying and Managing Private Clouds Dan Sullivan

i

Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens of high‐quality books that just happen to be delivered in electronic format—at no cost to you, the reader. We’ve made this unique publishing model work through the generous support and cooperation of our sponsors, who agree to bear each book’s production expenses for the benefit of our readers.

Although we’ve always offered our publications to you for free, don’t think for a moment that quality is anything less than our top priority. My job is to make sure that our books are as good as—and in most cases better than—any printed book that would cost you $40 or more. Our electronic publishing model offers several advantages over printed books: You receive chapters literally as fast as our authors produce them (hence the “realtime” aspect of our model), and we can update chapters to reflect the latest changes in technology.

I want to point out that our books are by no means paid advertisements or white papers. We’re an independent publishing company, and an important aspect of my job is to make sure that our authors are free to voice their expertise and opinions without reservation or restriction. We maintain complete editorial control of our publications, and I’m proud that we’ve produced so many quality books over the past years.

I want to extend an invitation to visit us at http://nexus.realtimepublishers.com, especially if you’ve received this publication from a friend or colleague. We have a wide variety of additional books on a range of topics, and you’re sure to find something that’s of interest to you—and it won’t cost you a thing. We hope you’ll continue to come to Realtime for your

far into the future. educational needs

enjoy. Until then,

Don Jones

http://nexus.realtimepublishers.com/


ii

Introduction to Realtime Publishers ................................................................................................................. i

Ar

ticle 1: Steps to Migrating to a Private Cloud .......................................................................................... 1

Ad vantages of a Private Cloud ....................................................................................................................... 1

Improved Hardware Optimization .......................................................................................................... 2

Reduced Support Costs with Self‐Service Management ................................................................ 3

Reduced Capital Expenditures .................................................................................................................. 3

Reduced Time to Deploy Applications and Services ....................................................................... 3

When a Private Cloud Is Not the Right Option ........................................................................................ 3

Assessing the Current State of Readiness for a Private Cloud ......................................................... 4

Incrementally Moving to a Private Cloud .................................................................................................. 5

Summary ................................................................................................................................................................. 5

Ar ticle 2: Tips and Best Practices for Managing a Private Cloud ......................................................... 6

Es tablishing Policies and Procedures ......................................................................................................... 6

Cost Allocation and Reporting .................................................................................................................. 7

Image Management ........................................................................................................................................ 7

Security and Patch Management .............................................................................................................. 8

Backup and Disaster Recovery ................................................................................................................. 9

Standardizing Hardware and Application Stacks .................................................................................. 9

Formalize Discovery and Monitoring Procedures ............................................................................. 10

Summary .............................................................................................................................................................. 11

Article 3: Managing for the Long Term: Keys to Securing, Troubleshooting, and Monitoring a P rivate Cloud ........................................................................................................................................................ 12

Se curing a Private Cloud ................................................................................................................................ 12

Identity Management ................................................................................................................................. 13

Image Management ..................................................................................................................................... 13

Network Security ......................................................................................................................................... 14

Troubleshooting Private Cloud Infrastructure ............................................................................... 14

Key Areas to Monitor ...................................................................................................................................... 15

Summary .............................................................................................................................................................. 16


iii

Copyright Statement © 2011 Realtime Publishers. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the “Materials”) and this site and any such Materials are protected by international copyright and trademark laws.

THE MATERIALS ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtime Publishers its web site sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials.

The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, non-commercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice.

The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties.

Realtime Publishers and the Realtime Publishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners.

If you have any questions about these terms, or if you would like information about licensing materials from Realtime Publishers, please contact us via e-mail at [email protected].

mailto:[email protected]


1

[Editor’s Note: This book was downloaded from Realtime Nexus—The Digital Library for IT rofessionals. All leading technology books from Realtime Publishers can be found at ttp://nexus.realtimepublishers.comPh .]

Article 1: Steps to Migrating to a Private Cloud

Advances in server hardware, network infrastructure, and virtualization allow for a range of IT architectures, including the use of computing clouds. Clouds are collections of computing, storage, and network services that can be rapidly allocated for particular jobs and then easily released to be employed for other tasks when the jobs are completed. The adoption and continued use of public cloud services demonstrate the effectiveness and efficiency of this computing model. Businesses and other organizations with underutilized server capacity may be well served by redeploying their hardware in a private cloud configuration.

This series provides an overview of private clouds, their advantages and disadvantages, and a suggested plan for migrating to a private cloud architecture. This article will begin the discuss ss and talk about: ion with an assessment proce

• Advantages of a private cloud

• When a private cloud is not the right option

• ud Current state of readiness for a private clo

• Incremental movement to a private cloud An obvious question you must first answer in this process is, Why use a private cloud?

Advantages of a Private Cloud The advantages of a private cloud stem from four common characteristics found in cloud environments:

• Improved hardware optimization

• lf‐service management Reduced support costs with se

• Reduced capital expenditures

• Reduced time to deploy applications and services ach of these characteristics is a product of the cloud architecture. E



2

Improved Hardware Optimization Traditional methods of deploying a single server to run a single application often result in underutilization of server capacity. Servers designed to maintain acceptable throughput during periods of peak demand waste computing capacity during non‐peak periods. Running multiple virtual servers on a single hardware server can help to improve utilization, but because these configurations are relatively static, there may continue to be periods of low utilization.

Consider an example. A finance reporting server experiences peak demands in the middle of the night and early morning as daily reports are generated. A human resources application server experiences the greatest demand during normal business hours, especially the late morning and early afternoon. These two applications could run on a single server using virtualized hosts, improving the overall utilization rate. There are still, however, periods when the CPUs and other server resources are significantly underutilized.

As we see in Figure 1, even with virtualization, there are times when another virtual machine could make use of the physical server. A drawback of virtualization is that it requires significant effort to install, configure, and monitor each new virtual machine. Although we have available CPU capacity, the time and effort required to install another virtual machine outweigh the benefits of more efficient server utilization. Cloud computing software eliminates this type of administrative overhead and allows for rapid deployment of virtual machines.

Figure 1: Virtualization can improve utilization but there may continue to be periods

of underutilization.


3

Reduced Support Costs with Self‐Service Management With a private cloud, IT departments can establish catalogs of virtual machine images, sometimes referred to as a service catalog. End users can select an image from the service catalog and have it run on one or more virtual machines in the private cloud. A systems administrator is no longer needed to start a new virtual machine. End users decide when to start and stop their virtual machines. As a result, hardware can be more efficiently utilized while at the same time reducing support costs through self‐service management.

Reduced Capital Expenditures More efficient use of server hardware can quickly lead to reduced capital expenditures. In the past, a new business service may have required additional hardware to support that service. Using a private cloud, an IT department can pool its server resources and allocate virtual servers as needed. New business services can tap into the same pool of servers without having to purchase hardware based on peak demand expectations. Cloud administrators monitor usage and plan for expansion based on the aggregate needs of all users—not on the peak demand periods of each individual application.

Reduced Time to Deploy Applications and Services Eliminating or reducing the need to tightly couple hardware to applications can also reduce the time required to deploy new applications and services. Application owners and system architects can design and deploy new services to the cloud without having to wait to procure, install, and configure new hardware.

The advantages of cloud computing are compelling reasons to shift to this model, but is it always the right choice?

When a Private Cloud Is Not the Right Option Ideal solutions in some circumstances are not ideal in others. Cloud computing is no exception. In general, cloud computing can be an efficient and cost‐effective way of deploying met: IT resources when the following conditions are

• The cloud provider has standardized hardware

• The cloud provider has standardized operating system (OS) and application stacks

• ing Sufficient networking infrastructure is in place to support cloud comput

• Management tools, such as server and network monitoring, are in place

ms

• The distribution of jobs lends themselves to distributed computing platforA private cloud may not be the best option if the hardware you plan to deploy is not standardized. A common hardware foundation will make deployment and management much easier. If different platforms require different drivers and separate versions of machine images, the cloud will require additional management and undermine some of the cost advantages of a cloud.


4

If jobs are not easily divided among virtual machines, a private cloud may not be appropriate. For example, a business intelligence application that generates a large number of reports can be split over several virtual machines with each instance generating reports for different departments. In contrast, an optimization problem that requires a large amount of shared memory on a single machine or a graphics rendering application that requires specialized graphics hardware are best run on dedicated hardware.

Another requirement that is easily overlooked is having proper management tools in place. Clouds require monitoring to ensure services are running as expected in the short term and to provide data for longer‐term capacity planning. If appropriate monitoring tools are not in place already, they should be included in the plans for deploying a private cloud. This is just one of the requirements that you should assess before migrating to a private cloud.

Assessing the Current State of Readiness for a Private Cloud Planning is the process of identifying how to get from where you are to where you want to be. The first step in the case of private cloud deployments is understanding where you are in terms of re, including an assessment of: existing IT infrastructu

• Existing infrastructure

• Resource utilization levels

• ations Policies and procedures governing IT oper

• Reporting and cost allocation procedures Each of these represents important elements for successfully delivering private cloud services.

Existing infrastructure includes servers, storage systems, and networking infrastructure. Ideally, private clouds make use of similar servers. They have the same CPU cores, amounts of memory, types of power supplies, and network interface components. As you inventory your hardware, determine how many of your existing servers can be used in a cloud. Servers that are at or near the end of their useful life should not be included in a cloud.

. Older hardware may still be useful for less demanding applications, such as print servers

Similarly, plan to deploy storage arrays based on similar technologies. The more we use standardized hardware, the more we can reduce the management overhead of the cloud.

Assess network capacity. Are there segments of the network with high latency? Is existing bandwidth sufficient for current needs? It is important to understand if any parts of the network infrastructure will need to be upgraded prior to moving to a private cloud. It is possible that a shift to a cloud model will not significantly alter the demand for network services, but monitoring is essential to understand the requirements for your particular environment. For example, it may be difficult to estimate the growth in demand for network services when deploying a private cloud. With reduced costs to deploy new services and greater self‐management, business units may begin to experiment with new applications and increase the number of jobs they run.


5

Formal policies and procedures should be in place prior to migrating to a private cloud. Many aspects of these policies will be embodied in systems that implement the cloud. User authentication policies, for example, must be in place in order to control access to cloud resources. Similarly, billing and cost recovery policies must be defined so that users can make choices about the types and amounts of cloud services to use. Procedures should be in place to automate as much as possible the accounting and billing aspects of delivering cloud services.

Incrementally Moving to a Private Cloud Deploying a private cloud does not have to occur in a short period of time; it may be advantageous to take an incremental approach to implementing a cloud. This can be done following a basic three‐part process:

• Identify hardware and applications that can be moved to a private cloud. Again, not all jobs are suitable for a cloud environment, but many business applications are.

• Determine the utilization levels needed to support an initial set of cloud applications. Use monitoring logs on existing servers to understand peak demand levels, the duration of peak demand periods, as well as average CPU,

memory, storage, and network utilization over an extended period of time.

• Establish a monitoring program to capture data about how the cloud infrastructure is used.

Once a private cloud is deployed, you will still likely have non‐cloud resources operating as part of the broader IT infrastructure. It is important to continue to monitor these resources as well. As business users migrate their applications to the cloud, additional resources may be needed in the private cloud. Some of this need may be met by servers that operate outside the cloud. A comprehensive monitoring program will help to optimize the allocation of resources between cloud and non‐cloud deployments.

Summary Private cloud computing environments offer a number of advantages for optimizing the use of servers, storage, and network services. Although cloud architectures are not appropriate for all requirements, many business applications are well served by cloud computing. Organizations planning a move to a private cloud should conduct a readiness assessment prior to deploying a private cloud. As part of the implementation, ensure policies and procedures are in place to effectively manage the cloud and have monitoring tools in place to collect the data that will be needed to ensure both the short‐term availability and long‐term efficiency of the private cloud.


6

Article 2: Tips and Best Practices for Managing a Private Cloud

Private clouds are a relatively new model for delivering computing and storage services, but this model builds on a long history of IT infrastructure management. Private clouds are a delivery model that builds on well‐established IT practices, such as virtualization, network management, systems administration, and operations management. These practices have developed over years of repeated use and refinement in a wide variety of application areas. We draw from these practices here and highlight three areas that are especially nt: applicable to private cloud manageme

• Establishing policies and procedures

• Standardizing hardware and application stacks

• Formalizing discovery and monitoring procedures Together, these help to establish a sustainable management framework that promotes the efficient use of cloud resources without creating unnecessary management burdens for IT staff.

Establishing Policies and Procedures The first set of tips and best practices is not about some arcane technology that enables cloud computing but is instead about management practices. In many ways, the best hardware in the optimal configuration will only continue to perform well for so long before changes in demands, hardware failures, and software revisions start to adversely impact operations. Private clouds require a minimal set of operating policies and procedures that are implemented by automated systems and support staff to ensure the private cloud

vices. continues to deliver computing, storage, and networking ser

Some of th procedures entail: e most important policies and

• eporting Cost allocation and r

• Image management

• patch management Security and

• Monitoring

• Backup and disaster recovery


7

Cost Allocation and Reporting Cloud computing allows you to efficiently allocate computing and storage resources on demand on an as‐needed basis. When the finance department has a large number of end‐of‐quarter reports to generate, they can allocate multiple virtual servers in the private cloud for as long as needed to complete the reports. A data warehouse project with a large amount of legacy data can use the cloud for the initial data extraction, transformation, and load process to rapidly add legacy data to a new data warehouse. When advertising campaigns are more successful than anticipated and a there is a surge in orders, the online business can scale up by adding application servers and Web servers to accommodate the demand. Unless all of these services are provided without charge to end users, you must have a mechanism in place to track usage.

A cost recovery system can use data from the self‐service management system to track which users are allocating virtual servers, how long they run, and which applications are run on the virtual servers. The latter is important to recover the cost of software licenses. Similar data is required on the amount of data storage used over time as well as the amount of network bandwidth used while running applications in the private cloud.

Policies are needed so that IT providers can plan to recover their costs and possibly build capital to finance additional infrastructure purchase. Users need these policies so that they can plan how to efficiently use the cloud. An advantage of cost recovery policies is that they can be used to distribute jobs across time. For example, if the cost of an hour of CPU time is the same at all times of the day, users have no incentive to run their jobs at any particular time of the day. If, however, the cost of a CPU hour was 50% less during non‐business hours, users with batch reporting jobs might move their jobs to off‐hours leaving more resources to time‐critical applications.

Image Management Part of a private cloud’s service offerings is a service catalog. This set of virtual machine images is available for use in the cloud. Policies and procedures should be in place that define what types of images will be available in the service catalog as well as rules governing the use of privately created and managed images in the cloud.

Policies should define a process for adding new images to the service catalog and reviewing, and possibly removing, images. The goal is to maintain the set of images that are needed by users while staying in compliance with software licenses and reducing security risks to vulnerabilities that may exist in the operating systems (OSs) and applications ithin these images. This begins to get into the realm of security within the private cloud. w


8

Security and Patch Management The need for preserving the confidentiality of information, the integrity of data, and the availability of resources are the key drivers behind IT security. A private cloud should build on existing to: security policies, especially with regard

• User authentication and authorizations

• on IT‐managed hardware Software allowed to run

• Vulnerability scanning

• ing Operations monitor

• Patch management A private cloud by definition is restricted to a specific set of potential users. Policies and procedures should be in place to ensure that only qualified users are allowed to access cloud resources, that authorizations to use software and hardware are aligned with a user’s roles and responsibilities, and that those authorizations and privileges can be easily modified as needed.

Policies can also be used to balance the need of IT administrators to control which application : s run in the cloud with the specialized needs of some users. For example

• If a department hires a team of consultants to design a custom database cloud? application, what kind of review process is required to add it to run in the

• Can users run any application that uses a standard database management system, such as Microsoft SQL Server?

• What if it uses a database management system not supported by IT? Planning for how to make decisions such as this are best done while planning for the private cloud; this helps to reduce the need for ad hoc decision making with regards to policies and procedures.

Complex software can harbor vulnerabilities that can be exploited for malicious purposes. Vulnerability scanning is an established practice of checking deployed applications and OSs for known risks. This type of practice should continue with private clouds. Both public images in the service catalog and privately managed images should be checked according to a policy‐defined schedule using vulnerability scanning tools that meet functional requirements defined in those policies.

Policies should also define the type of operational data to collect and the frequency with which it should be collected. The goal of this policy is to ensure IT administrators have the information they need to optimally manage the private cloud on a day‐to‐day basis. This policy also provides baseline data and trend information that managers can use for planning for the long‐term growth of the private cloud.


9

Another policy should govern the patch management process and the related process of rebuilding images. After an image is built and stored in the service catalog, there may be OS upgrades and patches to applications that should be applied. A policy should describe conditions under which a patch is considered critical and should be applied immediately; it should also define routine patch schedules for non‐critical updates. As with other policies, it is important to have this policy in place when deploying a private cloud to reduce the need for ad hoc policy making.

Backup and Disaster Recovery A private cloud may be used for production operations, so it is important to have a backup and disaster recovery policy in place. The backup policy should define what data is backed up, how long backups are kept, as well as costs associated with those services. Similarly, in the event of a catastrophic failure of a private cloud, a failover plan should be in place. This plan may include using multiple data centers to host a private cloud or running jobs in a more conventionally organized cluster environment with manual management of jobs. The details of how to implement backup and disaster recovery will vary by your needs and resources, but it is essential for business continuity planning to have some policy in place.

Standardizing Hardware and Application Stacks Another set of best practices focuses on standardizing hardware and application stacks. It is not that a variety of hardware or software is necessarily a bad thing, but it often requires additional time to manage. Consider a simple scenario: Suppose you build a cloud with servers from three vendors with different network and storage controllers. In order to minimize downtime, you maintain spare parts; however, you have multiple configurations, so you must maintain a larger set of spares than if you had a single standard configuration. The additional overhead does not stop with hardware. It is not hard to imagine that one configuration of Linux might work optimally given one hardware configuration but sub‐optimally in another configuration and, as a result, you start to maintain two or more configurations.

The management objective with regards to standardizing is to have the minimal number of distinct hardware and software configurations that meet all user requirements. Fortunately, it is fairly easy to standardize hardware, especially if you are purchasing new servers and storage arrays. Even if you are working with legacy hardware, you can

ardware is retired or repurposed. incrementally move to standard configurations as older h


10

Businesses with a wide range of application needs will find that they must maintain a fairly broad service catalog of images. This is not necessarily a problem if you can at least standardize on some of the key components in the application stack:

• OS

• s Application server

• Network services

• Transaction processing servers For example, a business may have one or two versions of Windows Server and two or three versions of Linux OSs for different tasks. Building on these, the IT department can offer .Net Framework applications on the Windows servers while providing Java applications on the Linux servers. Applications that require directory services may be able to run a standard LDAP server. Similarly, the private cloud may offer a preconfigured transaction processing server that is generalized enough to meet most user requirements.

Standardization does not require that you fit everyone’s needs into a single set of application images. There will be exceptions and those should be accommodated. The purpose of standardization is to reduce management overhead, not constrain business requirements.

Formalize Discovery and Monitoring Procedures Knowing what you are managing and understanding how it is used is essential to efficiently delivering cloud services. Businesses that deploy private clouds will likely have some resources dedicated to the cloud and others used outside the cloud. An ongoing objective will be to allocate servers, storage, and network services optimally between the private cloud and other uses. If servers are underutilized outside the cloud while at the same time job queues are growing in the cloud because there is not sufficient CPU capacity, then you should consider reallocating resources. To collect this kind of data, you need to have discovery and monitoring procedures in place.


11

Discovery and monitoring software can meet at least three management needs. Automated discovery helps to maintain an accurate inventory of resources. This is especially important when hardware is frequently moved and repurposed; manual recordkeeping can easily fall behind. A second objective is to use the network and server monitoring to collect data on utilization and availability. Cloud administrators can use this data to identify bottlenecks, potential hardware failures, and other areas that need their attention. Both discovery and monitoring data is useful for establishing operational baselines and planning for growth. This data can help justify the need for new hardware as well as changes to policies; for example, if job queues are filled during the day and relatively empty at night, a change in pricing policy could be used to spread demand more evenly throughout the day.

Summary As private clouds evolve, so too will their management. Fortunately, you can leverage many IT best practices, particularly with respect to establishing policies and procedures, standardizing hardware and applications, and formalizing asset discovery and monitoring procedures.


12

Article 3: Managing for the Long Term: Keys to Securing, Troubleshooting, and Monitoring a Private Cloud

Private clouds are dynamic systems with constantly changing application loads, hardware components, and groups of users. Managing for the long term requires that you adopt tools and procedures that allow you to secure cloud resources, troubleshoot components, and rapidly perform root cause analysis, as well as monitor key areas to ensure continued availability and meet service level agreements (SLAs). In this final article in the series, we will consider three topics that will be a constant concern for cloud managers and administrators:

• Securing a private cloud

• Troubleshooting a private cloud infrastructure

• Monitoring critical components of a private cloud With the right tools and procedures in place, these tasks can be accomplished efficiently and effectively even as the size of the private cloud grows and usage increases.

Securing a Private Cloud Many security practices common in IT work well in cloud environments. There will be, of course, cloud‐specific adaptations and practices, but for the most part, the principles are the same within and outside of a cloud. Three topics of particular interest in private cloud security are:

• t Identity managemen

• t Image managemen

• Network security These areas touch on three distinct aspects of private cloud computing: who is all allowed to use the cloud, what is allowed to run in the cloud, and how the cloud infrastructure is rotected. p


13

Identity Management Managing user identities is a fundamental process. Within a private cloud, identity management combines a number of security functions: authentication, authorization, and some amount of auditing and logging. They are all based on the concept of a user as an agent who is allowed to perform operations in the cloud.

Authentication is the process of verifying who a user claims to be. Simply because a user identifies herself as a systems administrator is insufficient reason to allow this person to execute root‐level operations. Authentication is often based on knowledge of a password or possession of a token. Directory services in a cloud can be used to track user identity information and store authentication data, such as encrypted passwords. It can also be used to store information about authentication services that perform verification operations before granting access to the cloud.

Once a user has been authenticated, there may be restrictions on what that person can do. For example, most users will be allowed to select an image from the service catalog and run it on a virtual instance within the cloud. Some, but not all, users may be able to install additional software on an instance and save the new version to the service catalog. Still other users may have privileges to alter billing and accounting records to correct for errors, such as forgetting to shut down a server when a job was complete and being charged for the additional time. These different levels of privileges are associated with varying authorizations.

In addition to supporting security, identity management systems are useful for accounting purposes. Auditing records and operational logs with identity information can be used to determine who performed what operations in the cloud. This is useful for both forensic operations as well as cost accounting.

Image Management Besides knowing who is running operations in a private cloud, we need to be able to control what kinds of applications and operating systems (OSs) are run in the cloud. As a general starting point, we will want to restrict applications to those that meet a minimal set of criteria for running in the cloud, such as:

• applications Running software from an approved set of

• Running in service to business operations

• Not running any type of malicious software

• er governance requirements Not violating privacy, confidentiality or oth

• Not violating software license agreements

collection procedures • Not undermining auditing and accounting data


14

To meet these requirements, the service catalog must implement access controls to limit who can add, remove, and modify images in the catalog. The images in the service catalog should be periodically scanned for malware and vulnerabilities and patched as needed.

Network Security Applications running in the cloud should operate within as secure a network environment as possible while still allowing for necessary business services. The perimeter of the cloud should be controlled to mitigate the risk of external threats. For example, only virtual private network (VPN) users may be granted access to cloud resources when a request comes from an external network source. Network traffic should be monitored to watch for suspicious activity, such as large file downloads outside the cloud outside of normal business hours. Similarly, frequent failed attempts to authenticate to a cloud service or methodical probes of ports can indicate unauthorized attempts to access cloud services. Monitoring network and server activity helps with troubleshooting as well as with security.

Troubleshooting Private Cloud Infrastructure In order to keep a private cloud functioning, we need to be able to quickly identify problems and correct them. There are two key functions we need from our network and infrastructure management software: support for problem detection and root cause analysis.

Monitoring software should be in place to alert systems administrators when a problem condition exists. Rules can be established to define thresholds for problem events. For example, if a certain number of attempts to ping a server fail in a given time period, an administrator may be alerted. Similarly, if the number of write errors to a disk exceeds some threshold, an alert is sent to inform a manager of a potential hardware problem. In many cases, though, the cause of a problem may not be obvious and an alert may be more of an indication of a symptom than of an underlying problem.

Root cause analysis is the process of identifying the underlying cause of a problem. For example, if an application generates an error because it cannot update a database record, there may be multiple causes:

• A hardware problem with the storage array that is preventing data blocks to be written from cache back to the disk

• A network problem between the database server and the storage array, which is preventing the storage device from acknowledging that the data block has been written to disk

• gical transaction even though ll working correctly

An application error that fails to complete a loserver, storage, and networking services are a


15

When troubleshooting problems in a cloud environment, it is helpful to have tools that can quickly isolate particular aspects of a problem, such as determining whether there is connectivity between a server and a storage device, if a storage device can correctly read and write from a disk, and whether a server can successfully write blocks of data to storage.

Tools that support root cause analysis are important for maintaining adequate levels of performance and availability. The longer a server, storage, or network problem persists, the more users it can adversely affect. Also, the longer it takes to diagnose a problem, the greater the cost of diagnosis. Quickly isolating the cause of a failure in a private cloud helps to improve availability and to keep maintenance costs under control.

Key Areas to Monitor Long‐term private cloud management is best built on a solid foundation of operational data. Businesses have a wide range of use cases for running jobs in a private cloud. Different departments may have different peak demand periods, and workloads across departments will vary from day to day. The more data you have about these usage patterns, the better able you are to manage growth.

Four areas est for private cloud monitoring are: of particular inter

• Server utilization

• dwidth utilization Network ban

• Availability

• Image use Server utilization is a measure of how much available CPU time is actually used for productive work. Improving this one metric is a common business driver for adopting a private cloud. Too often, we purchase single servers for single applications and find ourselves with excess capacity. Ongoing monitoring can help identify periods when some servers can be shut down to save on power without adversely affecting performance. It can also provide information on common patterns, such as times of the week, month, or quarter where demand is unusually high or low. With detailed information about server utilization and network bandwidth utilization, private cloud managers can better assess their ability to support new business services that would put additional demands on the cloud.

You should also monitor image use. Doing so can help you to understand patterns of application use and support compliance with software licensing. In some cases, image management can help identify situations in which excess software licenses have been urchased and can be scaled back in the future. p


16

Summary Long‐term management of a private cloud depends on several factors, such as securing private cloud infrastructure, troubleshooting operation problems, and monitoring assets and usage patterns. By starting with the right tools, you can secure and monitor a private cloud efficiently and effectively. Care should be taken when selecting tools to maximize their use; ideally a tool that supports troubleshooting will also have adequate logging eatures to support monitoring efforts as well. f

Download Additional Books from Realtime Nexus! Realtime Nexus—The Digital Library provides world‐class expert resources that IT professionals depend on to learn about the newest technologies. If you found this book to be informative, we encourage you to download more of our industry‐leading technology books and video guides at Realtime Nexus. Please visit ttp://nexus.realtimepublishers.comh .


Priv Cloud

Documents

Transcript of Priv Cloud