Order from us for quality, customized work in due time of your choice.
Abstract
The rapid growth and demand to promptly provision, scale and delete resources from a self-service cloud portal or an Application Programming Interface (API), has drastically changed how IBM and our industry have brought agility to information technology resources. In this paper, we will discuss the development and evolution of the IBM Research Cloud Integration Solution and provide our analysis and history of cloud deployment and automation readiness.
I. Introduction
Cloud automation, with a high degree of agility, is critical for businesses to succeed with the new, advanced cloud based workloads that depend on rapid deployment of IT resources. Several years ago, researchers and developers at IBM began to create their private clouds to support their growing business needs for IT resources in minutes, versus project months. Researchers needed to deliver a differentiated experience quickly. This also meant connecting and using all relevant data, no matter where it lived. This changed the way we look at integration. This was achieved by developing a solution which combines and brings together technology, people and ideas to reap the most from their IT environment.
Today, IBM Cloud and automation are part of all new Research projects and solutions. New technologies, development, and operational models driven by the industry are continiously integrated into the IBM cloud at a rapid pace. IBM Research drives many of these emerging technologies and integration while also benefiting from the increased efficiencies including rapid scale, high availability, increased security posture and all at a fraction of the cost compared to several years ago. IBM Cloud encompasses a comprehensive set of components and capabilities including public, private,
and hybrid deployment offerings. IBM Bluemix, a component of the IBM Cloud, brings together platform and infrastructure services that offer a rich assortment of infrastructure, cognitive, software and services. A recent survey indicates that 93% of organizations are using some form of cloud service [1]. The perception of public cloud services continues to improve and is at a point now that those who trust these public cloud services outnumber those who distrust them, by a margin of 2 to 1 [1]. The IBM Research Information Technology (IT) enviroment utilizes both public and private service capabilities of the IBM Cloud offering.
II. History
IBM Research came to the realization, in 2007, that an investment in a general cloud solution for our Research projects was essential to our business. In 2008, the first version of the IBM Research Compute Cloud was introduced to the community. A decade later, we can see the impact cloud has had on the information technology industry including IBM Research. There are various types of cloud deployment. Private cloud is a deployment of cloud, where an organization or a third party owns and maintains the dedicated infrastructure and platforms specifically for use by the organization [2]. This type of model is usually behind a corporate firewall and can be either local, on premise, or dedicated, off premise at the cloud providers data centers. In contrast, a public cloud is a deployment model providing cloud resources to any individual consumer or business from a pool of shared resources. Shared resources build on economies of scale to drive cost down. Public cloud providers typically provide some level of security and resource isolation while sharing network, storage, compute, and application components. The sharing of these resources at the various levels drives the cost down compared to the dedicated resources that are required for private clouds. Hybrid cloud is a combination of the private and public cloud deployment models described above. There are various reasons why organizations, including IBM Research, utilize the hybrid model: efficiency, optimization, agility, cost, security, compliance and speed are several key factors.
The initial versions of the IBM Research Cloud offerings were all based on internal IBM private clouds. Although they provided greater efficiencies than historical approaches (i.e. traditional, dedicated, physical servers), IBM Research realized it needed to further optimize its information technology utilization, including their expense and capital investments. In 2013, IBM Research ran a study to understand how it could leverage public cloud and its expected impact. The Research study considered aspects such as; features, cost, and security in the analysis. In 2014, IBM Research introduced a new, hybrid cloud-based offering, which was created based on the analysis and conclusions of the study. This hybrid cloud offering has continued to evolve ever since and the environment is now referred to as the IBM Research Cloud Integration Solution. The IBM Research Cloud Integration Solution provides the ease of use and ability for individual IBM researchers to utilize IBM Cloud resources via an internal self-service portal for various configurations and solutions. The intuitive interface allows researchers to simply manage and use the cloud resources they need for their projects. The service also allows them to seamlessly access their cloud resources from the internal IBM network. A more recent advancement takes a major step forward by providing Platform as a Service (PaaS) integration (IBM Bluemix), in addition to the existing Infrastructure as a Service (IaaS) integration [2]. These integrations provides the IBM Research organization with increased features and agility, all while optimizing cost, security and compliance at various levels.
Fig. 1. 1 Illustrates the high-level components of resources available to researchers as part of the IBM Cloud Integration. It includes internal IBM Research resources, IBM Bluemix infrastructure and application resources, as well as, the Bluemix catalog of services. The environment has a number of IBM-defined security zones that indicate differing security requirements. The IBM internal network is illustrated by the light blue color. The external networks are illustrated by the yellow colors.
Researchers are guided to choose the environment or environments that best meets the need, which is often determined by the type of workload, data classification, export controls, and access models in partnership engagement scenarios. The automated process to provision resources through the self-service portal includes the installation of the security tools required to capture the data used for ongoing security monitoring and analysis. The IBM Research Cloud Integration Solution extends the geographically diverse, IBM Research internal network, by utlizing the distributed, worldwide presence and capabilities of the IBM Cloud and Bluemix infrastructures. This approach essentially makes the cloud resources local within the internal network, as it provides localized access to improve latency at the various worldwide Research locations. Furthermore, such geographically disbursed resources can also be used to address in country-specific regulatory requirements for specific projects. This network topology is the foundation that all the other capabilities are built on and a key differentiator for the IBM Cloud offering.
Fig. 2. 2 Illustrates a point in time snapshot of the resources currently allocated in the public IBM Cloud that are an integrated part of the IBM Research hybrid cloud which was introduced in late 2013. The figure is based on data captured in January 2016. These public cloud resources were provisioned by researchers via the custom self-service portal that was developed by IBM Research Integrated Solutions to facilitate ease of use and to deal with the various Operational Support Systems and Business Support Systems needs of the offering. There are about 1,400 active devices daily. The figure also illustrates that over 10,000 devices were provisioned and decommissioned over the span of about 2.5 years.
III. Cloud capabilities
The IBM Research Cloud Integration Solution contains full automation of IT security tooling and is built on APIs. Each component has a set of APIs that are used for the existing automation and are available for new solutions. This provides the ability to change the environment as needed. For example, if the network intelligence tools detect abnormal traffic flow from an Internet Protocol (IP) address in the Bluemix infrastructure side to the IBM internal network that may be having an impact on service quality or even detecting a denial of service, these tools can utilize the APIs to block that traffic or even shutdown the device generating the network traffic. The APIs can be used to isolate the security threat, minimizing the impact to the overall environment. IBM, like most organizations, has specific requirements on how and when to address security vulnerabilities (i.e. patching prioritization). When a device has a vulnerability that can be mitigated by a patch and the potential vulnerability has not been addressed by a due date, the security tools can shutdown the device, isolate it, or remediate the vulnerability by automatically patching the device.
The recent introduction of the IBM Bluemix Container service [3] built on Kubernetes [4] has provided new development and operational models. The use of portable, self-contained images for applications solutions, provides increased agility in deployment and operations. In addition to an extensive collection of APIs and logs, the platform provides a rich set of declarative metadata that can be used together to continuously drive efficiencies. These include autoscaling to address demand and cost, automatic vulnerability detection, and remediation without impacting availability. IBM has been a guiding force behind the Cloud Native Computing Foundation (CNCF), a community dedicated to innovation around a set of leading-edge technologies to enable the next generation of cloud-native development [5]. Kubernetes is CNCFs flagship orchestration engine. Amazon Web Services (AWS) just recently announced that it has joined the community due in part to the potential disruption Kubernetes may have on the AWS proprietary container-based services [6,7]. IBMs Container service is built on top of the IBM Bluemix Infrastructure network capabilities. It simplifies the adoption by automating cluster provisioning and the ability to grow and shrink the cluster. The cluster nodes are managed by IBM Cloud and the network is controlled by the IBM Research integration team. The IBM Research Cloud Integration Solution has implemented multi-tenant clusters for increased resource and cost optimization. This allows the research DevOps [8] teams to focus on the application and not on the underlying infrastructure. Additional tools are being developed that analyze resource utilization to identify idle resources that are candidates for decommissioning, which will further optimize (reduce) cost and avoid additional security risks.
IV. Securing the cloud
Security surrounding cloud environments still remains a major concern for todays organizations [1]. With the ever-increasing number and severity of breaches, it is certainly no surprise that security and compliance are of paramount concern for companies migrating to cloud environments. The IBM Research Cloud Integration Solution provides many data points and APIs, at various points of the overall environment, that are used by the security management tools and processes to address risk, compliance, and resiliency. Each data source that is part of the infrastructure – including the Operational Support Systems [12], Business Support Systems [12], network filtering, categorization/classification of systems and data for provisioned devices, individual provisioned device patch status, and vulnerability information, and provisioned device logs – are used by the IT security-related intelligence tools to assess and respond to the overall environment. The assessments are done both in real-time and over time to
understand trends in the environment and identify anomalies. The tools can utilize the hybrid cloud APIs and change the environment based on the assessment as previously described in several scenarios. These changes to the environment can then be iteratively considered in new environment assessments to understand the impact the changes leading to refinements and optimization of actions. The IBM Bluemix Cloud offering provides a built-in security service called Vulnerability Advisor [9], which is able to discover vulnerabilities in Docker [10] images hosted in the IBM Bluemix Container service. The set of capabilities offered by the container service, Kubernetes, and the Vulnerability Advisor service allows DevOps teams, to build automated operational pipelines that can patch the vulnerabilities immediately when detected, without any impact to the availability of the deployed applications. This is a key differentiator for IBM and a key capability that IBM Research DevOps teams will take advantage of as they continue to move their innovative applications and projects from traditional hosting environments to this new, hybrid platform. The need for such an approach is particularly evident in a recent study where 24% of the latest Docker images were discovered to have vulnerabilities [11]. In summary, the IBM Research Cloud Integration Solution demonstrates how to best exploit the services of the IBM Cloud (including Bluemix), based on both business and technical requirements. These requirements include cost, opportunity, security, and regulatory compliance, as determined by the IBM business standards, as well as, IBM customer requirements. We have seen the ongoing demand for new services, platforms, and the growing requirements for agile innovation and delivery in our own environment, and we responded accordingly. We believe that similar businesses and organizations may benefit from the same approach, based on our technical and industry analysis. The rapid growth and adoption of cloud in the marketplace has sparked great innovation and delivery for the information technology industry. IBM Research continues to improve and expand the ease of access and use of virtually unlimited IT resources, with the necessary automation and services to provide the necessary optimization in areas such as; integration, scalability, vulnerability management, environment integrity, and resource management.
References
- Building Trust in a Cloudy Sky, The state of cloud adoption and security, https://www.mcafee.com/us/solutions/lp/cloud-securityreport.html
- Thoughts on Cloud, http://www.thoughtsoncloud.com/2014/02/cloudcomputing-basics/
- IBM Bluemix Container Service, https://www.ibm.com/cloudcomputing/bluemix/containers
- Kubernetes, https://kubernetes.io/docs/concepts/overview/what-iskubernetes/
- Cloud Native Computing Foundation, https://www.cncf.io
- Amazon Web Services, https://aws.amazon.com/ [7] CNCF Welcomes Amazon, and so does IBM, https://www.ibm.com/blogs/cloud-computing/2017/08/cncf-welcomesamazon-ibm/
- DevOps, https://en.wikipedia.org/wiki/DevOps
- IBM Vulnerability Advisor, https://www.ibm.com/blogs/bluemix/2017/01/vulnerability-advisor-appsecurity/
- Docker, https://www.docker.com/what-docker [11] Docker Image Vulnerability Research, https://www.federacy.com/docker_image_vulnerabilities
- http://www.ossline.com/2010/12/definition-oss-bss.html
Order from us for quality, customized work in due time of your choice.