Microsoft takes on the private cloud
Trevor Pott's take on Microsoft
Feature To many, private cloud is simply virtualisation plus management. But there is more to it than that.
There is an awful lot of misunderstanding surrounding such an important design concept, in part stemming from a lack of exposure to what is possible with today's technology.
Different vendors say different things based upon the technologies they have to offer at any point. Other vendors spread FUD wherever they perceive a threat to their offerings.
As the virtualisation provider that has until recently been playing catch-up, Microsoft's offerings in particular seem to have a great deal of misinformation attached to them, and it is worth taking some time to clear the air.
Microsoft's goal is to move beyond infrastructure as a service (IaaS), through platform as a service (PaaS), past software as a service (SaaS) and head off into uncharted territories for which marketing buzzwords have yet to be invented.
It is easy to see why: failure to do so would quickly result in irrelevance. To understand this, we need to walk through the evolution of private clouds.
The ABC of virtualisation
To start with, we need to understand virtualisation. There are two key components to virtualisation: the hypervisor and the virtual machine.
A hypervisor is a minimalistic operating system with a restricted set of built-in drivers and very little in the way of a management interface. Its sole goal is loading multiple virtual machines onto a single piece of hardware.
Virtual machines are a combination of a virtual hard drive (VHD) and some metadata. The VHD is a single file acting as a container for an entire operating system's worth of information.
The metadata contains a description of which virtual hardware that virtual machine has access to – how many network cards, how much RAM, how many virtual CPUs and so on.
The hypervisor reads the metadata, partitions out a chunk of space on the host server and boots the guest operating system from the VHD.
If you have ever burned an .iso file to a CD and then booted a computer up from it, you will find the concept is very similar.
The critical difference is that a hypervisor can load as many different operating systems as it has resources available.
Infrastructure as a service
IaaS is easy to understand, easy to implement and – most important of all – cheap.
You have a bunch of hardware at your disposal: servers, storage and networking. You abstract all of it into a pool of resources and treat the whole shebang as a single entity. You do this by putting hypervisors on the servers and joining those servers to some form of management software.
Suddenly, all your various pieces of hardware appear as a single pool. You can cut this pool up by creating virtual machines and you can move virtual machines from one physical host to another.
You can create virtual machines with different resource levels, and you can offer an interface for end-users to spin up their own virtual machines without having to bother IT.
Virtual machine migration – the ability to move a virtual machine from one host to another while it is still active – is the cornerstone of IaaS. It relies on having a storage area network SAN, in essence, a large centralised file server to which all virtual hosts are connected.
Virtual machine migration has become the litmus test
When a migration is requested, host one and host two start synchronising the RAM of the virtual machine in question over the network. Host one then hands off the storage pointer to host two, the RAM sync is completed, and host two is now running the virtual machine that used to live on host one.
This is really neat, but the technology is almost a decade old. Virtual machine migration has made it into every major x86 virtualisation stack. It has become the litmus test for when a hypervisor and its management tools have moved beyond “interesting research project” and become ready for use.
The technologies underpinning IaaS are done and dusted for the most part. If all you need from your infrastructure is the ability to spin up a few virtual machines and fling them around, you don't even need to go commercial.
Open source has caught up here: Xen.
If you go commercial, you get some worthwhile features not necessarily available to the free-as-in-beer crowd. GPU availability (either 1:1 pass-through or virtualised) is a big one.
The major platforms offer it in different ways but the end result is the ability of virtual machines to use a GPU installed in the server, either to offload certain compute tasks or to provide video acceleration to virtual desktop infrastructure (VDI) clients for a richer end-user experience.
Virtual machine block storage migration is another. Server 8 and System Center Virtual Machine Manager (SCVMM) 2012 brings this feature to the Microsoft world, while VMWare admins will know it as live storage migration.
The concept is simple: the ability to perform a virtual machine migration from one host to another, moving not only the storage pointers on a centralised storage device but also the virtual machine's storage location.
Microsoft extends this with its own twist: the ability to do live migration and storage migration without the need for centralised storage at all.
This brings live migration (and consequently IaaS) to small and medium enterprises that can't afford costly SANs.
Of course, once something is easy to do everyone does it. Implementing IaaS in your data centre today is more a question of catching up with everyone else than it is of stealing a march over your competitors.
Platform as a service
The real competitive advantage in cloudy IT is what you can do with this dynamic infrastructure once you have it in place. A virtual machine is only as useful as the software it contains.
PaaS is about bundling together various applications and operating systems and making their management as easy as IaaS makes dealing with hardware.
Perhaps the most common use for PaaS is the provisioning of a development environment for application developers. They need an operating system or web platform to target, storage to back onto and some form of database.
Depending on the application being developed, they may require instances of specific third-party applications, various development libraries, VLAN assignments, firewall rules and so forth.
Traditionally, this is where a request goes in to IT operations and they busy themselves readying systems. Modern virtualisation management software removes the need for this. Enter virtual machine templates, stage left.
A virtual machine template is exactly what it sounds like. At its most primitive, you create a virtual machine, load an operating system, configure it the way you want and then you make copies.
Since a virtual machine is just a file and some metadata, making lots and lots of copies is as easy as copy and paste.
Of course, in the real world nothing is ever quite that easy. Each operating system has its own quirks that prevent dreams of such ease from being realised.
Microsoft operating systems need to be sysprepped – genericised – so that any licensing information is removed. This means that any child templates must have licensing information entered when first created.
Similarly, RHEL-based operating systems have creative approaches to network management that require some consideration before being made into templates.
Moving away from the operating systems, installed third-party applications may have similar licensing or configuration issues to consider.
When a child virtual machine is spun up from a template, the result could easily be that end-users are bombarded with requests for licensing and configuration information that they don't have and don't understand.
Some of the licensing and configuration questions can be taken out of the equation with the judicious insertion of run-once scripts into the template before going gold but this can be tricky to get right unless you know the precise end use of the machine.
Long-term maintenance of scripted templates (patches, configuration updates and so on) can become problematic.
Spinning up the template to make changes risks triggering the scripts in question, which can result in either having to maintain two masters (one with scripts and one without) for each template, or having to re-genericise the template after every change.
When trying to create push-button simple PaaS offerings, virtualisation management software that is operating-system (and application) aware makes a big difference. Once we get to PaaS, the virtualisation platform in use starts to matter.
Software as a service
PaaS is great for developers, but the end-user still hasn't obtained anything useful out of the deal.
A database, firewall and web server don't do the accountants any good and sales still don't have the fancy graphs and statistics they clamour for. We have made some developers' lives a little easier, but what good is that, really?
The users don't care if the application is sharing a virtual machine with dozens of other instances, in its own virtual machine or spread out across two or three virtual machines of its own. They are interested in the application and what it can do for them; the rest needs to take care of itself.
By the time you are deploying SaaS, you must have the configuration and licensing issues completely sorted, as you will be running virtual platforms containing cloud-aware applications.
Configuration information needs to flow from a single form that the user fills out at sign-up, and everything from that point on has to be scripted and seamless.
Patching and updates should occur without user knowledge, so your virtualisation management software needs a way of pushing those changes from testbed virtual machines to production systems.
These changes have to occur without disrupting the licensing and configuration states of the production virtual machines in use, and a way of reverting if it all goes pear-shaped.
You need monitoring and metrics that work at the application level and some way of tracking and responding to issues higher up than just virtual machine-instance level problems.
More and more it is becoming apparent that a successful SaaS rollout requires that developers and operations work hand in hand (the DevOps approach), lest the whole house of cards come tumbling down.
The stack you choose will make or break your ability to deliver. At the level of SaaS, every link in the chain is important. From the user-facing application to the background apps, and from the operating system through to the hypervisor.
All components need to be aware of each other and they need to be designed to play nice.
If SaaS is your goal, Microsoft on Microsoft with added Microsoft on the side starts to make sense. Server 8 and System Center 2012 bring more than just a robust set of infrastructure tools to the table.
This combination brings together a whole set of interconnected software that can work alone, but is far more powerful in concert.
Let's start with SCVMM 2012.
SCVMM has the ability to deploy and maintain individual instances (or entire clusters) of Hyper-V hypervisors to bare metal servers using Windows Deployment Services and Windows Server Update Services. Zero to Hyper-V cluster in a few clicks.
Updates to Hyper-V hosts are done in an automatic fashion: virtual machines are evacuated from a host for patching or other maintenance, and then moved back if necessary when the host comes back up.
In this manner an entire cloud can be patched simply by releasing the appropriate patches without operations having to baby each individual physical box.
SCVMM integrates with the baseband management controllers on the physical hosts. This provides for both integrated lights-out-management as well as power optimisation.
Hosts that are not needed to meet load requirements can be powered down, saving on both power and cooling costs.
Dynamic optimisation takes care of load balancing and virtual machine distribution. SCVMM can migrate, suspend, shut down or spin up virtual machines (and physical hosts) in response to pre-programmed times, server loading or update requirements.
Getting the virtual machines from host to host is an important part of the infrastructure side, and Microsoft does not disappoint.
If your storage is SMI-S compliant, then SCVMM can offload a lot of file tasks directly onto the SAN, preventing costly network-based copy and move operations.
If not, oh well, it has other methods at its disposal. The files and virtual machines will get from A to B.
This is in part because Microsoft recognises the growing reality of heterogeneous environments, but also because the real magic occurs at a higher level than the hypervisor. There's no point in trying to own the hypervisor market if it has already been completely commoditised.
Getting into the PaaS arena, Microsoft's System Center tools are (Microsoft) operating system aware, with some application awareness and a lot of scriptability.
When you create a Server 2008 or later based virtual machine, you can pre-define the roles to be installed. IIS can be pre-configured. Generic command executables can be injected into the template, allowing you install or configure applications for which System Center does not have awareness.
Virtual machines can be packaged together into a service, and each service can be deployed to different environments (production, testing and so on). Services can be set up to include connectivity to a Microsoft SQL server.
You will have noticed there is a lot of "installed" and "configured" above. That is deliberate. While Microsoft's virtualisation tools can track image-based templates, the real goal is to keep the end SaaS application separate from the Microsoft software.
From here we move into SaaS territory. Microsoft has provided not only a PaaS stack, but all the under-the-hood widgets needed to deploy, track and maintain whatever SaaS application we see fit to deploy.
The future is Saasy
This being Microsoft, the expectation is that SaaS applications will be available for deployment to its cloudy infrastructure from independent software vendors, as well as companies’ in-house developers.
Forget installing your accounting package's server and then a client on each PC: the future is deploying it as a SaaS app on the in-house private cloud.
Microsoft is building a platform where a new service can be created that is actually a clean install of Windows Server, fully patched and up to date (thanks to Windows Server Update Services), and joined to the domain so that all the enterprise policies and preferences from Active Directory apply.
The third-party application is then injected, preferably with its configuration maintained on centralised storage of some kind and pointed at a relevant SQL server.
If developers are on the ball, then their applications can be updated and maintained separately from the operating system and virtualisation-integrated applications underneath.
SCVMM tracks changes that happen to the application to make it easier to pull the application out of the operating system, either moving it to a different operating system in another virtual machine or patching the operating system underneath the application.
Microsoft has brought application isolation and state separation to a level rivalling the user state virtualisation provided by folder redirection and roaming profiles.
This enables another feature: update cascades. Updating a service template updates all descendant children of the service virtual machines.
Additionally, you can have multiple descendant categories of child virtual machines from a single template, so long as the differences are configuration changes that fall into a category System Center is aware of and can manage. This can mean fewer templates, fewer updates and less management.
Caring for the environment
The whole of Microsoft's offerings add up to a lot more than the individual parts. All of it is doable without getting into super high-end enterprise storage, servers that cost more than a sysadmin's salary or switching equipment.
Microsoft's 2012 server play is a private cloud that starts out as feasible for SMEs, and gets better the more sexy gear you throw at it.
What if you have sexy gear? What if you have a budget that rivals a mid-sized state? Does Microsoft stack up in a real data centre? The answer is yes.
SCVMM has support for all sorts of different triggers. Whatever it doesn't support natively it can be made to support by tying it together with System Center Operations Manager (SCOM) via Performance and Resource Optimization (PRO). The end result is a private cloud that can react to just about anything.
If you are a seasonal business and you know that you will need a host of new virtual machines, schedule them up and ye shall receive. Know that you need a few extra number-crunching virtual machines to handle week-end reports? You can schedule that too.
You can even create load-based triggers. Load on the web servers past the high watermark? Have a new instance spin up and be added to the load balancer. Everything from VDI instances to full SaaSy services can be truly on demand.
The SCOM/PRO extensions move this out of pure software and scheduling and into true environmental awareness. Temperature excursion in rack 4? Move some virtual machines around to compensate. UPS in Rack 6 throwing a wobbly? Evacuate the rack and page operations to get that looked at.
This isn't an airy-fairy theoretical possibility in the same sense that "I can theoretically build a lawn-mowing robot based on a Beagle Board and a Kinect, powered by a stationary robot arm that tracks the widget and fires a high-wattage laser at its solar panels."
We went through that with the last generation. This is tested and ready for prime time, with Microsoft successfully encouraging partners to create PRO packs for their hardware and various different applications directly.
We don't have to rely on network-connected SNMP widgets and mad scripting skills to make these sorts of environmentally aware data centres possible.
Microsoft's Server 8 and System Center 2012 stack represent the commoditisation of IT-as-a-service. More than that, it is taking private clouds from a series of disparate-but-sort-of-integrated software packages to a tightly integrated and dead simple whole.
Microsoft's offerings here are ready to go toe to toe with the best that VMWare or Citrix can bring to bear. Each company has its own strengths and weaknesses.
But the private cloud has most certainly become about a lot more than virtualisation plus management. ®
This is the first article in a three-part series by Trevor Pott, a sysadmin based in Edmonton, Canada.
Sponsored: 2016 Cyberthreat defense report