Blog

Scale All of the Things! Go In, Out, Up, Down in the CenturyLink Cloud

Are you getting the full benefit of the cloud if you don’t take advantage of its elasticity? To be sure, there are many ways that cloud environments—running dynamic OR static workloads—can positively impact your business agility. But cloud computing fundamentally changes the relationship between infrastructure and workloads that run upon it; you can constantly right-size by adding and removing capacity on demand instead of being stuck with over-sized or under-powered environments. To do this effectively, you need flexible options for automatically and manually adjusting your infrastructure resources. In this post, I outline five different application scenarios, and which CenturyLink Cloud scaling capability delivers the optimal elasticity solution.

1. Modern web application with variable usage? Horizontal Autoscale!

Horizontal AutoscaleAre most of your internal or external facing web applications in constant, heavy use? If so, I’d be surprised! The applications that your employees rely on may be busy during predictable periods, or, experience load whenever random business conditions occur. Public web applications may spike in usage when marketing campaigns are in flight, or when an avalanche of traffic follows a social mention.

Instead of standing up gobs of (costly) infrastructure that only add value during random usage spikes, consider services like CenturyLink Cloud Horizontal Autoscale. Our Horizontal Autoscale service is a great fit for web applications that cleanly scale by adding or removing virtual servers from a defined pool. Simply park powered off servers in a CenturyLink Cloud Server Group and define an Autoscale policy that outlines criteria for scaling out and in. When that policy is applied to a Server Group and tied to our Load Balancing service, the platform quickly powers servers on and off in response to changes in utilization.

What does it cost to "park" a server? Customers only pay for storage and operating system licensing when a server is powered off. For example, if your mobile web application can satisfy its regular load with three servers (Ubuntu 12.04, 2 CPUs, 6 GB of RAM, 20GB of storage each), it only costs just $15 per month to keep five servers powered off in reserve to handle occasional spikes. That uptime peace of mind will cost you less than lunch for two in a moderately priced Chinese restaurant.

2. Relational database under load? Vertical Autoscale!

horizontal autoscaleLet’s be honest, not EVERY application is designed to scale horizontally by adding more servers to share the load. Rather, many applications benefit by adding horsepower to the existing servers. For instance, relational databases work in multi-server configurations, but each server typically has a lot of resources allocated. In that case, adding more CPU/memory/storage to a given server is a perfectly viable way to handle new demand.

The CenturyLink Cloud is one of the few providers that offer an automated vertical scaling function. Our Vertical Autoscale service adds CPU capacity to running servers without requiring a reboot, increasing capacity based on utilization criteria that you specify. When the usage spike is over, the Vertical Autoscale service will remove CPU capacity and reboot the server during the window that you select. If you need to add storage or RAM to a server on the fly, you can also manually update servers, also typically without a need to reboot. This is a powerful way to take advantage of cloud elasticity without rebuilding your existing applications for horizontal scale.

3. Worker nodes that are falling behind? Horizontal Autoscale!

In loosely coupled, distributed systems, you’ll often find services that work asynchronously in the background. These services may take product orders from your website and update the transaction system, perform financial calculations, render complex animation sequences, and much more. For example, consider a website where people can register for a new, paid service. That system has to perform a fraud check, authenticate a payment method, and create a container for the new user. A "new user signup" message is dropped to a queue, and a set of servers are all tasked with reading data from the queue and processing the request. If the number of signups spikes, these worker nodes can get overwhelmed and the new customers are stuck waiting for their signup confirmation.

In a case like this, it makes a lot of sense to scale the worker nodes horizontally. CenturyLink Cloud Horizontal Autoscale can respond to CPU or memory spikes by powering on (and off!) servers that can instantly help relieve the backlog of queued up requests. Cloud users don’t have to choose a load balancer to associate with an Autoscale policy, so in that case, the Server Group just expands and contracts the number of running servers without worrying about routing traffic to them. A strategy like this can reduce the risk of a poor user experience and encourage customers to trust your application, even during busy periods.

4. Web application with predictable bursts in usage? Schedule-based Scaling!

autoscale managementWe’re probably all familiar with this back-office scenario: at the end of the month, the financial accounting system is overwhelmed by closing activities and invoice generation. To combat these predictable spikes, many companies either (a) deploy systems like this on pricey hardware that always has enough headroom to deal with the spike, or (b) resign themselves to delivering a subpar, slow application during these bursty windows.

There’s a better way! The CenturyLink Cloud is built with automation and management in mind. Apply a "scheduled task" to a server so that it powers on at a specific point each day/week/month to increase application capacity. Create a second scheduled task that powers that server back down when the predictable spike is over. This sort of elasticity is exactly what the cloud is good at, and helps you deliver an optimized application that delights users, keeps costs down, and helps you arrive at business conclusions faster.

5. Cache cluster that needs controlled resizing? Manually scale up/out!

You may love automation as much as we do, but sometimes a scale event requires careful planning and manual resizing because of complexity with the target application. You may not want an automated service resizing your NoSQL database, cache cluster, or mission critical line of business system whenever it detects a heavy load.

In cases like this, you can choose from the full catalog of elasticity options that the cloud provides. Experiencing I/O contention and want to add more servers and spread the intense demand? Clone a running server or quickly build a new one from scratch. Need to add storage to a server that’s rapidly running out of room? Add more space to an existing volume to add a new volume to the running server. Looking to add CPU or memory to a server and then update the application to recognize the new capacity? Immediately add resources and run a script against all the resized servers.

CenturyLink Cloud Scaling Tools Deliver Elasticity

Elasticity is a hallmark of the public cloud. It helps you maintain a dynamic resource pool that expands and contracts to meet business demand. The CenturyLink Cloud offers a leading set of services to help you automatically and manually adjust capacity for one server, or a fleet of servers.

As you migrate applications to the cloud—or design entirely new cloud-native ones—do it with scalability and elasticity in mind!

Related Resources: Hyperscale Server, Cloud Servers, Object Storage, Cloud Orchestration

Our First 140 Days as CenturyLink Cloud

Recent history has shown that after a cloud provider is acquired, the pace of innovation slows and there’s a loss of focus (and staff). If you don’t believe me, check out the release notes (if you can find them!) of some recently acquired cloud companies. It’s not pretty. I’m here to say that we’re different.

140 days ago, the acquisition of Tier 3 by CenturyLink was described as a "transformational deal for the industry." Instead of randomizing Engineering post-acquisition with unnecessary process, and haphazard integrations with legacy and redundant products, we’ve actually accelerated pace of development on our go-forward platform, CenturyLink Cloud. In the past four months, we’ve maintained our software release cadence, grown our team, expanded our data center footprint, actively integrated with our parent company, and solidified a game-changing vision that has retained and attracted a phenomenal set of customers.

We update our cloud platform every month with new, meaningful capabilities. Only a very small subset of cloud providers can make that claim. In the past 140 days, we’ve shipped over 1,200 features, enhancements, and fixes. This includes a new high performance server class, faster virtual machine provisioning, new reseller services, a major user interface redesign, a compelling monitoring/alerting service, a new RESTful API, and a pair of new data centers.

Our ambitious data center expansion is on track. In the past few weeks, we’ve lit up a pair of new data centers in the US. This gives customers access to world-class CenturyLink network, security, and management services in those locations. With 11 total data centers, the CenturyLink Cloud has a greater geographic breadth than all but two public cloud providers. That’s pretty awesome for our customers who want a highly distributed environment for running their portfolio of applications.

Our Engineering team has also grown as additional experienced developers have come on board and contributed in a major way. The Operations team continues to scale out as well while becoming even more efficient at managing infrastructure at scale.  Just as important, we’ve integrated with the broader CenturyLink teams and have a single, comprehensive vision for delivering multiple infrastructure options on a unified platform to a global customer base. Why should organizations compromise when trying to fit their needs into the cloud? With CenturyLink, customers can consume co-location, dedicated hardware, managed services, public infrastructure-as-a-service, and platform-as-a-service all with a single provider. And we’re working to integrate these options into a groundbreaking customer experience.

We aren’t close to being done disrupting this space. The next 140 days will be just as exciting. Try out our compelling platform, or join the team building the future of cloud and infrastructure.

The Six Commandments of Achieving Isolation in a Multi-Tenant (Cloud) Environment

Multitenancy – the concept of using a single (software) platform to serve multiple customers – is a key aspect of nearly every cloud computing platform. Pooling resources results in lower costs for all parties, greater efficiencies, and faster innovation for customers. Are there risks and tradeoffs with this model? Sure, but every technology paradigm has them.

 In this blog post, we’ll look at some core principles for successful multitenancy, see how the CenturyLink Cloud provides tenant isolation, and review the ways that CenturyLink Cloud customers create isolation within their own account. The goal is to simply help customers understand what to look for when assessing multi-tenant environments to run their workloads, SaaS applications, and more.

Core Principles

Any service provider delivering a multi-tenant environment must adhere to these six commandments:

     
  1. Thou shalt isolate tenants within their own network. This one applies mainly to infrastructure-as-a-service (IaaS) providers who promise secure computing environments. Software-as-a-Service (SaaS) customers on a platform like Salesforce.com don’t have this issue as customers do not have access to low level network traffic. When granting virtual machine access to users, the service provider has to ensure that there’s no opportunity to intercept network traffic from other customers.
  2.  
  3. Thou shalt not allow tenants to see another tenant’s metadata. Sometimes metadata can be just as sensitive as transactional data! Multi-tenant service providers must make sure that customers are logically or physically walled off from seeing the settings or user-defined customizations created by other customers.
  4.  
  5. Thou shalt encrypt data in transit AND at rest. Providers shouldn’t let their guard down just because data is within their internal network. Rather, data should constantly be transferred over secure channels, and encrypted whenever it’s stored on disk.
  6.  
  7. Thou shalt properly clean up deleted resources. In a multi-tenant IaaS environment, there is clearly reuse. When a network is released by one customer, another can use it. When a storage volume is removed, that space on the SAN is now available for others. It’s imperative that service providers reset and clear resources before allowing anyone else to acquire them.
  8.  
  9. Thou shalt prevent noisy neighbors from impacting others. This phenomenon is one of the hardest problems to address in multi-tenant environments. As a user, you have no say in who *else* is using the same environment. It’s up to the service provider to make sure that one customer can’t (intentionally or unintentionally) adversely impact the performance of other customers by overwhelming the shared compute, storage, or networking resources.
  10.  
  11. Thou shalt define and audit policies to ensure proper administration of shared environments. Let’s be honest – using a multi-tenant environment involves a bit of trust. As a customer, you have to trust that the service provider has built a platform that properly isolates each customer, and that operational staff can’t go off the reservation and compromise your business. However, to run mission-critical apps in someone’s multi-tenant platform requires more than blind trust; you should also be able to demand to see 3rd party certifications and audits that prove that a mature organization is behind the platform.

Built-in Platform Isolation

With those principles in mind, how does the CenturyLink Cloud platform deliver secure isolation?

IaaS customers can create sophisticated network topologies with one or more VLANs. All of these logical networks are part of a giant physical network and we do best-practice VLAN isolation to make sure that data packets stay within the appropriate VLANs. This ensures that our customers cannot intercept traffic from other customers and creates a protected barrier around your virtual hardware.

What about data? The CenturyLink Cloud makes it easy to provision terabytes of persistent storage that you can easily resize as needed. But when it comes time to delete volumes, we make sure that all virtual disks are automatically wiped so that the next customer always get a blank volume with no way to retrieve data from the previous user.  Regarding data encryption, by the end of 2014 we plan on being 100% encrypted at rest and support 3rd party tools for customers to manage their keys.

As mentioned above, noisy neighbors are one of the biggest challenges for multi-tenant cloud providers to handle. The CenturyLink Cloud takes a multi-pronged approach. First, we always leave headroom on host machines and closely monitor usage to know when it’s time to scale. Second, we use features in our hypervisor platform to protect against capacity and latency bursts in CPU and disk. Our storage subsystem is built to handle multi-tenancy and provide protection against I/O bursts. Third, the network is designed to prevent any one tenant from overwhelming the firewalls, and our ample bandwidth ensures that network saturation is nearly impossible.

Finally, you can certainly just “trust us” that we do everything right. But most customers, at first anyway, trust those who audit us. Our data centers and policies are regularly reviewed and we maintain certifications and standards that prove our extreme focus on building a secure environment for your applications.

Account-level Isolation

The platform itself provides built-in multi-tenancy to isolate customers, but how can you build your own isolation WITHIN your account? This is a common scenario for resellers, SaaS provider, and large enterprises who want to logically segment business units or departments. Let’s look at a few options.

One of the best ways to create isolation in your account is through sub-accounts. Sub accounts are containers that can have unique users, permissions, billing procedures, networks, and even branding (look-and-feel). You can choose to inherit various settings from a parent account (e.g. “share parent networks”, governance limits) or treat them as completely independent resources.

 

Another choice? Use separate VLANS to isolate servers within an account. Consider providing users with remote access to cloud servers but only allowing a small subset of administrators to place the servers on the appropriate VLANs. This makes it possible to have project-specific VLANs where traffic is cleanly isolated from other networks in the account.

 

A final way to isolate users within an account is through the use of different data centers. The CenturyLink Cloud is spread across the globe, and expanding even more this year. It’s easy to spin up sub-accounts and intentionally constrain users to a chosen set of data centers. This helps you isolate accounts (and applications) to the geographies that work best for your business.

 

Summary

The most advanced cloud deployments depend on multi-tenant platforms. Building systems in this way isn’t easy - it takes careful upfront consideration and steady vigilance to ensure that all users get reliable, consistent performance. The CenturyLink Cloud was designed from day one to excel at multi-tenancy, and you can see that in how we’ve architected the platform and the features we expose to our customers.

Want to try it out? Spin up an account and see how our high-performing cloud can meet your needs today.

Cloud Developers & Resellers Get a Boost from CenturyLink Cloud Webhooks

“Getting a little bit of the right information just ahead of when it’s needed is a lot more valuable than all the information in the world a month or a day later.” That quote – found in the book The Two Second Advantage by Vivek Ranadive and Kevin Maney – highlights a new reality where responsiveness can be a competitive advantage. Smart companies are building a responsive IT infrastructure where data isn’t just hoarded in massive repositories, but analyzed quickly and acted upon. How can you know more, faster and have better situational awareness?

With an increasing amount of critical IT systems running in the cloud, there’s a need to know what’s happening and act on it. This month, CenturyLink Cloud introduced Webhooks, making us among the first public IaaS cloud providers to send real-time notifications to a web service endpoint. For this initial release, customers can set up Webhooks for events within accounts, users, and servers.

When To Use This?

Webhooks are relatively new idea, although already used by diverse web properties like Wordpress and Zoho. Let’s look at three different scenarios where CenturyLink Cloud Webhooks can lead to better decisions.

Scenario #1 – Data Synchronization

Polling is an inefficient way to retrieve data from an external system, but it remains a popular choice. When you poll a system for changes, you’re effectively asking “do you have anything new for me?” Many times, the answer is “no.” With push-based notifications, the only time you are contacted is when something relevant happens. For example, some customers synchronize CenturyLink Cloud data with their internal support or configuration management systems. They do this for auditing purposes, or to give support staff an accurate picture of cloud deployments. The issue? Staying in sync requires an aggressive polling frequency that needless encumbers systems. Webhooks provide a better alternative.

In the scenario visualized below, as soon as a new server is created in the CenturyLink Cloud cloud, an event fires and a message is sent to an endpoint specified by the customer. That listener service then updates the appropriate internal system. Within seconds, systems are completely synchronized!

Webhook Example - Data Sync

 

Scenario #2 – Anomaly Detection

People love the cloud because of the self-service capabilities and freedom to instantly create and delete servers at will. One downside of this freedom – for service providers anyway – is fraudulent signups. CenturyLink Cloud resellers actively monitor new accounts, but the sheer volume of manual analysis can be daunting. What if resellers could programmatically monitor specific sequences of events and then use that data to flag an account as “suspect” and deserving of special attention? Again, we turn to Webhooks to help react faster.

It’s great that developers can quickly bring gobs of new cloud machines online. But rapid provisioning can occur within the wrong sub-account or under unusual circumstances. In both of these examples, consider using a complex event processing solution that monitors streams of Webhook events and detects aggregate patterns that reveal more than any single event can.

Webhook Example - Anomaly Detection

 

Scenario #3 – Compliance Monitoring

Cloud and governance don’t have to be at odds with each other – and in fact, these two ideas go hand-and-hand when it comes to IT as a service. CenturyLink Cloud already provides customers with many ways to do this today through sophisticated account management capabilities. But we often get customers requesting a “corner case” scenario – like preventing a certain user from being added to an account, or making sure that database servers aren’t given a public IP address. Webhooks are a way for us to programmatically empower customers to support unique scenarios, in self-service fashion. Via Webhooks, users compare events to previous ones using a data repository. This way, customers can immediately find out if a server was changed inappropriately, a user was added to an account, or the contact information was changed. If an out-of-compliance change is made, the customer can respond almost instantly!

Webhook Example - Compliance Monitoring

Getting Started

It’s very simple to configure Webhooks in the CenturyLink Cloud cloud. Simply visit the API section of the Control Portal and choose Webhooks. Here, users can browse the list of available Webhooks, then specify the “target” URL to receive a JSON-encoded message. Each Webhook is configured with an HTTPS URL, and includes an optional capability to send events that occur within sub-accounts.

Webhook configuration

For more details on how to create a Webhook listener service, take a look at our Webhook FAQ article in the Knowledge Base. This is an innovative and exciting capability for the platform and we can’t wait to see how customers use it to create more responsive systems and processes!

Autoscale – with an enterprise slant – now available from CenturyLink Cloud

Elasticity is a core tenet of cloud computing. Cloud has become so popular simply because resources can be adjusted up or down, based on business need, instantly. Manually resizing cloud environments is still MUCH easier than altering physical hardware. But human action is still required, adding human cost to cloud.

A few cloud vendors have attempted to automate this process through “auto scaling” – services that expand and reduce the size environments based on user-defined parameters. However, this capability by and large automates the addition and removal of virtual machines to an existing resource pool.  In engineering terms, this is “horizontal scaling” – adding capacity across multiple virtual machines. This approach is useful for consumer applications (think Netflix scaling up for Saturday night), but the enterprise scenario is much different, as we found out in our market research when developing this feature.

While we always recommend that our customers build highly available cloud systems with no single points of failure, there is value is sizing those resources up and down (i.e. “vertical scaling”) instead of only being able to add or remove entire servers. Having multiple servers is key for fault tolerance, but some workloads can benefit from additional server capacity, not just more servers!

This month, CenturyLink Cloud introduced our new Autoscale service. The initial release is focused on vertical scaling of CPU resources, with more vertical scaling (and, yes, horizontal scaling!) on the roadmap.  Today, you can now add and subtract CPUs from cloud servers based on user-defined utilization limits. Capacity is added instantly without a reboot and capacity is removed only during user-defined windows of time, to prevent a reboot from occurring during prime usage hours.