GuidewireInsuranceSuite9CloudDeploymentConsiderations
WHITEPAPER
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
TableofContents1 PurposeofThisDocument...................................................................................................................1
1.1 DocumentScopeandContents....................................................................................................1
2 CloudOverview....................................................................................................................................2
2.1 DefinitionofCloudComputing.....................................................................................................2
2.2 TypesofClouds............................................................................................................................4
2.2.1 PublicCloud..........................................................................................................................4
2.2.2 PrivateCloud........................................................................................................................5
2.2.3 Hybrid...................................................................................................................................6
2.3 PotentialCloudBenefitsforP&CInsurance.................................................................................6
2.3.1 LowerTCO............................................................................................................................62.3.2 ImprovedUserExperience...................................................................................................7
2.3.3 GreaterBusinessAgility........................................................................................................7
2.3.4 IncreasedCostTransparency................................................................................................8
2.3.5 ImprovedSecurityandCompliance......................................................................................9
2.3.6 SimplifiedDisasterRecovery................................................................................................9
2.4 PotentialCloudChallengesforP&CInsurance.............................................................................9
2.4.1 LackofCloudSkillsandMindset..........................................................................................9
2.4.2 LackofAutomation............................................................................................................10
2.4.3 InsufficientOversight.........................................................................................................11
2.4.4 FalseComparisons..............................................................................................................11
2.5 ArchitectingfortheCloud..........................................................................................................12
3 SelectingaCloudServiceProvider.....................................................................................................14
3.1 Services.......................................................................................................................................14
3.1.1 IaaSServices.......................................................................................................................14
3.1.2 PaaSServices......................................................................................................................15
3.2 Locations....................................................................................................................................15
3.3 Pricing.........................................................................................................................................16
3.4 AvailabilityandSLAs...................................................................................................................16
3.5 Security.......................................................................................................................................16
3.5.1 ISO/IEC270xx.....................................................................................................................17
3.5.2 ServiceOrganizationControls(SOC)..................................................................................17
3.5.3 Industry-SpecificRequirements.........................................................................................18
3.6 IndustryExpertise.......................................................................................................................18
3.7 MarketplacesandDatasets........................................................................................................18
4 CloudDeploymentConsiderations.....................................................................................................20
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
4.1 Cloud-ReadyFeaturesinInsuranceSuite9.................................................................................20
4.1.1 ImprovedScalability...........................................................................................................20
4.1.2 NewClusteringManagement.............................................................................................20
4.1.3 RedesignedServerProcessing............................................................................................20
4.2 CloudDesignPrinciples..............................................................................................................20
4.3 PerformanceandResourceConsiderations...............................................................................21
4.3.1 SystemResources...............................................................................................................21
4.3.2 NetworkDesign..................................................................................................................22
4.3.3 LoadCharacteristics...........................................................................................................23
4.4 ScalabilityConsiderations...........................................................................................................24
4.4.1 ScalingInsuranceSuiteintheCloud....................................................................................24
4.4.2 WebUITierScaling.............................................................................................................26
4.4.3 WebServicesScaling..........................................................................................................26
4.4.4 ApplicationTierScaling......................................................................................................26
4.4.5 DatabaseTierScaling..........................................................................................................274.4.6 StorageTierScaling............................................................................................................27
4.4.7 LoadBalancerScaling.........................................................................................................28
4.5 AvailabilityConsiderations.........................................................................................................29
4.5.1 High-AvailabilityStrategies.................................................................................................29
4.5.2 WorkloadDistributionandPlacement...............................................................................29
4.5.3 HAfortheApplicationTier.................................................................................................30
4.5.4 HAfortheDatabase...........................................................................................................30
4.5.5 HAforStorage....................................................................................................................31
4.5.6 HAfortheFront-EndTier...................................................................................................31
4.5.7 Monitoring..........................................................................................................................31
4.6 DisasterRecoveryConsiderations..............................................................................................32
4.6.1 RTOandRPO......................................................................................................................32
4.6.2 Cloud-BasedDR..................................................................................................................324.6.3 DataManagementforDR...................................................................................................33
4.7 SecurityandComplianceConsiderations...................................................................................34
4.7.1 SecurityPrinciples..............................................................................................................344.7.2 IdentityandAccessManagement(IAM)............................................................................34
4.7.3 SecurityPerimeterManagement.......................................................................................35
4.7.4 DataProtectionandCompliance........................................................................................36
4.7.5 Logging...............................................................................................................................38
4.8 CostManagement......................................................................................................................38
4.8.1 UsageAttribution...............................................................................................................39
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
4.8.2 CostControl........................................................................................................................40
4.8.3 ConsumptionManagement................................................................................................42
4.8.4 SystemTuning....................................................................................................................43
5 DeploymentApproaches....................................................................................................................45
5.1 Self-DeployinaPublicCloud......................................................................................................45
5.1.1 Neededcloudexpertise......................................................................................................45
5.1.2 VendorSupport..................................................................................................................46
5.1.3 Service-LevelAgreements..................................................................................................46
5.2 WorkingwithaPartner..............................................................................................................47
5.2.1 IaaSspecializations.............................................................................................................47
5.2.2 Integrations........................................................................................................................47
5.2.3 Ongoingsupport.................................................................................................................47
6 Appendix:GuidewireDeploymentInformation.................................................................................48
6.1 ClassesofEnvironments.............................................................................................................48
6.2 Environmentdeploymenttimeline............................................................................................49
6.3 GuidewireApplicationsandComponents..................................................................................49
6.3.1 CoreProducts.....................................................................................................................49
6.3.2 DataProducts.....................................................................................................................49
6.3.3 DigitalPortalsProducts......................................................................................................50
6.3.4 OtherComponentDetails...................................................................................................50
6.4 NodeTypes.................................................................................................................................51
6.4.1 AlternateNodeTypes.........................................................................................................52
6.5 ServerRoles(version9andlatercoreproducts).......................................................................54
6.5.1 CloudDeploymentandServerRoles..................................................................................55
6.6 ProcessorCapacityEffects..........................................................................................................56
6.7 EnvironmentDescriptions..........................................................................................................56
6.7.1 SimilarityAcrossProduction-ClassEnvironments..............................................................56
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
TableofFigures
Figure1VisualModelofNISTDefinitionofCloud.......................................................................................3Figure2MatchingCapacitytoDemand.......................................................................................................4Figure3CloudDeploymentModels.............................................................................................................6Figure4Time-to-CapacityComparison........................................................................................................8Figure5GartnerAutomationClock...........................................................................................................10Figure6TraditionalITOrgChart................................................................................................................12Figure7ServiceCatalogforAmazonWebServices...................................................................................12Figure8InsuranceSuiteLayeredDesign....................................................................................................14Figure9ExamplesofCloudProviderSecurityAttestations.......................................................................17Figure10GuidewireInsurancePlatform™.................................................................................................19Figure11ApplicationLoadPatterns..........................................................................................................23Figure12Verticalvs.HorizontalScaling....................................................................................................24Figure13AWSRAIDConfigurations...........................................................................................................28Figure14DataProtectionApproaches......................................................................................................31Figure15AWSSharedResponsibilityModel.............................................................................................35Figure16PrivateConnectivitytotheCloud..............................................................................................37Figure17CommonCloudResourceTagTypes..........................................................................................39
1
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
1 PurposeofThisDocumentGuidewire’smissionistohelppropertyandcasualty(P&C)insurersadaptandsucceedatatimeofrapidindustrychangeandtoensureourcustomersaresuccessfulintheirjourney.Successforcustomersmeansincreasingspeedtomarket;drivingmoremeaningfulcustomerinteractionsthroughdigitalengagement;providingdifferentiatedproductsandservices;streamliningclaimshandling;makingbetterdecisions;andmore.Successalsomeanshavingacontinuallylowertotalcostofownership(TCO).ItisincumbentonGuidewiretokeepevolvingourproductsandarchitecturetoensureourcustomershavethetechnologytheyneedtodayandinthefuture.Onekeyaspectofourstrategyistoincreasinglyembracecloudtechnology,whichisbecomingmuchmorerelevantforP&Cinsurersandtheindustryasawhole.Cloudenablesnewsourcesofvaluetobeprovidedfasterandatalowercost.Ithelpsinsurerstoimprovespecificpartsoftheirbusiness.Anditenablesinsurerstosignificantlylowertheircapitalcostsofdeployingandowningapplicationsbyrelyingonthirdpartiestoprovidecomputinginfrastructureandrelatedservices.ThisdocumentisintendedtohelpGuidewirecustomersdeployandoperateInsuranceSuitev9softwareinthecloud.
1.1 DocumentScopeandContentsWiththereleaseofGuidewireInsuranceSuite™version9(IS9),Guidewire’scoreproductsarecloud-ready.ThismeansthatcustomersandimplementationpartnerscandeployandrunIS9inaprivatecloudaswellasonpubliccloudinfrastructuressuchasAWSorAzurewithnoapplicationmodifications.
ThiswhitepaperprovideshelpfulinformationaboutdeployingGuidewiresoftwareinapubliccloudenvironment.Itsmajorsectionsprovidethefollowingcontent:
• Section1(thissection):Abriefintroductiontothedocument• Section2:Backgroundinformationaboutcloudcomputing,includingcloudfeaturesand
typesaswellasmotivationsforconsideringthecloud• Section3:Guidancewhenevaluatingandselectingcloudserviceproviders(CSP),including
suchfactorsasservices,locations,pricing,security,andrelatedtopics• Section4:Considerationswhendeployingenterpriseapplicationsinthecloud(some
aspectsapplybroadly,whileotherarespecifictoInsuranceSuite)• Section5:Approachesfordeployingtothecloud,includingself-deploymentandworking
withapartner• Appendix:Guidanceoninfrastructuresizing
TheprimaryaudienceforthisdocumentincludesbusinessownerswhoareconsideringrunningGuidewiresoftwareinapubliccloud,enterprisearchitectsresponsibleforapplicationanddatastrategy,andITprofessionalswhodesign,deploy,operate,andsupportapplicationinfrastructure.
2
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
2 CloudOverview2.1 DefinitionofCloudComputingAccordingtotheU.S.NationalInstituteofStandardsandTechnology,cloudcomputinghasfiveessentialcharacteristics1:
• On-demandself-service:Aconsumercanunilaterallyprovisioncomputingcapabilities,suchasservertimeandnetworkstorage,asneededautomaticallywithoutrequiringhumaninteractionwitheachserviceprovider.
• Broadnetworkaccess:Capabilitiesareavailableoverthenetworkandaccessedthroughstandardmechanismsthatpromoteusebyheterogeneousthin-orthick-clientplatforms(e.g.,mobilephones,tablets,laptops,andworkstations).
• Resourcepooling:Theprovider’scomputingresourcesarepooledtoservemultipleconsumersusingamulti-tenantmodel,withdifferentphysicalandvirtualresourcesdynamicallyassignedandreassignedaccordingtoconsumerdemand.Thereisasenseoflocationindependenceinthatthecustomergenerallyhasnocontrolorknowledgeoftheexactlocationoftheprovidedresourcesbutmaybeabletospecifylocationatahigherlevelofabstraction(e.g.,country,state,ordatacenter).Examplesofresourcesincludestorage,processing,memory,andnetworkbandwidth.
• Rapidelasticity:Capabilitiescanbeelasticallyprovisionedandreleased,insomecasesautomatically,toscalerapidlyoutwardandinwardcommensuratewithdemand.Totheconsumer,thecapabilitiesavailableforprovisioningoftenappeartobeunlimitedandcanbeappropriatedinanyquantityatanytime.
• Measuredservice:Cloudsystemsautomaticallycontrolandoptimizeresourceusebyleveragingameteringcapabilityatsomelevelofabstractionappropriatetothetypeofservice(e.g.,storage,processing,bandwidth,andactiveuseraccounts).Resourceusagecanbemonitored,controlled,andreported,providingtransparencyforboththeproviderandconsumeroftheutilizedservice.
Figure1illustratestherelationshipbetweencloudcharacteristics,servicemodels,anddeploymentmodelsaccordingtotheNISTtaxonomy.
1http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
3
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Figure1VisualModelofNISTDefinitionofCloud
Thesefeaturesresultininformationtechnology(IT)asautility,tobeconsumedwhenandasneeded.ThisisaprofoundchangefromtraditionalIT,withitshighupfrontcostsandlongprovisioningtimes.Theon-demandnatureofcloudcomputingenablesuserstodeploycapacityquickly.RatherthanwaitingforanITservicedesktofulfillservicerequests,developersgainrapidaccesstoenvironments.InsteadofbuildingdatacentersanddeployingITequipment,companiescanessentiallyrentcapacityfromacloudserviceprovider(CSP)inthelocationsandamountsdesired.
Thedifferencebetweentraditionalandcloud-basedITisillustratedinFigure2.Inthetraditionalmodel,build-outofanowneddatacenterrequiressubstantialtimeandmoney.Italsorequiresfuturedemandforecastingthatcanprofoundlyimpactabusiness.Ifnotenoughcapacityisavailable,usershaveanegativeexperience.Ifcapacityisover-provisioned,assetsgounused.Bycontrast,cloudcomputingdeliverscapacityindirectresponsetodemandalongwithpay-as-you-gopricing,ratherthanrepeatedlyattemptingtooptimizecapacityofownedfacilitiesandinfrastructure.Thisavoidstyingupworkingcapitalandthusisparticularlyappealingtogrowingbusinesses.Italsoenablesproviderstodeliveraconsistentlygooduserexperience.
4
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Figure2MatchingCapacitytoDemand
2.2 TypesofClouds2.2.1 PublicCloudInsuranceSuite9canbedeployedonmostInfrastructureasaService(IaaS)platforms,includingAmazonWebServices(AWS),MicrosoftAzure,andIBMSoftLayer.Inapubliccloud,ITresourcesaredeliveredasnetwork-basedservicesthatarehostedinproviderdatacentersanddesignedformulti-tenantuse.Thiseliminatestheneedforinsurerstobuild,deploy,andmaintaincapital-intensiveinfrastructuresuchasdatacentersandservers,whichcansignificantlyreducetheiroperatingcosts.
Advantagesofapubliccloudincludepay-as-you-goconsumption,rapidresourceelasticity,andtheabilitytoshiftfinancingfromCapExtoOpEx.Inaddition,themassivecapacityofpubliccloudprovidersenablesgreaterapplicationflexibilityandscalability.AndbecausemanagingITinfrastructureisthecorecompetencyofcloudproviders,theyoperatehigher-qualityfacilitieswithbetteruptimethanalmostanyenterprise-owneddatacenter.
BydeployingandrunningInsuranceSuite9onapubliccloudplatform,insurershaveaccesstohighlyscalableandflexibleinfrastructure.Additionalbenefitsinclude:
• Automateddeployment• Rapidelasticity• Improvedfaulttolerance• Serviceproviderchoice
5
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
DeploymentAutomationInadditiontohighlyscalablecomputingresources,IaaSprovidersoffertoolstoautomatethedeploymentofcomplexapplicationstacks.ThisenablesITorganizationstoquicklyandeasilydeployfullyconfiguredenvironmentsinthecloud.
RapidElasticityAsmentionedinsection2.1,rapidelasticityisanessentialcharacteristicofcloudcomputing.Thisenablesuserstoaddandremoveresourcesasneededratherthanhavingtobuildinfrastructureinadvanceofanticipateddemand.
ImprovedFaultToleranceWithmostpubliccloudproviders,customerscandistributeapplicationsacrossmultiplephysicalsites.ThiscapabilityenablesInsuranceSuitetobedeployedinahighavailabilityconfiguration.Intheeventofunexpectedfailure,InsuranceSuite9canrespondgracefully,maintainingessentialfunctionalitybyshiftingloadtosystemsthattakesoverforthefailedsystem.
ChoiceofServiceProvidersInsuranceSuite9runsonindustry-standardinfrastructure.Thismakesitcloud-agnostic,meaningthatInsuranceSuiteworkswithallmajorIaaSplatforms.Customersarefreetochoosethecloudthatprovidesthebestcombinationofcost,performance,andfeaturesforeachdeploymentlocation.
2.2.2 PrivateCloudPrivatecloudsareownedandusedexclusivelybyasingleentity.Infrastructurecanbelocatedon-premisesoratadatacentercolocationprovider.Formanyorganizations,deploymentofaprivatecloudisalogicalextensionoftheirexistingphysicalandvirtualinfrastructure.
Privatecloudsoffermanyofthesamebenefitsaspubliccloudsbutwithsomeimportantdifferences,includingconfigurationflexibility,complianceanddatasovereigntyconsiderations,single-tenantoperation,andcapacitymanagement.
ConfigurationFlexibilityIncontrasttopublicclouds—whichofferserviceswithpre-definedsizes—privatecloudsareconfiguredandadministeredbytheirowners.Thisgivesprivatecloudsgreaterconfigurationflexibilityandcontrolthanpublicclouds.
ComplianceandDataSovereigntyConsiderationsPubliccloudtechnologystackscanbeopaque,withtheexactlocationofsystemsanddatauncertain.Thiscanleadtocomplianceanddatasovereigntychallenges.Bycontrast,aprivatecloudremainscompletelywithinitsowner’scontrol.
Single-TenantOperationOnedisadvantageofamulti-tenantenvironmentlikeapubliccloudisthepotentialforoneuser’sconsumptiontoimpactadjacentusers.Privatecloudshavegreatercontroloverthis“noisyneighbor”problemduetotheirabilitytodefineandenforceusagepoliciesforallworkloads.
CapacityManagementUnlikethemassivescaleandcapacityofpublicclouds,privatecloudcapacitymustbeplannedandbuiltoutinadvanceofdemand.Asaresult,privatecloudsdonotofferthesameelasticityandOpExflexibilityaspublicclouds.
6
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
2.2.3 HybridTherespectivebenefitsandchallengesofpublicandprivatecloudsleadsomeorganizationstoadoptahybridcloudapproach.Hybridcloudsmixpublicandprivatecloudservicestosatisfydifferentworkloadsandapplicationrequirements.Forexample,organizationsmayusepubliccloudfordev/testenvironmentswhiledeployingproductionworkloadsonaprivatecloud.
TheclouddeploymentmodelsaresummarizedinFigure3.
Figure3CloudDeploymentModels
2.3 PotentialCloudBenefitsforP&CInsuranceTheP&Cinsuranceindustryisfacingrapidchange,includingconsumerexpectationsforfasterserviceandon-demandaccess,competitivepressuresinnewandexistingmarkets,andincreasedregulatoryandsecurityrequirements.Atthesametime,ITorganizationsfaceconstantdemandstolowercostswhileintroducingandsupportingnewproductsandservices.Cloudcomputingoffersseveralwaystoimproveapplicationdeliveryandresiliencywhileloweringcosts.
2.3.1 LowerTCOOn-premisesinfrastructuretypicallyconsistsofdiscretesourcesofcapacity—servers,storagearrays,networkswitches,andsoon.Evenwhentheseresourcesarevirtualized,theyhavefinitelimits.Asaresult,mostapplicationdeploymentsinvolveaninitialsizingexercisedfollowedbyacapacitybuild-outinanticipationofdemand.Newproductionapplicationenvironmentsareusuallysizedforanticipatedpeakload.Ifactualpeakloadishigherthananticipated,performanceand(byextension)user
7
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
experiencesuffer.Despiteaccuratecapacityestimates,applicationloadsalmostalwaysvaryovertime.Atoff-peaktimes,resourcesareunderutilized.
AsdepictedinFigure1,cloudcapacityishighlyelastic.Becauseresourcesareavailableondemand,capacitycanbequicklyaddedandremovedasloadchanges.Automaticscalingofresourcesmeansthatsystemscanbesizedforminimumloadandthenscaledupanddownasneeded.Serversizescanalsobeeasilyadjustedpost-deployment.ByincorporatinghorizontalscalingofInsuranceSuiteapplicationclusters,Guidewirecustomerscangroworshrinkcapacityinresponsetodemand.Capacityoptimizationreducesoperationalcostsandenablesscalabilityoverawiderrangeofloads.
Thesameistrueforstorage.Astoragevolumeonatypicalenterprisestoragearrayconsistsofoneormorestoragecontrollerswithdatacaching,disksforstorage,disksforredundancy,andhot-sparedisksincaseofafailure.Asaresult,usablespacecanbelessthanhalfofpurchasedcapacity.Withcloudstorage,usersprovisionvolumesbasedonactualspaceandperformancerequirements.
Non-productionenvironmentsareanotherpotentialsourceofsavings.CapacitycanbedifficulttoobtainwithtraditionalIT,sodevelopersareoftenreluctanttodecommissiondev/testenvironmentsafterinitialdevelopment.Becausethecloudenablesuserstoquicklyprovisionanddecommissioncapacity,thishoardingmentalitycanbeeliminated.Andsinceenvironmentscanbeappropriatelysizedforthecurrenttask,usageandcorrespondingcostscanmorecloselymatchactualneed.
Networkandtelecomcostsareanotherareaforpotentialsavingswithapubliccloud.Company-ownedfacilitiesrequirenetworkconnectivityfromoneormoretelecommunicationsproviders.Aswithapplicationload,circuitcapacitymustbeestimatedinadvance.Forapplicationsentirelyinthecloud,networkingistheresponsibilityofthecloudserviceprovider.Costsarebasedondatatransfer—oftenlimitedtoegresstrafficonly—andreflectactualusage.
Useofpubliccloudservicesalsoreducesadministrativeoverhead.Costsforfacilities,deployment,basicsystemsadministration,maintenanceandrepair,andhardwarerefreshareallincluded.ThisenablesITdepartmentstoshiftfromapredominantlybusiness-as-usual(BAU)focustomoreofaconsultativepartnerrelationshipwiththebusiness.
2.3.2 ImprovedUserExperienceCompaniesthatservegeographicallydisperseduserpopulationsfromoneorafewlocationsoftenencounterapplicationperformancechallengesduetonetworklatency.Useofcontentdistributionnetworks(CDNs)canhelpwithstaticcontent,butdynamiccontentsuchasdatabaselookupsorreal-timedatafeedscanstillbeproblematic.
Largecloudserviceprovidersoperateinmanylocationsaroundtheworld.Theycanmakeiteasiertodeployapplicationsinmorelocationsandclosertomajoruserpopulations.Betterapplicationperformancetranslatesintomoreproductivebusinessusersandanimprovedend-userexperienceforcustomers.
Additionally,publiccloudproviderscanserveasintegrationhubsfordatafeedsandserviceinterconnections.Systemsthatarelinkedincommonlocationsoveroptimizedconnectionpointsperformsignificantlybetterthanonesspreadacrossmanydisparatelocations.
2.3.3 GreaterBusinessAgilityIntraditionalITenvironments,bringingadditionalcapacityonlinecantakeweeksorevenmonths.Thisaddssignificantbusinessdragandcanresultinfewernewbusinessinitiatives.ForGuidewirecustomers
8
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
thatareimplementinganewapplication,thetimespentoninitialinfrastructurebuild-outcanbeasignificantproportionoftheoverallprojecttimeline.
Cloudservicesemployend-to-endautomationtoenablesoftware-definedinfrastructure.Thisenablessystemsandenvironmentstobeprovisionedinminutesinsteadofmonths.ThedifferenceisillustratedinFigure4.
Figure4Time-to-CapacityComparison
Rapidavailabilityofcapacitycanbenefitthebusinessinmultipleways.Developerscanspendlesstimewaitingforenvironmentsandmoretimeworkingonnewcapabilitiesorintegrations.Businessownerscanbringnewlinesonlinefaster.
2.3.4 IncreasedCostTransparencyOwnedphysicalsystemssuchasserversandenterprisestoragearraysmayhavemanyusers.Thismakesitdifficulttoassignchargesbasedonusage.Manyorganizationsthatattempttoimplementchargeback/showback/shamebackschemesfindthechallengetoogreatandeventuallygiveup.
Cloudcomputingiscomposedofdiscreetservices.Userspayonlyforwhattheyuse,andusageiscloselymetered.Assignmentandtrackingofcharges—and,byextension,chargeback—ismucheasierwithcloudresources.Andbecauseusageisproportionaltodemand,cloudcostchangescangenerallybetiedtospecificevents.
9
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Byexposingtheactualcostsofcloudserviceusage,businessmanagerscanmoredirectlyencourageanddriveresponsibleusage.Theycanalsoidentifyandexposeareasofwastealongwithopportunitiesforcostsavings.
2.3.5 ImprovedSecurityandComplianceThereisacommonmisperceptionthatpubliccloudservices,becausetheyaremulti-tenant,arelesssecurethanowneddatacenters.Infact,mostcloudserviceprovidersdevotemoretime,personnel,andresourcestosecuritythananyotherenterprise.Cloudserviceprovidersundergoawiderangeofsecuritycertificationsandareabletoprovideappropriateattestationstoauditorsandcomplianceofficers(fordetails,seeSecurityinsection3).
Encryptionofcloud-baseddatacanbeaseasyasselectingacheckboxwhenprovisioninganewvolume.Encryptionofdatain-transitissimilarlysimple.Encryptionkeymanagementisoftenavailableaswell,alongwithcertificatemanagement,identityandaccessmanagement,andothersecurity-relatedservices.Inaddition,geo-diversesourcesofcapacityenableuserstoenternewmarketsmoreeasilywhilemaintainingcompliancewithdatasovereigntyrequirements.
2.3.6 SimplifiedDisasterRecoveryFortheP&Cinsuranceindustry,disasterpreparednessisacrucialconcern.Widespreaddisastersarepreciselywheninsurersareneededmost.Applicationsthataccesspoliciesandprocessclaimsmustberesilient.
Foron-premisesdeployments,disasterrecovery(DR)involvessettingupduplicatesystemsinasecondarylocationandperiodicallyreplicatingdata.Systemconfigurationandcapacitymustmirrorprimarysystemscloselyenoughtobebroughtonlinequickly.Thiscapabilitycanmorethandoublethecostofapplicationinfrastructure.Failovertoanalternatesiteoftenreliesonmanualprocesses.
Becausepubliccloudprovidersoffercapacity-on-demandinmultiplelocations,theycangreatlysimplifyDRplanningwhilereducingDRcosts.Duplicateenvironmentscanbeconfiguredinsecondarylocationswithminimumratherthanfullcapacityrequirements.Asdataisreplicated,itcanbeautomaticallystagedandingestedtobereadyifneeded.Ifatriggeringeventoccurs,processingcanbeautomaticallyshiftedtothealternatesite.Capacityatthesecondarysitecanthenbeauto-scaledtomeetthefullload.Cloudservicesandtoolscanbeconfiguredtoautomatedatareplication,failover,capacityscaling,andnetworkaddressresolution.
2.4 PotentialCloudChallengesforP&CInsuranceBecausecloudcomputingrepresentsanewwayofconsumingITservices,itrequiresadifferentapproachtoapplicationdesign,deployment,consumption,andmanagement.Thefollowingaresometypicalchallengesandthingstoavoidwhenadoptingcloudtechnologies.
2.4.1 LackofCloudSkillsandMindsetAlthoughcloudcomputingisgrowinginmaturityandadoption,thedemandforexperiencedclouddevelopersandadministratorsstilloutpacesdemand.Manyorganizationsattempttomovetocloudcomputingwithexistingstaffandprocesses,oftenwithoutadditionaltraining.Asaresult,ITstafffrequentlytakeasimple“liftandshift”approachwhenmovingon-premisesworkloadstothecloud.Theysimplyreplicateon-premisesvirtualserverswithequivalentlysizedcloudinstances.Theycontinuesizingdeploymentsformaximumanticipatedworkloadratherthantakingadvantageofautomaticscaling.Theymayalsoextendexistingmanagementutilitiesandtoolstoclouddeployments.
10
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Whenthishappens,theresultsareusuallydisappointing.Actualcostsavingsmaybefarlessthanprojections.Andiforganizationsdon’timplementuserself-service(oneoftheessentialcloudcharacteristicslistedinsection2.1),userswilllikelyfindthatdeploymenttimesremainfrustratinglylong.Inresponse,usersmaycontinuetocreateunsanctionedpocketsof“shadowIT2”thatbypasstheofficialITorganization.
Tobefullysuccessful,aswitchtocloudcomputingrequiresachangeofapproachtoIT.Cloudcomputingisfundamentallybusinessfocused.RatherthanthinkingofITintermsoftechnologies—servers,storage,networking,software—businessownersneedtodefinerequirementsintermsofworkloadsandusagevolumes.ThisshiftmakesanycomparisonbetweentraditionalITandcloudcomputingdifficultbecausetheyarebasedondifferentcriteria.Businessleadersmustfocusonthetotalcostofapplicationandservicedeliveryratherthanoncloudcomponentcosts.
2.4.2 LackofAutomationManyorganizationsrequireallITrequeststobefunneledthroughahelpdeskprocess.Requestsmaythenbesubjectedtoextensivereviewandapprovalprocesses,afterwhichtheyaresplitintoaseriesofsubtasks.Eachsubtaskmaybeownedbyadifferentgroup.ThevarioustypesofautomationrequiredareshowninFigure5,whichdepictstheGartnerAutomationClock.Sowhileautomationmayexist,unlessitisintegratedandend-to-enditwillstillbesubjecttomanualhand-offsanddelays.
Figure5GartnerAutomationClock
Insteadofone-offdeployments,applicationdeploymentandintegrationneedtobefullyautomatedthroughthecreationofreusabletemplates.Theprovisioningofcloudcomponentservicesisalreadyhighlyautomated.Thismodelneedstobeembracedandextendedthroughouttheapplicationstackand
2https://en.wikipedia.org/wiki/Shadow_IT
11
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
lifecycletobefullyeffective.Onceitisinplace,fullautomationdeliversonthecloud’spromiseofgreaterbusinessagility.
2.4.3 InsufficientOversightEaseofuseandrapidtime-to-capacityaretwoofcloudcomputing’smostappealingbenefits.However,whenusersaregiventheabilitytoconsumeresourcesondemand,demandfrequentlyincreases.Theresultis“cloudsprawl,”whereusersprovisionmoreandmoreenvironments,oftenwithoutshuttingdownolderones.ThisbehaviorhasitsoriginsintraditionalIT,wherecapacityishardtoobtain.
Inresponse,organizationsmustimplementdetailedcostandusageoversighttomakeconsumersawareoftheimpactoftheirusageandtodrivemoreresponsiblebehavior.Thefollowingapproachesareespeciallyimportant.
Chargeback/Showback/ShamebackUsersandtheirmanagersneedtoseehowmuchtheirconsumptioniscosting.Responsiblebehaviormustbeencouragedandrewarded.
AutomaticExpirationRatherthanrelyingonuserstoremembertoshutdownunneededsystems,allnon-productionsystemsshouldbeconfiguredwithafiniteservicelifetime.
RegularReviewsIT,engineering,andbusinessownersshouldmeetregularlytoreviewusagetrendsandestablishfuturecapacityprojections.
2.4.4 FalseComparisonsCostcomparisonsforon-premisesversuscloudcomputingoftenfailtoproducealike-for-likeresult.Manycomparisonsfocusoncloudequivalentstoexistingcapitaloutlayssuchasservers,storagearrays,andnetworkinggear.Forexample,howmanycloudinstancesofagivensizeequalaparticularphysicalserver?Becausecloudusageisvariable,thesecomparisonsoftenassumeconstantutilizationwhenactualusageislower.Ortheymayfailtoincludediscountsforpre-purchasedreservedcapacity.
Comparisonsmayalsoneglectconsiderationssuchassystemsrefreshcycles.Cloudinfrastructureisconstantlybeingrefreshedwiththemostcurrent(orevenspecialized)gear.Thisprocessishandledautomatically,whereasinon-premisesenvironmentsitcanbebothdisruptiveandcostly.
Asdiscussedinsection2.3.1,cloudservicesincludesystemsadministrationcoststhatcanconsumesignificantresourcesinon-premisesenvironments.Manycomparisonsfailtoincludethesecosts.
Inaddition,costcomparisonsoftenexcludefactorssuchasserviceavailabilityanddisasterrecoverycapabilities.Mostcloudservicesaredeliveredfromstate-of-the-artdatacenterswithbuilt-inredundancy.Socomparingthecostof,say,asingle10GBnetworkportonanownedswitchwitha10GBcloudcircuitfailstoaccountforthehighlyredundantnatureofthecloudservice.
Finally,theavailabilityofcloudcapacityinmanylocationsaroundtheworldmayoffersignificantadvantagesoverowneddatacentersintermsofoperatingcosts,licensing,equipmenttariffs,andadministrativepersonnel.
12
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
2.5 ArchitectingfortheCloudFormanyyears,enterpriseapplicationdeliveryhasinvolvedprocurement,deployment,operation,andsupportofon-premisesITinfrastructure.IToperations—whethercompanymanagedoroutsourcedtoservicepartners—isoftenbrokenoutbyspecifictechnicalexpertise.Figure6isatraditionalIToperationsorganizationalchart.
Figure6TraditionalITOrgChart
Thisspecializationbyfunctionaldisciplineleadstoorganizationalsilos.Asaresult,ownershipfornewdeploymentscanchangemanytimesbetweeninitialrequestandrelease-to-production.Recallthatrequestfulfillmentinsuchenvironmentsisoftenmeasuredinweeksandmonths(seeFigure4).
Bycontrast,cloudcomputingconsistsofacatalogofpre-definedserviceswithfullyautomatedprovisioninganddelivery(Figure7).Enduserscanselectandprocuretheservicestheyneedinminutes.
Figure7ServiceCatalogforAmazonWebServices
ChiefInformation
Officer
ITApplications InformationSecurity ServiceDesk ITProcurement ITOperations
DataCenterTeam
FacilitiesManagement
CapacityPlanning
ServerTeam
WindowsAdmin
UNIX/LinuxAdmin
StorageTeam
StorageAdmin
Backup&Recovery
NetworkTeam
LANAdmin
WAN&MobileAdmin
DatabaseTeam
DatabaseAdmin
DataWarehouse&Reporting
OpsEngineering
TechnologyEvaluation
Tools&Utilities
NetworkOperationsCenter(NOC)
OperationsReporting
Monitoring&Alerting
13
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Thisservices-basedapproachfundamentallychangesthewayITisstructuredanddeployed.Itshiftsthedesignbasisfromboxestoservices—whichcanbebothliberatingandconfusing.WhendeployingGuidewireInsuranceSuite9inacloudenvironment,usersneedtounderstandandtakefulladvantageofcloud’sservices-baseddeliverymodel.
14
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
3 SelectingaCloudServiceProviderThisdocumentassumesthatGuidewireInsuranceSuitewillbedeployedinapubliccloud.Manyfactorsinfluencethechoiceofaclouddeploymentmodel.Whilepubliccloudcomputing’spromiseofnear-limitlesscapacityandpay-as-you-gobillingmaybeappealing,itisnotsuitableforallsituations.Functionalorregulatoryrequirementsmaymakeaprivatecloudabetteroptionforsomeworkloads.Insuchsituations,organizationswillstillgainmanyofthesameagilityandelasticitybenefitsthatpubliccloudsoffer.Theeconomicsarelikelytobedifferent,however,sinceinfrastructuresystemsmustbesized,purchased,deployed,andmanagedinternally.
Afteradecisionhasbeenmadetouseapubliccloud,thenextstepistopickoneormorecloudserviceproviders(CSPs).AlthoughCSPofferingsmayappeartobeverysimilar,therearesignificantdifferences.Eachprovideroffersauniquemixofservices,locations,pricing,andothercapabilities.ThissectioncoversimportantfactorstoconsiderwhenchoosingacloudproviderforInsuranceSuite.
3.1 ServicesCloudcomputingdeliversITasacollectionofservices,manyofwhichhavephysicalanalogssuchasservers,storagearrays,andnetworkdevices.Otherservicesfunctionhigherupintheapplicationstackandmayextendintospecificdomainssuchasdataanalyticsandend-usercomputing.ThissectioncoverscloudservicesthatarerequiredtorunInsuranceSuiteinapubliccloud.
3.1.1 IaaSServicesGuidewireInsuranceSuiteisdesignedwithalayeredarchitecture.ITinfrastructureformsthebaselayeronwhichapplicationsarebuiltanddelivered.
Figure8InsuranceSuiteLayeredDesign
WhenInsuranceSuiteisdeployedinthecloud,infrastructureconsiderationsinclude:
• Compatibility:SystemsmustsupporttheGuidewirePlatformSupportMatrix,whichspecifiestheapplicationstackonwhichIS9runs.Thisincludesoperatingsystems,relationaldatabasemanagementsystems(RDBMS),applicationservers,andrelatedcomponents.Whendesigningforacloud-baseddeployment,itisimportanttoensurethatbaseservicesandinstancetypesarefullyfunctionalandsupportedbytherespectivesoftwarevendors.
15
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
• Capacity:Systemsmustbesizedtomeetprojectedtransactionvolumeanduserexperienceneeds.Cloudcomputingtypicallyoffersmanyinstancesizesforcomponentservices,resultinginconsiderableflexibility.Thechoiceofverticalscaling(largersystems)versushorizontalscaling(moresystems)affectsperformance,scalability,resilience,andcost.Ifavailable,historicalloadpatternsareveryhelpfulinestablishingcapacityneedsforInsuranceSuite.Thevariationbetweentypicalbaseandpeakloadsisparticularlyimportant.
• Performance:Themulti-tenantnatureofcloudcomputingmeansthatmuchoftheunderlyinginfrastructuremaybeshared.Thiscanresultinperformanceissuesifa“noisyneighbor”startsrunningaresource-intensiveworkload.ManyCSPsofferservicetierswithdifferentlevelsofqualityofservice(QoS).Someofferdedicatedresourcesorevenbare-metalenvironments.Whencustomersdeployacloud-basedIS9environment,Guidewirestronglyrecommendsperformingrepresentativeloadstresstestingtoensurethatthesystemcanhandlealloperationalrequirements.
• Availability:High-availabilitydesignseekstoreduceoreliminateapplicationdowntimeintheeventofthefailureofunderlyinginfrastructure.WhendeployingInsuranceSuite—whetheron-premisesorinthecloud—itisimportanttoplanforcomponentfailuresandtotakestepstomitigatetheirimpact.
MostCSPsdeliverservicesfromtheirowndatacenters.Althoughgenerallybuilttoveryhighstandards,thesedatacenterscanstillexperiencefailures.Toreducerisk,manyCSPsoperatemultipledatacenterswithineachgeographicregionwheretheyhaveapresence.Thisenablescustomerstodesignhighlyavailableinfrastructureacrosseachdeploymentlocation.Guidewirerecommendsdeployingsystemsacrossmultiplelocationstomeetbusinesscontinuityanddisasterrecover(BC/DR)requirements.Businessobjectivesandphysicaldistanceswilldeterminewhetheranactive-activeoractive-passivedesignismostappropriate.
3.1.2 PaaSServicesPlatformasaService(PaaS)extendsInfrastructureasaService(IaaS)withmiddlewareandframeworkstoformanapplicationdevelopmentanddeliveryenvironment.WikipediadefinesPaaSasfollows3:
“Platformasaservice(PaaS)isacategoryofcloudcomputingservicesthatprovidesaplatformallowingcustomerstodevelop,run,andmanageapplicationswithoutthecomplexityofbuildingandmaintainingtheinfrastructuretypicallyassociatedwithdevelopingandlaunchinganapp.”
Althoughthisdefinitionseemsstraightforward,thedistinctionbetweenwhatisandisnotaPaaSenvironmentisfarfromclear.NearlyallIaaSprovidersaugmenttheirbaseofferingswithservicesthatenableapplicationdelivery.Ultimately,thedefinitionofPaaSislessimportantthantheabilitytomeetspecificrequirements.IntermsofGuidewireapplications,anyclouddeliveryplatformmustbeabletosatisfytherequirementsoftheInsuranceSuite9PlatformSupportMatrix.
3.2 LocationsCloudserviceprovidersdeliverservicesfromtheirdatacenters.Somehaveoperationsinasinglecountry,someareregional,andsomeareglobal.ThelocationswhereCSPsoperateisanimportantselectioncriterionforthefollowingreasons:
3https://en.wikipedia.org/wiki/Platform_as_a_service
16
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
PerformanceBecauseapplicationlatencyisafunctionofdistance,itisimportanttochooseCSPsthatarephysicallyclosetomajoruserpopulations.
RegulatoryRequirementsDatasovereigntyandgovernancerequirementsmayplacerestrictionsonthephysicallocationwhereuserandapplicationdataismaintained.
VendorManagementItispossibletochoosedifferentCSPsineachdeploymentlocation.Whilethismayprovidelocaladvantages,itresultsingreatervendormanagementoverhead.Choosingasinglevendoroffersconsolidatedbillingandcontractnegotiations.
AvailableServicesFormostmulti-siteCSPs,servicesandcapacityvarybylocation.Somesitesmaybemajorcapacityhubsforaregionorcountry,whileothersmaybeedgelocationswithlimitednetworkanddataservices.
3.3 PricingPubliccloudeconomicsrelyheavilyoneconomiesofscale.Thehandfulof“hyperscale”CSPsinvestbillionsofdollarsincloudinfrastructureeachyear.Providerswithlargerdeploymentscangenerallyspreadtheircostsacrossmoreusersandofferlowerpricesthansmallregionalproviders.Thisdeliverssignificanteconomies.Italsodrivesongoingcompetitionthatresultsinlowercostsforusers.Althoughlowerpricesareappealing,servicecostscanvaryconsiderablybetweenlocations.Servicesinregionswithhighlocalelectricityandinfrastructurecosts,forexample,canbemuchmoreexpensive.CustomersshouldcomparepricingofallcloudservicesandalldeploymentlocationswhenyoucreatecostmodelsfordeployingandoperatingInsuranceSuiteinapubliccloud.
3.4 AvailabilityandSLAsMostcloudserviceprovidersofferservicelevelagreements(SLAs)basedontheavailabilityofunderlyingservices.TypicalSLAstargetuptimebetween99.8%and99.95%.Whilethismaysoundattractive,it’simportanttounderstandthatpenaltiesforfailuretomeettheseSLAsisalmostalwayslimitedtoservicecredits.CSP’sdonotreimbursecustomersforbusinesslossesresultingfromservicedowntime.ThismakeshighavailabilityarchitectureparticularlyimportantwhendeployingInsuranceSuiteinthecloud.
AvailablecapacityisanotherfactortoconsiderwhenselectingaCSP.Businesscontinuityanddisasterrecovery(BC/DR)planninginvolvesavoidingorminimizingdisruptiontoservice.Intheeventofacatastrophicregionalevent,businessesmayplantotransferoperationstocloudservicesinanothergeographicregion.Butiftheincidentiswidespreadandaffectsmanybusinesses,demandinthealternateregioncanquicklyexceedsupply.SomeCSPsofferguaranteedcapacityforcertainservicetypes.Examplesincludedeploymentondedicatedorbare-metalservers,orthepurchaseofreservedcapacityforacontractedperiodoftime.
3.5 SecuritySecurityofdataandapplications,whetheron-premisesorinthecloud,isamajorconcernfororganizations.AllmajorCSPsoffersecuritycertificationsforareasrelevanttothesefunctions,asillustratedinFigure9.
17
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Figure9ExamplesofCloudProviderSecurityAttestations
ManyCSPsalsoofferlocation-andindustry-specificattestations.TheCloudSecurityAlliance4offersmanyresourcesforunderstandingandassessingthesecuritycapabilitiesofcloudservices.
Whenevaluatingeachcloudserviceprovider’ssecuritycapabilities,youshouldcheckwhenattestationswherecertifiedandhowfrequentlytheyareupdated.ThefollowingsectioncoverssomesecurityareasthatareparticularlyimportantwhenchoosingaCSPtohostInsuranceSuite.
3.5.1 ISO/IEC270xxPublishedbyajointsubcommitteeoftheInternationalOrganizationforStandardization(ISO)andtheInternationalElectrotechnicalCommission(IEC),theISO/IEC27000familyofstandardsoutlineshundredsofcontrolsandcontrolmechanismstohelporganizationsofalltypesandsizeskeepinformationassetssecure.Theseglobalstandardsprovideaframeworkforpoliciesandproceduresthatincludealllegal,physical,andtechnicalcontrolsinvolvedinanorganization’sinformationriskmanagementprocesses.
3.5.2 ServiceOrganizationControls(SOC)TheSOCframeworkhasbeendevelopedbytheAmericanInstituteofCertifiedPublicAccountants(AICPA)asastandardforcontrolsthatsafeguardtheconfidentialityandprivacyofinformationstoredandprocessedinthecloud.ThisalignswiththeInternationalStandardonAssuranceEngagements(ISAE),thereportingstandardforinternationalserviceorganizations.
4https://cloudsecurityalliance.org/
18
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
ServiceauditsbasedontheSOCframeworkfallintothefollowingtwocategoriesthatapplytoin-scopecloudservices:
• SOC1audit:ForCPAfirmsthatauditfinancialstatements,SOC1auditsevaluatetheeffectivenessofaCSP’sinternalcontrolsthataffectthefinancialreportsofacustomerusingtheprovider’scloudservices.TheStatementonStandardsforAttestationEngagements(SSAE16)andtheInternationalStandardsforAssuranceEngagementsNo.3402(ISAE3402)arethestandardsunderwhichtheauditisperformedandformthebasisofaSOC1report.
• SOC2audit:BasedontheAICPATrustServicePrinciplesandCriteria,SOC2auditsmeasuretheeffectivenessofaCSP’ssystem.AnAttestEngagementunderAttestationStandards(AT)Section101isthebasisofSOC2aswellasSOC3reports.
3.5.3 Industry-SpecificRequirementsCSPsmayofferadditionalindustry-specificcertificationsforthepartoftheapplicationthattheycontrol.Forexample,someCSPsofferHIPPAattestationsforU.S.-basedhealthcaredata.Othersoffergovernment-specifichostingcapabilities.Suchcapabilitiescansimplifyauditandgovernancereporting.
3.6 IndustryExpertiseThedeliveryofinfrastructureservicesisacorecapabilityforallCSPs.Insuranceindustryexperience,ontheotherhand,variesconsiderablyamongproviders.Thismaybeanimportantconsiderationwhenchoosingacloudprovider.Avendorthatunderstandstheindustrywillbebetterabletoanticipateneedsanddeliverservicesthatalignwithinsurerrequirements.Factorslikedatasovereignty,compliance,andavailabilityofinsuranceecosystempartnersmayjustifytheselectionofonevendoroveranother.
TheGuidewireInsuranceCloud™Solutionspartnerprogram5isanotheroptionforcompaniesthatwanttorunInsuranceSuiteinthecloud.TheprogramauthorizesselectGuidewireconsultingpartnerstodelivercloudsolutionsthatcombineGuidewireproductswiththeirowndifferentiatedcontentandservicesalongwithcomplementarythird-partysystemsforpropertyandcasualty(P&C)insurers.
EachGuidewireInsuranceCloudSolutionspartnerpackagesitsofferingstomeettheuniqueneedsofinsurers.TheythendeliverandmaintainthesolutionsinhostedenvironmentstoenableP&Cinsurerstoreplacetheirlegacysystems,transformtheirbusinesses,andoptimizecosts.
3.7 MarketplacesandDatasetsInadditiontotheirownserviceofferings,mostlargecloudserviceprovidersmaintainmarketplacesofservicesfrompartnersoperatingontheircloudplatform.Thesemarketplacesincludepre-configuredapplications,tools,andutilitiesthatcanbequicklydeployed.Someservicesarefree;othersofferconsumption-basedpricing.Thesemarketplacescanofferspeedandconvenienceforcustomersseekingcomplementaryservices.Forexample,afirewallthatsupportssessiondrainingisdesirablewhendeployingInsuranceSuite.IftheCSP’sloadbalancerdoesnotsupportthiscapability,alternativecloud-basedcommercialloadbalancersmaybeavailableintheCSP’smarketplace.
ManyCSPsalsoofferaccesstobothpublicandprivatedatasets.Somearefreewhileothersarepaid.Examplesincludecensusdata,address-verificationdata,geographicinformationsystemdata,and
5https://www.guidewire.com/partners/insurancecloud-solutions
19
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
consumerdemographics.Bypublishingthesedatasetsinthecloud,theCSPsimplifiesdataaccessandmanagementwhilepotentiallyreducingdatastorageandaccesscosts.
SeveralGuidewireservicesanddatasourcesalreadyruninthecloud.TheirintegrationwithInsuranceSuitecoreapplicationsformsadigitalsupplychainbuiltofservices,asillustratedinFigure10:
Figure10GuidewireInsurancePlatform™
20
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
4 CloudDeploymentConsiderationsThissectionprovidesconsiderationsforrunningGuidewireInsuranceSuite9(IS9)inacloudenvironment.WhilesomeaspectsarespecifictoIS9,muchoftheinformationisbroadlyapplicable.Thegoalsaretoensuresuccessfulapplicationdeploymentandtomakeoptimaluseofcloudcapabilities.
4.1 Cloud-ReadyFeaturesinInsuranceSuite9InsuranceSuite9deliversacompletesetofcoreprocessing,digitalengagement,anddataanalyticscapabilitiestosupportcriticalbusinessrequirements.Itcanbedeployedbothon-premisesandinapubliccloud.TheIS9designincludesthefollowingfeaturestosupportclouddeployment.
4.1.1 ImprovedScalabilityHorizontalscalabilityenablesanapplicationtoincreaseordecreaseresourcesbasedonload.IS9improveshorizontalscalabilitybyprovidingtheabilitytoquicklyadjustthenumberofnodes,servers,orinstancesinacluster.Serverresourcescanbeautomaticallyincreasedinresponsetoloadwithoutapplicationinterruption.Similarly,resourceusagecanbescaleddownasloaddecreases,therebyfreeingresourcesandreducingoperationalcosts.
4.1.2 NewClusteringManagementAclusterisagroupofserversandotherresourcesthatactlikeasinglesystemandenablehighavailability,loadbalancing,andparallelprocessing.Clusterscanperformmultiplecomplexinstructionsbydistributingworkloadsacrossallconnectedservers
PreviousversionsofInsuranceSuitereliedonUDPmulticastforclustercommunications.However,mostcloudprovidersdon’tsupportmulticast.Initsplace,IS9usesapluggableclusteringoptionthathandlesserver-levelmessagingthroughthecentraldatabase.
4.1.3 RedesignedServerProcessingIS9introducesserverrolestoimproveworkloaddistributionacrossclusters.Themappingofrolestoserversisspecifiedeitherintheserverregistryoraspartoftheinitialsystemsetup.
Theredesignofservermanagementaroundrolesintroducesalayerofabstractionthat:
• Permitsadministratorstorestrictthetypesofworkloadsthatrunonaparticularserver• PreventsserversthathostUIservicesfromrunningCPU-intensivebackgroundtasks• Addsservercapacityforonlyspecifiedworkloads
Theresultison-demandprovisioningofjobs,improvedfaulttolerance,andbetterrequest-processingperformance.Inaddition,thesinglebatchservernodeofpriorversionshasbeenreplacedwithabatchrolethatcanbesharedacrossmultiplenodes,thusaddingresiliencyandflexibility.
4.2 CloudDesignPrinciplesCloudcomputingconsistsofpre-definedservices.Theseservicesareusedasthebuildingblocksofmorecomplexapplicationstacks.Manyofthefundamentalprinciplesofcloud-baseddesignarelaidoutinJamesHamilton’sseminalpaper“OnDesigningandDeployingInternet-ScaleServices.”6Bytaking
6https://www.usenix.org/legacy/events/lisa07/tech/full_papers/hamilton/hamilton.pdf
21
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
advantageofcloud’sstrengths,applicationscanbemorecost-effective,morescalable,andbetterperformingthantraditionalon-premisesinfrastructure.
Thefollowingarefourimportantstepswhenplanningapplicationdeploymentinthecloud.
1. Identifydifferentworkloadtypesandoperatingmodes:Foratypicalthree-tierapplication,workloadsinclude:
o Awebworkloadformanagingtheincomingconnectionsandinterfacepresentationo Anapplicationserverworkloadforhandlingapplicationlogicanddatabaseinteractiono Ahighlyavailabledatabaseworkloadfordataandquerymanagement.
Workloadscanalsobedividedintoclassessuchasinteractiveandbatch-oriented.
2. Establishoperationalandperformancerequirementsforeachworkload:Workloadsaredefinedbytheirdifferingoperationalneeds.Thesecanincludeavailability,securityandcompliancerequirements,responsetime,andworkloadvariability.Operationalcharacteristicsstronglyinfluencearchitecturalandtechnologicaldecisions.
3. Selectappropriateexecutionlocationsandtechnologiesforeachworkload:Properworkloadplacementisvitalforsuccessfulapplicationdelivery.Insomecases,workloadsmayhavecompetingrequirements.Forexample,highlyinteractiveworkloadsshouldberunincloseproximitytomajoruserbasestominimizelatencyandoptimizeuserexperience.However,dataprivacylawsmayrestrictthestorageofpersonallyidentifiableinformationtoaparticularcountryorgeographicregion.
4. Test,test,test:Evenwhenpublishedreferencearchitecturesexist,specificapplicationdeploymentsneedtobethoroughlytested.Diligenceintestingwillensuredesiredfunctionality,optimalapplicationperformance,andlowest-possibledeliverycost.
4.3 PerformanceandResourceConsiderationsApplicationperformanceisacriticalconsiderationwhendeployingInsuranceSuite.Factorsthataffectperformanceincludesystemresources,networkdesign,andloadcharacteristics.
4.3.1 SystemResourcesOneofcloud’smostcompellingfeaturesisitsabilitytodelivercapacityondemand.Ratherthanbuildingoutinfrastructurebasedonanticipatedcurrentandfutureneeds,cloudenablesuserstoscaleresourcesasneeded.Cloudalsoenablesadministratorstoadjustandoptimizeserviceelementsovertime.
ComputeResourcesCloudprovidersoffermanytypesofservervirtualmachines(VMs).VMvariablesincludenumberofCPUs,amountofrandomaccessmemory(RAM),networkbandwidthandqualityofservice(QoS),typeandcapacityoflocalstorage,andoperatingsystem.VMinstancetypesshouldbechosentobestsupporttheworkloadtheywillrun.Withcloudcomputing,VMsizingcanbeadjustedovertimethroughverticalscaling(largerinstances)and/orhorizontalscaling(moreinstances).Scalingiscoveredintheupcomingsection“ScalabilityConsiderations.”
Multi-tenantcloudenvironmentsmayexperienceresourcecontentionissues—oftenreferredtoasthe“noisyneighborproblem.”7Inresponse,somecloudserviceproviders(CSPs)offeravarietyofquality-of-service(QoS)options.Somealsoofferdedicatedorbare-metalservers.Theseareessentiallysingle-
7http://searchcloudcomputing.techtarget.com/definition/noisy-neighbor-cloud-computing-performance
22
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
tenantenvironments,althoughtheymayshareinfrastructureelementssuchascorenetworkingswitches.
StorageResourcesStorageselectionandconfigurationaffectoverallsystemperformance.Publiccloudstypicallyoffermultipletypesofstorage.Thefollowingareconsiderationsfordifferentstoragetypesinapublicclouddeployment.
• VMinstancestorage:Localinstancestorageistypicallyephemeral.Iftheinstanceisterminated,thestoragegoesaway.Whilethismaybesufficientforstatelessandnon-productionworkloads,othersrequirepersistentstorage.Itisalsoimportanttoselectinstancestoragewithsufficientinput/outputpersecond(IOPS)capability.
• Blockstorage:Cloud-basedblockstoragebehaveslikeastorageareanetwork(SAN)inon-premisesdeployments.StoragevolumescanbeattachedtoasingleVMatatimeandarepersistent.AvarietyofblockstorageoptionsaregenerallyavailablewithdifferentIOPSandthroughputoptions.
• Filestorage:Somepubliccloudvendorsofferfile-basedstoragethatcanbemountedbyoneormoreserverinstancesusingprotocolslikeCIFSandNFS.Inadditiontotheunderlyingstoragetechnology,performanceisaffectedbynetworkbandwidthandlatency.
• Objectstorage:Thisstoragearchitecturemanagesdataanditsassociatedmetadataasobjects.EachobjecthasauniqueURL,andstoragepoliciescanincludecapabilitiessuchasgeographicredundancyanddataretention.BecauseobjectstorageisusuallyaccessedthroughaRESTAPI,applicationsmustsupportthisaccessmethodbeforetheycanuseobjectstorage.Inaddition,thisaccessmethodmayresultinlowerperformanceduetonetworkoverhead.Objectstorageisusuallyfreefromvolumesizelimitationsandcanbeagoodchoiceforworkloadsincludingbigdata,contentdistribution,anddatabackup.
• Otherstoragetypes:Inadditiontotheprecedingstoragetechnologies,somecloudvendorsofferlow-costnear-lineandarchivestorage.Thiscanbeacost-effectivealternativetolong-termtape,optical,anddisk-basedbackupandarchivesystems.
4.3.2 NetworkDesignPubliccloudservicesaredeliveredoveranetwork.Theperformanceofcloud-basedapplicationsdependsonthecapacity,performance,robustness,andsecurityoftheunderlyingnetworkonwhichtheyarebuilt.
Networklatencyandbandwidthcanhaveaprofoundimpactonapplicationperformance.Increasingnetworkbandwidthisrelativelyeasy,butthishelpsonlytotheextentthatbandwidthisconstrained.8Networklatency,ontheotherhand,isdirectlyproportionaltodistance.Ifnetworklatencynegativelyaffectsapplicationperformanceanduserexperience,themosteffectivesolutionistomoveclosertousers.Cloudserviceproviderscanhelpbyofferingcapacityinmultiplegeographicregions.
Ifapplicationinfrastructurehassignificanthorizontalscale(coveredintheupcomingsection“ScalabilityConsiderations”),networkloadbalancers(NLBs)canbeusedtodistributeworktomultiplenodes.Thetypeofloadbalancersuseddependsontheworkload.Forexample,interactiveuserapplicationsoftenmaintainsessionstateandrequiresessiondrainingtopreventuserinterruption.Ontheotherhand,
8MikeBelshe,“MoreBandwidthDoesn’tMatter(much)”,https://goo.gl/61BEQG,2010.
23
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
webservicesnodesthatprocessrequestsfrominsuranceaggregatorsites,forexample,areessentiallystateless,socomponentnodescanbeaddedandremovedasnecessary.
Finally,mostcloudserviceprovidersofferprivateconnectivityservices.ExamplesincludeAWSDirectConnect,9AzureExpressRoute,10andGoogleDirectPeering.11Somearebasedonlayer2VLANswhileothersrequirelayer3BGPconfiguration.Allofferprivateconnectivitybetweenthecloudserviceprovider(CSP)andtheconsumer.Circuitbandwidthoptionsrangefrom100Mbpsto10Gbps,andmultiplelinkscanbeaggregated.CircuitlatencydependsonthedistancebetweentheaccesspointandtheCSPdatacenter.Inadditiontogreatersecurityandbandwidth,privatecloudconnectivityoftenhassubstantiallylowerdataegresscharges.
4.3.3 LoadCharacteristicsComputingworkloadshavemultiplecharacteristics,allofwhichcanimpactoverallperformance.
Capacity:Resources(compute,memory,storage,networkbandwidth)thatareneededtodeliveraunitofwork(transaction,session,andsoon)withinadesiredperiodoftime
Security:Howinformationisstored,accessed,transmitted,andused(considerationsincludingcompliance,datasovereignty,encryption,andsoon)
Reliability:Theimpactiftheserviceisunavailableforaperiodoftime
Readvs.Write:Theproportionofdatathatisreadfromadatasourcecomparedwithwhatiswritten;hasimplicationsforstoragedesignandcapacitygrowth,andalsoaffectswheredataneedstobelocated
Variability:Theapplicationloadpatternovertime,asillustratedintheFigure11.
Figure11ApplicationLoadPatterns
9https://aws.amazon.com/directconnect/10https://azure.microsoft.com/en-us/services/expressroute/11https://cloud.google.com/interconnect/direct-peering
24
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
4.4 ScalabilityConsiderationsScalabilityistheabilitytoadjustavailablecapacityinanticipationof,andinresponseto,changesindemand.Thetwomaintypesofscaling—horizontalandvertical—canbecombined.
• Horizontalscalingisachievedbyadjustingthenumberofnodesofagiventype.Forexample,applicationnodescanbeadded,eachrunninganidenticalPolicyCenterapplication,withuserrequestsroutedtothedifferentnodesbyaloadbalancer.
• Verticalscalingisachievedbychangingtheresourcesofanexistingnode.Forexample,moreCPUsareaddedtoanexistingPolicyCenternode(byincreasingCPUcoresfrom2to4).
• Combinedscalingisacombinationofhorizontalandverticalscaling.
Figure12Verticalvs.HorizontalScaling
4.4.1 ScalingInsuranceSuiteintheCloudGuidewireapplicationssupportbothhorizontalandverticalscaling.Workloadsthatcanbedistributedacrossmultiplenodes(suchaswebandapplicationtiers)aregoodcandidatesforhorizontalscaling,whiledatabaseworkloadsgenerallyrelyonverticalscaling.Thissectioncoverscloudscalability,includingtypesandconsiderations.
HorizontalCloudScalingAswithphysicalinfrastructure,cloudcapacitycanbemanuallyaddedandremovedasneeded.Therealpowerofcloudscalability,however,istheabilitytoprogrammaticallyadjustresourcesbasedonload.Thiscapabilityiscalledautomaticscaling(auto-scalingforshort).
Auto-scalingdependsonsystemsmonitoringand/orrulestotriggerdesiredactions.Forexample,workloadscanbemonitoredforCPUandmemoryutilization.Ifausagethresholdisexceededforsomeperiodoftime,thesystemcanscalehorizontallybyaddingmoreserverVMs(scaleout).Byplacingnodesbehindanetworkloadbalancer(NLB),newrequestsaredistributedacrossmoreendpoints.Asloaddecreases,nodescanberemoved(scalein).
HorizontalScalingConsiderationsandBestPracticesAutomaticscalingisaverypowerfulcapability.Usedcorrectly,itcanoptimizeresourceutilizationandcosts.Ifmisconfigured,however,auto-scalingcanresultinrunawayresourceconsumptionand“thescarybill.”Thefollowingaresomeconsiderationsforensuringtheeffectiveuseofauto-scaling.
25
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
• Workloadcharacteristics:Workloadsthatarehighlyparallelizablearegoodcandidatesforauto-scaling.Thosethatinvolvelargemonolithicprocessesareusuallynot.
• Settingaminimumandmaximumnumberofnodes:Nodeminimumsestablishabaselineofavailablecapacity.Theyalsopreventprocessesfromshuttingdowntoomany—orpossiblyall—nodeswhenloadisverylow.Settingamaximumnumberofnodesisalsoveryimportant.Thispreventsrunawayconsumptionduetoamisconfiguredormalfunctioningmonitor,orresultingfromanexternaleventsuchasadenial-of-serviceattack.Allowingnodeincreaseswithoutapresetmaximumcanresultinmassivecostoverruns.
• Delaytimers.Althoughcloudcomputingoffersrapidelasticity,itstilltakestimetobringupadditionalVMs.Duringsystemstartuptime,monitoringtriggerswillstillindicateinsufficientresourceavailability.Adelayor“cooldown”timerisanauto-scalingfeaturethatwaitsapresetamountoftimeafteratriggereventbeforerespondingtoadditionalscalingevents.
• Effectivescale-down.Whiletherulesforscalingupareusuallyclear,noderemovalfromascalingclustermustbedonewithcare.Scale-downissimplestwithstatelessworkloads.Ontheotherhand,noderemovalforworkloadsthatmaintainsessionorstateinformationcanresultinlostworkandfrustratedusers.Inthelattercase,sessiondraining—essentiallywaitingforallworktocompleteonanodebeforeturningitoff—isagoodpractice.NotallcloudNLBservicessupportsessiondraining.Ifthiscapabilityisneeded,athird-partyloadbalancermayberequired.Manythird-partyloadbalancersareavailableasVMsthatcanberuninthecloud.
VerticalCloudScalingWithmostcloudserviceproviders,userschooseaVMsizewheninstantiatingaserverfromabaseimage.IftheVMneedstoberesized,theprocesscanbeassimpleasshuttingdowntheinstanceandre-creatingitwithalargerorsmallerinstancesize.Persistentblock,file,and/orobjectstorageisre-attached,andverticalscalingiscomplete.Thisprocessrequiresasystemrestart,soitshouldbeperformedduringanapplicationmaintenancewindow.
Somecloudserviceproviders(suchasEMCVirtustream)enabletheverticalscalingofinstancecapacitydynamicallywithnodowntime.
VerticalScalingConsiderationsandBestPractices• Thesystemrootdevicemaybelocal,ephemeralstorageorpersistentstoragemountedat
startup.Forsystemsthatwillbescaledvertically,onlypersistentstorageshouldbeusedfordatathatmustberetainedbetweenscalingevents.
• NotallVMtypesareinterchangeable.Besuretocheckforcompatibilitybeforeattemptingtomigrateaninstance.
• Administratorsshouldperformapplicationperformanceprofiletestingtomakesurethatcapacityscalingofonetierdoesnotadverselyimpactothertiers.
CombinedCloudScalingItispossibletoscalecloudservercapacitybothhorizontallyandvertically.Themostcommonusecasewouldbetoincreasethenodesizeofanauto-scalingcluster.Thiscanbedonewithoutdowntimebychangingtheauto-scalingnodeconfiguration.Newnodescanbeintroducedandoldnodescanberemoveduntilallnodeshavethenewconfiguration.Aftertheprocessiscompleted,thenumberofnodesinthegroupcanbeadjustedbasedonthenewcapacity.
26
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
CombinedScalingConsiderationsandBestPractices• Itisgenerallydesirableforallnodesinanauto-scalinggrouptobeofthesamesize.Forthis
reason,itmaybepreferabletoperformverticalscalingofnodesduringamaintenancewindow.• Auto-scalingtriggersaswellasminimumandmaximumnodecountsshouldbereviewedand
adjustedwhenperformingcombinedscaling.
4.4.2 WebUITierScalingChangestobusinessvolumesmayhaveanimpactontheresourcerequirementsofthewebuserinterface(webUI)tier.Becauseofthis,thewebUItierisacandidateforscalingifvolumesarehighenough.
HorizontalScalingSincerequestsforstaticcontent(aswellasloadbalancingandreverseproxythatmaybeperformedatthewebserver)arestatelessinnature,thewebUItiercaneasilyscalehorizontallybyaddingadditionalidenticalnodes.BecausewebserverworkloadsassociatedwithGuidewireproductsaretypicallysmall,theremaybelittleneedtoconsiderhorizontalscalingpastacertainminimumnumberofnodes.ThewebUIserversareusuallyplacedbehindaloadbalancer,andtheydonotstoreanytransactionaldata.Asaresult,horizontalscalingbothinandoutshouldbestraightforward.
VerticalScalingBecausetheworkloadsassociatedwithservingstaticcontentandrequestrouting—thewebserverworkloadsassociatedwithGuidewireproducts—aretypicallysmall,thereislittlereasontoconsiderverticalscalingafterproductionloadrequirementsareestablished.
4.4.3 WebServicesScalingThewebservicestierisusedbyexternalapplicationsforprogrammaticrequestprocessing.
HorizontalScalingHorizontalscalingofthewebservicestiercanbeaccomplishedbyplacingwebserverinstancesbehindaloadbalancerthatacceptsHTTPSrequestsfromexternalapplicationsandthatmakecallstotheGuidewireapplications.Thistierisdeployedinaprivatesubnetandshouldonlyacceptincomingrequestsfromtheloadbalancer.Asnodesareaddedandremoved,theloadbalancerautomaticallydistributestraffictotheavailablenodes.
VerticalScalingWebservernodescanbescaledupordowndependingonbasesystemload.Forexample,iftheminimumnumberofnodesintheclusterarehighlyutilizedmostofthetime,itmaymakesensetoincreasethenodesize.Similarly,ifnodesareverylightlyused,theycanbemadesmaller.
4.4.4 ApplicationTierScalingResourcerequirementsoftheapplicationtierareverysensitivetobusinessvolume.LoadchangestypicallyimpacttheCPUandRAMresourcerequirementsofthistier.
HorizontalApplicationTierScalingTheapplicationtiercanscalewellhorizontallybyaddingadditionalnodesofthesamesizetoanexistingGuidewirecluster.Thiscanbeaccomplishedbycreatinganauto-scalinggroupthatgrowsandshrinksinresponsetodemand.Addingaverylargenumberofnodesincreasestheclusteringoverheadduetoincreasednetworkmessages—mostlyrelatedtonodehealthandcacheeviction.Appropriate
27
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
configurationoftheclusteringsubsystemcangenerallyremedysuchoverheads,atleastuptoverylargescales.
Scaleoutoftheapplicationtierissimple.Morenodesareaddedbehindaloadbalancer,whichdistributesrequestsacrossavailablenodes.Becauseapplicationserversarenotstateless,scaleinrequiresmorecare.Theenvironmentshouldbeconfiguredwithaloadbalancerthatsupportssessiondrainingandsessionstickiness.Topreventuserinterruption,allin-processsessionsonanodeshouldbeallowedtocompletebeforethenodeisbroughtofflineandterminated.
VerticalApplicationTierScalingVerticalscalingcanbeachievedbychangingtheVMinstancetypeoftheapplicationnodetoonewithmoreappropriateresources(CPU,memory,andsoon).Whenthisisdone,itisgoodpracticetoadjusttheassociatedapplicationJVMsettings.
4.4.5 DatabaseTierScalingDatabasetierutilizationissomewhatsensitivetosignificantbusinessvolumechanges,buttypicallylesssothantheapplicationservertier.
HorizontalDatabaseScalingForOracleimplementations,OracleRealApplicationClusters(RAC)canbeusedforhorizontalscalingbyaddingmultipleRACnodestoaRACcluster.However,despitethefactthatmanycloudprovidersofferreferencematerialsfordeployingOracleRACintheirclouds,thesedeploymentsaregenerallynotcertifiedbyOracle.Oracle’sowncloudistheonlyexception.Todate,GuidewirehasobservedthatOracleRACdoesnotprovidebetteroverallthroughputthananequivalentlysizedsingledatabasenode—probablyduetotheincreasedoverheadoflockingandsynchronizingdataonothernodes.Also,OracleRACisnotsupportedforallGuidewireproductsandversions(refertotheappropriateGuidewireProductSupportMatrix).
VerticalDatabaseScalingVerticalscalingisthepreferredscalingapproachforthedatabasetier.Databasevendorssupportverticalscalingverywell,andthisisthetypicalwaytoaccommodateincreasingdatabaseloads.Moreresources(CPU,memory,disk,IO,andsoon)canbeaddedtoanexistingdatabaseserverinstance.Asofthiswriting,MicrosoftSQLServerandOracleDatabase(non-RAC)supportonlyverticalscaling.
Becausetypicaldatabaselicensingcostsforcloud-baseddeploymentsarebasedonthenumberofvCPUs,verticalscalingmayresultinadditionaldatabaselicensingcharges.
4.4.6 StorageTierScalingStoragetierutilizationissomewhatsensitivetosignificantbusinessvolumechanges,butistypicallylesssothantheapplicationservertier.Changesinbusinessvolumemayimpacttheresourcerequirementsofthestoragetier,butatamuchslowerratethanwiththeapplicationservertier.Certaininfrequentloads,suchasadatabaseupgrade,cansignificantlyincreaseresourceutilizationinthistier.
Cloudvendorsofferarangeofstorageserviceswithdifferenttechnology,performance,andaccesscharacteristics.BlockstorageistheprimarymeansofstoringandaccessingdatainInsuranceSuite.Itisclassifiedintermsofcapacity,input/outputrate(IOPS),throughput,andcost.Ofthesefactors,capacityandIOPShavethemostsignificantimpactonapplicationperformance.
28
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
HorizontalStorageScalingCloud-basedblockstorageisconfiguredasvolumes.Formostuses,Guidewirerecommendsindividualstoragevolumesforsimplicity.Ifhighercapacityorperformanceisrequired,multiplevolumescanbecombined.UtilitiessuchasOracleAutomaticStorageManagement(ASM)andLinuxLogicalVolumeManager(LVM)canbeusedtomanagemultiplevolumes.RAIDvolumescanalsobeused,althoughtheypresentsomedrawbacks.RAID0isfragile,andsnapshotsrequirecomplexconfiguration;RAID1halvesavailablestoragebandwidth;andRAID5/6loses20%to30%ofusableI/Otoparity.ThetableinFigure13listscommonRAIDconfigurationsandcharacteristicsforAmazonElasticBlockStorage(EBS).
Figure13AWSRAIDConfigurations
Configuration Use Advantages Disadvantages
RAID0 WhenI/OperformanceismoreimportantthanfaulttoleranceExample:Aheavilyuseddatabasewheredatareplicationisalreadysetupseparately
I/Oisdistributedacrossthevolumesinastripe.Ifyouaddavolume,yougetthestraightadditionofthroughput.
Performanceofthestripeislimitedtotheworst-performingvolumeintheset.Lossofasinglevolumeresultsincompletedatalossforthearray.
RAID1 WhenfaulttoleranceismoreimportantthanI/OperformanceExample:Acriticalapplication
Saferfromthestandpointofdatadurability
Thereisnowriteperformanceimprovement.RAID1requiresmoreAmazonEC2toAmazonEBSbandwidththannon-RAIDconfigurationsbecausedataiswrittentomultiplevolumessimultaneously.
VerticalStorageScalingBlockstoragevolumesizecanbedecreasedorincreaseduptothemaximumsetbytheprovider.Vendorsmayormaynotofferprogrammaticwaystodothis.Iftheprocessmustbedonemanually,thetypicalapproachistoperformthefollowingsteps:
1. Createabackupofexistingdatabyusingbackupsoftwareorbytakingasnapshot.2. Createanewstoragevolumewiththedesiredsize.3. MountbotholdandnewvolumestoatemporaryVMinstanceandcopydatafromoldtonew.4. ShutdownthetemporaryinstanceandremountthenewinstancetotheoriginalVM.5. Whenalldatahasbeenverified,deletetheoldvolume.
4.4.7 LoadBalancerScalingChangestobusinessvolumesgenerallydonothaveasignificantimpactontheresourcesneededbytheloadbalancingtier.Althoughincreasingthetransactionvolumesplacesahigherloadontheloadbalancer,production-gradedevices—whenusedtosupportGuidewireapplications—usuallyprovidesomuchexcesscapacitythatperformanceinthistierremainsstableevenatveryhighworkloads.
29
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
HorizontalScalingAsingleproduction-gradeloadbalancerisnormallysufficienttosupportaGuidewireimplementation.Foraddedredundancy,somecustomersmaynonethelessusemultipleloadbalancers,whicharethemselvestypicallyload-balancedinanactive/activeconfigurationbyaDNSsystemupstream.
VerticalScalingVerticalscalingofaloadbalancer(byaddingmoreCPUorRAMresourcestoit)isusuallynotneeded.
4.5 AvailabilityConsiderationsThissectioncoverstheavailabilityofInsuranceSuiteapplicationswhenrunninginapubliccloud.Availabilityisdefinedasthepercentageoftimethatasystemiscapableofperformingitsintendedfunction.Periodsofunavailability,calleddowntime,arecausedbythelossofoneormorecriticalelementsorsubsystems.Individualelementsthatcancausedowntimeoftheentiresystemarecalledsinglepointsoffailure(SPOFs).RobustapplicationdesignseekstoeliminateSPOFsandtolimitfailuremodes.Italsoincorporatesinstrumentationandactivemonitoringofinfrastructureelementstodetectandrespondtoabnormalconditions.
4.5.1 High-AvailabilityStrategiesFromanapplicationperspective,high-availability(HA)strategiesofteninvolvesomeformofclustering.Clustersizecanbestaticordynamic(dynamicclusterswerecoveredinthesection“ScalabilityConsiderations”).Thepropertiesofcomputerclusters12varydependingontheirobjectives.HAclustersaregenerallyclassifiedintothefollowingcategories.
Active/Active:Strategieswheremultiplenodessimultaneouslyshareworkloadprocessing.Ifonenodefails,theothernodescontinuetoprocesswork.ThisformofHAalsoprovideshorizontalscalability.Guidewireonlinenodesareinthiscategory,asareGuidewiredatabasenodesthatrunOracleRAC(exceptforRACOne).MicrosoftSQLServerAlwaysOnAvailabilityGroupsenableasecondaryread-onlynode,whichisnotfullyactive/active.
Active/Passive(alsocalled“Active/Failover”):Strategieswhereoneormoresecondary(alsocalled“backup”)nodescanreplacetheprimarynodeifitfails.Passivenodesareusuallyonlineatthetimeofthefailure,andthepromotionofafailovernodetoprimarymaybeamanualorautomatedprocess.GuidewiredatabasenodesthatrunonMicrosoftSQLServerorOracleDatabasecanbesetupinanactive/passiveconfiguration.
4.5.2 WorkloadDistributionandPlacementManypubliccloudprovidersoffermultipleservicelocationsorzoneswithinageographicregion.Insuchcases,servicenodescanbedistributedacrossmultiplezones.Thiscanprotectagainstthelossofanindividualzone.However,notethefollowinglimitationsandcautions:
• Lossofazoneresultsindroppedsessionsforactiveusersinthatzone.• Theloadbalancertiershouldbeconfiguredtodistributetrafficacrosszonesbasedonloadand
performancemetrics.Ifazoneislost,theloadbalancershoulddirectallnewtraffictotheremainingnodes.
12Fordetails,seehttps://en.wikipedia.org/wiki/Computer_cluster.
30
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
• Distributedapplicationtiernodesmuststillcommunicatewithaback-enddatabase.Fortheapplicationtocontinuetofunction,alltiersmustbeabletorecoverfromazonefailure.(Seethesection“HAfortheDatabase”forwaystomitigatethisrisk.)
• Networklatencybetweenzonescannegativelyimpactapplicationperformance.Forthisreason,performancestresstestingshouldbeperformedonanyconfigurationthatdistributesnodesacrossmultiplelocationsorzones.
4.5.3 HAfortheApplicationTierHAforapplicationnodescanbeaccomplishedbydistributingclusternodesacrossmultiplezones.Nodesshouldbedistributedsothatsufficientcapacityremainstohandletheapplicationworkloadifazoneislost.Forexample,iffournodesareneededtohandletheapplicationworkloadandtherearethreezones,aminimumoftwonodesshouldbedeployedtoeachzone.Ifallzonesareavailable,sixnodeswillbeactive.Ifazoneislost,therewillstillbefouractivenodes.Nodescanbepartofanauto-scalinggroupthatscalesoutandindependingonload,withnodesdistributedequallyacrosszones.Theclusterisplacedbehindaloadbalancer,whichdistributesworktotheactivenodes.
4.5.4 HAfortheDatabaseActive/activeHAofthedatabasetiercanbeachievedusinghorizontalscalingwithOracleRAC.OneormoreadditionalRACnodes(buttypicallyonlyone)areaddedabovetherequiredminimum.Theseareclusteredwiththeothernodesandshareworkload,providingactive/activeHA.Somepubliccloudproviders(suchasAmazon)offerdocumentationfordeployingOracleRAC,buttheonlycloudthatOracleofficiallysupportsisOracleCloud.13
Active/passiveisacommondatabaseHAstrategy.GuidewiredatabasenodesthatrunonMicrosoftSQLServerAvailabilityGroups,oronOracleRACinaRACOneconfiguration,areinthiscategory.OracleDataGuardcanbeusedinmostpublicclouds.Whendeployedacrossmultiplezones,DataGuardenablesrapiddatabasefailover.
13Formoreinformation,seehttps://aws.amazon.com/articles/7455908317389540andhttp://www.oracle.com/technetwork/database/options/clustering/overview/rac-cloud-support-2843861.pdf.
31
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
4.5.5 HAforStorageForapplications,theimpactofdatalosscanbesevere.ThetableinFigure14listscommonwaystomitigatestoragerisk.Additionalinformationisprovidedinthesection“DisasterRecoveryConsiderations.”
Figure14DataProtectionApproaches
Technology ConsiderationsRAIDarrays RAIDtechnologygroupsstoragedevicesintoarraysthatofferimprovedresiliency
and/orperformance.ThevariousRAIDlevelsprovidevaryinglevelsofperformanceandprotection.Someprotectagainstasingledrivefailure,whileotherscanhandlethefailureofmultipledevices.Mostwillincuraperformancepenaltywhenrecoveringfromafailure.Theindependentstoragevolumesinacloud-basedRAIDgroupareusuallyalreadyvirtualized.Managementofcloud-basedRAIDarraysisusuallyperformedbyasoftwareRAIDcontrollerthatispartoftheserveroperatingsystem.SoftwareRAIDisusuallyslowerandhasmorelimitationsthanhardware-basedRAIDcontrollers.
DataBackup Backupandrecoveryservicesarethemostcommonmeansofprotectingdata.Databackuptechnologiesincludetape,disk,andcloud-basedtargets.Abackupapplicationmanagesacatalogofbacked-upfilesandobjects.Italsohandlesdataencryptionandaccess.Manybackupapplicationsareabletoworkwithcloud-basedtargetsfordatabackup.
Snapshots Snapshotsareessentiallyincrementalbackupsofexistingvolumes.Theycapturechangestodatablockssincethelastsnapshotandenablerapidpoint-in-timecaptureofthestateofadatavolume.Mostpubliccloudprovidersofferdatasnapshottingcapabilitiesthatenablerapidcopy,rollback,andrecoveryofdatavolumes,oftentodifferentzones.Snapshotscanalsobereplicatedbetweenregionsfordisasterrecovery.
Replication Datareplicationistheduplicationofdatatomultiplelocations.Thismakesdatarecoverypossibleiftheprimarysiteislost.Avarietyofdatareplicationtoolsareavailable(vendor-specificaswellasOpenSource).Manycloudprovidersalsoofferintra-regionandinter-regionreplicationservices.
Archiving Dataarchivinginvolvestheextractionofinfrequentlyaccesseddataforlong-termstorage.Thisisoftendoneforregulatorycomplianceaswellasforfreeingupcapacityonexpensive,high-performancestorage.Archivingtoolscreateread-onlycopiestoensurethatdatacannotbechanged.Thespeedofaccessingarchiveddatacanvaryfromnear-real-timetohoursorevendays.Somepubliccloudprovidersofferarchivalstoragethatissignificantlylessexpensiveandmorereliablethanlegacyequivalents.
4.5.6 HAfortheFront-EndTierAddingasecondloadbalancerforredundancy(HA)iscommonpractice.Thisisusuallyconfiguredinanactive/activepair.
4.5.7 MonitoringMonitoringisakeyconsiderationwhendeployingapplicationsinapubliccloudenvironment.Activemonitoringandmanagementofalllayersoftheapplicationstackarerequiredforreliabilityandeaseoftroubleshooting.Attheapplicationlayer,GuidewireapplicationsincludeManagementBeansthatcanbeintegratedwithsystemsmonitoringandalertingtoolsaswellasprocessworkflows.
Cloudserviceprovidersoffermonitoring,alerting,andworkflowaspartoftheircatalogofservices.ThechoiceofwhethertouseCSP-providedservicesorotherproductsmaybebasedonexistingsupport
32
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
toolsandprocesses.Fororganizationsthatalreadyhaveanestablishednetworkoperationscenter(NOC)andmonitoringapplication,itcanbemoreexpedienttoextendexistingmonitoringtothecloud.Withgreenfieldenvironments,cloud-nativemonitoringservicesareofteneasiertodeployandintegrate.
Anotherfactortoconsiderwhenchoosingmonitoringtoolsisservicedependencies.Forexample,automaticservicescalingmaybetriggeredbysystemevents—CPUormemoryload,nodefailure,orotherinfrastructure-relatedtriggers.Thismaynecessitatetheuseofsomecloud-basedmonitoringservicesevenwhenthird-partytoolsarealsodeployed.
Finally,application-specificmonitorsshouldbeconfiguredtodetectissuesandnotifyoperatorswhenabnormalbehaviorisidentified.Forexample,InsuranceSuite9canbeconfiguredtosendalertsbasedonclusterefficiencyandreliability,applicationevents,andoperationalhistory.
4.6 DisasterRecoveryConsiderationsUnlikeavailabilityplanning,whichfocusesonavoidingdowntime,disasterrecovery(DR)planningfocusesonrespondingtothelossofprimaryprocessingcapacity.Thistypicallyinvolvesthecompleteduplicationofallsystems,software,anddataatasecondarylocation.DRplanningincludesdetailedproceduresthatshiftprocessingtothefailoversiteaswellasongoingprocessestoensurethatprimaryandDRsiteconfigurationsarekeptinsync.
BecauseDRplanninginvolvesconsiderabletime,effort,andexpense,businessownersmustdecidewhatlevelofDReffortandinvestmenttheyarewillingtomake.DRinvestmentisjustifiedtotheextentthatitmitigatesanticipatedbusinesslosses.Thisisusuallybasedonsomeformofbusinessimpactanalysis(BIA).TwokeyoutputsofaBIAareapplicationrecoverytimeobjective(RTO)andrecoverypointobjective(RPO).
4.6.1 RTOandRPORecoverytimeisthedurationthatanapplicationorbusinessprocessisunavailable.InaDRcontext,itincludesthetimerequiredtodetectanddeclareadisasteraswellasthetimetoswitchprocessingtoasecondarysiteandrestoretheapplicationtoaknowngoodstate.
Therecoverypointobjectiveisthemaximumallowabledataloss.Fortransactionalapplications,thisincludeslosttransactions.Althoughbusinessownersdonotwanttoloseanydata,ashorterRPOmeanshigherDRcosts.
4.6.2 Cloud-BasedDRPubliccloudserviceproviderscansignificantlyreducedisasterrecoverycostsandcomplexity.RentingcapacityfromaCSPenablescompaniestoavoidthelargecapitalandongoingoperationalexpenseofbuildingoutaduplicatedatacenterandcorrespondingITinfrastructureinanotherlocation.Largeprovidersnotonlyoperateinmultiple,geographicallydiverseregions;theyalsoofferautomationtoolstosimplifydeployments.AllserverimagesandcurrentsourcecodemustbeavailableinthetargetDRregion.Adatabasecopymustalsobemaintained,withadatareplicationfrequencythatmeetstheRTOandRPOrequiredbythebusiness.Additionaladministrativefilessuchasbootstrapscriptsshouldalsobeincluded.Allfilesthatarerequiredfordeploymentorongoingoperationsshouldbereplicatedinthefailoverregion(seethefollowingsection).ThisprocessshouldbeautomatedtoensurethatprimaryandDRenvironmentsarekeptinsync.
33
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Althoughlargecloudprovidersmaintainsubstantialexcesscapacity,thereisstillariskthatdemandresultingfromawidespreaddisastermightoutstripsupply.SomeCSPsallowcustomerstooffsetthisriskbypre-purchasingreservedcapacity.TheresultingdecreaseinriskcanoftenjustifythecorrespondingincreaseinDRcosts.
4.6.3 DataManagementforDROneofthemainDRchallengesisthereplicationofapplicationdatatotheDRsiteatafrequencythatmeetsthedesiredRPO.ThissectioncoversanumberofDRdatamanagementoptions.
DataReplication
Asmentionedinsection4.5.5“HAforStorage,”replicationcopiesdatatomultiplelocations.Replicationissynchronousifthedatainalllocationsisidenticalatalltimes.Forperformancereasons,synchronousdatareplicationistypicallylimitedtodistancesof100kmorless.Asynchronousreplicationinvolvesperiodictransfersofchangeddata.TheintervalbetweentransfersistheprimarydeterminantoftheRPO.
LogShipping
“Logshippingistheprocessofautomatingthebackupofadatabaseandtransactionlogfilesonaprimary(production)databaseserver,andthenrestoringthemontoastandby(replica)server.”14MicrosoftSQLServersupportslogshipping.Oracle’simplementationoflogshippingisbrandedasOracleDataGuard.
Thelogshippingprocesscanbeclassifiedasfollows:
• Synchronouslogshipping:Transactiondatafromtheprimarylogissent,andacommitacknowledgementisreceivedfromthereplicabeforethetransactioncommitsontheprimarysystem.
• Asynchronouslogshipping:Transactiondatafromtheprimarylogissent,andthetransactioncommitsontheprimarysystem.Thetransactionislaterreplayedfromthelogfile,andacommitisacknowledgedonthereplica.
Ofthesetwostrategies,asynchronoushasbetterperformancebecausetheprimarydatabasedoesnotwaitforacommitacknowledgementfromthereplica.Thiscan,however,resultinsomedataloss.BecauseGuidewireapplicationscanhaveahighrateofdatachange,asynchronouslogshippingisusuallythepreferredoption.
Storage-LevelReplication
Mostenterprisestoragevendorshaveproprietarytoolsforstoragemanagementandreplication.Suchtechnologiescanbeanattractivealternativetologshipping,becausethey:
• Operatedirectlyinthestoragetier,andsodonotplaceadditionalloadonthedatabase• Havemoregranularmirroring,versioning,andsnapshottingcapabilitiesthanlogshipping
(Thiscanbeimportantifdatabecomescorrupted,especiallyifthecorrupteddataissubsequentlyreplicated.Insuchcases,versioningandsnapshotsallowrollbacktoaprior,known-goodstate.)
14Formoreinformation,seehttps://en.wikipedia.org/wiki/Log_shipping.
34
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
• Canmaintainlogicalconsistencybetweenreplicasofmultipledatasets
On-premisesphysicalstoragearraysareanotherwaytomaintainapplicationdata.Bothstorageandcloudvendorsofferstoragegatewaystointerconnecton-premisesandcloud-basedstorage.Inaddition,someenterprisestoragevendorsoffercloud-basedvirtualappliancesthatsupporttheirproprietarystorageutilities.Thisenablesintegrationbetweenon-premisesandcloud-basedstoragearrays.Finally,itispossibletointegratephysicalstoragedeviceswithpubliccloudsoverlow-latency,high-bandwidthnetworklinks,allowingdatatoresideonphysicaldeviceswhileusingcloud-basedcomputeandrelatedservices.NetAppPrivateStorageforCloud15isanexampleofthistechnology.
4.7 SecurityandComplianceConsiderationsInformationsecurityfocusesontheprotectionandsafemanagementofinformationsystemsanddata.ThissectioncoverssecurityandcomplianceconsiderationswhenInsuranceSuite9runsinapubliccloudenvironment.
4.7.1 SecurityPrinciplesAlthoughinformationsecurityencompassesawiderangeoftopicareas,itisguidedbyacoresetofunderlyingprinciples.
Limitedaccess:Usersshouldhaveaccesstoonlytheinformationandapplicationsthattheyneedfortheirroles.Systemelementsshouldbedeployedwitha“deny-all,permit-by-exception”approach.
Secureallelements:Oneweaknessinthesecurityperimetercancompromiseallothersecurityelements.Systemsecurityshouldbeimplementedforallelements,withno“backdoors”orexceptions.
Auditandlogallactivities:Activityloggingcoversallaspectsofoperations,includingphysicalaccesstofacilities,useraccesstosystemelements,andserverandapplicationlogs.Thisinformationisvaluableinbothdiagnosingapplicationproblemsandconductingforensicanalysisofsecurityissues.
Automateeverything:Thescaleandcomplexityofinformationvolumemakemanualmonitoringnearlyimpossible.Exceptionmonitoringandeventresponseshouldbeautomatedandtunedovertimetoensurethatallrelevantconditionsaredetectedandactedupon.
Manageallchanges:Inuncontrolledenvironments,configurationsdriftovertimefromestablishedstandards.Infrastructurethatisdrivenbytemplatesandcontrolledprocessesavoidthisproblem.Configurationsshouldbeperiodicallyauditedforcompliancewithtemplatesandstandards.
Defenseindepth:Thisprincipleinvolvesapplyingindependentsecuritymethodsateverylayeroftheapplicationstack.Theresultisthatanincursiontoonelayerdoesnotautomaticallyexposeunderlyinglayers.
4.7.2 IdentityandAccessManagement(IAM)Thegoalofidentityandaccessmanagementistoensurethatauthorizeduserscanaccesstheinformationandapplicationsthatareappropriatetotheirroles,andthatunauthorizedusersdonothaveaccess.Thisisaccomplishedusingcredentialswithcorrespondingmechanismsforcontrollingaccess.
15Seedetailsathttp://www.netapp.com/us/solutions/cloud/private-storage-cloud/.
35
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
CloudprovidersofferavarietyofIAMcapabilities,includingmanageddirectoryservices,federationwithexistingdirectoryservices,securitytokenservices,SecurityAssertionMarkupLanguage(SAML)integration,andfederatedidentityservices.Someoftheseservicesapplyonlytocloudinfrastructureelements,whileothersintegrateattheapplicationlayer.
Role-BasedAccessControlsForstandardizationandscalability,privilegemanagementshouldbedefinedbasedontheroleoftheuserorservice.Role-basedaccesscontrols(RBAC)enabletheefficientgroupingandcontrolofusersandresources.Useraccesscanbemanagedwithusergroups.Systemobjectscanbemanagedusingaccesscontrollists(ACLs).
Multi-factorAuthentication(MFA)MFAaddsanextrarequirementlayerbeyondsimplecombinationsofuserIDandpassword.Ithelpspreventwidersecuritybreachesifusercredentialsarecompromised.MostcloudvendorsofferMFAcapabilitiessuchasdevicesorapplications.CloudbestpracticesrequireMFAforprivilegedadministrativeaccounts—particularlythoseofrootorsuper-useridentities.
4.7.3 SecurityPerimeterManagementAninformationsystem’ssecurityperimeterisdefinedbythepointswheredatatravelsandthetypeofinformationthatisavailableateachpoint.Forexample,alaptopwithfilesthatcontainusers’personallyidentifiableinformation(PII)suchascreditcardnumbersandhealthinformationrecordsrepresentsapointinthesecurityperimeter.Ifthelaptopislost,theperimeterisbreached.Withcloudcomputing,theresponsibilityforsecurityfallsbothontheproviderandthecustomer.TheAWSSharedResponsibilityModelsaysthis:16
WhileAWSmanagessecurityofthecloud,securityinthecloudistheresponsibilityofthecustomer.Customersretaincontrolofwhatsecuritytheychoosetoimplementtoprotecttheirowncontent,platform,applications,systemsandnetworks,nodifferentlythantheywouldforapplicationsinanon-sitedatacenter.
Figure15AWSSharedResponsibilityModel
16Formoreinformationaboutthemodel,refertohttps://aws.amazon.com/compliance/shared-responsibility-model/.
36
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
NetworkSecurityTraditionalcorporatenetworksareprotectedusingphysicalandvirtualsecuritydeviceslikefirewalls,virtualprivatenetwork(VPN)concentrators,packetfilters,intrusiondetectionandpreventionsystems(IDSandIPS),andmobiledevicemanagementtools.Thesameistrueforclouddeployments,althoughsomeofthesewillbeservices.Aswithon-premisesdeployments,applicationtierscanbeseparatedbyfirewallstoformDMZs,withingressandegresscontrolledbyACLsandsecuritygroups.
NetworkaccesstocloudresourcesforadministrativepurposesisgenerallycontrolledusingeitheraVPNorencryptednetworksession.VPNendpointscanbehardware-orsoftware-based,andtheyformasecure,encryptedtunnelbetweencloudandcustomersystems.NetworksessionsoverSSHorRDPrelyonencryptionkeysforauthentication.Identitykeysmustbecloselycontrolled,ideallybyusingakeymanagementservice(KMS).
Manylargecloudprovidersalsoofferprivateconnectivity.Thesemayoperateatlayer2orlayer3ofthenetworkstack,andtheyprovidesecure,high-bandwidthconnectivitywithoutgoingthroughanetworkserviceprovider.Thistypicallyrequirestheestablishmentofanetworkedgelocationwithacolocationproviderthatprovidesdirectconnectivitytothecloudserviceprovider.Privateconnectivitycanhavetheaddedbenefitofreducingbothnetworkanddatatransfercharges.
CertificateManagementSecure,encryptedtransmissionofweb-basedtraffictypicallyinvolvesuseofSecureSocketsLayer(SSL)certificates.MostcloudserviceprovidersofferservicesforprovisioningandmanagementofSSLcertificates.Theyalsocanbeconfiguredwithcertificatesfromstandardcertificateauthorities.
IntrusionDetectionandPreventionAnintrusiondetectionsystem(IDS)comparestrafficwithknownattacksignaturesorotherabnormalbehavior.Anintrusionpreventionsystem(IPS)isessentiallyafirewallthatblockssuspicioustraffic.Bothsystemscanbeeithernetwork-basedorhost-based.IDSwatchesinboundandoutboundtrafficonanetwork,whileIPSwatchestraffictoandfromaserver.Inthecloud,IDSandIPScanrunasapplicationsorascloud-basedvirtualappliances.
4.7.4 DataProtectionandComplianceEncryptionandKeyManagementDataencryptioninvolvesconversionofdataintoaformatthatcannotbeunderstoodbyunauthorizedparties.Thiscanincludebothdataresidinginapersistentstoragevolume—knownasdataatrest—anddatamovingonthenetworkorwithinaserver—knownasdataintransit.ForclouddeploymentsofInsuranceSuite9,bothdataatrestanddataintransitshouldbeencrypted.
Encryptionofdataintransitiscoveredin“NetworkSecurity”intheprecedingsection.Encryptionofdataatrestcanincludebothclient-sideandserver-sidetools.Client-sideencryptiontoolsincludeoperatingsystemutilitiesandbothopen-sourceandcommercialapplications.Manycloud-basedstorageandrelatedservicesofferbuilt-inserversideencryption.Inaddition,manydatabasemanagementsystemsmanagedataencryptionandoffermoregranularcontroldowntothefieldlevel.
Dataencryptioninvolvestheuseofdataencryptionkeys.Managementofthesekeysisanintegralpartofdataprotection.Ifprivatekeysarelost,dataisirretrievable.Keyvaultingisawayofsafeguardingencryptionkeystocontrolaccesswhileensuringthatkeysarenotlost.Largepubliccloudvendorsofferkeymanagementservices(KMS)forcreating,controlling,andsafeguardingencryptionkeys.
37
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
DataSovereigntyDataprivacyandsovereigntylawsregulatewhatkindsofdatacanbemaintainedandwhere.Thereareanumberofpublicationscoveringdatasovereigntyasitrelatestoinsurancedata.Aparticularlyusefulreferenceis“DataSovereigntyandtheCloud:ABoardandExecutiveOfficer’sGuide.”17
Simplyput,cloudprovidersoperatephysicaldatacenters.Thesefacilitiesresideinalimitednumberoflocations,afactthatcanhavedatasovereigntyimplications.Ascoveredinthe“Locations”sectionof“SelectingaCloudServiceProvider,”locationisakeyconsiderationwhenplanningaclouddeployment.
DataLossPrevention(DLP)Datalosspreventionisanotherstrategyforsafeguardingdata.Unlikeencryptiontechnologiesthattreatalldataequally,DLPseekstopreventtheunauthorizedtransmissionofcertaintypesofdatabeyondthesecurityperimeter.DLPsystemscanalsomonitortrafficbetweensystemstodiscoverunusualorunauthorizedcommunications.
KeepingDataOutoftheCloudEvenwithencryptionandDLP,somecompaniesstilldonotwanttostoretheirdata—orsubsetsofdata—inapubliccloud.Insuchcases,itispossibletolinksystemsinanon-premisesorcolocationdatacenterwithpubliccloudservicesandresources.Thiscanbeaccomplishedinmultipleways.Oneoptionistouseacloudstoragegateway18thatlinksthestoragewiththecloudprovider.Inasimilarway,acompanycansetupaprivate,high-capacitylinkbetweenitsdatacenterandthecloudserviceprovider.Conceptually,thisinvolvesextendingthecorporatenetworkedgeintoacarrier-neutralhostingproviderthatoffersprivateconnectivitytocloudserviceproviders,asdepictedinFigure16.
Figure16PrivateConnectivitytotheCloud
Ifnetworklatencyandthroughputareissues,thisapproachcanbeaugmentedbydeployinganenterprisestoragearray(suchasNetApp,EMC,andsimilartools)inthethird-partydatacenterandlinkingittothecloudproviderusingprivateconnectivity.AnexampleisNetAppPrivateStorageforCloud19.Withthisarchitecture,thestorageprotocolcanbeblock(iSCSI)orfile(CIFS,NFS).Theresultis
17Thefullreportcanbeaccessedathttp://www.cyberlawcentre.org/data_sovereignty/.18Seehttps://en.wikipedia.org/wiki/Cloud_storage_gateway.19Seehttps://www.netapp.com/us/media/ds-3620.pdf.
38
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
datathatismanagedandmaintainedonaprivate,physicalstoragesystemwithapplicationserversandservicessuppliedinthecloud.
Fordatastoredinadatabase,somecloudvendorsofferservicesthatlinkon-premisesandclouddata.OneexampleisMicrosoftAzure’sSQLServerStretchDatabase.20
4.7.5 LoggingSystemandapplicationlogsareanimportantsourceofsecurityandoperationalinformation.Logsnotonlyprovideaudittrails;theyalsocontaininsightstoassistwithproblemtriageandprovideearlyindicatorsoffutureproblems.Loggingservicesconsolidatethelogoutputfromapplications,services,andinfrastructure,enablingthecollectivesearchandanalysisoflogdata.Becausesystemlogscancontainsensitiveinformation,accesstologrecordsshouldbecarefullycontrolled.Logsourcesandtypesinclude:
Networkdevices:Thisincludesfirewalls,routers,IPS,andsimilardevicesthatrecordtrafficbysource,destination,port,protocol,andrelatedinformation.Examplesofconditionstomonitorincludedistributeddenialofservice(DDoS)attacksorsubstantialtrafficfromcountrieswheretherearenocustomers.
Systems:Serversgeneratemanytypesoflogs,includingsecurity,application,operatingsystem,andperformance.Storagevolumesandrepositoriescanalsogeneratesignificantlogdata.Inthecloud,nodescaneasilybeadded,removed,orreplaced.Forthisreason,cloudsystemlogsshouldbecentralized.
Cloudservices:Cloudservicesoffervariouslevelsoflogging.Thiscanincludesystemandservicelogsaswellasbothinteractiveandprogrammaticaccess.Forneworhighlyvariableservices,thisinformationcanbeusedforsystemtuningandrefinement.Asservicesbecomemorematureandpredictable,itmaybepossibletoreducethelevelofloggingdetail.
APIcalls:AllAPIcallsshouldbeloggedandmonitoredforsuspiciousorabnormalactivities.Somecloudserviceprovidersofferthismonitoringasaservice.Forexample,AWSCloudTrail21providesahistoryofallAPIcalls.
LoganalyticsBecauseofthesheervolumeoflogdata,specializedtoolsareneededforloganalysis.ExamplesincludeSplunk,Loggly,andSumoLogic.Thesecanbepowerfultoolsformonitoring,alerting,andanalyzingsystemsoperationsandsecurity.
4.8 CostManagementDeployingInsuranceSuite9inthecloudrequiresadifferentapproachtoITcostmanagement.Cloudcomputingoffersawidearrayofservicesandpricingstructures,andusersmustpickandchooseservicesandoptions.Infrastructurecostsshiftfromthecapital-intensivepurchaseandprovisioningofhardwaretoconsumption-basedchargesforservicesused.
20Seehttps://azure.microsoft.com/en-us/services/sql-server-stretch-database/.21Fordetails,gotohttps://aws.amazon.com/cloudtrail/.
39
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
4.8.1 UsageAttributionThesinglemostimportantthingorganizationscandotomanagecloudcostsistotrackresourceusage.Becauseitisconsumedasservices,cloudusageiseasiertotrackthanphysicalinfrastructure.
ResourceTaggingThefirststepincloudcostmanagementisthetaggingofallresources.Tagsshouldbedefinedtoenableresourcetrackingandreporting.Resourcescanhavemultipletags,enablingmulti-dimensionalmanagement.ExamplesoftagtypesarelistedinFigure17.
Figure17CommonCloudResourceTagTypes
TagType UseApplication Tagallsystemsthatcompriseaparticularapplication.TierorRole Allowactionsonallsystemsofaparticulartype,suchasweb,app,database,
etc.Environment CreateenvironmenttagsforDev,QA,Prod,DR,andsoon.DepartmentorCostCenter
Enableeasycostreporting.
Version Trackdifferentapplicationversions.Criticality Monitorandrankfortriage.Automation Supportautomationactivitiessuchasperiodicshutdown,active-standby,etc.Security Defineandcontrolspecificsecuritylevels,accesscontrols,andactions.CustomerorProject Thisisparticularlyusefulinmulti-tenantenvironments.
Inaddition,tagscanbemandatoryoroptional.Acommonmanagementstrategyistomakeatleastonetagmandatory.Anyuntaggedresourcesareflaggedforremoval.Dependingontheenvironment,theremovalprocesscanbeautomaticormanual.
Chargeback,Showback,ShamebackCostchargebackhaslongbeenagoalofITdepartments.Thishasprovenchallenging,though,duetotheuseofsharedresourcessuchasdatacenters,corenetworkinggear,datastoragearrays,softwarelicenses,andadministrativestaff.Insteadofchargingspecificusersforactualconsumptions,costsareoftensimplyallocatedasaformof“corporatetaxation.”Asaresult,usersdonotdirectlyseethecostimpactoftheiractionsanddonotfeelcompelledtomanageconsumption.Bycontrast,cloudenablesmuchmoreprecisealignmentofusageandcosts.
Tagginggreatlysimplifiesthereportingofcloudresourceusage,whichcanbetrackedinanumberofways,includingbuilt-incloudserviceproviderreports,standardanalysisandreportingapplications,andspecializedthird-partyapplications.
SharedMonitoringandOperationsCostsWhilemanycostsofcloudoperationsaredirectlyattributabletoaparticularapplicationenvironment,someexpenseswillcontinuetobeshared.Theseshouldbeincludedinanycloudeconomicanalysis.Examplesofsharedcostsinclude:
• Systemsadministrators,architects,andrelatedpersonnel• Monitoringandsupportsystemsandpersonnel• Integrationswithon-premisessystemsandtools• Networkconnectivitycharges• Datareplicationandothercostsrelatedtodisasterrecovery
40
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
QuotasandApprovalWorkflowsForusers,oneofcloudcomputing’smostappealingfeaturesisself-service.Whilethisisagreatconvenience,ifunmanageditcanalsoleadtoasubstantialincreaseinresourceconsumption.Topreventrunawaycloudcosts,itisagoodpracticetoinstitutequotalimitsaswellasrequestapprovalprocesses.UnliketraditionalIT,however,theseprocessesaredesignedanddrivenbybusinessconsiderationsratherthantechnicalrequirements.Somecloudvendorsofferrequestandapprovalservicesfortheirenvironments.Otheroptionsincludeservice-deskapplicationssuchasServiceNow22aswellasawidevarietyofcloudmanagementplatformapplications.23
4.8.2 CostControlCloudcomputinghasthepotentialtosignificantlylowerinfrastructurecosts.However,manyfirst-timecloudusersaredisappointedtofindthatcostsavingsarenotautomatic:savingmoneydoesrequireeffort.Billingforvariouscloudservicescanquicklybecomecomplex.Asaresult,unnecessaryandavoidablechargesmaygounnoticed.Andbecausebillingisbasedonusage,costschangewithload—whichcanresultinlesspredictability.Carefulmanagementofusageandspendingisneededtopreventunanticipatedmonthlycloudbills.
SettingBillingAlertsCloudprovidesuserswithcapacity-on-demand.Whilethisoffersagilityandflexibility,variableusagecanalsoleadtounexpectedusagespikesand“thescarybill.”Thiscanbeparticularlytrueforneworhighlyvariableworkloads.Forthisreason,cloudconsumersshouldestablishexpectedconsumptionthresholdswithcorrespondingalertsifthosethresholdsareexceeded.Manycloudvendorsofferprogrammaticbillingalertsasastandardservice.
IdentifyingUnusedandOrphanedResourcesAsoutlinedabove,resourcetagshelptoidentifyhowparticularresourcesareallocatedandused.Inon-premisesenvironments,itisverycommontouncoverorphanedsystemsthatcontinuetorunlongaftertheyareneeded.Whencloudenvironmentsareredesignedordecommissioned,allrelatedresourcesshouldbeauditedtomakesurethattheyarestillneededandthattheirtagsreflecttheircurrentroles.Resourcesthatarenolongerneededshouldbeshutdown.
Inaddition,resourcesshouldbemonitoredforutilizationandusefulness.Cloudstoragevolumesareoftengoodcandidates.Forexample,cloud-basedvirtualserversoftenhaveassociatedpersistentstoragevolumes.Evenwhenaserverinstanceisdecommissioned,itsstoragemaynotbe.Thesamecouldbetrueforbackupsandsnapshots,whichcontinuetoincurmonthlycharges.Identificationanddeletionofunneededstorageshouldbepartofaperiodiccostmanagementprocess.
ManagingConnectivityCostsCloudservicesarenetwork-based.Iftheyarelinkedwithon-premisesdataandsystems,connectivitychargescanbesubstantial.Thisisalsotrueifdataisreplicatedbetweencloudregionsforredundancyanddisasterrecoverypurposes.Networkcircuitsizingandcharacteristicsareimportantconsiderationsintermsofbothperformanceandcost.
22DetailsaboutServiceNowareathttp://wiki.servicenow.com/index.php?title=Cloud_Provisioning.23Seethetableathttps://www.whatmatrix.com/comparison/Cloud-Management-Platforms.
41
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Ascoveredinthe“KeepingDataOutoftheCloud”sectionofsection4.7.4“DataProtectionandCompliance,”privateconnectivitycansignificantlyreducenetworkcostswhileincreasingbandwidthandsecurity.TheconfigurationwasshowninFigure16.
UnderstandingLicensingandSupportCostsGuidewireprovidestheflexibilitytouseInsuranceSuite9licensesinbothon-premisesandcloudenvironments,withnoneedtopurchaseseparatelicenses.Customerswithexistinglicenseswhowanttomovefromanon-premisestoaclouddeploymentcansimplytransfertheirlicenses.
Somecloudservicesincludesoftwarelicensecosts.Forthosethatdonot,itisimportanttounderstandandcontrolsoftwarelicenses.Databasesareagoodexample.Optionsinclude:
• Self-installedandmanaged:Insuchcases,InsuranceSuitesupportsbothOracleDatabaseandMicrosoftSQLServer.Whenruninacloudenvironment,licensecostsforOracleDatabasearebasedonthenumberofvirtualcoresinvolved.24LicensecostsforMicrosoftSQLServerrunninginthecloud25aremorecomplex.Inbothcases,vendordiscountsshouldbenegotiatedaspartofanongoingenterpriseorvolumediscountagreementwiththerespectivevendor.
• ManageddatabaseservicessuchasAWSRDSorAzureCloudDatabaseasaservice:Thesemayincludelicensecosts,ortheymayoperateina“bringyourownlicense”model.
• Pre-configuredthird-partycloudinstanceswiththedatabasepre-installed:Theseareoftenavailableinthecloudprovider’smarketplaceandcanincludelicensechargesbasedonusage.
Inadditiontodatabases,otherapplicationsthatmayincurlicenseorsupportchargesincludemonitoring,logmanagement,applicationservers,reporting,middleware,andmanagementutilities.
Pre-purchasedandSpotCapacityAlthoughon-demandconsumptionofcloud-basedresourcescanbeveryconvenient,continuouson-demandconsumptioncanbeverycostly.Afterbaseloadpatternsareknownforeachworkload,cloudusersshouldconsiderpurchasingreservedcapacitythatmatchestheirbaseloadrequirements.Thiscanbesupplementedwithon-demandinstancesforvariabledemandfollowingavariationofthe“ownthebase,rentthespike”strategydescribedinthe“HybridCloud”sectionof“TypesofClouds.”Pre-purchasedinstancesofferdiscountedcapacityinexchangeforalonger-termcommitment.Asdescribedinthe“Cloud-BasedDR”sectionof“DisasterRecoveryConsiderations,”reservedcapacitycanhavetheaddedbenefitofbeingguaranteedifthecloudproviderexperiencescapacityconstraints.
Spotinstancesareanotheroptionforcontrollingcloudcosts.Basically,thisinvolvesbiddingonunusedcloudcapacity.Biddersmakeoffersforspecifictypesofinstances;acceptedofferscanbeusedatthebidprice.Sincethepricevariesbasedonavailabilityanddemand,spotinstancescangoawayatanytime.Forthisreason,theiruseshouldbelimitedtocompatibleworkloadssuchasloadtestingorhighlyparallelizedanalysisjobs.
CostManagementApplicationsManycompaniesoffercloudbillingmanagementapplicationsandservices,whichprovideenhancedchargebackandusagereporting.Pricingmaybefixed,permanagednode,orapercentageofthecustomer’scloudbill.Advantagesofthird-partycloudbillingapplicationscaninclude:
24ForOracleDatabaselicensing,seehttp://www.oracle.com/us/corporate/pricing/cloud-licensing-070579.pdf.25ForMicrosoftSQLServerlicensing,seehttp://download.microsoft.com/download/9/C/6/9C6EB70A-8D52-48F4-9F04-08970411B7A3/SQL_Server_2016_Licensing_Guide_EN_US.pdf.
42
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
• Abilitytoaggregatecostsacrossmultiplecloudserviceproviders• Usageanalytics• Customizabledashboards• Servicespendingoptimizationrecommendations• Securityandauditmonitoring
Popularcloudcostmanagementtoolsinclude:
• Cloudability(https://www.cloudability.com)• CloudCruiser(http://www.cloudcruiser.com)• CloudCheckr(http://cloudcheckr.com)• Cloudamize(http://www.cloudamize.com)• Cloudyn(https://www.cloudyn.com)• CloudHealthTechnologies(https://www.cloudhealthtech.com)
4.8.3 ConsumptionManagementClouduserspayfortheservicestheyconsume.Iftheywanttopayless,theyneedtouseless.Tocontrolcloudcosts,cloudcustomersmustcontrolconsumption.Oneofthemostimportantbehaviorchangesthatcloudenablesisbreakingthehabitofretainingsystemsaftertheirprimaryusehasbeenfulfilled.Thisiscommoninenvironmentswhereitisdifficultortime-consumingtoinitiallyobtaintheresources.Throughautomatedtemplatesandcapacityondemand,cloudenablesuserstoquicklyspinupsystemsandenvironmentsasneeded,whichmakescostlyhoardinghabitsunnecessary.
ScalingtoMatchDemandAsillustratedinFigure1,cloudcomputingenablesconsumerstoscalesystemsinfrastructureupanddowninresponsetodemand.Forworkloadswithsignificantloadfluctuation,scalingofferstremendousadvantagesovertraditionalIT.Ratherthanhavingtoestimatefuturedemandandbuildoutinadvanceofit,scalingprovidesflexibility.Italsoenablesaclearerunderstandingofcosts,sinceusagechargesareproportionaltovolume.
SettingResourceLimitsCloudelasticityisaveryappealingfeaturebutmustbecontrolled.Manycloudusershavehadtheunpleasantexperienceofrunawayscalingprocessesresultinginmuchhigherthannormalmonthlybills.Thesecanresultfrommisconfiguration,denialofserviceattacks,legitimatebutunusualtrafficspikes,andsimilarissues.Abestpracticeistosetlimitsonallowablenodesinacluster.Manycloudprovidersdothisbydefault,andcustomersmustrequestincreases.Inmakingtheserequests,customersshouldpickupperlimitsthatarewithintheirmaximumallowablebudget.Inextremecases,itmaybebettertoacceptslowapplicationperformance.
PreventingCloudSprawlUserself-serviceandconsumptionondemandcanresultinsignificantincreasesinresourceconsumptionoveron-premisesresources.Thiscanbeparticularlytruefortestanddevelopmentenvironments,whichmaybespunupforaparticularpurposeandthenleftrunningaftertheyarenolongerneeded.Theseunusedresourcescanresultinsignificantcosts.
Toprevent“cloudsprawl,”cloudadministratorsshouldconductregularsystemauditstoidentifyresourcesthatarenolongerneeded.Anothereffectivestrategyistosetautomaticexpirationsfornon-
43
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
productionresources.Ifusersknowthatthesystemswillgoawayafterasetperiodoftime,theywillbemoremotivatedtocompletetheirworkontime.
ManagingDataTransferCostsCloudserviceproviderstypicallychargefordatatransferredoutoftheirenvironments.Inbounddatatransfersareoftenfree.Understandingandmanagingdatatransfercostscanhavealargeimpactoncloudusagecharges.Forexample,customerswhorunlargedataanalyticsjobscansaveasignificantamountbytransferringdatasetstothecloudfromon-premisesstoragesystemsbutreturningonlysmallresultsets.Asdescribedin“ManagingConnectivityCosts,”privateconnectivitycanenablethisstrategy.Cloudstoragegatewayscanbeusedasadatainterfacebetweenon-premisesandcloudenvironments.
ManagingStorageVolumesCloudstoragevariesbytype,technology,andperformance.Forexample,SSDstoragetypicallyperformsbetterbutcostsmorethanmagneticstorage.Somecloudserviceprovidersoffertheabilitytorapidlymigratebetweenstoragetypes.Asanexample,withinitsElasticBlockStore(EBS)service,AWSoffersmultipletypesofSSDstorageincludingprovisionedIOPS(io1)andgeneralpurpose(gp2).Theio1typeoffershigherI/Operformanceatahigherprice.Ifthishigherperformanceisneededonlyatcertaintimes(forexample,normalbusinesshoursfromMondaythroughFriday),thestoragecanbeconvertedtogp2off-hoursandconvertedbacktoio1duringbusinesshours.Dependingondatavolumes,thismayresultinworthwhilecostsavings.
4.8.4 SystemTuningCloud’sflexibleconsumptionmodelenablesuserstoadjustusageovertime.Thisabilitytomakedynamicchangesisanimportantelementinmanagingcloudcosts.
BenchmarkingOneofthemostimportantstepsinplanningcloudcapacityisrunningbenchmarktestsforeachworkload.Thisrequirestheuseofatestharnesswithdatavolumeandtypesthatarerepresentativeofactualproductionloads.ForInsuranceSuite,itisimportanttorunbenchmarktestsforeachdeployedapplication.(AppendixAprovidesguidelinesforsizingcharacteristicsbyapplication.)
Benchmarkresultsshouldbeanalyzedforthefollowingcharacteristics:
• Baseload:Howmuchcapacityshouldbekeptavailableatalltimes?Forwebandapplicationtiers,thisinformationisusedtosetthelowerlimitforthenumberofnodesinacluster.
• Peakload:Aswithbaseload,thisinformationisusedtosizeauto-scalinggroupproperties.Inthiscase,peakloadestablishestheupperlimitforclusternodes.
• Performancecharacteristics:Establishapplicationresponsetimesforcommonusagescenarios.Thisisusedforparametertuning,capacityforecasting,andgeneralsizingpurposes.
Itisimportanttorepeatbenchmarktestsperiodicallyasloadpatternsandsoftwareversionschange.Additionally,benchmarktestingshouldbeusedforinstancesizingandperformanceoptimization.Forexample,applicationserverworkloadsmaybemoreefficientwithmore,smallerinstancesratherthanfewer,largerones.Thisshouldbetestedacrossarangeofserversizestodeterminethebestcombinationofperformanceandcostforagivencapacityrequirement.
44
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
MatchingInstanceTypewithWorkloadInatraditionalITenvironment,itiscommontotrytolimitthenumberofdifferentphysicalconfigurations.Thisisdoneforeaseofconfigurationmanagementandsupportability,butitoftenresultsinsystemsthatareover-provisionedfortheirpurpose.Withcloudcomputing,itismucheasierto“right-size”eachinfrastructureelement.Forexample,allocatedcapacityforaserverthatrequiresthreecoresand28GBofmemorywouldlikelyberoundedupconsiderablyinaphysicalenvironment.Evenwithvirtualization,over-provisioningiscommon.Cloudproviders,ontheotherhand,offerawidevarietyofpredefinedinstancetypesandsizes.Thismakesiteasytomatchcapacitytoloadacrossmultipledimensionswithoutover-provisioningorover-subscribing.Thisleadstolesswasteandlowercosts.
Higher-LevelServicesMostpublicIaaSprovidersofferservicesthatgobeyondinfrastructure.Examplesincludemanageddatabases,dataanalytics,messaging,queuing,caching,contentdistribution,andmanymore.Itcanoftenbemoredifficult,timeconsuming,andcostlytomanuallycreatetheseservicesinthecloudusinglower-levelelements.Forexample,manycloudvendorsoffermanagedrelationaldatabaseservices,whichoftenprovideautomatedmanagementofdeployment,replication,failover,backups,patching,andlicensing.
Whenevaluatinghigher-levelservicesforGuidewiredeployments,thefirststepistocheckcompatibilitywiththePlatformSupportMatrix.Assumingtherearenoissues,thenextstepshouldbeaTCOanalysis.Thetotalcostofthehigher-levelservicemaybesignificantlylessthanforado-it-yourselfapproach.
Re-architectingServicesWhenfirstdeployingtothecloud,thereisacommontendencytosimplytranslateon-premisessystemstocloud-basedones.This“likeforlike”approachoftenfailstotakeadvantageofcloud’suniquecapabilities.Disasterrecoveryisoneexample.Manycompaniesrelyonvendor-specifictoolsandtechnologiesfordatareplicationandmaintenanceofDRcapacity.Cloud’sdemand-basedconsumptionmayenablesimpler,lesscostlyalternativesthatavoidthecapitalcostsandoperationalchallengesofbuildingandmanagingDRsystemsanddatacenters.
Anotherexampleofhowcloudcanofferuniquecapabilitiesisserverlesscomputing.ServiceslikeAWSLambdaabstracteventheservercomponent,enablinguserstosimplysubmitcode.Jobsareautomaticallyrunandresultsarereturnedwithoutrequiringuserstoprovisiondiscreetservers.Usageischargedbasedoncodeexecutiontime.Forsomeworkloadsandusecases,thiscanresultinsubstantialcostsavings.
45
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
5 DeploymentApproachesCarefulimplementationplanningandexecutionarevitaltothesuccessfuldeploymentofInsuranceSuite9(IS9).Theimplementationteammustestablishaclearandthoroughexecutionplan,andteammembersmusthavetheexpertise,resources,andsupporttodeliveronthatplan.Whenplanningaclouddeployment,thefirstdecisiontobemadeiswhethertheworkwillbeperformedsolelybytheinternalITorganizationorincollaborationwithapartner.Thissectionweighsthepotentialbenefitsandchallengesofeachapproach.
5.1 Self-DeployinaPublicCloudOrganizationsmaychoosetoself-deployIS9usingacloudserviceprovider(CSP).TeamsplanningaclouddeploymentofIS9needtounderstandcloudopportunitiesandchallengestoensureprojectsuccess.
5.1.1 NeededcloudexpertiseManyclouddeploymentsaretreatedasasimplephysical-to-cloudtranslation.Organizationsthattakethisapproachareusuallydisappointedwiththeresults.Togainthegreatestbenefitsfromclouddeployments,implementersmustdesigntheirdeploymentstotakefulladvantageofcloud’sstrengthswhileavoidingpotentialpitfalls.Infrastructureteamsplanningaclouddeploymentshouldhavein-depthunderstandingofthefollowingareas.
Cloudeconomics:UnliketraditionalIT,whichisbasedoncapitaloutlaysandlong-termcapacityprojections,cloudservicesarebuiltandchargedonaconsumptionbasis.Costsaretieddirectlytousage.Cloudcostmanagementandoptimizationrequirein-depthknowledgeofcloudserviceoptionsandcostpoints.Initsannual“StateoftheCloud”report26,RightScalefoundthatservicecostsvariedapproximately12%amongthreeofthelargestpublicCSPs.Italsoestimatedsavingsfromserviceoptimizationtobeinthe30%–45%range.Inshort,therewasfarmorebenefitfromserviceoptimizationforthecloudthanfromshoppingaroundforthelowest-pricedprovider.
Automaticscaling:On-premisesdeploymentstypicallyinvolveestablishmentofapeakestimatedworkloadandbuildingouttosatisfypeakdemand.Bycontrast,cloudoffersrapidscalability.AsillustratedinFigure1,thismeansthatsystemscanbesizedforminimumdemandandscaledupanddowninresponsetoload.Automaticscalingisthesinglemostimportanttoolforoptimizingcloudconsumptionandcost.
Serverinstancesizing:CSPsofferavarietyofservervirtualmachine(VM)sizes,withdifferentmixesofcompute,memory,storage,andperformance.BecausecloudenablesVMtypestobeeasilychanged,cloudusersshouldtesttheirworkloadsacrossavarietyofinstancetypestofindtheonesthatdeliverthebestmixofpriceandperformance.Forexample,usersshouldtestdifferentapplicationserversizeswithavarietyofJavaVirtualMachine(JVM)sizesandnumbertodeterminewhichconfigurationbestmeetscost,scalability,andperformanceneeds.Thissizingshouldbeperiodicallyrevisitedtodetermineifconditionshavechangedorifnewinstancetypesareavailable.
Storageoptimization:Storageisoneofthelargestcostelementsofapplicationdelivery.Cloudprovidersofferavarietyofstoragetechnologies,fromhigh-performancesolidstatedrive(SSD)block
26Thereportcanbeobtainedathttps://www.rightscale.com/lp/state-of-the-cloud.
46
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
storagetolong-termarchive.CSPsoffermanywaystoautomatedatamanagement.Aswithon-premisesstorage,usersshouldestablishstoragetiersalongwithrulesformovingdatabetweentiers.
Highavailabilityanddisasterrecovery:LargeCSPstypicallyofferservicesinmultiplelocations.Thismayincludebothredundantfacilitieswithinagivengeographicregionaswellasfacilitiesingeographicallydiverseregions.Intra-regionaldiversityenableshigh-availabilityarchitecturesthatprovideresiliencyifaparticularfacilityisbroughtdownforanyreason.Thesedesignstypicallyinvolveactive-activeloadbalancing.Inter-regionaldesignsenabledisasterrecoverywhenaregion-widedisasterimpactsabroaderarea.Thesearetypicallyactive-standbyandrequireeitherautomaticormanualfailoverprocesses.Understandinghowtoemploycloudservicesforhighavailabilityandfordisasterrecoveryisavitalskillsetfororganizationsthatwanttoself-deployenterpriseapplicationstothecloud.
Automation:Cloudinfrastructurecanbeprovisionedandmanagedinanumberofways,includingagraphicaluserinterface(GUI),command-lineinterface(CLI),applicationprogramminginterface(API),andsoftwaredevelopmentkit(SDK).Manyprovidersalsoenableautomationusingtemplatesandthird-partytools.
Useoftheweb-basedcloudmanagementconsolemaybesufficientforsimpleandone-offclouddeployments.Butforautomatedproductionoperations,masteryofaCSP’sapplicationprogrammingAPIsisvital.Thisincludesknowledgeofsyntaxaswellasoperationssuchasprovisioninganddecommissioningservices.Italsorequiresanunderstandingofroles,privileges,trafficmanagement,andauditing.
Connectivitymethods:IfalldataandoperationswillresidewithaCSP,connectivityplanningwillmainlyfocusonclientaccess.However,ifconnectivityisrequiredtoenterprisedatacenters,avarietyofmethodscanbeused.IToperationscanconfigurecommonmethodssuchasIPsecVPNtunnelsbetweenowneddatacentersandcloudnetworks.OrtheycanworkdirectlywithserviceAPIstoqueryandupdateinformation.BecausemostCSPschargefordatatransferoutoftheirenvironments,thecostofdatatransfershouldbeassessedwhenevaluatingconnectivitymethods.
ManyCSPsoffercloudgatewayappliancesforstorageandnetworktraffictoacustomer’sdatacenter.Inaddition,someCSPsofferdedicated,privateconnectivityoptions.Thiswasdescribedthe“KeepingDataOutoftheCloud”sectionofsection4.7.4“DataProtectionandCompliance”andillustratedinFigure16.PrivateconnectivityoffersdirectconnectivitytotheCSP’sinternalnetworkoverhigh-bandwidth,securecircuits.Inaddition,datatransferratesforprivateconnectivityareoftensignificantlylessexpensive.Whenassessingthesuitabilityofprivateconnectivity,itisimportanttounderstandanticipateddatatransfervolumesaswellasnetworklatencyrequirements.
5.1.2 VendorSupportCloudserviceprovidersgenerallyofferdifferentsupporttiers.CompaniesthatwanttodeployservicestothecloudneedtounderstandavailableCSPsupportofferingsandselectthemostappropriatelevelfortheiroperationalrequirements.ITorganizationsshouldalsoassesshowmanyuserswillhaveaccesstosupportservicesandwhatthelevelshouldbe.
5.1.3 Service-LevelAgreementsLargeCSPsoperatestate-of-the-artdatacenterswithhighlevelsofredundancy.Althoughthequalityoffacilitiesexceedsthatofmostcorporatedatacenters,theservice-levelagreement(SLA)offeredbymostCSPsisrarelyhigherthan99.95%.RemediesforfailuretomeetthisSLAarealmostalwaysconfinedtousagerefundsanddoesnotcompensateforbusinesslosses.IfavailabilitybeyondtheCSP’sSLAis
47
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
required,theresponsibilitybelongstothecustomer,whomustarchitectandoperateapplicationsusingthetechniquesandservicespreviouslydescribed.
5.2 WorkingwithaPartnerPartneringwithasystemsintegratormaybethepreferreddeploymentapproachforcompanieswithlimitedcloudexpertiseandforthosethatwantanexperiencedpartnerwithdeepindustryknowledge.Toaidintheselectionprocess,GuidewirehasestablishedtheGuidewireInsuranceCloud™Solutionspartnerprogram.ItauthorizesselectGuidewirePartnerConnect™Consultingpartnerstodelivercloudsolutionsthatcombinethefollowinginhostedenvironments:
• Guidewireproducts(suchasInsuranceSuite)• Thepartner’sowndifferentiatedcontentandservices• Complementarythird-partysystems
PartnersparticipatingintheprogramdeployandmaintainboththeGuidewiresoftwareandthethird-partyproductsthatroundouttheirrespectiveofferings.27
Thefollowingaresomeofthewayspartnersprovidevalue-addedservicestotheircustomers.
5.2.1 IaaSspecializationsIS9iscloudready.Itwasdesignedtobedeployablebothon-premisesandonpubliccloudinfrastructure.Itisalsocloud-agnostic,meaningthatitincorporatesnopreferencefororspecialfeaturesofanyparticularcloudprovider.Asdiscussedinsection3ofthisdocument,therearemanycloudserviceproviders(CSPs),eachwithitsownuniquecapabilitiesandserviceofferings.EachGuidewireimplementationpartnerhasknowledgeofoneormoreCSPs.GuidewirecustomersthatwanttodeployonaparticularCSPshouldlookforapartnerwithstrongdevelopmentandoperationalexperiencewiththatprovider.Ifapartnershipisalreadyestablished,itisimportanttounderstandwhichCSPsthatpartnersupportswhendeployingGuidewiresoftware.
5.2.2 IntegrationsTypicaldeploymentsofcorepropertyandcasualtyapplicationsinvolvemanyintegrationswithsupportingapplicationsandservices.EachGuidewirepartneroffersavarietyofpre-builtintegrations.Whenassessingwhichpartnertoworkwith,customersshouldlookforthebestoverlapwithneededintegrations.Thiscangreatlyreduceimplementationtimeandeffort.
5.2.3 OngoingsupportSystemsintegrationpartnerstypicallyoffermulti-yearoperationsandsupportasaservice.Customersshouldtakecaretounderstandtheavailableoptionsandselectatermthatbestmeetsbusinessneeds.Determinewhatservicesareincluded,includingservice-levelagreement(SLA)commitments.Othertopicstoreviewwithapotentialpartnerinclude:
• Datasovereigntyandlocationrequirements• Businesscontinuityrequirements,includingrecoverytimeobjectives(RTO)andrecoverypoint
objectives(RPO)• Disaster-recoveryneedsandexpectations• Long-termdataarchivingandretention• Responsibilityforpatchingandversionupgrades
27Formoreinformation,gotohttps://www.guidewire.com/partners/insurancecloud-solutions.
48
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
6 Appendix:GuidewireDeploymentInformationTheinformationinthisappendixistakenfromGuidewireinfrastructuresizingdocuments.
6.1 ClassesofEnvironmentsDifferentenvironmentsexperienceverydifferentlevelsofloadontheirinfrastructurecomponents.Itisusefultodescribeseveralclassesofenvironments,whosemembersaretypicallyloadedinasimilarfashion.
• Configurationclass(includesDeveloperlaptopsandworkstations,limited“Sandbox”environmentsfordemonstration,and,startingwithPolicyCenter8.0,ProductDesignerenvironments):Theseenvironmentsareusedtoconfigureanddemonstratetheproduct.Asingleuserconfigurestheproductandthenunit-testsitonasingleserverinstance.ProductDesigner,availablestartingwithPolicyCenter8.0,canbeusedstand-aloneonadeveloperlaptoporworkstation,orasamulti-userservercomponent.
• Functionaltestclass(includesBuild,QualityAssuranceAKAQA,andEndUserTraining):Theseenvironmentsareusedtotesttheproductfunctionally.Buildsarecreatedthatincludeworkfrommultipledevelopers,andfunctionaltestandQAareperformedonthem.Typically,atmostafewusersaccesstheproductconcurrently.
• Conversionclass:Theseenvironmentsareusedtoconvert(ormigrate)productiondatafromanoutgoinglegacysystem.Thereistypicallynosignificantapplicationtierloadintermsofuserrequests(theconcurrentusercountisminimal).However,theloadonthedatabaseandstoragetiers,duetothepotentiallylargevolumesofdatatobereadandwritten,canbesignificant.Thisincludesconversiontestandsmall-scaleproductiondatamigrationenvironments.Large-scaleconversionenvironmentsarenotsizedgenerically.
• Non-productionclass(includesPre-productionAKAPre-prod,UserAcceptanceTestingAKAUAT,andSystemIntegrationTestingAKASIT):Theseenvironmentssupportlessseverenon-productionloads,buttheytypicallyhavedistributedarchitecturesthatresemble(butaresmallerthan)Production-classenvironments.Pre-productionistypicallyusedtotestproductionchangesandfixesbeforedeployment,oftenagainstProduction-classdatainapre-productiondatabase.Therefore,insomecasespre-prodmaybeusedmoreasaProduction-classenvironment.
• Productionclass(includesProductionAKAProd,DisasterRecoveryAKADR,andPerformanceTestingAKAPerfTest):Theseenvironmentsmustsupportmaximumloadandarethereforesizedtomeettheloadsexpectedwhilemaintaininggoodonlineresponseandbatchcompletiontimes.
• Production-userclass(enduserworkstations):Typicalendusersaccesstheapplicationthroughawebbrowser.SomeminimumrequirementssupporttheGuidewireuserinterface(WebUI)withacceptableperformance.
49
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
6.2 EnvironmentdeploymenttimelineAtypicaltimelinefortheestablishmentofthevariousenvironmentsduringanimplementationproject:
1. EndofInception:LocalDeveloperConfiguration(AKADevelopment)environments,Build,QA,SIT,Conversion(AKAMigration,ifinscope)
2. EndofDevelopment(beginningofTestingphase/sprints):Environmentsin(1)stillinuse;addUAT
3. EndofTesting(beginningofPilot/Production):Environmentsin(1)and(2)stillinuse;addPerformanceTesting,Pre-Prod,Prod,andDisasterRecovery
6.3 GuidewireApplicationsandComponents6.3.1 CoreProductsClaimCenter(CC)providesclaimsmanagementfunctionality.PolicyCenter(PC)isusedforunderwritingand(typically)asthepolicysystemofrecord(SOR).BillingCenter(BC)providesautomatedbilling.Collectively,CC,PC,andBCarereferredtoasthecoreproducts.
ContactManager(CM)maybeusedasacontactrepositoryorforCustomerDataManagement(CDM)withoneormoreofthecoreproducts.ItismosttypicallyusedforvendordatawithCC.
GuidewirecoreapplicationsaretypicalJavaEEwebapplicationsandcanbeinstalledandusedwith,ataminimum,anapplicationservertier,adatabasetier,andastoragetier.Insomeenvironments(intheNon-productionandProductionclasses),itisalsocommontointegrateGuidewireapplicationswithexternalsystems.
Animplementation/licensingarrangementincludingCC,PC,BC,andCMisreferredtoasInsuranceSuite(IS).
6.3.2 DataProductsDataHub(DH),InfoCenter(IC),andBusinessIntelligenceforInsuranceSuite(BIIS)arereferredtoastheDataManagement(DMgtorDM)products.Animplementation/licensingarrangementincludingDHandIC,andusedwithonlyGuidewiresourcedata,isreferredtoasBusinessIntelligenceforInsuranceSuite(BIIS).
DHprovidesETLfromGuidewirecoreapplication(orotherexternal)datasourcesintoanOperationalDataStore(ODS)usingSAPBusinessObjectsDataServices(SAPBODS).AnSAPBODSnodeisastand-alone(non-Java)process.ICandBIISuseIBMCognosBusinessIntelligence(CognosReportingorCognos)toprovidereportsfromanenterprisedatawarehouse(EDW).CognosisaJavaEEwebapplicationandrequiresafront-enddispatchcomponent—typicallyawebserversuchasApache.
CognosLoadBalancingThereisadependencybetweenGuidewirecoreapplicationsandCognos,asGuidewiremustprovideameansforauthenticatingdifferentCognosusers.Thisistypicallydonebyhavingthecoreapprunanembedded(withinthesameJVMprocess)LDAPserverprovidingforCognosauthentication.AlthoughsuchLDAPservicesmayrunonmultipleGuidewirecoreproductnodes,thecallsintothem(fromCognos)cannotbeloadbalancedinthesamemanner(asthecoreproducts).ThisisbecausetheCognospluginconfigurationusesafixedlocationfortheGuidewireLDAPservice;thereisnomeansforCognosnodestodeterminetheavailableGuidewireclustermembers.Suchloadbalancing(oftheembedded
50
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
LDAPservice)canbeprovidedinsteadbyastaticcontentwebserver,althoughafront-endloadbalancingdevicecouldbeusedinstead.
6.3.3 DigitalPortalsProductsQuoteandBuyPortal(QBP),AccountManagementPortal(AMP),andClaimPortal(CP)arereferredtoasthePortalsproducts.
• QBPislicensedasQuoteandBuyPortalforPolicyholdersandinteractswithPC.• AMPislicensedasAccountManagementPortalforPolicyholdersandinteractswithCC,PC,and
BC.• CPislicensedasClaimPortalforPolicyholders,ClaimPortalforAgents,andClaimPortalfor
Vendors;allinteractwithCC.• GPAislicensedasGatewayPortalforAgentsandinteractswithCC,PC,andBC.
Portalproductsconsistofstaticcontent(HTML,JavaScript,etc.)downloadedfromastaticcontentwebserversuchasApacheorIIS.TheJavaScriptprovidesforclientaccessintotherelatedcoreproducts.AnadditionalAuthorizationservice,whichrunsasastand-aloneJavaprocessservice,canbeusedtolimittheaccess(oftheJavaScript-basedstatelessclientrequests)tospecificsetsofclaimorpolicydata.AuthorizationistypicallyusedwithAMP,CP,andGPA;itcanbeusedwithQBPtoallowclientstoreturntoaquoteinprogress.Authorizationnodesrunasstand-aloneJavaprocesses.
6.3.4 OtherComponentDetailsClientAccessandtheWebTierGuidewireapplicationsareaccessedbyusersthroughawebbrowser.Typically,requestsareload-balancedusingoneormorefront-endhardwaredevices,whichforwardintotheapplicationservertier.Insomeenvironments,customersmayrunanadditionalwebservertiertoprovideforstaticcontentcachingandcompression.Thiswebtiermayalsohandleloadbalancingacrosstheapplicationservertier.
GuidewireStudioAdevelopmentIDEcalledStudioisusedbyconfigurationdeveloperstoadaptGuidewireapplicationstocustomers’functionalrequirements.Studioisastand-aloneapplicationthatneedsnoexternaldatabase;laterversionsofGuidewirecoreproductsusetheIntelliJIDEwithStudioplugins.Studioisrunbyasingleuserandconsequentlyhaswell-definedCPUandmemoryrequirements.
SolrSearchSolrsearchprovidesforafaster,non-databasemeansofperformingcommonusersearchfunctionsfromthecoreapplications,suchasclaim,policy,andaccountsearch.WithSolr,textfielddataistypicallyread(asXMLdocuments)fromoneormoreGuidewireproductdatabases,orpropagatedviaGuidewiremessaging.TheXMLisindexedbytheSolrnodes,andsearchesfromthecoreappscanberoutedtotheminsteadofhandledasdatabasequeries.SolrnodesareJavaEEwebapplicationsandtypicallyruninthesametypeofapplicationserverasthecorrespondingcoreapplications(butinaseparateJVMprocess).
51
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
SolrHAandZooKeeper:InGuidewireenvironmentsneedingSolrsearchwithhighavailability(typicallyProductionclass),aminimumofthree(separate)ZooKeeperJVMprocessesshouldbeusedtokeeptrackoftheSolrnodeconfigurationsandavailability.ZooKeeperisnotpackagedwiththeGuidewirecoreproductsandshouldberunusingaseparatedistribution.ForproductionimplementationswithZooKeeper,customersshoulddownloadasupportedreleaseofZooKeeperfromApacheathttp://zookeeper.apache.org/releases.html.ZooKeepernodesrunasstand-aloneJavaprocesses.
PCHigh-VolumeQuotingInstanceSomecustomerschoosetodeployaseparatePolicyCenterimplementationtohandlehigh-volumequote(HVQ)requests.SuchrequestsaretypicallyfromQuoteAggregatorwebsitesthatquerymultipleinsurersforcomparativequotes.Thisquote-onlyPCimplementationisalsoreferredtoasPolicyCenterAggregator(PCAgg).Toimprovethroughput,PCAggquotesarenotusuallypersisted(asordinaryentities).
6.4 NodeTypesAnoderepresentsasinglepointofservice,suchasanetwork-connectedwebapplication,databaseschema,orJavaprocess.Guidewireapplicationssupporthorizontalscaling,usingapplicationnodeclustering.Nodescanbeclassifieddependingontheworktheyareintendedtoperform,thetypeofservicerequeststheyreceive,andrestrictionsimposedbyGuidewireclustering.
ItisimportanttounderstandthattheconfigurationofallGuidewireapplicationnodeswithinthesameGuidewireclustermustbeidentical,andthatanysuchnodeisthereforecapableofdoinganysortofwork.Differentnodetypesaredistinguishedbythetypesofworktheyperform.
Thecommonnodetypesdescribedininfrastructureestimatesare:
• Online:Receiveswebbrowser(user)requests,aswellasotherrequestsforservicefromexternalsystems,suchaswebservicecalls.Thesenodesshouldbeincludedinloadbalancing.Anynumberofsuchnodesmayruninthesamecluster.
o InGuidewireversion9(andlater)products,multipleserverrolescanbeassignedtoanynode.Typically,mostnodeswillbegiventherolesforWebUIandWebservice(see“ServerRoles”).Theresultisthatthesenodeshaveworkloadslike(pre-version9)onlinenodes.
• Batch:Dedicatedtorunningall“singleton”services,includingdistributedworkwritersandcustombatchprocesses,aswellassendingmessages.AlsoperformsspecialfunctionssuchasDatabaseUpgrade.Thesenodesshouldnotbeincludedinloadbalancing,andthereforedonotreceiveuserorexternalrequestsforservice.Atmostonebatchnodecanruninthesamecluster,andsuchanodeisnormallyalwaysrunning.
o InGuidewireversion9(andlater)products,multipleserverrolescanbeassignedtoanynode.Typically,oneorafewnodeswillbegiventherolesforBatch,Workqueue,
52
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
Scheduler,Messaging,andStartable(see“ServerRoles”).Theresultisthatthesenodeshaveworkloadslike(pre-version9)batchnodes.
• Reporting:Reporting(Cognos)nodesareofthesametype,andthereisnoconceptofabatchnodeforthisapplication.CognosnodesrunonJavaapplicationserverprocessesandareaccessedviaHTTPcommunications,sotheycanbeincludedinloadbalancingifdesired.
• Dataservices:InfoCenter(IC)andDataHub(DH),alongwithBusinessIntelligenceforInsuranceSuite(BI),aretypicallyrunbyasingleSAPJobServerBusinessObjectsDataServices(BODS)node,whichinteractswithoneormoredatabases.Thereisnoconceptofabatchnodeforthisapplication,anditisnotaJavaprocess.TheresourcesforBODSareincludedintheapplicationservertierforconvenience,sincetheproductinteractswiththedatabasetier.
• Solr:Lucene-basedSolrsearchnodesareusedforindexingandsearchingtextdata.EachSolrnodeisanapplicationserverprocesshostingindividualwebapps—oneforeachGuidewireproductthatusesSolrsearch.Solrnodesareofthesametype,andthereisnoconceptofabatchnodeforthisapplication.ThesenodesdonottakepartintheGuidewireclusterbutaretypicallylocatedwithinthesameinfrastructure.Theydonotusuallyreceivedirectrequestsfromexternalusersorsystems,sotheydonotneedtobeincludedinloadbalancing.
• ZooKeeper:TheseJVMprocessesareusedtokeeptrackofSolrnodelocationsandavailability.ThereisnoconceptofaZooKeeperbatchnode,anditisnotanapplicationserverprocess.ZooKeepersdonottakepartintheGuidewireclusterbutaretypicallylocatedwithinthesameinfrastructure.Theydonotusuallyreceivedirectrequestsfromexternalusersorsystems,sotheydonotneedtobeincludedinloadbalancing.
• Database:Asingledatabaseschema.Astand-alonedatabaseserverinstance(databaseserverprocess)ormultipleprocessesinamulti-instancecluster(suchasOracleRAC)hostoneormoreschemas.Thistypeissometimesreferredtoasa“schemanode.”Fromaprocessperspective,adatabaseserverprocessmaysometimesbedescribedasanode,sincetheothernodetypesaremostlyone-to-onewiththeirhostingprocess.
• Generalwebservice:ForwardsrequestsforthecoreGuidewireapplicationsorCognosReporting,typicallytoprovidereverseproxyandloadbalancing.ThesenodesareservedbywebserverprocessesandareaccessedviaHTTPcommunications,sotheycanbeincludedinloadbalancingfromahardwareloadbalancerifdesired.
• Portal:PortalnodesareservedbywebserverprocessesandareaccessedviaHTTPcommunications,sotheycanbeincludedinloadbalancingifdesired.
• Portalauthorization:TheseareprovidedbyJVMprocessesandareusedforauthorizationofauthenticatedportalrequests,astheseareforwardedintothecoreapplications.Thereisnoconceptofanauthorizationbatchnode,anditisnotanapplicationserverprocess.AuthorizersdonottakepartintheGuidewireclusterbutaretypicallylocatedwithinthesameinfrastructure.Theydonotusuallyreceivedirectrequestsfromexternalusersorsystems,sotheydonotneedtobeincludedinloadbalancing.
6.4.1 AlternateNodeTypesInadditiontothecommonnodetypes,variantsthatcanbeconvenienttodescribeincludethefollowing:
• UI(WebUI)node:Atypeofonlinenode.Insomecases,customersmaywanttofurtherdifferentiateonlinenodesandloadbalanceaccordingly.Forexample,therecouldbesomenodesdedicatedtouserrequestsonly,onaURL,andadifferentsetofnodesonadifferentURLthatreceiveallwebservicecalls.Whenthisisdone,nodesthatreceiveonlyuserrequestcalls
53
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
arereferredtoasUInodes.Asonlinenodes,theyshouldbeincludedinwhateverloadbalancingisusedforuserrequests,andanynumberofsuchnodesmayruninthesamecluster.
o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforWebUI.
• Webservicenode:Atypeofonlinenode.AswithUInodes,customersmaywanttofurtherdifferentiateonlinenodes,andloadbalanceaccordingly.Nodesthatreceiveonlywebservicecallsarereferredtoaswebservicenodes.Asonlinenodes,theyshouldbeincludedinwhateverloadbalancingisusedforwebservicecalls,andanynumberofsuchnodesmayruninthesamecluster.
o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforwebservice.
• Integrationnode:Likeawebservicenode,andatypeofonlinenode.Aswiththeprecedingnodes,customersmaywanttofurtherdifferentiateonlinenodesandloadbalanceaccordingly.Nodesthatonlycommunicatetoorfromexternalsystems(thismayormaynotbeviawebservicecalls)arereferredtoasintegrationnodes.Asonlinenodes,theyshouldbeincludedinwhateverloadbalancingisusedfortheintegrationcalls,andanynumberofsuchnodesmayruninthesamecluster.
o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforStartableiftheintegrationusesaninboundcalltoastartableplugin.
• Portalservicenode:Atypeofonlinenode.Liketheabove,customersmaywanttodedicateapplicationnodesforprocessingPortalrequests.Theseworkloadsresultinsimilarloadsasforonlineuserrequests.Suchnodesreceiveexternalrequests,sotheyshouldbeincludedinloadbalancing.Anynumberofsuchnodescanruninthesamecluster.
• DistributedWorker(DW)node:Atypeofonlinenode.Liketheabove,customersmaywanttodedicatenodesforprocessingdistributedwork(thatis,torundistributedworkers).Thesedistributedworkloadsresultinsimilarloadsasforbatchprocessing.Suchnodesdonotreceiveexternalrequests,sotheyshouldnotbeincludedinloadbalancing.Anynumberofsuchnodesmayruninthesamecluster.
o InGuidewireversion9(andlater)products,suchanodeisgiventheroleforWorkqueue.
• Online/batchnode:Atypeofbatchnodetypicallyseeninlow-loadenvironments(suchasConfigurationornon-prod),inlow-loadprodenvironments(suchasContactManagerforacustomerwithasmalleramountofcontacts),andinprodenvironmentshavinglittlebatchworkload(suchasPolicyCenterAggregator).Thistypeisabatchnodewhichalsoreceivesexternalrequests.Itiscommonforanonline/batchnodeinanon-prodenvironmenttobetheonlynodeinitscluster,inwhichcasetherewouldalsoeffectivelybenoloadbalancing.
o InGuidewireversion9(andlater)products,suchanodemaybegivenallroles:WebUI,Webservice,Batch,Workqueue,Scheduler,Messaging,andStartable.
• Conversionnode:Atypeofonlinenode.Insomecases,customersmaywanttorunanodeornodesdedicatedtolegacydataconversion.Suchnodesoftenrunforonlyalimitedperiod(untiltheconversioniscompleted)andarethenretired.Suchanodetypicallydoesnotreceiveonlinerequests,soitisnotincludedinloadbalancing.Anynumberofsuchnodesmayruninthesamecluster
54
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
6.5 ServerRoles(version9andlatercoreproducts)Guidewireversion9coreproductsintroducedserverroles.ThisfeatureprovidestheflexibilityforanynodeinaGuidewireclustertoperformanyofseveralfunctions.Notethatsomeofthesefunctionsaresingleton(mustoccurinonelocationonly),suchasorderedmessagingforaspecificdestinationneedingtooccurononlyonenodeatatime.Generally,failoverforsuchsingletonserviceshappensautomatically,assumingthatanothernodehavingtheappropriateroleisavailable.Otherservicescanrunsimultaneouslyonmultiplenodeshavingtheappropriaterole.Notethatallassignablerolesmustbedefinedintheconfigurationregistryelement,andthatindividualservers(nodes)mayhavemultipleroles.Environments(envparameter)maybeusedtogrouptherolesofmultiplenodeswhichbelongtothesameenvironment.
Theserverrolesusedininfrastructureestimatesare:
• Batch:Batchprocessingisdistributedacrossallserverinstancesintheclusterthathavethebatchrole.Batchprocessesmaybestartedbyanodehavingtheschedulerrole.Suchbatchprocessesarecategorizedasexclusiveandnon-exclusive:o Exclusivebatchprocessesrunonexactlyoneclustermember(havingthebatchrole)ata
time.o Non-exclusivebatchprocessesrunexactlyoncewhenstarted.However,itispossibleto
startnon-exclusivebatchprocessesmultipletimes(beforeanearlierprocesscompletes).Thisallowsanon-exclusivebatchprocesstoberunconcurrentlyonmultiplenodeshavingthebatchrole.
Onceabatchprocessisstartedonanode,ifthatnodefails,thenthebatchprocesswillbemarkedasfailedandcanbererunonadifferentnodeatthenextscheduledtime.
• Messaging:Messageprocessingisdistributedacrossallserverinstancesthathavethemessagingrole.Eachmessagedestinationisassignedtoaspecificnodeatstartup.Ifthatnodegoesdown,anothernodewillautomaticallybegintoprocessitsmessagingdestinations.
• scheduler:Typically,onlyasmallnumberofclusternodeshavetheschedulerrole.Thesenodesrunmultiplesynchronizedinstancesoftheschedulerfunctioninparallel.Intheeventofonenodefailure,otherschedulernodescancontinueprocessing,sincetheyaresynchronized.
• startable:CertainservicesmaybeimplementedassingletonStartableplugins.ThesepluginsimplementtheIStartablePlugininterfaceanddonotcarrytheDistributedannotationontheirimplementation.Asingleinstanceofanon-distributedpluginrunsonanodehavingthestartablerole.Ifthenode(onwhichasingletonstartablepluginisrunning)fails,itwillbestartedonanothernodebytheclusterleasemanagers.Guidewiredefinesanadditionaltypeofclustersingletonplugins,knownasinboundintegrations,intheinbound-integration-config.xmlfile.
Otherstartablepluginscanbedistributed(havethe@Distributedannotation).Thesemayrunonanynodeinthecluster(eitherhavingthestartableroleornot),withoneinstancepernode.
Ifyouhavemultiplenodesthatarerunningthesamedistributedstartables,youmusttrackthepluginstatescarefully.Guidewirerecommendssavingthestarted/stoppedstateintheproductdatabase.Thishandlesedgecases,suchasanodejoiningtheclusterlateafterothernodeshavestarted.Afteryoucommitsuchstatechangestothedatabase,notificationofthestatechangetoothernodeshappensautomatically.
55
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
• workqueue:Workqueuesaredistributedacrossallnodeshavingtheworkqueuerole.Bydefault,eachworkqueuerunsasingleworkeroneachworkqueuenode,unlessconfiguredotherwise.
• ui:Webrequests(typicallyfromanenduserbrowser),suchasthosethatrenderorupdatewebpages(andwhichmayperformbusinesstransactionsalongtheway),canbedistributedtoanynodehavingtheuirole.Theassumptionisthatonceausersessionisbegunonanode,allfurtherrequestsbelongingtoitaredirectedthere.Userinterfacenodestypicallyoperateinconjunctionwitha(non-Guidewire)loadbalancerthatmanagesthenecessarydispatchandsessionaffinity.
• webservice:AlthoughthereisnoOOBserverrolehavingthisname,anodehavingnorolesiseffectivelyabletoprocessonlywebservicerequests(forwebservicespublishedbytheGuidewireGosuWSIframework).Althoughallnodescanprocesssuchrequests,regardlessoftheirrole(s),aloadbalancercanbeusedtorestrictsendingsuchrequeststoadefinedgroupof“webservice”nodes.
InadditiontothefixedsetofOOBroles,additionalroles(genericallydescribedas"custom"here)maybedefined.
• custom:Acustomrolecanbedefinedintheconfigurationregistryelementandassignedtospecificnodes.Anyuniquenamecanbeusedforacustomrole.ThisprovidesawayofgroupingnodeswithsimilarfunctionstogetheroutsideoftheOOBroles.
Notethataleaserepresentstherightforanodetoperformsomefunctionforaperiod.WithinaGuidewireapplicationcluster,aleasespecificallyrepresentsoneofthefollowing:
• Asinglerunofabatchprocess• Controlofasinglemessagedestination• Controlofasinglestartableplugin,ifitisasingle-instance(nondistributed)startable
EachnodeintheGuidewireclusterhasaleasemanagerforeachleasetype.However,somefunctionalitiesrequireanodehavingaspecificserverrole.Forexample,onlyanodewiththemessagingrolecanacquireandmanagealeaseforamessagedestination.
6.5.1 CloudDeploymentandServerRolesForclouddeployments,asuggestedapproachistohaveseparatescalinggroupsforeachsetoffunctionsthatmayneedtoscaleupordownatdifferentrates.Forexample,ifbatch-typenodesaregroupedtogetherinoneautoscalinggroupandonline-typenodesaregroupedinanother,thenseparateenvironmentscouldbeusedforeach,asfollows:
<registry roles="batch, scheduler, workqueue, messaging, startable, ui">
<server env="sqlserver" serverid="node0" roles="batch, workqueue, scheduler, messaging, startable"/>
<server env="sqlserver" serverid="node1" roles="ui"/>
<server env="sqlserver" serverid="node2" roles="batch, workqueue, scheduler, messaging, startable"/>
<server env="sqlserver" serverid="node3" roles="ui"/>
<server env="oracle" serverid="node0" roles="batch, workqueue, scheduler, messaging, startable"/>
56
WHITEPAPER:GUIDEWIREINSURANCESUITE9CLOUDDEPLOYMENTCONSIDERATIONS
<server env="oracle" serverid="node1" roles="ui"/>
<server env="oracle" serverid="node2" roles="batch, workqueue, scheduler, messaging, startable"/>
<server env="oracle" serverid="node3" roles="ui"/>
</registry>
Thisenablesthelaunchingofnewnodesfromacommon.warfile(asrequiredbyGuidewireclustering),butusingseparatemachineinstanceswhichdefinetheirenvironmentsdifferently—asonlineenvorbatchenv.Whenthebatch-typenodesneedscalingup,theylaunchabatch-typemachineinstancewithbatchenvastheenvparam.Similarly,theonline-typenodeswouldscaleupfromtheirmachineimageandbedirectedtheappropriateWebUIrequestsfromascalinggroup-awareloadbalancer(forexample,anAWSELB).
6.6 ProcessorCapacityEffectsGuidewiresystemresponsetimesarepartiallylinkedtotheprocessorchosen;thosewiththefastestcoresgenerallyprovidethebestperformance.Customersshouldnotethatalowerperformingprocessor/corecanresultinalargerhardwarerequirementandpotentiallylongerresponsetimes.
6.7 EnvironmentDescriptions6.7.1 SimilarityAcrossProduction-ClassEnvironmentsGuidewireassumesthatProduction-classenvironments(includingProduction,DisasterRecovery,andPerformancetesting)areeffectivelyidenticalintermsoftheirhardwarerequirements.Thisisbasedonthefollowingunderstanding:
• TheDisasterRecoveryenvironmentneedstosupportthesameproductsandusersastheProductionenvironment,atafullProductionload.
• ThePerformanceTestingenvironmentneedstosupportfullproductionloadduringtests.
Customerscandecidetoconsolidatetheseenvironmentsandreducethecorrespondingcosts.Forexample,acustomercanusetheDisasterRecovery(DR)environmenttoalsosupportPerformanceTesting.ThiscanbedonebecausetheDRenvironmentnormallyrequiresonlyminimalresourcesonthedatabaseservertiertoprocessreplicateddatachangesfromtheprimary(Production)site.SotheDRenvironmentremainsunderutilizedandcanbemadeoccasionallyavailableforotheractivities,suchasperformancetests.
AboutGuidewireGuidewiredeliversthesoftwarethatPropertyandCasualty(P&C)insurersneedtoadaptandsucceedinatimeofrapidindustrychange.Wecombinethreeelements–coreoperations,dataandanalytics,anddigitalengagement–intoatechnologyplatformthatenhancesinsurers’abilitytoengageandempowertheircustomersandemployees.Morethan260P&CinsurersaroundtheworldhaveselectedGuidewire.Formoreinformation,pleasevisitwww.guidewire.comandfollowusontwitter:@Guidewire_PandC.
©2017GuidewireSoftware,Inc.Allrightsreserved.Guidewire,GuidewireSoftware,GuidewireClaimCenter,GuidewirePolicyCenter,GuidewireBillingCenter,GuidewireInsuranceSuite,GuidewireLive,GuidewirePredictiveAnalytics,Adaptandsucceed,andtheGuidewirelogoaretrademarksorregisteredtrademarksofGuidewireSoftware,Inc.intheUnitedStatesand/orothercountries.20170327
Top Related