View
223
Download
1
Category
Preview:
Citation preview
On-Demand HostingAuto-Provisioning Hosting Services
at EPA
November 2, 2010
Rebecca Astin and David Pritchett
2
Agenda
• Goals, Purpose and Benefits
• New On-line Ordering and Auto-Provisioning
Tool
• On-line Service Offering
• Managed Development Environment
• On-line Ordering Interface
• Future Service Offerings
3
Purpose
• Purpose: To provide an efficient and streamlined cloud hosting service to EPA Hosting customers
• The solution must be…– On-Demand, Self-Service: Order services at any time with
minimal human intervention
– Broadly Accessible: Available over LAN/WAN network via common protocols/clients
– Use Pooled Resources: Supports multi-tenancy via dynamically assigned and re-assigned physical and virtual resources
– Rapidly Elastic: Scale usage in any quantity at any time
– Measured Service: Resources are controlled, monitored, and optimized based on real time metrics
4
Benefits
• On-Demand Hosting– Users can request services in as little as three days with
division and ISO approval
– Servers are available using standard ports and protocols
across EPA LAN/WAN and via AAA
– Servers are hosted in a virtual cloud environment at NCC
– Can request software, processing power, memory, disk space,
server restarts, etc. as required (Rapid Elasticity)
– Solution is monitored and status/usage is available via web
interface
• Service is available in Pilot Mode until March 2011
5
On-line Ordering Interface
• Self-service ordering via Web Interface
– Extranet site (Log-in required – WAM credentials)
– Website Available: December 1, 2010
• New services available to all EPA employees
• Pre-defined selections for hardware and software
• Required WCF products and services calculated based
on selections made
• Service requests are automatically routed for review
and approval
• Services can be provisioned, de-provisioned and
reconfigured via the Web interface
6
Current Service Offering
• Managed Development Environment
– NCC Private Cloud (on-site)
– FISMA complaint virtual server
– Isolated from EPA’s production network
– Behind Network Extension Firewall
– Red Hat Linux (Windows coming soon)
– Accessible from EPA’s network and remotely via AAA
– VMs protected by server-level firewalls (Reflex)
– Supports HTTP/80, HTTPS/443, FTPS/21, SSH/22,
SQLNet2/1521 and MySQL 3306
7
Server Details• Server Type
• Data Disk Size
– 10gig, 20gig, or 40 gig
• Guest Operating System (OS)
– RedHat Linux 4 (32 bit) – Small and Medium Only
– RedHat Linux 4 (64 bit) – Small, Medium, Large
– RedHat Linux 5 (32 bit) – Small and Medium Only
– RedHat Linux 5 (64 bit) – Small, Medium, Large
Small Medium Large
Virtual CPU 1 2 4
Memory 2 gig 4 gig 8 gig
OS Disk Size 18 gig 18 gig 18 gig
8
Technical Architecture Network Extension + Virtual Firewalls
Intranet VMWareCluster
ESXiCluster
Prod/StageVMs
Internet
AAA
Provides Software
Depot Services
App Dev Env
CustomerVM
CustomerVM
App Dev Env
CustomerVM
CustomerVM
ReflexVM
ReflexVM
AgencyFW
RedHatSatellite
EPA WAN Network134.67.XXX.XXX
JumpBox
VC ServerSQL Server
ESXiR710
ESXiR710
VMotionManagement w/ACL
NewScaleAuto Provision
IDSNetExt
FW
WAM
App Dev EnvReflex Virt FW behind Network Ext Fw
9
NCC’s Service Offerings
• Infrastructure as a Service (IaaS)– NCC managed FISMA compliant operating system
– Customer managed application platform and deployment
– Lowest cost option with minimal support
• Platform as a Service (PaaS)– NCC managed FISMA compliant operating system
– NCC managed application platform
– Support for Apache Web Server, Tomcat, JBoss, MySQL, and
LAMP
– Customer managed application deployment
10
Security
• Network Extension Firewall– Separates the development servers from the production
servers and isolates problems
• Virtual Firewalls (Reflex)– Supports Multi-Tenancy by creating zones around each
virtual server and groups of servers
– Allows Intranet, Extranet, and Public Access servers to run on the same physical hardware
– Manages access for each zone and subzone
– Documents communication ports and protocols
– Goal: Rules to follow server into production
Cluster Zone
Inter Customer Zone
Net Ext FW
Customer 2Customer 1 Customer 3
DMZ Intra
11
Private Cloud Services
12
Private Cloud - Development Server “Overview”
13
Customer Information
14
Server Details
15
Server Details - Owner
16
Platform Details
Pg 15
• Include Additional
Software?– If no, skip to next question (Software
to Install will not be displayed)
– If yes, select software
• Software Selections– Apache Web Server
– Apache Tomcat
– JBoss
– MySQL
– PHP
17
Server Details - Alias
Default: http://nccdevReq#.rtpnc.epa.gov Alias: http://alias.nccdev.rtpnc.epa.gov
18
Billing Information
19
Monthly WCF ServicesIaaS(Managed OS)
PaaS(Managed OS & Platform)
VM Server Hosting Fee (includes OS Installation and licenses)
UH-VM$1,100
UH-VM$1,100
VM Hardware Fee (based on #CPU and memory of server)
UH-HW$36 per core$8.33 per gig
UH-HW$36 per core$8.33 per gig
Disk Space UC-DED$7.31 per gig
UC-DED$7.31 per gig
Application Platform Installation and Maintenance
N/A XS-DED $567
Hardware set-up and Configuration
UH-ODC$2,000 (one-time)
UH-ODC$2,000 (one-time)
Technical Consulting TZ (as needed) TZ (as needed)
No Cost Pilot Period – thru March 30, 2011
20
eBusiness Approvals
• When an order is placed, an e-mail is sent to
the hosting and custom application workload
capture team (WLC)
• WLC team places an order for each service in
eBusiness (same process as an ADC today)
• When eBusiness account manager approves
the order, WLC team will associate the
registration IDs with your order in the On-
Demand Hosting request system
21
Network Communication
• Predefined ports and protocols– HTTP-80
– HTTPS-443
– FTP-21
– SQLNet-1521
– MySQL-3306
– SSH-22
• Additional ports and protocols available thru
the Firewall Rule Request process
• Available via AAA (must select “yes” on order
screen)
22
Server Management
• NCC Server Administrators will manage the operating
system for both IaaS and PaaS
• NCC Server Administrators will manage the application
platform for PaaS
• Customer will have “Custodian Administrator” rights
– Provided limited Sudo rights to perform basic
functions
• Custodian Administrators will log-in with WAM
credentials
– Authentication via WAM ID (EPA Employees: LANid)
– Must have a POSIX compatible WAM ID (Externals)
23
Service Approval
• Orders for service must be approved by the following individuals PRIOR to fulfillment:
– Customer Owner (if ordered “On Behalf”)
– Customer Division Director
– Organization’s Primary ISO
– eBusiness Account Manager
• Approvals happen in succession and cannot be obtained concurrently
• Owner, Division Director and ISO approvers will receive an e-mail with instructions on how to review and approve your request
• eBusiness account manager will follow eBusiness procedures for approving WCF orders
24
Service Approval
25
Terms of Service
• NCC will manage the the Operating System
• For IaaS, customer will be responsible for all application
platforms added to the server
• For PaaS, NCC will be responsible for all application
platforms added to the server
• Technical support available through WCF Service TZ
• NCC reserves the right to shut down any server that
negatively impacts the development environment
• Customer shall use the development server for
development purposes only
26
Service Delivery• Begins after ALL approvals are received
• Server will be cloned from a base template in VMware
• The On-Demand Hosting request system will issue commands to automatically reconfigure the server to specified configuration and to allocate data disk space
• NCC Server Administrators will assign IP address and check the server configuration
• Software teams will receive installation instructions if NCC is to install and manage application platform
• WAM team will add Custodian Administrators to the server group in OID and check for ID compatibility (POSIX)
• Server owner and Custodian Administrators will receive log-in instructions
27
Service Confirmation
28
Tracking Your Order
• Progress on order fulfillment is available via
the Delivery Process Tracking Screen
29
Managing Your Service
Once server is delivered, you can…
• Examine server set-up (IP address, DNS entry, Software Installed, Memory, Processors Disk Space, Cost, etc.)
• Request modifications
30
Future On Demand Services
• Add additional server support services
– Add/remove Custodian Administrators
– Change Server Owner
– Change Program Office/Region Ownership
– Change eBusiness Account Number
• Web account registration and decommission
(processes currently performed in TSSMS)
• Windows operating system for development
environment
31
Ordering System Integration
• Automate WCF service ordering process
• Automate OID group association (for
authorization)
• Automate the ADC record entry
• Provide DNS lookup for available aliases
• Provide access to download pre-configured
application platforms
32
Contacts:Rebecca Astin
newScale Project ManagerAstin.Rebecca@epa.gov
919-541-1555
David PritchettnewScale Technical Architect
Pritchett.David@epa.gov919-541-2798
Recommended