Document 192725

Cloud Computing Architecture – How to reconcile
business, technical, and legal requirements
Introduction
Cloud Computing Architecture
Architecture Forces: Legal,
Security, Scalability, Latency
Summary
Corporate Research and
Technologies
Munich, Germany
Gerald Kaefer
[email protected]
4th
*
Generation Datacenter
IEEE Spectrum, Feb. 2009
Page 1
27th Jan. 2011
Copyright © Siemens AG 2011, Corporate Technology
Siemens and Cloud Computing
Business views on cloud computing?
Customer/ User
Use cloud offerings for
Corporate IT
Example
Software and Product Vendor
Provide cloud enabled software
and products. Operated by
Siemens or customers .
Example E.g. Syngo.CRX CAD
from Healthcare Sector
or
Syngal mass notification
from Industry Sector
Community
Clouds
Vertical Business Integration
Security
Example E.g. Portfolio of
Siemens IT Solutions
e.g. Remote Service
Platform, Managed
Server on Demand
Software
as a
Service
Cloud
Consulting
& Services
Cloud
Architecture
Platform
as a
Service
Infrastructure
as a
Service
Hybrid Models
Infrastructure and Service Provider,
Integrator
Provide cloud and cloud service
products on IaaS, PaaS, and SaaS
layers, plus related integration and
solution development services.
E.g. Use of 4Success for Talent Mngt.,
SalesForce for CRM activities in US
System Integration
IT-Provisioning
IT-Infrastructure
Oct-10
Page 2
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing Hype
Why, where, and how to benefit?
Our business agility could
be improved, and TCOs are
increasing caused by
complexity.
Maybe cloud computing
could help? What happens if
others use it?
Cloud Computing will
reduce your TCO, no
CAPEX, only OPEX
increase your flexibility
What is Cloud
Computing at
all?
Cloud Sales
Consultant
SaaS, PaaS, IaaS,
you do not need your
on premise software…
Business Owner
How should I tackle
that? New
technologies, high
complexity, legacy
applications, security,
SLAs, compliance …..
How does cloud
computing impact our
industrial business to
reduce TCO and
increase business
agility. Of course,
compliant and at
highest security level…
IT Architect
Page 3
Copyright © Siemens AG 2011, Corporate Technology
Forces to Balance for Your Cloud Solutions
Cloud Computing architecture is backbone of discussions
Compliance
Approach:
Separation of Concerns plus multiple
Design and Verification cycles
- legal
- regulation
- national,
international
Deployment and
Operation
-Customer Environment
- Integration constraints
- Legacy constraints
- National, international
Page 4
Business Goals
- lower TCO
- agility
- reduced CAPEX
- new sales models
- stakeholder satisfaction
Cloud
Computing
Architecture
Technical Application
constraints &
requirements
- legacy components
- security, multi-tenancy,
- scalability, reliability
- on-demand, pay per use
- ….
Partner Strategy
- single Provider Partner
- redundant Provider
Partner
- Partners of customers
Copyright © Siemens AG 2011, Corporate Technology
Motivation for Cloud Computing Architecture
From Cloud Awareness to Cloud Understanding
•
Cope with Cloud Computing paradigm in complex
enterprise and industrial environments in the roles as
customer, provider, and ISV
•
Provide common understanding in projects between
business, compliance, and technical roles
•
Support for re-engineering existing on-premise
applications for the Cloud Computing paradigm
•
Coping with required break to existing IT and software
architectures (data (storage, distribution), processing,
transactions, caching, workflows, access control, etc.)
•
Design guidelines for native cloud applications for industrial
domains
Page 5
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing – Working Definition
….focus on automation, resource sharing and business
Service Offering View (What?)
Technical View (How?)
e.g. Salesforce,
"Finished services"
Software- CRM,
as-a-Service Office 365
e.g. Azure,
AppEngine,
Force
"Building blocks"
Platformas-a-Service
"Foundations"
e.g.
Infrastructure- Amazon,
GoGrid,
as-a-Service
Rackspace
Deployment View (Where? For Whom?)
Private Cloud
Page 6
Hybrid Cloud
Cloud computing is a model for
enabling convenient,
on-demand network access to a
shared pool of configurable
computing resources (e.g., networks,
servers, storage, applications, and
rapidly
provisioned and released with
minimal management effort
services) that can be
or service provider interaction.
(Source: NIST)
Public Cloud
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing – Working Definition
….some more clarifications to avoid cloud misunderstandings
•
•
•
•
Cloud computing is not only Internet and Browser-based computing
Cloud computing is not virtualization. Virtualization is an enabler
Moving to a cloud is not a fix for bad practices
Security is what you make of it, cloud or no cloud
Virtualized Data Center
Private Cloud
virtualized infrastructure
virtualized plus multi-tenancy
Procurement for capacity request
Self-servive portal
Days or hours for provisioning
<15min provisioning time
Fixed cost
Pay per use or charge back
CAPEX model from IT to business units
OPEX mdel
Business units takes risk of under
utilization
IT takes risk
Page 7
Copyright © Siemens AG 2011, Corporate Technology
“XaaS” Stack Views
Customer View vs. Provider View
Customer View
e.g.
CRM
User,
Application
Administrator
SaaS
e.g.
Access
Control
Software
Architect,
Developer
PaaS
IT Architect,
IT Operator
IaaS
VMs and
Networks
Provider View
Page 8
Copyright © Siemens AG 2011, Corporate Technology
Cloud Offerings Segmentation
Standard IT services already offered as cloud service
Service layer
Services type: Segmentation of standard IT services
Softwareas-a-Service
Office
Platformas-a-Service
Application
Server
Infrastructureas-a-Service
Computing
CCC1
CRM2
Communication
Search
SCM3
HR4
Training
Persistency, Integration, Identity,
Caching
Mngt.
Access Control
Storage
Network
Backup
...
…
Operation
There is already a huge offering on standard IT cloud services. As a next evolution
industry cloud services will be build them aligned with requrired industry specific
infrastructure and platform offerings (Healthcare, Smart Grid, e-Mobility, …).
1
Content, communications and collaboration
Page 9
2
Customer Relation Management
3
Supply Chain Management
4
Human Resources
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing Architecture
Our first working definition
The Cloud Computing Architecture of
a cloud solution is the structure of the
system, which comprises on-premise
and cloud resources, services,
middleware, and software components,
geo-location, the externally visible
properties of those, and the
relationships between them.
Based on standard architectural
methods there are specific extensions to
cover non-functional requirements of
cloud applications, e.g. scalability,
scalability, reliability, availability, and
security. Furthermore, requirements
from legal or business, need further
specific views and concepts, e.g. data
separation for hybrid clouds, or costcentric architectures.
Page 10
Copyright © Siemens AG 2011, Corporate Technology
Characterize your Cloud Computing Project First
… then select most close architecture approach
High-level Categories
Cloud Service Enterprise Integration (Service Integration Project)
Start with an Enterprise IT Architecture approach.
Cloud enabled Application Development (SW Development Project)
Define a cloud application architecture based on a SOA approach,
designing services for PaaS and SaaS integration. IaaS approaches should
be chosen, if large legacy components need to be integrated, or there are
specific hardware requirements.
Classic IT Service/ Application Migration to Cloud (Dev. or Int.)
Define a cloud target architecture to provide a goal to follow as far as
possible, instead stubbornly migrating classic architectures to cloud.
If there is no source code available, migration on binary assets is only
feasible (limitation for PaaS at application server layer).
Page 11
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing Architecture
Major building blocks
Reference Architecture and Architecture Blue Prints
Application
Service
Platform
Storage
Virtualized Application
• Basis for documentation, project communication
• Stakeholder and team communication
• Partner management, provider selection, acquisitions
Client
Infrastructure
SaaS
PaaS
IaaS
Infrastructure
• Payment, contract, and cost models
Technical Architecture
• Structuring of functional architecture according to XaaS Stack
• Adopting Cloud Platform paradigms
• Structuring cloud services and cloud components
• Showing relationships and external endpoints
• Middleware and communication
• Management and security
Applications
Services
SaaS
Software as a Service
Integration,
Database,
Runtime
PaaS
Platform as a Service
Virtualization
Storage
Network
Computing
IaaS
Infrastructure as a Service
Private Cloud
Classic IT
On Premise
Virtual
Private Cloud
Public
Cloud
Provider 1..n
On Demand
Deployment Operation Architecture
• Geo-location check (Legal issues, export control)
• Operation and monitoring
Page 12
Copyright © Siemens AG 2011, Corporate Technology
Context: High-level Architectural Approach
… aligned with common attribute driven approaches
Business Goals
Quality Attributes
Architectural Tactics
Page 13
• TCO
• Quality
• Market share
• Agility & Flexibility
• Stakeholder
satisfaction
• Compliance
• ….
• Availability
• Elasticity
• Interoperability
• Security
• Adaptability
• Performance
• Usability
• Maintainability
• Response Time
• ….
• Stateless Design
• Loose Coupling
• Caching
•Claim based
authentication
•Scale-out architecture
• Pipelining
• Divide and Conquer
•Firewall traversal
• Partitioning
• Publish-Subscribe
• Strong encryption
• Multi-Tenancy
• Reliable messaging
• Asynchronous
communication
…
Copyright © Siemens AG 2011, Corporate Technology
Cloud Platforms - Simpler NFR Engineering
Software architecture becomes deployment architecture
Challenge: Traditional achievement of NFR (Non Functional Requirements) assurance
Problem
Concept
Abstract
problem
focus and
constraints
Software Solution
Concept requirements
have to be
implemented, software
focuses on efficient
implementation
Software Developer
IT Operation Solution
Software constraints have
to be encountered to
fulfill SLA requirements
Infrastructure
Infrastructure is
selected according
to operation
requirements
IT Operators
Advantage: Match of NFRs is verified at higher level (platforms plus SLA), miss-match
adaptation is possible through change of concept or change of cloud platform.
Problem
Concept
Software
Cloud Platforms
Platform assures non functional requirements as
Concept must be aligned with
Cloud Platform, blocking points scalability, elasticity, reliability, and features as pay
by use, and low cost through economies of scale.
show-up at concept phase
Software Developer
IT Operators
Page 14
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing and Compliance
The outsourcing challenge with new constraints
Employment Aspects (e.g. codetermination, time recording)
Export Control (e.g. storing data, software distribution across country boarders
Information Security (e.g. company intellectual property, strategy, …)
Regulatory Requirements (e.g. Domain laws (healthcare (HIPAA),
banking, insurance)
Data Protection laws and regulation (data privacy)
Data Retention (based on tax or accounting law or lawsuit)
Requirements
Difference to classical outsourcing
According to the application domains:
- Requiring certifications, e.g. Safe Harbor
- Geo-Location Control of data storage
- Disaster Recovery
-…
Most often requiring hybrid cloud approaches
Separation of building blocks according to
requirements to keep deployment flexibility
Today’s outsourcing processes are focused on
identifying most issues in order to place them
at the outsourcing contractor.
Page 15
Cloud offerings come with fixed SLA contracts, so
one must deal with legal issues or collaborate
on a different way. E.g. a new cloud service
integrator business will be established in
future, or more in-house capabilities will be
required.
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing and Security
Loss of ultimate data control and perimeter protection
What attributes of security are crucial for the business:
Confidentiality
Limits on who can get what kind of information
Possessions/ Control
Loss of control of the information, regardless of whether there is breach
of confidentiality
Integrity
Information is correct or consistent with its intended state
Authenticity
Correct labeling or attribution of information
Availability
Timely access to information
Utility
Usefulness of information (e.g. loss of encryption key for encryption data
eliminates its utility or usefulness)
Page 16
Copyright © Siemens AG 2011, Corporate Technology
Regulations (related Certifications)
Business decision support on risk management
Three kinds of issues in standards and regulations
„ How issues“:
- Govern how an application should operate in order to protect certain concerns
specific to its problem domain (e.g. HIPAA defines how to handle personally identifying
health care data)
„Where issues:
- Govern where data shall be stored or applications are allowed to run (EC Directive
95/46/EC on Data Protection and Safe Harbor)
„What“ issues:
- Standards prescribing very specific components to your infrastructure (e.g. PCI and
the use of antivirus software on all server processing credit card information)
Page 17
Copyright © Siemens AG 2011, Corporate Technology
Design Principals and Tactics to deal with
Security and compliance
Encryption, combined with digital signature technology to ensure data
integrity, is most effective as the foundation of an enterprise data
protection strategy, which includes the processes and technologies that
work in tandem to ensure data security.
An effective strategy must include all four of these components:
Protection of the data itself through encryption (storage, transfer)
Controlled Access to data with strong authentication and authorization systems
(e.g. Challenge public cloud storage and access key revocation)
Detection of data at risk to prevent data leakage
Comprehensive management of data throughout its lifecycle from its creation
through archive
Segmentation of data in order to treat it according to sensitivity and regulation
Best practices are collected in the ISO/IEC 27002 standard. It lists a comprehensive set of best practices
for securing the entire IT infrastructure, systems, and data.
Page 18
Copyright © Siemens AG 2011, Corporate Technology
Design Challenges – Hybrid Cloud Services
Distributed data and computation in Hybrid Clouds
•Latency
• Cross-Cloud
Security Challenge
Cloud
Application
• Bandwidth
• Latency
• Reach ability
• Security Challenge
Cloud
Data
Storage
• Bandwidth issues
• Latency
• Availability
• Security Challenge
• Internal provider
security (certified)
• Availability
On
PremiseStorage
Page 19
Cloud
Data
Storage
Required on premise provisioning
influences cloud cost advantages
• Purchasing hard discs
• Purchasing backup-media
• Rent and operation of facilities
• Cost of human administration
On Premise
Application
Copyright © Siemens AG 2011, Corporate Technology
Objective & requirements
Designing Applications across the XaaS Stack
Selection of XaaS layers and services
Applications
Services
SaaS
Software as a Service
Integration,
Database,
Runtime
PaaS
Platform as a Service
Virtualization
Storage
Network
Computing
IaaS
Infrastructure as a Service
Private Cloud
Classic IT
On Premise
Virtual
Private Cloud
Public
Cloud
Provider 1..n
On Demand
Page 20
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing Application Architecture
Classic service style transferred to cloud
Web Role(s)
Mail Delivery
Store
search
…
SLA: daily mail
Mail office counters
Scalability of counters (counters for people, not mail)
Storage
Cost driver: Number of people
(independent of mail delivered for people)
Availability only during office hours with (challenge of office hours and
resources)
Page 21
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing Application Architecture
Business & cost aware Service: Storage vs. compute cost
SLA: daily mail
Worker Role(s)
Mail
Graps batch
for his region
Postman
Storage
Mail boxes could
even be paid by
Advantages:
customer
Page 22
Store
Mail
Office
Storage
No office counters for mail required
Scale related to mail independent of people (less postmen)
Cost driver: Mail to distribute
Work according to demand, no office hours required
Copyright © Siemens AG 2011, Corporate Technology
Cloud Computing Architecture
Latency challenge of service composition
Timing model for user-centric applications
200 ms
Request
300 ms
200 ms
300 ms
Response Browser
Server
Region A
> 100 ms
Latency constraints require advanced
caching and pre-fetching strategies
Always test with cloud latencies and real
data loads
REST protocol uses Internet http caching
and local proxy caching.
Cloud
Data
Storage
Region B
App
<10 ms Cloud
Data
Storage
Cloud Storage Data Model must avoid
multiple requests (Continuation Tokens)
Page 23
Demo: Internal Cloud Benchmark Service
Copyright © Siemens AG 2011, Corporate Technology
Architecture for Elasticity
…elasticity and cost requirements impact architecture
Vertical Scale Up
Horizontal Scale Out
• Add more resources to a
• Adding additional computation units and
single computation unit i.e.
buy a bigger box
• Move a workload to a
computation unit with more
resources
For small scenarios scale up is
probably cheaper - code “just works”
Page 24
having them act in concert
• Splitting workload across multiple
computation units
• Database partitioning
For larger scenarios scale out is the only solution
1x64 Way Server much more expensive that
64x1 Way Servers
Copyright © Siemens AG 2011, Corporate Technology
Summary
Cloud computing approaches will spread because of
lower TCO and higher flexibility (business, technical)
Because of today’s cloud computing buzz, agree on an
internal working definition on cloud computing first.
Today, most cloud platform offerings are not yet aligned
for out of box deployment for many business domains.
Consolidate cloud experts to clarify technical, legal, and
business issues first – to know business risks.
Prepare your application and software architecture for
loud computing platform models, because these
models will replace many today’s classic IT models.
Page 25
Copyright © Siemens AG 2011, Corporate Technology
Thank You for your Attention!
Dr. Gerald Kaefer
Program Manager
[email protected]
Siemens AG,
Corporate Research and
Technologies
Global Technology Field System
Architecture and Platforms
Otto-Hahn-Ring 6
81739 Munich, Germany
www.ct.siemens.com
Within Corporate Research and Technologies the Global Technology Field
“System Architecture and Platforms” focuses on system and software
architectures for a wide range of application domains. This includes
embedded systems, distributed applications, and enterprise software.
The recent field of cloud computing is addressed by a corporate program on
cloud computing with specific interest on “Cloud Computing Architecture
and Platforms”. Cloud computing architecture is key for meeting technical,
legal, and business requirements. These activities are completed by the
industry focused evaluation of strategic cloud computing platforms and
solutions.
Copyright
Siemens
AG 2010.
Copyright © Siemens
AG 2011.©All
rights reserved.
Cloud Computing Architektur - oder wie man geschäftliche,
technische und rechtliche Anforderungen unter einen Hut bringt
Cloud Computing ist am Hype Cycle ganz oben angekommen und somit auf jeder Innovationsagenda
gesetzt. Bei der Einführung von Cloud Computing im industriellen Umfeld stellt man aber rasch fest,
dass Entscheider sich schwer tun Vorteile von Cloud Computing auf ihre Produktsegmente zu
übertragen, obwohl diese unbestritten sind. Ist die Entscheidung für Cloud Computing einmal
gefallen und die Umsetzung steht an, zeigt sich, dass Neuentwicklungen oder die Migration von
klassischen IT Anwendungen zu Cloud IT Anwendungen nicht trivial sind. Viele die diesen Weg
bereits gegangen sind, würden am Ende des Budgets gerne nochmal neu starten. Auch der Sprung
vom Software Lieferanten zum „Software as a Service“ Unternehmer darf von rechtlicher Seite nicht
unterschätzt werden.
Dieser Vortrag beleuchtet Herausforderungen dieser Art und zeigt Stolperfallen auf. Cloud
Computing Architektur, als Kombination aus Methodik und Erfahrung aus Cloud Computing
Projekten, wird als Hilfsmittel vorgestellt um möglichst beim ersten Versuch die richtige Architektur
zu treffen und geschäftliche bzw. rechtliche Anforderungen durch Architekturmuster und Taktiken
unter einen Hut zu bringen.
Page 27
Copyright © Siemens AG 2011, Corporate Technology
Dr. Gerald Kaefer, Siemens AG
[email protected]
Gerald Kaefer ist für Corporate Research and Technologies der Siemens AG als
Program Manager für Cloud Computing Architekturen und Plattformen tätig. Das
Cloud Computing Programm untersucht die Relevanz und Auswirkung von Cloud
Computing für Siemens Produkte und Services.
Seine Betätigungsfelder der letzten Jahre waren schwerpunktmäßig Architektur von
verteilten Systemen im Pervasive und Autonomic Computing Umfeld. Vor seiner
aktuellen Position war er als Senior Engineer und Universitätsassistent tätig. Gerald
Kaefer hat Elektrotechnik studiert und ein Doktorat in Computertechnik.
Page 28
Copyright © Siemens AG 2011, Corporate Technology