This document discusses key considerations when adopting cloud computing, including expectations and potential hurdles. It outlines promises of the cloud around agility and cost, but notes education, cost management strategies, and security are needed to address hurdles. Specific customer stories describe problems around instances being terminated, cost runaway due to unused VMs, and insecure authentication practices. The document emphasizes having strategies for cloud adoption, cost accountability, and centralized authentication to successfully realize the promises of cloud computing.
2. About me
• Sebastian Stadil (@sebastianstadil)
• Founded the Silicon Valley Cloud
Computing Group
• Founded Scalr
• Talk to me: sebastian@scalr.com
3. About Scalr (1)
• Cloud Management company
• In business for the past 6 years
4. About Scalr (2)
• Customer driven company
– We listen to / interview customers
– Learn from them and the problems they face
– Find and implement solutions with them
• Talk to us: www.scalr.com
5. This talk: What you should expect
(1)
• This talk is driven by experience
• Problems we’ve seen
• Problems we’ve solved
6. This talk: What you should expect
(2)
• 100%: Real-life examples that our
customers have been through
– And horror stories!
• 0%: Nonsense
7. This talk: What you should expect
(3)
• Why cloud? Your end goals
• What hurdles? What you should expect
8. What are the promises of the cloud?
YOUR END GOALS
12. Agility (2)
• Cloud promise: Developers don’t have to
wait on IT.
• What you expect:
– Code: “Days instead of months”
– Hardware: “Minutes instead of weeks”
– Incident response: “Seconds instead of hours”
13. Agility (3)
• Check out Adrian Cockcroft’s (Netflix)
“Dystopia As a Service” talk
16. Cost (2)
• Cloud promise: The same service will cost
less to run, but give the same performance
• What you expect:
– Higher average usage, lower overall capacity
– How? Autoscaling, different services evening
out
20. Education
• Are your developers and IT people familiar
with cloud intricacies?
• Are they embracing the architectures that
work? Rejecting those that don’t?
21. Examples of cloud best practices
• When an instance is gone, it’s gone.
• Build for failure and Think “Cattle, not
pets”
• Adopt appropriate tooling (e.g. Chef)
23. Customer story (1)
• Enterprise IT at BigCo (no names!) doesn’t
like the idea of a instance being gone
24. Customer story (2)
• Terminated instances stay around for a
“few minutes”
– Undo for the cloud!
• The API says the instance is terminated.
Except it’s not.
25. Customer story (3)
• Good luck transferring those volumes for your
database promotion
– They look detached but are still being written to!
• You can’t design for failure
– If MySQL is malfunctioning, better figure out why
and fix it: replacing it isn’t going to happen
– “Pets, not cattle” : (
26. Customer story (4)
• Consequences:
– IT was unhappy because cloud wasn’t
delivering the results they wanted
– Developers were unhappy because cloud
wasn’t working
28. Cloud is not (only) a technology
• It’s about changing the way your company
works
– Cloud is usually associated with DevOps
29. Cloud users need education
• Developers should build cloud
architectures
• IT should approve of cloud architectures
• Devs and IT should work together on
operating those
30. Remember
• It’s not about whether it’s “hard”
• It’s about whether your company is
adopting cloud practices
31. How will you rein in runaway costs?
#2: YOUR STRATEGY FOR
COST MANAGEMENT
32. Cost management problems using
cloud
• VM sprawl
• Oversized VMs
• And you don’t control who launches what
33. VM Sprawl
• Idle VMs that don’t get terminated
– They stick around unused
• You’re afraid to terminate
– Maybe the VM is running a non-resource
intensive yet critical task!
34. Oversized VMs
• Using 64 gigs of RAM on a development
VM? No problem!
• There’s no incentive for developers to get
smaller VMs
– Devs would waste a few precious seconds
waiting on a package install, and there is
absolutely no upside
35. Why can’t you stop it?
• You don’t know who owns a resource
• If you did, you could:
– Hold them accountable for those costs
– Ask them whether it’s OK to downsize /
terminate
37. Customer Story (1)
• The company had a yearly budget for
cloud
• One developer provisioned many many
VMs, and forgot about them
38. Customer Story (2)
• The company needed two full weeks to
realize what was going on
• They used up their yearly budget in a
month
39. Customer Story (3)
• This happened on a Public Cloud
• On a Private Cloud, we’ve seen customers
buying new hardware every month to
“support growth”
41. It’s not about carelessness
• The entire IT department knew that there
was VM sprawl going on
– Although maybe not at this scale
• But there was nothing they could do about
it
– Who do you ask before terminating a VM?
42. You need a strategy for cost
accountability
• The objective is the ability to look at a
resource (instance, volume…) and say:
– “This resource is used by project A for service
B. Services C and D depend on B. The
resource is owned by developer E.”
43. Start with tagging everything
• Asking developers to tag everything is a
start
• But they might not want to spend the time
• It’s better to automate through your cloud
management service
44. Apply industry standard methods
(1)
• Fight VM Sprawl with lease management
– You know the owner, so you know who to
contact about lease expiry!
45. Apply industry standard methods
(2)
• Fight oversized VMs and deployments
with accountability
– You know the project that’s responsible for
those costs!
– Showback, Chargeback
46. How will you ensure security and compliance?
#3: YOUR STRATEGY FOR
SECURITY AND GOVERNANCE
47. Two objectives to consider
• Keeping the bad guys out
• Letting the good guys in
49. Governance isn’t cloud-specific
• These problems also exist without cloud
• Two differences with clouds:
– Instances come and go à need automation
– Developers are in charge à need policies
51. Customer Story (1)
• Instances use SSH Key management as
built in to the cloud platform
– One key, multiple instances
52. Customer Story (2)
• When someone needs a key to access
infrastructure, they have to ask around for
it
– Infosec can’t get the keys when they “really”
need them
– New employees lose time asking for keys
– Email isn’t a secure key exchange
mechanism!
53. Customer Story (3)
• When an employee leaves the company,
enterprise IT has no way to ensure their
access is revoked
• Instead, they rely on firewalls and shutting
down VPN access
55. Authentication
• Invest in integrating your cloud and
instances with a centralized revokable
source of authentication
– e.g. LDAP, Kerberos
• Don’t share SSH keys when you can avoid
it
– And certainly not Cloud keys!
56. Networking
• Ensure that developers aren’t allowed to
launch insecure setups
– Public IP + Open ports = Disaster
• Balance with the need to preserve
developer productivity
– Automate policy enforcement
58. Recap (1)
• Cloud can get you:
– Business agility
– Cost effectiveness
59. Recap (2)
• You’ll find hurdles along the way:
– Are your people ready to adopt cloud?
– Do you have a strategy for cost management?
– Do you have a strategy for governance?
60. Next steps (1)
• CloudStack is easy to get started with and
production-ready. It’s a great choice
– Our customer Samsung is using CloudStack
to power mobile app backends for millions of
devices (smartphones, smart TVs…)
61. Next steps (2)
• Of course, come and talk to us if you think
we can help you overcome those hurdles
we talked about!
62. Sebastian Stadil — Founder of Scalr
Scalr Cloud Management — www.scalr.com
THANK YOU!