How to maximize the advantages of cloud computing

The charm of cloud computing is that users can start using as long as they have an ID card and credit card, but this is also the problem. Such a simple service is bound to bring many challenges to the unprepared IT department. We have encountered this phenomenon many times before: the advantage of a technology that is easy to adopt has turned into an unexpected management problem at the end. For example, virtualization technology leads to scattered virtual machines, smart phones bring new security risks, instant messaging Cause corporate governance issues.

This article shows that we are still in the early stages of cloud computing, which means that related tools and technologies are still being improved. For example, after two years of testing, Amazon Web Services ’ElasTIc Compute Cloud service was only launched to the market late last year; enterprise-level functions such as monitoring, management, and load balancing are still in its planning. Similarly, Google App Engine (App Engine) is a preview version. Microsoft's Azure cloud service is also a preview version. At present, only Windows developers can use limited functions, and other early adopters cannot use it.

But now you can start planning. You can actually feel this new IT delivery model (including understanding various failures and defects), and you can take a step ahead of other company colleagues who are considering using cloud services alone.

1. Management

Firmly control cloud computing

There are various tools for managing cloud computing services. You can use a simple dashboard to allow you to create a virtual software stack in a few minutes. There are also enterprise-level platforms that can handle various configuration and management tasks. The more widely used cloud computing is, the more high-end tools are needed.

Amazon, Google and other cloud service providers provide basic tools to help customers get started. For example, the management console of Google App Engine can display the size of traffic, bandwidth, CPU utilization, and the error rate of Google ’s hosted applications. These data can help you delve into log files and obtain other detailed data. You can also use it to Control the management authority and management application upgrade.

However, the application engine is still in the "preview" version; this means that as the demand increases, these tools will not be able to meet the requirements. Google ’s product manager Pete Koomen admits: "We still lack some features."

We see that cloud service providers, emerging companies, and system management vendors are all racing to provide customers with more comprehensive tools to manage resources in the cloud environment. Amazon said it will launch a new management console and cloud monitoring function for the elastic computing cloud service "soon". Amazon is already providing some basic features, such as the ability to create Amazon Machine Images using the command line interface. The management console allows users to configure and manage EC2 resources, and the monitoring function will include real-time measurements of EC2 instances and "availability zones"-the availability zone is the Amazon foundation that customers choose to ensure redundancy and maximum availability Part of the architecture. Amazon also plans to provide load balancing and automatic scaling in 2009.

Companies specializing in cloud management are another option. RightScale's managed service platform includes management dashboards, database and website management, batch processing, multi-server deployment capabilities, and auto-scaling capabilities. The development version that provides basic functions can be used free of charge, but most IT departments will need three other versions of RightScale (web version, grid version, and premium version). These versions start at $ 500 per month, plus $ 2500 once Sexual expenses.

RightScale was founded in 2007 to manage Amazon Web Services. It has expanded its business scope to manage other public cloud services, including FlexiScale and GoGrid cloud services. RightScale also provides a platform for the Eucalyptus public cloud at the University of California, Santa Barbara, deploying open source Eucalyptus software for cloud computing on cluster servers. It is actually a research and testing project, but the purpose is to be able to manage public clouds and proprietary clouds based on Eucalyptus through RightScale's dashboard.

As simple as a web application

IT departments with experience in managing web applications and infrastructure will find that cloud computing has similarities. Javier Soltero, CEO of Hyperic, said: "If you can manage web applications, you can manage cloud applications." The company has a version of web application monitoring software running on Amazon Web Services.

Hyperic HQ consists of a central management server and agent software. The former usually runs on servers deployed inside the company, while the latter resides on a web server and reports availability, performance, and other measurement data to the central management server. With the newly released HQ 4.0, the Hyperic server can be configured as an Amazon machine image in EC2. For IT administrators, this means simple deployment, lower subscription fees, and higher performance. The features of Hyperic HQ include automatic software discovery, diagnosis, alarming, analysis and reporting, and other tools.

Some people think that this kind of attitude is very problematic for cloud applications. Soltero said: "Some people think that because you deploy applications in the cloud, you don't need monitoring and management at all. This is one of the big lies in cloud computing. The code is inherently flawed and the technology will also have problems, so you Need monitoring function. "

Kaavo also specializes in the management of multiple clouds. The platform of this emerging company supports server monitoring, LAMP software configuration in the cloud, load management, software auditing, patch management, runtime configuration management, notifications, and alarms. It has launched a free beta version of Infrastructure and Middleware On Demand software; a general distribution will soon be available. Kaavo's strength lies in its management team: Founder and CEO Jamal Mazhar is a Sun-certified J2EE architect, and CTO Shahzad Pervez has previously worked as an IT director and enterprise architect in large companies.

Well-known system management software vendors have also brought new control tools to the cloud environment. Dennis Quan, head of independent computing development at IBM, said that IBM's TIvoli department plans to integrate cloud management functions into product lines such as Service Request Manager, Provisioning Manager, and Monitoring. IBM also hopes to give customers greater "control" to control the systems that put data in the cloud, thereby enhancing customers' confidence in cloud security, but Quan did not disclose how IBM will do this.

Microsoft is still developing solutions to solve cloud management problems. It launched the Windows Azure operating system and related Azure service platform in October last year, but did not indicate when to enable Azure cloud services, but developers can already use development tools and basic building blocks to get started. In the same month, Bob Muglia, Microsoft's senior vice president, demonstrated the System Center enterprise management platform, code-named Atlanta, which will run in Microsoft's cloud.

All these activities show that vendors are competing to develop enterprise-level control tools for emerging cloud services. The challenge for IT administrators is to deploy relevant tools in place before cloud service adoption advances by leaps and bounds.

Second, the underlying architecture: Amazon, Google and Microsoft platform comparison

It is easy to ignore the technology behind cloud services, which is a misunderstanding. The company's technical staff must ensure that cloud services are integrated with the enterprise's infrastructure. This requires an infrastructure that can combine the two.

The various parts of cloud computing are the same as those of enterprise data centers, and also include many programming languages, operating systems, databases, Web servers, protocols, and application programming interfaces (APIs). The key is to identify which cloud services are truly suitable for their internal systems, applications, and expertise. Let's compare Amazon's Elastic Computing Cloud, Google App Engine and Windows Azure services to see which one is more suitable for you.

Amazon's EC2 provides customers with a wide variety of software options: Windows Server, OpenSolaris, and seven Linux versions; MySQL, SQL Server, and Oracle 11g databases; and development environments such as Java, JBoss, and Ruby on Rails.

Google's specialty lies in its simplicity and ease of use. The application engine allows users to take advantage of Google ’s self-developed database and other infrastructure software; it can use cache, mirror, email, and other application services through the API. Python is the only supported programming language, but Google intends to support other programming languages ​​in the future.

Windows Azure and Azure service platforms are actually in line with Microsoft's on-premises enterprise software series. Azure includes hosted versions of SQL Server, SharePoint, Dynamics CRM and .Net services, developed with Visual Studio and .Net framework. Microsoft said that Azure will support open protocols (HTTP, REST, SOAP, and XML) and non-Microsoft programming languages ​​(Eclipse, Ruby, PHP, and Python).

If IT personnel want to get an overview of the cloud architecture, the cloud service provider's website provides a lot of detailed information. Amazon has a white paper on cloud architecture. Those who want to make up a lesson as soon as possible may wish to take a look.

Your design blueprint should consider that cloud services may be provided by multiple vendors, so think about how to ensure interoperability and application integration. Stuart Charlton, a senior software architect at cloud computing startup Elastra, suggested using the REST and Atom SyndicaTIon Format as the underlying specification in the global cloud architecture. He said that standards for joint identity management are also important.

Dennis Quan, head of independent computing development at IBM, said service-oriented architecture (SOA) has made it possible to connect to cloud services in a "standard-compliant way." The next step is to migrate services from one cloud to another. Quan said that the specification to complete this function is still in the early stages of development.

3. Data Protection

Focus on safety

Developers like the "don't care about cloud computing deployment" feature; the company hopes to reduce infrastructure costs through cloud computing; users like new features to be launched more quickly.

However, those responsible for information security are scratching their heads on how to safely transfer applications and data to the cloud.

One goal that the IT community is diligently seeking is to integrate identity management technologies and processes; cloud computing may make this goal ten years later.

Many companies may extend directory service verification beyond the internal environment to handle applications and even systems in the cloud; however, if the security of third-party systems is compromised, this approach will make the verification system precarious. The company may be able to implement a new solution to make cloud infrastructure management independent of existing infrastructure management. But the disadvantage is that multiple identity and access management systems must be integrated. There is another way to go back in time and manage the cloud separately, but this is unattractive.

Fortunately, some cloud service providers are working hard to solve this problem. Google provides this feature: combining Google Apps with the currently implemented single sign-on technology to enhance security and simplify management. A well-known Internet company deployed an edge authentication server to allow cloud systems to authenticate using Lightweight Directory Access Protocol (LDAP). Another company has extended the Web-based authentication protocol to perform authentication through Web services; after passing the authentication, you can access its internal system.

Data loss and backup

Where is the data stored? Who can access? Is the data safe? These are major issues because few cloud service providers have proven to be reliable in handling sensitive data, with the exception of many software-as-a-service (SaaS) providers. If the data is stored on a shared storage system, expect to be at risk. In fact, even the data we put in our own companies is at risk. The same set of measures to measure the benefits and risks of internal data needs to be used to measure the cloud, and then determine what data can be put on the cloud and how to protect it. This requires knowing and verifying the standards adopted by the provider and how flexible it is to change the standards.

When enterprises use services such as Amazon's elastic computing cloud, they can use data encryption in operating systems, applications, or database management systems running in virtual instances. Providers of other services (such as application hosting services) need more comprehensive consideration when developing applications to ensure that security measures such as encryption are included.

No matter where your data is, companies should prevent data loss. Amazon knows that computers will fail, so it advises companies to use redundancy and backup measures to plan for failure prevention. Some cloud service providers provide backup services or methods of exporting data so that companies can back up the data themselves, while others require customers to use custom or third-party applications.

Therefore, we may wish to keep in mind the following key factors:

——How to backup? Some cloud service providers make backups, but it is more likely that you want to make your own backups. Many customers of Amazon EC2 also use Amazon's Simple Storage Service (S3) or Elastic Block Storage (ElasTIc Block Storage) for storing backup files.

-Does the backup stand the test? If the service is unavailable, can you access the backup data?

——Where will the backup data be placed? It may be placed on a cloud storage system, hosted by a provider, or transferred to your own infrastructure. In any case, you still need to know how the backup data is protected during storage and transmission.

Management and monitoring

The information security teams of many companies usually monitor the security vulnerability mailing list, patch the system, and rewrite the code to solve the defects. In the cloud, they believe providers have investigated at least some aspects in advance. Few providers allow customers to verify their own security practices, but some providers have become more willing to cooperate. When using cloud systems such as Joyent or Amazon's EC3, companies can take security measures at the operating system, database, and application levels, but they still rely on their respective providers to ensure the security of their networks, storage, and virtual infrastructure.

Although cloud service users do not control the actual patching and vulnerability monitoring, they still have the responsibility to manage their own risks. So they have to assess which assets need to be protected and how to protect them, including adding security measures to the cloud infrastructure. Even then, industry regulations such as the Payment Card Industry (PCI) standard may still be caught off guard, because the PCI committee does not specify how to classify cloud service providers. This may mean that different auditors will treat cloud service providers with slightly different standards.

Cloud service customers must ask to ensure that they can monitor who is accessing their data. If the company requires detailed audit trail records, it should use data encryption; or only hand over applications that are not particularly sensitive to the data it processes to cloud service providers.

This aspect may be improved quickly. Google recently stated that the security process of Google Apps has passed the SAS 70 Type II audit standard. Expect to hear more providers claiming their own security standards, because security is still a big obstacle that prevents companies from moving applications to the cloud.

Of course, internal information security teams should not wait for providers to strengthen security. From desktop applications to server-hosted applications, cloud computing will become more and more attractive. Applications that require a higher level of security, such as those related to the Health Insurance Portability and Accountability Act (HIPAA) or PCI, may be more difficult to secure in the cloud, so it is more appropriate to place them within the company. Community applications and content sites are more suitable for being placed in the cloud. The company ’s technical team must determine what data to put in the cloud without problems, but they must also understand that the cloud will eventually be part of the entire infrastructure; they also have to figure out how to securely connect the enterprise system to the cloud infrastructure. stand up.