OpenSaas - From Product to Service - Part 1 - Intro & You run it

From product to SAAS

Tech considerationsSession 1

Friday 23 November 12

Blog: http://jedi.be/blog - Twitter : @patrickdebois - #devops

Technical ReviewerMonitoring Chapter Co-Author Veewee / Sahara / Mccloud

Organizer Since 2009 Europe Organizer 2010

Engineer

First Europe Training 2010

Libvirt - Fog

Speaker

Freelance consultant http://github.com/jedi4ever

Introduction

Your Product

Your Work

You ship it

Your Company Customers

They buy it

Customer #1 Customer #2 Customer #N

They install it ...

Customer Environment

hardware, servers, disks, ...

They configure it ...

database, ldap, dns, mail...

They test it ...

They open the network

internet, firewall, network

They invite users

greatfantastic

They monitor (resource) usage

greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic

fantasticfantastic

They handle Issues/Tickets

fantasticfantastic

They troubleshoot

fantasticfantastic

They fix problems

fantasticfantastic

They complain to YOU

fantasticfantastic

They performproduct upgrades

fantasticfantastic

They Monitor Performance

fantasticfantastic

They monitor security

fantasticfantastic

They increase capacity

fantasticfantastic

Network

They perform environment upgrades

fantasticfantastic

v1v2..

They handle dependency upgrades

fantasticfantastic

v1v2..

They test it

fantasticfantastic

They fix problems

fantasticfantastic

Your Product as a service

Product

Environment

Building Managing

Their worries

Their worriesbecome

YOUR worries

Your worries

+ N x Their Worries

By taking their worriesyou provide VALUE

Now it’s your turn to delegate your worries

to other services

3 x Sessions

1. Install and Run it (Cloud & Architecture)

2. Change it (Continuous Delivery)

3. Manage it (Monitoring, Metrics)

Session 1:Install and Run it

Your “Service”

HardwareOperating System, Loadbalancing, Storage

Application Server + Middleware

HAASIAASPAAS

Collocation & Dedicated Hosting

Your own little machinewith human intervention

Hardware as a service

http://www.baremetalcloud.com/http://www.stormondemand.com/

http://www.hetzner.de/

Non-virtualized MachinesReal ‘raw hardware’

Virtualization Types

Containers(share kernel)

Para-Virtualized

LXCOpenVZ

Solaris Zones

XenKVM

Vsphere

Hardware

Infrastructure as a service

Virtualized Machine

+ APIJust Enough Operating System

Hardware

http://rackspace.com/http://aws.amazon.com/ec2

http://windowsazure.com

Configuration Mgmt

Virtualized Machine

+ APIJust Enough Operating System

Hardware

Infrastructure as Code

Configuration Mgmt

• Scripts vs Infrastructure As Code

• Re-usable installation procedures

• Documented

• Orchestration

• (more on this in Session2)

Multi Tenancy

• Can you host multiple users on the same installation?

• Can you do it safely?

• Security/Performance, Separate Upgrades

• Application complexity

Extra “infra” services

Hardware

Storage

VPN Firewall

MessageQueue

Mail DNS

“Compute” “Storage”Nosql

Loadbalancer

“Connectivity”

Platforms

Java Rails PHP NodeJS

Deploy + API

Specialized Platformsyou can’t see below

standard API

http://www.heroku.com/Friday 23 November 12

Cloud = how much “They” vs “You”?

HardwareOperating System, Loadbalancing, Storage

Application Server + Middleware

HAASIAASPAAS

7/7 24h support

• API does not replace human interaction

• support contract in place?

• contact information?

Build vs Buy/Rent

• Dedicated Instances

• Market Place for Spot instances

• Overcapacity vs buy upfront

Billing, Reporting

• per hour

• per day

• per month

• dedicated , spot-instances, ...

Private vs Public Cloud

• Use same technology & API internally

• Enterprise technology with self-servicing

• main difference is infinite scaling

Beware!

Technology Lock-in ?Addiction to easyness

Live with the constraints of your provider ? What if they fail?

What’s under the hood?

Use abstraction libraries like boto, fog, jclouds

Availability

Single Point of Failure?

• Product

• People

• Process

• Understand and assess the probability, impact and prioritize

Service Level Agreement

• Have customers agree a Service Level

• doesn’t have to be 99.999%

• downtime is permitted

• what if data gets lost? liability?

Helpdesk/Tickets

• Where do you capture all the problems?

• Will you detect the problem before your customers?

• (more on this in Session 3)

Collect Context

• Browser type, plugins, referrer

• IP Address used

• What user account

• Timestamp

• grab ‘current’ state of the problem

Administrative Access

• Remote Console

• SSH Connection

• ‘backdoor’ access

External Dependencies

• ANY Dependency

• cloud provider

• internet connection

• dns, email

• backup

• mobile phone

• other dataservices

DNS & Mail Services

• customer . mydomain.com

• delay in updating and changes

Reproducible

• Version Control, Archive

• upstream packages

• installed software

• licenses

• “Vendor the world”

Loose Coupling

• Architectural design to limit impact

• of an error

• of a change

• avoid ‘big ball of mud’ / global restart

• Uncouple UI, API -> Application (KISS)

Scalability & Performance

horizontal vs vertical scaling

• Clustering

• Loadbalancing/Horizontal scaling

• Vertical Scaling (Bigger box)

• Sharding

Resource Mgmt

• Limit Shared Disk I/O

• Network I/O

• CPU I/O

• Number of connections (DB,Web)

• <insert your expensive operation>

Latency

• Network Latency (US, EU, ...)

• Where are your users

• DNS Latency

• HTTP Latency

• HTML Latency

Loadbalancing& Indirection

• DNS Roundrobin

• Elastic IPS

• Reverse proxy balancing

• Cross geo Services DNS

• DNS TTL, Caching DNS

Peak Loads/Scaling

• Scale UP

• Scale Down

• Autoscaling

• <Insert your bottleneck>

Edge Services

• Content Delivery Network

• Caching Proxy

• Content closer to Users

• Offload your network

• Caching HTTP Headers (Cross Server)

(Spare)Test capacity

Security

• Identity Mgmt

• Oauth (Facebook, Twitter, Linkedin)

• Storing Password (Hash, Salted)

• Access Mgmt

• Role Management

• Email for registration/account

Access Control

• Firewalling Incoming & Outgoing

• Firewalling Network & Host

• Layer 3(IP) , 4 (UDP), 7 (HTTP,SMTP...)

• Denial of Service

Layers of Security

• Content Security (Antivirus, Escaping)

• Application Security (SQL injection etc..)

• Database Security

• OS (Minimal , Hardening, Least priviledge)

• Network Security (VLAN)

Session Management

• Cookies

• Sticky Sessions

• Secure Cookies

• SSL, Encryption

• (across multiple hosts)

Email Security

• Anti Spam

• Blackhole

• Antivirus

• Reputation Management

Data Integrity

• DISK != BACKUP

• Corrupted Cloned data = Corrupted Data

• Consistent DB, Filesystem Backup

The cloud doesn’t take your backups

• Persistent Storage

• Replication

• Delta Backup

• How long does it take to restore?

• Can you restore consistently?

• Do you have downtime for restoring?

• Individual account restore

SSL & Remote Keys

• Password protected

• Where do you store your passwords?

• Sharing of credentials in team

• How fast can you change in case of breach?

Next Sessions

1. Install and Run it (Cloud & Architecture)

2. Change it (Continuous Delivery)

3. Manage it (Monitoring, Metrics)

How about your setup?

OpenSaas - From Product to Service - Part 1 - Intro & You run it

Documents

Intro to Javascript - eecs.yorku.cambrown/EECS1012/09-IntroJavascript.pdf · 2. write a JavaScript function to run when the event occurs ... function A user defined function that

CS260 Intro to Java & Android 03zeus.cs.pacificu.edu/ryand/cs260/2011/Lectures/03.AndroidIntro.pdf · Android Portability Android applications run within the Dalvik virtual machine

Run SB Run

Title An Experimental Study on Transformation and Run-up ... · The author will intro-duce an experiment concerning shoaling and run-up of tsunamis, which are assumed to be similar

RUN T0M0 00 eoe Connecting the dots! RUN RUN http ... · RUN T0M0 00 eoe Connecting the dots! RUN RUN http : // runtomo. org : NPO RUN 2019

OpenSaaS with WordPress

Mechanical Intro 14.5 L01 Intro

Run jerry,RUN!!!

Adult CHF 27,00 Child CHF 13,60 - Asconaa2032dc3...RUN RUN RUN RUN RUN RUN RUN RUN RUN Wednesday market of Luino Wednesday market of Luino Wednesday market of Luino Mercoledi mercato

Intro to Intro-2

Intro (9 Seconds of music) If you love somebody, better tell them while they’re here ‘cos they just may run away from you

Run a Simpler, Faster, Better & Less Costly … Intro COSHOCTON.pdf · Run a Simpler, Faster, Better & Less Costly Organization WDIC Created Date 3/13/2017 11:37:28 AM

SAVI COURSE CALENDAR - SPRING 2019 - Pratt Institute · Advanced GIS Intro ArcGIS Intro ArcGIS Intro ArcGIS Intro ArcGIS Intro ArcGIS Intro ArcGIS Intro ArcGIS Intro ArcGIS Intro

Intro Comments - New York Universitypages.stern.nyu.edu/~acollard/IntroEconometrics.pdf · Intro Comments: The purpose of this lecture is to run through basic econometrics with a

Run Freedom Run

Newsletter11 full cues/Anniversary_Waltz.pdf · EIU CHOREOGRAPHER: RECORD: FOOThtORK; RHYTHM: Sequence: Intro, 3- 5- 9- PALOMINO 1404 WEAVERS RUN RD Anniversary Waltz Il WEST POINT,

VB6 0 Intro VB6 0 Intro VB6 0 Intro VB6 0 IntroVB6 0 Intro VB6 0 Intro VB6 0 Intro VB6 0 Intro VB6 0 Intro VB6 0 Intro VB6 0 Intro VB6 0 Intro of the huber jdjs ladkjl dsj dsal dsjaldsjaf

Java Security Updated May 2007. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security

1 INTRO Fael ITA ING FRA TED 09 - catalog.bailey.nlcatalog.bailey.nl/.../FAEL/faelLUCE_General_catalogue_2009_web.pdf · This catalogue offers an overview of our ... Ski run Almet,

Run Lola Run