Security solutions – Workload driven security

30 Saturday Nov 2013

Posted by in Implementation framework

1 Comment

Tags

, ,

In my earlier blog I had referenced Steve Todd, an EMC Fellow, on the increasing complexity of our workloads. This complexity is explained through the two data axes, the North-South data movement is adding infrastructure stack complexity and East-West data movement through the geo dispersion of data. I had explained that such complexity is causing lack of visibility and control on Service Levels.

Picture1

Another serious consequence of this complexity is the increased surface exposure of the workload to malicious threats. On one hand, the malicious attacks are becoming more disruptive and destructive in nature and on the other hand, we are increasing the surface exposure for such attacks. An EMC and RSA global IT trust curve survey finds that 61% of organizations have suffered unplanned downtime, a security breach, or data loss at least once in last 12 months. Clearly, different kind of solutions will be needed to secure such environments.

We will need to look at the next generation security solutions through two lenses. Firstly, we will need to re-organize our security solutions as services driven by workload requirements. And secondly, we need to promote transformational paradigm of intelligence driven security to counter the sophisticated threats of today and the future.  Let’s dive into more details.

Not all workloads are created equal; hence, their security measures may vary. Security will need to be treated as Service Level objective of workloads, with the objectives defined beforehand such that appropriate security can be provisioned. It is the security requirement or categorization of the workload that should dictate the security to be provisioned. To this effect Open Data Center Alliance has defined a security framework that can be used to categorize workloads into Platinum, Gold, Silver, and Bronze. The advantage of using such predefined and industry agreed semantics of Security service levels is twofold. You now have a standardized way of categorizing workloads and you can compare industry solutions with an agreed set of requirements. Categorizing security requirements is not new, but adhering to an industry recognized set of definitions is new and promotes the right industry behavior for effective solutions. Here is an excerpt of the Compute Infrastructure as a Service usage model. Be sure to read the entire ODCA paper for details.

Security tier summary

Once the definition is standardized, the second focus area is to be able to provision security services to the dynamic and granular requirements of the workload. Security enablement for individual workloads itself implies a more fine grained security infrastructure. Take a look at the following Illustration as an example.

virtual firewall

The first point to make in the picture is that we are taking a VM or Virtual Machine as a proxy for workload. With the ubiquitous nature of virtualization, that is a pretty safe bet and, frankly, makes our process of delivering fine grained security a lot easier. The second key point here is that while one virtual firewall is provisioned at the parameter of the virtual data center, a second one is provisioned right next to the workload itself. Virtual data center, with network and compute virtualization, provides us with this flexibility and granularity.

Such transformational solutions are available today, with network virtualization. In my own proximity is the VMW NSX solution that provides automated fine grained security including workload/segment isolation, distributed firewalling, and provisioning, enabling, and enforcing advanced security features. For details, please refer to the blog by Rod Stuhlmuller, of VMWare, on Network Security: the VMWare NSX Network platform’s hidden gem. VMW / NSX solutions offer automations through integration with vCenter and vCaC. IT admins will be able to setup repeatable security configurations as templates, which would allow point and click provision from an approved template. One could also use best of breed third party tools by interfacing through open APIs.

Hope you enjoyed the perspective on workload driven Security. In my next blog I will cover another transformational shift occurring with the advent of Intelligence driven security which attempts to trace the threat before it strikes.

Related articles

Solutionization with Software defined networking

02 Saturday Nov 2013

Posted by in Industry solutions

1 Comment

Tags

, , ,

The surface complexity of our workloads continues to increase. Steve Todd, an EMC Fellow, explains it so elegantly in his blogs through the Data axes shown in the picture below. The North South data movement is becoming complex through infrastructure stack complexity, and East West data movement through the geo dispersion of data. This is causing a lack of visibility and control on meeting workload Service Levels.

Axes

Virtualization and cloud are the prime causes for the complexity. If your VM is experiencing a performance issue, the root cause of it could be anywhere in the two axes of the above chart. It could be a noisy neighbor, it could be a vSwitch or a shared port, a vLAN, a physical switch, a controller, a firewall, the VM may have moved to a different location, etc. Ability to do a root cause analysis on an event and to be able to correlate the impact of that event to the SLA is a key requirement for any good solution. This requirement however becomes a lot more important in the dynamic infrastructure of a Software Defined Data Center.

Software defined networking to the rescue! Martin Casado, VMWare’s Chief Network Architect, has commented in InformationWeek about the need for greater visibility in virtualized environment and how network virtualization solutions can help provide such visibility.

In our experience, a well-designed network virtualization solution can actually solve visibility issues by providing an unprecedented ability to monitor and troubleshoot virtual networks.

The Open Data Center Alliance usage model on Software Defined Network also calls out the requirement of usage and monitoring of the network. Excerpt from the usage model is listed below.

ODCA SDN

EMC’s next generation SMARTS technologies, for Software Defined Network, will solve this very problem. The solution will be released in June 2014, with complete integration of VMWare NSX and vCenter. It will meet the above stated requirements in three ways.

  1. Visibility: Provides End to End visibility of SDN based cloud infrastructure, with multiple hypervisors (VMW, KVM, Xen) and cloud OS (VMW, OpenStack, CloudStack)
  2. Root Cause Analysis: Performs problem diagnostics (Availability, Performance, Configuration) on physical / virtual infrastructure and assess impact on VMW NSX defined virtualized network and tenant. Correlates configuration changes with reported symptoms and the root cause.
  3.  Performs analysis driven automated service remedial actions.

SaSSMARTS technologies function in three layers. The lower collection layer gathers metrics through standard APIs (VMWare and OpenStack) and protocols (SNMP). The middle layer performs intelligence in the form of converged root cause analysis. It takes into consideration the topology discovered, Status, and the performance metrics collected.  The upper presentation layer displays topology, notifications, and support information.

Why do I like this solution? It is addressing two of the three vectors for Solutionization. It helps detect and analyze Service Level breaches and provides a data driven approach to automated remediation. It is addressing Dr. Vogel’s vision of the ‘Data driven cloud’. Software defined network provides rich and contextual information to SMARTS, which enables root cause analysis and remediation. This is a perfect solution to address a compelling problem.

I am eager to hear your views on the solution. Please drop a note if you are interested in learning more about the solution or are interested in being a pilot customer.

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

Solutions from VMWorld – Hadoop starter kit

15 Tuesday Oct 2013

Posted by in Industry solutions

Leave a Comment

Tags

, , , ,

VMWorld has kicked off in Barcelona and it is time to showcase creative solutions at display there. At the top of my list is the Hadoop starter kit. The kit was first released in August at VMWorld in San Francisco. The team has refreshed the kit with Hadoop starter kit 2.0,  at Barcelona. I will give you an idea on why I love this solution and how it conforms to the Solutionization framework.

Steve Todd, EMC Fellow, covered the benefits of the kit in his blog back in August. Steve says that one of the problems with evolving application workloads is infrastructure agility. Hadoop is probably a poster child of this issue. Although Hadoop is an elegant framework for Big Data, setting the infrastructure for it could be a tedious and time consuming task. One of the main reasons for the popularity of Amazon Elastic MapReduce is its ease of deployment. The starter kit brings the ease and speed of Hadoop deployment to your own IT / Provider shop using VMWare vSphere and EMC Isilon HDFS.

I will not repeat the details of the kit, which you can get from the HSK White paper; instead I will shed some perspective on the vectors of Solutionization and the benefits that you will get from the kit. In my last blog, I described automation best practices in terms of four cloud commandments, etched by Dr. Werner Vogels. Let’s see how the solution kit measures on each of the four commandments.

  • Adaptive: With virtualization, mixed workloads that include non-Hadoop applications can run alongside Hadoop on the same physical cluster. By using VMWare based virtualization, one gets the wealth of industry accepted APIs and resultant automations. This enables Rapid Provisioning, from the creation of virtual Hadoop nodes to starting up the Hadoop services on the cluster; much of the Hadoop cluster deployment can be automated, requiring little expertise on the user’s part.
  • Controllable: Business rules can be set via VMW vSphere and VMW Automation Center, which set the policies and governance rules for such deployment.  Puppet or Chef Recipes can be used for testing analytics algorithms before migrating to production.
  • Resilient: Security can be enabled at a deeper level that is not easily possible in Hadoop. Amongst other things, this can make your Hadoop multi-tenant. Different tenants running Hadoop can be isolated in separate VMs, providing stronger VM-grade resource and security isolation. Reliability is critical for certain mission-critical uses of Hadoop. HA protection can be provided through the virtualization platform to protect the single points of failure (SPOF) in the Hadoop system, such as the NameNode for HDFS and JobTracker for MapReduce.
  • Data driven: VMW Operations Manager or vOps provides constant monitoring and analytics for automated performance, capacity, and configuration management.

Apart from meeting automation vision, I am a big advocate for the Solution alignment to the industry defined requirements, similar to those set forth by the Open Data Center Alliance (ODCA). ODCA has published a usage model on Scale out storage. One of the critical requirements of the usage is to support scale-out with multi-protocol support for heterogeneous workloads. The rationale for this requirement is to be able to use multiple protocols on the same data. Isilon, in this context, supports both NFS File and HDFS protocols. Hence we are able to run Hadoop based analytics on your existing File data, without having to move data to a different file system. As my friend, Ed Walsh, so ellgently puts it in his blog, “Instead of creating a siloed, single purpose IT infrastructure for Hadoop which requires large data sets to be copied to these environment we are enabling customers to rapidly deploy Hadoop analysis with immediate access to existing data repositories.”. Apart from multi-protocol support, Isilon is able to support most critical ODCA requirements on data protection, high availability, and compliance.

I hope that I was able to provide a different perspective on the use of starter kit for Hadoop. But then,  given the popularity of the paper (which has 2000+ views already), you probably didn’t need much convincing. In summary, Hadoop is hard, but Hadoop Starter Kit makes it easy. Give it a test run and make your Hadoop journey a productive one.

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

Related articles

Automation for Dr. Vogels cloud vision (continued)

15 Tuesday Oct 2013

Posted by in Implementation framework

Leave a Comment

Tags

, , , ,

Picking up from where we last left off,  I will now analyze the rest of Dr. Vogels commandments and their impact on automation.

controllable

Controllable Cloud

The control of the cloud, according to Dr Vogels, comes from the business rules. The business rule(s) are defined as the rules set by the business, not IT, and are closely tied to business SLAs. Such business driven rules should be driving the system as the rest of the applications and processes must be automated. VMW vCloud Automation Center (vCaC), one that sets policy and governance rules, is an example of such cloud based setting of business rules. vCaC also helps in automated service delivery and application deployment.  The automation of service delivery and configuration management allows for  (making possible or creating, this is poor word choice) frameworks like Puppet and Chef.

Biz Rule

Resilient Cloud

Dr. Vogels was explicit when discussing what makes a Resilient Cloud. His first recommendation was that security needs to be fine grained. Fine grained is defined by not just limiting to parameters with firewalls and threat management, but by building security resiliency in the services and service management itself. Down the road I will be covering Security as a vector of Solutionization separately.

His second recommendation was regarding having an extremely fast and flexible DevOps. He talked about how AWS makes a release every eleven seconds and how it is able to make modular releases without impacting other modules or blocks. Apart from having an effective DevOps model, it also highlights effective abstractions / APIs that we covered under Adaptive Cloud. He described an effective abstraction as being one where you are able to release bug fixes / patches / releases without impacting other abstractions.

Res cloud

Data Driven Cloud

By being data driven, Dr. Vogels meant a completed instrumented cloud for monitoring. In his words, “Applications need to be instrumented so that they report constant metrics as they run.” That information can be relayed back into a business management system that monitors whether users (which includes customers) are being served (according to SLA). The well-placed reporting function “is the canary in the coal mine” warns of imminent system slowdown, like when some service or component in an application starts to show signs of stress.

I will also extend the definition of data driven cloud to mean that the system is doing analytics on the data for SLA or other breaches and is able to do automated mediation in accordance with the business rules. An example in the context of VMWare is the vCloud Operations manager, vOps provides constant monitoring and analytics for automated performance, capacity, and configuration management. It also provides real-time performance dashboards that let you manage SLAs by alerting you to performance issues and capacity shortfalls before they affect end users.

data driven

Have I provided the automation recipe for Dr. Vogels commandments? I will let you be the judge and as always eager to hear feedback. Let me summarize the best practices to conclude.

Dr. Vogels’ commandments                        Automation best practices

Adaptive Cloud                                                 Standardized API driven integration and automations

Controllable Cloud                                           Business rules driven automation

Resilient Cloud                                                  Fine grained security; Efficient DevOps

Data driven Cloud                                            Constant monitoring & logging;                                                                                   automated alerts and mediation

How to automate Dr. Vogels’ Cloud Vision

01 Tuesday Oct 2013

Posted by in Implementation framework

3 Comments

Tags

, , , , ,

I don’t believe I have to justify automation as a key vector of solutionization. The heart of the discussion is ‘how’ to automate to drive lasting business value and affinity towards SLA. I will take Cloud computing as an example, again, to elaborate on the best practices for solution automation.

The two clear leaders of Automation in cloud computing are VMWare, for private cloud, and Amazon Web Services, for public cloud. I could have used either one of them to define automation as they both exemplify their respective domain, but some may call foul if I picked VMW early, given my proximity. I will cover VMW at length in later blogs, but for now I will use Amazon Web Services (AWS) as a means to define automation in this blog. And who is better able to describe AWS than the visionary CTO of Amazon.Com – Dr. Werner Vogels. I will use excerpts from one of his keynotes to pick nuggets of information on Automation best practices. By the way, if you haven’t already heard the keynote at AWS re: Invent ’12, I highly recommend that you do so if you are in the cloud business.

Dr. Vogels starts the keynote claiming that he is describing commandments for 21st century Cloud Architecture. Frankly, he could have easily called it a talk on Software Defined Data Center, with striking similarities to VMWare concepts and architecture. He described that Amazon turned off all physical servers by 2011 and turned everything into programmable software resources. In doing so, Amazon moved from hardware based constraints to software based fungible, scalable, programmable resources. But what’s this got to do with Automation and Solutions? The embedded message for automation is that the solution needs to behave as if the hardware is unconstrained. This abstraction was the foundation for unprecedented automation that followed in Amazon. By the way – the same is true for VMW and many more case studies where proper abstractions led to big automations and subsequent efficiencies and productivity.

Let me peel Dr. Vogel’s commandments on their implication to Automation. In this blog I will expand on one of the commandments – Adaptive.

commandments

Adaptive Cloud:

Adaptability is about “decomposing into small, loosely coupled, stateless building blocks” that can be modified independently without disrupting other blocks. This is possible through proper abstractions connected via REST APIs. In doing so, one simplifies the landscape and makes aggressive automation possible within the abstractions. This also leads to structured integration between services through the REST APIs. Successful examples of these are in VMWare and Amazon, with their immensely popular APIs generating a massive ecosystem for integration.

Software defined networking (SDN) is a great example here as SDN abstracts the components of a network into a “control” plane and “data” plane to enable more automated, adaptive networks. This abstraction is enabled through OpenFlow APIs.  SDN controller can analyze data from the various nodes in a network and automatically change the behavior of a network to improve performance or security. For some interesting insights on Solutionization of network, please read my blog on VMWare NSX (VMW/Nicira’s Software defined network).

None of this is new; all I am trying to do is emphasize that abstraction, with proper APIs, leads to automation – which leads to enabling Dr. Vogels vision of Adaptive Cloud.

PW data 092713.JPG

A symptom of this phenomenon is the rising number of APIs, as tracked on ProgrammableWeb. The very existence of this site and 10,000+ reported APIs as of 11AM 9/27/13, implies the importance the industry is giving to this phenomenon. Unfortunately, there is a dark side to it, and that is the rise of API sprawl. Consistency, if not standardization, of APIs are obviously desired as it leads to the reuse of automation and integration. Regrettably, individual interests come in the way. Take a recent debate on the use of AWS API in OpenStack as an example. “Should OpenStack develop its own API or use existing and popular AWS API” is the question. Randy Bias, from CloudScaling, wrote an open letter to the OpenStack community to adopt AWS APIs, instead of building its own. I am with Randy’s recommendation, but for a different reason. Instead, I believe it is to drive consistency of abstraction for reusable solution automation. Perhaps Open Data Center Alliance can help in controlling the API sprawl, with the voice of the end user.

In summary – The recommendation is to use automated solutions with consistent Abstractions & APIs. By consistent I mean industry accepted, either through standard body or market popularity, like VMW and AWS. That will bring you closest to Dr Vogels’s vision of Adaptive Cloud, while promoting the right industry behavior.

auto adaptive

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

Key vectors of Solution – SLA (continued)

23 Monday Sep 2013

Posted by in Implementation framework

Leave a Comment

Tags

, , ,

In the previous blog, I wrote about the importance, and a method, of defining SLA metrics. Standardized SLA metrics, which will come from organizations like Open Data Center Alliance, will prove far more productive in leveling the playing field and driving the right industry behaviors for solutions. It will provide consumers with a true ‘apples to apples’ comparison of solutions, as opposed to interpreting the semantics of each vendor or provider.

Once the metrics have been defined and validated, they need to be followed by measures and instrumentations to achieve SLA results consistently in production and at scale. Here is how I would lay out the definition and instrumentation of SLA in the Solution development life cycle.

SLA

After picking the SLA metrics in the Definition phase, you will proceed to the Integration phase of assembling and measuring SLA. How you measure the Service Elements of the SLA is another confusing subject because it is in need of standardization, just like the definition of the SLA metrics discussed in last blog. Some Service Elements may be relatively straightforward; others could be open to wide interpretations. For example, RCO or Recovery Consistency Objective is a critical element for Availability, but how it is measured is highly subjective.

ODCA does not go in depth of defining the process of the standard measures for each SLA service elements, but the usage model Standard Unit of Measure does reference the right practice. Until a standard reference model is agreed, it is advised to use the best known standard measures where possible. When it comes to Security SLA there is some good news. There are defined controls available, from organizations like CSA (Cloud Security Alliance), which can be used. We will cover security controls later under the Security vector of Solutionization.

After we have defined and found ways to measure the SLA service elements, we have to instrument the solution in production and to scale, to deliver the results consistently. Vendors and Service Providers will need to do this as part of standard product / technology development. Some large end users will go as far as to attempt such instrumentation, specifically for open source software, but most IT should shy away from it and instead demand Solutions that come shrink wrapped with such instrumentation.

Let us trace back our steps for a bit to see where we are. We have defined SLA, ideally copied or enhanced from an industry accepted metrics. Then we picked the standard ways to measure SLA. This brings us to the question: how do we validate that the Solution will meet SLA in production and at scale? This validation is performed through Reference Architectures. Vendors or Providers must produce Reference Architectures that validate Solutions that meet standardized SLA. Such validation could be first done in a controlled environment but later must evolve to cover real life scalable production environment. A common issue I see in reference architectures is that they only cover the deployment aspect, leaving the end users wondering what SLAs such deployments would deliver. To ensure effective solution, it is imperative that SLAs are proven in reference architectures. A good solution is what delivers SLA consistently, and if it does not I would say it is just a cool piece of technology not quite ready for prime time.

EMC® VSPEX™ is the closest to what I would like to see in reference architecture. Here is why: (I use EMC VSPEX Private Cloud as an example below.)

  1. It validates on a broad and realistic cloud environment: spanning network, storage, compute, security making it close to a real life production environment.
  2. There is a reference architecture that covers 100 VMs and another goes 500+ VMs. Therefore it scales.
  3. It specifies the business needs covered in the document. In the Private Cloud example, it specifies covering reliability, flexibility, and scalability of reference design. Shows tie to SLA, although in some cases I would have preferred it to be more specific.

I will conclude the blog with the summary of the vector of SLA in the picture below.

SLA RA

Consumers do not have to actually do these steps; all they need to do is ensure that vendors and providers are following these steps as to allow objective selection and effective deployment of solution. Imagine AWS, Rackspace and VMW Hybrid Cloud… all creating Reference Architectures off the same SLA metrics and using the same measurement methods…You may say that I’m a dreamer… but I’m not the only one…

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

Vector of Solutionization – SLA

16 Monday Sep 2013

Posted by in Implementation framework

1 Comment

Tags

, , , , , ,

Couple of blogs back I defined the three vectors of Solutionization as SLA, Automation, and Security. I will now go a little deeper into each of these three vectors, starting with SLA in this blog. Pardon me for going out of sequence in the last blog, but had to publish my thoughts on VMWorld before it became old news.

If I were to rate the vectors, Service Levels or SLA will be on the top of the list for me. Why? The underlying theme of the current wave of technologies is ‘Everything as a Service’. This is not just limited to the Service Providers but even Enterprise IT is starting to behave like a Service Provider. So, before we use or provide a Service from, say, a catalog of ‘Everything as a Service’, we need to be clear on what we expect from the Service. These expectations are clarified in an SLA; a formal / informal agreement between providers and consumers. Seems obvious? Not quite, as we will see later. You will be surprised by how the industry is struggling with the semantics between what is being asked by a consumer and what is being advertised and provided by the providers.

Let me explain this in the context of cloud computing off a publication from NIST’s Cloud Computing Roadmap. In this publication NIST describes top priority requirements for USG Cloud Computing technology adoption. The third requirement is the technical specification to enable development of high quality Service Level Agreements. Here is a quote off the paper on the need for such specification. “Cloud SLAs represent a negotiated service contract between two parties that specifies, in measurable terms, what cloud service will be provided to the customer. This requirement must be met to ensure that: a) key elements required for cloud services (warranties, guarantees, performance metrics, etc.) are not left out of the SLA and therefore rendered unenforceable, b) common terms and definitions are used within the SLAs to avoid costly misunderstandings between parties, and c) to create an environment which allows agencies to objectively compare competing services.”

The paper then goes on to illustrate an example of SLA discrepancy that puts consumers at tremendous risk. Take for example that practically every cloud provider addresses the term reliability, but how it is defined, measured, and guaranteed differs widely. Consumers are faced with evaluating different SLAs with cloud providers defining reliability using different terms, covering different resources, covering different time periods, and using different guarantees. This puts the burden on consumers to rationalize and normalize the SLA terms, leading to confusion and risk.

Expand the NIST publication to the industry at large and the problem becomes much more compounded. Hopefully I have impressed upon you on how difficult the issue of defining SLA for solutions is. It is not something an individual consumer or provider can resolve. Key to the resolution is adopting an industry normalized definition of SLA, or at a minimum using it as a starting point.

Fortunately one community, Open Data Center Alliance, has worked on resolving this very issue. They have come up with an SLA framework for Compute Infrastructure as a Service and plan to expand the framework across many other aspects. I highly encourage you to look at their framework and use it as a starting point for your SLA definition. Not only will it help you to get started quickly, but you also help the industry to get to a common semantic for SLA.

SLA template

Shown above is an illustrative snapshot of SLA from ODCA compute Infrastructure as a Service usage model. The example shows Service Attribute SLA, say Recoverability; then elaborates the Service Attribute into Service Elements, like RTO / RCO; then categorizes the requirements into standardized tiers from Bronze…Platinum. Bronze would mean a Basic SLA expectation, all the way to Platinum requiring military class of SLA, in that continuum. The benefit of picking a normalized SLA model, like ODCA, will be that you can facilitate an apple to apple comparison between solutions and/or providers, including solutions from your own internal IT. You can add your own specific requirements to the ODCA framework as needed. It may be more productive to communicate your specific need back to ODCA for adoption to the common framework.

As always, I am eager to hear your inputs and opinion on the use of standardized metrics for SLA.

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

State of the solution from VMWorld 2013

05 Thursday Sep 2013

Posted by in Industry solutions

1 Comment

VMWorld has traditionally been a blend of technology and solutions, but invariably technology buzz was in the forefront. This year solutions may have stolen the show. Even the new product announcements had strong solution blend to them. Some analysts may not have seen the tech glam of the past, but an end user and consumer ought to have come out pleased with the wide display of solutions all around. Let me explain this with the biggest announcement of the event – VMW NSX.

I have defined in my previous blogs that a technology becomes more usable by investing in the three vectors of Solutionization – SLA, Security, & Automation. Nicira NVP’s (pre VMW NSX) network agent can be installed on ESX vSwitch even today. Therefore, it begs the question: what is different in the NSX announcement? Of course there is a technology aspect of it in that NSX replaces VMW’s vSwitch and vSphere Distributed Switch (VDS). But that was expected and that news in itself, one can say, did not defy convention. The key here is the automation and security this integration brings to the cloud and data center.

I attended a session hosted by Gargi Keeling, VMW Group Product Manager, on cloud service automation with NSX and vCloud. The session was an eye opener for me as it gave a preview of the solution implications of the integration. NSX / vCenter integration provides the opportunity to automate both network and server together. When a cloud deploys vCloud, then integration with the Network controller becomes possible at an aggregate level. This opens up many automation opportunities, a few are listed below.

vcd nsx

With the integration, a network engineer could be fully informed of the servers and applications that are connected to any part of the network. VMware NSX provides visibility into the network adapter in the hypervisor, and knows the server name and OS. When using VMware vCloud it’s also possible to identify which segment of the network the servers belong to.

Repeatable network configurations can be setup as templates, which would allow people the point and click provision from an approved template. Policies can be set and enforced across multiple levels, from users to groups to all the way down to infrastructure (compute and network).

Policy automation

Security benefits are also very intrinsically tied to automation and policy enforcement. For example, a key benefit of an overlay network, like NSX, is to provide stronger segment isolation between two logical networks. This is a critical in many use cases, like financial industries, where you may need to isolate data between two organizations for compliance. Or, if you are a service provider, needing client isolation within a public cloud. Isolation does not have to be restricted to organizations, but could go deeper into splitting and isolating an application into Web, App, Database network tiers.

Flat network

But again, some of it we could do it today with vLAN and Nicira’s current product NVP. The difference with NSX integration is that you can automate, monitor, and enforce the isolation through a common policy engine.

To add to the automation, NSX will make security more granular. It will be able provision a firewall to each and every VM with the configuration derived from NSX Controller and policy derived from vCloud. Expand the logic to any security service in the future. And why stop at vCloud? I am sure VMW and Open Source community plan to build similar integration and automation solution with OpenStack, Cinder & Neutron.

I hope you can see how compelling this solution is getting. Circling back to the key point of the blog – NSX announcement is a big shout out for Solution that we all should be excited about. I am inclined to read VMWorld 2013 theme as ‘Defy Convention’ ‘with solutions’. Look for more solutions to substantiate the theme in the next blog.

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

Key vectors of Solutionization

04 Wednesday Sep 2013

Posted by in Implementation framework

3 Comments

In my previous blogs, I introduced Solutionization as a new IT discipline. If you missed it, here is a quick catch up. The discipline of transforming a technology into a solution is Solutionization (Introduction to Solutionization). The lifecycle of Solutionization comprises of four phases: definition, integration, adoption, and scale (Solutionization defined). It is best to be deliberate about Solutionization by following the four phases as a structured discipline because leaving it to chance may result in costly delays in adoption and lack of confidence in the technology.

The last step in this process is to define the vectors of Solutionization. Vectors are the focus areas that we take through the lifecycle in order to make usable solutions. Taking these vectors through the four phases of Solutionization is the key to transforming a technology to solution and helps increase your rate adoption of the technology.

These three vectors, in my opinion, are SLA, Automation, and Security. Before we debate the rationale, let’s do a quick high semantic level set on these.

Vectors of Solutionization

My reference to SLA, Service Level Agreement, as a solution vector refers to the definition and instrumentation of SLA in a solution, such that a solution consistently meets the desired SLA. By automation I mean automating the lifecycle of solution deployment, usage, integration, and scale. It is important to highlight the inclusion of integration here, as integration gets unwieldy at scale without automation. Some may claim integration and automation as two separate topics topic, but I see the automation of integration as a bigger issue. Security includes instrumentation and automation of security, compliance, and trust as required by the Service Level Agreement. Granted security feels redundant with SLA & Automation, but it deserves a seat given the exposure and attention.

Now let us address the question: Are these three the right vectors? I will be upfront that I initially came up with these three out of my own experience. These three, to me, represented the most critical factors impacting new technology adoption, from a solution point of view. There are other factors, not tied to solution, example: cost/pricing, business case, product features… We will focus on solution related factors only for the purpose of this blog.

After my first intuitive selection, I did go through a rationalization process and still came out strong for the same three vectors. I am open to debate but let me take you through couple of data points that I looked at on Cloud computing. The first survey I looked at was from North Bridge ‘Future of Cloud Computing’, done in partnership with GigaOM. It charts Cloud drivers and inhibitors for today and the future. I would highly recommend a complete read of the survey for cloud enthusiast.

Survey1

Looking at the NOW landscape from the picture, the drivers of Agility, Scalability, and TCO are covered by Automation vector; the inhibitors Reliability is addressed by SLA vector; and the Security and Compliance through Security vector. We will leave the FUTURE quadrants in the picture, for later discussion.

Let’s dissect another survey done by KPMG (KPMG International’s 2012 Global cloud providers survey) that looks at the biggest cloud challenges. It is another great output to read. The boxes highlighted in the picture below show strong correlation to Solutionization vectors, again supporting my case for the three vectors. There are other important challenges in the survey, but they are not relevant to solution discussion. Survey specifically highlights importance of SLA over time. Here is an excerpt from the survey on SLA “As cloud adoption increases, customers are seeking greater reassurance over cost-effectiveness and security. Consequently the proportion of providers with service level commitments in their cloud offerings is expected to rise from 59 percent today to 68 percent within 3 years.”

KPMG

Hopefully, I have convinced you that I have picked the correct vectors to Solutionization. They show a strong correlation to industry drivers / challenges for cloud computing. As always, I am eager to hear your inputs on what’s on top of your Solution focus areas. Look for more details on the three vectors in the future blogs.

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

Solutionization defined

27 Tuesday Aug 2013

Posted by in Overview

1 Comment

Tags

, , ,

In my last blog we introduced the term Solutionization as the discipline of transforming a technology into solution. Before going any deeper, let’s first make sure we all understand what a solution is. A solution is a set of tools and technologies that collectively addresses a problem, which, in this context, is an IT problem. One can say that a technology should also be geared towards conceptually solving a problem, but IT problems that a solution needs to address are a lot more specific. A successful technology has to be adequately instrumented and integrated with a slew of other technologies to solve a real life IT problem.

A simple example is Hadoop, an excellent technology framework for gathering unstructured data. To solve an analytics problem of deciphering marketing trends, such as those from Tweets, will require a lot more integration of Hadoop with Twitter Firehose and Enterprise structured data than we would like to believe in order for it to be meaningful. And, if it is mining sensitive data, we will need integration with security tools as well. So I would say that technology is for show but a Solution is for dough.

Technology = Hadoop to size

Solution = Hadoop to size + Data Integration (Example:v65oai7fxn47qv9nectx_bigger) + Security (Example:th) + …

Let’s also bring Product in the mix. A product could be either close to a Technology or be closer to a Solution; it just depends on the business model and packaging of the IT vendor or Provider. Intel CPU, for example, imost would see as a technology; whereas VCE’s vBlock is closer to a solution. A CPU may be a technology, but Intel and ecosystem provide a slew of reference architectures for the technology to be useful and effective. A vBlock, may be closer to a Solution, but may still need to be instrumented based on your context or the problem you are trying to address with it.

In short, a Solution should be able to a) Solve a problem and b) Have adequate instrumentation to be practical in real life deployment.

Now that we have built the case for Solutionization, let’s go deeper into what it entails. I will broadly classify Solutionization going through four phases of life cycle (shown below).

four stages

These phases are rather self-explanatory and you may adapt them to your context, but the emphasis is the need for following these phases as structured discipline. I recommend it for both the IT consumer and the technology provider, specifically when comprehending new technologies. Mature technologies would have played these phases out over time, but don’t assume that for newer ones. When in doubt, default to including the process. Worst case: it will be an easy checklist if adequate solutions exist.

To structure these phases, you will need to define the deliverables in each and measure those deliverables in the form of exit criteria. There is no need to have a separate Gate for Solutionization; you could embed these in your existing program management methodology. Here are a few representative examples of deliverables you would assign to each phase.

Definition: Usage models & Proof points to establish value proposition

Integration: Reference Architectures to establish integration and automation

Adoption & Scale: Reference deployments, case studies, # of scoped and scale deployments.

Which brings us to the question “who does the work needed for Solutionization?” It’s a value chain of players incrementally building the solution till it reaches the final IT consumer. Each player down the chain enhances the solution as the scope broadens; context becomes more specific, and solutions become more targeted and integrated. For an IT consumer the deployment becomes easier if the players up the food chain have done their job in Solutionization. However, don’t assume it; plan for Solutionization phases and outputs, demand credible Reference Architectures from vendors & providers upstream.

It is important to allow time during Solutionization not only to enhance and validate the solution, but to comprehend learning from the previous phase. Solutionization can take multiple generations of product releases as each phase could translate into release or releases to comprehend the learning from previous phases. This is a salient point to internalize in terms of product and deployment resources and timelines. Do not underestimate the time required for Solutionization.

That wraps up this blog. Hopefully the concept and life cycle of Solutionization resonated with you. In the subsequent blogs I will get into the specific areas and vectors of Solutionization and then take up some interesting use cases to drill down. In the meantime chime in with your inputs and experiences on the latest verb in IT – Solutionization.

Nikhil

http://SolutionizeIT.com/

Twitter: @NikhilS2000

Follow

Get every new post delivered to your Inbox.