Migrating Applications to the Cloud IT Summit 2014 June 5, 2014 Thursday 11:25AM-12:15PM Emerson Hall - 105
Jan 15, 2015
Migrating Applications to the CloudIT Summit 2014
June 5, 2014 Thursday 11:25AM-12:15PM Emerson Hall - 105
Agenda
• Introduction to “Migrating Applications to the Cloud”
• Sharing our experiences
• Lessons learned
Introduction
Presenters
• Magnus Bjorkman, Technical Manager, Identity and Access Management Program
• Carolyn Brzezinski, Technical Lead, Student Information System Program
• Greg Freiter, Software Development Manager, Identity and Access Management Program
• Rob Parrott, Senior Architect, CTO Office
Introduction to “Migrating Applications to the Cloud”
IT Challenges
● Infrastructure cost: doing more with less
● Infrastructure cost: enabling engineering and best
practices
● Bringing services to market quickly
● Reducing operational overhead
● Adapting to rapidly changing technology landscape
● Growing expectations of performance and availability
Cloud platforms are designed to solve these challenges ...
Why go to the Cloud?
Fast and Flexible High Quality
Low Cost
24x7Fault Tolerance / High Availability
Paradigm shift is needed to fully leverage the cloud
• You give them a name
• You have a few
• You care for them when they are sick
VS
• You don’t give them names
• You have many
• There is always more cattle
Sharing our experiences
Identity and Access Management (IAM)
Applications currently in production in the cloud• Harvard Connections• App Portal that handles PIN Registration
Application Architecture Overview• Standard Web based applications and services running in a Java Tomcat
environment• Java applications for moving of data• LDAP/AD/Oracle Database for data storage
Target Scope for Cloud• Migration of all custom applications
● Fast and Flexible - Keep away from Pet mentality - API enables us to Automate Everything, Lose Nothing ● Lower Cost - Cost savings by keeping Production running and deploying the environment in DEV and Test as
needed
● Agile Process - Make it “good enough” and iterate over it again and again
First Deployment: Connections Architecture
Supplied by: Evgeny Platonov
Second Deployment: App Portal
● Higher Quality - Evolved from existing automation which fosters Consistency and Reliability (Higher Quality)
● Highly Available with cloud components such as Load Balancer and Auto Scaling as well as S3. As you can see we have not taken full advantage.
● Lower Cost - Auto Scaling to save Cost and Flexibility with resources such as VMs.
Student Information System and AWS
Applications currently at AWS• Oracle Campus Solutions (CS) Sandbox• Oracle Oracle Business Intelligence Enterprise Edition (OBIEE) demo application• OBIEE demo with scrubbed Harvard data• UPK (User Productivity Toolkit)
Target Scope for AWS• All Campus Solutions VMs
Considerations for Moving a Packaged, Enterprise Application to AWS
Functionality• Will the Campus Solutions application work when deployed to AWS? • How will OBIEE connect to the Exalytics servers that physically reside at 60 Oxford Street?
Performance• How does an environment deployed to AWS handle under load?
High availability• What options are available to ensure the availability of the application on AWS?
Flexibility/scalability• How dynamically can the application be scaled on AWS?
Support• Will you be supporting the AWS environments with an internal team or 60 Oxford Street
resources.
Campus Solutions Scaling Strategy
● Fast and Flexible with Auto Scaling to accommodate seasonal load.● Highly Available with Servers located in different Amazon regions, loadbalancer and Auto Scaling. DR
supported in-house rather than by a third party.● Lower Cost - No need provision, maintain and pay for servers that are only needed to support
seasonal load.
HPAC: Harvard Web Sites
• Includes www.harvard.edu, news.harvard.edu, campaign.harvard.edu (Drupal & Wordpress app platforms)
• Goals:• Better performance:
• Handle arbitrary spikes in traffic, in particular from noteworthy events and DDOS attacks
• Uptime• Fault-tolerant architecture
• Release management• Transition to more rapid release cycles• Move from legacy hosting platform• Automate release cycles
• Cost reduction over Rackspace hosting
HPAC: Harvard Web Sites
Highly Scalable“Caching” layer
Web App Tier: Read-only
Performance & Availability: use of a cache layer that’s highly scalable provides incredible performance at cheaper cost.
Testing indicates: 70x performance boost even before using CDN, with cost reduction of 25-65%.
SEAS: Datacenter VPC
Goals
• Minimize costs
• Capital costs of equipment and datacenter within SEAS
• Operational overhead of on-site infrastructure
• High cost of HUIT colocation
• Opportunity for rapid adoption and migration to cloud
• Self-governance
• Appropriate level of isolation from Harvard-central services and
networks
• Control over own services and assets, but tied to larger HUIT
environment
SEAS: Datacenter VPC
SEAS Managed Environment
HUIT Central Environment
AWS enables significant cost reduction and fast migration compared to on-campus alternatives.
Lessons learned
How do you manage all this? - People, Definitions and Version Control
Developers
NetworkAdmin
Sys Admin
DatabaseAdmin
VS
Infrastructure as Code (e.g. CF JSON and Puppet MF)
Cloud Infrastructure Engineer or DevOps
Cloud Provider Tools and Change Control Tools
DevelopersCollaboration
Service OperationService Design/EngineeringSME Consultation
(Infrastructure/AWS)
Service Transition
Management and Monitoring Product Team
Architect
Cloud Infrastructure Engineer
Developers
Release Engineer
Infrastructure Definitions (e.g. CF JSON and Puppet MF)
Application Packages
DevOps
Operational Configurations
Management and Monitoring
System
QA
Security Specialist
CI Tests
Stage
Architecture and Standards
Production
Ops Engineer/Support
Environments created as needed and one environment per user
Management and Monitoring System Product
Management and Monitoring Product Team
NetworkSpecialist
Sys AdminSpecialist
DatabaseSpecialist
ManagementApplication Packages
Management and Monitoring
System
TransitionManager
TechnicalWriter
Dev
Identity and Access Management
Active and Collaborative
CI Server (Jenkins)
How do you manage all this? - Service and Release EcoSystem
Application Code
Data Movement in the Cloud
For batch execution and scalable reliable, fault tolerant data movement, use FTP approaches (including S3) and message queues
VPN useful primarily for application migration, legacy apps, and low latency network connectivity. However, not scalable.
IAM team started with VPN access, but is developing alternative approaches
Services Needed for Cloud
As applications are migrated to cloud, need to bring along operational services to support them, or develop new such services.
• Logging and analysis (Splunk in the cloud)• Instrumentation and monitoring dashboards• Bastion and administrative access• Harvard IAM -> Cloud IAM integration• Package management and updates• Resiliency Testing (Chaos Monkey, Simian Army)• Application Testing and Release Tools
Lessons Learned
• Application Requirements Differ. Some applications will be easier to deploy to the cloud than others, and some applications will be able to take advantage of the benefits of the cloud more so than others.
• Move Incrementally. Do not try to move everything at once. Move things incrementally and improve your management of the cloud incrementally.
• Cultural Change is Difficult. Switching from Kittens to Cattle is hard. We have to train ourselves in throwing away environments frequently and rebuild constantly. The process of doing this is a big part in what makes our management of the environment better.
• You Own It!! The cloud provider will only provide service to a specific point with a very clear delineation. Everything else is up to you.
• High Effort. It takes a long time to build this correctly.• High Reuse. When you have built it correctly, you can leverage it over and
over again.
Epilogue: Cloud & HUIT
Cloud Services at HUIT Today
● Access to Amazon Web Services under Enterprise Agreement
● Direct billing to your 33-digit code● Volume discounts ● Onsite training opportunities● Support
○ Access to Solution Architect & Rapid Adoption resources
○ Upcoming Enterprise-level support
● HUIT Private Cloud Pilot● On-premise complement to AWS● Aimed at DevOps workloads● Due for availability at the end of June
http://cloud.huit.harvard.edu/
Cloud at HUIT Tomorrow
Challenge: Cloud democratizes IT, but enterprises need standards and some level of governance.
Challenge: Cloud requires a significantly different set of skills and approaches
Challenge: Organizational readiness.
HUIT has formed a Cloud & DevOps Working Group charged with developing an ambitious HUIT strategy – to be delivered at the
beginning of July – for meeting the challenges of cloud & devops adoption.
Questions
Appendix
Supporting documentations for questions