Cisco Blogs


Cisco Blog > Data Center and Cloud

#EngineersUnplugged S6|Ep15: DevOps Defined (Goat Edition)

November 12, 2014 at 12:06 pm PST

In this Season Finale of Engineers Unplugged, Joe Onisick (@jonisick) and Michael Ducy (@mfdii) discuss GoatOps. Yes, you read that right. What is GoatOps? What does this have to do with DevOps? This is all about process and the necessary changes to make Enterprise workflow flow in modern IT. This is a can’t-miss episode!

Unicorn Challenge, Goat Edition, with Joe Onisick and Michael Ducy

Unicorn Challenge, Goat Edition, with Joe Onisick and Michael Ducy

This is Engineers Unplugged, where technologists talk to each other the way they know best, with a whiteboard. The rules are simple:

  1. Episodes will publish weekly (or as close to it as we can manage)
  2. Subscribe to the podcast here: engineersunplugged.com
  3. Follow the #engineersunplugged conversation on Twitter
  4. Submit ideas for episodes or volunteer to appear by Tweeting to @CommsNinja
  5. Practice drawing unicorns

Join the behind the scenes by liking Engineers Unplugged on Facebook.

Tags: , , ,

Transform DevOps with CA Release Automation and Cisco ACI

DevOps is gaining momentum in many enterprises today. Customers are increasingly realizing the benefits of DevOps and how it helps in breaking down barriers and helps application agility. DevOps enables a constraint free development, continuous application delivery, collaboration and continuous monitoring throughout the Application Lifecycle from Dev to Test to production deployments. A CA led global IT survey in 2013 projects DevOps adoption in 39% of the companies surveyed and another 27% in process of adoption, further testifying the momentum.

CA1

At CA World this week DevOps related topics feature prominently.  Cisco Insieme Business Unit and CA are featuring a breakout session DCT33S on Tuesday Nov 11, on how CA Release Automation and Cisco ACI joint solution helps bring accelerated application delivery with collaboration and efficiency from design to deployment.

CA Release automation and Cisco ACI joint solution is a perfect marriage and showcase for Enterprise DevOps strategy. CA Release Automation enables continuous application delivery by automating application release execution to any environment and on top of any infrastructure whether it is virtual, physical or cloud. Cisco ACI with its Application Network profile and policy model helps provide secure, multi-tenant and a purpose-built Nexus 9000 network environment for compliant applications, across Dev/Test/Staging/Production stages of the application lifecycle.

CA2

CA Release automation uses the Application layout and intent to create Application Network Profiles (ANP) in Cisco APIC and also copies/clones the ANPs to quickly create parallel secure/multi-tenant networking environments on the Dev/Test/production systems. As a result, it is easy for CA Release Automation (CA RA) to move application releases quickly across the Dev/Test/production systems in highly compliant type application environments. Besides, Cisco ACI also enables IT to continuously monitor the configurations and application performance on these multiple tiers to enforce SLA per contractual agreements. The interactions between Cisco ACI and CA RA are illustrated in detail below.

CA3

It is not my intent to capture the entire session detail via this blog. To learn finer details of the ACI-CA RA solution, I strongly encourage you to attend the session DCT33S on Tuesday Nov 11. See you at the show.

Related Links

http://www.ca.com/us/caworld.aspx

www.cisco.com/go/aci

Tags: , , , ,

The Benefits of an Application Policy Language in Cisco ACI: Part 4 – Application Policies for DevOps

October 21, 2014 at 5:00 am PST

[Note: This is the last installment of a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not.  Part 1 | Part 2 | Part 3]

As noted earlier in this series, modern DevOps applications such as Puppet, Chef, and CFEngine have already moved toward the declarative model of IT automation, so there is already some obvious synergy between DevOps and the Cisco ACI policy model. DevOps automation products are also optimizing application delivery processes and are designed to automate critical IT tasks to make the organization more agile and efficient.

In an early 2014 blog post, Andi Mann, vice president of strategic solutions at CA Technologies, wrote about the evolution to DevOps and the synergy with the Cisco ACI policy model:

Though the DevOps approach of today—with its notable improvements to culture, process, and tools—certainly delivers many efficiencies, automation and orchestration of hardware infrastructure has still been limited by traditional data center devices, such as servers, network switches and storage devices. Adding a virtualization layer to server, network, and storage, IT was able to divide some of these infrastructure devices, and enable a bit more fluidity in compute resourcing, but this still comes with manual steps or custom scripting to prepare the end-to-end application infrastructure and its networking needs used in a DevOps approach.

The drag created by these traditional application infrastructures has been somewhat reduced by giving that problem to cloud providers, but in reality this drag never really went away until Cisco innovated application-centric programmability with Cisco ACI. This innovative new solution is now poised to greatly benefit the whole application economy, especially management of the DevOps application environment…

Read More »

Tags: , , , , , , , , ,

The Benefits of an Application Policy Language in Cisco ACI: Part 3 – Group Policies

October 17, 2014 at 5:00 am PST

[Note: This is the third a four-part series on the OpFlex protocol in Cisco ACI, how it enables an application-centric policy model, and why other SDN protocols do not. Part 1 | Part 2 | Part 4]

The Cisco ACI fabric is designed as an application-centric intelligent network. The Cisco APIC policy model is defined from the top down as a policy enforcement engine focused on the application itself and abstracting the networking functions underneath. The policy model unites with the advanced hardware capabilities of the Cisco ACI fabric underlying the business-application-focused control system.

The Cisco APIC policy object-oriented model is built on the distributed policy enforcement concepts for intelligent devices enabled by OpFlex and characterized by modern development and operations (DevOps) applications such as Puppet and Chef.

At the top level, the Cisco APIC policy model is built on a series of one or more tenants, which allows the network infrastructure administration and data flows to be segregated. Tenants can be customers, business units, or groups, depending on organization needs. Below tenants, the model provides a series of objects that define the application itself. These objects are endpoints and endpoint groups (EPGs) and the policies that define their relationships (see figure below). The relationship between two endpoints, which might be two virtual machines connected in a three-tier web application, can be implemented by routing traffic between the endpoints to firewalls and ADCs that enforce the appropriate security and quality of service (QoS) policies for the application and those endpoints.

Endpoint Group Policy

Endpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy ModelEndpoints and Application Workloads Along with Tenants and Application Network Profiles Are the Foundation of the Cisco ACI Policy Model

For a more thorough description of the Cisco ACI application policy model, please refer to this whitepaper, or this one more specifically on Endpoint Groups.

For this discussion, the important feature to notice is the way that Cisco ACI policies are applied to application endpoints (physical and virtual workloads) and to EPGs. Configuration of individual network devices is ancillary to the requirements of the application and workloads. Individual devices do not require programmatic control as in prior SDN models, but are orchestrated according to the centrally defined and managed policies and according to application policies.

This model is catching hold in the industry and in the open source community. The OpenStack organization has begun work on including group-based policies to extend the OpenStack Neutron API for network orchestration with a declarative policy-based model based closely on EPG policies from Cisco ACI. (Note: “Declarative” refers to the orchestration model in which control is distributed to intelligent devices based on centralized policies, in contrast to retaining per-flow management control within the controller itself.)

Read More »

Tags: , , , , , , , ,

Top 10 ISV challenges with Cloud, Analytics, Mobile and Social Transformation

In my previous blog, I highlighted the need in ISV’s business transformation due to various changes in the market. Although ISVs are bound to face challenges as they shift their approach to application development, they must also be weary of the challenges that can come with other technological avenues, including cloud, analytics, mobile and social networks. The following are the top 10 challenges that I have seen ISVs struggling with in today’s market:

  • Domain 1 -- Infrastructure & Environment
    • In today’s cost-sensitive market with tight budgets, ISVs have to decide if there is a business case to build a Cloud to run their production software or host SaaS solution in a public Cloud or hosted Cloud. There are many qualitative and quantitative factors to consider. Qualitative analysis can include new or existing software solution, security, compliance, availability, global reach requirements, IP protection, existing IT resources in-house or lack there-of, etc. Quantitative analysis can include cost per user considering cost of compute, network, storage, support, training, software license, third party integration, human resource cost for development and support, etc.
    • It is easier to do the above analysis for Test environments, where you would need a large number of resources for a short period of testing time. Hence, public IaaS providers can be cost effective if there are no major concerns on Security, Compliance or IP-Protection. In such situations, ISVs can develop software using in-house environments and use public Cloud (or hybrid Cloud) for test environments.
    • ISVs should consider Cattle and Pet strategy (just like a cow in a cattle where if one cow dies, it gets replaced without any big impact to cattle, a server or a VM instance in cloud should be treated the same where if one server goes down, there should not be any impact on the functionalities of the cloud solution. This is unlike a pet -- or a traditional server in legacy environment -- where a pet requires care and create impact if something happens to it) in architecting the software for Cloud to reach higher availability. One should not have a Pet instance that cannot go down. Instead software solution should have failover capabilities and also load balancing capabilities so any server should be replaceable just like a cow in a Cattle. Following are some generic statistics of reliability in Cloud compare to Legacy environments:
      • Legacy has 99.9% reliability for Applications and 99.999% reliability for Infrastructure
      • Cloud has 99.0% reliability for Infrastructure and 99.999% reliability for Application
  • Domain 2 -- Virtualization & Abstraction
    • Evaluating if your software can live on a virtualized server or if it requires bare-metal server, can be the starting point in the Cloud journey. Not every software solution is designed to be on a virtualized server. In this case, it is a critical decision if one should redesign the software or develop it from the scratch or use container technology.
    • Questions, such as: “can (and should) your software do multi-tenancy?”are also very important. This decision can lead to overall impact on how you architect your software solution and evaluate price. Ability to do multi-tenancy can lead to reduced infrastructure to run your solution and hence, possibly reduced price to end customer. One should also evaluate impact of multi-tenancy on security that is required for ISV’s vertical industry. When a SaaS application handles sensitive data, ISVs must know and document how enterprise’s sensitive data is isolated from other tenants’ data. This analysis includes data at rest and data in-transit within the ISV’s SaaS environment, as well as in-transit across other untrusted networks.
  • Domain 3 -- Automation and Orchestration
    • Selecting the right tools for automation of policy-based orchestration, deployment and provisioning can lead to less manual steps, reduced time to setup new customers and enhanced speed to market.
    • Utilizing automation for release management can lead to less errors and smaller numbers of business interruption.
    • As high availability and less time between interruptions for disaster recovery are critical to keep customers in Cloud space, ISVs should have automation tools to do regular testing with simulated disaster situations to verify high availability.
  • Domain 4 -- Customer Interface
    • Since late 1990s, with introduction of Web, ISVs are forced to decide if software should have thick client or thin client or both. Now, with ubiquitous smart phones, popularity of mobile applications and with speedier releases of upgrades on popular mobile platforms such as Google Android, Apple IOS, etc., maintaining and upgrading mobile client can be substantial additional investment.
    • ISVs also need to make decisions on what should be the scope of the mobile client –
      • Should it be an independent software with full feature functionality of software solution, or
      • Should it be a hybrid solution where some feature functionalities are available on Mobile client while the rest is accessed remotely via web and executed in Cloud, or
      • Should Mobile client just be an additional device with remote web client?
    • In addition, with market trends towards integrating third party APIs to expand the feature functionalities of the software, role based identity management is critically important. Additional challenge is that ISVs have to develop flexible solution so they can adjust to different interpretation of different roles by different API providers.
  • Domain 5 -- Service Catalog
    • With SaaS, ISVs have to plan on how to price their software solution per user but also think about how to package the software solution and make it available using web based catalog. This catalog needs to have clear use cases that are easy to understand, aligned to vertical industry needs and price competitive to match customer’s willingness to pay. Moreover, though, any inclusion of third party software solution needs to be transparent to the user; it needs to be clearly defined in the legal language to reduce liability.
    • Development of such price & package is not a simple task. It is an art as one should create unique value perception for all use cases, be competitive, as well as make it easy for the user to decide and differentiate from competition to avoid price discussion instead of value. Moreover, this catalog may need to change regularly based on competitive forces and customer needs.
    • In addition to developing their own catalog, ISVs must also consider how their software solution can be integrated in Partner’s catalog so they can reach broader audience.  This requires considerations, such as how to price it to the value given by partner solution. This may require rethinking on the price as partner based use of ISV’s software solution may not include full feature functionalities.
  • Domain 6 -- Financial
    • Pricing software solution using Pay-per-use model is a challenge that is different from pricing for perpetual license. Pricing needs to be based on the market’s willingness to pay, as competition is just a click away. It also requires considerations and clear understanding that ISVs may not have many months to recover R&D cost due to competitive threats. Hence, it requires clear planning on how fast ISV can get enough customers to reach a breakeven point to cover R&D, customer acquisition & operation cost.
    • Compared to one-time billing for perpetual license, monthly or quarterly ongoing billing for pay-per use is a challenge and it has larger number of collection issues.
    • With the popularity of social media, even clarity and simplicity of regular bill-to-customer is important. Otherwise, ISV runs the risk of having a critical blogger targeting ISV billing practices and impacting reputation and moving customer’s opinion away from ISV. Such customer opinion also provides additional ammunition to competition. Hence, a bill should have enough details that are easy to understand, yet forces customers to see the value and possibly avoid easy comparison with competition.
    • In pay-per-use licensing, ISVs have to develop new strategy for revenue recognition and that can lead to impact on how sales compensations are designed.
    • If software solution includes third party vendors, ISVs need to do appropriate ongoing reporting to the vendor and also understand appropriate impact for tax purposes.
    • How long should ISVs let customer try software solution for free or have a promotional package is based on software solution maturity, market trends and direct competition. This decision alone can lead to high cost of customer acquisition and promotion.
    • Maximizing social networks such as Facebook and Twitter to understand market trends and develop appropriate reports for business impact is critical for today’s success and require additional skills and resources.
    • ISVs needs to develop intelligent reporting for customers, partners and its own management using analytics tools based on software solution. Moreover, making sense out of structured and non-structured data with variety, volume and velocity of data requires different reporting solutions such as use of Big Data Analytics. Each customer click that can span across ISV’s multiple systems and possibly multiple Cloud provider partners that are part of the solution can execute multiple transactions and produce multiple logs. Some of the key analysis that companies could consider based on business maturity to develop correlations and to make future business decisions are: log analysis (web, applications, transactions, database, IT Infrastructure, System Tracking, Errors, Intrusion detection logs), process analysis, user interaction analysis, real time alert & action analysis and historical event analysis. These solutions are not free and require appropriate in house resources such as Data scientists & Business analysts, infrastructure & software planning and investment.
  • Domain 7 -- Platform
    • With growth of Cloud, Linux has become a very popular OS to develop solutions on. One can find many IaaS and PaaS providers offering Linux offers on cost effective bases. That said, though Linux is popular, Windows is not too far away with support from Microsoft’s Azure and few other Cloud Providers. But other Unix flavors are becoming less and less popular day by day. Hence, ISVs have to consider if their software should be migrated to Linux or Windows if they are not developed on them.
    • Based on OS, one also needs to consider existing resource’s familiarity with popular application development platforms, frameworks and libraries. For example, ISVs may be able to find many resources that are familiar with Eclipse compared to other alternatives.
    • Similar to OS, database plays an important role in the stability, performance and cost of the software solution. Per CPU core pricing of Oracle may require additional look when open source database like MySQL has become very stable and popular for many use cases. Many ISVs have found it to be an acceptable alternative. By the way, such consideration may lead to redesign of the software and may not be appropriate for all conditions.
  • Domain 8 -- Application
    • ISVs have to develop a clear strategy that customers get hooked on by providing customers free or cost-effective training, or easy API based integration points for logging, reporting, identity integration, such that customers would not easily consider competition that is just a click away.
    • Decide if ISV should consider languages such as C#, C++, VB, Java or consider light weight scripting language such as Perl, Java Script, PHP, Ruby or Python or both is based on familiarity of existing development team, current code, modularity of the solution and available resources.
    • Large amount of source code is available via open source, and ISVs have to evaluate if it is appropriate for their development team to use it for faster time to market and also consider copy-right issues related to using such open source code.
    • ISVs have to revisit their software solution to understand that it has modular design to take advantage of heterogeneous components offered by the Cloud and also leads to appropriate planning for high availability.
  • Domain 9 -- Security and Compliance
    • As mentioned by Cloud Security Alliance for Application Security, there are four key metrics that apply for Cloud applications -- Compliance and Governance, Identity and Access,  Vulnerabilities and Patching, and Data Security. ISVs must ensure that needed metrics are available for Enterprise customers for their SaaS platform.
    • A good hacker can take advantage of the weakness in the development language for the software. Therefore, ISV needs to establish good coding practices such as input validation, authentication, authorization, configuration management, session management, cryptography, parameter manipulation,  exceptional management, appropriate protection of in-memory data, and audit & logging.
    • ISV should also document following key things for their Enterprise customers:
      • What Web application security standards (input validation, encoding output, preventing request forgery and information disclosure) are being followed by the ISV?
      • What application and infrastructure controls are in place to isolate the enterprise’s data from that of other tenants?
      • How many denial of service attacks were attempted and how were they  handled?
      • How do they manage identity?
      • How do they encrypt data (logs, between multiple application modules, between application and database and between application and third party API based use, etc)?
  • Domain 10 -- Organization, Governance and Process
    • Historically, software vendors are responsible for application development, feature and functionalities while customers are responsible for managing them in their own environment. With SaaS, operating and supporting is also part of ISV’s responsibilities. ISVs capability for continuous software development and with upfront considerations for operations and delivery of that software can allow capture of market opportunity faster and reduce time to get customer feedback. This DevOps software development methodology and considerations for operations is an important evolution compared to historically popular Waterfall or Agile methodologies. It is stated that DevOps methodology of software development reduces approximately 50% time as well as cost for long term operations support.
    • Impact of social network is tremendous and questions such as how are ISVs reaching out to potential target customers with social networking, how to support software online, how to maintain reputation online in the face of a crisis.
    • Many established ISVs have a sales force with tendency to hunt for the customers, transact the deal and leave. SaaS solution with pay-per-use licensing requires farming of the customers. In many ISV’s environment, this ongoing relationship building takes much more effort than sales is trained for, and would want to spend time per customer based on their quota size. Hence, ISVs have to plan appropriate sales strategy to keep sales force motivated.
    • For many ISVs, changing Sales compensations and training sales teams to sell pay-per-use license with minimal upfront revenue have been the most difficult part of this transformation. Established ISVs have to juggle to make sure that bottom line is not impacted too much and they can achieve good growth in subscription revenue for top line growth.
    • In this fast moving market with no permanent friends or foes, relationships for cooperation or competition, ISV has to continuously think who to partner with and how to structure partnership that is based on Customer value and aligned with ISV’s short & long term business strategy.
    • The need to move fast to improve software and remain a step ahead of the competition has lead  established ISVs to develop hybrid solutions while others SaaS based ISVs have become core business services in Cloud(i.e. Workday, Salesforce.com, google app engine etc.), and they are replacing traditional on-premises software vendors. Some ISVs have expanded their reach and capabilities using third party SaaS vendors echo systems, such as Salesforce.com.
  • Existing System Integration
    • Once ISV develops SaaS based solution, system integration with other ISV’s solutions, reporting needs requires modularized thinking and possibly different developer resources as not all integrations are based on simple solution such as REST API. Some still require custom API integrations that may be based on Java or C++. Moreover, such integration should also consider higher availability and scale needs for SaaS solutions.  Hence, ISV builds versus what ISV integrates into using third party API has become an important question of business decisions.
    • Success of ISVs does not only rely on the direct customers but also equality important are echo system partners. So ISVs also need to consider organic approach of today’s fast moving market environment and develop APIs for their key feature functionalities for partner’s to take advantage of. This is one of the very important considerations for DevOps methodology to address needs of development, operations and integration.  This ability to allow someone to integrate to your software using your API (possibly REST based) as part of echo system can offer immense opportunities for ISVs, as it automatically enables you to reach a wider customer base.

In short, it the pressure to continuously adding value when competition is one click away leads to a challenge of existence for ISV and a –poses the question: should ISV continue to be an ISV, or not? Small, agile and nimble ISVs can turn fast with the market trend but that can lead to not having sufficient time to develop efficient processes and procedures. Large and established ISVs have advantage of existing customers and well-oiled operations but changing faster with the time is always a challenge. This Ying and Yang of agility to meet market demand and efficiency to run the business is core to many ISV challenges.

After saying all of the above, not everything is bad for ISV business, as more and more ISVs are coming to market with their unique flavor of SaaS solution. There are many ways to make money in today’s market, such as faster customer reach due to internet, analytics, mobile and social networks as well as , enthusiastic responses from venture capitalists to invest in “good” SaaS based solutions. ISVs that understand the challenges explained and are weary of them will surely experience a positive change in their results.

Visit Cisco Services to learn more about how converging technology trends are shaping the way IT operates and delivers services. Be sure to join the conversation, #CiscoServices.

Additional Sources:

 

Tags: , , , , , , , , , , , , , , ,