by Ron Larson and Richard Friedman
Published March 2014
Part 1 - What's Involved in Building a Cloud-Based Data Center
Part 2 - Securing a Cloud-Based Data Center
By now, it has become obvious that the cloud model provides enterprise data centers with significant cost savings. By sharing pooled resources, cloud computing offers increased hardware utilization and high efficiency, while also providing elastic scalability and fast deployment of applications and services.
What might not be immediately obvious is how easy and cost-free it is for an IT department to create a cloud infrastructure with Oracle Solaris 11. All the technologies needed to create a cloud are already part of the operating system (OS) or are easily downloadable, and they work directly without modification.
In this series of articles, we will explore the general business needs solved by a cloud model, and show how creating a cloud infrastructure can be accomplished simply and easily with Oracle Solaris 11.
Efficiency and cost savings are the primary benefits of consolidating an IT center's infrastructure as a cloud. With a pool of shared computing resources made available over a public or private network, users can be up and running in minutes. Contrast that with the weeks or months required for a classic data center to acquire, install, and implement new dedicated servers. Consolidating servers and storage through virtualization simplifies management, improves resource utilization, and streamlines conformity to security and compliance standards.
A dynamically scalable grid architecture that automatically responds to changing demands makes the cloud a very compelling solution compared to the traditional data center.
In the most general terms, cloud virtualization brings significant benefits to business data centers, including
But first, we need to clarify some of the concepts and models implied by the term cloud computing.
When we talk about "the cloud," we are actually talking about a cluster of servers managed through server virtualization as a pool of shared compute, storage, and network resources. This is in contrast to the more traditional data center built of individual discrete components, such as a particular host machine, storage device, network connection, or application.
With server virtualization, virtual hosts, virtual storage, and virtual networks can be created, allocated, and deallocated as needed, increasing hardware utilization and offering greater operating flexibility.
Virtualization is the key. To users, it appears as if they have their own private server somewhere on the internet or within a company's private cloud. They really do not need to know where the server is physically located, what it looks like, or how to maintain it. It's just there as long as they need it. In reality, the host OS has spawned itself into shared environments that appear to multiple simultaneous users as their own fully functional and private virtual computer.
Make this capability available to users over the global internet and you have a public cloud. Bring this capability inside an enterprise's network and make it available only to employees and trusted partners and customers, and you have a private cloud. Hybrid clouds, which combine components of both public and private clouds, are also possible.
As we'll soon see, Oracle Solaris 11 provides the technologies a system administrator needs to virtualize all the physical elements in a data center including storage, OS, and networking. In the most general terms, the following three basic virtualization models—two of which are software-based and one of which is hardware-based—can be used individually or in combination to create cloud infrastructures that offer a wide range of capabilities and complexity:
OS virtualization with Oracle Solaris Zones provides one or more isolated execution environments under a single OS instance. Each environment contains what appears to be a private copy of the OS in its own container, or zone. Zones offer near-native performance and flexibility, and present a much smaller resource footprint than either virtual machines or physical domains.
Zones are easy to create and provide an isolated and secure environment for running applications. Processes that run in a zone are isolated from the rest of the system. This prevents processes running in one zone from monitoring or affecting processes running in other zones, even if the processes have root credentials within their own zones. Resource allocation prevents processes in one zone from interfering with the performance of processes in other zones on the same server. Because zones do not introduce a software layer between applications and the OS, they can provide near-native performance by eliminating overhead.
Virtual machines make it possible to run multiple operating systems over a single hardware kit. Each VM a user creates runs its own OS, which need not be the same as that of the host system, and each isolated OS instance can be stopped, restarted, and rebooted independently. Active VMs can be migrated to another physical machine without interruption.
Oracle Solaris 11 supports this virtualization model through Oracle VM Server for SPARC (previously called Sun Logical Domains), Oracle VM Server for x86, and Oracle VM VirtualBox.
Oracle VM Servers rely on a hypervisor, a thin software layer that subdivides and partitions server CPUs, memory, I/O, and storage resources among VMs. CPU threads running in VMs achieve native performance. Virtualization overhead is higher in this model than with Oracle Solaris Zones, since it typically takes longer to create, provision, and manage the VMs.
Hardware partitions, also known as physical domains, provide physical separation between the running OS and its resources and power. Because this model does not use a hypervisor, it provides bare-metal performance along with the most isolation, but resource configuration is much less flexible than with either virtual machines or Oracle Solaris Zones.
As the name implies, hardware partitioning is a feature designed and built into the server hardware itself. Oracle provides this type of virtualization in Oracle's SPARC Enterprise M-Series servers.
Currently, three service models drive cloud building: software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). How the cloud is to be used determines which service model is appropriate to deploy.
The best virtualization model is the one that best matches project requirements. The following list maps various environments to the virtualization models, and Table 1 describes some pros and cons:
|Oracle Solaris Zones||
Oracle Solaris Zones provide a really quick and efficient way to create a cloud.
Oracle Solaris Zones virtualization is often referred to as lightweight virtualization because the overhead for running applications in zones is minimal. A global zone runs the Oracle Solaris kernel, device drivers, and the rest of the OS. Users are assigned non-global zones in which to run applications. These non-global zones are isolated from each other and are unable to modify or impact the shared global zone, and they appear to users as their own Oracle Solaris installation with its own file system, network addresses, and so on.
Because there is no virtualization layer in the non-global zones, high performance is easily attained. And while non-global zones run the same version of the OS as the global zone, Oracle Solaris 11 "branded" zones can be created for legacy applications that run in Oracle Solaris 10, Oracle Solaris 9, or Oracle Solaris 8 Containers.
Oracle Solaris Zones technology is fully integrated into Oracle Solaris 11, permitting secure, delegated administration of zones and better integration with ZFS and with resource management products. For example, zones can be easily created and managed from the command line or through the GUI of Oracle Enterprise Manager Ops Center.
The article "How to Get Started Creating Oracle Solaris Zones in Oracle Solaris 11" shows how easy it is to create, install, boot, and automatically configure Oracle Solaris Zones, creating a ZFS data set and network. The article also demonstrates how to add an application to a zone using the Oracle Solaris Image Packaging System and then clone the zone to create a new zone that has the same configuration.
Oracle Solaris Remote Lab provides a good example of how to achieve a business solution by building a cloud with Oracle Solaris 11. The Lab is a benefit of Oracle PartnerNetwork (OPN) members at the Gold level and above who are also members of the Oracle Solaris Knowledge Zone, and it provides them with live, web-based environments running the latest major release of Oracle Solaris, which they can use for testing and validating their applications.
Figure 1. Oracle Solaris Remote Lab
To test and verify their applications on the Lab, developers typically will do the following:
Note: Step 1 of Figure 1 states "Check out Virtual Machines." As explained earlier in this article, Oracle Solaris Zones perform a function similar to virtual machines and, therefore, can be thought of as virtual machines, but they are more lightweight and powerful.
Developers will iterate steps 3 through 7 to tune and improve their application for best performance.
The Lab is based on the cloud technologies that are at the core of Oracle Solaris 11. It is a virtual lab that grants users remote access through a secure web browser to virtual machines created as Oracle Solaris Zones. Instantly, users can have access from anywhere, anytime, to a secure and isolated testing environment running Oracle Solaris 11. They can create their own zones easily with a single click, avoiding the need to acquire, build, and provision servers for their own test environments—a significant savings in cost and time.
These ready-to-use virtual machines are implemented at the Lab as either SPARC-based or x86-based Oracle Solaris Zones, with Oracle Database, Oracle Fusion Middleware, and/or Oracle Solaris Studio preinstalled. Oracle Secure Global Desktop provides access to users' zones through command-line terminal sessions or full-screen Oracle Solaris desktops. Oracle Secure Global Desktop also provides remote file transfer capabilities between users' local systems and their assigned secure storage at the Lab.
Let's take a quick look to see how all this was put together to create a public cloud. Later articles in this series will get into some of the details.
As a developer cloud, the Lab relies on the virtualization technologies native to Oracle Solaris 11. Resource sharing through virtualization greatly improves the total utilization of the lab's back-end compute and storage servers. The Lab implementation of compute, data, and network virtualization uses Oracle Solaris Zones, the ZFS file system, and Oracle Solaris 11 network virtualization technology.
The Oracle Solaris Remote Lab implementation uses Oracle Solaris Zones extensively. NFS servers and Oracle Secure Global Desktop servers are all implemented in Oracle Solaris Zones. New zones are created by cloning existing zones, which copies all the source zone's properties and provisioning. The new zone includes all the changes and configurations that were made to customize the source zone. Zone cloning requires very little overhead and significantly less time than fresh creation of a new zone, and it provides users with immediate access to ready-to-use zones that are already configured with application software such as an Oracle Database instance or Oracle Fusion Middleware.
ZFS is the default file system for Oracle Solaris 11 and for Oracle Solaris Remote Lab. With its self-healing capabilities, transparent encryption, and snapshot features, ZFS simplifies the deployment and management of petabyte-scale storage. ZFS introduces the concept of a virtual storage pool, which decouples the file system from physical storage in the same way that virtual memory abstracts the address space from physical memory, allowing for much more efficient use of storage devices. The details will be described in a later article.
A web-based portal provides the main entryway into the Lab. Users log in to their dashboard from any web browser to manage their virtual machines (as Oracle Solaris Zones), open terminal sessions or full-screen Oracle Solaris desktops, and initiate file transfers.
From their dashboard, users can create up to five virtual machines (zones), which can be either x86 or SPARC machines or a combination of the two. The dashboard also allows users to reboot within seconds and delete their zones securely.
Each zone has 4 GB of RAM and 10 GB of disk space, and users can select to create zones from a library of Oracle Solaris 11 images that have provisioned database or middleware software preinstalled.
Requests to create a new zone are added into a work queue in the front end. Provisioning of the zones is done in the back end, where one of several servers initiates and creates the zone, which is ready for use within a few minutes.
The work queue, a MySQL database, provides the main communication channel within the Lab. It acts as a queuing system where all the requests for the back end provisioning services are recorded. Java agents from servers in the back end regularly poll the database looking for any outstanding job requests they can perform.
To access their zones, users open terminal sessions or full-screen Oracle Solaris 11 desktops from their dashboard. The implementation is with Oracle Secure Global Desktop, which uses a remote display protocol (Adaptive Internet Protocol, or AIP) to provide secure remote access to desktop applications remotely from a variety of systems and mobile devices. Oracle Secure Global Desktop provides excellent performance even over high-latency WAN links.
When a user registers with the Lab, an Oracle Secure Global Desktop server zone is created and assigned to the user. It occupies the unique VLAN where the user's zones were also assigned, which is connected to an Oracle Secure Global Desktop Gateway in the front end of the lab. The gateway directs user network traffic to the correct user VLAN and zones.
An NFS server implements permanent data storage at the Lab through a shared directory,
/data, which is mounted in a dedicated NFS server zone that appears in each user's zone. Sharing data between a user's zones is just a matter of copying files to and from
File transfers between a user's local computer and the Lab zones are handled by file upload and download mechanisms that utilize the dedicated NFS server zone created for the user. The upload mechanism permits transfer of files from a user's local system or device to the shared
/data directory, making the files accessible to all of the user's zones. Similarly, downloads to a user's local machines are accomplished by placing the files to be transferred in the
/data directory and initiating a file download from the dashboard.
A developer cloud requires that every user's data, applications, and network remain private. Since virtualization is all about resource sharing, providing a high level of security is critical. At the same time, the integrity of the entire system should be protected at all times from attacks by intruders.
A significant level of security is achieved at the Lab by isolating not only front-end and back-end servers from one another, but also by the virtualization technologies utilized. Data, compute resources, and network security were major concerns in the design of the Lab. A later article will explain how each was handled.
Administration of a developer cloud such as the Lab includes user account management, software package management, resource auditing, and operations monitoring. The entire user experience is provided by scripts that do everything from handling user login/logout to creating and deleting virtual machines and updating the installed software. A later article will describe how all these features were implemented using standard Oracle Solaris 11 components.
In this article, we've described some of the basic virtualization components of Oracle Solaris 11 used in building a cloud service. And, we introduced Oracle Solaris Remote Lab as an example of a cloud that provides users with a controlled virtual environment to test and validate their applications.
In our next article, we take a look at how Oracle Solaris 11 provides data security for Oracle Solaris Remote Lab.
Ron Larson is a forty-five-year veteran in the computing industry with extensive experience in computer and software systems design, prototyping, and implementation. He is currently the project manager for the Oracle Solaris Remote Lab project.
Richard Friedman is a freelance technical writer with over thirty years of experience working in high-performance computing, software application development, and programming languages
|Revision 1.0, 03/17/2014|