Welcome to the VMware CTO community! And welcome to my discussion of cloud application architectures. There has been a significant amount of technology development in VMware’s application platforms in the last two years, and I’m looking forward to sharing some of the key aspects, including how our application and runtime platforms are being integrated with the underlying virtualization technology.
On a personal note, I’ve been in the application platforms and operating system technology space for 20 years. A significant part of my tenure was 14 years with Sun Microsystems where I focused on application and operating systems performance optimization, analysis and tools – working with all layers of the stack: application platform/databases, operating systems and hardware. I’m the author of “Resource Management”, “Solaris Internals” (Ed 1 and 2), and “Solaris Performance/Tools”.
I joined VMware in 2007 as Chief Performance Architect, and led our cross-company effort to enable virtualization of high-end tier-1 applications, including databases, corporate email and ERP. Our Tier-1 application effort broke through many myths that virtualization was only for small non-critical applications. Gone are those older beliefs that applications with high I/O content aren’t good candidates for virtualization – the I/O architecture of vSphere 4 and beyond has proven that we can drive massive amounts of I/O – in my experience the numbers show that we can drive several orders of magnitude more I/O you would need from a real-world transaction data intensive application. This together with the significant advances made in CPU virtualization efficiency – through relentless improvements in the virtual machine “Monitor” and the more recent hardware support for virtualization — have brought the CPU overhead down to single digit percentages — a point where the values of virtualization far outweigh the cost. We are now virtualizing databases (Oracle, SQLserver, and open source), large ERP systems, and even mission critical corporate email systems.
More recently, my focus has expanded to include what we have been referring to as “next generation applications” – the virtualization of modern, distributed applications on cloud and virtual infrastructure. I’ll also be expanding this conversation to cover the provisioning, deployment and monitoring of these new distributed applications.
From Virtualized Applications to Cloud Applications:
We are amidst a significant change in the way people develop, deploy and monitor applications. Virtualization has made it possible to radically simplify the deployment, management and operation of the applications.
Consolidation and Capital Cost Reduction
Virtualization started out being a great way to reduce capital cost, by allowing multiple physical machines to be consolidated into a single server. Since single-purpose servers were so underutilized (5-10%), consolidation allows better use of the resources and therefore costs to be saved through reduced hardware, power and cooling. Here we focus primarily on performance overheads and “packing density” – i.e. how many virtual machines can I consolidate successfully onto a single server.
Consolidation to improve server utilization
Policy based Deployment and Operational Cost Reduction
In the next phase, automation is used to reduce operational expenditure. Through virtualization, customers are able to further reduce complexity and human interaction. By automating deployment and operational management we can yield a significantly improved operation process – through faster deployments and automated management of capacity. Rather than focusing on a single host, the virtual platform is expanded to a cluster of machines – where hosts are aggregated into pools and applications can be deployed to a “resource pool” across the cluster. vSphere technology automates placement and allocation of virtual machines to physical hosts and resources, according to policy.
This is the first time where the concept of policy became so critical. Once the cluster understands attributes about the workload, it can automate tasks that would have otherwise needed manual intervention. Conveniently, each application typically resides in a virtual machine – and this encapsulation provides a mechanism of transparently controlling the resources. For example, we can control the amount of CPU given to an application through the amount of Mhz scheduled to it, and the distributed resource scheduler (DRS) can control placement of machines to ensure physical hosts are kept at optimal capacity levels.
Distributed Resource Scheduler
The same virtual machine encapsulation is leveraged to measure and control other resources. For example, all networking traffic can be metered and controlled through the virtual machine boundary, allowing security to be implemented according to policy – through vShield zones.
Applications with Policy — vApps
A vApp is a packaged application that can automate installation and configuration. A vApp is an application encapsulated in the open virtual machine format specification. The open virtual machine format (OVF) allows packaging and expression of policy with applications. An example would be an application that is prepackaged and configured with a network security policy – which causes packet filtering to occur. OVF is designed to be extensible, so that we can continue to wrap and add application meta-data and policy as the automation capabilities of the platform expand.
Multi-tenancy and Infrastructure as a Service
Through vSphere and vCenter we can now automate deployment and management of applications according to policy. The next step on the journey is self-service and multi-tenancy. As deployments grow, there is a strong desire to standardize on virtual infrastructure and further reduce complexity. This is done by letting the infrastructure group configure and manage the “infrastructure plant”, and providing direct access to that infrastructure through a set of tools that deal with pure-virtual resources. By providing this access together with controlled allocation of resources and permissions, we create a shared multi-tenant pure-virtual platform which can be directly configured by different business units, departments or even separate customers. This combination of pure-virtual, multi-tenant administration and isolation is the core of what is now called “Infrastructure as a Service” – IaaS.
With IaaS, physical resources are pooled into resource groups, and sub-allocated to tenants by the administrators of the infrastructure. The tenants can carve up those resources and deploy applications in their own desired configurations, without help from the infrastructure group. Furthermore, chargeback can be used to communicate the costs of the resources consumed between the tenant and the infrastructure platform.
Infrastructure As A Service
The IaaS layer is becoming the programmable substrate upon which applications are deployed. The IaaS layer provides the policy driven access to resources, provides the necessary isolation between applications or tenants, and provides APIs for automation of provisioning and deployment.
vCloud Express gives a sneak preview of what is to come in the future VMware vCloud offering.
Modern distributed applications can easily be deployed on the IaaS cloud. The provisioning systems can significantly simplify the deployment and operation of the applications – through automated install/configuration and in some cases policy based management and control of the application.
IaaS is important for application deployment and monitoring systems, since the entire virtual environment can be programmed via an API. Applications can be packaged up and deployed and then controlled automatically by the tenant, according to policy.
Modern Distributed Apps – Advanced Encapsulation
For many of the traditional legacy applications, there is a simple mapping between application and virtual machine – where an application can be contained within a single virtual machine. This encapsulation makes it easy to control and measure policy.
However, many modern applications are distributed and have multiple tiers in their architecture – often including a web/caching layer and an application runtime layer, each with one or more nodes.
With the evolution of these models, the application is represented by a more complex topology than the simple application to virtual machine one on one relationship. This creates an opportunity for a multi-vm application definition, mechanisms for provisioning such an application, and for controlling resources/policies to the application as a whole.
In vSphere 4, we extended vApp to allow encapsulation of a multi-VM application, which allows representation of this type of topology.
In addition, we are seeing new application deployment and runtime systems that co-ordinate and manage these topologies automatically, according to policy.
There are additional opportunities to provide SLA based control to multi-node applications. Applications can scale-up (provide more resource to the same number of nodes), or scale-out (run more nodes). The best choice of scale-up vs. scale out is an architectural pattern which is most suitable for the runtime and application in question, and intelligent provisioning systems will be able to take advantage of these choice to provide performance guarantees based on the application SLA.
There are two type of cloud application architecture used for these apps – a virtual-machine based application encapsulation, and platform as a service (PaaS).
The virtual-machine based encapsulation refers to the application being implemented as a discrete topology using virtual machines – such as a vm for the web server, a vm for the app server nodes etc. Our Studio and vApp encapsulations provide the foundation for encapsulating these types of applications, and are the key mechanism for attaching policy.
VM-based Application Example
In future posts, I will be discussing some of the automation features that are being used to encapsulate and deploy scalable web applications. I’ll begin to talk about some of the architectural choices and design approaches for the best scale and automatic management capability – including auto-scaling.
Platform as a Service – Radical Simplified Deployment Experience
A platform as a service is used when the developer and deployment architecture no-longer express an opinion about how the application is deployed – the choice of which infrastructure components are deployed to provision an application are completely abstracted. We see this as the architecture of choice for application platforms in the cloud, and it is our architecture for “VMware Developer Services”, which will debut as part of the VMware, Springsource and Salesforce partnership. I’ll be covering more about these types of architectures in future posts.
Moving up the stack, the application framework provides even more significant opportunity for understanding and controlling application SLA and policy. For example, an application running in the Spring environment can be fully instrumented through Spring Injection so that we know every transaction’s response time and path through the stack, allowing unparalleled observability and control. The Spring Insight performance monitor is a great example of framework level instrumentation. In addition to performance, we are building out controls and hooks for other types of application policy, base on application awareness.
The ultimate goal is to provide one-touch deployment from develop through provision, where the application is provisioned and managed according to SLA and policy settings for the application and it’s deployment environment.
We are continuing to develop the technology in the platform stack to significantly reduce the time and complexity required to deploy and manage applications.
Future topics for this blog will include a discussion on application architectures for scaling out, monitoring and deploying distributed applications in a virtual/cloud environment, the integration efforts underway between our SpringSource Java runtimes and vSphere, and the application cloud.
Please let me know your thoughts! I would enjoy a dialogue with this community, and greatly value the perspective of our colleagues.