Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Pulling Back the Cloud Curtain

446 views

Published on

An overview of multiple public, private, hybrid cloud options, including Amazon Web Services (AWS), Google Compute, Vmware vCloud Air, Azure, as well as CSP/MSP based private clouds. We take common use-cases, such as disaster recovery and compare each option. We'll also talk about network fabrics, direct network connectivity, ownership, management, compliance, and accountability.

Published in: Technology
  • Be the first to comment

Pulling Back the Cloud Curtain

  1. 1. 1 Pulling Back the Cloud Curtain Sagi Brody, CTO" @webairsagi" sagi@webair.com
  2. 2. 2 What’s Behind the Curtain ?? " • Cloud" • Storage" • Colocation" • Disaster Recovery" • Network Options" • Virtualized Meet-me-Rooms • Accountability / Ownership" • Compliance" • People" • Operations" • Security" • Cost What about…Technology Mix and Match!! (Hybrid)
  3. 3. 3 Who is this guy?
  4. 4. 4 Who are you?
  5. 5. 5 Webair? Founded: 1996" Headquarters: New York, NY" Services Offered: Public, Private & Hybrid Cloud, Dedicated Servers, Colocation, CDN, Security, DRaaS, Full Stack Ownership" " Customers: Enterprise, Healthcare, eCommerce, SaaS, SMB, IT, Arts" " The Webair Value: ! ➢ Over 18 years providing customers with best-in-class Managed Hosting solutions " ➢ High-touch Support" ➢ Full ownership of our customer’s infrastructure stack so they can focus on their core business. (not a commercial, I promise!!)
  6. 6. 6 Not Black & White • No single ‘best’ solution" • Match platforms to applications" • Match technology to environment" • So many options available, you CAN have the best of both worlds
  7. 7. 7 Use Case Examples 1) Existing on-premises infrastructure is out of capacity or in need or refresh" 2) Existing colocated infrastructure is out of capacity or stakeholders want to reduce operational responsibilities" 3) Disaster Recovery solution is required for either of the above" 4) Agile Networking via Network Fabrics" 5) Web Application Stacks - Where & How?
  8. 8. 8 Definitions & Platforms - Public Cloud Infrastructure as a Service (Public Cloud)! • AWS, Google Compute, vCloud Air, Azure, etc.." • DIY Infrastructure platform" • Abstracted Compute / Storage" • Pay-per-Use" • Built for automated scalability " • Typically non-HA, software built to withstand loss of instances (non-perpetual use)" • PaaS Services " • Database, NoSQL" • AD / Office365" • Software Development Platforms
  9. 9. 9 Definitions & Platforms - Public Cloud Public Cloud?! • Refers to IaaS providers" • Refers MSPs/CSPs" • Can be part of larger managed solution" • Can have more HA built into single instance " " (for perpetual use VMs) " • Can be DIY or fully managed, or both" • Offered via many different types of companies:" • Traditional Hosters" • Colocation looking to bolt on managed" • IT solution providers, VARs, MSPs
  10. 10. 10 Definitions & Platforms - Private Cloud • Virtual Private Cloud (VPC)! • (Dedicated) Private Cloud! • Hypervisor as a Service (HVaaS)
  11. 11. 11 Definitions & Platforms - Private Cloud Virtual Private Cloud (VPC)! • Shared compute, storage, networking resources" • Typically no physical segmentation/diversity from others " • ‘Private’ can refer to dedicated resources" • Typically same or similar infrastructure as physical " • Resource pool + Provisioning portal " • AWS - Simplifies logical networking" "
  12. 12. 12 Definitions & Platforms - Dedicated Private Cloud Dedicated Private Cloud ! • Physical segmentation" • Dedicated hypervisors" • Options for dedicated storage & networking" • Direct access to management (vCenenter access)" • Highly customizable" • Can be isolated from Internet " • Network options" • Can refer to on-prem clusters
  13. 13. 13 Definitions & Platforms - Private Cloud Hypervisor as a service (HVaaS)! • Dedicated physical hypervisors to join customer’s existing infrastructure" • Easy way to start towards building a Private Cloud" • Must be mindful of versioning" • Typically comes with storage
  14. 14. 14 Definitions & Platforms - Cloud Storage Cloud Storage & Storage as a Service! • Object storage! • APIs" • Drivers to file" • FS agnostic" • Example: S3 " • File storage! • NFS / CFS" • FS specific" • Use case - file/backup/large storage" • Block storage! • SAN" • Platform specific offerings (NetApp as a Service?)
  15. 15. 15 Definitions & Platforms • Hybrid Cloud - Any combination of cloud services, colocation, public cloud, on-prem, very open ended." • Colocation - Customer equipment @ Provider data center" • MSP/CSP:" • Provides Managed Cloud, Data center, Network solutions" • Can Manage 3rd party clouds " • Customized Solutions" • Not same scale as large IaaS" "
  16. 16. 16 Assumptions • Existing on-premises ‘enterprise-like’ infrastructure(s): Vmware, HyperV, Xen, SANs, NAS" • Legacy systems" • Some use of cloud today for applications (Email?)" • Web facing requirements" • Overwhelming operational and security requirements" • Non cookie-cutter environments
  17. 17. 17 Extending On-premises Infrastructure Scenario:! • Existing virtualized infrastructure on premises. " • Additional capacity is required to meet workload demands." • Existing equipment going EOL" • Lack of operational resources" • Looking for alternative cost model to meet capacity needs" • Looking to shift security/compliance responsibilities" " Solutions:! • Extend existing infrastructure (buy more gear)" • Use IaaS" • Use CSP for public, private cloud, or HVaaS
  18. 18. 18 Extending On-premises Infrastructure: Extend Existing Solution: Extend existing infrastructure (buy more gear)! " • No change in technology" • No additional training" • Use existing interfaces/systems" • Low-Latency" • Secure (just as much as before)" • No networking/Internet requirements" • No data transfer fees" • Data stays in house Pros
  19. 19. 19 Extending On-premises Infrastructure: Extend Existing Solution: Extend existing infrastructure (buy more gear)! " • No shift in operational accountability" • No shift in security and compliance accountability" • Inflexible cost structure (CapEx outlay or lease)" • Time and resources required to add capacity" • May come at inconvenient time" • May force other infrastructure investments " (switches out of ports?)" • May delay other projects (Dependency chain) Cons
  20. 20. 20 Extending On-premises Infrastructure: IaaS Solution: IaaS Providers (AWS, vCA, Azure, GC)! " • Flexible Cost Structure - Pay only for what you use" • No perpetual license fees" • Instantly Scalable" • Shifts infrastructure operations and management responsibilities ! • Partial ability to manage infrastructure from existing interfaces " • (vCenter, Hyper-V)" • Better Internet facing network capacity" Pros
  21. 21. 21 Extending On-premises Infrastructure: IaaS Solution: IaaS Providers (AWS, vCA, Azure, GC)! " • New technology stack to learn/train/manage/own" • Only partial shift in operational, security, and compliance responsibilities - Who is configuring it? " • Data transfer costs" • Latency?" • Network dependency" • Ability to pull data out?" • Expensive for perpetual usage" • How to replicate to DR? Cons
  22. 22. 22 Extending On-premises Infrastructure: IaaS
  23. 23. 23 Extending On-premises Infrastructure: CSP Private Cloud Solution: CSP Private Cloud! " • Shifts operational, infrastructure, security, and compliance responsibilities (Fully Managed)" • Ability to manage infrastructure from existing interfaces (vCenter, Hyper-V)" • OpEx model + scalability" • Customizable resources (storage, networking)" • Customizable hardware, versions, configurations" • Can Completely segment infrastructure from Internet Pros
  24. 24. 24 Extending On-premises Infrastructure: CSP Private Cloud Solution: CSP Private Cloud! " • May require contract/commitment" • Not same scale as IaaS" • Requires Internet/Network connectivity" • Latency may still be a factor" • Must trust provider and understand exactly what’s included in service (don’t assume)" • Careful when using IT vendors, VARs, web designers who are providing as ancillary service Cons
  25. 25. 25 Extending On-premises Infrastructure: CSP Private Cloud What else can you do with the link..?
  26. 26. 26 Extending On-premises Infrastructure: CSP Private Cloud
  27. 27. 27 Extending On-premises Infrastructure: Network Why Connect Direct?! • IaaS providers charge less for data in/out over direct connections" • IaaS providers provide network SLAs, but may require redundant links" • Consistent performance & QoS" • Lower Latency" • Secure & Private" • Tie into existing networks (MPLS, VPLS)" • Other services available via same link (more later..)
  28. 28. 28 Extending Colocation using Cloud Scenario:! • Existing virtualized infrastructure at colocation facility" • Additional capacity is required to meet workload demands." • Existing equipment going EOL" • Lack of operational resources" • Looking for alternative cost model to meet capacity needs" • Looking to shift security/compliance responsibilities" " Solutions:! • Extend existing infrastructure (buy more gear)" • Use IaaS" • Use CSP for public, private cloud, or HVaaS
  29. 29. 29 Extending Colocation using Cloud
  30. 30. 30 Extending Colocation using Cloud • Relinquish operational, security, and management control for individual layers slowly and when it makes sense." • Allows you to move to cloud resources at your own pace" • Allows for mix/match physical/cloud based on used case" • Cloud ‘Behind the firewall’, mix-match IPs between colo/cloud" • Connected via physical cross connects: Secure, Private, Fast" • Available quickly as needed" • Use for short term projects (storage firmware upgrades??)
  31. 31. 31 Disaster Recovery as a Service: Goals • SLA based RPO (Recovery Point Objective)" • SLA based RTO (Recovery Time Objective)" • Application Consistency across VMs" • Applications available to same networks/Internet same as production" • Automated run-books (servers, scripts, network) and fail-back" • Ability to test in fenced environment" • Compliance reporting" • Clearly defined accountability/ownership for service" • Quarterly testing with successful results"
  32. 32. 32 Disaster Recovery as a Service: Challenges Production environments are complex. DRaaS must match.
  33. 33. 33 Disaster Recovery as a Service: Solutions VM Based Replication Solutions" • Site to Site software:! • Veeam Software (snapshot based)" • Zerto Software (synchronous)" • EMC RecoverPoint" • Vmware - VDP" • HyperV SRV + Replication" • To Consider! • Overhead of setup, configuration, and management" • Ownership of solution" • Hardware + Site requirements
  34. 34. 34 Disaster Recovery as a Service: Solutions VM Based Replication Solutions" • IaaS Based! • HyperV - Azure Site Recovery" • Vmware - vCloud Air Disaster Recovery" • To Consider! • No hardware required (OpEx instead of CapEx)" • Overhead of setup, configuration, and management" • Ownership of solution" • Testing & Failback testing" • Latency" • Compliance
  35. 35. 35 Disaster Recovery as a Service: Solutions • VM Replication (IaaS, Zerto, Veeam) only gets you 80% there" • SAN<->SAN Repl. may be required for direct iSCSI mounts" • Some apps better off replicated in app (Exchange DAS, SQL clusters) - Requires always on VMs" • Internet facing apps - BGP swing or automated DNS change required" • Internal network with MPLS, VPLS or SD-WAN, same at DR" • Legacy platforms on internal networks require physical at same location (AS400)" • Firewalls & Security duplication
  36. 36. 36 Disaster Recovery as a Service: Solutions CSP Based Solution:
  37. 37. 37 Network Fabrics • SDN Matured." • One physical link for a multitude of use-cases." • Consolidate transport/transit/VPN" • Immediate provisioning." • Reduced Cost - No more per cross connect fees" • SLA/QoS" • Physical PoPs are being virtualized.
  38. 38. 38 Network Fabrics
  39. 39. 39 Network Fabrics
  40. 40. 40 Network Ecosystem
  41. 41. 41 What runs on top of all that infrastructure?
  42. 42. 42 What runs on top of all that infrastructure? • Example: Web Facing Applications" • Common use case for ARTS community (Ticketing & scheduling)" • Connects to on-prem/off-prem sites/services and 3rd parties" • Sites must be scalable and able to deal with ‘viral’ spikes" • Security considerations:! • Storing PII and CC #s, PCI is a MUST" • Application (layer7) attacks/hacks" • DDoS attacks" • Threat Monitoring/Mitigation
  43. 43. 43 Web Application Stack: Security Layers Application Server(s) Load Balancers/Proxies Firewall Network 3rd Party Scrubbing 3rd Party CDN/Proxies
  44. 44. 44 Web Application Stack: Security Solutions FW & Cache plugins Memcache, Fail2ban, sysctl HAProxy + keepalived, nginx, csync MikroTik, PaloAlto, Juniper External Threat Monitoring, FlowSpec Network Taps , Analysis, Automated BGP swing Redirects to CDN in App or via HTTP rewrite Application Server Load Balancers Firewall Network Scrubbing CDN/Proxies
  45. 45. 45 Web Application Stack: The right Infrastructure Are you prepared to take full ownership and accountability for:! • Managing and Monitoring servers 24/7 (disk fills at 4AM?)" • Ensuring Server’s OS’s, configurations, applications are all update to date and secure" • Managing scale manually or auto-scaling via APIs/code" • Ensuring applications are properly configured for scale" • Responsible for ensuring all layers/VMs are configured with proper compliance requirements (PCI-DSS, HIPAA, other)" • Managing edge firewalls/network devices" • Backups & DR solutions are properly configured, and working
  46. 46. 46 Web Application Stack: The right Infrastructure • If Yes -> IaaS is by far the best technical solution " • Check costs when considering perpetual usage" • If No -> " • Use an MSP who is already built on top of an IaaS provider and is willing to own what you don’t want to." • Use a CSP which can do the same and possibly provide more flexibility." Bottom Line: Figure out what you want your internal IT and external providers to be accountable/responsible for. Align solution to that + technology compatibility and flexibility.
  47. 47. 47 Web Application Stack: The right Infrastructure • Is your configuration so complex that you will strongly benefit from tight integrations with IaaS/APIs?" • Very common @ scale and when huge temporary spikes are common" • Quick starting point" Or! • Would you rather have internal IT resources focused on adding value in other areas such as adding features to products/services?" • If yes - Look for Full Stack Ownership
  48. 48. 48 Full Stack Ownership - Platform Independent
  49. 49. 49 Full Stack Ownership - Platform Independent • Provider owns entire stack. " • Responsible to ensure components work properly and more important work well together as a group." • Onus is on them to prove application problem." • Accountable/Responsible to ensure all security and compliance requirements." • Signs BAAs around entire stack or parts" • Single point of accountable/contact/ownership
  50. 50. 50 Full Stack Ownership - Platform Independent Who is ensuring: ! • PCI Compliant Architecture" • Proper Security configuration (Firewalls, VPNs, Services configs, OS patches/updates)" • Performance & Scalability" • Backups & DR" • Database management & tuning" • Application performance tuning
  51. 51. 51 Full Stack Ownership - Platform Independent • OnPrem - You" • IaaS - You" • MSP built on top of IaaS - Them! • CSP - Them!
  52. 52. 52 Beware of Shiny Object Syndrome
  53. 53. 53 The Human Factor: Partnership and Trust • If you’re looking for any sort of non-DIY solution/platform, or to relinquish accountability & management: " You’re looking for a partner.! " • The team behind the technology is just as important as the technology itself." • Is the partner a solution provider? Are they aligned with your best interests?" • Do they care about your account? " • Do you like working with them? " • Do you trust them with your business?" • When there are challenges?" " Who do you call?" " Will they come through?
  54. 54. 54 THANK YOU! Sagi Brody, CTO! @WebairSagi! sagi@webair.com

×