Cloud computing is a form of rapidly provisioned outsourcing that offers users the ability to acquire computing resources on demand. It is a shift in the delivery of information technology services, where much of the technology is outsourced. It comes in three flavors: Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). This document focuses on the first, IaaS.
This technology area is only beginning to mature, and there are few if any commonalities across the cloud offerings. The current manifestations of IaaS make heavy use of virtualization technologies paired with web APIs. They offer rapid provisioning and deprovisioning of servers, flexible billing based on actual usage (using small-increment models based on usage per time unit, such as "cycles per hour"), and public and private clouds. Each offering is composed of different services, with differing API directions for automated interaction. To address this rapidly evolving landscape, IT Services should approach the cloud space cautiously and in a stepwise fashion to avoid over-commitment and possible lost development effort if the IaaS changes.
IT Services has made some early attempts at exploring IaaS (with both cloud computing and cloud storage). But the division is currently unprepared to fully leverage the cloud in a sustainable, cost-effective manner, primarily due to the compute cloud's immaturity and the shifting of vendor APIs, but also due to IT Services' internal inefficiencies around billing and CMS (commitment management system), which are being addressed by the Trio, CMDB (configuration management database), and Remedy projects (see pages on Ordering and Billing, Change Management, and Service Desk respectively).
Cloud computing promises a scalable and cost-effective outsourcing solution that is captivating the attention of clients on campus. While it it is unclear if IaaS will truly be cost-effective, secure, or scalable as promised, this new marketing strategy for virtualized outsourcing is appealing to departments. IT Services can provide a stepwise approach to the cloud by initially offering "Stanford-ready" server images with built-in campus integration. As campus cloud utilization matures, additional development can further integrate cloud images into IT Services' proven and effective infrastructure, including patching, monitoring, and the CMDB (configuration management database). IT Services' clients will leverage the cloud while still benefiting from the variety of mature services in the service catalog.
IT Services will use the following principles to determine cloud computing use and integrate it into the existing mature system management:
- Automation is already a driving principle behind the emergence of IaaS, yet while the vendors themselves use automation behind the scenes to build their products, many usage patterns for cloud computing involve manual interactions with the provisioning system. IT Services must avoid this pitfall and be sure to leverage the available APIs to create fully automated deployment strategies that integrate with our existing systems automation infrastructure. Integration with existing systems administration practices should be as seamless as possible. Furthermore, the use of IaaS should tightly integrate into IT Services' billing systems and be heavily monitored to avoid the accrual of unexpected charges that cannot be properly billed.
- With the current availability of IaaS, security is a concern. As such, IT Services should avoid deploying sensitive or restricted data systems in the cloud. As a new paradigm in computing, it is unclear where new attack vectors will emerge that threaten the integrity of systems and the data they hold. As with system administration, security for cloud OSs will be treated the same as for local OSs. Additional security efforts may be necessary for the cloud-based OSs based on empirical findings.
- Certain core principles are problematic when talking about IaaS because the technology is nascent. Best practices are forming, but these are practices revolving around unstable offerings. Open standards are in development, but recent research has shown that the lowest common denominator of vendor features makes an open standard API impossible at present. To address these challenges, IT Services will stay closely involved with the numerous communities in active discussion about the cloud and will partner where possible with open source initiatives, adhering to a commitment to support and foster open source.
- Create "Stanfordized" cloud images for Amazon EC2.
- Create an API-driven deployment system into a select vendor's cloud offering.
- Devise strategies for developing and patching server images.
- Integrate cloud servers with our local monitoring and CMDB systems.
- Integrate the billing system for a select vendor with IT Services' billing system.
- Target specific case studies to predict how future usage patterns around the cloud may evolve.
- Select a vendor for early prototyping and case studies. For the purpose of developing a case study, IT Services must also identify a client that demonstrates a true need for cloud computing. Ideally, the client would need a low-to-medium intensity system or systems for a short period of time.
- Create "Stanfordized" server images that are pre-programmed to utilize the existing server automation infrastructure.
- Create APIs to deploy, manage, and destroy servers in the cloud.
- Expand current server automation suites to support provisioning of systems in the cloud on the fly.
- Further expand the existing server automation infrastructure to drive monitoring systems so that such rapidly deployed cloud servers can be monitored.
- Build usage monitoring tools to track usage and integrate with the billing system.
Measures of success
- Once the Stanfordized image is available, success will be rapid adoption of that image for community cloud users.
- Successful integration with the automation infrastructure will be determined by the ability to request, via a centralized API, the creation of a new system that results in the proper instantiation of a server in the cloud which self-configures and is registered in the monitoring and CMDB systems.
- Successful billing integration can be measured by the ability to accurately track usage of cloud computing and storage, and properly bill that usage back to the requesting clients via Pinnacle.
- As a service offering, success will be measured by continued growth in adoption.