The previous post Secure Mutli-Tenant Virtualization – How to get there?, was only concerned with Infrastructure as a Service however the new announcement from VMware SpringSource and Google leads to one of the first Platform as a Service that has simplified the motion of applications between different cloud providers, provided the basis for the application exists within the environment. That basis is Spring. Applications built on Spring can now run on Google AppEngine, VMware Clouds such as VMforce, VMware vSphere infrastructures, and other participating clouds.
This is a Wow! moment for the adoption of Java based PaaS Cloud as any real kind of interoperability across these clouds has been lagging by a large margin. For PaaS and Applications built using the Spring PaaS a solution has been found.
But what does this mean for SMT and Applications Management in General?
Life for an auditor just became more difficult as does application administration. Moving these Apps from cloud to cloud while having each App living full time in each cloud and also within the local private cloud creates new management challenges. Now we have 1 App that lives everywhere and/or moves around. The following issues need to be addressed:
- Management Products need to allow App updates across multiple platforms. Where does the master copy of your App live? How do you ensure that all copies are comprised of the same code? These will become an interesting questions moving forward. If you do not know where it lives, then how can you manage the App?
- Traditional (first generation) Applications Performance Products will not address this use case all all. To address this use case APM products need to discover the topology of the applications system in real time, and work for applications that are distributed across multiple public and private clouds. Both New Relic and AppDynamics have built cloud aware APM solutions that address these needs. Both solutions handle the communications issues by having the Java resident agents use outbound HTTPS to communicate back into the management system. New Relic hosts that back end in a SaaS model. AppDynamics offers both an on-premise and SaaS model. AppDynamics also maps the Java based components of the applications system and can keep this map up to date as components get moved between and distributed across multiple clouds. A comparison of the solutions in this space is in Cloud Applications Performance Management get Serious.
- Distributing applications in this manner will also create issues for source code control systems. Enterprises will need to ensure that all of the latest bits are always moved as applications are moved from cloud to cloud. This includes the add-on management bits as well as the App bits.
- These new solutions will also play in important role in the decisions to allow App performance to scale and migrate based on cloud utilization. Knowing when one cloud is slow and whether or not to scale within that cloud or to switch to another is a very hard problem. AppDynamics is the first APM vendor to include rule based cloud orchestration in the APM solution so that these location and scaling decisions can be made from the data collected by the APM solution.
- Security/Auditing Products to allow tracking of where an App has been, who has accessed it, and the ‘security’ of the cloud provider. CloudAudit.org is working towards this, but I am not sure PaaS was a particular focus. How do we manage any keys or certificates that live within multiple clouds at one time?
- SMT often implies encryption, as we know from the previous discussion, encryption within a VM is suspect, so for PaaS are we looking at end-point encryption/decryption/digital signing of the data? If so, how do you manage the keys for write once/read many? Of course if the App is public, this may be a non-issue, but if its private, this could become a very large issue. Will the Apps be tested against all the known end-points: iPad, Smart Phone, old laptop/desktop? Certificates will now need to move with the App, where ever they go between clouds.
- Development Portals so that the developers just access and develop the Apps without needing to know where the actual environment lives. Perhaps Eclipse is the proper tool for this.
- Application Disaster Recovery and Business Continuity will need to be considered. If one Cloud provider goes down, can the users of the App be moved easily to other clouds? Do we now need ‘stretch’ load balancers that cover multiple clouds? Perhaps this is a new industry.
- Infrastructure Performance Management for these clouds is an under appreciated problem and will be a major issue. In these PaaS clouds the cloud provider is providing all of the software except the Java application itself. The cloud vendor needs to provide a mechanism to prove that the provided software stack is performing from a response time perspective as required. This issue is addressed in the post Reinventing Infrastructure Performance Monitoring for the Cloud.
This is a great announcement and a Wow moment on first blush. However as is always the case with any platform advancement, the management, performance, development, and security tools always lags behind the availability of the platform itself. Management tools are just starting to catch up with the new requirements created by virtualization in the data center (the private cloud). Good management of the public cloud barely exists, and the notion of properly managing applications distributed across multiple PaaS clouds creates brand new requirements.
Share this Article:
Latest posts by Edward Haletky (see all)
- Common Product Security Questions - November 23, 2016
- Sorry Support: Not Getting My Data - November 18, 2016
- Moving to the Future: Strategies for Handling Data Scale - November 14, 2016