Whitepaper Delivering Complex Enterprise Applications via Hybrid Clouds As enterprises and industries shake off the effects of the last recession, the focus of IT organizations has shifted from one marked by a constant pressure to reduce costs to one focused on increasing enterprise value through greater innovation, agility and competitiveness. As a result of this shift, enterprises are rapidly embracing cloud computing as a means to achieve these goals. For enterprises, though, getting the most out of the cloud requires more than just swiping a credit card to order some virtual machines. Why Hybrid Cloud? As organizations consider the ideal platform for each workload in their portfolio, it becomes apparent that in the near term, neither an approach exclusively focused on the public cloud, nor one exclusively private cloud focused, will allow them to achieve the agility they desire while meeting the security, governance and risk management requirements of business. Rather, in order to achieve desired agility levels across the business and application portfolio, enterprises must create hybrid cloud environments. Simply put, a hybrid cloud is: An environment that unites infrastructure from disparate public and private cloud computing environments under a common set of management tools, systems and processes. The benefits of a hybrid cloud are many, and include: Greater agility and responsiveness By incorporating both on- and off-premises resources, hybrid clouds make the benefits of cloud computing, including the ability to provision infrastructure and applications ondemand, available across the enterprise s infrastructure landscape and developer community. This enables technology teams to innovate faster, independent of the environment in which their applications happen to be deployed today. Reduced Costs Hybrid cloud allows each workload to be deployed in the most appropriate and leastcost environment considering a variety of factors including production level, performance and availability requirements, priority and utilization. Enhanced Availability Because it integrates disparate environments and facilitates workload mobility between them, hybrid clouds allow enterprises to provide rich, bidirectional disaster recovery schemes at a fraction of the cost of traditional site recovery services. Hybrid Cloud Requirements for the Enterprise While hybrid clouds offer the enterprise many compelling benefits, they present a number of unique challenges to the IT organization. These challenges correspond to a set of requirements that any enterprise hybrid cloud strategy should take into account:
HYBRID CLOUD P. 2 Security & Governance In order to protect the integrity of systems in a hybrid cloud environment, enterprises need to be able to ensure: Identity and Trust Trust is the mechanism by which the various participants in the hybrid cloud, including users and infrastructure, establish that they are who and what they say they are, and is the cornerstone of any hybrid cloud strategy. Trust in the hybrid cloud starts with unified identity and access to resources, ensuring that only trusted users can access the cloud s resources. This is provided by technologies such as single sign-on and two-factor authentication. Beyond user identity, technologies like Intel Trusted Execution Technology (TXT) and geofencing can ensure that enterprise workloads only run on trusted, uncompromised infrastructure. Continuous Monitoring and Compliance The ability to verify and monitor the state of your hybrid cloud at all times is foundational to ensuring its security. Administrators and security officers should have access to a single-pane-of-glass dashboard that collects, aggregates, and correlates security information from across the hybrid sites and prioritizes remediation opportunities as they present themselves. All auditable events should be logged, and administrators should be able to set alarms and alerts on a variety of securityrelated conditions. Monitoring of all infrastructure components should be done on a continuous basis, and any deviation from the assumed state of each resource should be logged and flagged for remediation. Privacy Encryption can ensure the confidentiality and integrity of data throughout the hybrid cloud, and should be used to secure data both at rest and in motion. Encryption in the hybrid cloud should be based on technologies that comply with government standards and accreditation programs such as FIPS. Support for external key management is desired for its ability to give the enterprise ultimate control over the keys which govern access to its data in the cloud. Control Controls that enforce the enterprise s security and compliance policies must be implemented across the hybrid cloud and its infrastructure. Granular rolebased authorization provides for a strict separation of administrative responsibilities and minimizes the risk posed by internal threats. Authorization policies must be synchronized and consistently verified across sites and providers. Virtual firewalls and other network controls must be in place to protect the enterprise hybrid cloud from network-layer attacks. Distributed firewalls enable greater levels of monitoring and control and thus enhance trust and compliance. Application Management The public and private clouds that make up a hybrid cloud will undoubtedly offer the ability to provision infrastructure on demand. However, to successfully deliver the application scenarios presented in the previous section requires more than infrastructure provisioning alone. Rather, these scenarios depend on the ability to reliably deploy and maintain applications and complex enterprise systems across disparate clouds and infrastructures. To this end, a comprehensive enterprise hybrid cloud strategy must consider how it will manage applications in a way that is: Repeatable Whether deploying a new application server to scale out a web site or replicating a database instance for disaster recovery purposes, repeatability is key to operating a hybrid cloud successfully. To ensure repeatability in the face of complex applications, the hybrid cloud needs an application management tool that supports the use of common templates and patterns (blueprints) to define a set of instructions for deploying a given application or system, and can use these patterns to deploy applications across vendors, sites and infrastructure in a highly repeatable manner. Robust Once deployed, the application management system should track the desired configuration of cloud-based systems against the current state of those systems to detect any drift or deployment errors that have occurred. Operators should be alerted in the case of errors and the system should facilitate remediation. Autonomic or self-healing capabilities can be employed to resolve issues identified by continuous monitoring and compliance management systems. Automated The system should coordinate all aspects of requested deployments, from infrastructure provisioning to application deployment and configuration. It should employ policy-based automation to take action in the case of operatorconfigured events, such as scaling up in the event of a traffic spike. Open The application management system should be open and easily extensible to ensure its broad applicability across various applications, systems and use cases. The system should provide a library of pre-existing blueprints, make it easy to extend existing blueprints, and make it possible to share user-created blueprints.
HYBRID CLOUD P. 3 Landscape Management If application management is like a tool for allowing you to more easily manage your vehicles, landscape management is a tool for allowing you to manage your entire fleet. Landscape management tools are a requirement for getting the most out of hybrid cloud because administration of a complex enterprise application portfolio with multiple promotion levels and functional components is difficult enough when all systems are running on a uniform infrastructure. When these systems are running across disparate cloud environments, complexity can grow significantly. At their most basic, hybrid cloud landscape management tools must provide a facility for managing the cloud s various sites and infrastructure via a single pane of glass interface or console. In addition, landscape management tools should help users: Clone applications and data within a promotion level, for example to copy a system within the development environment to begin a new development effort. Common administrative tasks such as copying or snapshotting related or interdependent components of systems should be readily made accessible via administrative portals for self-service access. Promote changes (change management) and data across network boundaries, for example to promote a system currently in development to a test or staging environment, and later to production after it has been validated. Administer and maintain the entire landscape, for example when updates need to be applied to production systems, but must first be applied to systems in development, and then pushed to the test environment once the updates have been integrated in, and ultimately pushed to production. Landscape management also helps ensure that the same best practices for deployment, monitoring and application management are employed across the entire promotion landscape and application portfolio. High Availability and Disaster Recovery Tools to enable high availability and disaster recovery for the hybrid must be: Integrated Tools must be able to take advantage of existing (incumbent) application and landscape management capabilities in order to ensure the consistent and repeatable deployment of applications and services in a disaster scenario. Omnidirectional In a mature hybrid cloud, some systems will be primarily hosted in the private cloud, while others will be primarily public cloud based. In order to fully support the range of hybrid cloud HA/DR scenarios, the tool should provide the ability to failover any infrastructure to any other. Policy-based Operators must have the ability to specify multiple HA/DR recovery sites based on the application requirements. By offering the ability to specify these requirements as policies, the HA/DR tool will be able to choose appropriate infrastructure upon which to recover the application, even if the available infrastructure choices change over time or change in capability. Policies should consider security and governance features of the infrastructures, as well as performance-related metrics such as latency, availability, and storage, network, and compute performance. Enterprise Applications and the Hybrid Cloud When fulfilled, the requirements outlined above enable several compelling hybrid cloud use case scenarios. Indeed, each of these has become popular among early adopters. These are not the only possible scenarios for hybrid cloud, but are among the most popular. Enterprises beginning down the path of developing a hybrid cloud strategy can start with these use cases and adapt them as needed to meet their own unique needs. Cloud Bursting The notion of hybrid cloud was initially popularized around the idea of cloud bursting. Cloud bursting describes a hybrid cloud scenario in which applications are entirely or primarily run using on-premises infrastructure during normal operations, but have the ability to burst out to a cloud environment when needed. In order to support high availability and disaster recovery (HA/DR) use cases, enterprises need tools that allow them to intelligently manage the process of failing over applications and systems to alternate sites within the hybrid cloud.
HYBRID CLOUD P. 4 Cloud bursting is useful in the case of applications with seasonal or spiky demand patterns, such as e-commerce or social media applications, financial reporting and period-end closing, and big data analytical applications. However, in order to enable cloud bursting, the application must be architected to support it, or specialized application-aware infrastructure must be used. For appropriate applications, cloud bursting allows enterprises to optimize their use of on-premises and cloud resources by allowing them to buy for the base and rent for the peak. In other words, they can use lessexpensive owned resources to support their typical traffic levels, and more expensive cloud-based resources to support peaks or spikes in demand. Functional or Promotion Level Off-Loading Complex enterprise applications like SAP consist of numerous functional components, such as CRM, Business Warehouse, and Financials. Surrounding each of these components is an ecosystem of applications and integration components, each evolving through a unique application development lifecycle. Many enterprises choose to off-load non-production landscapes such as development or test or less-critical functional applications, to the cloud, allowing them to take advantage of greater agility and lower operating costs it offers, while helping them optimize the utilization of their own data center assets. One important trend that hybrid cloud facilitates is the shift towards continuous delivery and data-driven experimentation. The ability to support the rapid promotion of application functionality from development to test to production on disposable infrastructure allows enterprises to innovate more rapidly by iterating more rapidly through the hypothesize-test-assess loop. High Availability and Disaster Recovery Because cloud computing allows for the creation of new infrastructure and computing environments on-demand, it has become a popular option for enterprises seeking to back up mission-critical on-premises systems. Using a hybrid cloud for disaster recovery and high availability allows enterprises to eliminate downtime and the associated lost productivity, missed revenues, and other penalties, and do so at a significant cost savings to traditional site and application recovery services. Because of their flexibility, hybrid clouds can support a number of HA/DR scenarios that traditional disaster recovery architectures cannot, including the ability to backup data to the cloud and launch instances of the remote system for read-only reporting and analysis purposes as needed, thus reducing the impact of reporting on the primary system. Virtustream and the Enterprise Hybrid Cloud As a leading provider of enterprise-grade cloud computing software and services, Virtustream offers a comprehensive solution for hybrid cloud computing that meets the needs of enterprises running large and complex applications, including SAP, Oracle and other legacy systems. The Virtustream solution for hybrid cloud computing includes: The Virtustream Enterprise-Class Cloud Virtustream s enterprise-grade infrastructure-as-a-service (IaaS) offers the reliability, security, compliance, and performance of a dedicated private cloud, combined with the flexibility, scalability and economics of a multi-tenant public cloud. xstream Cloud Management Software The same software platform that powers Virtustream s own cloud is available as an integrated solution that enables cloud-based deployment of existing mission-critical production applications, with predictable performance characteristics, and with the highest levels of enterprise and government security and compliance. xstream can be deployed to existing data centers, taking advantage of existing investments in virtualization and IT to provide enterprise class public, private or hybrid clouds. xstream allows enterprise IT organizations to migrate and run existing applications, including production SAP, SAP HANA, Oracle, Microsoft, and custom applications in public, private or hybrid cloud environments.
HYBRID CLOUD P. 5 Virtustream Viewtrust Viewtrust is a comprehensive enterprise risk management solution that ties together point security technologies, such as asset management systems, configuration management tools, vulnerability scanners, security information event management (SIEM) systems, as well as governance, risk and compliance (GRC) tools to provide an integrated view of the compliance and security across the hybrid cloud at every moment in time. Application Director A module within the xstream platform, Virtustream Application Director allows enterprises to easily manage complex third-party application stacks and landscapes in a hybrid cloud environment. Application Director uses the open source Apache Brooklyn framework to provide blueprint-based deployment of complex applications and systems across multi-cloud landscapes. Advanced Cloud Federation Technology xstream s advanced federation technology provides granular, policy-based control over the distribution of application workloads running on any public or private cloud. Policies take into account application SLAs as well as performance, security, and governance characteristics of available infrastructure. These elements work in concert with one another to enable an integrated experience that delivers the security and governance, application and landscape management, and HA/DR features that enterprises need to make hybrid cloud a practical reality. Putting the Hybrid in Hybrid Cloud Today s enterprise IT organization is investing heavily in technologies and processes that help increase speed and agility and thus drive innovation and competitiveness. At the same time, the nature of enterprise systems demands that enterprise IT continues to deliver high levels of reliability, security, and governance for many systems and applications. Hybrid cloud has emerged as an approach that allows the enterprise to achieve high levels of agility without sacrificing enterprise quality-of-service requirements. By providing an integrated operational and user experience that gives enterprises the ability to choose between public and private cloud computing environments on a workload-byworkload basis, and to integrate public and private clouds to support new use cases, hybrid clouds allow enterprises to maximize benefits such as speed and agility, reliability, utilization, efficiency, and capacity while minimizing cost. In order to deliver a true hybrid cloud, enterprises must consider how they will integrate disparate infrastructures while providing a unified developer and operator experience to users. They must determine how to provide a common approach to meeting the security, governance, and administrative challenges that such an environment presents. And they must ensure that even complex multivendor, multi-site environments can be easily monitored and managed via a single interface, and that consolidated billing and chargeback is available to business units. Virtustream s extensive experience running missioncritical applications like SAP in a hybrid cloud environment has put it in a unique position to help enterprises develop their own hybrid cloud environments. The company s portfolio including its Enterprise-Class Cloud, xstream cloud management software, Viewtrust enterprise risk management software, and more offers enterprises a complete solution for delivering enterprisegrade hybrid clouds that are at once extremely flexible, highly secure, and easily governed and managed. For more information on Virtustream products and services, please visit our website at www.virtustream.com. or e-mail us at info@virtustream.com About Virtustream Virtustream, a Dell Technologies Business, is the enterprise-class cloud service and software provider trusted by enterprises worldwide to migrate and run their mission-critical applications in the cloud. For enterprises, service providers and government agencies, Virtustream s xstream management platform and Infrastructure-as-a-Service (IaaS) meets the security, compliance, performance, efficiency and consumption-based billing requirements of complex production applications in the cloud whether private, public or hybrid.