Interoperability between clouds requires more than just VM portability

DevCentral > Weblogs > Lori MacVittie - Two Different Socks

Interoperability between clouds requires more than just VM portability

posted on Tuesday, February 10, 2009 7:59 AM

The issue of application state and connection management is one often discussed in the context of cloud computing and virtualized architectures. That's because the stress placed on existing static infrastructure due to the potentially rapid rate of change associated with dynamic application provisioning is enormous and, as is often pointed out, existing "infrastructure 1.0" systems are generally incapable of reacting in a timely fashion to such changes occurring in real-time.

The most basic of concerns continues to revolve around IP address management. This is a favorite topic of Greg Ness at Infrastructure 2.0 and has been subsequently addressed in a variety of articles and blogs since the concepts of cloud computing and virtualization have gained momentum. The Burton Group has addressed this issue with regards to interoperability in a recent post, positing that perhaps changes are needed (agreed) to support emerging data center models. What is interesting is that the blog supports the notion of modifying existing core infrastructure standards (IP) to support the dynamic nature of these new models and also posits that interoperability is essentially enabled simply by virtual machine portability.

From The Burton Group's "What does the Cloud Need? Standards for Infrastructure as a Service"

First question is: How do we migrate between clouds? If we're talking System Infrastructure as a Service, then what happens when I try to migrate a virtual machine (VM) between my internal cloud running ESX (say I'm running VDC-OS) and a cloud provider who is running XenServer (running Citrix C3)? Are my cloud vendor choices limited to those vendors that match my internal cloud infrastructure? Well, while its probably a good idea, there are published standards out there that might help. Open Virtualization Format (OVF) is a meta-data format used to describe VMs in standard terms. While the format of the VM is different, the meta-data in OVF can be used to facilitate VM conversion from one format to other, thereby enabling interoperability.

...

Another biggie is application state and connection management. When I move a workload from one location to another, the application has made some assumptions about where external resources are and how to get to them. The IP address the application or OS use to resolve DNS names probably isn't valid now that the VM has moved to a completely different location. That's where Locator ID Separation Protocol (LISP -- another overloaded acronym) steps in. The idea with LISP is to add fields to the IP header so that packets can be redirected to the correct location. The "ID" and and "locator" are separated so that the packet with the "ID" can be sent to the "locator" for address resolution. The "locator" can change the final address dynamically, allowing the source application or OS to change locations as long as they can reach the "locator". [emphasis added]

If LISP sounds eerily familiar to some of you, it should. It's the same basic premise behind UDDI and the process of dynamically discovering the "location" of service end-points in a service-based architecture. Not exactly the same, but the core concepts are the same. The most pressing issue with proposing LISP as a solution is that it focuses only on the problems associated with moving workloads from one location to another with the assumption that the new location is, essentially, a physically disparate data center, and not simply a new location within the same data center; an issue with LISP does not even consider. That it also ignores other application networking infrastructure that requires the same information - that is, the new location of the application or resource - is also disconcerting but not a roadblock, it's merely a speed-bump in the road to implementation.

We'll come back to that later; first let's examine the emphasized statement that seems to imply that simply migrating a virtual image from one provider to another equates to interoperability between clouds - specifically IaaS clouds. I'm sure the author didn't mean to imply that it's that simple; that all you need is to be able to migrate virtual images from one system to another. I'm sure there's more to it, or at least I'm hopeful that this concept was expressed so simply in the interests of brevity rather than completeness because there's a lot more to porting any application from one environment to another than just the application itself.

Applications, and therefore virtual images containing applications, are not islands. They are not capable of doing anything without a supporting infrastructure - application and network - and some of that infrastructure is necessarily configured in such a way as to be peculiar to the application - and vice-versa.

We call it an "ecosystem" for a reason; because there's a symbiotic relationship between applications and their supporting infrastructure that, when separated, degrades or even destroys the usability of that application. One cannot simply move a virtual machine from one location to another, regardless of the interoperability of virtualization infrastructure, and expect things to magically work unless all of the required supporting infrastructure has also been migrated as seamlessly. And this infrastructure isn't just hardware and network infrastructure; authentication and security systems, too, are an integral part of an application deployment.

Even if all the necessary components were themselves virtualized (and I am not suggesting this should be the case at all) simply porting the virtual instances from one location to another is not enough to assure interoperability as the components must be able to collaborate, which requires connectivity information. Which brings us back to the problems associated with LISP and its focus on external discovery and location.

There's just a lot more to interoperability than pushing around virtual images regardless of what those images contain: application, data, identity, security, or networking. Portability between virtual images is a good start, but it certainly isn't going to provide the interoperability necessary to ensure the seamless transition from one IaaS cloud environment to another.

RELATED ARTICLES & BLOGS

Technorati Tags: MacVittie,F5,Burton,LISP,IETF,discovery,UDDI,standards,interoperability,portability,virtualization,cloud computing,cloud computing infrastructure,infrastructure,architecture,virtual machine,collaboration,security,orchestration,web,internet,blog

Feedback

2/10/2009 6:14 PM
		Lori, in my opinion it all depends on what customer expects from cloud vendor to provide. I am drawing an analogy with car vs. rocket here. In case of a car most of the things needed are there but certain external features are required in order for a car to work. In case of a rocket this is not so much the case as rocket carries everything it needs with it. I like Latin term from my childhood that surely applies here: "Omnia mea mecum porto." In case of a cloud of all customer expects is basic things, like CPU power, memory, disk, basic networking, you know, the basics and brings all the rest with them this is easy. If customer depends on some additional functionality from cloud vendor - example is legacy hardware application controllers - then portability becomes an issue. In many cases customers are already looking to ADC functionality as an extension of their application and depend on it. This dependency becomes an anchor if ADC is tied to a hardware. We will never see interoperability between ADC vendors to the extent that you can just copy&paste some traffic management rule (iRule in case of F5) into another vendor's hardware. Simply it will not happen. This forces customers to cloud vendors with the same type of hardware ADCs if they want to switch. Or easier if ADC functionality is something cloud customer brings with them as part of their application into the cloud. Want J2EE server? Sure, fire up virtual server and install JBoss, voila! Want intelligent ADC in front of bunch of J2EE servers? Sure, fire up virtual server and install software ADC, voila! Want developers develop application with consideration of ADC in the picture? Give them VMWare server (or Xen or whatever) and give them vitual ADC appliance they can run on their laptops as much as they want. Omnia Mea Mecum Porto!
Izzy

2/11/2009 6:04 AM
		@Izzy Let's step back away from the marketing push of "hardware versus virtual appliance" for a minute because regardless of which model the customer wants, the issue of portability across clouds remains. Even if the ADC is a virtual appliance, there are still issues with configuration and collaboration when moving from one environment to another. It really has less to do with the deployment model and more to do with the connectivity layer. Firing up a virtual appliance is meaningless unless it can be directed to the applications it is supposed to be delivering. Same thing with hardware. The issue with portability and interoperability isn't about deployment models or hardware/virtual appliance/whatever-comes-next, it's about collaboration and orchestration of the connectivity layer. That a virtual image of an application will carry along configuration/operating meta-data is good, but we need meta-data surrounding its dependencies as well for true interoperability across cloud implementations. Lori
Lori MacVittie

2/11/2009 8:18 PM
		Lori, I am arguing that ADC nowadays is part of the application layer. In many cases customer get to depend on its functionality when it comes to their applications. To some extent it is their natural extension of their application. In many cases it is more then that. Its functionality (beyond simple load balancing and acceleration) is critical for the whole application. If we take it even step further, the power of the cloud (in my opinion) is that it shifts power from IT department towards those who do the application. I think this is one of the major driving forces behind cloud adoption. So naturally whatever we do to bring ADC closer to application developers vs. IT/networking more desirable such solutions are to wider range of people. Rapid development is key drivers behind cloud adoption and those developers are not interested into digging into low level coding for performance. So I think that future will belong to those vendors who can cater to new emerging market best.
Izzy

2/12/2009 1:20 AM
		@Izzy On that you'll get no argument from me. ADC, application networking, is a part of the application layer - or should be, if it isn't already. We're in sync on this one. ;-)
Lori MacVittie

Leave Feedback

Title
Name
Email
Url
Comments
Remember Me? Enter the code shown above:
Please add 7 and 3 and type the answer here:

My Links

DevCentral Home
DevCentral Blogs
DevCentral Forums
My Blog
Contact Me
Syndication
Login

Blog Stats

Posts		641		Comments		1204
Stories		0		Trackbacks		343

	Tag Cloud
	acceleration application delivery application security architecture BIG-IP blog cloud cloud computing dynamic infrastructure F5 HTTP infrastructure INfrastructure 2.0 integration internet load balancing MacVittie optimization performance scalability security SOA virtualization web web 2.0 more tags...

Post Categories

		General SOA
		SOA Delivery
		Randomness
		Web 2.0
		Security
		iRules
		iControl
		Development and General
		Monitoring/Management
		XML
		ISV Solutions
		Microsoft Solutions
		Performance
		Cloud Computing
		Virtualization
		WILS
		Infrastructure 2.0

Archives

		March, 2010 (11)
		February, 2010 (20)
		January, 2010 (17)
		December, 2009 (16)
		November, 2009 (20)
		October, 2009 (22)
		September, 2009 (21)
		August, 2009 (25)
		July, 2009 (18)
		June, 2009 (20)
		May, 2009 (20)
		April, 2009 (21)
		March, 2009 (23)
		February, 2009 (17)
		January, 2009 (19)
		December, 2008 (17)
		November, 2008 (18)
		October, 2008 (27)
		September, 2008 (32)
		August, 2008 (31)
		July, 2008 (30)
		June, 2008 (33)
		May, 2008 (30)
		April, 2008 (24)
		March, 2008 (5)
		February, 2008 (4)
		January, 2008 (8)
		December, 2007 (5)
		November, 2007 (6)
		October, 2007 (3)
		September, 2007 (5)
		August, 2007 (7)
		July, 2007 (7)
		June, 2007 (5)
		May, 2007 (11)
		April, 2007 (9)
		March, 2007 (7)
		February, 2007 (10)
		January, 2007 (5)
		December, 2006 (4)
		November, 2006 (8)

Application Delivery

		Infrastructure 2.0
		onizo#
		The Virtual ADC

Cloud Computing

Google Group: Cloud Computing

Random

Security

Rational Survivability

SOA

		Loosely Coupled
		Miko Matsumura's SOA Center
		SOA Enterprise Patterns

Copyright 1996 - 2007 F5 Networks, Inc. | Privacy Statement | Terms Of Use