Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. IaaS IaaS Introduction Dr. Kenny Huang Chair, Mind Extension Inc. Executive Council, APNIC Board, TWNIC huangksh@gmail.com
  2. 2. Agenda• Introduction• Virtualisation• Delivery Model• Deployment Model• Business & Finance• Research• Policy 2
  3. 3. Driving Force• IDC projection – Annual growth rate 21.6% – $11Billion 2009 – $30 Billion 2014• Benefits – Cut cost – Share resources• Technological evolution 3
  4. 4. 4
  5. 5. 5
  6. 6. 6
  7. 7. Benefits Recap• No upfront costs• Market more quickly• No servers to manage• Automatic software updates• Easily scalable• Global growth and integration• Enhance agility 7
  8. 8. IaaS Virtualisation
  9. 9. From Virtualisation to Cloud 9
  10. 10. 10
  11. 11. 11
  12. 12. 12
  13. 13. 13
  14. 14. 14
  15. 15. 15
  16. 16. 16
  17. 17. 17
  18. 18. 18
  19. 19. 19
  20. 20. 20
  21. 21. 21
  22. 22. 22
  23. 23. 23
  24. 24. 24
  25. 25. IaaS Delivery Model
  26. 26. 26
  27. 27. 27
  28. 28. 28
  29. 29. 29
  30. 30. 30
  31. 31. 31
  32. 32. 32
  33. 33. 33
  34. 34. 34
  35. 35. 35
  36. 36. 36
  37. 37. 37
  38. 38. 38
  39. 39. 39
  40. 40. 40
  41. 41. 41
  42. 42. 42
  43. 43. 43
  44. 44. 44
  45. 45. 45
  46. 46. IaaS IaaS Deployment Model
  47. 47. IT Services Deployment Model• Self service model – “immediate” satisfaction• Guaranteed service attributes (SLA)• Scalability• Billing for actual services/resources consumed• Supported by high levels of automation• Based on a highly virtualized infrastructure 47
  48. 48. Iaas Benefits• Benefits for consumers – Dramatic improvements in “time to market” – Automating backend billing brings a new cost conscious awareness – Ability to use OpEx for short term needs• Benefits for IT – Recognition of IT as a competitive service supplier – Now you can say “yes” and here’s what it would cost – High levels of automation provide savings – Consolidation provides savings – Turn on/off OpEx provides savings 48
  49. 49. The Journey to the Cloud• Transition – So how do you transition an IT operation from 7x24 crisis with a backlog of incidents and service requests a mile long to this smoothly functioning Cloud machine• Foundation – The foundational answer has been around for some years – It is called the service provider model (SPM, ref. ITIL)• Rationale – Instead of managing 5000 servers running 5000 apps, the server provider model transitions the management effort to some 5+/- tiers of service with service level guaranteed – Managing 5 entities is doable, but it’s difficult to manage 5000 entities 49
  50. 50. What is the Service Provider Model• Service Level Agreements – A service focus separates the “what” from the “how” of service delivery – A service level agreement between IT and users of technology providers a pragmatic basis for alignment of IT capabilities with business objectives• Standard service offerings – Standard services and technical architecture – A stratification of service offerings allows different service level requirements to be satisfied at appropriate cost levels• Mature policy and procedure – Management practices are the processes, policies, and organizational model used to deliver services – As process mature, they become repeatable, documented, measured and finally have continuous review for improvement• Cost model and key performance metrics – External and internal metrics define the progress of the service model – A complete cost models is critical to understanding the true cost of service delivery 50
  51. 51. IT Maturity Model Understanding and Training and Process and Practice Techniques and Compliance Expertise Awareness Communication Automation1 Recognition Sporadic Ad hoc approach to communication on process and practice issues2 Awareness Communication on the Similar but intuitive Common tools are Inconsistent overall issue and needs process emerges appearing monitoring on isolated issues3 Understanding of Informal training Practices are defined, Tool set is standardized; Inconsistent Involvement of IT need to act supports individual standardized and currently available monitoring; specialists in initiatives documented; sharing of practices are used and measurement business processes better practices begins enforced emerges; balanced score card adopted; root cause analysis is intuitive4 Understand full Formal training Process ownership and Mature techniques are Balanced scorecard Involvement of all requirements supports a managed responsibilities are set; used; standard tools are are used in some areas; internal domain program process is sound and enforced; limited tactical root cause analysis is experts complete; internal best use of technology standardized practices are applied5 Advanced. Forward- Training and Best external practices Sophisticated techniques Balanced scorecard is Use of external looking communications are applied are deployed; extensive globally applied; root experts and industry understanding support external best optimized use of cause analysis is leaders for guidance practices and use technology always applied leading edge concepts 51
  52. 52. 7 step plan to build IaaS• 1 build a service catalog• 2 create a service level agreement• 3 Build key performance indicator capabilities• 4 inventory infrastructure components• 5 Implement billing per consumable resource• 6 rationalize the infrastructure• 7 automate provisioning and de-provioning 52
  53. 53. Step 1 –Create a Service Catalog• Key points – 3 to 5 service tiers based on consumer facing attributes – Tier differentiation will be based on performance and recoverability attributes – Cost differentials will be driven by configured consumable to meet service attributes 53
  54. 54. Key takeaways – Create a Service Catalog• Key Takeaways – Performance, scalability and protection attributes are what consumers care about – Only IT cares about technology specifications and configuration – Typically tier cost differentials approximate 50% – “Right tiering” drives additional savings 54
  55. 55. Step 2 – Build a Service Level Agreement• Key points – SLA guarantees service attribute delivery – A written guarantee changes the whole IT/consumer dynamic – The service level agreement should include • The information on both parties • Each party’s responsibilities • Mutual responsibilities • Escalation and remediation clauses 55
  56. 56. Step 3 – Build KPI Capabilities• Key points – What is happening right now – Who is using what – What is available – Consumption patterns, trends and forecasts – Alerts and escalations• Key Takeaways – If you don’t know what’s happening you will always be surprised • Monitor and alert IT’s service delivery capability • Monitor and alert the supply/demand situation 56
  57. 57. Step 3 – Build KPI Capabilities (2)• Key points – Metrics separate Fact from opinion • What is server demand for storage? – Interfaces/APIs are needed • Performance of specific hardware or software components • Resource allocation, availability, consumption and resource release • Resource performance to SLA attributes• Key takeaways – Metrics justify your recommendations – Trended metrics are the first step to continuous improvement 57
  58. 58. Step 4 – Inventory your Infrastructure• Key points – Mission critical to know exactly • What is on the floor • What is running on it • What its connected to • What its dependent on• Key takeaways – Change and release management is key to a stable environment – Without CMDB, changes will only generate more incidents and outage 58
  59. 59. Step 5 – Implement Back End Billing• Key Points – Visibility is more important than charge back – Cost model provides cost of the deployable unit – Cost model includes • Hardware and software costs • Software licensing • Hardware and software maintenance • Facility, power and cooling • Administration• Key takeaways – Basis for cost justification and ROI – Speak with CFO in the same language – Visibility to cost impacts resource usage 59
  60. 60. Step 6 – Rationalize the Infrastructure (virtualization)• Key points – Not all resources can be automatically provisioned – Big box unix will require some IT manual effort – The obvious target today is the virtualized x86 platform – Storage has been virtualized since the early NAS• Key takeaways – Virtualization is key to automated provisioning – Automated provisioning needs automated de- provisioning 60
  61. 61. Step 7 – Automate Provisioning• Key points – Consumers want rapid self-provisioning (time to market) • Provisioning is the most important step from the end consumer viewpoint • It should be like buying something on the web from a catalog • Key provisioning functions allow consumers to – Search the catalog – Selection the service – Receive and accept a price – Have immediately availability to the resource – Track usage vs. allocation 61
  62. 62. Step 7 – Automate Provisioning• Key takeaways – Make a list of provisioning features and functions – Identify the platforms and APIs your allocations will need – Use this list of requirements to compare vendors – Mature organization may consider self- development using APIs to native functionality• Note – A number of hardware vendors are developing released front end web based platforms that provide the end consumer with IT provisioning 62
  63. 63. Summary• Hard parts – Front end provisioning, backend invoicing, and virtualization of your x86 platform• Easy parts – Building the disciplines and the services to provide a priced service catalog, service level agreements, key performance indicators, and mature processes• Outcomes – Move from managing 5000 entities to managing 5 tiers of service – A disciplined framework where you know what you’ve got and metrics to manage it 63
  64. 64. Conclusion• Internal IaaS is doable• Much of the work is IT best practice• Rationalization is the most challenging• Auto provisioning is least mature• Next steps – Build the SPM – Classify your applications – Plan the migration – execute 64
  65. 65. IaaS Business and Finance
  66. 66. Recap Benefits of Cloud Computing• Subscription-based• Reduce maintenance cost• Increased reliability• Portability• Efficient use of computing resources 66
  67. 67. Principle of Finance Contribution Fixed-CostsSales Sales BEP P&L=Contribution – Fixed-costs Sales 67
  68. 68. Quick BEP ExerciseA BC D 68
  69. 69. Build IaaS over Infrastructure Option 1 Bargain Power Option2 Build your own infra 69
  70. 70. Google Practice Owned Submarine Cable/ CapacityReduce CapEx by eliminatingCost of Power Gen & UPS 70
  71. 71. Valuation Talks $171B $100B $20B $13B $12B $3B$1.2B $1.2M B/L $6M Series A 71
  72. 72. Buzzword Evolving2000 ASP2006 SaaS2007 PaaS2011 Social computing 72
  73. 73. Business Model Evolving: Freemium ModelOffering one level of software for free, andthen charging a premium for additional features“if you adopt a freemium business model, your marketing cost is the free users" COGS=75%= $400B revenue 73
  74. 74. The Journey to Profitability• IaaS business is like a car racing game EPS indifference on a distorted field. Two factors Cash flow Breakeven line Revenue breakeven determine the winner: – Track Track 4 Survival Zone – Speed Death Zone Profit Zone• Track is determined by : Track 3 – IaaS size and design - the larger, the more distorted (higher track).• Speed is determined by : Track 2 – Contribution margin – the higher, IaaS Size the faster – Recurring revenue base Track 1 74
  75. 75. The Journey to Profitability• Two factors determine the journey to profitability in IaaS business: $ – Fixed cost Sales – Contribution margin (CM) Breakeven Point• Fixed cost depends on: Cost @CM=50% – IaaS size and design (Rent, Utility and Circuit) Fixed Cost Cost @CM=80% – Operation efficiency (SG&A)• Contribution margin depends on: Fixed Cost Circuit – Service mix Utility – Technological independency SG&A – Vendor bargaining power Rent Survival or not is pretty much determined at the D&A very beginning 75
  76. 76. The Journey to Profitability Sales ($) EPS ($) CM=50% CM=80% CM=80% EPS is correlated to Long term profitability is sales on the journey largely determined by CM of profitability CM=50%Fixed Cost Gross Profit 50% 80% Sales Fixed Cost Gross Margin (%) 76
  77. 77. The Journey to Profitability• The IaaS business is a recurring revenue business model: 2t – The previous year’s efforts count t – Sales growth speed outpaces the Sales base from existing sales efforts $ recurring customers• Previous year’s efforts count: – Do not need to start from scratch Sales every year Sales growth outpaces sales efforts – Less vulnerable and volatile• Sales growth outpaces sales efforts: – Explosive growth at upward economic environment Recurring – Stable growth at downward economic environment Time t 2t 3t 77
  78. 78. Does Size Matter ? Linear growth of COGSCost Cost Space Utility – A/CCost Cost UPS/Power-Gen Utility – Power 78
  79. 79. Business & Finance Review• Subscription-based; reduce maintenance cost; increased reliability – COGS remained and converted to other liabilities. It has to be paid one way or another. – 97% Google’s revenue is from advertisement. – Majority of cloud services are financed by equity market, not by product market• Portability – It’s decided by business competition/cooperation, not by technology• Efficient use of computing resources – Market prices are largely determined by competition, not by efficient use of resources 79
  80. 80. IaaS Research
  81. 81. Companies are still afraid to use clouds 81
  82. 82. Causes of Problems Associated with Cloud Computing• Most security problems stem from: – Loss of control – Lack of trust (mechanisms) – Multi-tenancy• These problems exist mainly in 3rd party management models – Self-managed clouds still have security issues, but not related to above 82
  83. 83. Loss of Control in the Cloud• Consumer’s loss of control – Data, applications, resources are located with provider – User identity management is handled by the cloud – User access control rules, security policies and enforcement are managed by the cloud provider – Consumer relies on provider to ensure • Data security and privacy • Resource availability • Monitoring and repairing of services/resources 83
  84. 84. Lack of Trust in the Cloud• Trusting a third party requires taking risks• Defining trust and risk – Opposite sides of the same coin (J. Camp) – People only trust when it pays (Economist’s view) – Need for trust arises only in risky situations• Defunct third party management schemes – Hard to balance trust and risk – e.g. Key Escrow (Clipper chip) NSA 1993-1996 – Is the cloud headed toward the same path? source: therepublic.com 84
  85. 85. Multi-tenancy Issues in the Cloud• Conflict between tenants’ opposing goals – Tenants share a pool of resources and have opposing goals• How does multi-tenancy deal with conflict of interest? – Can tenants get along together and ‘play nicely’ ? – If they can’t, can we isolate them?• How to provide separation between tenants?• Cloud Computing brings new threats – Multiple independent users share the same physical infrastructure – Thus an attacker can legitimately be in the same physical machine as the target 85
  86. 86. Taxonomy of Fear• Confidentiality – Fear of loss of control over data • Will the sensitive data stored on a cloud remain confidential? • Will cloud compromises leak confidential client data – Will the cloud provider itself be honest and won’t peek into the data?• Integrity – How do I know that the cloud provider is doing the computations correctly? – How do I ensure that the cloud provider really stored my data without tampering with it? 86
  87. 87. Taxonomy of Fear (cont.)• Availability – Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack? – What happens if cloud provider goes out of business? – Would cloud scale well-enough? – Often-voiced concern • Although cloud providers argue their downtime compares well with cloud user’s own data centers 87
  88. 88. Taxonomy of Fear (cont.)• Privacy issues raised via massive data mining – Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients• Increased attack surface – Entity outside the organization now stores and computes data, and so – Attackers can now target the communication link between cloud provider and client – Cloud provider employees can be phished 88
  89. 89. Taxonomy of Fear (cont.)• Auditability and forensics (out of control of data) – Difficult to audit data held outside organization in a cloud – Forensics also made difficult since now clients don’t maintain data locally• Legal and trust issues – Who is responsible for complying with regulations? • e.g., SOX, HIPAA, GLBA ? – If cloud provider subcontracts to third party clouds (web2.0, 3.0, ..), will the data still be secure? 89
  90. 90. Challenges for the attacker• How to find out where the target is located?• How to be co-located with the target in the same (physical) machine?• How to gather information about the target? 90
  91. 91. Critical Issues from governments Jurisdiction for cloud services Business monopoly (e.g. Google, F/B) Cloud data privacy and security Protocol development and standardization Utility model stimulate innovation or impede creativity Green environment requirement By IGF (Internet Governance Forum) 2011 KL 91
  92. 92. IaaS Policy Government Cloud Computing Policy
  93. 93. Policy Rationale Cloud Computing bring the Opportunity of Industrial Transition Information industry Semiconductor industry rebuild Software industryEquipment and devices (TSMC, UMC) Cloud Device impact Service Cloud Computing Produce Produce vs. IC design without factory Software Service IC Design Without data center impact Tier 1 industry Source: “Above the Clouds: A Berkeley View of Cloud Computing” Feb. 4, 2009 & Revision 93
  94. 94. Policy Strategy Full Scale / 4C Integrated ECO Sytem G-Cloud SME-Cloud Solutions Devices Phone TV Edu-Cloud HC-Cloud Commerce Client NetBook Software/service Hardwaresystem software Cloud Connectivity Data Infrastruc 3G/4G switch storage Center ture Fiber WiMax server Security IDC, ISP telecommunication Hardware,software 94
  95. 95. G-Cloud Program G-Cloud Software as a Service (SaaS)Agility Shared Service Agency Transportation SME Healthcare •G2C) service Service •(G2B) f E-Tax E-Trade •(G2G) Education Shared Platform as a DB & Mgt AP Dev. AP Service Service (PaaS) Platform Platform ValidatoinConsolidation Shared facility Platform Infrastructure as a Service (IaaS) GSN , GPKI , N-SOC, shared data center Management service SLA & Auditing Service management & Security management Data center and network management 95
  96. 96. Project Name Budget Lead OrganizationCloud computing technology development plan $3.7B MOEA/DOITResearch Experimental Data Center plan $0.1B MOEA/DOITCloud Computing Corporation plan $1B MOEA/DOITGlobal Firms R&D Investment plan $1.5B MOEA/DOITCloud Computing Industrial Applications Plan $0.7B MOEA/IDBGovernment Cloud Computing Infrastructure $6.5B RDECFire Prevention Cloud Computing Service $0.4B MOI/NFAEducation Cloud Computing Service $1.7B MOERoad Traffic Cloud Computing Infrastructure $0.6B MOTCCloud Computing Promotion for SME $0.6B MOEA/SMEACloud Computing Trade Service $0.4B MOEA/BOFTCloud Computing Invoice Service $1.3B MOFTax Information System Integration & Reform $4B MOFHarbor Single Window Service Plan $0.8B MOFTechnology & Research Cloud Computing Platform $0.8B NSC
  97. 97. 2010 2011 2012 2013 2014Service access visitor (10M) 0.5M 1M 2M 3M 3.5MFirm R&D Investment ($12.7B) $1.4B $2.3B $3B $3B $3BIndirect Investment HW, Serv.($100B) $5B $8B $22B $30B $35BEmployee Increase 50,000 (person) 2500 4000 11000 15000 17500Cloud Computing Industry Value($1T) $8B $20B $64B $308B $600B
  98. 98. What’s going wrong• Set the standard – Policy value should be measurable at specific facets • Improved constituent value – Demonstration needed • Improved operational efficiency – Demonstration needed – Lack of Strategy Model • Value/Cost justification model • Lack of Cross-agency integration – Committee driven model • Committee representative – IT experts are not professional in financial/business evaluation • Stakeholder representative – Committee members have no position to claim construction for target stakeholders – Weak causal analysis • Lack of problem declaration, causal model, reasoning methodology, solution alternatives, outcome justification
  99. 99. Strategy vs. Operation• Separate strategy and operation issues – Deal with operations separately from strategy – Pushing operational performance and making strategic decisions are distinctive activities• GIGO (garbage in / garbage out) – Measure goals with goals indicators • Goals indicator validation – Measure performance with performance indicators
  100. 100. Issue Resolution Process• Issue identification – Strategic [S] • Improve performance to target stakeholders • Reduce cost to target stakeholders – Non-strategic [NS] : otherwise – Exception Fallacy [EF] : not a real issue• Propose solution items, with the following context – Fact-based : demonstrate how it create stakeholders’ value – Alternative driven : at least 3 alternatives presented – Consequential • Financial implication : how much it cost (CapEx, OpEx ?) • Performance implication : how well it perform? scale of improvement? how to monitor? • Time Scale : Short/Mid/Long-term solution, straw-man proposal, migration strategy• Conclusion Validity : Are they causal (solutions vs. issues)
  101. 101. The Prioritization Matrix High Cloud ComputingCost ofof Implementation Cyberspace Cost Implementation Pursue Strategy Deprioritize Opportunistically Explore ways of Investigate Improving stakeholders’ further value immediately TWIX Low Low High [S] High Issue Strategic Value Issue Strategic Value
  102. 102. Recommendations• Issue strategic value – Given the issue resolved, how it improve performance ? How it create value? A general understanding should be given• Prioritization Matrix – [Strategic]>[Non-Strategic]• Put real choice on the table : alternative driven• Solve the problem – Solution and problem should have casual relationship• Time scaling : phased implementation with coherent strategy• You can not control what you can not measure
  103. 103. Government Role & Responsibility
  104. 104. 104