Enstratius Cloud Management Overview

The Business Perspective

Enstratius provides cloud governance, automation and independence for enterprises. Think of Enstratius as the enterprise console to the world of cloud computing.

The Enterprise Cloud Management Solution

Cloud infrastructure is an increasingly compelling option for many organizations and applications. Enstratius™ provides a suite of tools for managing that cloud infrastructure. We support the provisioning, management and automation of applications in all leading public and private clouds.

We do this without removing the ability for developers and application operators to choose the configuration management, monitoring and other operation tools that make the most sense for each application.

Enstratius is available as software-as-a-service, or as on-premises software that enables you to control the cloud from within your own data centers. Enstratius provides:

Governance - For the enterprise, the problem is managing many different workloads - most of which need only a few servers to meet demand. However, these workloads frequently have different ownership, compliance needs, integration requirements, and so on.

Enterprise cloud governance is essential for maintaining control over an increasingly complex and integrated systems, services and human resources environment.

Enstratius enables you to meet your governance needs with flexible access controls, logging, financial controls and integration into your internal management systems and access directories.

Automation - The basic needs of enterprises for operations hasn’t changed since the first business software was created—make sure the required functionality is available when it is needed, is provided securely, and meets key performance goals.

The advantage that cloud computing provides is the ability to precisely control how services are consumed to balance demand, cost, reliability, security and performance. Optimizing that balance is what makes the cloud model a game changing IT model. This requires consistent automation applied across cloud platforms and services that are integrated with your IT operations tools.

Enstratius helps you meet the economic and operational advantages of cloud computing through a variety of automation tools including auto-provisioning, auto-scaling, automated backups and more.

Independence - Among cloud computing’s many benefits is the ability to select infrastructure and platform services from a variety of providers. It is this freedom of selection that enables IT to benefit from a competitive market for cloud services.

To enable freedom of service selection, enterprises must adopt cloud management solutions that allow them to take advantage of the cloud services they feel are right for each project, while maintaining consistent controls over how all cloud services are consumed.

Furthermore, the cloud management solution must integrate with the overall IT operations environment. Enterprise cloud independence is essential for maintaining consistent control over vendor choice in services and technologies.

Today we support Amazon Web Services, AT&T Synaptic Storage, Bluelock, CloudCentral, Cloudscaling OCS, Citrix CloudStack, CloudSigma, EMC Atmos, Eucalyptus, GoGrid, Google Storage, HP Cloud Services, Joyent Cloud, OpenStack, Rackspace, Tata InstaCompute, Terremark, VMware vSphere, VMware vCloud Express and Windows Azure. We provide cloud management for windows as well as all leading flavors of Linux.

In addition, we provide Consulting Services to assist you in your migration into the cloud. We can help you design a deployment to meet your target SLAs and address issues such as scaling parameters, security and compliance.

To learn more, review the screen shots below or view an Enstratius demo. If you have questions or would like to discuss your cloud project in more detail, contact us or call 612-746-3091.

The Technical Perspective

Through key management, auto-recovery and cross-cloud support, Enstratius provides reliability and security for your applications.

Your IT Policies and Procedures Delivered In the Cloud

Enstratius focuses on managing the consumption of most major cloud services without locking your enterprise into specific operations tools or processes. By providing a consistent management solution for the governance and automation of application operations across most major public and private cloud platforms, Enstratius is your console for the world of cloud computing.

The Enstratius technology consists of two core elements:

• The Enstratius Cloud Management System
• The Enstratius Guest Agent (optional)

The Enstratius Cloud Management System

• Enables self-service provisioning of cloud resources on any of the clouds we support through a single user ID.
• Watches over your cloud infrastructure, monitoring any combination of supported cloud services -- public, private or hybrid.
• Enforces consistent governance policies for actions taken against your applications in any combination of supported clouds.
• Automates applications running in one or more supported clouds, including provisioning, scaling, backup and disaster recovery.

With the SaaS deployment option, you sign up for an account and we operate the cloud management system for you in our data center that is independent of all the clouds we manage. When any of your clouds fail, you still have access to all of the information about your deployments in the failed cloud(s). Enstratius can automate recovery into a backup cloud or you can manually execute disaster recovery procedures.

Under the on-premise deployment option, you provide the infrastructure, install, and operate your own copy of the Enstratius cloud management system. When Enstratius is deployed on-premise, the solution provides identical functionality to the SaaS version, but is simply operated in your own data center.

The Cloud Management System is architected as a cloud application with automated horizontal scaling in mind.

There are two front-end components:

• The Enstratius API service
• The Enstratius Console service

Both of these services provide access to Enstratius functionality. The Enstratius API provides programmatic access while the console provides the user interface. Both systems are driven by a common MySQL database and may be placed behind a load balancer for automated horizontal scaling.

No session state is maintained in the services themselves. As a result, no sticky sessions are required and user sessions survive service restarts. The services may also optionally be configured to spread database reads across multiple MySQL replication slaves.

There are a number of backend components:

• The Enstratius Dispatcher
• The Enstratius Worker Subsystem
• The Enstratius Key Management System
• The Enstratius Ping Router

These components all store persistent data in a MySQL database and use Rabbit MQ as a message bus. As with the front-end components, the backend components may be configured to spread database read operations across multiple replication slaves.

The Dispatcher
The Dispatcher is a web service that provides an interface into the core Enstratius database and interaction with public and private clouds. The API service, Console service, and Guest Agent all use the Dispatcher to execute tasks on behalf of users and agents.

For example, when a user launches a VM in the console, the console requests the launch through the Dispatcher. The Dispatcher then routes that request to the proper cloud and creates a job that can be tracked through the API or console for monitoring the state of the VM launch. Multiple independent copies of the Dispatcher may be running behind a firewall. Consequently, the Dispatcher supports automatic horizontal scaling.

The Worker Subsystem
Enstratius uses a worker architecture to handle "long-lived" processes and ongoing polling of cloud resources. In particular, there are two kinds of workers handling various tasks:

• Cache workers
• Task workers

Cache workers are running continuously, watching over a specific cloud resource and reacting to changes. A reaction can be as simple as recording a state change in the Enstratius database or as complex as an automated reaction to a change in the state of the cloud. The Worker Publisher regularly looks at all of the resources that need polling and publishes worker jobs to the message queue. The Worker Subscriber then picks up these jobs and manages the cash worker for a finite period of time.

Task workers are "fire and forget" tasks that must execute. For example, an auto-scaling event is a task worker triggered by a cache worker watching over your applications. The cache worker for your application deployment will notice that you have too many or too few virtual machines running for a specific application component and publish a task worker request to the message queue.

The subscriber will then pick up this request from the message queue and spawn off an independent process to execute the task. The task workers are self-healing in that they will re-submit themselves to the message queue in the event of recoverable error conditions.

Because workers communicate via message queue, you can instantiate any number of VMs/physical servers with the Enstratius worker subsystem running on it and have it scale horizontally based on VM load and RAM usage.

Key Management System(KM)
The Enstratius Key Management system is a separate web service accessible only to the Dispatcher and Worker Subsystem. It stores all sensitive data such as cloud API access keys, data encryption keys, and custom configuration files. This data is encrypted using customer-specific encryption keys and stored in the key management system in de-identified rows. Because the encryption keys are customer-specific, there is no master key in the SaaS deployment context for decrypting the entire key management database. A row in the KM database simply looks like this:

key ID (BIGINT) version (VARCHAR) public_part (TEXT) private_part (TEXT)

key_id is a meaningless numeric key; version tells us what kind of encryption is being used; and the public_part and private_part are the encrypted data. The database itself is front-ended with a light-weight web service through which the Dispatcher and Workers create and fetch keys by ID. No encryption or decryption occurs within the key management database or web service.

The Enstratius Guest Agent (optional)

The optional Enstratius Guest Agent is a lightweight web service that you may optionally install on some or all of the virtual machines you have running in the cloud. The

The function of the Enstratius Guest Agent is:

• Establishes a trust relationship between the Enstratius cloud management system and the guest OS.
• Enables extended automation and governance functionality, including executing configuration scripts of your choice when specific events occur.

To learn more, review the screen shots below or view an Enstratius demo. If you have questions or would like to discuss your project in more detail, contact us or call 612-746-3091.