OpenSaas - From Product to Service - Part 1 - Intro & You run it

From product to SAAS

Tech considerationsSession 1

Friday 23 November 12

Blog: http://jedi.be/blog - Twitter : @patrickdebois - #devops

Technical ReviewerMonitoring Chapter Co-Author Veewee / Sahara / Mccloud

Organizer Since 2009 Europe Organizer 2010

Engineer

First Europe Training 2010

Libvirt - Fog

Speaker

Freelance consultant http://github.com/jedi4ever


http://jedi.be

http://jedi.be

http://github.com/jedi4ever

http://github.com/jedi4ever

Introduction


Your Product


Your Work


You ship it

Your Company Customers


They buy it

Customer #1 Customer #2 Customer #N


They install it ...

Customer Environment

hardware, servers, disks, ...


They configure it ...


database, ldap, dns, mail...



They test it ...




BOOM


They open the network




internet, firewall, network


They invite users


greatfantastic


They monitor (resource) usage


greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic

fantasticfantastic


They handle Issues/Tickets



fantasticfantastic


They troubleshoot



fantasticfantastic


They fix problems



fantasticfantastic


They complain to YOU



fantasticfantastic


They performproduct upgrades



fantasticfantastic


They Monitor Performance



fantasticfantastic





fantasticfantastic


They monitor security



fantasticfantastic


They increase capacity



fantasticfantastic

Network

Disk

CPU


They perform environment upgrades



fantasticfantastic

v1v2..

v1034


They handle dependency upgrades



fantasticfantastic

v1v2..

v1034


They test it



fantasticfantastic





fantasticfantastic


They fix problems



fantasticfantastic


Your Product as a service

Product

+

Environment

Building Managing


Their worries


Their worriesbecome

YOUR worries


Your worries

+ N x Their Worries


By taking their worriesyou provide VALUE


Now it’s your turn to delegate your worries

to other services


3 x Sessions

1. Install and Run it (Cloud & Architecture)

2. Change it (Continuous Delivery)

3. Manage it (Monitoring, Metrics)


Session 1:Install and Run it


Your “Service”

HardwareOperating System, Loadbalancing, Storage

Application Server + Middleware

HAASIAASPAAS

SAAS


Collocation & Dedicated Hosting

Your own little machinewith human intervention


Hardware as a service

http://www.baremetalcloud.com/http://www.stormondemand.com/

http://www.hetzner.de/

Non-virtualized MachinesReal ‘raw hardware’

+ API


http://www.baremetalcloud.com/

http://www.baremetalcloud.com/

http://www.stormondemand.com/

http://www.stormondemand.com/



Virtualization Types

Containers(share kernel)

Para-Virtualized

LXCOpenVZ

Solaris Zones

XenKVM

Vsphere

Hardware


Infrastructure as a service

Virtualized Machine

+ APIJust Enough Operating System

Hardware

http://rackspace.com/http://aws.amazon.com/ec2

http://windowsazure.com


http://www.rackspace.com/

http://www.rackspace.com/

http://aws.amazon.com/ec2

http://aws.amazon.com/ec2

http://www.windowsazure.com/en-us/

http://www.windowsazure.com/en-us/

Configuration Mgmt

Virtualized Machine

+ APIJust Enough Operating System

Hardware

Infrastructure as Code


Configuration Mgmt

• Scripts vs Infrastructure As Code

• Re-usable installation procedures

• Documented

• Orchestration

• (more on this in Session2)


Multi Tenancy

• Can you host multiple users on the same installation?

• Can you do it safely?

• Security/Performance, Separate Upgrades

• Application complexity


Extra “infra” services

VM

+ API

JEOS

Hardware

Storage

VPN Firewall

MessageQueue

Mail DNS

Disk

“Compute” “Storage”Nosql

DB

Loadbalancer

“Connectivity”


Platforms

Java Rails PHP NodeJS

Deploy + API

Specialized Platformsyou can’t see below

standard API

http://www.heroku.com/Friday 23 November 12

http://www.heroku.com/

http://www.heroku.com/

Cloud = how much “They” vs “You”?

HardwareOperating System, Loadbalancing, Storage

Application Server + Middleware

HAASIAASPAAS

SAAS


7/7 24h support

• API does not replace human interaction

• support contract in place?

• contact information?


Build vs Buy/Rent

• Dedicated Instances

• Market Place for Spot instances

• Overcapacity vs buy upfront


Billing, Reporting

• per hour

• per day

• per month

• dedicated , spot-instances, ...


Private vs Public Cloud

• Use same technology & API internally

• Enterprise technology with self-servicing

• main difference is infinite scaling


Beware!

Technology Lock-in ?Addiction to easyness

Live with the constraints of your provider ? What if they fail?

What’s under the hood?

Use abstraction libraries like boto, fog, jclouds


Availability


Single Point of Failure?

• Product

• People

• Process

• Understand and assess the probability, impact and prioritize


Service Level Agreement

• Have customers agree a Service Level

• doesn’t have to be 99.999%

• downtime is permitted

• what if data gets lost? liability?


Helpdesk/Tickets

• Where do you capture all the problems?

• Will you detect the problem before your customers?

• (more on this in Session 3)


Collect Context

• Browser type, plugins, referrer

• IP Address used

• What user account

• Timestamp

• grab ‘current’ state of the problem


Administrative Access

• Remote Console

• SSH Connection

• ‘backdoor’ access


External Dependencies

• ANY Dependency

• cloud provider

• internet connection

• dns, email

• backup

• mobile phone

• other dataservices


DNS & Mail Services

• customer . mydomain.com

• delay in updating and changes


Reproducible

• Version Control, Archive

• upstream packages

• installed software

• licenses

• “Vendor the world”


Loose Coupling

• Architectural design to limit impact

• of an error

• of a change

• avoid ‘big ball of mud’ / global restart

• Uncouple UI, API -> Application (KISS)


Scalability & Performance


horizontal vs vertical scaling

• Clustering

• Loadbalancing/Horizontal scaling

• Vertical Scaling (Bigger box)

• Sharding


Resource Mgmt

• Limit Shared Disk I/O

• Network I/O

• CPU I/O

• Number of connections (DB,Web)

• <insert your expensive operation>


Latency

• Network Latency (US, EU, ...)

• Where are your users

• DNS Latency

• HTTP Latency

• HTML Latency


Loadbalancing& Indirection

• DNS Roundrobin

• Elastic IPS

• Reverse proxy balancing

• Cross geo Services DNS

• DNS TTL, Caching DNS


Peak Loads/Scaling

• Scale UP

• Scale Down

• Autoscaling

• <Insert your bottleneck>


Edge Services

• Content Delivery Network

• Caching Proxy

• Content closer to Users

• Offload your network

• Caching HTTP Headers (Cross Server)


(Spare)Test capacity


Security


Users

• Identity Mgmt

• Oauth (Facebook, Twitter, Linkedin)

• Storing Password (Hash, Salted)

• Access Mgmt

• Role Management

• Email for registration/account


Access Control

• Firewalling Incoming & Outgoing

• Firewalling Network & Host

• Layer 3(IP) , 4 (UDP), 7 (HTTP,SMTP...)

• Denial of Service


Layers of Security

• Content Security (Antivirus, Escaping)

• Application Security (SQL injection etc..)

• Database Security

• OS (Minimal , Hardening, Least priviledge)

• Network Security (VLAN)


Session Management

• Cookies

• Sticky Sessions

• Secure Cookies

• SSL, Encryption

• (across multiple hosts)


Email Security

• Anti Spam

• Blackhole

• Antivirus

• Reputation Management


Data Integrity

• DISK != BACKUP

• Corrupted Cloned data = Corrupted Data

• Consistent DB, Filesystem Backup


The cloud doesn’t take your backups

• Persistent Storage

• Replication

• Delta Backup

• How long does it take to restore?

• Can you restore consistently?

• Do you have downtime for restoring?

• Individual account restore


SSL & Remote Keys

• Password protected

• Where do you store your passwords?

• Sharing of credentials in team

• How fast can you change in case of breach?


Next Sessions

1. Install and Run it (Cloud & Architecture)

2. Change it (Continuous Delivery)

3. Manage it (Monitoring, Metrics)


How about your setup?


Documents

OpenSaas - From Product to Service - Part 1 - Intro & You run it