1 / 32

On-Demand Hosting Auto-Provisioning Hosting Services at EPA

On-Demand Hosting Auto-Provisioning Hosting Services at EPA. November 2, 2010. Rebecca Astin and David Pritchett. Agenda. Goals, Purpose and Benefits New On-line Ordering and Auto-Provisioning Tool On-line Service Offering Managed Development Environment On-line Ordering Interface

kostya
Download Presentation

On-Demand Hosting Auto-Provisioning Hosting Services at EPA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On-Demand HostingAuto-Provisioning Hosting Services at EPA November 2, 2010 Rebecca Astin and David Pritchett

  2. Agenda • Goals, Purpose and Benefits • New On-line Ordering and Auto-Provisioning Tool • On-line Service Offering • Managed Development Environment • On-line Ordering Interface • Future Service Offerings

  3. Purpose • Purpose: To provide an efficient and streamlined cloud hosting service to EPA Hosting customers • The solution must be… • On-Demand, Self-Service: Order services at any time with minimal human intervention • Broadly Accessible: Available over LAN/WAN network via common protocols/clients • Use Pooled Resources:Supports multi-tenancy via dynamically assigned and re-assigned physical and virtual resources • Rapidly Elastic:Scale usage in any quantity at any time • Measured Service: Resources are controlled, monitored, and optimized based on real time metrics

  4. Benefits • On-Demand Hosting • Users can request services in as little as three days with division and ISO approval • Servers are available using standard ports and protocols across EPA LAN/WAN and via AAA • Servers are hosted in a virtual cloud environment at NCC • Can request software, processing power, memory, disk space, server restarts, etc. as required (Rapid Elasticity) • Solution is monitored and status/usage is available via web interface • Service is available in Pilot Mode until March 2011

  5. On-line Ordering Interface • Self-service ordering via Web Interface • Extranet site (Log-in required – WAM credentials) • Website Available: December 1, 2010 • New services available to all EPA employees • Pre-defined selections for hardware and software • Required WCF products and services calculated based on selections made • Service requests are automatically routed for review and approval • Services can be provisioned, de-provisioned and reconfigured via the Web interface

  6. Current Service Offering • Managed Development Environment • NCC Private Cloud (on-site) • FISMA complaint virtual server • Isolated from EPA’s production network • Behind Network Extension Firewall • Red Hat Linux (Windows coming soon) • Accessible from EPA’s network and remotely via AAA • VMs protected by server-level firewalls (Reflex) • Supports HTTP/80, HTTPS/443, FTPS/21, SSH/22, SQLNet2/1521 and MySQL 3306

  7. Server Details • Server Type • Data Disk Size • 10gig, 20gig, or 40 gig • Guest Operating System (OS) • RedHat Linux 4 (32 bit) – Small and Medium Only • RedHat Linux 4 (64 bit) – Small, Medium, Large • RedHat Linux 5 (32 bit) – Small and Medium Only • RedHat Linux 5 (64 bit) – Small, Medium, Large

  8. Technical Architecture Network Extension + Virtual Firewalls

  9. NCC’s Service Offerings • Infrastructure as a Service (IaaS) • NCC managed FISMA compliant operating system • Customer managed application platform and deployment • Lowest cost option with minimal support • Platform as a Service (PaaS) • NCC managed FISMA compliant operating system • NCC managed application platform • Support for Apache Web Server, Tomcat, JBoss, MySQL, and LAMP • Customer managed application deployment

  10. Security • Network Extension Firewall • Separates the development servers from the production servers and isolates problems • Virtual Firewalls (Reflex) • Supports Multi-Tenancy by creating zones around each virtual server and groups of servers • Allows Intranet, Extranet, and Public Access servers to run on the same physical hardware • Manages access for each zone and subzone • Documents communication ports and protocols • Goal: Rules to follow server into production

  11. Private Cloud Services

  12. Private Cloud - Development Server “Overview”

  13. Customer Information

  14. Server Details

  15. Server Details - Owner

  16. Platform Details • Include Additional Software? • If no, skip to next question (Software to Install will not be displayed) • If yes, select software • Software Selections • Apache Web Server • Apache Tomcat • JBoss • MySQL • PHP Pg 15

  17. Server Details - Alias Default: http://nccdevReq#.rtpnc.epa.govAlias:http://alias.nccdev.rtpnc.epa.gov

  18. Billing Information

  19. Monthly WCF Services No Cost Pilot Period – thru March 30, 2011

  20. eBusiness Approvals • When an order is placed, an e-mail is sent to the hosting and custom application workload capture team (WLC) • WLC team places an order for each service in eBusiness (same process as an ADC today) • When eBusiness account manager approves the order, WLC team will associate the registration IDs with your order in the On-Demand Hosting request system

  21. Network Communication • Predefined ports and protocols • HTTP-80 • HTTPS-443 • FTP-21 • SQLNet-1521 • MySQL-3306 • SSH-22 • Additional ports and protocols available thru the Firewall Rule Request process • Available via AAA (must select “yes” on order screen)

  22. Server Management • NCC Server Administrators will manage the operating system for both IaaS and PaaS • NCC Server Administrators will manage the application platform for PaaS • Customer will have “Custodian Administrator” rights • Provided limited Sudo rights to perform basic functions • Custodian Administrators will log-in with WAM credentials • Authentication via WAM ID (EPA Employees: LANid) • Must have a POSIX compatible WAM ID (Externals)

  23. Service Approval • Orders for service must be approved by the following individuals PRIOR to fulfillment: • Customer Owner (if ordered “On Behalf”) • Customer Division Director • Organization’s Primary ISO • eBusiness Account Manager • Approvals happen in succession and cannot be obtained concurrently • Owner, Division Director and ISO approvers will receive an e-mail with instructions on how to review and approve your request • eBusiness account manager will follow eBusiness procedures for approving WCF orders

  24. Service Approval

  25. Terms of Service • NCC will manage the the Operating System • For IaaS, customer will be responsible for all application platforms added to the server • For PaaS, NCC will be responsible for all application platforms added to the server • Technical support available through WCF Service TZ • NCC reserves the right to shut down any server that negatively impacts the development environment • Customer shall use the development server for development purposes only

  26. Service Delivery • Begins after ALL approvals are received • Server will be cloned from a base template in VMware • The On-Demand Hosting request system will issue commands to automatically reconfigure the server to specified configuration and to allocate data disk space • NCC Server Administrators will assign IP address and check the server configuration • Software teams will receive installation instructions if NCC is to install and manage application platform • WAM team will add Custodian Administrators to the server group in OID and check for ID compatibility (POSIX) • Server owner and Custodian Administrators will receive log-in instructions

  27. Service Confirmation

  28. Tracking Your Order • Progress on order fulfillment is available via the Delivery Process Tracking Screen

  29. Managing Your Service Once server is delivered, you can… • Examine server set-up (IP address, DNS entry, Software Installed, Memory, Processors Disk Space, Cost, etc.) • Request modifications

  30. Future On Demand Services • Add additional server support services • Add/remove Custodian Administrators • Change Server Owner • Change Program Office/Region Ownership • Change eBusiness Account Number • Web account registration and decommission (processes currently performed in TSSMS) • Windows operating system for development environment

  31. Ordering System Integration • Automate WCF service ordering process • Automate OID group association (for authorization) • Automate the ADC record entry • Provide DNS lookup for available aliases • Provide access to download pre-configured application platforms

  32. Contacts: Rebecca Astin newScale Project Manager Astin.Rebecca@epa.gov 919-541-1555 David Pritchett newScale Technical Architect Pritchett.David@epa.gov 919-541-2798

More Related