This week I spent some time discussing our strategy with several analysts – really in-depth conversations on how Carpathia has a different strategy when it comes to “cloud” vs. many of our competitors. While different to our competitors, our cloud strategy builds on our core competency of running IT infrastructure. Where we differ is we do not see managed and cloud as mutually exclusive - in fact, it’s just the opposite - two living in harmony within the same customer solution.
One of the ways we differ from others in the hosting industry is something we call the Carpathia Services Platform, or CSP. Many of us “Carpathians” cut our teeth in the telecommunications industry then moved to Managed Service Providers. So it shouldn’t be a surprise to anyone when we describe CSP and developed its capabilities we used a lot of proven telco tools and techniques to create our delivery platform. We talk about operational support systems (OSS) and Business Support Systems (BSS), a service tier which gives us an abstract layer to deliver innovative services on-top of the same underlying platform. In fact we even use Erlang’s to describe the utilization and subscription characteristics of our cloud compute platform. At the end of the day, managing a finite set of resources (compute, storage and bandwidth) for a large number of customers is really no different than figuring out how many call minutes can be squeezed through a T1 circuit.
A unified storage tier is a key tenant to any such strategy. We look to optimize our storage solutions based on a number of parameters; cost, performance, availability, dispersion, etc. The building blocks in this strategy are SAN, NAS, and now Cloud Storage solutions - each meeting a set of customer requirements while all being delivered as an easy-to-consume resource.
This week one of our partners, Parascale goes GA with a cloud storage solution. We have worked very closely with their team over the last 6 months, integrating the ParaScale solution into the CSP. At a high level, Parascale provides CSP with two key capabilities:
Cloud based storage solution. Parascale quickly allows you to assemble petabyte scale storage clouds from a cluster of unbalanced machines. Behind the scenes, Parascale is an object-based store, but provides a thin virtual file-system layer allowing customers to gain access to the storage in a very familiar way; use it as a file-system vs. re-coding applications.
Cloud storage “bus”. We also use Parascale inside the CSP to create a storage bus allowing us to integrate dedicated/managed servers with our cloud solutions. This is a key tenant for our cloud-bursting solution we call InstantOn
Congrats to the team at Parascale. We will be talking more specifically about how CSP has helped customers in coming blog posts.
The blogsphere has been really active over the past couple of weeks with discussions on the economic sense of cloud computing to customers. This seems to be dominating the usual technology discussions. The debate has been triggered by some changes in public cloud pricing models, most notably with Amazon’s EC2 reserved instances - “Pre-pay for your compute and then get a lesser rate per CPU hour”.
What’s our take?
Well let’s start with what you plan to use the cloud for. Let’s assume you have some degree of predictability in the workloads of your IT infrastructure. Very few enterprise or federal customers can “switch the lights off” at night time on their infrastructure; email doesn’t stop and databases are still used to build reports. Also very few enterprise apps like to scale (both in terms of technology and license model) in fractions of a machine. So this means enterprises have a natural “commit” level that matches their workloads.
So making the assumption you need some degree of servers available all the time, we used the online cloud pricing tools and modeled the costs for customers. We took a few sample configs for our servers, other managed hosting companies who publish prices online, and compared them to public cloud providers. What we found is, if you figure out the number of CPU hours for a month then create a comparable spec machine (cores, ghz, memory and disk capacity) in all cases purchasing a managed server was cheaper than the cloud equivalent. The same goes for storage - and even more so for bandwidth - where in the cloud model you typically pay for actual bytes transferred vs. some form of 95th percentile or bandwidth average.
So where does cloud make sense for enterprise customers?
At Carpathia we are seeing demand for all three of the scenarios presented below and have been very busy the past few months engineering solutions to meet these requirements.
Burstable capacity to support production environments where some demand event - be it seasonal or more dynamic - requires compute/storage for a short duration.
Labs, development and test environments where the ability to take advantage of the underlying virtualization software to rollback, play forward configurations, revisions, types of servers is important to simulate or test scenarios and you can “switch off the lights” when not in use.
DR, if your recovery time objective is in hours, why pay for a copy of production that’s always powered up? Why not pay for data synchronization and use the cloud when you need it?
Lets focus for now on #1. Our solution to this problem is a family of services we call AlwaysOn and InstantOn. AlwaysOn delivers the predictable “commit” portion of their IT infrastructure using traditional IT infrastructure. Customers can take advantage of servers, virtualization, san, loadbalancers, etc., etc. InstantOn connects AlwaysOn to cloud-based technology allowing storage and compute to be seamlessly added to a production environment. This provides customers the benefits of a traditional managed environment; availability, security, predictability plus the ability to take advantage of the cloud to meet bursts of capacity in very granular units.
Most importantly AlwaysOn/InstantOn are delivered as managed services so our customers know who to call if they need help. We monitor the performance 24×7 and proactively take action.
Expect to hear a lot more about these services in the coming weeks, we have lots of things we are looking forward to sharing…
During the late 90’s extranets were all the rage. At that time, I was working for a large telcom where we sold a service called “extranet complete” which was basically a portal and some simple collaboration software connected by VPN. The goal was for two organizations - typically partners - to share information to help streamline business processes. Extranet’s fizzled out before the mid-2000’s and not often discussed in today’s world of wiki’s, social software and SaaS.
At Carpathia Hosting, we are starting to see something very interesting happen. Organizations not only want to share data but in some cases, also share computing resources. This is driving a very interesting cloud formation - semi-private clouds. In this model, the organizations share not just data but compute resources to process the data or solve parts of a complex B2B problem. This approach takes out several of the problems of the previous generation extranets and makes the data a whole lot more interesting when you can directly interact with it.
I’d be very interested if other folks are seeing this trend building and the demand for these kinds of solutions.
What do you get from migrating hundreds of customers into datacenters? Experience. That’s the foundation of a new solution we are very excited about. Today we launched our datacenter migration methodology which focuses on the most efficient way of taking new or existing IT Infrastructure and moving to a hosted environment with Carpathia. The methodology itself is a five-step process that covers all aspects of a migration - from planning to testing/verification, and finally go-live - all based on ITIL V3 best practices.
To support the methodology, we have developed a tool called the Carpathia ColoConfigurator (C3). C3 guides customers through all the data points we need to capture. You can visit C3 at http://carpathiahosting.com/services/colocation
C3 comes in two flavors. Expert, a single form that captures everything we need for a customer who already knows the power, space and service requirements for an IT infrastructure. Probably best thought of as a streamlined way to share information with Carpathia. The second is the Wizard mode. This version walks a customer through the five-step process to capture all the data needed. Instead of focusing on power/space, it captures the actual make/model of the equipment. We’ll then use our database to figure out optimal space and power. In both cases our solutions engineers return a detailed proposal including best practices in 2 business days.
I’ve spent the last 10 years of my career really getting to grips with effectively monitoring complex computing environments. This has become even more challenging as virtualization has made such inroads in datacenters and with cloud computing looming on the horizon. Last week I spent some time with Javier Soltero who is the co-founder and CEO of Hyperic. Hyperic has been really breaking new ground in the space and also being very disruptive with their opensource approach. You can read the full interview along with the next chapter of the “Datacenter of the Future” titled “Monitoring, Management and Service Frameworks” in the Datacenter Journal newsletter or download as PDF here
Q&A
Jon. Monitoring is typically seen as the last step of any deployment, often not considered during the development. Do you see customers embracing a tighter coupling of the entire software lifecycle with engineering IT Service Management Solutions?
Javier. Absolutely. It’s a very encouraging trend especially among SaaS companies and other business that are heavily dependent on their application performance. The really successful ones spend time building a vision for how they want to manage the service. That vision then helps them select which technologies they use and how they use them. Companies that build instrumentation into their apps have an easier time managing their application performance and will resolve issues faster.
Jon. Customers are really embracing IT Service Monitoring as a key element to not only understand performance but also ROI for IT investments, what challenges do you see for customers to adopt these technologies?
Javier. The biggest challenge we see is the customer’s ability to extract the right insight from the vast amount of data available. The usability of these products also tends to make the task of figuring out things like ROI and other business metrics difficult. Oftentimes a tool that can successfully collect and manage the massive amounts of data required to dig deep into performance metrics lacks an analytics engine capable of displaying the data in an insightful way. And vice versa.
Jon. End user monitoring has typically been delivered with synthetic transactions, this has certainly been a valuable tool. How do you see this technology evolving?
Javier. The technology for external monitoring of this type will continue to evolve as the clients involved for these applications get more and more sophisticated. For example, a user might interact with a single application that includes components from many other external applications and services. The ability for these tools to properly simulate all types of end-user interactions is one of the many challenges. More important is the connection of the external transaction metrics to the internal ones.
Jon. Monitoring is one part of the equation, mapping availability and performance makes this data useful. With virtualization playing such a big part of datacenters today, how do you see tools adapt to meet the challenges of portable and dynamic workloads?
Javier. The most important element of monitoring in these types of environments is visibility into all layers of the infrastructure and the ability to correlate information. Driving efficiency in dynamic workload scenarios like on-premise virtualization or infrastructure services like Amazon EC2 requires information about the performance and state of the various layers of the application. Providing that level of visibility has been a big design objective of Hyperic HQ from the beginning and it’s helped our customers do very cool things with their infrastructure.
Jon. How do you see monitoring and IT service management evolve as cloud computing becomes more pervasive?
Javier. Cloud computing changes the monitoring and service management world in two significant ways. First, the end user of cloud environments is primarily a developer who is now directly responsible for building, deploying, and managing his or her application. This might change over time, but I’m pretty sure that regardless of the outcome, Web and IT operations roles will be changed dramatically by this platform. Second, this new “owner” of the cloud application is trapped between two SLAs: an SLA he provides to his end user and an SLA that is provided by the cloud to him. Cloudstatus.com is designed to help people address this problem.
Jon. Do you see SaaS model reemerging for the delivery of monitoring tools themselves, where customers will use hosted monitoring solutions?
Javier. Yes, but it will be significantly different from the types of SaaS based management solutions that were built in the past. The architecture of the cloud is the primary enabler for a monitoring solution that, like the platform that powers it, is consumed as a service.
Its been a very busy week at Carpathia, we launched the first of a series of integrated hosting packages aimed at addressing customers business challenges.
One comment/complaint we hear all too often is “my Internet presence is sprawled across many service providers and now I want to add a new service. I don’t want to continue adding more vendors and service providers”. So we did the logical thing and bundled services together and offered an integrated package. Our first release brings together, email, corp website, file sharing, CRM and Blogging platforms with fully Managed; server, firewall and backup solutions and included engineering time to onboard to the new environment.
We are also hearing how customers are tired of trying to interpret “speeds and feeds” to figure out if the service can deliver what they need. So we are taking a stance to talk and lead with services … a theme you will increasingly see from Carpathia.
Over the holidays I sat down with Ron Gula , CEO of Tenable Network Security to talk about how security, privacy and compliance will be forced to evolve to meet the demands of cloud computing, dynamic/portable workloads and a very new kind of outsourcing that’s emerging from these architectures. Ron had some very interesting points. You can also read the next chapter of the “Datacenter of the Future” titled “Security, Privacy and Risk Management” at the Datacenter Journal or download as a PDF here.
Jon. How do you see the adoption of cloud computing impacting the way we think about security today? Ron. As with any new technology, there are advantages and disadvantages. I got a good start in my career working for US Internetworking in the late 90s where they were able to get customers to outsource their critical applications like Peoplesoft and SAP. I would love to make the argument we were more secure than the customer and that this was the main reason they wanted to give us their business. However, each customer was different. Sometimes they were outsourcing because of the cost model (rent vs. own), sometimes it was a manpower issue (USi was 24×7, and they were not), sometimes it was Internet bandwidth and sometime it was security. Of course in the 90s, some customers were still impressed that we had firewalls.
Today, as we look into the 21st century, I feel cloud computing will be something used in every
organization mostly as a method to save on costs. My concern is that users of cloud computing will
wash their hands of the security issues surrounding cloud computing. Who runs these servers? How
secure are they? How reliable are they? Some organizations that are interested in these types of
technologies might not even know to ask these sorts of questions.
Jon. One of the challenges of any security system is the sheer volume of data that needs to be
processed and interpreted. Unified Threat Management was the solution to this in today’s
infrastructure solutions. What role do you see UTM providing in cloud computing environments? Ron. I think one of the big problems with security today is that computers are too flexible. They can
have a variety of purposes, uses and configurations. This gives the rise to complexity which is
often said to be the enemy of security.
My hope that in a cloud computing environment, customers will make use of single purpose
applications. For example, consider a web farm that runs 1000s of web servers. I would expect that
they are all configured, secured, patched and hardened the same way. This save you money and time and also makes it easy to spot when something isn’t configured correctly. If you have single purpose servers that are used a certain way, when they break, become compromised or have some sort of error, they behave differently. And lastly, when you go to harden these single purpose applications, it is much easier to know how they will work so you can put appropriate security measures like firewalls and system security settings in place.
My point here is that if done right, outsourcing a single application to a cloud computing service
can be very efficient and secure. If you were to compare this with an organization which simple
provided Linux operating systems to you, and it was up to you to configure and run these your
selves, you might still be "in the cloud" but you don’t have any of the benefits of the single
purpose applications.
And finally, to get back to UTM, if you have a cloud computing environment which is single purpose
(like a bunch of similar configured web servers) your UTM should be looking for behavior indicative
of a compromise or error. These are deviations from "known good" behaviors. In a random or mixed
environment, the UTM will be looking for "known bad" behaviors such as virus outbreaks, attacks
detected via intrusion detection rules and so on. There has been much written on looking for known
good and known bad behaviors. I am very much in favor of looking for "known good" but I also
understand that enterprise networks can be complex, even if there is an attempt to keep things
simple. Either way, you need a UTM (SIM, Firewalls, logging, IDS, anti-virus, etc.) to watch your
network. I just feel you are much more effective when monitoring for "known good" than "known bad".
Jon. All good security solutions blend proactive and reactive security systems as a way provide a
holistic picture of an environment. How do you see these tools adapting in highly virtualized and
dynamic computing environments? Ron. There are some very, very cool reactive network security technologies that have been produced over the past decade. Unfortunately, I see very few of these being deployed operationally. The issue is reliability.
For example, if you want to reconfigure a firewall after a network IDS sees an attack, the IDS
better be right more than %99.99999 of the time. The first time it is wrong and legitimate traffic
is blocked, you have both a technical issue of needing to fix this detection rule, as well as a
political issue of impacting legitimate traffic.
What I do see is that anytime an organization can combine hardening of their network to only allow
authorized services with automation, they usually have a well run network. Hardening a network means different things to different people, but through the use of firewalls, running minimal configurations per host and having minimal user accounts a network can reduce the amount of potential attack space that can be exploited by an insider or outsider. Automation makes things happen regardless if a user is there to run the test as well. For example, patch and configuration auditing can detect a vast majority of missing patches and configurations which are against policy.
In virtualized environments, this is no different. The fact that a system is virtualized does not
make it any less immune to an attack. If an organization does not have the proper approach to
looking for unauthorized activity, configurations and changes to their network systems, be they
virtualized or real servers, they will likely have many servers that are vulnerable to exploitation
of some sort.
Jon. What opportunities does Cloud Computing provide to security companies. Do you see the management of security itself becoming a cloud service? Ron. As we move further into the 21st century, we will see the emergence of new types of business models as well as new types of technologies that enable new types of services. In the late 90s, the state of the art MSP could watch your firewall and do some automated vulnerability scanning. Today, you can get an MSP to run your SIM, gather all of your logs, perform brand protection and certify that your ecommerce system meets the standards of the credit card industry. You can also get services for almost every type of function that occurs in your network including authentication, secure email and SPAM filtering, secure web hosting, secure chat hosting, secure DNS, secure data storage, secure SQL databases and so on. Many of these service companies offer combinations of various types of services as well.
What this means for a security company is that they have options. If are running a security company
and want to deliver a service to your customers, you now need to calculate if running your own
infrastructure truly gives you any advantage over running your own. The advantage could be a cost
savings, a time to market savings, or even some sort of scalability that would be hard to do alone.
Lastly, if you are funding a security company and concerned about cash flows, sometimes it is
difficult to decide how much money you should invest in your infrastructure before going live or
making any profit at all. With cloud computing, you can focus on getting your service offering
correct and purchase what you need from a cloud computing vendor as you go.
Its been a very exciting few months for me since joining Carpathia Hosting (does that make me a Carpathian?). For the past 15 years the focus of my career has very much been on managed services and delivering them remotely where possible. During this time I treated “hosting” as a commodity and a field with very little innovation occurring.
Boy was I wrong. Now I’ve had chance to roll my sleeves up, get connected with my industry peers, and start talking to our customers I see just what an exciting evolution or perhaps revolution is occurring inside the hosting business.
The first area I should mention is facilities/datacenter design itself. The last 3 years has seen more advances in datacenter design than from when the concept of putting computing together in a dedicated room occurred 25+ years ago. With the cost of electricity continuing to rise and the difficulty in many locations to obtain sufficient power, it’s true economic factors are driving these changes. We are now talking about completely new designs for datacenters making use of airside economizers to cool the datacenter for at least a portion of the year with outside (non-chilled) air, containing the heat from IT infrastructure and selectively cooling in racks vs. large CRAC units. A high degree of collaboration is occurring in the hosting industry and customers with significant hosting needs who are building their own datacenters. One such community that’s not just discussing the change but driving them, is Data Center Pulse. Now with over 300 members in 21 countries and in just 90 or so days of forming, it’s obvious how important this subject is and will become to all of us.
The second area is the dramatic change, dare I say paradigm shift is cloud computing. While the term cloud computing has been overused (read abused), the fundamental premise of providing customers access to IT resources as a services is here to stay. While I don’t think enterprise and federal customers will ever migrate completely to a cloud solution, there are many opportunities for them to use burstable capacity for specific workloads to balance their IT costs and operational risks. Over the past few weeks I’ve had several conversations with our ecommerce customer base about how we can enable them to make use of this technology. One such customer asked, “Won’t cloud put you out of business?”. This is a logical conclusion to draw when you consider the fundamentals of hosting. My take is cloud is a huge opportunity for Carpathia both in terms of building private and semi-private clouds for our customers and encompassing cloud and traditional hosting with services to help manage this increased complexity.
The final area I see changing is the services offered by hosting providers. With the new degree of complexity pairing facilities that now need to be actively managed with new workloads/architecture patterns, customers will need services that move up a level from the traditional managed services hosting providers deliver today. With the pedigree of the Carpathia executive team this is a very exciting aspect of the hosting business evolution for us. We plan on embracing this need with a suite of datacenter optimization services. Our first services of this genre are in beta test with customers.
This brings me to another aspect of this blog. In the past, new services and enhancements to existing services tended to be developed very much like the waterfall software methodology in that requirements went in, product dropped out with little interaction with customers. We plan on shaking this up by launching Carpathia Labs, providing customers with early access to solutions and services in development, offering feedback and helping us to continue to evolve. It will also give our customers more direct access to the “Carpathians” making our product and services engineering model much more agile. More to come in a future blog post…
If you would like to read more about the changes we see in the datacenter please check out “Datacenter of the future”.
Blogs 
