From product to SAAS
Tech considerationsSession 1
Friday 23 November 12
Blog: http://jedi.be/blog - Twitter : @patrickdebois - #devops
Technical ReviewerMonitoring Chapter Co-Author Veewee / Sahara / Mccloud
Organizer Since 2009 Europe Organizer 2010
Engineer
First Europe Training 2010
Libvirt - Fog
Speaker
Freelance consultant http://github.com/jedi4ever
Friday 23 November 12
Introduction
Friday 23 November 12
Your Product
Friday 23 November 12
Your Work
Friday 23 November 12
You ship it
Your Company Customers
Friday 23 November 12
They buy it
Customer #1 Customer #2 Customer #N
Friday 23 November 12
They install it ...
Customer Environment
hardware, servers, disks, ...
Friday 23 November 12
They configure it ...
Customer Environment
database, ldap, dns, mail...
hardware, servers, disks, ...
Friday 23 November 12
They test it ...
Customer Environment
database, ldap, dns, mail...
hardware, servers, disks, ...
BOOM
Friday 23 November 12
They open the network
Customer Environment
database, ldap, dns, mail...
hardware, servers, disks, ...
internet, firewall, network
Friday 23 November 12
They invite users
Customer Environment
greatfantastic
Friday 23 November 12
They monitor (resource) usage
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They handle Issues/Tickets
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They troubleshoot
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They fix problems
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They complain to YOU
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They performproduct upgrades
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They Monitor Performance
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They complain to YOU
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They monitor security
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They increase capacity
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Network
Disk
CPU
Friday 23 November 12
They perform environment upgrades
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
v1v2..
v1034
Friday 23 November 12
They handle dependency upgrades
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
v1v2..
v1034
Friday 23 November 12
They test it
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They complain to YOU
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
They fix problems
Customer Environment
greatfantasticfantasticfantasticfantasticfantasticfantasticfantasticfantastic
fantasticfantastic
Friday 23 November 12
Your Product as a service
Product
+
Environment
Building Managing
Friday 23 November 12
Their worries
Friday 23 November 12
Their worriesbecome
YOUR worries
Friday 23 November 12
Your worries
+ N x Their Worries
Friday 23 November 12
By taking their worriesyou provide VALUE
Friday 23 November 12
Now it’s your turn to delegate your worries
to other services
Friday 23 November 12
3 x Sessions
1. Install and Run it (Cloud & Architecture)
2. Change it (Continuous Delivery)
3. Manage it (Monitoring, Metrics)
Friday 23 November 12
Session 1:Install and Run it
Friday 23 November 12
Your “Service”
HardwareOperating System, Loadbalancing, Storage
Application Server + Middleware
HAASIAASPAAS
SAAS
Friday 23 November 12
Collocation & Dedicated Hosting
Your own little machinewith human intervention
Friday 23 November 12
Hardware as a service
http://www.baremetalcloud.com/http://www.stormondemand.com/
http://www.hetzner.de/
Non-virtualized MachinesReal ‘raw hardware’
+ API
Friday 23 November 12
Virtualization Types
Containers(share kernel)
Para-Virtualized
LXCOpenVZ
Solaris Zones
XenKVM
Vsphere
Hardware
Friday 23 November 12
Infrastructure as a service
Virtualized Machine
+ APIJust Enough Operating System
Hardware
http://rackspace.com/http://aws.amazon.com/ec2
http://windowsazure.com
Friday 23 November 12
Configuration Mgmt
Virtualized Machine
+ APIJust Enough Operating System
Hardware
Infrastructure as Code
Friday 23 November 12
Configuration Mgmt
• Scripts vs Infrastructure As Code
• Re-usable installation procedures
• Documented
• Orchestration
• (more on this in Session2)
Friday 23 November 12
Multi Tenancy
• Can you host multiple users on the same installation?
• Can you do it safely?
• Security/Performance, Separate Upgrades
• Application complexity
Friday 23 November 12
Extra “infra” services
VM
+ API
JEOS
Hardware
Storage
VPN Firewall
MessageQueue
Mail DNS
Disk
“Compute” “Storage”Nosql
DB
Loadbalancer
“Connectivity”
Friday 23 November 12
Platforms
Java Rails PHP NodeJS
Deploy + API
Specialized Platformsyou can’t see below
standard API
http://www.heroku.com/Friday 23 November 12
Cloud = how much “They” vs “You”?
HardwareOperating System, Loadbalancing, Storage
Application Server + Middleware
HAASIAASPAAS
SAAS
Friday 23 November 12
7/7 24h support
• API does not replace human interaction
• support contract in place?
• contact information?
Friday 23 November 12
Build vs Buy/Rent
• Dedicated Instances
• Market Place for Spot instances
• Overcapacity vs buy upfront
Friday 23 November 12
Billing, Reporting
• per hour
• per day
• per month
• dedicated , spot-instances, ...
Friday 23 November 12
Private vs Public Cloud
• Use same technology & API internally
• Enterprise technology with self-servicing
• main difference is infinite scaling
Friday 23 November 12
Beware!
Technology Lock-in ?Addiction to easyness
Live with the constraints of your provider ? What if they fail?
What’s under the hood?
Use abstraction libraries like boto, fog, jclouds
Friday 23 November 12
Availability
Friday 23 November 12
Single Point of Failure?
• Product
• People
• Process
• Understand and assess the probability, impact and prioritize
Friday 23 November 12
Service Level Agreement
• Have customers agree a Service Level
• doesn’t have to be 99.999%
• downtime is permitted
• what if data gets lost? liability?
Friday 23 November 12
Helpdesk/Tickets
• Where do you capture all the problems?
• Will you detect the problem before your customers?
• (more on this in Session 3)
Friday 23 November 12
Collect Context
• Browser type, plugins, referrer
• IP Address used
• What user account
• Timestamp
• grab ‘current’ state of the problem
Friday 23 November 12
Administrative Access
• Remote Console
• SSH Connection
• ‘backdoor’ access
Friday 23 November 12
External Dependencies
• ANY Dependency
• cloud provider
• internet connection
• dns, email
• backup
• mobile phone
• other dataservices
Friday 23 November 12
DNS & Mail Services
• customer . mydomain.com
• delay in updating and changes
Friday 23 November 12
Reproducible
• Version Control, Archive
• upstream packages
• installed software
• licenses
• “Vendor the world”
Friday 23 November 12
Loose Coupling
• Architectural design to limit impact
• of an error
• of a change
• avoid ‘big ball of mud’ / global restart
• Uncouple UI, API -> Application (KISS)
Friday 23 November 12
Scalability & Performance
Friday 23 November 12
horizontal vs vertical scaling
• Clustering
• Loadbalancing/Horizontal scaling
• Vertical Scaling (Bigger box)
• Sharding
Friday 23 November 12
Resource Mgmt
• Limit Shared Disk I/O
• Network I/O
• CPU I/O
• Number of connections (DB,Web)
• <insert your expensive operation>
Friday 23 November 12
Latency
• Network Latency (US, EU, ...)
• Where are your users
• DNS Latency
• HTTP Latency
• HTML Latency
Friday 23 November 12
Loadbalancing& Indirection
• DNS Roundrobin
• Elastic IPS
• Reverse proxy balancing
• Cross geo Services DNS
• DNS TTL, Caching DNS
Friday 23 November 12
Peak Loads/Scaling
• Scale UP
• Scale Down
• Autoscaling
• <Insert your bottleneck>
Friday 23 November 12
Edge Services
• Content Delivery Network
• Caching Proxy
• Content closer to Users
• Offload your network
• Caching HTTP Headers (Cross Server)
Friday 23 November 12
(Spare)Test capacity
Friday 23 November 12
Security
Friday 23 November 12
Users
• Identity Mgmt
• Oauth (Facebook, Twitter, Linkedin)
• Storing Password (Hash, Salted)
• Access Mgmt
• Role Management
• Email for registration/account
Friday 23 November 12
Access Control
• Firewalling Incoming & Outgoing
• Firewalling Network & Host
• Layer 3(IP) , 4 (UDP), 7 (HTTP,SMTP...)
• Denial of Service
Friday 23 November 12
Layers of Security
• Content Security (Antivirus, Escaping)
• Application Security (SQL injection etc..)
• Database Security
• OS (Minimal , Hardening, Least priviledge)
• Network Security (VLAN)
Friday 23 November 12
Session Management
• Cookies
• Sticky Sessions
• Secure Cookies
• SSL, Encryption
• (across multiple hosts)
Friday 23 November 12
Email Security
• Anti Spam
• Blackhole
• Antivirus
• Reputation Management
Friday 23 November 12
Data Integrity
• DISK != BACKUP
• Corrupted Cloned data = Corrupted Data
• Consistent DB, Filesystem Backup
Friday 23 November 12
The cloud doesn’t take your backups
• Persistent Storage
• Replication
• Delta Backup
• How long does it take to restore?
• Can you restore consistently?
• Do you have downtime for restoring?
• Individual account restore
Friday 23 November 12
SSL & Remote Keys
• Password protected
• Where do you store your passwords?
• Sharing of credentials in team
• How fast can you change in case of breach?
Friday 23 November 12
Next Sessions
1. Install and Run it (Cloud & Architecture)
2. Change it (Continuous Delivery)
3. Manage it (Monitoring, Metrics)
Friday 23 November 12
How about your setup?
Friday 23 November 12