Cloud Computing Architecture – How to reconcile business, technical, and legal requirements Introduction Cloud Computing Architecture Architecture Forces: Legal, Security, Scalability, Latency Summary Corporate Research and Technologies Munich, Germany Gerald Kaefer [email protected] 4th * Generation Datacenter IEEE Spectrum, Feb. 2009 Page 1 27th Jan. 2011 Copyright © Siemens AG 2011, Corporate Technology Siemens and Cloud Computing Business views on cloud computing? Customer/ User Use cloud offerings for Corporate IT Example Software and Product Vendor Provide cloud enabled software and products. Operated by Siemens or customers . Example E.g. Syngo.CRX CAD from Healthcare Sector or Syngal mass notification from Industry Sector Community Clouds Vertical Business Integration Security Example E.g. Portfolio of Siemens IT Solutions e.g. Remote Service Platform, Managed Server on Demand Software as a Service Cloud Consulting & Services Cloud Architecture Platform as a Service Infrastructure as a Service Hybrid Models Infrastructure and Service Provider, Integrator Provide cloud and cloud service products on IaaS, PaaS, and SaaS layers, plus related integration and solution development services. E.g. Use of 4Success for Talent Mngt., SalesForce for CRM activities in US System Integration IT-Provisioning IT-Infrastructure Oct-10 Page 2 Copyright © Siemens AG 2011, Corporate Technology Cloud Computing Hype Why, where, and how to benefit? Our business agility could be improved, and TCOs are increasing caused by complexity. Maybe cloud computing could help? What happens if others use it? Cloud Computing will reduce your TCO, no CAPEX, only OPEX increase your flexibility What is Cloud Computing at all? Cloud Sales Consultant SaaS, PaaS, IaaS, you do not need your on premise software… Business Owner How should I tackle that? New technologies, high complexity, legacy applications, security, SLAs, compliance ….. How does cloud computing impact our industrial business to reduce TCO and increase business agility. Of course, compliant and at highest security level… IT Architect Page 3 Copyright © Siemens AG 2011, Corporate Technology Forces to Balance for Your Cloud Solutions Cloud Computing architecture is backbone of discussions Compliance Approach: Separation of Concerns plus multiple Design and Verification cycles - legal - regulation - national, international Deployment and Operation -Customer Environment - Integration constraints - Legacy constraints - National, international Page 4 Business Goals - lower TCO - agility - reduced CAPEX - new sales models - stakeholder satisfaction Cloud Computing Architecture Technical Application constraints & requirements - legacy components - security, multi-tenancy, - scalability, reliability - on-demand, pay per use - …. Partner Strategy - single Provider Partner - redundant Provider Partner - Partners of customers Copyright © Siemens AG 2011, Corporate Technology Motivation for Cloud Computing Architecture From Cloud Awareness to Cloud Understanding • Cope with Cloud Computing paradigm in complex enterprise and industrial environments in the roles as customer, provider, and ISV • Provide common understanding in projects between business, compliance, and technical roles • Support for re-engineering existing on-premise applications for the Cloud Computing paradigm • Coping with required break to existing IT and software architectures (data (storage, distribution), processing, transactions, caching, workflows, access control, etc.) • Design guidelines for native cloud applications for industrial domains Page 5 Copyright © Siemens AG 2011, Corporate Technology Cloud Computing – Working Definition ….focus on automation, resource sharing and business Service Offering View (What?) Technical View (How?) e.g. Salesforce, "Finished services" Software- CRM, as-a-Service Office 365 e.g. Azure, AppEngine, Force "Building blocks" Platformas-a-Service "Foundations" e.g. Infrastructure- Amazon, GoGrid, as-a-Service Rackspace Deployment View (Where? For Whom?) Private Cloud Page 6 Hybrid Cloud Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and rapidly provisioned and released with minimal management effort services) that can be or service provider interaction. (Source: NIST) Public Cloud Copyright © Siemens AG 2011, Corporate Technology Cloud Computing – Working Definition ….some more clarifications to avoid cloud misunderstandings • • • • Cloud computing is not only Internet and Browser-based computing Cloud computing is not virtualization. Virtualization is an enabler Moving to a cloud is not a fix for bad practices Security is what you make of it, cloud or no cloud Virtualized Data Center Private Cloud virtualized infrastructure virtualized plus multi-tenancy Procurement for capacity request Self-servive portal Days or hours for provisioning <15min provisioning time Fixed cost Pay per use or charge back CAPEX model from IT to business units OPEX mdel Business units takes risk of under utilization IT takes risk Page 7 Copyright © Siemens AG 2011, Corporate Technology “XaaS” Stack Views Customer View vs. Provider View Customer View e.g. CRM User, Application Administrator SaaS e.g. Access Control Software Architect, Developer PaaS IT Architect, IT Operator IaaS VMs and Networks Provider View Page 8 Copyright © Siemens AG 2011, Corporate Technology Cloud Offerings Segmentation Standard IT services already offered as cloud service Service layer Services type: Segmentation of standard IT services Softwareas-a-Service Office Platformas-a-Service Application Server Infrastructureas-a-Service Computing CCC1 CRM2 Communication Search SCM3 HR4 Training Persistency, Integration, Identity, Caching Mngt. Access Control Storage Network Backup ... … Operation There is already a huge offering on standard IT cloud services. As a next evolution industry cloud services will be build them aligned with requrired industry specific infrastructure and platform offerings (Healthcare, Smart Grid, e-Mobility, …). 1 Content, communications and collaboration Page 9 2 Customer Relation Management 3 Supply Chain Management 4 Human Resources Copyright © Siemens AG 2011, Corporate Technology Cloud Computing Architecture Our first working definition The Cloud Computing Architecture of a cloud solution is the structure of the system, which comprises on-premise and cloud resources, services, middleware, and software components, geo-location, the externally visible properties of those, and the relationships between them. Based on standard architectural methods there are specific extensions to cover non-functional requirements of cloud applications, e.g. scalability, scalability, reliability, availability, and security. Furthermore, requirements from legal or business, need further specific views and concepts, e.g. data separation for hybrid clouds, or costcentric architectures. Page 10 Copyright © Siemens AG 2011, Corporate Technology Characterize your Cloud Computing Project First … then select most close architecture approach High-level Categories Cloud Service Enterprise Integration (Service Integration Project) Start with an Enterprise IT Architecture approach. Cloud enabled Application Development (SW Development Project) Define a cloud application architecture based on a SOA approach, designing services for PaaS and SaaS integration. IaaS approaches should be chosen, if large legacy components need to be integrated, or there are specific hardware requirements. Classic IT Service/ Application Migration to Cloud (Dev. or Int.) Define a cloud target architecture to provide a goal to follow as far as possible, instead stubbornly migrating classic architectures to cloud. If there is no source code available, migration on binary assets is only feasible (limitation for PaaS at application server layer). Page 11 Copyright © Siemens AG 2011, Corporate Technology Cloud Computing Architecture Major building blocks Reference Architecture and Architecture Blue Prints Application Service Platform Storage Virtualized Application • Basis for documentation, project communication • Stakeholder and team communication • Partner management, provider selection, acquisitions Client Infrastructure SaaS PaaS IaaS Infrastructure • Payment, contract, and cost models Technical Architecture • Structuring of functional architecture according to XaaS Stack • Adopting Cloud Platform paradigms • Structuring cloud services and cloud components • Showing relationships and external endpoints • Middleware and communication • Management and security Applications Services SaaS Software as a Service Integration, Database, Runtime PaaS Platform as a Service Virtualization Storage Network Computing IaaS Infrastructure as a Service Private Cloud Classic IT On Premise Virtual Private Cloud Public Cloud Provider 1..n On Demand Deployment Operation Architecture • Geo-location check (Legal issues, export control) • Operation and monitoring Page 12 Copyright © Siemens AG 2011, Corporate Technology Context: High-level Architectural Approach … aligned with common attribute driven approaches Business Goals Quality Attributes Architectural Tactics Page 13 • TCO • Quality • Market share • Agility & Flexibility • Stakeholder satisfaction • Compliance • …. • Availability • Elasticity • Interoperability • Security • Adaptability • Performance • Usability • Maintainability • Response Time • …. • Stateless Design • Loose Coupling • Caching •Claim based authentication •Scale-out architecture • Pipelining • Divide and Conquer •Firewall traversal • Partitioning • Publish-Subscribe • Strong encryption • Multi-Tenancy • Reliable messaging • Asynchronous communication … Copyright © Siemens AG 2011, Corporate Technology Cloud Platforms - Simpler NFR Engineering Software architecture becomes deployment architecture Challenge: Traditional achievement of NFR (Non Functional Requirements) assurance Problem Concept Abstract problem focus and constraints Software Solution Concept requirements have to be implemented, software focuses on efficient implementation Software Developer IT Operation Solution Software constraints have to be encountered to fulfill SLA requirements Infrastructure Infrastructure is selected according to operation requirements IT Operators Advantage: Match of NFRs is verified at higher level (platforms plus SLA), miss-match adaptation is possible through change of concept or change of cloud platform. Problem Concept Software Cloud Platforms Platform assures non functional requirements as Concept must be aligned with Cloud Platform, blocking points scalability, elasticity, reliability, and features as pay by use, and low cost through economies of scale. show-up at concept phase Software Developer IT Operators Page 14 Copyright © Siemens AG 2011, Corporate Technology Cloud Computing and Compliance The outsourcing challenge with new constraints Employment Aspects (e.g. codetermination, time recording) Export Control (e.g. storing data, software distribution across country boarders Information Security (e.g. company intellectual property, strategy, …) Regulatory Requirements (e.g. Domain laws (healthcare (HIPAA), banking, insurance) Data Protection laws and regulation (data privacy) Data Retention (based on tax or accounting law or lawsuit) Requirements Difference to classical outsourcing According to the application domains: - Requiring certifications, e.g. Safe Harbor - Geo-Location Control of data storage - Disaster Recovery -… Most often requiring hybrid cloud approaches Separation of building blocks according to requirements to keep deployment flexibility Today’s outsourcing processes are focused on identifying most issues in order to place them at the outsourcing contractor. Page 15 Cloud offerings come with fixed SLA contracts, so one must deal with legal issues or collaborate on a different way. E.g. a new cloud service integrator business will be established in future, or more in-house capabilities will be required. Copyright © Siemens AG 2011, Corporate Technology Cloud Computing and Security Loss of ultimate data control and perimeter protection What attributes of security are crucial for the business: Confidentiality Limits on who can get what kind of information Possessions/ Control Loss of control of the information, regardless of whether there is breach of confidentiality Integrity Information is correct or consistent with its intended state Authenticity Correct labeling or attribution of information Availability Timely access to information Utility Usefulness of information (e.g. loss of encryption key for encryption data eliminates its utility or usefulness) Page 16 Copyright © Siemens AG 2011, Corporate Technology Regulations (related Certifications) Business decision support on risk management Three kinds of issues in standards and regulations „ How issues“: - Govern how an application should operate in order to protect certain concerns specific to its problem domain (e.g. HIPAA defines how to handle personally identifying health care data) „Where issues: - Govern where data shall be stored or applications are allowed to run (EC Directive 95/46/EC on Data Protection and Safe Harbor) „What“ issues: - Standards prescribing very specific components to your infrastructure (e.g. PCI and the use of antivirus software on all server processing credit card information) Page 17 Copyright © Siemens AG 2011, Corporate Technology Design Principals and Tactics to deal with Security and compliance Encryption, combined with digital signature technology to ensure data integrity, is most effective as the foundation of an enterprise data protection strategy, which includes the processes and technologies that work in tandem to ensure data security. An effective strategy must include all four of these components: Protection of the data itself through encryption (storage, transfer) Controlled Access to data with strong authentication and authorization systems (e.g. Challenge public cloud storage and access key revocation) Detection of data at risk to prevent data leakage Comprehensive management of data throughout its lifecycle from its creation through archive Segmentation of data in order to treat it according to sensitivity and regulation Best practices are collected in the ISO/IEC 27002 standard. It lists a comprehensive set of best practices for securing the entire IT infrastructure, systems, and data. Page 18 Copyright © Siemens AG 2011, Corporate Technology Design Challenges – Hybrid Cloud Services Distributed data and computation in Hybrid Clouds •Latency • Cross-Cloud Security Challenge Cloud Application • Bandwidth • Latency • Reach ability • Security Challenge Cloud Data Storage • Bandwidth issues • Latency • Availability • Security Challenge • Internal provider security (certified) • Availability On PremiseStorage Page 19 Cloud Data Storage Required on premise provisioning influences cloud cost advantages • Purchasing hard discs • Purchasing backup-media • Rent and operation of facilities • Cost of human administration On Premise Application Copyright © Siemens AG 2011, Corporate Technology Objective & requirements Designing Applications across the XaaS Stack Selection of XaaS layers and services Applications Services SaaS Software as a Service Integration, Database, Runtime PaaS Platform as a Service Virtualization Storage Network Computing IaaS Infrastructure as a Service Private Cloud Classic IT On Premise Virtual Private Cloud Public Cloud Provider 1..n On Demand Page 20 Copyright © Siemens AG 2011, Corporate Technology Cloud Computing Application Architecture Classic service style transferred to cloud Web Role(s) Mail Delivery Store search … SLA: daily mail Mail office counters Scalability of counters (counters for people, not mail) Storage Cost driver: Number of people (independent of mail delivered for people) Availability only during office hours with (challenge of office hours and resources) Page 21 Copyright © Siemens AG 2011, Corporate Technology Cloud Computing Application Architecture Business & cost aware Service: Storage vs. compute cost SLA: daily mail Worker Role(s) Mail Graps batch for his region Postman Storage Mail boxes could even be paid by Advantages: customer Page 22 Store Mail Office Storage No office counters for mail required Scale related to mail independent of people (less postmen) Cost driver: Mail to distribute Work according to demand, no office hours required Copyright © Siemens AG 2011, Corporate Technology Cloud Computing Architecture Latency challenge of service composition Timing model for user-centric applications 200 ms Request 300 ms 200 ms 300 ms Response Browser Server Region A > 100 ms Latency constraints require advanced caching and pre-fetching strategies Always test with cloud latencies and real data loads REST protocol uses Internet http caching and local proxy caching. Cloud Data Storage Region B App <10 ms Cloud Data Storage Cloud Storage Data Model must avoid multiple requests (Continuation Tokens) Page 23 Demo: Internal Cloud Benchmark Service Copyright © Siemens AG 2011, Corporate Technology Architecture for Elasticity …elasticity and cost requirements impact architecture Vertical Scale Up Horizontal Scale Out • Add more resources to a • Adding additional computation units and single computation unit i.e. buy a bigger box • Move a workload to a computation unit with more resources For small scenarios scale up is probably cheaper - code “just works” Page 24 having them act in concert • Splitting workload across multiple computation units • Database partitioning For larger scenarios scale out is the only solution 1x64 Way Server much more expensive that 64x1 Way Servers Copyright © Siemens AG 2011, Corporate Technology Summary Cloud computing approaches will spread because of lower TCO and higher flexibility (business, technical) Because of today’s cloud computing buzz, agree on an internal working definition on cloud computing first. Today, most cloud platform offerings are not yet aligned for out of box deployment for many business domains. Consolidate cloud experts to clarify technical, legal, and business issues first – to know business risks. Prepare your application and software architecture for loud computing platform models, because these models will replace many today’s classic IT models. Page 25 Copyright © Siemens AG 2011, Corporate Technology Thank You for your Attention! Dr. Gerald Kaefer Program Manager [email protected] Siemens AG, Corporate Research and Technologies Global Technology Field System Architecture and Platforms Otto-Hahn-Ring 6 81739 Munich, Germany www.ct.siemens.com Within Corporate Research and Technologies the Global Technology Field “System Architecture and Platforms” focuses on system and software architectures for a wide range of application domains. This includes embedded systems, distributed applications, and enterprise software. The recent field of cloud computing is addressed by a corporate program on cloud computing with specific interest on “Cloud Computing Architecture and Platforms”. Cloud computing architecture is key for meeting technical, legal, and business requirements. These activities are completed by the industry focused evaluation of strategic cloud computing platforms and solutions. Copyright Siemens AG 2010. Copyright © Siemens AG 2011.©All rights reserved. Cloud Computing Architektur - oder wie man geschäftliche, technische und rechtliche Anforderungen unter einen Hut bringt Cloud Computing ist am Hype Cycle ganz oben angekommen und somit auf jeder Innovationsagenda gesetzt. Bei der Einführung von Cloud Computing im industriellen Umfeld stellt man aber rasch fest, dass Entscheider sich schwer tun Vorteile von Cloud Computing auf ihre Produktsegmente zu übertragen, obwohl diese unbestritten sind. Ist die Entscheidung für Cloud Computing einmal gefallen und die Umsetzung steht an, zeigt sich, dass Neuentwicklungen oder die Migration von klassischen IT Anwendungen zu Cloud IT Anwendungen nicht trivial sind. Viele die diesen Weg bereits gegangen sind, würden am Ende des Budgets gerne nochmal neu starten. Auch der Sprung vom Software Lieferanten zum „Software as a Service“ Unternehmer darf von rechtlicher Seite nicht unterschätzt werden. Dieser Vortrag beleuchtet Herausforderungen dieser Art und zeigt Stolperfallen auf. Cloud Computing Architektur, als Kombination aus Methodik und Erfahrung aus Cloud Computing Projekten, wird als Hilfsmittel vorgestellt um möglichst beim ersten Versuch die richtige Architektur zu treffen und geschäftliche bzw. rechtliche Anforderungen durch Architekturmuster und Taktiken unter einen Hut zu bringen. Page 27 Copyright © Siemens AG 2011, Corporate Technology Dr. Gerald Kaefer, Siemens AG [email protected] Gerald Kaefer ist für Corporate Research and Technologies der Siemens AG als Program Manager für Cloud Computing Architekturen und Plattformen tätig. Das Cloud Computing Programm untersucht die Relevanz und Auswirkung von Cloud Computing für Siemens Produkte und Services. Seine Betätigungsfelder der letzten Jahre waren schwerpunktmäßig Architektur von verteilten Systemen im Pervasive und Autonomic Computing Umfeld. Vor seiner aktuellen Position war er als Senior Engineer und Universitätsassistent tätig. Gerald Kaefer hat Elektrotechnik studiert und ein Doktorat in Computertechnik. Page 28 Copyright © Siemens AG 2011, Corporate Technology
© Copyright 2024