All Posts in “Enterprise Design Considerations”

Technology solutions are like rural restaurants

(Edit note: I have received some feedback that this article may be perceived as negative. That was not my intention at all. Instead I mean this as a way of explaining choice in IT and why choice is good and necessary. Budgets, use cases, opinions, and past experiences drive our decision making and that is ok. So relax and rest assured that you are making valid technical decisions based on your due diligence.)

I was on twitter the other day and someone posed that there are so many choices in storage that they don’t know where to begin to select a solution. I thought about responding duh depends on your workload but I stopped and thought you know maybe I am approaching this wrong.

What if picking a technology is like picking a place to eat? How many of us have been in the car with our family or significant other and the question of “Where do you want to eat?” gets asked? All of us I would assume unless you are a hermit. Then the response is invariably “I don’t know what are you in the mood for?” In cities choices abound, but if that same thing happens in the burbs or the country you may not be able to just yelp it. So you think about the options in your town, you have fast food, the same old chain spots you have been too a million times, the local joints that have good food but the same menu, maybe the new spot that always has a long wait and just ok food as they work out the kinks. So what drives you to the choice?

Well it’s a mix, pressure from your SO, or maybe your mood, or how hungry you are. Each part of that compels you to make a choice, but over time if you were to analyze you probably go to the same handful of places more than anywhere else, because you get consistent quality and service. That’s why those chains and local joints are able to stay in business, and why fast food hasn’t died off, it’s also why the food service industry has one of the highest rates of failures for new owners.

What does any of this have to do with tech? Well the same way you make choices for what to eat is how you make decisions on what vendor to buy with and what tech to procure. Psychology is funny don’t you think? Most vendors also know this; brand loyalty increases customer’s willingness to buy. Just check out this study on brand loyalty effectiveness.

So for all of my bellyaching about workloads and how they drive the right choice, and for everyone’s imagination running rampant about which vendors to buy and who will be around in the next 5-10 yrs. to support it. I would postulate that the old adage that no one ever got fired for buying EMC, Cisco, or VMware is still very much true. EMC has a vast portfolio, and while I openly admit that not every part of it is as sexy as competition at least you know what you are getting.

That’s the worst sales pitch ever, but if you live in the country and only have a few choices of where to eat this makes a lot more sense. Try to tell your wife date night is at a bad restaurant and tell me I am wrong. In the end picking storage with workloads in mind and data protection requirements is still a key ingredient to success, just like agreeing with your SO on where to go for dinner

How are Engineered Solutions Supported?

This spawned from an internal conversation so hopefully I don’t cause too many issues with it. What the hell is an IT solution, and what are you to expect of an IT solution from a vendor?

Is an IT solution just like a piece of hardware or software? Should it be treated and supported the same?

These are exactly the questions that are being asked by customers and by those of us evangelizing these solutions. If you have ever architected an IT design you know there is a lot to getting all of the moving parts working together. So how should we view these solutions?

From a business perspective investing in an IT solution can be expensive, so we want to be sure that the proper expectations are set. The full set of expectations depends on the type of solution. So rather than try and cover all of them let’s focus on the Federation Enterprise Hybrid Cloud an EMC, VMware, VCE, and Pivotal offering. The best way to look at this solution would be to think of it as a new building construction. Your business has decided it’s ready for it’s own office space and the size of with warrants new construction. The business has set needs, sq footage being the most likely initial defined requirement.

With those thoughts in mind they shop for an architecture firm, and a contractor to do the build. The architect starts to provide some input into power, cooling, number of floors, and breaks out the different use cases and specifics. Then the contracting firm comes in and does the build.

Once the construction is complete the company takes ownership and moves in. From there they have full control over how furniture is placed and who sits where. Any work done in that building is the dictated by the business.

But what happens when the business wants to change the layout of the building or modernize it? Well they bring back in an architect or contractor and verify that the changes are within code, legal and safe. Then they set to doing the work.

IT solutions like EHC are the same, the frame work for the build is founded in sound architecture, but each is customized to meet customer requirements. While some things can be productized and updates and changes can be controlled like moving furniture it takes time to reach that on a maturity cycle. Initially all solutions have to reach that level of commodity and utility.

Now your next question is going to be what in the hell do you mean by that? Well initially it means that as versions of EHC change and products are updated we (EMC and you the customer) need to make sure everything interoperates. In some instances it means professional services help to perform the upgrades at some costs because nothing is free. In others it just means validating against a compatibility or interoperability matrix.

For some this is becomes an anticipated expense, and something that can be planned for in outlying years budgets as the solution matures. For others this may be a show stopper as a solution like this is meant to drive lower OPEX and CAPEX. Early adopters will always have these concerns but it’s important to understand the support and upgrade cycles of such products and that we are all upfront about them so we can better partner to build the right solution the one that works to meet the business goals.

Multi-tenancy means what exactly?

This blog may just turn into a vocabulary lesson for IT people. Today’s word is multi-tenancy.

courtesy of Rob Nolen

Multi-tenancy is part of cloud design that enables shared resources and infrastructure. Those of you, who know me, know that I work for EMC covering the U.S. Federal Gov as a vSpecialist. So I will default to the NIST standard first the term Resource Pooling is used in the NIST Cloud Definition Guidance:

Resource pooling – The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth

Then in the Guidance for Security and Privacy in Public Cloud computing we find this:

Shared Multi-tenant Environment. Public cloud services offered by providers have a serious underlying complication—client organizations typically share components and resources with other consumers that are unknown to them. Rather than using physical separation of resources as a control, cloud computing places greater dependence on logical separation at multiple layers of the application stack [Owa10]. While not unique to cloud computing, logical separation is a non-trivial problem that is exacerbated by the scale of cloud computing (e.g., [Bos11]). An attacker could pose as a consumer to exploit vulnerabilities from within the cloud environment, overcome the separation mechanisms, and gain unauthorized access. Access to organizational data and resources could also inadvertently be exposed to other consumers or be blocked from legitimate consumers through a configuration or software error [Opp03]. Threats to network and computing infrastructures continue to increase each year and become more sophisticated. Having to share an infrastructure with unknown outside parties can be a major drawback for some applications and require a high level of assurance pertaining to the strength of the security mechanisms used for logical separation.

NIST doesn’t completely define multi-tenant models, does it? Nope part of that is due to the fact that the standard is watered down by the industry to ensure they can continue to support customers. No knock on NIST here because it has to be a tough job to create a standard for an entire industry. The way NIST builds the standard is partially through industry input; they look at what is available, what is coming and set definitions and guidelines based off of their insights. Sometimes this leads to solid guidance and clear direction, other times it leads to a loosely coupled series of semi-defined concepts. This is certainly one of those times.

So where do we then turn for guidance? How about the NSA? The NSA defines multi-tenancy thusly:

Multi-Tenancy – Multi-tenancy is the sharing of a common cloud resource that allows the cloud provider to efficiently utilize resources for multiple tenants and can be applied to all three cloud services (IaaS, PaaS, SaaS). Sharing resources, however, could result in residual data or operations being visible or discoverable by another user due to vulnerabilities or insecure configurations. There are varying degrees and definitions of Multi-tenancy among cloud providers and many providers have the option of not sharing resources at an additional cost.

Hahaha ok sorry clearly we need to go outside of the government if we want clear and concise on this topic, terms that the government is not known for. Since I have been beating on Gartner lately let’s see what Forrester has to say about this.

Our definition: Multitenancy defines IT architectures that let multiple customers (tenants) share the same applications and/or compute resources with security, reliability, and consistent performance.

Our research yielded three major findings about multitenant architectures. These are:

  1. Multitenant architectures must strike a balance between sharing and security. To deliver cost savings and scalability, a multitenant architecture must be able to manage dynamic resource consumption by its tenants without violating their security. These two goals ultimately conflict with one another, since shared resources and individual security rarely go hand in hand.

  2. Two common multitenant architecture models have arisen. Dedicated resource models stake boundaries within shared infrastructure, defining the resources a tenant can access, allowing for tangible and secure walls but lower flexibility. Metadata map models chart protected pathways to shared resources, allowing for increased flexibility, but they ultimately may feel less secure.

  3. Despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients. Leveraging a mix of dedicated resources and metadata map architectures, these services can deliver stronger security.

You know what I can live with this, because at the end of the day it does actually depend.

We will never get everyone to agree to the definition of something life multi-tenant until we reach the utilization stage of solution maturity. Cloud is maturing but it’s not there yet. In the mean time we just need to know that everyone is trying to position their solutions as multi-tenant. If you are reading this odds are you are in a position to advise or make IT decisions so you need to know that words and language have power (I know I have said it before). Understanding that things some products are built for hybrid cloud management like vRealize Automation are only meant for multi-tenant for a single organization (as of today). That public cloud management solutions that logically separate shared resource multi-tenant solutions not without risk. Multi-tenant dedicated resource backends are expensive but they lack the issues found in logical separation from hardware and networking but tend to find front-end issues with portals or the ever present user created security gap.

Education and understanding help to lead you to intelligent and open-eyed decisions, which means you can mitigate, accept, or minimize the risks you take. Multi-tenancy will be defined by the customer so let’s make sure we all define their understanding of the word clearly to assist them in making the best choice possible.