KML_FLASHEMBED_PROCESS_SCRIPT_CALLS
 

The Importance of Building Your Cloud Infrastructure the RIGHT Way

July 21st, 2011 by - 4,790 views

The cloud is great for so many things. You can create a web presence in a matter of hours or completely implement an N-tiered, redundant, elastic, secure globally-available cloud topology. Spinning up infrastructure via a web portal or API in minutes via a few clicks of a mouse is a dramatic transformation from the days of racking and stacking servers, untangling miles of cat5/6 cables, connecting load balancers and firewalls to the mix and hooking up storage devices. And let’s not forget about physical security, power supplies, cooling and network redundancy. The neat thing about the cloud is that all of the stuff has become really easy to do and you can do it very quickly.

GoGrid has a long history of enabling IT infrastructure solutions for companies across the world. We have built out core services and offerings to allow businesses to build want they want quickly, efficiently and with state-of-the-art cloud technology. But just because you have great tools at your disposal doesn’t mean that your cloud environment will magically create itself. And that is something that we realize and understand at GoGrid.

clip_image002

Architect for Success

Cloud computing can be almost magical at times, but we need to remember the processes and best practices for security and ensuring redundancy that we are accustomed to using, and adapt and use them within the cloud as well.

A few weeks ago, I wrote a post “Things to Think About When Building Secure Infrastructure” where I made a few points about “assumption,” namely, assuming that whatever cloud vendor you choose, they will take care of everything for you. Regardless of the cloud vendor, you need to do your due diligence and update your standard operating procedures to reflect how cloud computing works. It is different than traditional IT in many ways. For example, in the GoGrid cloud, you can create a cloud server, harden it with security software and configurations and then save it as a MyGSI (as “server image”). Then, as you need to scale out your infrastructure, you can do this not only quickly, but securely as well, by deploying clones or instances of that hardened server. With a traditional, physical deployment, it takes much longer and there is no guarantee that you will have each and every security patch in place on every server.

You must design any IT environment, cloud or not, for resiliency and redundancy. Obviously, the level to which you do this really requires you to fully understand the needs of both your organization and your customers. A QA environment, for example, probably doesn’t need as much redundancy as an eCommerce site does. A great recent example of this is with the Amazon Web Services (AWS) outage that took place on April 21st, 2011.

Amazon is the cloud vendor of thousands of companies worldwide. When their outage hit their US-East facility, it brought down a large number of high-profile sites and countless “regular” sites as well. However, missing from the list of affected sites was one Amazon’s most famous customers, Netflix, who, because of solid standard operating procedures and designing for the cloud, weathered the outage just fine. As stated on the Netflix blog: “…our systems are designed explicitly for these sorts of failures. When we re-designed for the cloud this Amazon failure was exactly the sort of issue that we wanted to be resilient to.”

There is an important lesson here – your ability to recover is a direct result of the amount of effort and planning you put in prior to prevent something catastrophic from happening. Or, to use a cliché here, an ounce of prevention is worth a pound of cure.

Leverage ALL of your Tools

From GoGrid’s perspective, it is our goal to provide cloud infrastructure designed to transform IT. GoGrid’s custom-built management layer leverages hosting and IT technology expertise that we have gained through years of experience. Our technology enables our customers to construct their businesses, solutions and architectures using solutions never before seen in the marketplace.

Many think of cloud computing as containing simply the raw building materials required to craft an IT topology – but actually, it is much more than that. But that depends on the provider. Many cloud providers merely provide the tools and leave the rest up to you. At GoGrid, our goal is to make complex infrastructure easy by providing not only full management of the entire infrastructure as a suite of services (e.g., the VMs, physical servers, load balancers, cloud storage, firewalls, etc.) but also in the form of education and consultation.

We recognized that it is critical to have best-in-class cloud solutions available to our customers when they are building out their architecture. In order to provide these industry-leading solutions, we have also partnered with many leaders with various specialty solutions and showcase these partners within the GoGrid Exchange. This ecosystem of partner solutions continues to grow regularly. There are solutions in Software/Applications, Development/Testing, Disaster Recovery & Backup, Cloud Management, Security, Monitoring and Reporting.

Some GoGrid Recommendations

While GoGrid provides you with the components and solutions from which to fully construct your infrastructure, there are times where a Partner solution or additional service might be worth implementing. You can see some GoGrid and GoGrid Partner options below:

Load Balancingcreate redundancy by routing traffic between multiple servers/locations. Load balancers distribute workload across multiple computers to minimize response time, optimize throughput and avoid overload. Should a server encounter an issue, load balancers automatically route traffic to other available resources, thereby eliminating downtime or outages.

  • Option #1: GoGrid’s built-in F5 hardware-based load balancing can route traffic around your infrastructure within a pre-defined data center.
  • Option #2: Use a GoGrid Partner Server Image (PGSI) from Zeus Technologies to enable global load-balancing between data centers and do more with your traffic flow.

Firewall – a hardware or software-based firewall is designed to either permit or block particular pre-configured types of network transmission based on a set of rules. Firewalls, when properly configured, protect against unauthorized access to infrastructure and can prevent threats from the public internet. Be sure that you have your servers and infrastructure secure using some sort of firewall.

  • Option #1: When a service is created (virtual or physical), it has standard OS firewalls implemented (e.g., iptables or Windows Firewall). Do note, we always recommend going into those new servers immediately and changing the randomly-created default password, as well as running system updates to ensure that your server is fully patched.
  • Option #2: Use a GoGrid Partner server image by Gazzang ezEncrypt for application-level encryption of data within a MySQL database or a GoGrid PGSI from CloudPassage Halo for hardened server images that are monitored to maintain maximum security.
  • Option #3: Sign up for GoGrid’s Fortinet Firewall or Cisco ASA 5510 for dedicated multi-threat prevention hardware to fully harden your environment.

Backups – a backup is essentially a copy of data. Backups act as a means to recover from a data loss or to recover data from a historical period of time. There are various types of backup solutions (e.g., incremental vs. complete) you can employ so it is important to carefully consider items like the frequency of backups, the location(s) where the backups are stored and the type of data you are backing up. Having backups of your environment and data is critical, and you should always have these backups in multiple, distinct locations for better loss prevention.

  • Option #1: Persistent storage on the Virtual Machine is a good place to start. Even if your server is restarted, the data will persist. You can also use GoGrid’s Cloud Storage which is dynamically scalable and attachable to your VMs. Cloud Storage can be used as a back-up solution in conjunction with other solutions (e.g., 3rd party or off-site solutions).
  • Option #2: Use a GoGrid PGSI from GlusterFS as an ideal solution for a software-only, highly available, scalable, NAS storage system for a managed storage pool.
  • Option #3: If your environment requires critical data backup with the option of quick recovery, talk to a GoGrid Account Manager about Managed Storage and Backup solutions.

There are other GoGrid Partners with PGSI solutions within the Exchange as well and the list will continue to grow. But the thing to remember here is there is a reason why we have worked diligently to have relationships with these vendors. They make our infrastructure solutions even better because they are experts within their particular niche. We provide the infrastructure tools, components and services, the management layers, the education and consultation to make your cloud a success. Our Partners, in turn, provide you with solutions even beyond that.

So here’s the bottom line, you can build just about whatever you want with the cloud. Just don’t lose sight on the fact that your solution is only as resilient, robust, secure or available as to what you put in it. So talk to your cloud vendor, employ security and redundancy best practices, and leverage the expertise of partner solutions.

The following two tabs change content below.

Michael Sheehan

Michael Sheehan, formerly the Technology Evangelist for GoGrid, is a recognized technology, social media, and cloud computing pundit and blogger who writes regularly about technology news and trends.

Leave a reply