A Framework for Controlling and Managing Hybrid Cloud Service Integration

A Framework for Controlling and Managing Hybrid Cloud Service Integration

Gerd Breiter

IBM Software Group, Tivoli Schoenaicher Str. 220 Boeblingen 71032, Germany e-mail: gbreiter@https://www.wendangku.net/doc/ca14912476.html,

Vijay K. Naik

IBM T. J. Watson Research Center 1101 Kitchawan Road, Rt. 134 Yorktown Heights, NY 10598

e-mail: vkn@https://www.wendangku.net/doc/ca14912476.html,

Abstract—In this paper, we first describe the challenges and pain po ints o f ado pting o ff-premise clo ud-based co mputing services by enterprise users. To address these challenges, we have develo ped a hybrid clo ud architectural framewo rk fo r co ntro lling and managing netwo rk o f integrated co mputing services in o n- and o ff-premise clo ud enviro nments. We identify three types of integration patterns that are commonly observed and describe support in the hybrid cloud framework f o r such patterns. The framew o rk all o ws creati o n, mo dificatio n, and management o f integrated hybrid clo ud services. Using this framework, we describe how solutions can be designed for policy-based access to cloud services from on-premise environments and for policy-based secure access to on premise data fro m o ff-premise clo ud based services. The framewo rk o ffers capabilities fo r (i) o n-demand capacity expansio n o r clo ud-bursting, (ii) service co mpo sitio n and management acro ss multiple clo ud do mains, (iii) unificatio n and custo mizatio n o f service o fferings fro m multiple clo ud service pr o viders, (iv) seamless integrati o n o f c o mm o n wo rklo ad management services such mo nito ring, metering, and security, and (v) unified governance of IT operation across the hybrid clo ud,. We then describe a realizatio n o f this architecture that has served as the basis of IBM’s hybrid cloud s o luti o n o fferings and describe h o w the hybrid cl o ud framewo rk described here mitigates so me o f clo ud ado ptio n risks and lowers or eliminates the inhibitors.

Keywords-Hybrid cloud, service integration, management, control, appliance

I.I NTRODUCTION

The promise of cloud based services is to reduce cost, simplify IT management, and improve productivity via automation and standardization. However, the reality for users and IT managers is that to benefit from today’s cloud based computing services, often they must adopt to cloud service provider specific interfaces that are incompatible with one-another and with existing on-premise management services. In public cloud environments, they must also be willing to share underlying infrastructure and services with other users, lines of businesses, and even with competition and adversaries. Moreover, privacy and compliance issues around data and existing investments in IT infrastructure, middleware, business applications, and in management components tend to provide opposing forces to adoption of cloud based shared services. While private clouds mitigate some of the risks associated with public cloud based services, private clouds also tend to limit the upside benefits of cloud computing. As a result, hybrid cloud solution is increasingly viewed as a solution with potentials to provide the best of all worlds.

Conceptually, hybrid cloud is an integrated cloud environment that can seamlessly combine a private cloud services such as those in IBM’s PureSystems cloud [1] with one or more public cloud based services such as those in IBM SmartCloud Enterprise (SCE) [2] and Amazon EC2 [3]. More generally, hybrid cloud can be an integration of traditional IT and one or more private and public clouds. Realizing seamless integration across multiple cloud environments while maintaining integrity of each environment is far more challenging than simply designing a public or a private cloud. Some of these challenges include maintaining uniform control and transparency over all resources in hybrid cloud whether they are part of a private or a public cloud. Organizations want to have greater visibility into public cloud infrastructure that is being integrated with their private clouds or other IT so that their data and resources are not compromised while their users can benefit from the public cloud resources in a cost effective manner. Other management challenges include integrated workload monitoring, managing SLAs, license management, maintaining data privacy and security in shared environments. Public cloud providers do not address these issues satisfactorily nor do they offer mechanisms that enterprises can adopt for their specific integration needs. If not properly managed, typical public cloud adoption in a hybrid environment can result in lack of control over all owned resources, lack of visibility into overall costs and data relocation, and possible loss of valuable data assets.

Shown in Figure 1 is a schematic of a desired hybrid cloud solution that can seamlessly and transparently extend and augment the virtualized on-premise infrastructure and private cloud resources with those in the public clouds. Such a solution allows enterprises and individual lines-of-businesses to control and manage integrations using policies while providing the experience of seamless integration to users and workloads. In this paper, we describe a framework to realize these objectives and lay the foundation of the hybrid cloud framework and address key integration issues. Here we do not address all the challenges related to hybrid cloud integration. These will addressed in future publications. A note on the figures in this paper: since some of these are in color, they are best viewed on a color screen rather than on a black-and-white print out.

2013 IEEE International Conference on Cloud Engineering

Figure 1. Schematic of hybrid cloud formed by controlled integration of cloud-based services with on-premise applications and data.

In the next section, we highlight the key requirements. In Section 3, we describe some of the typical patterns and scenarios. We then describe the architectural framework in Section 4. In Section 5, we describe key salient points of IBM Hybrid Cloud Solution, which is based on the framework described here. In Sections 6 and 7, we review some related work and conclude the paper.

II.C HALLENGES AND RE QUIREMENTS

A hybrid cloud spanning across multiple cloud domains extends the capacity and capabilities of component clouds. However, to be functional and useable, the experience from both end user and administration point of view needs to be seamless. This means heterogeneity across component clouds needs to be masked by homogeneous uniform portals, dashboards, and other management controls. It also means users and workloads from any component of the hybrid cloud are subject to the same policies, controls, and governance across the entire hybrid cloud wherever the services they are using are delivered from or workloads are processed. IT administrators of individual domains, especially those of private cloud and datacenters want to ensure that they are able to enforce policies on what workloads are processed where, what types of resources and services are appropriate for their users and workloads. They also want visibility into usage, accounting, and ability to charge back to lines of business, departments, and end users. On top of all these requirements, data security, privacy, and compliance make the hybrid cloud integration challenging problem.

Simply stated, enterprises with large investment in IT want to augment their existing IT services with selected services in the cloud to create value to business, while protecting their key data assets. What is to be avoided are the use of separate technologies to manage different types of integrations; fragmented infrastructure/device sprawl; and duplication of integration processes.

Thus, the hybrid cloud integration requirements may be summarized as follows:

x Interoperability and openness across on-premise and public cloud environments

x Extensible architecture that is easy to integrate with existing systems, tools, and applications; x Uniform infrastructure experience hiding heterogeneity and being able to manage heterogeneous environment using single dashboard

x On-premise control of sharing and composition of services and sharing of information

x Policy-based sharing of data and services

x Ability to select cloud services from a variety of providers and create secure compositions

x Ability to specify how and when to acquire and release IaaS or PaaS resources; Integrations need to be controlled dynamically in response to changes in business requirements

x High degree of automation and availability across multiple datacenter environments

x Security and policy-based isolation in a multi-tenancy environment

x Ability to integrate with existing on-premise middleware and application and ability to integrate cloud services with existing data sources.

In the following, we outline architecture and design of a hybrid cloud solution that address these requirements.

III.INTEGRATION PATTERNS

Different types of integration patterns arise depending on the types integrations desired. These patterns influence architecture and design of the resulting hybrid cloud solution. These patterns may be categorized into two types of integration patterns: horizontal integration and vertical integration. The integration framework described in the next section supports both types of integration patterns.

A.Horizontal or Homogeneous Integration

In a horizontal service integration and composition, the integrated on-premise and off-premise services are of the same type. Provisioning compute server capacity in a Cloud to handle workload overflow in another cloud, is an example of horizontal or homogeneous service composition. In this type of integration, the component services derived from on-premise and off-premise are similar or may even be identical. Expansion of any type of on-premise capacity – server, storage, virtual desktops – into the cloud is an example of the horizontal service composition pattern. Typically in a horizontal service composition, dependencies between on-premise and off-premise components are weak. In other words, the component services provided from on-premise or off-promise continue to perform even if the other component is unavailable or de-provisioned or disconnected.

1)IaaS layer integration

IaaS layer integration is horizontal integration at the level of server, storage, network, virtual machine, or virtual desktops. They are further homogenized by the use of standard operating environments. The integration is achieved by provisioning resources in a cloud and then pooling those resources to create a homogeneous environment for higher level applications and software.

2)PaaS layer integration

PaaS layer integration is more specialized than IaaS layer integration. PaaS implies specific types of middeware services such as those offered by a database server or an application or web server or by complex 3-tier application pattern. The PaaS integration may be achieved using the abstractions of patterns rather than low level resources such as servers and storage.

B.Vertical or Heterogeneous integration

In this type of composition, heterogeneous types of services are integrated where one service provides supporting service while the other service is the dependent or the consuming service. Together they form a composite service that is consumed by the end user or another service. The consumer of the integrated service may only be aware of the top-level service and not of the services that the top-level service depends on. Each service component may be provisioned in its own cloud. Thus, vertical composition patterns enable higher-level cloud services to be composed of components or services from lower-level cloud services. The higher level dependent cloud service and lower level supporting cloud services may be provisioned in the same cloud or in different clouds. In a vertical service composition, the dependencies from one cloud service onto another cloud service are typically unidirectional and, unlike horizontal service composition, dependencies may not reverse over time as a result of some external condition.

1)Integration of SaaS with on premise applications and data

A typical example of a vertical composition is the integration of a SaaS service such as Customer Relationship Management (CRM) with on-premise Enterprise Resource Planning (ERP) application and/or with data sources. The resulting integration is a complete solution that provides a certain service to the end users. The integrated components are complimentary and depend on each other. The SaaS service must be integrated with on-premise services such that data and applications are available in a consumable form. This may require integration component to perform additional transformations and not merely act as a connector.

2)Service compo s ition s over lower layer s ervice components

In this type of integration, multiple types of service layers may be integrated. For example, a PaaS provider may use the virtual machines and storage provided by one or more IaaS service providers to create PaaS service offering. Typically the lower level services are composed into higher level services by means of customized configurations that are meaningful at the higher level.

C.Integration of Management Services

Integration of management services across hybrid cloud components requires special considerations. Typically the objective is to allow an administrator or user to view and manage the entire hybrid cloud as one homogeneous cloud even if the components of the hybrid cloud are disjoint and heterogeneous. Some examples of integrated management are monitoring workload across the hybrid cloud, license and usage management, hybrid cloud wide user-id management, enforcement of security and compliance policies, and so on. Such composition may integrate management services provided by individual component cloud service providers. For example, a IaaS service provider may provide monitoring service for monitoring individual VM instances.

A hybrid cloud monitoring service may use of the VM monitoring service to monitor a workload deployed across hybrid cloud. These type of integrations may be broadly classified into two categories: (i) management by aggregation and (ii) management by delegation.

1)Integrated management by aggregation

For management services such as monitoring and metering of hybrid cloud services, information from the components needs to be gathered and aggregated. The aggregated information can then be subjected to further processing such as event-correlation or report generation. In such types of composition of management services, individual component services can be monitored and metered by the corresponding service provider and that information can then be aggregated to create the required monitoring or metering of the integrated service.

2)Integrated management by delegation

For management services such as security and privacy enforcement requires attaching the policies with data or with specific workloads and enforcing those policies wherever the data or workload is processed. This requires setting up of the policy enforcement mechanisms prior to the processing of data or workloads. Service providers may provide trusted services that hybrid cloud management services may use to create and manage the hybrid cloud services. In such cases, the trusted services allow delegation from on-premise into the off-premise cloud service environment.

IV.ARCHITECTURE

We now describe the architecture and the framework for creating a hybrid cloud solution. Shown in Figure 2 is a schematic of this framework. For the purpose of simplicity, we assume that the hybrid cloud is a composition of on-premise services and resources integrated with off-premise cloud based services. The control over the hybrid cloud is enforced from the on-premise. This is the most common use case for hybrid clouds. However, the same framework holds for hybrid clouds formed by integrating private-to-private, and public-to-public and other integration combinations.

A high-level view of the hybrid cloud integration architecture is shown in Figure 2. The left side box depicts Enterprise IT environment possibly including any on-premise private cloud. On the right side shows the off-premise cloud based services. The IT management components such as those for managing security, governance, service management, monitoring, etc. in the enterprise IT environment are expected to be used in controlling and managing the integrated services in the hybrid cloud. The data and applications in the enterprise IT are to be part of the integrated solution. The component shown in the middle forms the hybrid cloud management layer. It allows for integration of services and resources as well as for management and control of the integrations. This

component allows creation and deployment of integration enablers as plug-ins and dynamic management of the integration enablers. The dynamic management may be accomplished using administrator specified policies or by direct user specified directives.

In case of service integrations such as IaaS service integration, the integration plug-ins need to conform to the service provider API and interfaces so the cloud delivered services can be effectively consumed by integration. The integration enabler also needs to conform to the on premise applications or other systems that are to be integrated or, in case of integration with multiple on-premise applications, the enabler needs to provide a common denominator so that the applications can be programmatically integrated.

In case of data integration plug-ins, the plug-in needs to provide the capabilities to transform data in a form that is consumable by the cloud service and similarly transform the data produced by the cloud service into a form that is compatible with on-premise data sources. Since the transformations are simultaneously a function of the SaaS service in the cloud and on-premise the data sources, these plug-ins need to have built-in transformers or the transformation rules needs to be specified by the integration specialists. In addition, these plug-ins need to provide user specified filtering capabilities so data can be selectively processed in the cloud.

Finally, in the case of management integration plug-ins, plug-ins may need authorization and privileges to access and configure service instances in the cloud as well as privileges

to access and configure on-premise management components. Therefore, such plug-ins must be deployed in a secure and trusted environment. In many cases, to bring about automation and dynamic management of integrations, the plug-ins need to interact with one another as well as with other types of integration plug-ins. For example, the monitoring plug-in needs to interact with the provisioning integration plug-in so monitoring can be enabled or disabled as the provisioned instances and services undergo lifecycle changes.

In summary, the plug-in oriented hybrid cloud integration architecture described here enables:

x Control over integration and service composition, provides means for trusted composition

x Integration of on-premise infrastructure (including servers, storage, and network), middleware, applications, and data with select services provided by

one or more cloud providers – both private and public.

x User directed as well as policy based management and control of service and data integrations

Figure 2. A schematic of the hybrid cloud integration by providing management controls at the edge of the enterprise for integration of off-premise service

integration with on-premise applications and data.

x Policy-based integration management including ability to set access control policies, policies for reconfiguration and sharing, and license management

policies

x Data integration components include proxies and brokers, and various types of data transformers

x Federated hybrid cloud environments.

V.REALIZATION

Based on the framework described above, IBM hybrid cloud solution – formally known as IBM Service Management Extensions for Hybrid Cloud – has been designed [4]. This solution is shown in Figure 3. In that figure, the on-premise management components such as those for monitoring (e.g., ITM), service management (e.g., TSAM), and directory integration (e.g., TDI) are shown on

the left side and cloud based services to be integrated and managed are shown on the right side. Specific types of integrations are enabled by deploying and configuring integration specific plug-ins in the Hybrid Cloud Integrator (HCI) shown in the middle.

Figure 3. End-to-end integration using Hybrid Cloud Integrator: (1) On-Premise service management components, (2) Hybrid Cloud Integrator with Tivoli plug-ins for Provisioning, Monitoring, and Directory Integration, and Cast Iron SaaS Application Integration dep deployed on DataPower XS40 with Secure Hybrid Connector, (3) Hybrid Cloud Integrator Connections, (4) Public cloud services with access permissions

HCI provides a framework for enabling various types of integrations and provides connectivity to off-premise cloud based services that are to be integrated and managed. The HCI layer itself is deployed on WebSphere Cast Iron platform. WebSphere Cast Iron is available in three different form factor: as a physical server, as a virtual server, and as a service deployed in the cloud. HCI along with the integration plug-ins deployed on it can be layered in WebSphere Cast Iron platform in any of its three form factors. However, for an hybrid cloud integrating on-premise IT with off-premise cloud services, the first two form factors are more relevant.

IBM Hybrid Cloud Solution consists of two main components:

WebSphere Cast Iron Integration Platform: Provides an appliance platform for deploying and managing Hybrid Cloud Integration components at the edge of the enterprise network. Plug-ins for hybrid cloud service integration and management are developed, deployed, and configured on top of this platform. It provides plug-in and integration agnostic run-time environment including GUI and command line interfaces for general administrative and plug-in specific life-cycle management tasks. It provides a trusted environment in which integration specific plug-ins can perform their functions and safely interact with one another. This way, plug-in developers can focus on the integration specific capabilities without worrying about user or life-cycle management interfaces. Typically, integration specialists develop plug-ins for specific types of integration, while the integration administrators deploy and configure specific integration plug-ins in HCI environment using the WebSphere Cast Iron Express dashboard.

The architecture of this component along with several integration plug-in components is shown in Figure 4. In Section 5.1, we describe in some detail two of the key plug-

ins – Cloud Service Broker (CSB) and monitoring plug-in.

Figure 4. Layered architecture of hybrid cloud integrator that allows independent development and deployment of management plug-ins for

controlling different types of hybrid cloud management integration

functions

Some of the capabilities of this platform include a complete multi-tenant cloud service that clients can use to design, run and manage all cloud integrations, as well as a new virtual appliance that can be installed on existing servers.

Service Management Extensions for Hybrid Cloud: These extensions consists of the integration plug-ins

mentioned above as well as the extensions to existing management components so they can be integrated into forming complete hybrid cloud services using the integration plug-ins. With Tivoli software for hybrid clouds, clients can use same IT management practices and processes as those used for managing the on-premise resources.

A.Integration Plug-ins

We highlight two types of integration plug-ins here. 1)Cloud Service Broker for IaaS Integration CSB is one of the key service management integration plug-ins deployed in the HCI framework. The main function provided by CSB is to enable integration with one or more IaaS service providers using a single Standard IaaS layer of abstraction supported by CSB (e.g., the Standard IaaS API [5]). Thus, clients of CSB use only CSB API to integrate with any of the off-premise IaaS cloud services supported by CSB. Interoperability is provided through the implementation of client facing Standard IaaS API, masking access details and API changes of back-end cloud providers. Figure 5 above shows CSB as a plug-in deployed on HCI platform. On right side of CSB is a workload manager – a representative CSB client – that interfaces with CSB using its RESTful API. On the left side are IBM SmartCloud Enterprise (SCE) and Amazon AWS. These two public clouds are shown as representative of off-premise public IaaS clouds. Integration with each specific cloud is handled via a plug-in of CSB. To facilitate integrations with other new IaaS clouds, an SDK for developing CSB plug-ins is provided. Support for new cloud types can be loaded dynamically to CSB by loading plug-in jar, property files, and cloud-access jar files to the Cloud Service Broker

framework.

Figure 5. IaaS integration for hybrid cloud using Cloud Service Broker

plug-in CSB maintains a directory of supported IaaS clouds and for each cloud provides following services: image discovery, listing of services being consumed, life cycle management services on images, VM instances, storage, network, ip addresses, and security keys. Life cycle management services include: create, list, start, stop, modify, and terminate.CSB also acts as an enabler for integration of other management services including security and isolation, monitoring, and metering of cloud services consumed. These other plug-ins as well as the enabler role played by CSB will be described elsewhere. 2)Monitoring Plug-in

Monitoring plug-in is a management by aggregation type of integration plug-in deployed in the Hybrid Cloud Integrator platform. The monitoring plug-in deploys and manages the monitoring network required to monitor,

channel, and aggregate monitored data from various cloud-based services to the on-premise monitoring server. This is shown schematically in Figure 6. It shows the monitoring of service instances in SCE and AWS EC2 using either agent based monitoring or using cloud provided monitoring API. The monitored data in the cloud is aggregated at a gateway and then brought into the on-premise using another on-premise side gateway. The formation of the pair of gateways allows navigation of the monitored data through the enterprise firewall. Once the monitored data is on-premise, it is then processed by a monitoring server just like any other monitored data from on-premise device or service. The monitoring plug-in enables the automation in setting up the gateways as well enables dynamic monitoring of instances and services deployed in the hybrid cloud. Figure 6. Integration for monitoring workload in hybrid cloud

IBM Tivoli Enterprise Portal Server (TEPS) is a component of the monitoring service which includes a dashboard. TEPS dashboard typically allows administrators and users to view monitored data aggregated from one or more monitored endpoints (e.g., VM instances) deployed in the on-premise environment. Monitoring agents monitor the endpoints and send the data to the monitoring server (e.g., Tivoli Enterprise Monitoring Server (TEMS)) and from there the aggregated data is processed and displayed in the dashboard. In case of

hybrid cloud, the monitored instances may be in different networking domain than where the TEMS server is located.

In such cases, firewall and other networking issues must be addressed before the monitored data can collected in one place. The monitoring plug-in described earlier makes this possible. The network topology information for hybrid cloud is provided to the monitoring plug-in when it is deployed and configured. Using the topology information and the network location of TEPS, the monitoring plug-in sets up the network of gateways in the hybrid cloud and enables hybrid cloud monitoring. Once the monitored data from the hybrid cloud services can be aggregated, various higher level monitoring

related tasks can be performed. For example, in the TEPS

portal, the administrator can install/configure/administer monitoring workspace for hybrid cloud, monitor hybrid cloud resources, create alerts, access data warehouse (TDW) to store and analyze historical data, analyze data, define and manage situations, take actions on detected situations, perform event correlation, programmatically forwarding events , and so on.

B.Appliance-based Integration Platform The integration plug-ins such as CSB need to be deployed and configured before they can perform their integration tasks. Moreover, to enable the desired on-premise control over the hybrid cloud integrations, the plug-ins and the integrations need to be administered and managed during their entire life-cycle. This level of control is enabled using the HCI framework and is exercised using WebSpehere Cast Iron Express console. A sample screenshot of the console is shown in Figure 7. Using the console, administrators can upload a new plug-in. Once the plug-in is uploaded, the HCI framework determines the configuration parameters needed for integration of on- and off-premise services. The administrator can examine the parameters needed and can provide appropriate values for each type of integration. For example, in the case of CSB plug-in, one of the parameters is the cloud type that is to be enabled in a specific integration. By providing the appropriate values for plug-in parameters, administrators maintain control over the integrations while enabling integration of interest. The dashboard allows administrators to perform the following lifecycle management operations on the integrations and on the plug-ins: upload and deploy plug-ins, configure integrations, create integrations, delete integrations, start

integrations, stop integrations, view integration status. Figure 7. WebSphere Cast Iron Express Console for connectivity and

administrative control over cloud service integration C.Service Management

Service management is an important part of any type of cloud management platform. Hybrid cloud management is no exception.

Tivoli Service Automation Manager (TSAM) includes a service management portal that is customizable for each user and for each type of service offering. With the hybrid cloud extensions developed for this solution, hybrid cloud service offerings are made available to user. With these extensions, TSAM users can access IaaS services across the hybrid cloud (e.g., service offerings, images, VM instances, storage, network, ip address, etc.). The customizable service offering portal can be populated with a mix of custom service

offerings for on- and off-premise IaaS clouds and for hybrid clouds. Only the services a user is entitled to, are shown for each user. The private and public cloud offerings explicitly specify the target cloud location where the services are to be created and accessed. In the case of hybrid cloud offerings, the user submits a request for service in the hybrid cloud without specifying the actual target cloud. Based on specified policies, TSAM first determines the target cloud placement and then routes the request to the target cloud using CSB services. Policies are used to determine the target cloud placement. The policies may be evaluated using cost, performance, priority, availability, SLA, or some other business consideration. The service offerings in the service portal are created by TSAM administrators and they be customized for specific users. The customization may be at the image level (e.g., specific image choices to be made available to users), service type level (e.g., only bronze and silver class of service), connectivity types (secure vs. open), security in the cloud (VPC or vLan), etc. The administrator may also preload access permissions in the cloud or associate a specific cloud account for specific types of service requests, and so. This allows IT administrators to govern the use of IT resources across the hybrid cloud in a manner that conforms with the business policies.

Service request fulfillment in the hybrid cloud is done by integrating the service management component such as TSAM with provisioning plug-in CSB which in turn integrates with one or more public cloud offerings. The backend of TSAM is ingrated with CSB on the HCI platform which in turn is configured to access one or more public cloud services, as shown in Figure 5. With this service management integration, TSAM is able to perform following tasks on any cloud accessible via CSB: Discover Images, Register Images, Create Project with IBM SCE, Create Project with Amazon AWS, Create Project with VMware Servers, Create Project with Hybrid Servers using policies for placement, Add Server to a Project of same resource type, Remove Server from a Project, Cancel Project, Unregister Image, Manage Project, Manage Request, and so on. These capabilities in hybrid cloud are typically used by workload or hybrid cloud administrators. VI.RELATED WORK

Many different aspects of hybrid cloud are addressed in published literature as well as in solution offerings by various vendors. None of these provide a comprehensive solution as we describe in the paper to address the needs of enterprise environments. We mention a few relevant publications.

In [10] authors discuss OpenNebula based virtual infrastructure manager for provisioning and lifecycle management of virtualized resourced across hybrid cloud environments. In [7] and [11] and references therein, the authors consider the problem of optimal scheduling and dynamic placement over multiple IaaS clouds for minimizing cost or for performance. In [7] a stochastic integer programming technique is developed for solving the optimization problem. In [11], authors introduce a “Cloud Broker” component that accepts user requests and choices for target clouds and determine an optimal placement given a set of constraints and an objective. In addition they use OpenNebula for actual placement in the target cloud. The approaches for modeling and solving the placement problem are similar to approaches that have been developed in the past in the context of grid computing. In [13], the authors describe a portal based approach for accessing public and private cloud resources. The portal also includes a policy engine allowing specification and enforcement of security and compliance policies. In [14], the authors consider the formation of hybrid clouds for scalability and extensibility of infrastructure resources. They are primarily concerned with using hybrid clouds for handing peak workloads and for achieving high throughput.

Among the vendor provided hybrid cloud solutions, Adaptive Computing [6] and RightScale [9] provide integration capabilities for provisioning and monitoring. VMWare vCenter Director [12] provides more comprehensive integration of management functions, but for integration with specific public clouds and does not allow users to define policies on the integrations. None of these solutions meet the majority of the requirements we have described in this paper.

VII.CONCLUSION

In this paper, we have described architectural framework for designing and implementing hybrid cloud environments spanning across traditional datacenters, private clouds, and public clouds. The principles of the framework strive to provide integration control in the hands of enterprises that want use hybrid cloud to augment their existing on-premise IT capabilities. We have identified three types of service integration patterns that are commonly encountered in creating cloud integration solutions for enterprise workloads. With examples of integration for provisioning, monitoring, and data integration, we describe the support for all three integration patterns in the hybrid cloud framework. A key feature of this architecture is the integration platform that allows development and deployment of function specific integration plug-in components and ability to control integrations using policies. We describe how this architecture

is realized in the design of IBM Service Management Extensions for Hybrid Cloud – a hybrid cloud solution offered by IBM. This solution addresses key customer requirements for integration control and management, for

data integration, and security. Using the examples of

horizontal integration for provisioning and management

integration for monitoring, we show how this solution

addresses interoperability, extensibility, unified and

centralized management requirements. In our future

publications, we will describe data security and isolation,

integrated monitoring and event management, metering and

accounting, and management of PaaS and SaaS services in

hybrid cloud enviroments.

ACKNOWLEDGMENT

Several individuals have contributed to the Hybrid Cloud

Integrator architecture and to the design of the hybrid cloud

solution. In particular we would like to thank Bala

Rajaraman, Holger Reinhardt, K irk Beaty, Marc-Thomas

Schmidt, and Yih-Shin Tan.

R EFERENCES

[1]IBM PureSystems,

https://www.wendangku.net/doc/ca14912476.html,/ibm/puresystems/us/en/index.html, September

2012.

[2]IBM SmartCloud Enterprise (SCE), http://www-

https://www.wendangku.net/doc/ca14912476.html,/services/us/en/cloud-enterprise/index.html, as of

September, 2012.

[3]Amazon EC2, https://www.wendangku.net/doc/ca14912476.html,/ec2, as of September 2012.

[4]IBM Service Management Extensions for Hybrid Cloud,

https://www.wendangku.net/doc/ca14912476.html,/common/ssi/ecm/en/ibd03004usen/IBD030

04USEN.PDF, 2012.

[5]Cloud Infrastructure Management Interface, DMTF Work-In-

Progress,

https://www.wendangku.net/doc/ca14912476.html,/sites/default/files/standards/documents/DSP0264_1.0.

0b.pdf, June 2012.

[6]Adaptive Computing, https://www.wendangku.net/doc/ca14912476.html,/, 2012.

[7]S. Chaisiri, B-S. Lee, D. Niyato, Optimal virtual machine placement

across multiple cloud providers, Proceedings 2009 IEEE APSCC, pp.

103-110, 2009.

[8] B. Javadi, J. Abawajy, R. Buyya. Failure-aware resource

provisioning for hybrid cloud infrastructure. To appear in J of Parallel

and Distributed Computing, vol. 72, no. 10, 2012.

[9]RightScale,https://www.wendangku.net/doc/ca14912476.html,/, 2012.

[10] B. Sotomayor, et al. Virtual Infrastructure Management in Private and

Hybrid Clouds, IEEE Network Computing, Vol. 13, No. 5, pp. 14-22,

Sept-Oct 2009.

[11]J. Tordsson, R. Montero, R. Moreno-Vozmediano , and R. Llorente,

Cloud brokering mechanisms for optimized placement of virtual

machines across multiple providers, J of Future Generation Computer

Systems, Vol. 28 Issue 2, February, 2012

[12]VMWare vCloud Director, https://www.wendangku.net/doc/ca14912476.html,/products/vcloud-

director/overview.html, as of August 2012.

[13]S. Yan et al., Infrastructure management of hybrid cloud for

enterprise users. 5th International DMTF Academic Alliance

Workshop on Systems and Virtualization Management (SVM), pp.

2011.

[14]J. Yue, et al. Extensible architecture for high-throughput task

processing based on hybrid cloud infrastructure, Proceedings ICECC

2011, pp. 1452-1455, 2011.