Solution provider takeaway: The emergence of cloud data centers can represent an intimidating development for many enterprises’ IT departments focused on meeting their service fulfillment objectives. This chapter provides an in-depth analysis on how well-designed, customer-focused cloud systems can benefit both business and customers. Solution providers can utilize this information when presenting potential clients with a cloud data center project. This excerpt covers cloud service design, including developing a service catalogue, security strategy, networking system and SLA.
Service Design Phase
The service design provides guidance on the design and development of cloud services and for converting strategic objectives into a portfolio of services and service assets. It includes changes and improvements necessary to increase and maintain value to the customer over the entire life cycle. During the service design phase, the following items should be considered, at a minimum, taking input from the service strategy phase:
- Service catalog management
- Security design
- Network configuration and change management (NCCM)
- Service-level agreements (SLA)
- Billing and chargeback
The following sections describe these considerations for a cloud design in greater detail.
Service Catalog Management
Service catalogs have been around for decades, and ITIL books had them for many years. However, service catalogs have been used only by the service providers so that they can be paid for the services rendered to their customers. With the advent of cloud computing, any cloud provider has instantly become a service provider and hence needs a service catalog. Amazon EC2 provides a service catalog to order virtual machines (VM) that can be provisioned in a matter of minutes. This saves lots of money in provisioning time. A good cloud service catalog should consider the following:
Elastic. It allows increasing or decreasing the required capacity through a self-service portal and it is provisioned in minutes, not hours and days. One can order one instance, hundreds, and even thousands of server instances in minutes, all done at the click of button on a portal.
Self-controlled. The user should have complete control and interact with the service catalog remotely using self-service portals (Web Services API).
Flexible. It allows the user to select memory, CPU, and instance storage space. The operating system choice should include Linux, Microsoft Windows, and Solaris.
Reliable. The service runs with proven network infrastructure and data centers and should offer a highly reliable environment where replacement instances can be rapidly and predictably commissioned.
Secure. It offers an interface to configure firewall settings that control network access to and between groups of instances.
All the aforementioned features are offered today by Amazon EC2 cloud services. In addition, many service providers might require additional customizations in the service catalog and might need the following:
Firewall service options. Some cloud providers might want to offer additional firewall services that can provide Low (L), Medium (M), and High (H) security options with various pricing options for users. In addition, some end customers might choose to configure the firewalls themselves, and cloud providers might want to provide that option in addition to the L/M/H security options. Note that a customer can choose Gold, Silver, and Bronze service levels, as mentioned in other parts of this book, and still be able to select L/M/H security options in the service catalog for each of the Gold/Silver/Bronze service levels.
Load balancing A cloud-based load-balancing service that allows the cloud provider to manage the content based on service delivery policies based on real-time conditions and user targets. This empowers the service provider to react to market-specific conditions without compromising availability, performance, and operational efficiency. The traffic management could be done dynamically so that the traffic can be moved based on the user requirements. For example, all traffic generated in the United States could go to servers in the United States, and all other traffic could go to servers in Europe and Asia.
Orchestration is important in service activation and interfaces to service catalog, CMS/CMDB, and the respective domain managers to activate a service. Many vendors, including Cisco, offer orchestration systems, and most of them allow making changes in the workflow to meet the customer’s requirements. Orchestration need to ensure that the workflow is seamless and interfaces to all the required parts of the organization (tools, processes, and so on). More on orchestration is described later in this chapter.
Security should be designed both in the network (firewall locations, access control lists, and port security) compute, storage, and access. Basically everywhere. The authentication and authorization should be designed as part of all service offerings so that the applications can only be accessed by the users that are authorized and entitled to access the services. Security is one of the most important areas in the cloud and is discussed extensively in Chapters 3, 4, and 5.
Network Configuration and Change Management
Network Configuration and Change Management (NCCM) plays a key role in the overall management. With DC/V and cloud, the role of NCCM has expanded to not only network devices but also to compute devices, storage devices, and applications. The NCCM systems should pay attention to some of the following areas:
- Configuration management plays a critical role in change management because detailed maps of the infrastructure devices and the configuration of each device and the connectivity between them are required.
- The topology views of the infrastructure are kept in Configuration Management Databases (CMDB) that contain detailed recordings of the configuration of each component and all updates or changes that have been made along the way.
- It would be ideal to have the CMDB updated automatically whenever changes are made to the infrastructure through audits or periodic polling. If this is not available, the operation would have to manually update the CMDB whenever a change is made.
- Compliance analysis is an important part of NCCM, and many of the tools available provide HIPAA (Health Information Portability and Accountability Act), PSIRT (Product Security Incident Response Team), and other audits and provide alerts whenever the configuration of the devices does not meet these standards. In addition, the device vendors provide field notices and configuration best practices that can be checked against the device configuration, and remediate whenever there is a discrepancy. Cisco SMART services audit and automate the changes without manual intervention.
- In addition to tools providing configuration and changes, the organization should be cognizant of the changes and should have a CAB (Change Advisory Board) and ECAB (Emergency Change Advisory Board) in place to address changes and compliance reports.
Service-level agreements (SLA) guarantee most aspects of service delivery, both technology and service aspects. Technology guarantees are concerned with system response time, system uptime guarantees, and error resolution time. The customer service guarantees are concerned with availability, support staff availability, and response time. The SLA should be designed through a collaborative effort between the marketing and technology groups. If it is only marketing, the technology and support staff might not deliver the SLAs offered, and if it is only technology, it will be filled so many loopholes and “it depends” that it would not be appealing to customers. Typically, service providers offer five 9s, or a 99.999 percent uptime guarantee. 99.9 percent uptime equals 8 hours, 45 minutes, and 57 seconds of downtime per year, while 99.999 percent uptime equals 5 minutes and 42 seconds of downtime per year. You should make sure that the uptime guarantees include only what the provider and the partner can cover and not what the customer can bring down. As long as you clearly define what you include in your guarantee, you can make aggressive uptime claims like 99.999 percent. However, it is important to make only promises that can kept and avoid making promises that are not in anyone’s best interest.
Billing and Chargeback
Billing and chargeback are an important part of providing cloud services; Chapter 9 is dedicated to billing and chargeback. The following are some of the billing and chargeback considerations that should be kept in mind:
- Design of services in the service catalogue should pay attention to billing and charging capability. They should go hand in hand. There is no use in offering sophisticated services if the billing and charging systems cannot accommodate the new way of charging for the services.
- Ensure that proper data collection, metering, and charging systems are in place.
- The cloud providers typically break down their charges into various items such as servers in the cloud, storage in the cloud, applications in the cloud, bandwidth, space, heating, and cooling.
- the cloud pricing structure is based on many other factors as well, including service support, duration of the contract, security load balancing, disaster recovery, and additional charges hidden deep within the SLAs.
Printed with permission from Cisco Press. Copyright 2012. Cloud Computing: Automating the Virtualized Data Center by Venkata Josyula, Malcolm Orr, and Greg Page. For more information about this title and other similar books, please visit Cisco Press.