Issuu on Google+

Yo u r P u r e, A I X, a n d I B M i Au t h o r i t y

A P e n to n P u b l i c at i o n

S e p t e m b e r 2 0 1 2 / V o l . 1 / NO. 5

Private vs Public

Cloud Smackdown IBM SmartCloud Entry Brings the Cloud to You Exploring IBM Systems Director Security IBM i Chief Architect on IBM i V5R4 to 7.1

It’s Time to Move from AIX 5.3 to 7.1

Plus >>

Yo u r P u r e, A I X, a n d I B M i Au t h o r i t y

A P e n to n P u b l i c at i o n

S e p t e m b e r 2 0 1 2 / V o l . 1 / NO. 5

Private vs Public

Cloud Smackdown IBM SmartCloud Entry Brings the Cloud to You Exploring IBM Systems Director Security IBM i Chief Architect on IBM i V5R4 to 7.1

It’s Time to Move from AIX 5.3 to 7.1

Plus >>

Cover Story ▼

S e p t e m b e r 2012 | Vo l. 1 N o. 5

Private vs. Public Cloud Smackdown ­— Mel Beckman


The public cloud showed IT technologists the advantages of multi-tenant infrastructure, but public clouds do have problems. Private clouds are identical to public clouds but have intrinsic control, security, and performance advantages. Is the private cloud better than the public cloud, or do both have a mission within IT?

Features 33 IBM SmartCloud Entry Brings the


Cloud to You

5 Power News

Secrets of an AIX Administrator, Part 3


New Products


Industry Issues: IBM i Chief Architect Steve Will on IBM i V5R4 to 7.1

Greg Hintermeister Christian Pruett

Power at Work 51 Exploring IBM Systems Director Security




Chris Maxcer

Erwin Earley

Use Kerberos to Morph Multiple Passwords into One


David Tansley

Easy Ways to Trace Your Virtual SCSI Configuration with AIX How to Load a Virtual I/O Server from AIX Network Installation Manager Rob McNelly

for Custom Packing Slips Chris Maxcer

Access articles online at

Industry Issues: It’s Time to Move from AIX 5.3 to 7.1 Anthony English


Anthony English

Power Solutions 72 CURT Connects with Infor IntelliChief

In Every Issue

Hot or Not: Saying Goodbye to Choice Sean Chandler


Advertising Index

Chat with Us Twitter

Cover Story

Private vs Public Cloud Smackdown

Is one cloud loftier than the other?


cloud Infrastructure infrastructure-as-a-service ublic cloud as a Service (IaaS) (IaaS) offerings offerings have withususnow now several years, and proven have proven their been with forfor several years and have their pluck. pluck. you Today you canup spin up a of slew of public servers, Today can spin a slew public cloudcloud servers, load load them virtual appliance software, and ahave a working Webthem with with virtual appliance software, and have working web-facing facing Internet in a single A public delivers resources Internet app in app a single day. Aday. public cloudcloud delivers resources over overInternet the Internet a self-service, pay-as-you-go cost model. If the usingusing a self-service, pay-as-you-go cost model. If your youractually app actually wings andmore needsCPU, more CPU, memory or app sproutssprouts wings and needs memory, or storage, storage, expanding it is aclick simple click (and credit card away. charge) away. expanding it is a simple (and credit card charge) Yes, it’s Yes, it’s that cloud publicinfrastructure cloud infrastructure coststhan moreprivate than private true thattrue public costs more infrainfrastructure the run, long but run,that butgap thatisgap is narrowing, structure over over the long narrowing, which which you’d you’d would think make woulda make a wholesale switch from traditional data think wholesale switch from traditional data centers to centersclouds to public clouds a no-brainer. public a no-brainer. But public clouds have a few pain points that IT pros detest, and as of yet, public cloud operators haven’t stepped up with good solutions. The first pain point is IT’s loss of control. In a private infrastructure equipment and heal it, usually outage, the IT ITstaff staffcan canlay layhands handsononthe the equipment and heal it, usuquickly. Cloud components are “out there, somewhere,” beyond the ally quickly. Cloud components are “out there, somewhere,” beyond reach of IT, instead mustmust depend on the provider’s fixit the reach ofwhich IT, which instead depend on cloud the cloud provider’s abilities (and(which those aren’t fixit abilities aren’t always always adequate). adequate). There There have been some

w w w . P O w W E R I T P RroO . c Oo m

Mel Beckman isis senior editor for for senior technical technical editor POWER IT Pro. POWER IT Pro.

Email Email Website Website

POw W E R I T P RroO / S Eepte P T E m b Eer R 2012

21 1

Cover Story spectacular cloud failures—most recently the 2011 Easter weekend Amazon disaster—that have kept cloud subscribers offline for days. A second pain point is security. Cloud computing means virtual computing, and virtual servers have a host of new vulnerabilities to be mitigated. Do cloud providers do enough to address them? Not always. For some vulnerabilities, no known solution exists in today’s virtualization landscape. A third pain point is performance. As we all know, the “v” in “virtual” stands for “fake.” Cloud servers typically aren’t real, dedicated hardware (although some providers do offer that option at a higher cost). Multiple tenants share physical servers, storage, and networks. One tenant’s workload can bog down the response time of neighboring workloads belonging to unrelated tenants. Thus, public cloud performance is estimated, not guaranteed. But cloud computing is a great idea, and it’s one that enterprise IT data centers decided they wanted to emulate in the form of private cloud infrastructure. Private clouds aim to ameliorate the sting of public cloud shortcomings, and they’ve done that well. With a private cloud, you control the horizontal, you control the vertical, and you control the reliability, security, and performance of your applications. A rivalry of sorts has arisen in the clouds, with public and private advocates facing off over these issues. At stake are billions of dollars of IT spending. Some of those dollars are yours. Before you put money on either contender, you should understand the pros and cons of each, and what you have to do to avoid getting knocked out of the ring.

Public Cloud’s Bum Rush The idea behind a private cloud is to emulate the rapid, automatic provisioning and cost chargeback that public clouds deliver, moving IT out of the role of application expert and into a mission of a provider of reliable utility computing. That’s not as easy as you might think, however, because most public cloud providers closely guard their provisioning and management software. 22

P O W E R I T P ro / S epte m b er 2 0 1 2

www . P O W E R I T P ro . c o m

Private vs. Public Cloud One problem private clouds have encountered is a rush to deploy infrastructure without first developing internal processes for resource management. Internal customers tend to demand favorable treatment for pet projects, and without strong policies that often results in “VM sprawl”—the unrestrained multiplication of virtual machines that are poorly planned and managed. Public clouds are absolutely neutral with respect to customer demand. You get what you pay for, and not a penny more. Until IT can achieve this discipline, private cloud deployments are likely to increase complexity without returning the expected service delivery elegance. The key element of a workable private cloud is the workload management component, which includes servers dedicated to the end user service delivery portal, monitoring, load balancing, and troubleshooting. Ideally, management and workload networks and storage are completely isolated from each other. Building a reliable private cloud platform is often outside the abilities of even expert enterprise IT teams, primarily because the technology is so new. “Private-cloud-in-a-box” vendors help address this problem by providing pre-engineered infrastructure packages, such as IBM’s PureFlex system, which supports both x86 and IBM Power physical hosts. PureFlex has integrated cloud administration hosted on dedicated physical servers with best-practice network isolation. An integrated self-service portal lets VM consumers spin up new servers while tracking costs for internal billing; the portal includes hooks to let IT mediate the deployment process to prevent VM sprawl. And the system supports APIs that let private cloud operators customize management interfaces for internal branding or to meet special control requirements.

Public Clouds Take It on the Chin Cloud computing is a new technology: Amazon launched its Elastic Compute Cloud in 2006, a scant six years ago. So you’d expect its reliability to improve over time. Alas, just the opposite has happened, which gives IT folks pause when considering where to invest their w w w . P O W E R I T P ro . c o m

P O W E R I T P ro / S epte m b er 2 0 1 2


Cover Story future retirement assets. 2011 saw a sharp increase in cloud outages over previous years, starting with the aforementioned Amazon Easter disaster. That single four-day outage power-punched Amazon’s EC2 reliability from the golden “five nines” of IT champions down to a palookaville 98.9 percent. That’s one nine, if you’re counting. But clouds are worldwide, so you must consider the entire planet to get a true measure of cloud fragility. In August 2011, both Microsoft and Amazon’s Dublin, Ireland, cloud data centers were knocked out by lightning strikes. The bell rang after two days of downtime. At about the same time, Microsoft launched its Office 365 cloud, which critics claim should be renamed “Office 363” after a one-two punch of configuration and deployment errors kept many users out of their virtual offices for 48 hours. Google Docs suffered spurious downtime lasting hours in Budapest and its apparent sister city, San Francisco. This year, a leap-year bug hooked Microsoft’s Azure cloud (a digital certificate expired on February 29), taking users to the mat for several hours. These are just the highlights. There have been, and continue to be, many public cloud outages, although 2012 does seem less of a barnburner than 2011. The International Working Group on Cloud Computing Resiliency, formed this year by Telecom ParisTech and Paris 13 University, published the report “Availability Ranking of World Cloud Computing,” noting that the 13 largest cloud providers accrued a total of 568 hours of downtime since 2007. That works out to about five days per year of dark clouds. So clouds don’t yet seem capable of being the sole provider of IT services. A key challenge faced by private cloud operators is they’re blazing new trails in component interoperability. A public cloud uses the same hardware regular IT shops use, just in huge volumes, and the hardware is interconnected in complex, novel ways never intended by its designers. Predicting and countering failure modes in this arena is more art than science. When something does go wrong, the problem often propagates through a cloud’s network, making 24

P O W E R I T P ro / S epte m b er 2 0 1 2

www . P O W E R I T P ro . c o m

Private vs. Public Cloud diagnosis and repair extremely difficult. New technologies such as Software Defined Networking (SDN) and public cloud interoperability standards will let you deploy workloads across multiple cloud operators, distributing the risk of a single operator outage. One good thing has resulted from public cloud outages: Cloud providers have been surprisingly candid about their failures, and appear to have learned from them. Amazon, for example, instituted new procedures and out-of-band management paths in its technician-induced Easter disaster. Google claims it has identified weak points in its dataplex and made appropriate upgrades. All major cloud providers now give users candid visibility into infrastructure uptimes, with status consoles that let you track problems in real time.

Virtualization’s “Snapshot” Glass Jaw Public cloud security is a natural concern for mission-critical enterprise applications, but many IT people believe they can address those concerns with encryption: encrypting data at rest, and in transit, using tokenization, public key infrastructures, and VPNs. Virtualization does introduce some new risks, primarily related to the hypervisor and its interface with the outside world. Of the two general classes of hypervisor—Type 1, which is implemented on “bare metal,” and Type 2, which runs within an OS such as Linux or Windows—Type 1 is the only one considered acceptable for secure public or private cloud operation. Type 1 hypervisors contain only the components necessary to carry out virtualization management tasks, giving them a much smaller attack surface than Type 2 architectures. It’s also common for Type 1 hypervisors to run from read-only storage, making them less susceptible to direct attack. A key aspect of hypervisor protection is to ensure that all management components—and the hypervisors themselves—are isolated from all public Internet access, as well as from virtual networks employed by cloud workloads. Both public and private cloud best practices currently call for this isolation, and generally it’s been well-implemented in public clouds. w w w . P O W E R I T P ro . c o m

P O W E R I T P ro / S epte m b er 2 0 1 2


POWER IT Pro - Sept. 2012