Multitenancy – the concept of using a single (software) platform to serve multiple customers – is a key aspect of nearly every cloud computing platform. Pooling resources results in lower costs for all parties, greater efficiencies, and faster innovation for customers. Are there risks and tradeoffs with this model? Sure, but every technology paradigm has them.
In this blog post, we’ll look at some core principles for successful multitenancy, see how the CenturyLink Cloud provides tenant isolation, and review the ways that CenturyLink Cloud customers create isolation within their own account. The goal is to simply help customers understand what to look for when assessing multi-tenant environments to run their workloads, SaaS applications, and more.
Any service provider delivering a multi-tenant environment must adhere to these six commandments:
- Thou shalt isolate tenants within their own network. This one applies mainly to infrastructure-as-a-service (IaaS) providers who promise secure computing environments. Software-as-a-Service (SaaS) customers on a platform like Salesforce.com don’t have this issue as customers do not have access to low level network traffic. When granting virtual machine access to users, the service provider has to ensure that there’s no opportunity to intercept network traffic from other customers.
- Thou shalt not allow tenants to see another tenant’s metadata. Sometimes metadata can be just as sensitive as transactional data! Multi-tenant service providers must make sure that customers are logically or physically walled off from seeing the settings or user-defined customizations created by other customers.
- Thou shalt encrypt data in transit AND at rest. Providers shouldn’t let their guard down just because data is within their internal network. Rather, data should constantly be transferred over secure channels, and encrypted whenever it’s stored on disk.
- Thou shalt properly clean up deleted resources. In a multi-tenant IaaS environment, there is clearly reuse. When a network is released by one customer, another can use it. When a storage volume is removed, that space on the SAN is now available for others. It’s imperative that service providers reset and clear resources before allowing anyone else to acquire them.
- Thou shalt prevent noisy neighbors from impacting others. This phenomenon is one of the hardest problems to address in multi-tenant environments. As a user, you have no say in who *else* is using the same environment. It’s up to the service provider to make sure that one customer can’t (intentionally or unintentionally) adversely impact the performance of other customers by overwhelming the shared compute, storage, or networking resources.
- Thou shalt define and audit policies to ensure proper administration of shared environments. Let’s be honest – using a multi-tenant environment involves a bit of trust. As a customer, you have to trust that the service provider has built a platform that properly isolates each customer, and that operational staff can’t go off the reservation and compromise your business. However, to run mission-critical apps in someone’s multi-tenant platform requires more than blind trust; you should also be able to demand to see 3rd party certifications and audits that prove that a mature organization is behind the platform.
Built-in Platform Isolation
With those principles in mind, how does the CenturyLink Cloud platform deliver secure isolation?
IaaS customers can create sophisticated network topologies with one or more VLANs. All of these logical networks are part of a giant physical network and we do best-practice VLAN isolation to make sure that data packets stay within the appropriate VLANs. This ensures that our customers cannot intercept traffic from other customers and creates a protected barrier around your virtual hardware.
What about data? The CenturyLink Cloud makes it easy to provision terabytes of persistent storage that you can easily resize as needed. But when it comes time to delete volumes, we make sure that all virtual disks are automatically wiped so that the next customer always get a blank volume with no way to retrieve data from the previous user. Regarding data encryption, by the end of 2014 we plan on being 100% encrypted at rest and support 3rd party tools for customers to manage their keys.
As mentioned above, noisy neighbors are one of the biggest challenges for multi-tenant cloud providers to handle. The CenturyLink Cloud takes a multi-pronged approach. First, we always leave headroom on host machines and closely monitor usage to know when it’s time to scale. Second, we use features in our hypervisor platform to protect against capacity and latency bursts in CPU and disk. Our storage subsystem is built to handle multi-tenancy and provide protection against I/O bursts. Third, the network is designed to prevent any one tenant from overwhelming the firewalls, and our ample bandwidth ensures that network saturation is nearly impossible.
Finally, you can certainly just “trust us” that we do everything right. But most customers, at first anyway, trust those who audit us. Our data centers and policies are regularly reviewed and we maintain certifications and standards that prove our extreme focus on building a secure environment for your applications.
The platform itself provides built-in multi-tenancy to isolate customers, but how can you build your own isolation WITHIN your account? This is a common scenario for resellers, SaaS provider, and large enterprises who want to logically segment business units or departments. Let’s look at a few options.
One of the best ways to create isolation in your account is through sub-accounts. Sub accounts are containers that can have unique users, permissions, billing procedures, networks, and even branding (look-and-feel). You can choose to inherit various settings from a parent account (e.g. “share parent networks”, governance limits) or treat them as completely independent resources.
Another choice? Use separate VLANS to isolate servers within an account. Consider providing users with remote access to cloud servers but only allowing a small subset of administrators to place the servers on the appropriate VLANs. This makes it possible to have project-specific VLANs where traffic is cleanly isolated from other networks in the account.
A final way to isolate users within an account is through the use of different data centers. The CenturyLink Cloud is spread across the globe, and expanding even more this year. It’s easy to spin up sub-accounts and intentionally constrain users to a chosen set of data centers. This helps you isolate accounts (and applications) to the geographies that work best for your business.
The most advanced cloud deployments depend on multi-tenant platforms. Building systems in this way isn’t easy - it takes careful upfront consideration and steady vigilance to ensure that all users get reliable, consistent performance. The CenturyLink Cloud was designed from day one to excel at multi-tenancy, and you can see that in how we’ve architected the platform and the features we expose to our customers.
Want to try it out? Spin up an account and see how our high-performing cloud can meet your needs today.
“Getting a little bit of the right information just ahead of when it’s needed is a lot more valuable than all the information in the world a month or a day later.” That quote – found in the book The Two Second Advantage by Vivek Ranadive and Kevin Maney – highlights a new reality where responsiveness can be a competitive advantage. Smart companies are building a responsive IT infrastructure where data isn’t just hoarded in massive repositories, but analyzed quickly and acted upon. How can you know more, faster and have better situational awareness?
With an increasing amount of critical IT systems running in the cloud, there’s a need to know what’s happening and act on it. This month, CenturyLink Cloud introduced Webhooks, making us among the first public IaaS cloud providers to send real-time notifications to a web service endpoint. For this initial release, customers can set up Webhooks for events within accounts, users, and servers.
When To Use This?
Webhooks are relatively new idea, although already used by diverse web properties like Wordpress and Zoho. Let’s look at three different scenarios where CenturyLink Cloud Webhooks can lead to better decisions.
Scenario #1 – Data Synchronization
Polling is an inefficient way to retrieve data from an external system, but it remains a popular choice. When you poll a system for changes, you’re effectively asking “do you have anything new for me?” Many times, the answer is “no.” With push-based notifications, the only time you are contacted is when something relevant happens. For example, some customers synchronize CenturyLink Cloud data with their internal support or configuration management systems. They do this for auditing purposes, or to give support staff an accurate picture of cloud deployments. The issue? Staying in sync requires an aggressive polling frequency that needless encumbers systems. Webhooks provide a better alternative.
In the scenario visualized below, as soon as a new server is created in the CenturyLink Cloud cloud, an event fires and a message is sent to an endpoint specified by the customer. That listener service then updates the appropriate internal system. Within seconds, systems are completely synchronized!
Scenario #2 – Anomaly Detection
People love the cloud because of the self-service capabilities and freedom to instantly create and delete servers at will. One downside of this freedom – for service providers anyway – is fraudulent signups. CenturyLink Cloud resellers actively monitor new accounts, but the sheer volume of manual analysis can be daunting. What if resellers could programmatically monitor specific sequences of events and then use that data to flag an account as “suspect” and deserving of special attention? Again, we turn to Webhooks to help react faster.
It’s great that developers can quickly bring gobs of new cloud machines online. But rapid provisioning can occur within the wrong sub-account or under unusual circumstances. In both of these examples, consider using a complex event processing solution that monitors streams of Webhook events and detects aggregate patterns that reveal more than any single event can.
Scenario #3 – Compliance Monitoring
Cloud and governance don’t have to be at odds with each other – and in fact, these two ideas go hand-and-hand when it comes to IT as a service. CenturyLink Cloud already provides customers with many ways to do this today through sophisticated account management capabilities. But we often get customers requesting a “corner case” scenario – like preventing a certain user from being added to an account, or making sure that database servers aren’t given a public IP address. Webhooks are a way for us to programmatically empower customers to support unique scenarios, in self-service fashion. Via Webhooks, users compare events to previous ones using a data repository. This way, customers can immediately find out if a server was changed inappropriately, a user was added to an account, or the contact information was changed. If an out-of-compliance change is made, the customer can respond almost instantly!
It’s very simple to configure Webhooks in the CenturyLink Cloud cloud. Simply visit the API section of the Control Portal and choose Webhooks. Here, users can browse the list of available Webhooks, then specify the “target” URL to receive a JSON-encoded message. Each Webhook is configured with an HTTPS URL, and includes an optional capability to send events that occur within sub-accounts.
For more details on how to create a Webhook listener service, take a look at our Webhook FAQ article in the Knowledge Base. This is an innovative and exciting capability for the platform and we can’t wait to see how customers use it to create more responsive systems and processes!
Elasticity is a core tenet of cloud computing. Cloud has become so popular simply because resources can be adjusted up or down, based on business need, instantly. Manually resizing cloud environments is still MUCH easier than altering physical hardware. But human action is still required, adding human cost to cloud.
A few cloud vendors have attempted to automate this process through “auto scaling” – services that expand and reduce the size environments based on user-defined parameters. However, this capability by and large automates the addition and removal of virtual machines to an existing resource pool. In engineering terms, this is “horizontal scaling” – adding capacity across multiple virtual machines. This approach is useful for consumer applications (think Netflix scaling up for Saturday night), but the enterprise scenario is much different, as we found out in our market research when developing this feature.
While we always recommend that our customers build highly available cloud systems with no single points of failure, there is value is sizing those resources up and down (i.e. “vertical scaling”) instead of only being able to add or remove entire servers. Having multiple servers is key for fault tolerance, but some workloads can benefit from additional server capacity, not just more servers!
This month, CenturyLink Cloud introduced our new Autoscale service. The initial release is focused on vertical scaling of CPU resources, with more vertical scaling (and, yes, horizontal scaling!) on the roadmap. Today, you can now add and subtract CPUs from cloud servers based on user-defined utilization limits. Capacity is added instantly without a reboot and capacity is removed only during user-defined windows of time, to prevent a reboot from occurring during prime usage hours.
We generate massive amounts of data every day. Research firm IDC estimates that 90% of the world’s data was created in the last two years, and the volume of data worldwide doubles every two years. Enterprises are a key contributor to this data explosion as we produce and share digital media, create global systems that collect and generate data, and retain an increasing number of backup and archive data sets. This rapid storage growth puts pressure on IT budgets and staff who have to constantly find and allocate more usable space. CenturyLink Cloud wants to help make that easier and just launched a new Object Storage service to provide you a secure, scalable destination for business data.
What is Object Storage from CenturyLink Cloud? It’s a geo-redundant, elastic storage system for public and private digital data. Based on the innovative Riak CS Enterprise platform, Object Storage infrastructure is being deployed across three global regions: Canada, United States, and Europe. Each region consists of a pair of CenturyLink Cloud data centers that run Riak CS Enterprise on powerful, bare-metal servers. The Object Storage nodes are deployed in a “ring” configuration where data is evenly distributed across the nodes, thus assuring that your data is available even if multiple nodes go offline. When objects are loaded into one data center, they are instantly replicated to the in-country peer data center. This means that an entire data center can go offline, and you STILL will have uninterrupted access to all of your latest enterprise data.
Before diving into this new service, let’s define a few terms:
- Object. An “object” is any digital asset that is less than 5 GB in size. This could be a video that you display on your public website, a PDF file that you are sharing with a business partner, or a database backup file. If the object is larger than 5 GB, then you can do a multi-part upload!
- Bucket. Objects are stored in buckets. A bucket is a logical container that can hold an unlimited number of objects, but not other buckets.
- Region. CenturyLink Cloud has architected Object Storage with unique clusters in three different geographies. Each geographic region has a pair of data centers that hold all of the data uploaded into that region.
- User. An Object Storage user is different from a CenturyLink Cloud platform user and is created separately. While you may create an Object Storage user to represent an individual person, you may also choose to create users that correspond to an application. For example, you may define a user leveraged by your public website that retrieves images and videos from Object Storage.
- Owner. Each bucket has an owner. This is the user that automatically has full control over the bucket and its objects.
- ACLs. Access Control Lists govern who can manage buckets and see objects. By default, Object Storage does not allow any public access to buckets or objects. If you choose, you can provide public, unauthenticated users with the ability to read individual objects. Or, you can choose specific users that have permission to add objects to buckets or view an object.
Managing Object Storage
Interacting with Object Storage is easy. We’ve added a management interface in our Control Portal for Object Storage administrators. From here, you can view a list of users, add new users, and reset user credentials.
The Control Portal also has a bucket administration component where you can view, create, secure, and delete buckets.
Each bucket can have its own security profile. For a bucket such as “website media”, you may let “All Users” have read access to its objects. For buckets set up to exchange large files with business partners, you would likely add read and write permissions for a user representing the chosen partner.
It’s unlikely that you’ll only use a single interface to interact with your data objects. Thanks to the inherent S3 compatibility offered by Riak CS Enterprise, you don’t have to! There is an entire ecosystem of tools for working with object storage that support an Amazon S3-like interface. Want to use a client tool to upload and delete objects? Then check out a utility like the freemium S3 Browser where you can plug in your Object Storage user credentials (and CenturyLink Cloud Object Storage URL) and manage buckets AND objects.
Looking to mount Object Storage as a drive on your database server so that you can easily create and restore backups? Look to a product like ExpanDrive which makes it easy to add Object Storage as a storage volume.
CenturyLink Cloud is among the first cloud providers to offer native, geo-redundant object storage and we’re excited to see how our customers use this to escape the burden of endless provisioning of on-premises storage! Our Canada region is live today, with the United States and Europe following closely. Existing customers can get started right away, and new customers can take Object Storage for a spin by signing up today.
While the cloud has become a welcome channel for companies refining their server footprint, it’s still rare to find an established business that is running *solely* in the cloud. Rather, many companies leverage the cloud for specific workloads and new cloud-first applications, while keeping other servers and applications in-house. But are you tracking your cloud servers the same way you track on-premises ones? Do you have a single place to see a list of ALL your servers and when they last changed? Configuration management databases (CMDBs) are a popular way to store information about IT assets such as who owns them, where they physically are, and their change history. How can you take advantage of the cloud while retaining a complete, up-to-date CMDB? One option is to programmatically link cloud servers to your CMDB through the use of cloud APIs. In this blog post, we’ll see an example of that process in action.
Step 1: Link Cloud Servers to CMDB Entries
Let us first consider the “IT-as-a-Service” scenario where an internal customer portal serves as the launching pad for new cloud servers. Using the CenturyLink Cloud API, customers can easily provision and manage their cloud servers without ever logging into our Control Portal.
Here, the customer’s own portal gives internal employees the opportunity to quickly spin up a cloud server. After adding a record to the CMDB and getting back the CMDB record locator, the CenturyLink Cloud CreateServer API operation is called. CenturyLink Cloud servers can have user-defined metadata attached to them, and in this case, that metadata consists of the CMDB record ID. The server build request is queued by the CenturyLink Cloud engine and the name of the new server is returned by calls to the GetDeploymentStatus API operation. The name of the CenturyLink Cloud server can optionally be added to the CMDB configuration item in order to create a bi-directional link between the systems. At this point, the internal CMDB has a list of servers built internally or in the CenturyLink Cloud cloud.
Step 2: Synchronize Updates
A wonderful aspect of the cloud is the ease by which someone can create, modify, and destroy servers on demand. This means that you do not want to get stuck manually maintaining records of cloud servers that are constantly in flux. Inevitably, the effort to keep the CMDB up to date will fail and it becomes an unreliable record of IT asset configurations. How can you easily synchronize your CMDB with CenturyLink Cloud? Use the APIs!
CenturyLink Cloud’s Engineering team just added new API operations that make it simple to retrieve a list of all servers that have changed within a certain period of time. Customers can run a simple application every evening and invoke the GetAllServersByModifiedDate API operation to pull back a list of all CenturyLink Cloud servers that have experienced the following events:
- Created or deleted
- Paused/powered on/powered off/reset/rebooted/shut down
- CPU count, RAM amount, storage amount changed
- Public IP added or released
- Snapshot created/restored/deleted
- Archived or restored from archive
- Custom (metadata) field added, or value changed
- Software installed or script executed (via Blueprint)
Most of these changes are extremely relevant to a configuration database and provide critical context about the cloud server’s lifecycle. By automating these changes with the API, you can save significant administration time and effort.
CMDBs are a critical component for many enterprises, and your cloud servers should be a visible part of your IT asset management strategy. CenturyLink Cloud is constantly working to deliver a powerful API that provide the glue to connect your on-premises systems and cloud resources. Existing customers have instant access to our API today and new customers can get started by signing up for an account today!