610 likes | 792 Views
Cloud Computing for a Smarter Planet. Dr. Chung-Sheng Li Director, Commercial Systems PI, Research Cloud Computing Initiative IBM Research Division. Outcome Centric Cloud Computing. An evolutionary transformation to cloud is typical for enterprises and provides unique challenges.
E N D
Cloud Computing for a Smarter Planet Dr. Chung-Sheng Li Director, Commercial Systems PI, Research Cloud Computing Initiative IBM Research Division Outcome Centric Cloud Computing
An evolutionary transformation to cloud is typical for enterprises and provides unique challenges In the enterprise cloud is anevolution, revolution and game changer Enterprise Cloud adoption presents unique challenges • Integration of cloud and traditional IT • Migration over time • Security and compliance issues • Global business process transformation Cloud Shared Resources Automate Standardize Virtualize Traditional IT
Process services Collaboration services ... Cloud Framework enables the planning, building and delivery of cloud services Existing services, third-party services, partner ecosystems Industry-specific services Analytics services Lifecycle and Business Support Services Integrated Service Management Shared Middleware Infrastructure
Cloud Computing in an Outcome Centric World • What is Outcome Centric Computing • Cost Performance Risk Adjusted Cost Performance • Workload Heterogeneity Fine-Grained Resource Provisioning & Runtime Management • Cloud OS that Enables Elastic Boundaries Between Private & Public Cloud Infrastructure Single View of the Public/Private Cloud Environment from the Client Side • Outcome Centric Situation & Context Awareness Proactive Cloud • Perimeter Defense Fine-Grained Security • Cloud + Outcome Centric Content & Community Centric
Cloud Computing is becoming the Catalyst for an Outcome Centric World • What is Outcome Driven Business? • Business activities (goods or services) are compensated based on • clearly stated, measurable outcomes (of the client) • with predetermined goals, and • rewards/penalties for over/under-achievement. • (Partial or Fully) Transfer of risk from the client to the vendor • Much tighter integration of enterprise and IT of the client into an enterprise system • What is Outcome Centric Computing? • Aligning the computing to mission and business outcome • Single view of enterprise system, continuously and consistently deliver prescribed outcome of the enterprise system with minimal uncertainty • Standardized boundaries between layers within an enterprise system in terms of • goal specification (enterprise IT), • service delivery (IT enterprise, IT IT), and • reward/penalty for deviation from the specified goals. • Proactively adapt to changing business environment including unusual and extreme environments (such as product launch, M&A, disasters, cyber attacks) in order to deliver optimal outcome while minimize uncertainty & risk
Policy Business Environment Modeling + Situational awareness Decision & Impact Model Measure & Capture Command & Control SW HW Svces Evolution of the Outcome Driven Business and Outcome Centric Computing e-business Enterprise Integration Outcome Driven Enterprise System >60% Crowd Sourcing 40~50% Business 50% Strategic Outsourcing Internet advertisement 5% 20~25% Outcome centric healthcare 1995 2000 2005 2010 2015 3-tier architecture SOA+BPM Outcome Centric Computing IT infrastructure 1995 2005 2015
Outcome based Business Model is Becoming Increasingly Prevalent
Delivering business outcome is augmenting/replacing traditional fee for service business model "Focusing on clients' end-to-end processes, the discussion moves to outcomes pretty fast when considering the advantage of an outsourcer doing a client's work. Over the next five years, this will become a critical differentiator in the way clients and providers work together," he predicts. Don Schulman, IBM MBPS • Challenges • Requires buyer have a deep level of trust in the provider -- not only its capabilities but also its continual demonstration of partnering. • Measurable outcomes require a level of visibility that one or both parties may not be willing to provide. • May not be possible to measure a provider's exact impact on an outcome. • Service provider must assume a great deal of risk since it does not have influence over all aspects that impact its ability to achieve the outcome. And the amount of risk increases significantly when the outcome is higher up on the value chain. • Implications • Outsourcing is now evolving beyond savings through labor arbitrage and focusing on new and different ways to create value, including synergies between functions as key drivers of value. • Providers' investments in developing vertical solutions, platforms, and other enabling infrastructure, thus increasing their ability to impact outcomes • The partnering approach to outsourcing relationships will deepen, which will impact trust and collaboration and facilitate the provider's ability to influence outcomes "In the next few years, I think that outcome-based approaches will accentuate polarization in the market between niche providers and mainstream providers." …. because he believes that buyers can only undertake these sorts of arrangements with larger, more mature, asset-rich providers. Les Mara, HP BPO “90-95 percent of outsourcing arrangements today are still based on time and materials or a fixed fee with only five percent tied to outcome-based pricing. within the next five years, 40-50 percent of the contracts will be outcome based.” Mohammed Haque, Genpact Enterprise Solution Services Source: http://www.outsourcing-journal.com/jan2010-outcome.html
Crowd Sourcing & Collective Intelligence is emerging as a methodology for outcome centric innovation managementExamples: Innocentive & topcoder
Data/Info Provider Data/Info Provider Data/Info Provider Service Provider Buy-Side Centric Information Marketplace Service Provider Service Provider Data/Info Consumer Data/Info Consumer Data/Info Consumer Future of Information Retrieval is Becoming Increasingly Outcome CentricInformation Retrieval Outcome Centric Information/Knowledge Marketplace Example: ESIPFED.org • Experts-Exchange was the first fee-based knowledge markets using a virtual currency. It provided a marketplace where buyers could offer payment to have their questions answered. • NineSigma and Innocentive are web-based open innovation marketplaces. Firms post scientific problems and a choose rewards. • Google Answers was another implementation of this idea. This service allowed its users to offer bounties to expert researchers for answering their questions. The Google site was closed in 2006. Two months later, fifty former Google Answers Researchers launched paid research/Q&A site Uclue. • Mahalo Answers, a product extension of the people powered search engine Mahalo.com, launched on December 15, 2008. Mahalo Answers users may ask questions for free or provide a monetary reward, or tip, in the form of Mahalo Dollars, the site's proprietary currency. • Free knowledge markets use an alternative model treating knowledge as a public good. • Yahoo Answers, Windows Live QnA, Ask Metafilter, Wikipedia:Reference Desk, StackOverflow, Vark.com, 3form Free Knowledge Exchange, Knowledge iN, and several other websites currently use free knowledge exchange model. However, none of these offer more than an increase in reputation as payment for researchers, often limiting the quality of the answers. • ChaCha.comand Answerly.com both offer subsidized knowledge markets where researchers are paid to generate answers despite the service remaining free to the question asker. Source: wikipedia.org on knowledge market
Internet Advertisement Evolved Towards Outcome Centric during the past Decade • A PPC (Pay per click) auction is a continuous second-price auction for advertising space on search engine results pages • The auctioneer – a search engine – sorts all of the bids that participants placed for a certain keyword. • Positions are re-calculated continuously throughout the day and participants may change their bids at any time. • Profit sharing model has been proved to be superior for both merchant and PPC marketing companies • Source: http://www.vinnylingham.com/specialreports/profit-sharing.html Cost per thousand impressions Cost per click Cost per action Revenue sharing Profit sharing Pre 2000 2000 2002 2007 2001 • Other examples: • Life Sceince: Gene sequencing $/genome, • Financial Services: Core banking $/transaction,
Outcome Centric Computing Optimizes Based on Key Performance & Risk Indicators of the Client Enterprise System Input based Output based SLA based Outcome based Managed service, Outsource Fixed price Time & Materials KPIs Vendor/Provider Client Outcome Driven Business e.g. IT service contract charged by hourly rate e.g. project based service e.g. IT desktop managed service, HR call center e.g. Productivity, recruitment, etc. Cost Performance Client Outcome based Cost Industry Framework Outcome Centric Computing Enterprise System (system, software, services, cloud) Business View (CBM) Recurrent, one-time, non-functional KPIs KRIs TPC-C, SPEC CPU, etc. Process & Data Flow View
Technology Implication 1: Cost Performance Risk Adjusted Cost Performance
Evolution from Traditional to Outcome-Centric Service Level Agreement Outcome Based SLA Traditional SLA • Context • who, why, duration • Service terms • what service is offered, and how it is offered • Guarantee terms • scope + conditions (e.g., time of day) • Service Level Objectives (SLOs) • penalties and rewards • Example: • Availability > 99.9%, • service credit will be issued for 10% of the monthly bill if the availability is < 99.9 but > 99% and • 25% if the availability is < 99% • Client centric KPIs • Single price function • specifies how much the service provider ispaid for each possible client outcome • omitting all details of how the outcomes areachieved
Negotiation of Pricing Function between Service Providers & Buyer in an Outcome Centric Pricing Model Source: John Wilkes, Keynote, SMDB’08
Operation Risk Examples: Unbalanced workload poor performance, or more resources component failure poor availability lack of resourcespoor performance Cyber attacks downtime + information leakage Pricing should be derived from value@risk: outcome variance price variance Who takes on the risk if effort required is unknown? cost-plus prices: client fixed prices: service provider Uncertainty (or Variance) in expected outcome results in risk and needs to be accounted for in the pricing. Predictability of outcome is often preferred. Source: John Wilkes, Keynote, SMDB’08
RFI Prepare response RFP/RFQ Prepare bids Bid evaluation negotiation Service Provider Service Buyer contract Marketplace mechanisms - buy side centric or sell side centric that has been used for B2B – likely to become prevalent for price discovery in outcome centric models Buy side is responsible for defining specifications, initiating RFP process, and evaluating proposed bids from potential vendors Providers’ capacity is perishable resource, and could leverage various “yield management” to maximum return on available resources Service Provider Resource registry Yield Management Subscription Fixed-Price Price Discrimination Auction Service Buyer Publish Offerings Select Offering Select Trading Mechanism Offerings Establish Contract
Operational Risk analysis facilitates understanding of the business exposure when mission critical business operations are disrupted by nature or human Risk Market Risk Credit Risk Liquidity Risk Legal/Reputation Risk Operational Risk Source: Federal Reserve and Basel II
Enterprise adoption of cloud computing in mission critical areas can be accelerated if operational risk of cloud computing can be properly contained
Technology Implication 2: Workload Heterogeneity Fine-Grained Resource Provisioning & Runtime Management
Resource Provisioning and Runtime Management for Private, Public, and Hybrid Clouds Need to be Optimized in an Outcome Centric World High Data Center Server Candidate for migrating to the cloud Smarter Planet: Modeling & Orchestration Platforms LOB Servers Workload heterogeneity Dept. & Work Group Server Smarter Planet: Capturing & Measurement Platforms Edge Server Data Center Appliance Edge Appliance Smarter Planet: Command & Control Platforms Edge Devices Low Infrastructure Tier
Distributed Energy Buildings Supply-Chains Water Systems Case Study – Part 1: Heterogeneous workload is generated from the modeling and orchestration platforms for Smarter Planet Solutions Context & constraints Decision Model (Optimum/ robust action) Assimilation, Interpolation and Explanation Point detection Field Reconstruction Connectingthe Dots Simulation & Prediction (What if Analysis) Multi-Modal, Multi-domain High-Quality Trusted Data Potential Outcomes (Regulation & Policies) Modeling & Orchestration Platform Observed worlds Action(s) Actions Capturing (Devices, Sensors, Imaging, Cell Phones) High fidelity, continuous, human assist Command & Control Centralized; Distributed; Peer-to-Peer Real world Data & Measurement Platform Control Platform Orchestrating the Smarter Planet
Real-time Interaction with ground crew Making decision choices to optimize outcomes A common orchestration platform optimizes outcomes by applying behavior models to real-time information. Optimal dynamic load Shedding and Demand management Smarter Planet Platforms Usage Pattern Results Data & Measurement Model & Analytics Orchestration Control Optimal plan & schedule for restoration and reenergize the Grid after a disaster Case Study – Part 2: Smart Grid solutions continuously optimize the expected outcome using real-time data assimilation & behavioral models. Intelligent Utility Network Behavioral Models Real-Time Visibility Demand Models Environmental Models
Industry solutions and business analytics usually consist of heterogeneous workload emphasizing CPU, memory, I/O and network at different levels Technical Computing I/O & CPU intensive Big Data I/O: throughput I/O Intensive or Memory intensive OLAP I/O: throughput Business Analytics I/O & CPU OLTP I/O: latency & throughput Technical Computing CPU intensive Web Server I/O: latency Development & Test Cloud CPU+GPU/accelerator CPU intensive
Fine-grained resource provisioning (CPU, memory, storage, bandwidth) and runtime management for private & public clouds will be required in order to optimize the cloud environment for the heterogeneous workloads Coarse-grained (image level) workload provisioning & runtime management Fine-grained (thread level) workload provisioning & runtime management Warehouse + Decision Support Web Service Deterministic Analytics Probabilistic Analytics Batch Request/Response …. …. Resource provisioning Runtime scheduler + load balancer Resource provisioning Runtime scheduler + load balancer Computing Resources (HW/SW Platforms, Clouds) Computing Resources (HW/SW Platforms, Clouds)
Technology Implication 3: Cloud OS that Enables Elastic Boundaries Between Private & Public Cloud Infrastructure and Single View of the Public/Private Cloud Environment from the Client Side
On-Premise Server Clusters Public Cloud Private Cloud Cloud Hypervisor/OS HW Platform HW Platform HW Platform …. Outcome centric management of datacenter resources requires capability for elastic partitioning computing resources among on-premise computing clusters, private and public clouds • Ability to provide sufficient isolation for on-premise server clusters, private cloud, and public cloud • Capacity of each “domain” can be dynamically adjusted up and/or down to enable optimal outcome for the business through optimal resource allocation
Separation of control functions will occur in cloud computing, resulting in a transformation similar to VoIP • The effect may be more pronounced for cloud since there is a pressing need to reuse existing data and applications The control components (Service Management) of the computing services network are moving to the edge • Cloud computing enables clients to keep core computing services (data /applications) and outsource other services to the cloud creating a network of computing services • Industry players are moving towards a paradigm where the control functions of this computing services network are separated out • The control components are bundled in an on-premises system to create aClient-Controlled Cloud
Workflow Manage the process for approval of usage Provisioning Automate provisioning of resources Monitoring Provide visibility of performance of virtual machines Metering and rating Track usage of resources Service Management is required to connect, manage and secure hybrid clouds in order to enable a single view of resources, runtime, system management & monitoring, security, compliance and governance. Public Cloud [SaaS, IBM Cloud, other Public Cloud] Enterprise Infrastructure & Private Cloud Security Private shared services Management Governance Off-premise business applications & information Application Integration, Monitoring Events, Identity and Security, Workload Management Integration Off-premise shared services On-premise business applications & information
Emerging solution: Client Controlled Cloud (C3) – separation of control components Client Premises Control Component Cloud Services Existing Applications & Data • Component on the premises of the enterprise • On premises control of sharing and composition of services and sharing of information Control components • Clients declare policies for sharing data and services • Selection and secure composition of cloud services from a variety of providers • Client specify how and when to get more IaaS or PaaS resources Internet C3 ensures secure composition of services, thus reducing data security and privacy issues
Achieving Outcome Centric Programmatically: Higher Availability on EC2 (source: support.rightscale.com) http://support.rightscale.com/09-Clouds/AWS/02-Amazon_EC2/Designing_Failover_Architectures_on_EC2/00-Best_Practices_for_using_Elastic_IPs_(EIP)_and_Availability_Zones
Technology Implication 4: Outcome Centric Situation & Context Awareness Proactive Cloud
Proactive Platforms: Outcome centric computing requires service management of the cloud to be more situational and context aware of the environment and business requirements. Proactive with Situational Awareness Static Management Sense & Response Policy Policy Platform & Environment Behavior Modeling + Situational awareness Analyze Decision Model Monitor Plan & Execute Measure & Capture Command & Control SW/HW Platform SW/HW Platform SW/HW Platform
Proactive platforms suggests the formation of mission and outcome aware lockdown hosts within an outcome centric cloud to serve as “community health system” (Darpa Mission Oriented Resilient Cloud Program) Theoretical optimum The objective is to sustain outcome (or mission effectiveness). Different outcome components have different functional and nonfunctional needs and will make different tradeoffs at runtime among security, QoS, or even correctness Resilient system based on proactive platforms outcome Conventional system Critical functionality (mission oriented or business outcome centric) Catastrophic event (crash, cyber attack, etc) Time
Business Requirements Regulatory Requirements TCO + Operational Risk IT services Decision Model (Optimum/ robust action) Assimilation, Interpolation and Explanation (Using Behavior Models) Simulation & Prediction (What if Analysis based on behavior models) Command & Control Measurement & Capture Cloud Platforms, Environment, and Users Increasing use of behavior models of the system platforms and the environment enables those situational aware cloud platforms to be increasingly proactive in responding to potential future events.
Proactive platforms maximize business outcome and minimize uncertainty of achieving the expected business outcome Proactive Platforms Situation & Context Aware Level 3 (projection) Examples of Context & Situation: • What IT services are being enabled? • Who are the business and IT units, and how are they organized? • What are the relevant regulatory and contractual requirements for the business process enabled by virtualization? • What are the technologies and IT processes being used • Are there any high-level risk indicators from the past Sense & Response outcome certainty Situation & Context Aware Level 2 (comprehension) Behavior models, predictive analytics Response automation Data assimilation against world models Situation & Context Aware Level 1 (perception) Real-time visibility outcome
Technology Implication 5: Perimeter Defense Fine-Grained Security
The Traditional Perimeter Defense Security Model of Enterprises is Changing in Fundamental Ways in an Outcome Centric World for Cloud Computing New Enterprise Model Risk GIE Mergers and Acquisitions Organizational Dynamics Ubiquitous Workplace Business PartnersSuppliers Smarter Planet Globalization Workforce Dynamics Outsourcing Web 2.0 SaaS Technology Trends Cloud Computing Mobility Traditional EnterpriseSecurity Model * Gifs from https://www.opengroup.org/jericho/Respondingtodp_implementation_080929.pdf Degree of Interconnectivity
Evolution of Threats, Escalation of Risks Nation-level risks(Cybersecurity) Sabotage and subversion of the critical infrastructure, espionage and theft of top secret information, cyber warfare (e.g. APT, electricity grid, ghostnet, supply chain) Business level risks Fraud, loss of business-critical assets and theft of PII (e.g. payee fraud, theft of credit card numbers) Business Level Risks Emerging threats Exploit vulnerabilities created in the infrastructure due to de-perimeterization of business and IT boundaries(e.g. insider threats, Trojan ICs, managed exploit providers) Existing threats Exploit vulnerabilities in servers, endpoints and networks directly or remotely (e.g. malware, DDOS,patch management, unauthenticated access) IT Level Threats Evolution of threats (technological, organizational and workforce changes) 40 IBM Confidential
Traditional Malware vs. APT* *From Eric J. Meyers, Du Pont 41 IBM Confidential
Fine-Grained Cloud Security requires closed-loop end-to-end isolation & integrity management Strong isolation of guest environment to contain possibly subverted and/or malicious hosts Access Control And Firewall IDS/IPS Lockdownthe managementdomain DoS, Anti-spoofing Parameter Tampering Enterprise users Known vulner- abilities Cross Site Scripting The Internet SQL Injection Pattern- Based Attacks Enterprise users Port Scanning Cookie Poisoning Weak isolation of the guest environment entails strong integrity mechanisms Enterprise users
Game console Smart phone Telematics Client Server Fine-grained containment and monitoring occurs at multiple tiers, each of which provide additional isolation capabilities from both external and internal vulnerabilities. Community Collaboration & Community Social & Business Network SOA, Information SOA Middleware (DBMS, App Server) Middleware Stack SCADA Data Center/Network/Cloud Data Center Internet Platform
Information security starts with critical business assets and processes of an enterprise. Current regulations (e.g. SOX 404, SAS 70, PCI/DSS and HIPAA) have specific requirements on business control/auditing for ensuring information security compliance Intranet web pages IM archive Surveillance Product Data SOX 404 COBIT Customer Data Employee directory SAS 70 Distributed evaluation of Value@Risk by each business unit and centralized prioritization & policy formulation Fine- Grained Security Internal Courses Service Offering Data Data Masking Data Loss Prevention Classifica-tion Data Leakage Detection General Ledger Corp. Financials Employee Data Customer Data eMail Archive Product Data GAAP, IFRS Document Archives General Ledger Service Offerings Data HIPAA PCI/DSS Employee Data IM archive Other comm. Archive (e.g. phone) eMail archive Source Code Corporate Financial Data Employee directory (e.g. blue page) Document Archives Surveillance Data Internal Courses Intranet web pages
Isolation Management Deploying Fine-Grained Security: Closing the Loop on Isolation & Integrity Management • Centralized Management of Isolation & Integrity Assumed • How do these concepts extend to the cyberphysical world? • How can integrity metadata be distributed? High-level security policies Systems Management (Centralized Isolation & Integrity Mgmt) Integrity Management Configuration Audit, Verification Guests Mgmt I/F (libvirt) Existing Hypervisors (KVM, PHYP) “Hardening”, extensions to support network isolation, MAC, … vTPM, IMA Attestation Physical Networks Storage “Thin” Hypervisors Stronger Isolation, Verification Trusted Network Connect OpenPTS Traffic Separation Hardware (Processor) Enhancements (Platform Layer) Core Root of Trust (TCG, TPM)
Example: Provisioning of 3-Tier Web Application Using Host Firewalls Provisioning Layers Collaboration allows selected traffic between D1 and D2 Collaboration allows selected traffic between D2 and D3 VM group management (membership, policies collaborations) Domain (D2): WAS Closed from public access Open for maintenance Domain (D1): Apache Port 80 open for public access Domain (D3): DB2 Closed from public access Connectivity Rules Incoming/outgoing traffic allowed from the domain Hypervisor Management Interfaces Guest 4 Guest 3 Guest 5 Guest 1 Guest 2 Platform Hardening: • Prevent MAC/IP address spoofing, ARP attacks • Block harmful traffic Hypervisor enforcement Physical Network enforcement • Trusted Virtual Domain: group of one or more VM instances; instances can be added/removed • Domains can host VMs of a single user (“private”) or multiple users, based on ACLs (“global”)
Mitigate the explosive growth of insider threats by using behavioral analytics and far-field detection techniques. INCIDENT!! Threat/ Attack Planning Infrastructure compromised; Information integrity breached • Detecting and preventing abuse of authorized access is key to preventing insider attacks. • Far Field Detection: Behavior monitoring of users to systems and networks as well as an analysis of user profiles, their business relationships and social networks can provide early warning indicators (in temporal, spatial and spatio-temporal dimensions) of insider attacks. • Maintaining provenance of information and processes can improve auditability and accountability and facilitate information sharing without compromising security and privacy. Time • Far Field Detection Near Field Detection Real-Time Detection Post-Incident Recovery
Technology Implication 6: Cloud + Outcome Centric Content & Community Centric
IaaS, PaaS & SaaS empower users and developers to contribute information insights and innovative services through communities. A positive loop is generated which drives the ecosystem growth. Open Source Software Open Service Open Data Service user community Data user community Open source software users Service developer community Data contributor community Free, good enough software supported by free community Access data and provide feedback, limited data export Access service and provide feedback, but no access to source code Modify & contribute new service Modify & contribute new data Open Source Software Open Service Open Data Harvest new service Contribute anchor service Contribute anchor data Contribute code Checkout code Harvest new data Anchor data provider Anchor service provider Open source developers’ community Service is openly shared through the platform, community contributions generate positive loop. Data is openly shared through the platform, community contributions generate positive loop. Self motivated contribution
Information & Behavior Aggregation Through IaaS, PaaS & SaaS Enables Collaborative Intelligence and Facilitates Outcome Driven Business