What is cloud computing & virtualization?
It is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources through software, allows administrators to carve up physical resources such desktops, servers, and storage into logical units that can be provisioned independently
According to NIST, cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources, e.g., networks, servers, storage, applications, and services, that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.
On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed, automatically without requiring human interaction with each service provider.
Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms, e.g., mobile phones, tablets, laptops, and workstations.
Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction, e.g., country, state, or datacenter. Examples of resources include storage, processing, memory, and network bandwidth.
Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service, e.g., storage, processing, bandwidth, and active user accounts. Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications, and possibly limited control of select networking components, e.g., host firewalls.
Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser, e.g., web-based email, or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers, e.g., business units. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns, e.g., mission, security requirements, policy, and compliance considerations. It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability, e.g., cloud
CFSI Case Study
The Chief Information Officer (CIO) of a classified DoD agency is charged with delivering a modern, scalable computing infrastructure to meet its computing and communications requirements in accordance with the DoD CIO’s Federal Data Center Consolidation Initiative. This effort is designed to improve IT asset utilization and achieve cost savings, energy consumption reductions, and optimal space utilization. In support of these initiatives, the agency has migrated to a modern and robust back-end computing infrastructure by fully leveraging the capabilities of the latest generation of IT systems.
The agency’s IT enterprise architecture supports approximately 4,500 users in more than 20 CONUS and OCONUS locations in NIPR / SIPR / Top Secret / Joint Worldwide Intelligence Communications System (JWICS) environments. It is also subject to DoD mandates from the Defense Information Systems Agency (DISA), Joint Task Force Global Network Operations (JTF-GNO), and the Secretary of Defense memo for efficiency (which requires a 30% reduction over 3 years in funding for service support contractors).
CFSI is providing the CIO with program and project management; strategic planning; IT solutions development, infrastructure, system, and network engineering; testing, demonstration, and implementation; system integration; system administration and service desk; and documentation in the following areas:
- Cloud computing (on-demand provisioning, chargeback, and roadmap);
- Virtualization (server and desktop infrastructures);
- Unified communications (VTC, Video, VoIP, IM and Presence);
- Cyber security, including information assurance and certification and accreditation (C&A);and
- Continuity of operations, failover, and disaster recovery.
Using our project management framework and engineering expertise, CFSI designed and implemented the enterprise cloud by integrating an IPv6 architecture, Infrastructure as a Service (IaaS), Desktop as a Service (DaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). To enhance the delivery of these cloud offerings, CFSI implemented a self-service portal user interface (UI) enhancing infrastructure, application, and service-level management, thereby easing cloud administration for consumers of services, IT managers, and business managers.
The enterprise cloud provides an environment where shared computing, communications, and application resources are provisioned on-demand to meet the business and mission needs of the agency. Its infrastructure provides reliable services through a centralized data center, which functions as a single point of access for the majority of the agency’s information technology requirements. The design enhances the reliability and availability of enterprise IT services, while increasing the efficiency of administering and maintaining its IT assets.
CFSI’s engagement entails the development and fielding of an IPv6-enabled, geographically redundant and load balanced, virtualized infrastructure to replace the agency’s legacy computing infrastructure on all of the enterprise’s unclassified, classified, and JWICS networks. The cloud hosts the agency’s enclave(s), systems, data, users, and operations. It supports SECURENET access and monitoring. Individual enclaves are fully or partially integrated with core services depending on compatibility, suitability, and operational requirements.
The cloud also included integrating automated configuration management capabilities, an enterprise network-based monitoring and analysis solution, a Hierarchical Storage Management (HSM) solution, a DISA DoD DMZ-compliant infrastructure, geographic dispersed replication and failover capabilities, and a DISA-compliant host-based security solution (HBSS).
CFSI utilized a “best of breed” approach to implement these technologies. The integration process involves analyzing vendor-specific best practices (Microsoft, VMware), published industry standards and recommendations (Gartner, NIST), and organization-specific (DISA, DoD) guidance.
- Cloud Certifications:
- CompTIA Cloud+
- (ISC)² CCSP
- Microsoft MCSA: Cloud Platform
- Microsoft MCSE: Cloud Platform and Infrastructure
- Microsoft MCSA: Linux on Azure
- AWS Certified Solutions Architect – Associate
- AWS Certified Solutions Architect – Professional
- Google Professional Cloud Architect
- Cisco CCNA Cloud
- Cisco CCNP Cloud
In order to realize many of their efficiency, consolidation, and cost reduction goals, information technology organizations must maximize utilization of the assets they have available. Virtualization, through software, allows administrators to carve up physical resources such desktops, servers, and storage into logical units that can be provisioned independently. These logical entities allow administrators to quickly and dynamically deploy new services using excess capacity that would have previously gone unused. Virtualization not only reduces costs but enables organizations to be much more agile and flexible while responding to the demands of their customers. Because the physical resources are already in place, through proper automation, provisioning new capabilities can often be as simple as clicking a few buttons.
Desktop virtualization is a technology that decouples the customer desktop interface from traditional physical hardware, such as laptops and desktops. The desktop images are stored centrally on servers in the datacenter and processing can occur either on servers or be distributed out to the client devices. The technology has the following key advantages.
User mobility. Regardless of the machines that users log on to in the enterprise, they can be presented with their personal desktops along with their customized applications and settings. This same technology can be extended to allow users outside the enterprise to connect in remotely and still receive the same interface.
Centralized administration. Security patches, software updates, and configuration changes can be applied centrally to quickly achieve 100% distribution. These changes can often be made transparently with no impact to the users of the system.
Cost.Client devices in virtualized environments are often significantly cheaper than traditional desktops and typically have longer refresh life cycles.
The biggest benefit to server virtualization is the ability to run multiple logical servers on a single piece of hardware. This allows administrators to make the most efficient use of the available memory, CPU, and disk resources. The result is an optimized, consolidated environment that requires less hardware, thus consuming less datacenter floor space and demanding less power and cooling. Other advantages that come with server virtualization include increased server availability and business continuity capabilities. Because the logical server is no longer tied to the physical hardware, in the event of device failure, the server can operate on other physical systems in the environment. The same technology can be used to create redundancy between geographically dispersed locations to ensure continuity of operations in case of a true disaster or site failure. Often the most appreciated benefit of virtualized server environments is the speed with which new systems can be provisioned. Assuming that the capacity is available, new servers can be brought online in just a matter of minutes.
The demand for disk storage capacity in enterprise environments continues to grow at exorbitant levels. As IT organizations procure additional capacity they are faced with many difficult decisions.
- Should they stick with the same vendor that they already have in their environment?
- Should they maintain the same protocols and interface technology?
- What are the performance requirements of the new storage?
- How much capacity must be reserved for growth?
- How will they migrate from an old storage system to the new one?
Storage virtualization helps address these challenges. Storage virtualization systems collect the storage resources of an organization into a centralized pool and then present logical representations of those resources to the servers that demand them. This abstraction layer between the servers and physical storage devices allows administrators to add capacity, move data, and replace hardware transparent to the servers accessing the data. Another benefit of storage virtualization is that data replication can occur regardless of the storage vendor, technology, or protocol. This replication can be used to ensure availability metrics are maintained and to support the organization’s continuity of operations strategies. Like server virtualization, the levels of automation that can be achieved with storage virtualization enable rapid provisioning of new resources in support of new requirements.