All Posts in “Enterprise Solutions”

Multi-tenancy means what exactly?

This blog may just turn into a vocabulary lesson for IT people. Today’s word is multi-tenancy.

courtesy of Rob Nolen

Multi-tenancy is part of cloud design that enables shared resources and infrastructure. Those of you, who know me, know that I work for EMC covering the U.S. Federal Gov as a vSpecialist. So I will default to the NIST standard first the term Resource Pooling is used in the NIST Cloud Definition Guidance:

Resource pooling – The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth

Then in the Guidance for Security and Privacy in Public Cloud computing we find this:

Shared Multi-tenant Environment. Public cloud services offered by providers have a serious underlying complication—client organizations typically share components and resources with other consumers that are unknown to them. Rather than using physical separation of resources as a control, cloud computing places greater dependence on logical separation at multiple layers of the application stack [Owa10]. While not unique to cloud computing, logical separation is a non-trivial problem that is exacerbated by the scale of cloud computing (e.g., [Bos11]). An attacker could pose as a consumer to exploit vulnerabilities from within the cloud environment, overcome the separation mechanisms, and gain unauthorized access. Access to organizational data and resources could also inadvertently be exposed to other consumers or be blocked from legitimate consumers through a configuration or software error [Opp03]. Threats to network and computing infrastructures continue to increase each year and become more sophisticated. Having to share an infrastructure with unknown outside parties can be a major drawback for some applications and require a high level of assurance pertaining to the strength of the security mechanisms used for logical separation.

NIST doesn’t completely define multi-tenant models, does it? Nope part of that is due to the fact that the standard is watered down by the industry to ensure they can continue to support customers. No knock on NIST here because it has to be a tough job to create a standard for an entire industry. The way NIST builds the standard is partially through industry input; they look at what is available, what is coming and set definitions and guidelines based off of their insights. Sometimes this leads to solid guidance and clear direction, other times it leads to a loosely coupled series of semi-defined concepts. This is certainly one of those times.

So where do we then turn for guidance? How about the NSA? The NSA defines multi-tenancy thusly:

Multi-Tenancy – Multi-tenancy is the sharing of a common cloud resource that allows the cloud provider to efficiently utilize resources for multiple tenants and can be applied to all three cloud services (IaaS, PaaS, SaaS). Sharing resources, however, could result in residual data or operations being visible or discoverable by another user due to vulnerabilities or insecure configurations. There are varying degrees and definitions of Multi-tenancy among cloud providers and many providers have the option of not sharing resources at an additional cost.

Hahaha ok sorry clearly we need to go outside of the government if we want clear and concise on this topic, terms that the government is not known for. Since I have been beating on Gartner lately let’s see what Forrester has to say about this.

Our definition: Multitenancy defines IT architectures that let multiple customers (tenants) share the same applications and/or compute resources with security, reliability, and consistent performance.

Our research yielded three major findings about multitenant architectures. These are:

  1. Multitenant architectures must strike a balance between sharing and security. To deliver cost savings and scalability, a multitenant architecture must be able to manage dynamic resource consumption by its tenants without violating their security. These two goals ultimately conflict with one another, since shared resources and individual security rarely go hand in hand.

  2. Two common multitenant architecture models have arisen. Dedicated resource models stake boundaries within shared infrastructure, defining the resources a tenant can access, allowing for tangible and secure walls but lower flexibility. Metadata map models chart protected pathways to shared resources, allowing for increased flexibility, but they ultimately may feel less secure.

  3. Despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients. Leveraging a mix of dedicated resources and metadata map architectures, these services can deliver stronger security.

You know what I can live with this, because at the end of the day it does actually depend.

We will never get everyone to agree to the definition of something life multi-tenant until we reach the utilization stage of solution maturity. Cloud is maturing but it’s not there yet. In the mean time we just need to know that everyone is trying to position their solutions as multi-tenant. If you are reading this odds are you are in a position to advise or make IT decisions so you need to know that words and language have power (I know I have said it before). Understanding that things some products are built for hybrid cloud management like vRealize Automation are only meant for multi-tenant for a single organization (as of today). That public cloud management solutions that logically separate shared resource multi-tenant solutions not without risk. Multi-tenant dedicated resource backends are expensive but they lack the issues found in logical separation from hardware and networking but tend to find front-end issues with portals or the ever present user created security gap.

Education and understanding help to lead you to intelligent and open-eyed decisions, which means you can mitigate, accept, or minimize the risks you take. Multi-tenancy will be defined by the customer so let’s make sure we all define their understanding of the word clearly to assist them in making the best choice possible.

Bi-Modal Schmi-modal

Everyone does work that they try to make the best they can because most of us take pride in our work. It’s that pride that instills passion in our debates when we defend what we have done or our concept of what we have done against criticism. While I am as guilty of this pride in my work as anyone else there are times where a debate is justified.

This is one of those times.

bimodaldareThe concept of bi-modal isn’t a new one, and in fact has been around since before I was working in IT. However, books like the Lean Enterprise and others have lauded bi-modal as the defacto method for running an IT shop to enable Developers and Operations to each be efficient. This concept has matriculated in recent years to the analyst community to the point where even Gartner has adopted the conceptual notion of bi-modal, and if Gartner says it, it must be true.

Now I am not trying to punch up at the bigger folks here, just merely my opinions and views based on what I have read and experienced.

Let’s first dive into what bi-modal is, “bi” means 2 and modal means modes (you expected that sarcasm didn’t you?). So if you have 2 modes one would be operations and one would be developers. Each mode has it’s own unique set of requirements, not to pick on Gartner here but they use the analogy of Sprinters and Marathon runners.

bimodalSprinters are agile, fast, and their races are short, this translates to developers nicely even to the point that agile development use the term sprint for it’s development cycles.

Marathon runners on the other hand are more methodical; they play a long game, and worry about endurance. This sound familiar? Yeah, that’s the Operations side, concerns about maintaining the environment they are charged with, and the longevity of success for application and hardware therein. Availability, reliability and a solid foundational plan are key. It can take months or more to fully implement a project for enterprise operations folks.

Now you may be saying to yourself sure this makes perfect sense what’s wrong with that? Well bi-modal goes a step further, because these two modes have different requirements, the belief than is that they need to different infrastructures to support each. Yeah I get I work for one of those infrastructure companies, but I don’t necessarily support this view. Because what this means is new gear hits the floor and say it’s for Mode 2 the Sprinter’s who is going to get strapped with doing that management? Yeah Mode 1, because Developers can’t be bothered to maintain their own hardware or if they do have to they get dinged on security compliance issues (been there done that).

It just doesn’t make sense it’s like how Twix builds the left and right Twix in different factories. I mean sure Right Twix has that cool steampunkesque packing tape dispenser but it seems like a huge waste of resources and how did it ever get that far? Was there not someone overseeing manufacturing expenditures?

Hey that’s a great Segway and no I am not complimenting Woz on his localized form of mobility. If bi-modal isn’t right what is? Let me answer that question that you didn’t ask with a question that you won’t really answer, what is missing in bi-modal?

I will give you a second.

That’s right you are smart, we are missing an architectural planning element. You see while bi-modal is conceptually right about the needs of these two groups, what they miss is that if you let either go off on their own never the two shall meet. That misses a huge mark when it comes to trying to converge Devs and Ops to ensure the goals of the organization are achieved don’tchathink?

Tri-modalEnter someone who I tend to agree a great deal with in Simon Wardley, who presents the case that Bi-modal is more of the same archaic silo’d approach to meeting business objectives which have stagnated and caused discourse in IT organizations for decades. He poses that tri-modal IT would be far more effective as an approach. Laying it out in the analogy of Pioneers, Settlers and Town Planners. This got a chuckle from the NMVMUG crowd the other day when I brought it up, as most East Coasters don’t really understand the concept of how vast the homesteading territory actually was. But I digress. In a tri-modal approach Pioneers are the developers they are constantly in search of what is new and never sitting still. Meanwhile Settlers are the Ops folks who stake roots in the datacenter and ensure that it thrives as an ecosystem. Town planners are the glue here, they leverage strategy to ensure that the Pioneers are getting what they need, and the Settlers are getting support from the Pioneers and that the goals are being met. Back into the analogy the Town Planner would ensure that a pioneer wouldn’t set up a temporary cattle paddock next to the drinking well because that’s how you get **it in the water.

The concept of tri-modal speaks to something else though, which is the maturity of an organization. While developers tend to be the founders of software or companies, once established their findings and creations become the baseline which operations have to maintain. Once we hit an operational maintenance mode for anything we start to look at efficiencies in how we productize it (that’s business). Some of the time that will mean changing the way we position or license the product set or the way we manage the infrastructure and move towards the elasticity of cloud, that is commoditization. Look at the path storage has taken, at once it was all built to suite specific needs, then productized and marketed and startups jumped in the ring, now it’s commoditized as we look to moving our data to the cloud. That is the natural progression of most successful solutions.

Bi-modal isn’t wrong but I think a disservice is being done to those who buy into it as the only or best method to combat the ever-changing ecosystem. Business and organizations today are concerned with being out paced or becoming obsolete. That means competitive advantages what better advantage is there than being able to reach full evolutional maturity of products faster than your competitors? Proper planning and execution is how you do that and breaking the silos through team alignment towards business objectives is the key. That’s why tri-modal makes more sense.

/Rant

Jets vs. TurboProps the Hybridity Approach

If you have spent any time with military pilots you have inevitably heard them debate turbo prop vs. jet engines. Sometimes to the point where you have to throw a beer at their heads. If you haven’t heard of this it can be funny the first 5 times but you can imagine it gets old.

But it got me thinking jets and props have specific use cases, jets are fast, very maneuverable but not very efficient, where as props allow for greater mass movement and are reliable. Or so the two sides say I am not an aeronautical engineer. Similarly IT organizations looking at private and public clouds are faced with a decision. Do they use what they know and has worked for them their on-premises datacenter and IT team (TurboProps) or do they leverage the capability of a hosted cloud provider (Jet engines).

Invariably during the conversation with the military aviators, I bring up the C-130 Hercules. It’s one of my favorite airframes since it has been in service for next to forever. But my favorite part of it is, growing up as a Navy brat I went to a lot of airshows. The Blue Angels were my favorite act and I have tons of memorabilia including signed posters. The Blue Angels fly around with a C-130 nicknamed Fat Albert. Fat Albert is for logistical support and carries show gear etc, but it also is part of the show. The coolest part if you ask me. What it does is it demonstrates a C-130 tactical short runway take off. Here is a pic.FatAlbertTakeoff

Notice something? Yeah the flames coming out of the aft of the plane those are jets that help provide lift. This is where things get interesting because that C-130 is pretty widely respected as a beast and it uses both props and jets when the use case requires it.

I know I am a sonofbitch for what I just did but the light hopefully clicks this is where a hybrid cloud approach makes sense. If not my thinly veiled story of military aviation was at least entertaining.

The industry understands it, Amazon has made announcements around their hybrid cloud strategy, VMware has been talking hybrid cloud for years, and EMC has the Enterprise Hybrid Cloud (EHC) offering that I as an EMC vSpecialist talk about so much that I have to change the slide deck weekly to keep it interesting for the non-technical people in the room who have heard it a million times.

Garner has been talking about Bi-modal IT lately the point of their buzz word is less about the IT transformation which, if you are in Simon Wardley’s camp is more of a tri-modal approach, and more about the CIO\CTO level realization that traditional internal IT approaches are failing the business needs. It’s evolve or die time and if the industry doesn’t start rocking towards a bi or tri modal approach than they will be left for the carrion.

I don’t believe in scare tactics I swear I don’t, I think fear can be a motivator but it’s not for me to make someone scared of situation or impending event. Instead though I see this as an opportunity to embrace the change. I think the time to do so is running out. We are closer today to the end of silo’d traditional IT stacks than we are to it’s beginning. Scaling approaches and abstraction technologies are already evolving beyond where we were. This is a cyclical event like all things in IT, but this time the distributed to converged model is going to be done in the cloud. Hybridity is the first step to public hosted acceptance. Once we get there workloads won’t be coming back, once the cost models are fully fleshed out and applications are Platform 3 micro-services and not platform 2. This is going to happen, it’s happening now. The argument of we are not Netflix isn’t going to fly when you need Netflix like flexibility and agility to meet business needs. You may not need to run Chaos Monkey but you can not rest on your laurels and expect to be ahead in 6 months to a year.

The business you are in won’t matter either, the argument of we have workloads that will never go to the cloud is only true until they do move to the cloud. We used to say we weren’t moving apps to x86 or to virtual platforms until we did. Accept and embrace the change, change is life, stagnant water kills you with bacteria, flowing water is more potable.

Whether you are ready to rock a jet or are in a sports class Cessna and eyeing the gulfstream, look at Hybrid Cloud as a viable path to get that next airframe certification.

Just as a fun side note I did a little bit of digging and found that the Navy’s first jet was also a hybrid with a prop on the front. Here is the really cool history.