Key considerations when adopting the cloud

Expectations Hurdles

About me

•  Sebastian Stadil (@sebastianstadil)

•  Founded the Silicon Valley Cloud Computing Group

•  Founded Scalr

•  Talk to me: sebastian@scalr.com

About Scalr (1)

•  Cloud Management company

•  In business for the past 6 years

About Scalr (2)

•  Customer driven company – We listen to / interview customers – Learn from them and the problems they face – Find and implement solutions with them

•  Talk to us: www.scalr.com

This talk: What you should expect (1)

•  This talk is driven by experience

•  Problems we’ve seen

•  Problems we’ve solved

This talk: What you should expect (2)

•  100%: Real-life examples that our customers have been through – And horror stories!

•  0%: Nonsense

This talk: What you should expect (3)

•  Why cloud? Your end goals •  What hurdles? What you should expect

YOUR END GOALS What are the promises of the cloud?

Why get cloud?

•  Two reasons – Agility – Cost

#1: AGILITY What are the promises of the cloud?

Agility (1)

•  Reduce time to market

Agility (2)

•  Cloud promise: Developers don’t have to wait on IT.

•  What you expect: – Code: “Days instead of months” – Hardware: “Minutes instead of weeks” –  Incident response: “Seconds instead of hours”

Agility (3)

•  Check out Adrian Cockcroft’s (Netflix) “Dystopia As a Service” talk

#2: COST What are the promises of the cloud?

Cost (1)

•  Pay less for the same end user experience

Cost (2)

•  Cloud promise: The same service will cost less to run, but give the same performance

•  What you expect: – Higher average usage, lower overall capacity – How? Autoscaling, different services evening

out

THE HURDLES ALONG YOUR WAY

What you’ll get

What hurdles?

•  Education about cloud •  Strategy for cost accountability •  Strategy for security & compliance

#1: CLOUD EDUCATION Is your team trained?

Education

•  Are your developers and IT people familiar with cloud intricacies?

•  Are they embracing the architectures that work? Rejecting those that don’t?

Examples of cloud best practices

•  When an instance is gone, it’s gone.

•  Build for failure and Think “Cattle, not pets”

•  Adopt appropriate tooling (e.g. Chef)

CUSTOMER STORY

Customer story (1)

•  Enterprise IT at BigCo (no names!) doesn’t like the idea of a instance being gone

Customer story (2)

•  Terminated instances stay around for a “few minutes” – Undo for the cloud!

•  The API says the instance is terminated. Except it’s not.

Customer story (3)

•  Good luck transferring those volumes for your database promotion – They look detached but are still being written to!

•  You can’t design for failure –  If MySQL is malfunctioning, better figure out why

and fix it: replacing it isn’t going to happen –  “Pets, not cattle” : (

Customer story (4)

•  Consequences: –  IT was unhappy because cloud wasn’t

delivering the results they wanted – Developers were unhappy because cloud

wasn’t working

LESSONS LEARNED

Cloud is not (only) a technology

•  It’s about changing the way your company works – Cloud is usually associated with DevOps

Cloud users need education

•  Developers should build cloud architectures

•  IT should approve of cloud architectures

•  Devs and IT should work together on operating those

Remember

•  It’s not about whether it’s “hard”

•  It’s about whether your company is adopting cloud practices

#2: YOUR STRATEGY FOR COST MANAGEMENT

How will you rein in runaway costs?

Cost management problems using cloud

•  VM sprawl •  Oversized VMs

•  And you don’t control who launches what

VM Sprawl

•  Idle VMs that don’t get terminated – They stick around unused

•  You’re afraid to terminate – Maybe the VM is running a non-resource

intensive yet critical task!

Oversized VMs

•  Using 64 gigs of RAM on a development VM? No problem!

•  There’s no incentive for developers to get smaller VMs – Devs would waste a few precious seconds

waiting on a package install, and there is absolutely no upside

Why can’t you stop it?

•  You don’t know who owns a resource

•  If you did, you could: – Hold them accountable for those costs – Ask them whether it’s OK to downsize /

terminate

CUSTOMER (HORROR) STORY

Customer Story (1)

•  The company had a yearly budget for cloud

•  One developer provisioned many many VMs, and forgot about them

Customer Story (2)

•  The company needed two full weeks to realize what was going on

•  They used up their yearly budget in a month

Customer Story (3)

•  This happened on a Public Cloud

•  On a Private Cloud, we’ve seen customers buying new hardware every month to “support growth”

LESSONS LEARNED

It’s not about carelessness

•  The entire IT department knew that there was VM sprawl going on – Although maybe not at this scale

•  But there was nothing they could do about it – Who do you ask before terminating a VM?

You need a strategy for cost accountability

•  The objective is the ability to look at a resource (instance, volume…) and say: –  “This resource is used by project A for service

B. Services C and D depend on B. The resource is owned by developer E.”

Start with tagging everything

•  Asking developers to tag everything is a start

•  But they might not want to spend the time

•  It’s better to automate through your cloud management service

Apply industry standard methods (1)

•  Fight VM Sprawl with lease management – You know the owner, so you know who to

contact about lease expiry!

Apply industry standard methods (2)

•  Fight oversized VMs and deployments with accountability – You know the project that’s responsible for

those costs! – Showback, Chargeback

#3: YOUR STRATEGY FOR SECURITY AND GOVERNANCE

How will you ensure security and compliance?

Two objectives to consider

•  Keeping the bad guys out

•  Letting the good guys in

Two tools

•  Network security

•  Authentication systems

Governance isn’t cloud-specific

•  These problems also exist without cloud

•  Two differences with clouds: –  Instances come and go à need automation – Developers are in charge à need policies

CUSTOMER STORY

Customer Story (1)

•  Instances use SSH Key management as built in to the cloud platform – One key, multiple instances

Customer Story (2)

•  When someone needs a key to access infrastructure, they have to ask around for it –  Infosec can’t get the keys when they “really”

need them – New employees lose time asking for keys – Email isn’t a secure key exchange

mechanism!

Customer Story (3)

•  When an employee leaves the company, enterprise IT has no way to ensure their access is revoked

•  Instead, they rely on firewalls and shutting down VPN access

LESSONS LEARNED

Authentication

•  Invest in integrating your cloud and instances with a centralized revokable source of authentication – e.g. LDAP, Kerberos

•  Don’t share SSH keys when you can avoid it – And certainly not Cloud keys!

Networking

•  Ensure that developers aren’t allowed to launch insecure setups – Public IP + Open ports = Disaster

•  Balance with the need to preserve developer productivity – Automate policy enforcement

PARTING WORDS

Recap (1)

•  Cloud can get you: – Business agility – Cost effectiveness

Recap (2)

•  You’ll find hurdles along the way: – Are your people ready to adopt cloud? – Do you have a strategy for cost management? – Do you have a strategy for governance?

Next steps (1)

•  CloudStack is easy to get started with and production-ready. It’s a great choice – Our customer Samsung is using CloudStack

to power mobile app backends for millions of devices (smartphones, smart TVs…)

Next steps (2)

•  Of course, come and talk to us if you think we can help you overcome those hurdles we talked about!

THANK YOU!

Sebastian Stadil — Founder of Scalr Scalr Cloud Management — www.scalr.com