Blog

New Virtual Server Alert Service: Simple, Reliable, and Visible

Elasticity and quick provisioning are hallmarks of any good cloud platform. Cloud customers have gotten used to rapidly acquiring right-sized resources that fit a given workload. CenturyLink Cloud User Interface No longer do developers have to build the biggest (physical) server possible just to avoid requests to resize later on. Rather, provision for what you need now, and adjust the capacity as the usage dictates. But how do you know when it’s time to size up?

The CenturyLink Cloud engineering team just released a monitoring and alert service (alongside our powerful server UI redesign) that gives you the data you need! We designed this feature with three things in mind:

     
  1. Offer a simple, straightforward toolset that users can understand and take advantage of quickly.
  2.  
  3. Deliver reliable, accurate statistics that reflect the current state of a server.
  4.  
  5. Provide multiple ways to identify that an alert was fired.

Together, these three principles kept us focused on delivering a service that met market need. Let’s take a look at how the new monitoring and alert service applies each principles.

Simple Setup

It’s easy to get lost in a sea of rarely-used options offered by a monitoring platform. Instead, we focused on ease of setup, a common theme in the CenturyLink Cloud. Users only have to follow two steps.

First, access the Alerts item in the top level navigation menu. This takes you to a list of all the alert policies for your account. Policies can measure CPU, memory, or storage consumption of a server. Creating a policy is as simple as providing a friendly name for the alert, indicating the measure and usage threshold, choosing a duration that the chosen threshold must be exceeded before an alert fires, and a list of the alert’s email recipients.

Create Alert

Once a policy (or polices) are created, simply apply it to one or many servers. The server’s Settings page now has a tab for Alerts where users can quickly add or more policies to the server. To aid usability, we show you a preview of the policy’s core parameters as you select it. This keeps policy names crisp, and prevents incorrect assignment of policies.

Apply Alert Policy

Immediately after applying a policy, the platform compares a server’s consumption to the policy’s trigger. Furthermore, you can update policies in a central location and instantly impact all of the servers attached to that policy. Simple, easy – and elegantly powerful!

What’s more, you will easily see when a server has alert policies attached. In our new user interface (available to all users as a public beta!), there are three ways you’ll identify that a server has an alert policy. First, we put an indicator on the monitoring chart that displays the alert level. Secondly, all of a server’s policies are listed in the summary pane. Finally, all policy activities are logged and available in the server’s audit trail.

Server Details

 

Reliable Metrics

Monitoring and alerting features exist to deliver proactive, timely, accurate statistics about a virtual machine. It does no good to find out that a server was running hot yesterday. False alarms are counterproductive as well.

In the CenturyLink Cloud monitoring and alerting service, we capture near-real time statistics about each server and show both current and aggregate perspectives. There’s the current consumption highlighted on the left, and the aggregated consumption available on the chart. You’re able to look at a long term aggregation, or even jump down to the average consumption on an hourly basis.

Server Statistics

Because the CenturyLink Cloud runs a highly tuned virtualized environment, you may see a difference between what a virtual server shows for consumption, and the value we show in the Control Portal. The Control Portal identifies what the hypervisor itself thinks the utilization is, and this is MORE accurate because the hypervisor can intelligently add horsepower to servers under stress. So, keep this in mind and don’t worry if a server appears slightly stressed to you, but the platform itself doesn’t completely agree!

 

Visible Alerting

Finally, it’s important to be able to consume alerting information in multiple ways. We offer three wildly different but extremely complementary mechanisms. By default, a policy must have an email recipient for any alerts. So even if you aren’t logged into the Control Portal, you can instantly find out, in real-time, if an alert condition has been met for the threshold period. Additionally, Control Portal clearly displays when a server is in an alerting stage. If you’re on the server’s details page itself, you’ll see a warning as well as the utilization indicator turned to red. But even better, we highlight the offending server at different levels in the UI - in the left side navigation, the server’s group, and the group’s data center! This means that you can easily see where you have servers experiencing alerts from anywhere in the interface.

Server Alert

The final option is to configure a webhook. Recall that the CenturyLink Cloud offers webhook capabilities which push notifications to an external endpoint of your choosing whenever certain platform conditions occur. We’ve added a new webhook for “alert notification” that will send a data-rich message to any endpoint. For example, you could configure the webhook to feed into your support system so that the two environments (cloud and on-premises) are automatically integrated.

Alerts aren’t helpful if you don’t know they are occurring! So, we’ve built in a host of ways to send notifications and quickly see relevant information.

Summary

We’re excited to ship this new capability, and have other plans for building upon these services. Don’t hesitate to provide feedback or feature suggestions by accessing the “feedback” link within the Control Portal!

On Hyperscale, and the Shift to NoSQL Systems

Today, we announced the availability of Hyperscale instances, a new service that combines our high-end compute with 100% flash storage.  Before we jump into how customers can use the service, let’s take a minute to think about the characteristics of applications and architectures deployed today. 

Here are 5 key attributes we’ve noticed:

  1. Large volumes of data ingested in real-time.  Customers and partners collaborating together; lots of machine-to-machine data as well.
  2. Global reach.  Startups in a garage can be global in an instant.
  3. Mobile focus (often exclusively).  Low latency and a responsive user experience is crucial.
  4. Highly distributed.  No single points of failure or ‘master’ node controlling other components.
  5. Low cost of failure.  Open source technologies without seven-figure contracts, minimal capital expense from hardware, if any.

Now, think about most applications running in enterprise data centers.  In all 5 cases, it’s almost the exact opposite.

That’s NoSQL vs. relational databases in a nutshell.  The folks at MongoDB sum it up pretty well:

    NoSQL encompasses a wide variety of different database technologies and were developed in response to a rise in the volume of data stored about users, objects and products, the frequency in which this data is accessed, and performance and processing needs. Relational databases, on the other hand, were not designed to cope with the scale and agility challenges that face modern applications, nor were they built to take advantage of the cheap storage and processing power available today.

If you’re a CIO, it’s simple.  The more relational systems you have, the slower you can respond to the market.  Relational databases will always have their place.  But most of the innovation happening in the next 5 years will be on NoSQL platforms.

Of course, the public cloud is a great home for both types of systems.  NoSQL apps in particular are well-suited to it.

CenturyLink Cloud hosts many different relational systems today – these are often applications that “run the business” but don’t “transform the business.”  IT is increasingly moving these apps to the public cloud, freeing their time to focus on more strategic projects.

Introducing Hyperscale

Now, with our new Hyperscale instances, enterprise developers have a service with high-end compute and 100% flash storage to make their NoSQL apps hum. Cassandra, MongoDB, and Couch all perform blazingly fast.  In fact, users can expect typical performance to be 6x faster than our standard storage.

Hyperscale is a win for IT as well, since these instances are just as easy to manage as other VMs. Billing, usage, automation, and monitoring are all built-in.  Full parity with Blueprints and APIs are coming soon, and additional geographies will be online soon as well.

No Pain, No Gain

But it’s not just about new distributed architectures.  It’s about reducing the business reliance on relational systems.

Moving from relational to NoSQL is hard, but in many cases inevitable.  In fact, this is something our engineering team has been committed to over the last 8 months. We have shifted to Couch as our primary platform, after using MS SQL for several years.

Why make this change?  The same reasons many other enterprises will.  More native replication, cleaner interactions with the user interface,  ease of system administration, and so on.

The transition it has been liberating on so many levels.  Our engineers will soon be contributing back to the open source community some important components to help enterprises do the same thing.

Watch this space for more details – and in the meantime, take Hyperscale for a spin.

The Six Commandments of Achieving Isolation in a Multi-Tenant (Cloud) Environment

Multitenancy – the concept of using a single (software) platform to serve multiple customers – is a key aspect of nearly every cloud computing platform. Pooling resources results in lower costs for all parties, greater efficiencies, and faster innovation for customers. Are there risks and tradeoffs with this model? Sure, but every technology paradigm has them.

 In this blog post, we’ll look at some core principles for successful multitenancy, see how the CenturyLink Cloud provides tenant isolation, and review the ways that CenturyLink Cloud customers create isolation within their own account. The goal is to simply help customers understand what to look for when assessing multi-tenant environments to run their workloads, SaaS applications, and more.

Core Principles

Any service provider delivering a multi-tenant environment must adhere to these six commandments:

     
  1. Thou shalt isolate tenants within their own network. This one applies mainly to infrastructure-as-a-service (IaaS) providers who promise secure computing environments. Software-as-a-Service (SaaS) customers on a platform like Salesforce.com don’t have this issue as customers do not have access to low level network traffic. When granting virtual machine access to users, the service provider has to ensure that there’s no opportunity to intercept network traffic from other customers.
  2.  
  3. Thou shalt not allow tenants to see another tenant’s metadata. Sometimes metadata can be just as sensitive as transactional data! Multi-tenant service providers must make sure that customers are logically or physically walled off from seeing the settings or user-defined customizations created by other customers.
  4.  
  5. Thou shalt encrypt data in transit AND at rest. Providers shouldn’t let their guard down just because data is within their internal network. Rather, data should constantly be transferred over secure channels, and encrypted whenever it’s stored on disk.
  6.  
  7. Thou shalt properly clean up deleted resources. In a multi-tenant IaaS environment, there is clearly reuse. When a network is released by one customer, another can use it. When a storage volume is removed, that space on the SAN is now available for others. It’s imperative that service providers reset and clear resources before allowing anyone else to acquire them.
  8.  
  9. Thou shalt prevent noisy neighbors from impacting others. This phenomenon is one of the hardest problems to address in multi-tenant environments. As a user, you have no say in who *else* is using the same environment. It’s up to the service provider to make sure that one customer can’t (intentionally or unintentionally) adversely impact the performance of other customers by overwhelming the shared compute, storage, or networking resources.
  10.  
  11. Thou shalt define and audit policies to ensure proper administration of shared environments. Let’s be honest – using a multi-tenant environment involves a bit of trust. As a customer, you have to trust that the service provider has built a platform that properly isolates each customer, and that operational staff can’t go off the reservation and compromise your business. However, to run mission-critical apps in someone’s multi-tenant platform requires more than blind trust; you should also be able to demand to see 3rd party certifications and audits that prove that a mature organization is behind the platform.

Built-in Platform Isolation

With those principles in mind, how does the CenturyLink Cloud platform deliver secure isolation?

IaaS customers can create sophisticated network topologies with one or more VLANs. All of these logical networks are part of a giant physical network and we do best-practice VLAN isolation to make sure that data packets stay within the appropriate VLANs. This ensures that our customers cannot intercept traffic from other customers and creates a protected barrier around your virtual hardware.

What about data? The CenturyLink Cloud makes it easy to provision terabytes of persistent storage that you can easily resize as needed. But when it comes time to delete volumes, we make sure that all virtual disks are automatically wiped so that the next customer always get a blank volume with no way to retrieve data from the previous user.  Regarding data encryption, by the end of 2014 we plan on being 100% encrypted at rest and support 3rd party tools for customers to manage their keys.

As mentioned above, noisy neighbors are one of the biggest challenges for multi-tenant cloud providers to handle. The CenturyLink Cloud takes a multi-pronged approach. First, we always leave headroom on host machines and closely monitor usage to know when it’s time to scale. Second, we use features in our hypervisor platform to protect against capacity and latency bursts in CPU and disk. Our storage subsystem is built to handle multi-tenancy and provide protection against I/O bursts. Third, the network is designed to prevent any one tenant from overwhelming the firewalls, and our ample bandwidth ensures that network saturation is nearly impossible.

Finally, you can certainly just “trust us” that we do everything right. But most customers, at first anyway, trust those who audit us. Our data centers and policies are regularly reviewed and we maintain certifications and standards that prove our extreme focus on building a secure environment for your applications.

Account-level Isolation

The platform itself provides built-in multi-tenancy to isolate customers, but how can you build your own isolation WITHIN your account? This is a common scenario for resellers, SaaS provider, and large enterprises who want to logically segment business units or departments. Let’s look at a few options.

One of the best ways to create isolation in your account is through sub-accounts. Sub accounts are containers that can have unique users, permissions, billing procedures, networks, and even branding (look-and-feel). You can choose to inherit various settings from a parent account (e.g. “share parent networks”, governance limits) or treat them as completely independent resources.

 

Another choice? Use separate VLANS to isolate servers within an account. Consider providing users with remote access to cloud servers but only allowing a small subset of administrators to place the servers on the appropriate VLANs. This makes it possible to have project-specific VLANs where traffic is cleanly isolated from other networks in the account.

 

A final way to isolate users within an account is through the use of different data centers. The CenturyLink Cloud is spread across the globe, and expanding even more this year. It’s easy to spin up sub-accounts and intentionally constrain users to a chosen set of data centers. This helps you isolate accounts (and applications) to the geographies that work best for your business.

 

Summary

The most advanced cloud deployments depend on multi-tenant platforms. Building systems in this way isn’t easy - it takes careful upfront consideration and steady vigilance to ensure that all users get reliable, consistent performance. The CenturyLink Cloud was designed from day one to excel at multi-tenancy, and you can see that in how we’ve architected the platform and the features we expose to our customers.

Want to try it out? Spin up an account and see how our high-performing cloud can meet your needs today.

Better Together: Bosh & Cloud Foundry on CenturyLink Cloud

We’re big fans of Cloud Foundry, open-source platform as a service.  Why?  Two reasons: the level of abstraction it offers enterprise developers, and the portability across cloud providers. This combination means faster development and deployment of multi-language web applications.  And Cloud Foundry is backed by a thriving ecosystem of hosting providers.

It’s our goal to make the CenturyLink Cloud the cloud of choice for enterprise developers interested in Cloud Foundry.  To that end, we’re excited to announce an important milestone.

Today, we’re pleased to announce the beta availability of BOSH on the CenturyLink Cloud.

BOSH is a crucial tool for deploying and managing Cloud Foundry at scale. It is supported on AWS, OpenStack, and vSphere and vCloud Director – and now CenturyLink Cloud.

Getting started with BOSH on the CenturyLink Cloud is easy - just set up a Micro-BOSH server configured for CenturyLink Cloud, then use the standard BOSH command line tools!  Check out how to get started here: https://github.com/Tier3/bosh/wiki/Getting-Started.  Support is based on the BOSH July 2013 snapshot and is Ubuntu only.

We are confident enterprises and devs will like the “better together” combination of BOSH, Cloud Foundry and CenturyLink Cloud.  Here are five reasons why:

  1. Supports everything you love about BOSH and Cloud Foundry.  Portability is one of the two defining attributes of Cloud Foundry, as mentioned above.  This means developers can use the same tools across different cloud “targets” for their deployments.  Whatever Cloud Foundry and BOSH expertise you have today – or plan to have in the future - it transfers immediately to CenturyLink Cloud.
  2. More options for Cloud Foundry deployments.  Enterprises have a few options for BOSH today, but more choices are always better.  It leads to faster innovation and lower prices. With CenturyLink Cloud on our way to supporting BOSH, you now have another great option to consider.
  3. Your PaaS deployment, your way.  Part of the PaaS value proposition is abstracting complexity away for developers and IT.  But there are some scenarios – several actually – where the enterprise needs to have more control and get “hands on” with their environment. With BOSH, you have complete control over your Cloud Foundry instance in the CenturyLink Cloud.  Adjust nodes to the size you require.  Upgrade on your schedule.  Whatever control you desire over Cloud Foundry on CenturyLink Cloud, BOSH delivers.
  4. One platform for legacy and greenfield apps. Customers and industry analysts alike have lauded our enterprise cloud platform for its innovation, self-service and automation functions.  IT likes our services because we offer the governance, compliance, and billing features they require.  This combination has made CenturyLink Cloud an attractive platform for legacy enterprise apps.  Now, with greater support for BOSH and Cloud Foundry, CenturyLink Cloud is an even more attractive platform for new cloud apps. 
  5. The first step in CenturyLink’s PaaS roadmap for 2014.  One of our predictions for 2014 is that platform as a service would go away as a category, and simply become another cloud service.  The CenturyLink Cloud Development Center is doing our part to make this a reality.  This BOSH support is just the beginning.  Our engineers are working now on integrating AppFog’s service with Iron Foundry.  Expect more news from us on this front later in the spring.

Cloud Foundry, Iron Foundry, and BOSH are the kinds of open source projects our team here at the CenturyLink Cloud Development Center gets excited about.  And we’re even more excited to hear your feedback on BOSH, and how we can smooth Cloud Foundry deployments even more for your business.

 

Five Ways To Enhance IT Ops With CenturyLink Cloud

Today at Dell World, Dell announced that CenturyLink has joined the Dell Cloud Partner Program.

So what does this news mean for Dell customers?  Simple: you now have easy access to a high performance, highly resilient public cloud, with extensive self-service capabilities.  And you will be supported by Dell and the CenturyLink Cloud team every step of the way.

autoscale

Here are five key benefits you can take advantage of immediately on this platform:

  1. Deploy on virtual servers with resiliency and redundancy.  When it comes to public cloud, you hear the phrase ‘build for failure.’  That’s a critical design pattern for cloud-native applications.  But many of the apps running in your data center today – including many that are candidates to move to the public cloud – are designed with reliable infrastructure in mind.  Dell Cloud On Demand with CenturyLink offers built-in resiliency and redundancy, so many of your legacy apps – homegrown, from boutique ISVs, or Microsoft – will run smoothly ‘out of the box’ on CenturyLink Cloud.
  2. Simplify DR and backups.  These tedious activities should be immediately automated.  Savvy IT departments – and those that will thrive in the future as a strategic enabler of the business – are already on this path.  Block storage from CenturyLink Cloud automatically replicates data with rolling snapshots every five days.  A premium option is available with 14 days of back-ups at a secondary data center.  Premium storage also includes an RTO of eight hours and an RTP of 24 hours for your data.  So, you have automatic DR for all your apps in the cloud – no extra effort required.
  3. Automate server maintenance.  Just like with DR, IT pros should be looking to automate anywhere and everywhere.  Dell Cloud On Demand with CenturyLink makes this easy.  With our Groups capability, users can manage VMs in bulk – and with just a few clicks apply power commands at scheduled times to hundreds of servers, configure maintenance windows, and manage temporary snapshots.  Best of all, this capability is included, at no additional fee.
  4. Easy and painless “chargebacks.”  Business users require access to cloud resources on-demand via self-service.  Give them what they want, while facilitating easy “chargebacks” so they pay for the resources consumed each month.  CenturyLink Cloud provides intuitive, granular billing organized by department, product line, geography, or any combination of hierarchy.
  5. Agility (for users) and control (for you).  This is nirvana for an IT leader.  Users are free to provision resources as they need them, while IT ensures corporate IT policies are met with a compliant, secure environment.  Dell Cloud On Demand with CenturyLink delivers on both fronts.  Simply point and click to create permissions for users.  Then, establish resource thresholds that ensure capacity levels are never exceeded.

Enterprises are already using many public clouds for different workloads.  Multi-cloud is the present and future state for enterprises.  Hopefully these benefits help illustrate how the Dell Cloud On Demand with CenturyLink can fit into your cloud approach.

Want to know more?  Request a free trial at www.centurylinkcloud.com/dell.