IT as a Service Reference Architecture

For an IT department these are perilous times indeed. All around you public cloud vendors are offering IT services on an easy to procure, elastic and often inexpensive basis. Many of the developers in your organization may have already concluded that getting resources provisioned for development and test projects is easier at than it is through your internally offered processes. If you are aware that this is happening you can console yourself by saying, “it is only development – not production”, but you should wonder what should you do to make sure that those workloads come back when they do go into production.

The most rational and productive response that an IT department at an enterprise can make to this existential threat is to compete with public cloud providers on their own terms. This means that you need to offer your IT services to your business constituents on the same flexible, fast to provision, easy to manage and change, and inexpensive basis that your competition on the part of the public cloud providers offers. Before you embark upon competing with the public cloud providers, it is important to understand that you will be competing with several different categories and implementations of clouds. Infrastructure as a Service (IaaS) clouds mean that the cloud provider is providing a Windows or Linux operating system upon which the customer installs their entire applications environment. Platform as a Service (PaaS) mean that the cloud provider provides the .NET, Java, or Ruby applications environment as well as the entire OS. In a Software as a Service (SaaS) the entire application is provided over the Internet by the cloud vendor. Finally it is important to realize that there are at least three different implementations of various types of clouds. is large enough to be a de-facto standard, and you can purchase the software from Eucalyptus to construct your own Amazon compatible cloud. There are many VMware compatible IaaS clouds and you can of course buy VMware vSphere and VMware vCloud Director to start the process of creating a VMware compatible cloud. Finally there is OpenStack which is an open source solution for cloud infrastructure. To start this process, you need to embark upon an IT as a Service initiative at your company. IT as a Service is the new name for what used to be called a “Private Cloud” – and it simply means a Private Cloud plus the software required for you to offer IT services on an automated, managed and self-service basis to your constituents. To embark upon an IT as a Service initiative, the most important thing you need is a reference architecture that describes the pieces that you will need to assemble in order to deliver IT as a Service (note- you cannot buy “ITaaS in a box” from any single vendor).

IT as a Service Reference Architecture

ITaaS Reference ArchitectureEach of these layers is implemented in multiple products available from multiple vendors. Before we get into who does what, here is the essential functionality of each layer:

  • Virtualization Platform – This is everything above the hypervisor, but below the add-on products sold above the hypervisor. The key features of the virtualization platform when it comes to ITaaS are the ability to elastically scale the environment based upon demand, and the ability to integrate with management solutions that provide the functionality in the upper layers of the stack. Note that some platforms support hypervisors from multiple vendors and other platforms are specific to the hypervisor from the platform vendor.
  • Configuration and Change Management – It is an essential part of delivering and managing dynamic services on a self-service basis to be able to understand both how these services need to be configured when they are instantiated, but also to be able to make sure that as they are moved around the environment that the required configurations maintain in place, and that externally initiated “configuration drift” does not take services out of compliance with the originally configured guidelines. The rate of change in dynamic self-service systems makes CMDB’s unable to keep up and provide this functionality so this need must be met with new solutions that are designed from the ground up to deal with dynamic IT infrastructures.
  • Secure Multi-Tenancy – This is a complex topic, covered in detail in our Virtualization Security body of articles on SMT. However suffice it to say that if a public cloud provider has both Pepsi and Coke as customers, that cloud provider needs to be able to provide complete separation of compute, memory, network, and storage environments between these two customers who happen to be competitors. While it is unlikely that one enterprise will have competing entities as divisions that need to be dealt with separately, it is likely that one division might have information security needs that call for a complete isolation of their compute environment from other divisions and their employees in the company. Therefore you will have to be able to offer varying degrees of multi-tenant security to your constituents depending upon their needs. To do this on a self-service basis will require that multi-tenant security be implemented in an integrated manner across your entire ITaaS management stack and into your virtualization platform as well as its supporting physical resources.  The products covered in this article can provide basic separation of coarse grained resources like VM’s and vApp’s. However true SMT is something that the Virtualization Security vendors are really still working on, and the ultimate solution will likely require some advances on the part of VMware, some new releases from Virtualization Security vendors, and then integration of all of the above into these IT as a Service solutions.
  • Provisioning and Lifecycle Management – This involves having policies and automation around the end-to-end process of provisioning a set of virtual assets in support of a service, managing them as entity, and then being able to decommission them in an orderly manner if the service is to be retired. The most difficult issue in this area is keeping these assets up to date as infrastructure configuration requirements change (for example security and/or networking policies), and keeping the actual software that comprises those applications up to date and consistent.
  • Orchestration and Automation – Highly related to the area above is the question of how to orchestrate the delivery of services that elastically scale up and down according to demand in an automated manner. Portions of this functionality (the part that actually scales out the resources) lives in the virtualization platform. The specification of the rules for how and when to scale out may live in a performance management solution, or it many live in this layer. Whether an application is to scale and where it is to scale out (for example in an internal vs and external cloud) needs to be specified in the Service Catalog.
  • Service Catalog – A robust, easily configurable, easily extensible and most important easy to use service catalog is the “face” of your ITaaS initiative. This is the part of your ITaaS stack that your users will interact with, and the usability of your service will be judged by how easy it is to use, and how well it works. Key functionality at this layer includes libraries of low level services than can be combined to form higher level more complex offerings, the ability for business constituents to request services, the ability to schedule their start and end, and reporting around what services exist, how heavily they are used and what should be decommissioned.

It was mentioned above that you cannot buy “ITaaS in a box”. In fact there is no single vendor from which you can buy the functionality mentioned above in a pre-integrated manner. Even if you go with a VMware focused approach and start with vSphere and vCloud Director, you will find missing functionality at virtually every layer of the reference architecture presented herein. The best strategy is there to assemble a best of class solution out of the virtualization platform of your choice and then the various required management layers. When considering  your virtualization platform it is likely that you already have and in-house vSphere environment. If your business constituents are using vSphere or vCloud based cloud offerings (or can be persuaded to do so) then you can build upon your VMware infrastructure and easily provide for VM portability between public clouds used in development, and your environment (hopefully used in production). If on the other hand you have a substantial community of developers who are using Amazon EC2, then you might want to consider putting up an Amazon compatible virtualization platform (that will run on your VMware hypervisors) from Eucalyptus. For how to sort through all of the other layers of the management stack, please consult the table below.

IT as a Service Functionality by Vendor

Vendor Virtualization Platform Config. & Change Mgmt. Secure Multi-Tenancy Provisioning & Lifecycle Mgmt Orchestration & Automation Service Catalog
VMware (vSphere) green check
VMware (vCloud Director) green check green check
VMware (vCloud Request Manager) green check
VMware (Service Manager) green check
DynamicOps green check green check green check green check green check
Embotics green check green check green check green check green check
Eucalyptus green check
ManageIQ green check green check green check green check
newScale green check green check green check green check
Platform Computing green check green check green check green check
Reflex Systems green check
Quest (Cloud Automation Platform) green check green check green check green check
rPath green check green check green check

Summary Pursuing an IT as a Service initiative is essential for IT departments concerned with effectively competing with public cloud providers so that IT does not ultimately lose the reason for its existence to the public cloud vendors. However, these initiatives require a robust set of functionality in order for IT to be able to deliver effective self-service in a manageable, secure and cost effective manner. At this point in time, there is not an IT as a Service product that you can buy from one vendor. Therefore careful attention needs to be paid to every layer of the proposed reference architecture to make sure that the selected products fit together and meet the needs of the enterprise IT group and its constituents.