264bf8d3ae
The correct link http://www.finra.org/Industry/Regulation/FINRARules is added to the document <link>. Change-Id: I4edf7cc10399ff8555d741b444693b685b1a6be6 Closes-Bug: 1369279 modified: section_user_requirements_hybrid.xml
350 lines
18 KiB
XML
350 lines
18 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="user-requirements-hybrid">
|
|
<?dbhtml stop-chunking?>
|
|
<title>User requirements</title>
|
|
<para>Hybrid cloud architectures introduce additional
|
|
complexities, particularly those that use heterogeneous cloud
|
|
platforms. As a result, it is important to make sure that
|
|
design choices match requirements in such a way that the
|
|
benefits outweigh the inherent additional complexity and
|
|
risks.</para>
|
|
<para>Business considerations to make when designing a hybrid
|
|
cloud deployment include:</para>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>Cost</term>
|
|
<listitem>
|
|
<para>A hybrid cloud architecture involves multiple
|
|
vendors and technical architectures. These
|
|
architectures may be more expensive to deploy and
|
|
maintain. Operational costs can be higher because of
|
|
the need for more sophisticated orchestration and
|
|
brokerage tools than in other architectures. In
|
|
contrast, overall operational costs might be lower by
|
|
virtue of using a cloud brokerage tool to deploy the
|
|
workloads to the most cost effective platform.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>Revenue opportunity</term>
|
|
<listitem>
|
|
<para>Revenue opportunities vary
|
|
greatly based on the intent and use case of the cloud.
|
|
If it is being built as a commercial customer-facing
|
|
product, consider the drivers for building it over
|
|
multiple platforms and whether the use of multiple
|
|
platforms make the design more attractive to target
|
|
customers, thus enhancing the revenue
|
|
opportunity.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>Time to market</term>
|
|
<listitem>
|
|
<para>One of the most common reasons to
|
|
use cloud platforms is to speed the time to market of
|
|
a new product or application. A business requirement
|
|
to use multiple cloud platforms may be because there
|
|
is an existing investment in several applications and
|
|
it is faster to tie them together rather than
|
|
migrating components and refactoring to a single
|
|
platform.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>Business or technical diversity</term>
|
|
<listitem>
|
|
<para>Organizations
|
|
already leveraging cloud-based services may wish to
|
|
embrace business diversity and utilize a hybrid cloud
|
|
design to spread their workloads across multiple cloud
|
|
providers so that no application is hosted in a single
|
|
cloud provider.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>Application momentum</term>
|
|
<listitem>
|
|
<para>A business with existing
|
|
applications that are already in production on
|
|
multiple cloud environments may find that it is more
|
|
cost effective to integrate the applications on
|
|
multiple cloud platforms rather than migrate them to a
|
|
single platform.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
<section xml:id="legal-requirements-hybrid">
|
|
<title>Legal requirements</title>
|
|
<para>Many jurisdictions have legislative and regulatory
|
|
requirements governing the storage and management of data in
|
|
cloud environments. Common areas of regulation include:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Data retention policies ensuring storage of
|
|
persistent data and records management to meet data
|
|
archival requirements.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Data ownership policies governing the possession and
|
|
responsibility for data.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Data sovereignty policies governing the storage of
|
|
data in foreign countries or otherwise separate
|
|
jurisdictions.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Data compliance policies governing certain types of
|
|
information needs to reside in certain locations due
|
|
to regular issues and, more importantly, cannot reside
|
|
in other locations for the same reason.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>Examples of such legal frameworks include the data
|
|
protection framework of the European Union (<link
|
|
xlink:href="http://ec.europa.eu/justice/data-protection/">http://ec.europa.eu/justice/data-protection/</link>)
|
|
and the requirements of the Financial Industry Regulatory
|
|
Authority (<link
|
|
xlink:href="http://www.finra.org/Industry/Regulation/FINRARules/">http://www.finra.org/Industry/Regulation/FINRARules/</link>)
|
|
in the United States. Consult a local regulatory body for more
|
|
information.</para>
|
|
</section>
|
|
<section xml:id="workload-considerations">
|
|
<title>Workload considerations</title>
|
|
<para>Defining what the word "workload" means in the context of a
|
|
hybrid cloud environment is important. Workload can be defined
|
|
as the intended way the systems will be utilized, which is
|
|
often referred to as a "use case". A workload can be a single
|
|
application or a suite of applications that work in concert.
|
|
It can also be a duplicate set of applications that need to
|
|
run on multiple cloud environments. In a hybrid cloud
|
|
deployment, the same workload will often need to function
|
|
equally well on radically different public and private cloud
|
|
environments. The architecture needs to address these
|
|
potential conflicts, complexity, and platform
|
|
incompatibilities.</para>
|
|
<para>Some possible use cases for a hybrid cloud architecture
|
|
include:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Dynamic resource expansion or "bursting": Another
|
|
common reason to use a multiple cloud architecture is
|
|
a "bursty" application that needs additional resources
|
|
at times. An example of this case could be a retailer
|
|
that needs additional resources during the holiday
|
|
selling season, but does not want to build expensive
|
|
cloud resources to meet the peak demand. They might
|
|
have an OpenStack private cloud but want to burst to
|
|
AWS or some other public cloud for these peak load
|
|
periods. These bursts could be for long or short
|
|
cycles ranging from hourly, monthly or yearly.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Disaster recovery-business continuity: The cheaper
|
|
storage and instance management makes a good case for
|
|
using the cloud as a secondary site. The public cloud
|
|
is already heavily used for these purposes in
|
|
combination with an OpenStack public or private
|
|
cloud.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Federated hypervisor-instance management: Adding
|
|
self-service, charge back and transparent delivery of
|
|
the right resources from a federated pool can be cost
|
|
effective. In a hybrid cloud environment, this is a
|
|
particularly important consideration. Look for a cloud
|
|
that provides cross-platform hypervisor support and
|
|
robust instance management tools.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Application portfolio integration: An enterprise
|
|
cloud delivers better application portfolio management
|
|
and more efficient deployment by leveraging
|
|
self-service features and rules for deployments based
|
|
on types of use. A common driver for building hybrid
|
|
cloud architecture is to stitch together multiple
|
|
existing cloud environments that are already in
|
|
production or development.<!-- In the interest of time to
|
|
market, the requirements may be to maintain the
|
|
multiple clouds and just integrate the pieces
|
|
together, not rationalize to one cloud environment, but
|
|
instead to --></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Migration scenarios: A common reason to create a
|
|
hybrid cloud architecture is to allow the migration of
|
|
applications between different clouds. This may be
|
|
because the application will be migrated permanently
|
|
to a new platform, or it might be because the
|
|
application needs to be supported on multiple
|
|
platforms going forward.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>High availability: Another important reason for
|
|
wanting a multiple cloud architecture is to address
|
|
the needs for high availability. By using a
|
|
combination of multiple locations and platforms, a
|
|
design can achieve a level of availability that is not
|
|
possible with a single platform. This approach does
|
|
add a significant amount of complexity.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>In addition to thinking about how the workload will work on
|
|
a single cloud, the design must accommodate the added
|
|
complexity of needing the workload to run on multiple cloud
|
|
platforms. The complexity of transferring workloads across
|
|
clouds needs to be explored at the application, instance,
|
|
cloud platform, hypervisor, and network levels.</para></section>
|
|
<section xml:id="tools-considerations-hybrid">
|
|
<title>Tools considerations</title>
|
|
<para>When working with designs spanning multiple clouds, the
|
|
design must incorporate tools to facilitate working across
|
|
those multiple clouds. Some of the user requirements drive the
|
|
need for tools that will do the following functions:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Broker between clouds: Since the multiple cloud
|
|
architecture assumes that there will be at least two
|
|
different and possibly incompatible platforms that are
|
|
likely to have different costs, brokering software is
|
|
designed to evaluate relative costs between different
|
|
cloud platforms. These solutions are sometimes
|
|
referred to as Cloud Management Platforms (CMPs).
|
|
Examples include Rightscale, Gravitent, Scalr,
|
|
CloudForms, and ManageIQ. These tools allow the
|
|
designer to determine the right location for the
|
|
workload based on predetermined criteria.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Facilitate orchestration across the clouds: CMPs are
|
|
tools are used to tie everything together. Cloud
|
|
orchestration tools are used to improve the management
|
|
of IT application portfolios as they migrate onto
|
|
public, private, and hybrid cloud platforms. These
|
|
tools are an important consideration. Cloud
|
|
orchestration tools are used for managing a diverse
|
|
portfolio of installed systems across multiple cloud
|
|
platforms. The typical enterprise IT application
|
|
portfolio is still comprised of a few thousand
|
|
applications scattered over legacy hardware,
|
|
virtualized infrastructure, and now dozens of
|
|
disjointed shadow public Infrastructure-as-a-Service
|
|
(IaaS) and Software-as-a-Service (SaaS) providers and
|
|
offerings.</para>
|
|
</listitem>
|
|
</itemizedlist></section>
|
|
<section xml:id="network-considerations-hybrid">
|
|
<title>Network considerations</title>
|
|
<para>The network services functionality is an important factor to
|
|
assess when choosing a CMP and cloud provider. Considerations
|
|
are functionality, security, scalability and HA. Verification
|
|
and ongoing testing of the critical features of the cloud
|
|
endpoint used by the architecture are important tasks.</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Once the network functionality framework has been
|
|
decided, a minimum functionality test should be
|
|
designed. This will ensure testing and functionality
|
|
persists during and after upgrades.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Scalability across multiple cloud providers may
|
|
dictate which underlying network framework you will
|
|
choose in different cloud providers. It is important
|
|
to have the network API functions presented and to
|
|
verify that functionality persists across all cloud
|
|
endpoints chosen.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>High availability implementations vary in
|
|
functionality and design. Examples of some common
|
|
methods are active-hot-standby, active-passive and
|
|
active-active. High availability and a test framework
|
|
needs to be developed to insure that the functionality
|
|
and limitations are well understood.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Security considerations include how data is secured
|
|
between client and endpoint and any traffic that
|
|
traverses the multiple clouds, from eavesdropping to
|
|
DoS activities.</para>
|
|
</listitem>
|
|
</itemizedlist></section>
|
|
<section xml:id="risk-mitigation-management-hybrid">
|
|
<title>Risk mitigation and management
|
|
considerations</title>
|
|
<para>Hybrid cloud architectures introduce additional risk because
|
|
they add additional complexity and potentially conflicting or
|
|
incompatible components or tools. However, they also reduce
|
|
risk by spreading workloads over multiple providers. This
|
|
means, if one was to go out of business, the organization
|
|
could remain operational.</para>
|
|
<para>Risks that will be heightened by using a hybrid cloud
|
|
architecture include:</para>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>Provider availability or implementation details</term>
|
|
<listitem>
|
|
<para>
|
|
This can range from the company going out of business
|
|
to the company changing how it delivers its services.
|
|
Cloud architectures are inherently designed to be
|
|
flexible and changeable; paradoxically, the cloud is
|
|
both perceived to be rock solid and ever flexible at
|
|
the same time.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>Differing SLAs</term>
|
|
<listitem>
|
|
<para>Users of hybrid cloud environments
|
|
potentially encounter some losses through differences
|
|
in service level agreements. A hybrid cloud design
|
|
needs to accommodate the different SLAs provided by
|
|
the various clouds involved in the design, and must
|
|
address the actual enforceability of the providers'
|
|
SLAs.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>Security levels</term>
|
|
<listitem>
|
|
<para>Securing multiple cloud
|
|
environments is more complex than securing a single
|
|
cloud environment. Concerns need to be addressed at,
|
|
but not limited to, the application, network, and
|
|
cloud platform levels. One issue is that different
|
|
cloud platforms approach security differently, and a
|
|
hybrid cloud design must address and compensate for
|
|
differences in security approaches. For example, AWS
|
|
uses a relatively simple model that relies on user
|
|
privilege combined with firewalls.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>Provider API changes</term>
|
|
<listitem>
|
|
<para>APIs are crucial in a hybrid
|
|
cloud environment. As a consumer of a provider's cloud
|
|
services, an organization will rarely have any control
|
|
over provider changes to APIs. Cloud services that
|
|
might have previously had compatible APIs may no
|
|
longer work. This is particularly a problem with AWS
|
|
and OpenStack AWS-compatible APIs. OpenStack was
|
|
originally planned to maintain compatibility with
|
|
changes in AWS APIs. However, over time, the APIs have
|
|
become more divergent in functionality. One way to
|
|
address this issue is to focus on using only the most
|
|
common and basic APIs to minimize potential
|
|
conflicts.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</section>
|
|
</section>
|