Case Study BONUS CHAPTER 2

Transcription

1 BONUS CHAPTER 2 Case Study ABC is a large accounting firm with customers in five countries across North America and Europe. Its North American headquarters is located in Miami, Florida, where it hosts a data center connected to the Internet by using two different carriers. Three thousand of their 12,000 North American employees are located in Miami. The remaining employees are scattered throughout 75 smaller offices in the United States and Canada. The Europe headquarters is located in Liverpool, UK, where it hosts a small data center connected to the Internet by using a single carrier. There are 1,000 employees in Liverpool and another 3,000 employees across 12 offices in the United Kingdom, France, Germany, Sweden, and Norway. ABC has invested a lot of effort in the creation of a web-based accounting package it sells to its customers in all five countries it does business in. Currently the web package is sold to customers and installed on their premises, where it s maintained by the customer with support from ABC. The web package is composed of a front-end web application, a middle-tier application server, and a database server. The front-end web application makes calls to web services on the middle-tier application server. The application server accesses data from the database server. The application design is shown in Figure B.1.

2 2 Bonus Chapter 2 Case Study Customers Internet Customers Application Web Pages Firewall Web Servers Middle-Tier Web Services Application Servers Switch Accounting Database FIGURE B-1 Application design Database Servers Customers have notified ABC multiple times that they are not comfortable maintaining the web package and would prefer the application to be hosted by ABC online. ABC hired you as a consultant to help design a solution that meets the requirements of their customers and their internal IT department. The list below summarizes the requirements for the solution: Accessibility and scalability The accounting application must be accessible from any device connected to the Internet, from anywhere in the world. Customers can have anywhere from 5 to 2,500 simultaneous users connected to the application. The solution must be scalable so that extra resources are automatically added as usage increases and removed as usage decreases. Customers will pay based on activity volume. Availability Access to the accounting application must be available 24 hours a day, every day of the year. Customers require a 99.9% availability. If there s a disaster in a data center, customers should be able to access their applications from a different data center. ABC does not plan on acquiring new data centers.

3 Designing the Solution 3 Isolation and customization Larger customers require their own separate infrastructure hosted by ABC. They do not want their data and web-application front end shared with other customers. Larger customers want to be able to manage resources directly and also create custom forms in the application. Security All data must be encrypted at rest and in transit. All backups should be encrypted as well. Only authorized users must be able to access the accounting application. Customers should have the ability to use single sign-on (SSO) if they so desire. Servicing Account managers from ABC must be able to provision new applications for large customers by simply filling in a web form that later is used to automate the creation of the application. Rules and regulations Data from customers in Europe must not reside in any data center outside Europe. Designing the Solution Before diving into the solution, you must identify the different types of customers served by ABC. After reading the requirements, you can conclude that there are two types of customers: Smaller customers These customers will use a shared platform to access the accounting application. Larger customers These customers will have a dedicated platform that is not shared with any other customer. Now that you have identified the customer types, you can start breaking down the solution based on the requirements. Let s revisit each requirement and describe how they can be achieved. Accessibility and Scalability Solution The accessibility requirements point to a web-based application available over the Internet. That is easily done since the current solution uses a web- application front end. The scalability requirements point to an elastic solution. Resources must be added and removed dynamically based on usage. This maps directly to a cloudbased solution that is scalable and automated. The virtual machines hosting the different tiers of the solution can be created and deleted according to their

4 4 Bonus Chapter 2 Case Study load. Another requirement that points directly to a cloud solution is the billing. Customers must pay according to resources consumed. In a cloud environment, you can log memory, processor, and storage usage over time and bill based on consumption. Also, a cloud-based solution reduces the number of physical servers required to host the different instances of the accounting application. Looking back at Figure B.1, the solution would require at least two web servers, two middle-tier servers, and two database servers for each large customer. A cloud-based solution would require just a few hypervisor servers in a cluster hosting several virtual machines, as shown in Figure B.2. Customers Internet Customers Virtual Machines Firewall Hypervisor Servers Virtual Hard Drives FIGURE B.2 Private cloud design SAN Switch Availability Solution To achieve 99.9% availability, ABC must invest in its data center to ensure that power is available in case of outage, Internet connection is available in case a carrier is down, hardware is fault tolerant, and the application tiers are available even if a server fails. If you assume that the data center is fully redundant for power and connectivity, you can concentrate on the hardware and application availability. Servers can be clustered together to provide multiple hosts to handle virtual machines.

5 Designing the Solution 5 In this case, if a single server crashes, the virtual machines hosted on that server can be moved to another server. This requires each server in the cluster to have enough memory and processing resources to host the necessary virtual machines to maintain availability. Multiple switches and network adapters can be used to provide redundancy for connectivity. Finally, the application tiers must be composed of at least six virtual servers: two front-end servers in network load balancing, two middle-tier servers in network load balancing, and two database servers clustered. That way, if a single virtual machine fails, the tier is still available and the automation process can automatically provision a new virtual machine to take place of the failed virtual machine. The service template for the accounting application can be seen on Figure B.3. Web Server VM Template (t1) Service Template (st1) Web Pages Web Server Server 1 (t1) Failover Cluster Application Server VM Template (t2) Server 2 (t1) Load Balancer Server 5 (t3) Middle-Tier Web Services Database Server VM Template (t3) Application Server Server 3 (t2) Virtual Switch Server 6 (t3) Server 4 (t2) Load Balancer Accounting Database Web Server FIGURE B.3 Application template Isolation and Customization Solution Since smaller customers can share a platform, their data can be hosted on individual databases on the same database cluster, and they can all share the same set of front-end servers and middle-tier servers. That way, you can have a minimum of six virtual machines hosting the application for all smaller customers. These customers will be paying for access to the application and support and

6 6 Bonus Chapter 2 Case Study will use a Software as a Service (SaaS) model. In this model, ABC is a SaaS provider. Larger customers require isolation from other customers. This can be achieved by each of these customers having their own virtual machines hosting their accounting application. ABC can provide these customers with the ability to add virtual machines to each tier manually, along with automatic scalability. Because these customers also want to customize their application, ABC can provide an application programming interface (API) specifically for that. These customers would be paying for a Platform as a Service (PaaS) product. ABC would be responsible for maintaining the operating system (OS) and programming environment for the solution, leaving the customer responsible for customization of code. Security Solution Because data must be protected at rest and in transit, you need to look at encryption at each layer. Database engines have the ability to encrypt data at rest. This ensures that even when the database is backed up, its content cannot be accessed unless a decryption key is available. The middle-tier servers must have access to the decryption key and can use a Secure Sockets Layer (SSL) connection to the database server to send and receive data, ensuring that data is protected in transit and decrypted at the middle tier. SSL can be used again from the web front-end servers when calling the middle-tier servers and on connections from the end users to the web front end. Finally, users must be authenticated before they gain access to the application. For better security, smart cards can be used for authentication. And to conform to the single sign-on (SSO) requirement, the application can use federation to integrate with the customer s authentication platform. Servicing Solution To allow account managers to create a new instance of the accounting application for larger customers, you can use the concept of service templates. A service template defines the necessary virtual machines and settings to deploy a service, or application. The service template must contain all the virtual machines necessary for the application to run. We defined that the application requires six virtual machines (two web front-end servers, two middle-tier application servers, and two database servers). Each type of virtual machine will have its own template that specifies the necessary software and settings for

7 Summary 7 the virtual machine. For instance, the database servers need a database engine installed along with the accounting database; the web servers need a web server application and the website used to host the accounting application; and the middle-tier application severs need the web services used to interact with the database. Once the virtual machine templates and the service template are defined, a self-service portal can be used for account managers to initiate a workflow that deploys the service template for a given customer. Rules and Regulations Solution Based on the availability requirements, the application must be available in case a data center is offline. To achieve this, data must be synchronized between the two data centers operated by ABC. That way, if the data center in Miami fails, customers from North America will be redirected to the Liverpool data center. However, the same cannot be done for the European customers based on the rules and regulations enforced as a requirement. ABC does not plan to acquire a new data center, so they must hire a cloud provider that is able to host the virtual machines necessary for their customers to stay in business. ABC must be able to fully customize and update the virtual machines. Therefore, this provider will sell an Infrastructure as a Service (IaaS) product to ABC, which will be used as a disaster recovery solution for the European customers. Summary ABC must create a service template to deploy its accounting application by using six virtual machines (two web front-end servers, two middle-tier application servers, and two database servers). The service template must be available for deployment through a self-service portal used by account managers. Each larger customer will have its own instance of the accounting service. All smaller customers will share a single instance of the service. ABC will sell the accounting software as a SaaS product to smaller customers and as a PaaS product to larger customers. ABC will provide disaster recovery to North America customers by synchronizing data between the data centers in Miami and Liverpool. ABC will provide disaster recovery to European customers by synchronizing data between the Liverpool data center and a public cloud provider in Europe. The public cloud provider will sell ABC an IaaS product.

8 8 Bonus Chapter 2 Case Study Secure access to the application will be guaranteed by using SSO with federation services when the customer requires it and by connecting to the virtual machines by using SSL. All data will be encrypted at the database level. Monitoring tools will be used to allow ABC s solution to automatically add and remove virtual machines from each application tier based on consumption. Finally, to show the return over investment for both the private cloud and public solutions recommended, you can use a return on investment (ROI) calculator. There are several calculators available on the Internet, but the one from MomentumSI is the only independent calculator currently available that considers the operating system for the virtual machines along with private or public cloud offering. Its public cloud cost calculator is based on the Amazon AWS Calculator. You can download the calculator from the following location: