In defining Infrastructure as a Service we need to drill into specific characteristics that a cloud platform provider must provide to be considered Infrastructure as a Service. This has been no easy task as nearly every cloud platform provider has recently promoted features and services designed to address the infrastructure as a service and cloud computing market. Fortunately, as the technology has evolved over time, a definition of cloud computing has emerged from the National Institute of Standards and Technology (NIST) that is composed of five essential characteristics, three service models, and four deployment models.
- On-demand self-service. A consumer can independently and unilaterally provision computing capabilities, such as compute time, network connectivity and storage, as needed automatically without requiring human interaction with each service’s provider.
- Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms.
- Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources, but may be able to specify location at a higher level of abstraction (e.g., country, state, region or datacenter). Examples of computing resources include storage, processing (compute), memory, network bandwidth, and virtual machines.
- Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out, and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
- Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, compute, bandwidth, active user accounts, etc.). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
- Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of provider-defined user-specific application configuration settings.
- Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
- Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud physical infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components.
- Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.
- Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
- Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
- Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Two dimensions are used to classify the various deployment models for cloud computing:
- Where the service is running: On customer premises or in a service provider’s data center.
- Level of access: Shared or dedicated.
Our reference architecture will be based upon the NIST definition as we define the core principals, concepts and patterns used throughout the reference architecture and subsequent implementation guidance in this content series. The reference architecture will consist of reference frame that outlines the overall cloud computing stack based on the NIST definition and defines the core principals, concepts and patterns of a good reference architecture. This is then followed by service delivery guidance to guide the business on solution based delivery of an on-premise private cloud infrastructure.
The reference architecture presented contain practices that are independent of any specific platform provider and generally should be present on any Infrastructure as a Service platform or service engagement available from or through a provider of cloud based computing capability. Where applicable we will link with solution implementation guidance that is based on the use of Microsoft Server products to illustrate the capability discussed in the reference architecture.
New Choices for Delivering IT
The cloud provides options for approach, sourcing, and control. It delivers a well-defined set of services, which are perceived by the customers to have infinite capacity, continuous availability, increased agility, and improved cost efficiency. To achieve these attributes in their customers’ minds, IT must shift its traditional server-centric approach to a service centric approach. This implies that IT must go from deploying applications in silos with minimal leverage across environments to delivering applications on pre-determined standardized platforms with mutually agreed service levels. A hybrid strategy that uses several cloud options at the same time will become a norm as organizations choose a mix of various cloud models to meet their specific needs.
Cloud options typically are categorized by the following service and sourcing models:
Software as a Service (SaaS) delivers business processes and applications, such as CRM, collaboration, and e-mail, as standardized capabilities for a usage-based cost at an agreed, business-relevant service level. SaaS provides significant efficiencies in cost and delivery in exchange for minimal customization and represents a shift of operational risks from the consumer to the provider. All infrastructure and IT operational functions are abstracted away from the consumer.
Platform as a Service (PaaS) delivers application execution services, such as application runtime, storage, and integration, for applications written for a pre-specified development framework. PaaS provides an efficient and agile approach to operate scale-out applications in a predictable and cost-effective manner. Service levels and operational risks are shared because the consumer must take responsibility for the stability, architectural compliance, and overall operations of the application while the provider delivers the platform capability (including the infrastructure and operational functions) at a predictable service level and cost.
Infrastructure as a Service (IaaS) abstracts hardware (server, storage, and network infrastructure) into a pool of computing, storage, and connectivity capabilities that are delivered as services for a usage-based (metered) cost. Its goal is to provide a flexible, standard, and virtualized operating environment that can become a foundation for PaaS and SaaS.
IaaS is usually seen to provide a standardized virtual server. The consumer takes responsibility for configuration and operations of the guest Operating System (OS), software, and Database (DB). Compute capabilities (such as performance, bandwidth, and storage access) are also standardized.
Service levels cover the performance and availability of the virtualized infrastructure. The consumer takes on the operational risk that exists above the infrastructure.
Deployment models (shared or dedicated, and whether internally hosted or externally hosted) are defined by the ownership and control of architectural design and the degree of available customization. The different deployment models can be evaluated against the three standards – cost, control, and scalability.
The Public Cloud is a pool of computing services delivered over the Internet. It is offered by a vendor, who typically uses a “pay as you go” or "metered service" model. Public Cloud Computing has the following potential advantages: you only pay for resources you consume; you gain agility through quick deployment; there is rapid capacity scaling; and all services are delivered with consistent availability, resiliency, security, and manageability. Public Cloud options include:
- Shared Public Cloud: The Shared Public Cloud provides the benefit of rapid implementation, massive scalability, and low cost of entry. It is delivered in a shared physical infrastructure where the architecture, customization, and degree of security are designed and managed by the provider according to market-driven specifications.
- Dedicated Public Cloud: The Dedicated Public Cloud provides functionality similar to a Shared Public Cloud except that it is delivered on a dedicated physical infrastructure. Security, performance, and sometimes customization are better in the Dedicated Public Cloud than in the Shared Public Cloud. Its architecture and service levels are defined by the provider and the cost may be higher than that of the Shared Public Cloud, depending on the volume.
The private cloud is a pool of computing resources delivered as a standardized set of services that are specified, architected, and controlled by a particular enterprise.
The path to a private cloud is often driven by the need to maintain control of the service delivery environment because of application maturity, performance requirements, industry or government regulatory controls, or business differentiation reasons. For example, banks and governments have data security issues that may preclude the use of currently available public cloud services. Private cloud options include:
- Self-hosted Private Cloud: A Self-hosted Private Cloud provides the benefit of architectural and operational control, utilizes the existing investment in people and equipment, and provides a dedicated on-premise environment that is internally designed, hosted, and managed.
- Hosted Private Cloud: A Hosted Private Cloud is a dedicated environment that is internally designed, externally hosted, and externally managed. It blends the benefits of controlling the service and architectural design with the benefits of datacenter outsourcing.
- Private Cloud Appliance: A Private Cloud Appliance is a dedicated environment that procured from a vendor, is designed by that vendor with provider/market driven features and architectural control, is internally hosted, and externally or internally managed. It blends the benefits of using predefined functional architecture, lower deployment risk with the benefits of internal security and control.
The array of services delivered by the combination of service and sourcing models can be dizzying. CIOs will need to evaluate their business requirements and the experience of the provider to select the appropriate Cloud models.
Comparison of Cloud Deployment Models
Expanding the Reference Model
In the content above we describe several characteristics, service models and deployment models that are aligned to the NIST definition of cloud computing. Now we couple this with Infrastructure layer components that are briefly described in the Blueprint for Private Cloud Infrastructure as a Service and expand the Infrastructure Layer in the Private Cloud Reference Model.
This expanded reference model illustrated in the figure below shall be the basis of the Private Cloud Infrastructure as a Service architecture design contained in this series.
Throughout the Infrastructure as a Service series the focus will be upon the Infrastructure Layer of the Reference Model however as illustrated the Infrastructure Layer has a light coupling with the Management Layer and the Platform Layer. Further the Infrastructure and Management Layers are influenced by the Operations Layer. Certain key areas of the Management Layer such as Fabric Management are covered in detail in this Infrastructure as a Service series while remaining areas of the Management, Operations Layer and Service Delivery Layers are covered in later or future content in the Private Cloud Reference Architecture.
We can now define that Private Cloud Infrastructure as IaaS is an advanced state of IT maturity that has a high degree of automation, integrated-service management, and efficient use of resources. Virtualization can be a key enabler of IaaS but in most models, including the NIST cloud definition, virtualization as common, not and essential, attribute. An infrastructure that is 100 percent virtualized may have no process automation; it might not provide management and monitoring of applications that are running inside virtual machines (VMs) or IT services that are provided by a collection of VMs. In addition to virtualization, several other infrastructure-architecture layers are required to achieve the essential cloud attributes.
A rich automation capability is required. Automation must be enabled across all hardware components—including server, storage, and networking devices—as well as all software layers, such as operating systems, services, and applications. The Windows Management Framework—which comprises Windows Management Instrumentation (WMI), Web Services-Management (WS-Management), and Windows PowerShell—is an example of a rich automation capability that was initially scoped to Microsoft products, but that is now being leveraged by a wide variety of hardware and software partners.
A management layer that leverages automation and functions across physical, virtual, and application resources is another required layer for higher IT maturity. The management system must be able to deploy capacity, monitor health state, and automatically respond to issues or faults at any layer of the architecture.
Orchestration that manages all of the automation and management components must be implemented as the interface between the IT organization and the infrastructure. Orchestration provides the bridge between IT business logic, such as "deploy a new web-server VM when capacity reaches 85 percent," and the dozens of steps in an automated workflow that are required to actually implement such a change.
The IaaS solution’s primary purpose is to host other higher layers such as the PaaS and SaaS.
The final layer is the Service Delivery layer providing interfaces for both service providers and service consumers.
The integration of virtualization, automation, management, and orchestration layers provides the foundation for achieving the highest levels of IT maturity.
High Level Design Concerns
Several key concerns must be established that are cross cutting in the overall design of a Private Cloud Infrastructure as a Service design. These concerns are grounded in the Private Cloud Reference Architecture and expanded here in the context of providing Infrastructure as a Service.
The physical datacenter is the enterprise facility where the organizations cloud capability is deployed. When providing cloud services we generally think of services that just exist and not where they exist. However the physical datacenter we must consider location. For some organizations their datacenter may exist in one or more corporate locations. For large organization there may be dedicated facilities just for location of their datacenter(s). Increasingly these considerations include locations that offer climates that enable the use of nature air to provide environmental climate control within the datacenter and reducing energy consumption. Location may also provide access to low cost costs for energy consumed by the datacenter.
Location of a datacenter plays an active role in the design of Private Cloud Fault Domains and options available to the IT consumer when selecting capabilities to purchase and deploy through Private Cloud Self Service.
The Private Cloud Reference Architecture defines the private cloud pattern of a Scale Unit. However there is no specific predefined set or selection of values that comprise a scale unit. The determination is part of the private cloud design and planning process. A Scale Unit is a pool of compute, storage, and network resources that can be deployed as a single unit or in bundles that allow both extensibility and reuse or reallocation without physical reconfiguration. Examples of these resources are:
- Compute – Blade servers, deployed by one or more racks at a time.
- Storage – Enterprise SAN, with disk capacity to match compute capability.
- Network – New access and distribution designs to meet compute and storage requirements.
When selecting elements of a scale unit the architect should consider future availability as changes in hardware architectures will influence Management Fabric implementations over time. A scale unit should be sized to accommodate future growth over a period that meaningful to the business. Some businesses will plan on a quarterly basis while others may forecast by fiscal year or more.
A resource pool is comprised of server, network, and storage scale units that share a common hardware and configuration baseline but does not share a single point of failure with any other resource pool other than the facility itself. Note that a resource pool could be subdivided further into Fault Domains. See Private Cloud Reference Architecture Principles, Patterns, and Concepts.
The Physical Fault Domains pattern is defined in the Private Cloud Reference Architecture. In an Infrastructure as a Service design a fault domain is a set of physical infrastructure with a common configuration within a resource pool that does not share a single point of failure with any other fault domain.
An upgrade domain is infrastructure within a resource pool that can be maintained, take offline, or upgraded without downtime to the workloads running in the resource pool.
Private Cloud Infrastructure as a Service is an evolution in the industry and IT. It forms the foundation of cloud computing for all cloud enabled workloads. Designing for Infrastructure as a Service raises the IT Capability and Maturity level to realize cloud capabilities in the allowing the business to focus on objectives, respond with agility and realize economies of scale.