* Terabytes (TB) *Virtual private network (VPN) *Platform as a service (Paas) *Software as a service (Saas) IBM SmartCloud Enterprise offers many features and functions to give you a flexible cloud infrastructure. The images on the left are screen captures of portions of the offering marketing site and web portal, and highlights a “View demo” function. The “View demo” graphic is a link to a demo pop-up. The site and additional offering information can be found using the links at the bottom left. The list on the right summarizes the elements of the offering: There are nine 32- and 64-bit configuration options that allow you to pick the virtual machine (VM) instance sizes that best fit your needs. These can be configured with either a Linux operating system (Red Hat or Novell SUSE provided by IBM, or a Linux image customer provides) or Microsoft Windows Server 2003 or 2008 (import of Windows images is not supported at this time). IBM has tested that the image import capability works with Red Hat and Novell SUSE operating systems. Import of images with other operating systems may work, but is not supported. There are dozens of preconfigured and tested software images that you can use as the basis for building and saving customized private images to suit your needs. Private images can be shared by users within an account. Users can import their own images with software they own or for which they hold valid licenses. These images can be constructed using integrated tools that build images from operating systems and software bundles. These tools also let users import images built for a VMware environment into the cloud. With the persistent storage option, you can order and dynamically attach and detach up to 3 extra blocks of persistent storage to use with a virtual machine instance for longer term storage of content. Blocks are available in 8 sizes (from 60Gb to 10 TB), either in pre-configured (ext3 for Linux) or raw. The object storage internet file system provides a folder structure that is accessible using simple Web APIs (POST and GET).It is optimized for securely storing and sharing large files such as media files, backups and other unstructured content. The offering provides the option to setup a virtual private network (VPN) environment in each data center that lets you isolate instances on private virtual LANs (VLANs) and access them either via VPN tunnels from your in-house environments or via a Internet firewall in the cloud. In addition, servers can be configured with up to four IP addresses, which enables you to build resilient configurations that build on fallback strategies using virtual IP addressing. The two US sites are in Raleigh North Carolina and Boulder Colorado, the Canadian site is in Toronto, the German site is in Ehningen and the Japanese site is in Makuhari. IBM standard and add-on support services consist of: Standard services: Technical support for all services—available through the web portal and by checking the online cloud service forum pages after login Around-the-clock monitoring and management of the IBM cloud infrastructure, including: Extensive security measures for the IBM SmartCloud Enterprise infrastructure to govern access to and use of our services Scheduled maintenance for the IBM SmartCloud delivery centers and base infrastructure to maintain our services Fee-based add-on services: Remote on-boarding support to help account managers and end users learn how to navigate and use the self-service web portal Premium support: around-the-clock telephone support with a web-based service request ticketing system Advanced Premium support: Advanced Premium Support extends Premium Support with customer severity-level driven response times and a service level agreement with credits if response times aren't met. Add-on operating system assistance on top of premium support for Linux as well as Microsoft Windows Server. From a payment perspective, the standard features are available on a pay-as-you-go model. (For details, please see the latest Charges Schedule) Virtual servers, selected software images, persistent and object storage, virtual private network environments and static IP addresses are charged for by the hour. Persistent storage charges include charges for storage blocks as well as for storing private images. Use of certain software images require a prepaid license. Operating system charges are included in the virtual server per hour charge. A reduced charge rate applies for virtual servers running a customer provided operating system. IBM provides network bandwidth for inbound and outbound data transfers between the IBM SmartCloud delivery centers and the Internet for you to access and use the services. IBM tracks and measures the amount of data transferred. Data transfer is charged for on a GB-transferred basis. Data transfer charges are currently (December 5 2011) waived. See the latest charges schedule. Virtual private network environments carry a one time setup or change charge in addition to the per hour charge, per data center. Reserved capacity packages consist of pools of server resources from which customers can provision as required. They carry a monthly charge but also offer preferred (discounted) rates on the virtual servers provisioned. If the pool is utilized more than approximately 70 percent, then a reserved capacity package is economically attractive. Please use the Monthly Cost Estimator on the IBM SmartCloud Enterprise site to estimate the total charges. Premium support is charged for as a 5 percent uplift on other service charges, charged for monthly, excluding pay-as-you-go software charges. Monthly minimum charge is US$75 in the US (price current as of December 5 2011). Advanced Premium support is charged for as a 10 percent uplift on other service charges, charged for monthly, excluding pay-as-you-go software charges. Monthly minimum charge is US$1,000 (price current as of December 5 2011). Add-on operating support is charged for as a fixed per hour uplift on instance hourly charges. The uplift varies by operating system and instance size.
This chart shows you how quickly you can set up your virtualized server environment using IBM SmartCloud Enterprise. The normal provisioning flow has three steps once the user has logged into the IBM SmartCloud Enterprise portal and selected the Instances tab on the control panel: The user selects a data center location and an image for the required server from an image catalog, either a ‘public’ catalog of IBM-standard images, a ‘shared’ catalog of images the account manages or a private user catalog. The user selects the virtual machine configuration, network connectivity, security keys and storage required for the server, based on the user’s needs The user accepts the “Terms and Conditions” and thereby orders the provisioning of the server instance. The status of the order can be viewed in the control panel. After a few minutes, typically 6-7 minutes for a small Linux server and two to three times longer for a large Windows server, the server is ready for use. Per hour charges start when the server is ready for use (becomes ‘Active’). Once the server instance has been provided, the user can access, customize and use the server as if it was located in an in-house data center. Once the user has customized the instance as required (for example by having installed an application and configuring it), the user can save the customized version of the instance as a private image for future reuse, if desired. When the server is no longer needed, the user de-provisions the instance, stopping charges for the use of the server. Most of the functions can also be accomplished using the built-in application programming interfaces (APIs). The graphic on the slide shows the three steps required to set up and deploy a service with IBM SmartCloud Enterprise. It consists of three screen shots from the portal, the first one showing where you select an image, the second showing where to configure it and the third indicating that the application is provisioned. Above the third box is a picture of a hand holding a stopwatch, indicating the three steps can be accomplished quickly.
**Central processing unit (CPUs) **Redundant array of independent disks (RAID) **Gigabyte (GB) **Terabyte (TB) **ext3 is ‘third extended file system’, a file system that is commonly used by the Linux kernel The table illustrates the virtual machine instance types, storage and other options available with IBM SmartCloud Enterprise. Notes: The storage provided with an instance is divided up into a root segment (with 60 gigabytes) plus additional segments with the amount shown. Users may choose to provision an instance with just the root segment to shorten provisioning time. Virtual machine instance storage is erased when an instance is de-provisioned (deleted). Blocks of persistent storage and object storage should be used for storing data for longer periods. Persistent and object storage are both RAID protected, but instance storage is not. Although images can be built on one virtual machine configuration and migrated to a configuration of a different size, images have a limited set of virtual machines types and sizes they support. While small Linux virtual machines (Copper and Bronze) generally provision in approximately eight minutes or less, larger instances take longer, depending on storage size and operating system chosen.
The offering includes a set of images that may be used as a starting point for building the server configurations you require. These images consist of operating system images (Linux, either SUSE or RedHat, and Windows Server 2003 and 2008) with or without additional preinstalled IBM and third-party software. IBM software includes software products from IBM Lotus ® , IBM WebSphere ® , IBM Information Management, IBM Tivoli ® and IBM Rational ® . IBM software is available under several licensing options, including bringing your own license for software you already hold a valid license for and paying for use by the hour. It also includes software from a number of IBM Business Partners such as Alphinat, Aviarc, BeyondTrust, CohesiveFT, Corent, Grid Robotics, Kaavo, NetEnrich, OpenCrowd, Pragma Systems, Servoy, SugarCRM and Zeus. A software bundle is software that is installed and/or configured in a running instance of an image. The bundle includes installation files, configuration files, a parameter specification, and a description of prerequisites that the bundle requires. With a library of software bundles and a library of fixed images, you can compose a custom image with multiple software bundles. For image providers, software bundles can also reduce operational costs and the management challenge of providing and maintaining every possible combination of their base images preinstalled with multiple software bundles. You can provide your own software bundles that can be installed on multiple images. IBM offers flexibility regarding software licensing , as follows: Bring your own license: Clients who own a software license for the specified software can use the preinstalled software on the cloud at no additional charge. Charges for running this software amount to the charges for running the selected virtual server configuration with a standalone operating system. Pay by the hour: Clients who do not own a software license can use preinstalled software for a per instance per-hour usage charge. Charges for running this software amount to the charges for running the selected virtual server configuration with a standalone operating system plus a per hour software charge. Bring your own software and license: Clients who own the software and associated license for the required software can use their own software to build and save their own private images in IBM SmartCloud Enterprise. Charges for running this software amount to the charges for running the selected virtual server configuration with a standalone operating system. Clients who may want to test pre-releases of software may do so by choosing one of the available pre-release images. Pre-release images may only be used for test and other nonproductive use. Pre-release images are available at no charge and may be withdrawn without notice. When they have been withdrawn, customers must stop using them and any images derived from them. Charges for running pre-release software amount to the charges for running the selected virtual server configuration with a standalone operating system. Independent software vendor developers can use “development use only” ( DUO ) software in IBM SmartCloud Enterprise for development, test, proof of concept and sales demo , at no charge. DUO images are only available to an independent software vendor (ISV) or system integrator (SI) whose core business is solely the delivery of commercially available, network-delivered applications or software as a service (SaaS) applications for end users in the marketplace. Charges for running this software amount to the charges for running the selected virtual server configuration with a standalone operating system. For a current list of IBM middleware images and the configurations supported, please visit the IBM SmartCloud Enterprise website at: http://www.ibm.com/smartcloud/solutions/enterprise Note, all images have been built to fit a limited range of virtual machine sizes and types, licening options and operating systems. For example, a particular IBM DB2® image may have been built to run on 32-bit configurations with SUSE Linux and is available on ”bring your own license” terms. That DB2 software may not be available under Red Hat Enterprise Linux (RHEL) or on 64-bit configurations.
* Intrusion prevention system and intrusion detection system (IPS and IDS) * Virtual machines (VMs) * Virtual private network (VPN) * Virtual local area network (VLAN) * Application programming interfaces (APIs) This chart provides greater detail on the topic of security. IBM SmartCloud Enterprise was designed with enterprise security as a top priority using the IBM Security Framework. With IBM SmartCloud Enterprise, security-rich access is provided through the Internet (IPS and IDS, SSH and Hypertext Transfer Protocol Secure [https] and web identity) to a management infrastructure, and content is delivered in compliance with IBM's security standards. Access to the infrastructure self-service portal and APIs is restricted to users with an IBM web identity. The infrastructure complies with IBM security policies, including regular security scans and controlled administrative actions and operations. Client data and virtual machines remain in in the data centers where customer ask to have them provisioned. Physical security of the data centers is the same as that for IBM’s own internal data centers. Regarding certifications: IBM is seeking SSAE16(ISAE 3402) and ISO27001 certification for IBM SmartCloud Enterprise and hopes to have these completed by mid 2012. The vast majority of standards are highly specific to a particular product, material, or process, and generally require an extended auditable period of operation or availability before certification can occur. For data services such as IBM SmartCloud Enterprise, standards can, for example, apply to operational characteristics such as helpdesk and incident reporting, change management, and disaster recovery and business continuity. IBM SmartCloud Enterprise has been available since May 2010 and therefore now (December 2011) has a sufficient period of operation to base certifications on. The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) has issued a Statements on Standards for Attestation Engagements (SSAE) effective mid 2011, naming the standard Reporting on Controls at a Service Organization, referred to as No. 16 (SSAE 16) . This statement moves the guidance for Service Auditors from SAS 70 to SSAE 16 . IBM SmartCloud Enterprise is seeking SSAE 16 certification. Until the IBM SmartCloud Enterprise product itself may be certified, the certifications that apply are IBM corporate level certifications and certifications for the data centers that house the IBM SmartCloud Enterprise service. The certification body and the characteristics audited for each of the data centers vary according to local or regional requirements. Please enquire about particular data centers of interest. The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from some 140 countries. IBM meets ISO certifications through normal IBM practices and processes. IBM has obtained Corporate certifications for ISO 9001 (quality management system), ISO 14001 (environmental system) and OHSAS 18001 (occupational health and safety) standards, and some Business unit certifications for ISO 20000 (IT services management), ISO 27001 (information security management system), IS0 13485 (medical devices), ISO/TS 16949 (automotive) and ESD s20.20 (electrostatic discharge) standards. For more details, see here: http://www-935.ibm.com/services/us/en/it-services/iso-management-system-certifications.html General security guidance: IBM suggests customers build on these built-in security features by: Setting up IP filter or firewall rules where available (such as iptables in Linux) Turning off unused services Using SSH security where possible Keeping running instances and private images up-to-date with the latest patches The graphic on the slide provides a high-level overview of the flow of data that takes place between a client environment and IBM’s SmartCloud® data centers. The top of the graphic contains a picture of a PC monitor and server, with a line leading downwards to an image depicting the client’s firewall and then to a cloud (IBM cloud services). From there, a line flows further downwards through another firewall (IBM’s) and an image depicting IBM’s unique security and authentication model and then leading to IBM SmartCloud data centers, which contain guest virtual machines and data.
This list of features highlights the features and functions planned for release in December for 2011 and the early part of 2012.. These plans are subject to change without notice. Notes: Import, copying and cloning of images is initially only supported for RHEL and SLES Linux. The plan is to add similar Windows capabilities later. Legal terms and restrictions with respect to licensing apply (see updated Agreement and Services Description). Cloning allows easy migration of an image from one data center to another. Image and workload tooling includes CohesiveFT ’Elastic Server’ and IBM ICCT (a.k.a. ICON) and IWD. These greatly expands the software and application pattern choices available to customers. Dynamic attach and detach of storage requires an upgrade of the data center hypervisors. Therefore, this functionality will be made available one data center at a time starting after the end-of-year freeze, i.e. this functionality will not become generally available globally before late 1Q2012. The object storage option is an IBM deployment of Nirvanix ’Internet file system’. It will not become generally available before January 31, 2012. Initially, it will be delivered from sites in the US and Germany. VPNs and VLANs will be separately orderable. Each site can have multiple private VLANs per customer. Monthly billing details is a downloadable comma separate file with a row for each resource provisioned or service ordered, including timestamps and the IBM ID of the user who provisioned it. Customers can use these files to generate very detailed customized usage reports and to drive a cloud usage ’chargeback’ function within their own organizations. Storage resilience and performance primarily refers to an upgrade of the SONAS storage system and is expected to provide noticeable performance improvements, particularly with respect to persistent storage access. This upgrade will be rolled out one delivery center at a time starting early 2012. Bundles are software and configuration files that can be added to an image during the provisioning process. Bundles can be as large as a whole software product (e.g. IBM WebSphere ® ) or as small as a few configuration parameters. Bundles have been a part of SCE for about 6 months, but have required manual setup and use of APIs. They will now be supported by the image tooling (which can configure an image from the existing images in SCE by ’drag-and-drop’ of bundles). In addition we expect to see software vendors, starting with IBM Software Group, provide their software in the form of bundles in addition to or instead of images. Using bundles provides much more flexibility and potential savings compared to having just images (e.g. it is now easy to build an image with both WebSphere and DB2, which until now required two images). We will be making SCE available in Latin America (LA). However, we will not initially deploy a delivery center in LA. Customers should expect to see more delivery center locations in 2012, but time and location for these deployments have not yet been decided. The new release of SCE will unveil the ability of ’Services Instances’ in the SCE portal which will evolve over time. Image management tooling will likely, over time, be among these new services. The Application Services (PaaS) offering will appear in the portal later in 2012 and use this capability to develop an expanding portfolio of platform services consisting of Application Resources (e.g. Database as a service), Workload services (e.g. Deployment pattern tooling like IWD as a service), Application lifecycle services (e.g. preconfigured and managed Rational environments), and Integration services (e.g. an integration hub service). SAP services are primarily targeted at the SCE+ environment, but will offer SAP dev/test on SCE.
API: Application programming interface OVF stands for Open Virtualization Format. OVF is the DMTF standard format for specifying ‘software appliances’, i.e. virtualized configurations. Image construction tools in IBM SmartCloud Enterprise take image management to the next level. These tools help users deploy customized images by automating image life-cycle processes starting with the selection of software bundles and a base operating system and ending with a running instance of the image. In addition, an image construction tool can provide a level of workload portability by letting you build and manage images and whole configurations that can be deployed to multiple environments, including on different hypervisors (for example, on both KVM and VMware). This allows you to move workloads between clouds and virtualized in-house environments. The cloud APIs include calls to import, copy and clone images (initially only available for Linux). ’Import’ takes a ready-to-use image stored on persistent storage and loads it into a private image catalog, making it available for provisioning. ’Copy’ takes a copy of an image in an image catalog and places it on persistent storage. ’Clone image’ takes an image from an image catalog and make a clone of it with a new name and description. In addition, users can clone a persistent storage block which enables them to clone an image from one data center to another, by Copying the image to a persistent storage block, Cloning that storage block to a new block in another data center, and Importing the image from the new block to the local private image catalog. Legal and licensing restrictions apply to importing and copying images. Customers may use the copy and clone APIs to make copies of Private images in the customer's private asset catalogs and to remove customer provided images and bundles from the cloud. Nothing else. Importing of images and software requires the customer to have appropriate license for that software. For details, please see The IBM SmartCloud Enterprise Agreement and Services Description. IBM SmartCloud Enterprise provides access to two image construction tools, t he Elastic Server tool from CohesiveFT and the ICCT tool from IBM, both of which can help you build or extend images using software bundles. These tools offer similar function: Elastic Server is a seasoned image management offering with a large library of open source and other software that can be bundled with a selection of operating systems. It manages the entire image life cycle process from selecting a software base for a workload to deploying the completed image in an IBM SmartCloud Enterprise instance. In addition, the tool can import a VMware image and produce a KVM image for use with IBM SmartCloud Enterprise. The IBM Image Construction and Composition Tool ( ICCT ), or ICON as it is often called, is a new IBM open standards compliant tool that enhances the efficiency of virtual image life cycle management by facilitating creation of software bundles and building virtual machines images directly in the IBM SmartCloud Enterprise cloud. It has been integrated into the cloud so it draws directly on the IBM SmartCloud Enterprise image and software bundle catalogs. So what is the relative positioning of these tools with respect to IBM SmartCloud Enterprise ? Elastic Server brings a catalog of software bundles and operating systems that supplement the IBM SmartCloud Enterprise catalogs. IBM ICCT does not. IBM ICCT has been tightly integrated into the IBM SmartCloud Enterprise catalogs and operates within the user’s account. Elastic Server is a separate tool on a separate IBM SmartCloud Enterprise account. IBM ICCT uses OVF standardized virtualized asset specifications. Elastic Server can work with OVF, but offers the flexibility to targeting non-OVF environments. Elastic Server is available as a service for a subscription fee (beyond guest use). IBM ICCT is a no-charge image in IBM SmartCloud Enterprise with standard instance and storage usage charges. IBM ICCT is a new tool with limited support. Elastic Server has an established customer base and support infrastructure.
Application programming interfaces (API) Cloud network attached storage (Cloud NAS) IBM SmartCloud Enterprise has integrated cloud storage technology from Nirvanix to provide a cloud storage solution designed to support millions of users, billions of objects and exabytes of data. . Clients can upload a file of any size from anywhere in the world and access it anywhere—as opposed to forcing customers to upload the same file multiple times in multiple geographic regions and imposing strict file size limitations. This is designed to provide customers with continuous access to data at multiple, redundant locations for optimal performance and business continuity. This storage capability is ideally suited for unstructured data such as documents, spreadsheets, PowerPoint presentations, health records, images, audio and video files, and email and text messages, as well as for storing objects in which data, metadata and index are all encapsulated as one blob. To help provide prompt access to unstructured data and objects, each node within the storage service knows what is stored in its neighboring nodes, essentially performing as a massive, cross-connected grid. The graphic on the right consists of a cloud overlaid with a file folder structure and illustrations of different types of content that could be stored in the folders. Below the graphic is an illustration of the commands necessary to store and access the files over the internet. “HTTP POST to upload and HTTP GET to download” are the two commands needed to store, respectively retrieve files. “http://downloads.MyCompany.com/Application/Useraccount/Folder/Filename” is an illustration of the type of URL users can use to up- or download files using a simple link on a website.
*LDAP – Lightweight Directory Access Protocol, is distributed directory information services over an Internet Protocol. *VPN – virtual private network *VLAN – virtual local area network The graphic on the right illustrates a cloud virtual private network (VPN) environment alongside the (default) shared VLAN which is addressable from the Internet. There are servers provisioned on the shared as well as on private VLANs: One server is connected to both the shared VLAN, and a private VLAN and is acting as a firewall. The left side has a picture of users of the cloud servers accessing those servers through a virtual private network (VPN) gateway. New orders and changes to VPN environments (VPNEs) are ordered using the Additional Services Order form: Customer may order one VPNE per site VPNEs include a minimum of 1 and a maximum of 5 VPN tunnels. Purchase of at least one private VLAN is required for each VPNE. Instances on different private VLANs associated with a VPN can address (‘see’) each other. Customer may order and have a maximum of 5 private VLANs per site (associated with a VPNE or standalone). There is a one time change fee per change request per site. The request may include multiple modifications, additions or deletions to be executed at one time. Changes include the following, when executed by IBM at customer request. Modifications to the VPNE, VPN tunnel(s), or VLAN(s) Addition or removal of VPN tunnel(s) Addition or removal of VLAN(s) from a VPNE There is no charge for deleting an entire VPNE, including associated VLANs, or deleting a standalone private VLAN.