iaas

IaaS Introduction

Dr. Kenny Huang

Chair, Mind Extension Inc. Executive Council, APNIC Board, TWNIC

huangksh@gmail.com

IaaS

Agenda

• Introduction

• Virtualisation

• Delivery Model

• Deployment Model

• Business & Finance

• Research

• Policy

2

Driving Force

• IDC projection

– Annual growth rate 21.6%

– $11Billion 2009

– $30 Billion 2014

• Benefits

– Cut cost

– Share resources

• Technological evolution

3

4

5

6

Benefits Recap

• No upfront costs

• Market more quickly

• No servers to manage

• Automatic software updates

• Easily scalable

• Global growth and integration

• Enhance agility

7

Virtualisation

IaaS

From Virtualisation to Cloud

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

Delivery Model

IaaS

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

IaaS Deployment Model

IaaS

• Self service model – “immediate” satisfaction

• Guaranteed service attributes (SLA)

• Scalability

• Billing for actual services/resources consumed

• Supported by high levels of automation

• Based on a highly virtualized infrastructure

IT Services Deployment Model

47

Iaas Benefits

• Benefits for consumers – Dramatic improvements in “time to market”

– Automating backend billing brings a new cost conscious awareness

– Ability to use OpEx for short term needs

• Benefits for IT – Recognition of IT as a competitive service supplier

– Now you can say “yes” and here’s what it would cost

– High levels of automation provide savings

– Consolidation provides savings

– Turn on/off OpEx provides savings

48

The Journey to the Cloud

• Transition – So how do you transition an IT operation from 7x24 crisis

with a backlog of incidents and service requests a mile long to this smoothly functioning Cloud machine

• Foundation – The foundational answer has been around for some years

– It is called the service provider model (SPM, ref. ITIL)

• Rationale – Instead of managing 5000 servers running 5000 apps, the

server provider model transitions the management effort to some 5+/- tiers of service with service level guaranteed

– Managing 5 entities is doable, but it’s difficult to manage 5000 entities

49

What is the Service Provider Model

• Service Level Agreements – A service focus separates the “what” from the “how” of service delivery – A service level agreement between IT and users of technology providers a

pragmatic basis for alignment of IT capabilities with business objectives

• Standard service offerings – Standard services and technical architecture – A stratification of service offerings allows different service level requirements

to be satisfied at appropriate cost levels

• Mature policy and procedure – Management practices are the processes, policies, and organizational model

used to deliver services – As process mature, they become repeatable, documented, measured and

finally have continuous review for improvement

• Cost model and key performance metrics – External and internal metrics define the progress of the service model – A complete cost models is critical to understanding the true cost of service

delivery

50

IT Maturity Model

51

Understanding and Awareness

Training and Communication

Process and Practice Techniques and Automation

Compliance Expertise

1 Recognition Sporadic communication on issues

Ad hoc approach to process and practice

2 Awareness Communication on the overall issue and needs

Similar but intuitive process emerges

Common tools are appearing

Inconsistent monitoring on isolated issues

3 Understanding of need to act

Informal training supports individual initiatives

Practices are defined, standardized and documented; sharing of better practices begins

Tool set is standardized; currently available practices are used and enforced

Inconsistent monitoring; measurement emerges; balanced score card adopted; root cause analysis is intuitive

Involvement of IT specialists in business processes

4 Understand full requirements

Formal training supports a managed program

Process ownership and responsibilities are set; process is sound and complete; internal best practices are applied

Mature techniques are used; standard tools are enforced; limited tactical use of technology

Balanced scorecard are used in some areas; root cause analysis is standardized

Involvement of all internal domain experts

5 Advanced. Forward-looking understanding

Training and communications support external best practices and use leading edge concepts

Best external practices are applied

Sophisticated techniques are deployed; extensive optimized use of technology

Balanced scorecard is globally applied; root cause analysis is always applied

Use of external experts and industry leaders for guidance

7 step plan to build IaaS

• 1 build a service catalog

• 2 create a service level agreement

• 3 Build key performance indicator capabilities

• 4 inventory infrastructure components

• 5 Implement billing per consumable resource

• 6 rationalize the infrastructure

• 7 automate provisioning and de-provioning

52

Step 1 –Create a Service Catalog

• Key points

– 3 to 5 service tiers based on consumer facing attributes

– Tier differentiation will be based on performance and recoverability attributes

– Cost differentials will be driven by configured consumable to meet service attributes

53

Key takeaways – Create a Service Catalog

• Key Takeaways

– Performance, scalability and protection attributes are what consumers care about

– Only IT cares about technology specifications and configuration

– Typically tier cost differentials approximate 50%

– “Right tiering” drives additional savings

54

Step 2 – Build a Service Level Agreement

• Key points

– SLA guarantees service attribute delivery

– A written guarantee changes the whole IT/consumer dynamic

– The service level agreement should include

• The information on both parties

• Each party’s responsibilities

• Mutual responsibilities

• Escalation and remediation clauses

55

Step 3 – Build KPI Capabilities

• Key points – What is happening right now

– Who is using what

– What is available

– Consumption patterns, trends and forecasts

– Alerts and escalations

• Key Takeaways – If you don’t know what’s happening you will

always be surprised • Monitor and alert IT’s service delivery capability

• Monitor and alert the supply/demand situation

56

Step 3 – Build KPI Capabilities (2)

• Key points – Metrics separate Fact from opinion

• What is server demand for storage?

– Interfaces/APIs are needed • Performance of specific hardware or software components

• Resource allocation, availability, consumption and resource release

• Resource performance to SLA attributes

• Key takeaways – Metrics justify your recommendations

– Trended metrics are the first step to continuous improvement

57

Step 4 – Inventory your Infrastructure

• Key points – Mission critical to know exactly

• What is on the floor

• What is running on it

• What its connected to

• What its dependent on

• Key takeaways – Change and release management is key to a stable

environment

– Without CMDB, changes will only generate more incidents and outage

58

Step 5 – Implement Back End Billing

• Key Points – Visibility is more important than charge back – Cost model provides cost of the deployable unit – Cost model includes

• Hardware and software costs • Software licensing • Hardware and software maintenance • Facility, power and cooling • Administration

• Key takeaways – Basis for cost justification and ROI – Speak with CFO in the same language – Visibility to cost impacts resource usage

59

Step 6 – Rationalize the Infrastructure (virtualization)

• Key points

– Not all resources can be automatically provisioned

– Big box unix will require some IT manual effort

– The obvious target today is the virtualized x86 platform

– Storage has been virtualized since the early NAS

• Key takeaways

– Virtualization is key to automated provisioning

– Automated provisioning needs automated de-provisioning

60

Step 7 – Automate Provisioning

• Key points – Consumers want rapid self-provisioning (time to

market) • Provisioning is the most important step from the end

consumer viewpoint

• It should be like buying something on the web from a catalog

• Key provisioning functions allow consumers to – Search the catalog

– Selection the service

– Receive and accept a price

– Have immediately availability to the resource

– Track usage vs. allocation

61

Step 7 – Automate Provisioning

• Key takeaways – Make a list of provisioning features and functions

– Identify the platforms and APIs your allocations will need

– Use this list of requirements to compare vendors

– Mature organization may consider self-development using APIs to native functionality

• Note – A number of hardware vendors are developing

released front end web based platforms that provide the end consumer with IT provisioning

62

Summary

• Hard parts – Front end provisioning, backend invoicing, and

virtualization of your x86 platform

• Easy parts – Building the disciplines and the services to provide a

priced service catalog, service level agreements, key performance indicators, and mature processes

• Outcomes – Move from managing 5000 entities to managing 5

tiers of service

– A disciplined framework where you know what you’ve got and metrics to manage it

63

Conclusion

• Internal IaaS is doable

• Much of the work is IT best practice

• Rationalization is the most challenging

• Auto provisioning is least mature

• Next steps

– Build the SPM

– Classify your applications

– Plan the migration

– execute

64

Business and Finance

IaaS

Recap Benefits of Cloud Computing

• Subscription-based

• Reduce maintenance cost

• Increased reliability

• Portability

• Efficient use of computing resources

66

Principle of Finance

67

Sales Sales

Co

ntr

ibu

tio

n

Fixe

d-C

ost

s

Sales

BEP P&L=Contribution – Fixed-costs

Quick BEP Exercise

68

A B

C D

Build IaaS over Infrastructure

69

Bargain Power

Build your own infra

Option 1

Option2

Google Practice

70

Reduce CapEx by eliminating Cost of Power Gen & UPS

Owned Submarine Cable/ Capacity

Valuation Talks

71

$3B

$1.2M B/L $6M Series A

$100B $171B

$12B

$20B $13B

$1.2B

Buzzword Evolving

2000 ASP

2006 SaaS

2007 PaaS

2011 Social computing

72

Business Model Evolving: Freemium Model

Offering one level of software for free, and then charging a premium for additional features

“if you adopt a freemium business model, your marketing cost is the free users"

COGS=75%= $400B revenue

73

The Journey to Profitability

74

• IaaS business is like a car racing game on a distorted field. Two factors determine the winner:

– Track

– Speed

• Track is determined by :

– IaaS size and design - the larger, the more distorted (higher track).

• Speed is determined by :

– Contribution margin – the higher, the faster

– Recurring revenue base

Track 1

Track 2

Track 3

Cash flow breakeven

Surviva

l Zon

e

Dea

th Zo

ne

Pro

fit Zon

e

Breakeven

EPS indifference line

IaaS Size

Revenue

Track 4

The Journey to Profitability

75

• Two factors determine the journey to profitability in IaaS business:

– Fixed cost

– Contribution margin (CM)

• Fixed cost depends on:

– IaaS size and design (Rent, Utility and Circuit)

– Operation efficiency (SG&A)

• Contribution margin depends on:

– Service mix

– Technological independency

– Vendor bargaining power

D&A

SG&A

Rent

Utility

Circuit

Cost @CM=80%

Cost @CM=50%

Fixed Cost

Sales $

Breakeven Point

Fixed Cost

Survival or not is pretty much determined at the very beginning

The Journey to Profitability

76

EPS ($)

Sales

CM=80%

CM=50%

Fixed Cost

EPS is correlated to sales on the journey of profitability

CM=80% CM=50%

Gross Margin (%)

Sales ($)

80% 50%

Gross Profit

Fixed Cost

Long term profitability is largely determined by CM

The Journey to Profitability

77

• The IaaS business is a recurring revenue business model:

– The previous year’s efforts count

– Sales growth speed outpaces the sales efforts

• Previous year’s efforts count:

– Do not need to start from scratch every year

– Less vulnerable and volatile

• Sales growth outpaces sales efforts:

– Explosive growth at upward economic environment

– Stable growth at downward economic environment

Recurring

Sales

Time t 2t 3t

$

t

2t

Sales base from existing recurring customers

Sales growth outpaces sales efforts

Does Size Matter ?

78

Space

Co

st

Utility – A/C

Co

st

UPS/Power-Gen

Co

st

Utility – Power

Co

st

Linear growth of COGS

Business & Finance Review

• Subscription-based; reduce maintenance cost; increased reliability – COGS remained and converted to other liabilities. It

has to be paid one way or another. – 97% Google’s revenue is from advertisement. – Majority of cloud services are financed by equity

market, not by product market

• Portability – It’s decided by business competition/cooperation, not

by technology

• Efficient use of computing resources – Market prices are largely determined by competition,

not by efficient use of resources 79

Research

IaaS

Companies are still afraid to use clouds

81

Causes of Problems Associated with Cloud Computing

• Most security problems stem from:

– Loss of control

– Lack of trust (mechanisms)

– Multi-tenancy

• These problems exist mainly in 3rd party management models

– Self-managed clouds still have security issues, but not related to above

82

Loss of Control in the Cloud

• Consumer’s loss of control

– Data, applications, resources are located with provider

– User identity management is handled by the cloud

– User access control rules, security policies and enforcement are managed by the cloud provider

– Consumer relies on provider to ensure

• Data security and privacy

• Resource availability

• Monitoring and repairing of services/resources

83

Lack of Trust in the Cloud

• Trusting a third party requires taking risks • Defining trust and risk

– Opposite sides of the same coin (J. Camp) – People only trust when it pays (Economist’s view) – Need for trust arises only in risky situations

• Defunct third party management schemes – Hard to balance trust and risk – e.g. Key Escrow (Clipper chip) NSA 1993-1996

– Is the cloud headed toward the same path?

84

source: therepublic.com

Multi-tenancy Issues in the Cloud

• Conflict between tenants’ opposing goals – Tenants share a pool of resources and have opposing goals

• How does multi-tenancy deal with conflict of interest? – Can tenants get along together and ‘play nicely’ ?

– If they can’t, can we isolate them?

• How to provide separation between tenants?

• Cloud Computing brings new threats – Multiple independent users share the same physical infrastructure

– Thus an attacker can legitimately be in the same physical machine as the target

85

Taxonomy of Fear

• Confidentiality – Fear of loss of control over data

• Will the sensitive data stored on a cloud remain confidential?

• Will cloud compromises leak confidential client data

– Will the cloud provider itself be honest and won’t peek into the data?

• Integrity – How do I know that the cloud provider is doing

the computations correctly? – How do I ensure that the cloud provider really

stored my data without tampering with it?

86

Taxonomy of Fear (cont.)

• Availability

– Will critical systems go down at the client, if the provider is attacked in a Denial of Service attack?

– What happens if cloud provider goes out of business?

– Would cloud scale well-enough?

– Often-voiced concern

• Although cloud providers argue their downtime compares well with cloud user’s own data centers

87

Taxonomy of Fear (cont.)

• Privacy issues raised via massive data mining

– Cloud now stores data from a lot of clients, and can run data mining algorithms to get large amounts of information on clients

• Increased attack surface

– Entity outside the organization now stores and computes data, and so

– Attackers can now target the communication link between cloud provider and client

– Cloud provider employees can be phished

88

Taxonomy of Fear (cont.)

• Auditability and forensics (out of control of data)

– Difficult to audit data held outside organization in a cloud

– Forensics also made difficult since now clients don’t maintain data locally

• Legal and trust issues

– Who is responsible for complying with regulations?

• e.g., SOX, HIPAA, GLBA ?

– If cloud provider subcontracts to third party clouds (web2.0, 3.0, ..), will the data still be secure?

89

Challenges for the attacker

• How to find out where the target is located?

• How to be co-located with the target in the same (physical) machine?

• How to gather information about the target?

90

Critical Issues from governments

Jurisdiction for cloud services Business monopoly (e.g. Google, F/B)

Cloud data privacy and security Protocol development and standardization Utility model stimulate innovation or impede

creativity Green environment requirement

By IGF (Internet Governance Forum) 2011 KL

91

Policy Government Cloud Computing Policy

IaaS

93

Source: “Above the Clouds: A Berkeley View of Cloud Computing” Feb. 4, 2009 & Revision

vs.

Software industry

Cloud Computing

Software Service Without data center

Pro

du

ce

Clo

ud

Device

Semiconductor industry

(TSMC, UMC)

IC design without factory

Produce

Equ

ipm

en

t and

device

s

Service

Information industry

Tier 1 industry

impact

rebuild

impact IC Design

Policy Rationale Cloud Computing bring the Opportunity of Industrial Transition

94

Policy Strategy

Solutions Devices

Data Center

Infrastruc ture

Client

Connectivity

Commerce

Cloud

NetBook

TV Phone

Hardware

Fiber WiMax

3G/4G

telecommunication

G-Cloud

Edu-Cloud HC-Cloud

SME-Cloud

Software/service

server

storage switch

system software

Security IDC, ISP

Hardware,software

Full Scale / 4C Integrated ECO Sytem

95

G-Cloud Program

•G2C)

•(G2B)

•(G2G)

Infrastructure as a Service (IaaS) GSN , GPKI , N-SOC, shared data center

Management service

Platform as a Service (PaaS)

Software as a Service (SaaS)

SLA & Auditing

Service management & Security management

Data center and network management

Agility Sh

ared

Service

Co

nso

lidatio

n Sh

ared

facility

Shared Service

Platform

AP Dev. Platform

AP Validatoin

DB & Mgt Platform

Agency service

Education E-Tax E-Trade

Healthcare

f

SME Service

Transportation

G-Cloud

Project Name Budget Lead Organization

Cloud computing technology development plan $3.7B MOEA/DOIT

Research Experimental Data Center plan $0.1B MOEA/DOIT

Cloud Computing Corporation plan $1B MOEA/DOIT

Global Firms R&D Investment plan $1.5B MOEA/DOIT

Cloud Computing Industrial Applications Plan $0.7B MOEA/IDB

Government Cloud Computing Infrastructure $6.5B RDEC

Fire Prevention Cloud Computing Service $0.4B MOI/NFA

Education Cloud Computing Service $1.7B MOE

Road Traffic Cloud Computing Infrastructure $0.6B MOTC

Cloud Computing Promotion for SME $0.6B MOEA/SMEA

Cloud Computing Trade Service $0.4B MOEA/BOFT

Cloud Computing Invoice Service $1.3B MOF

Tax Information System Integration & Reform $4B MOF

Harbor Single Window Service Plan $0.8B MOF

Technology & Research Cloud Computing Platform $0.8B NSC

2010 2011 2012 2013 2014

Service access visitor (10M) 0.5M 1M 2M 3M 3.5M

Firm R&D Investment ($12.7B) $1.4B $2.3B $3B $3B $3B

Indirect Investment HW, Serv.($100B) $5B $8B $22B $30B $35B

Employee Increase 50,000 (person) 2500 4000 11000 15000 17500

Cloud Computing Industry Value($1T) $8B $20B $64B $308B $600B

What’s going wrong • Set the standard

– Policy value should be measurable at specific facets • Improved constituent value

– Demonstration needed • Improved operational efficiency

– Demonstration needed

– Lack of Strategy Model • Value/Cost justification model • Lack of Cross-agency integration

– Committee driven model

• Committee representative – IT experts are not professional in financial/business evaluation

• Stakeholder representative – Committee members have no position to claim construction

for target stakeholders – Weak causal analysis

• Lack of problem declaration, causal model, reasoning methodology, solution alternatives, outcome justification

Strategy vs. Operation

• Separate strategy and operation issues

– Deal with operations separately from strategy

– Pushing operational performance and making strategic decisions are distinctive activities

• GIGO (garbage in / garbage out)

– Measure goals with goals indicators

• Goals indicator validation

– Measure performance with performance indicators

Issue Resolution Process

• Issue identification – Strategic [S]

• Improve performance to target stakeholders • Reduce cost to target stakeholders

– Non-strategic [NS] : otherwise – Exception Fallacy [EF] : not a real issue

• Propose solution items, with the following context – Fact-based : demonstrate how it create stakeholders’ value – Alternative driven : at least 3 alternatives presented – Consequential

• Financial implication : how much it cost (CapEx, OpEx ?) • Performance implication : how well it perform? scale of improvement?

how to monitor? • Time Scale : Short/Mid/Long-term solution, straw-man proposal,

migration strategy

• Conclusion Validity : Are they causal (solutions vs. issues)

The Prioritization Matrix

Deprioritize Pursue

Opportunistically

Explore ways of

Improving stakeholders’

value

Investigate

further

immediately

Cloud Computing

TWIX

Low

High

High [S]

Cost

of

Imple

ment

ation

Issue Strategic Value

Cyberspace

Strategy

Cost

of

Imple

ment

ation

Issue Strategic Value

High Low

Recommendations

• Issue strategic value – Given the issue resolved, how it improve performance ? How it create

value? A general understanding should be given

• Prioritization Matrix – [Strategic]>[Non-Strategic]

• Put real choice on the table : alternative driven

• Solve the problem – Solution and problem should have casual relationship

• Time scaling : phased implementation with coherent strategy

• You can not control what you can not measure

Government Role & Responsibility

104