cloud computing (week5)

Content from:

Primary Textbook: Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.

Secondary Textbook: Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.

1

Learning Objectives

Discuss components often found within a service-level agreement (SLA).

Define and discuss vendor lock-in and specify steps a manager should take to reduce this risk.

Discuss a manager’s potential use of audit logs to identify system bottlenecks and resource use.

List the specific aspects of the cloud deployment that a manager must oversee.

Cloud Management

By moving a solution to the cloud, IT managers shift a great deal of day-to-day management from their in-house department to the cloud-solution provider.

Service Level Agreement (SLA)

When you contract with a cloud-solution provider, part of your contract will contain a service-level agreement (SLA), which defines the levels of service the provider will meet.

SLA Components

System uptime, normally expressed as a percentage, such as 99.9%

Run-time monitoring capabilities and event notification

Billing policy for various types of resource use (e.g., CPUs, disk space, and databases)

Technical support operations (e.g., call-time delay and event response time)

Data-privacy policy

Multitenant systems and applications

Customer and provider roles and responsibilities

Backup policies and procedures

Resolution steps in case provider fails to meet the service levels

SLA Best Practices

Mapping Business Cases to SLAs

Consider cloud and on-premise SLAs as cloud based solutions often have higher level SLAs

Understand scope of SLA (application, infrastructure etc.)

Understand the scope of SLA monitoring – where it is performed and where calculated

Documents Guarantees at appropriate granularity

Defining penalties for non-compliance

Incorporate non-measurable requirements – security, location of data, etc.

Disclosure of compliance verification and management

Archiving of SLA data

Disclosing cross-Cloud dependencies

(Erl, 2014)

Real World: APICA Load Testing

A key responsibility of cloud managers is to monitor system performance.

Several sites in the cloud provide response-time-based cloud performance monitoring; others provide load testing, which measures how a site will perform during high user demand.

The Apica website, provides both types of testing, as well as cache-utilization assistance, which the company says will significantly improve a site’s responsiveness.

Ensure and Audit System Backups

Managers should consider different forms of backups.

A company may back up user files from on-site computers to disks that reside within the cloud.

Hopefully the company will never require these backups; but regardless, the company should periodically audit the backups, perhaps by checking that you can successfully restore randomly selected files of different users.

Real World: Distributed Management Task Force

The Distributed Management Task Force (DMTF) consists of hundreds of organizations and thousands of members who work to provide IT standards.

The DMTF provides standards and recommendations for managing the cloud and virtual solutions.

Cloud Backups

If the cloud provider stores some or all of your company data, you must understand the provider’s backup process (and include it in the SLA).

For governance purposes, you should know if the data is encrypted, who has access to it, and if it is replicated to a remote facility. If it is backed up to another location, you must know where and how often.

Know Your System’s Data Flow

Managers should create a detailed process-flow diagram that shows the movement of company data throughout the cloud solution.

They should also identify within the dataflow various points for the placement of internal controls or auditing.

Real World: Embionics Cloud Virtualization and Management Tools

Embotics offers V-Commander, an off-the-shelf-product that offers life cycle solutions for managing private cloud deployments and optimizing the underlying virtual devices.

Embotics states that with its product an IT team can install the software and manage the cloud within one hour.

Vendor Lock-In

Relationships can go bad—even those with a cloud-solution provider.

The agreement you sign with a cloud provider should stipulate exit procedures in case the provider fails to meet the service levels or breaches any other aspect of the contract.

Vendor lock-in occurs when a provider does not support data export or when a provider’s service is unavailable through others. Thus, the customer is “locked in” to the relationship with the vendor.

Source-Code Escrow

Companies fail. Therefore, managers, should perform due diligence on a cloud solution provider before they enter into an agreement.

The manager may want to arrange a source code escrow agreement, which places a copy of the provider’s programming-language source code with a third-party escrow company.

If the solution provider fails, the company can acquire and deploy the source code, put it on its own system, and implement the provider’s solution.

Determine Technical Support and Help Desk Procedures

Depending on the solutions it places in the cloud, a company may have various help desk support requirements.

There may also be shared support responsibilities.

In all cases, an IT manager should ensure that the support specifics are defined within the SLA.

Determine Training Procedures

To be successful, large-scale cloud applications often require user training before, during, and after the integration.

For SaaS solutions, the cloud-service provider normally provides user training.

Depending on the application’s processing, the company may need to augment the training with in-house instruction.

The IT manager should stipulate the training responsibilities within the SLA.

Real World: Netuitive Predictive Analytics and Cloud Management

Predictive analytics tools perform statistical analysis to predict future behavior.

Netuitive integrates predictive analytics to provide IT managers with insights into how a solution will work under different conditions.

Netuitive software can monitor a group of integrated or stand-alone cloud-based solutions.

The software’s self-learning capabilities allow the software to identify demand trends and more.

Security Policies and Procedures

Many clients are apprehensive about storing their data in the cloud.

To reduce these concerns, IT managers should thoroughly understand the provider’s security plans, policies, and procedures.

Specifically, a manager should be aware of the provider’s multitenant use, e-commerce processing, employee screening, and encryption policy.

Security Policies and Procedures Continued

The manager should examine the provider’s use of firewalls, intrusion detection, and security mechanisms.

These security factors should be defined in the SLA.

Real World: New Relic Cloud-Performance Monitoring

When it comes to cloud-performance monitoring, most managers spend 80 percent of their time monitoring 20 percent of a solution’s code (Pareto Principle).

New Relic, provides monitoring software that will examine system performance to identify potential bottlenecks.

New Relic software supports most common programming languages and can be easily integrated into a site.

Real World: Strangeloop Site Optimization

Across the cloud, developers strive for web pages that load in two or three seconds or less.

There are a variety of site performance monitoring tools you can use to measure a site’s responsiveness. That’s the easy part. The hard part is making slow pages load faster.

Often, that requires a company to take steps such as eliminating or compressing graphics, compressing text, and improving cache utilization.

Strangeloop Continued

In the age of increasing bandwidth, many web managers may ask, “What’s the big deal about a one- to two-second delay?”

Research shows, however, that such delays are why customers log off of websites!

Strangeloop provides a site-optimizing solution that companies can easily deploy to improve their site’s performance.

Monitor Capacity Planning and Scaling Capabilities

For SaaS solutions, the cloud-solution provider will scale the site to match user demand.

An IT manager, however, must define in advance key response-time metrics the solution must provide and then include those measures within the SLA.

For PaaS and IaaS solutions, the IT manager must initially estimate the solution’s capacity plan, which defines the resources the solution will need to operate satisfactorily.

Capacity Planning and Scaling Continued

The IT manager should also estimate the site’s potential growth and define, with the help of the solution provider, the plan for scaling the site resources as well as the related costs.

Several sites within the cloud provide system-performance reports that managers can use to measure current performance and the potential system benefit from scaling specific resources.

Monitor Audit-Log Use

To identify potential system bottlenecks, detect errors within the system, and identify system-resource use, the IT manager may examine various system log files.

In a PaaS or IaaS solution, the manager can likely turn on the log file reporting that meets needs.

For an SaaS solution, the manager should discuss in advance with the cloud service provider the various available logs and the costs of running them, both in terms of dollars and performance.

Real World: Uptime Software

Too often, cloud-solution managers do not know that a system error has occurred until a user reports one.

With Uptime, IT managers can easily monitor a wide range of servers, and produce resource utilization reports.

Solution Testing and Validation

Just because a company provides a solution does not mean that the solution is error free.

An IT staff using a cloud-based solution must test the solution and periodically audit key processing to confirm that the application is providing correct results.

In particular, a cloud-service provider will often perform patch management and version updates. The IT staff should be aware of all system modifications and test accordingly.

References

Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.

Secondary:

Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.

27