Wednesday, August 31, 2011

Understanding Cloud Computing

'Cloud Computing', a buzz words that is frequently pops out in modern day discussions with IT professionals. Being a buzz word, Cloud Computing has proven to be a confusion term with respective to most IT fields. So, rather than 'defining' Cloud Computing, its worthy to write about how it has evolved during last few years and then go for the conceptual things on Cloud Computing.


Business App Nightmare

Nowadays, every modern business has an Enterprise Business Application as its backbone. For instance, for a given company, it may require a Business App, to manages its human resources and to support its business process in efficient manner. Traditional Business Applications are too complex and too expensive.

A traditional Business App often have most of these characteristics.
  • Often required to have a dedicated datacentre and office space with power,cooling, bandwidth, network, servers and storage.
  • Consists of a complicated software stack and required a team of exprets to install,configure and run the system.
  • Required development,testing, staging, productions and fail-over environments.
  • In case of a failure in any of these systems, we have to go for expensive commercial support and yet we can't guarantee that our prolem will get solved in time, without affecting our businees.
  • When new versions comes out, it very likely to bring the whole system down for sometime for inhereient incompatibilities
  • This is just for one single Business App, but imagine what would happen with multiple business apps.
  • Organization concentrate more on the Business App rather than the business itself.
So, obviously we can't live with such traditional Business Aplication in this dynamic and competitive business world. We need a better and hassle free way of running our business. And that's where the 'Cloud Computing' comes to save us.

Cloud Computing

Cloud computing is a technology that uses the internet and central remote servers to maintain data and applications. It provides on demand resources and services over the internet with the power of scalability and reliability.
In simple terms, when you are using cloud computing, you don't need to install the required application on your system. Instead, you use the application that runs on a remote location/datacenter which we called the 'Cloud'. You just login, customize and start using it.

Gmail is the perfect example of Cloud Computing. You don't need a software system or mail server to send/receive emails. You just login to it, customize it and start using it. Unlike other traditional email management systems like MS Exchange, Gmail doesn't requires a software system, mail server, regular upgrades or dedicated team to manage it. Instead, everything is placed in the Cloud (and Cloud have all those things) and the users get all the benifits that are provided 'as a service'.

Cloud Computing for Enterprises

In the context of the Enterprises, all the traditional application that required in enterprises like HR,CRM and accoundintg apps can be cloudify. Which means that, running them on a cloud and any given business can customize it and use it in their allocated workspace.

Here we use the concept of 'Multitenancy', where a single instance of the software runs on a server, serving multiple clients(tenants).
So for instance, say a Enterprise Cloud App runs on a cloud and different businesses (tenants) are using it.
In this case, every business use the same enterprise cloud application, but it is flexible enough to everyone to customize it with their different requirements. Also version upgrades is no more a hassle for us, as they are upgraded automatically and our system becomes more reliable, more scalable and more secure.

Cloud Computing Models



Software as a Service (SaaS)

This is the most widely used Cloud Computing approach to date. A business application can be run on the centralized servers(cloud) rather than running them on on-site servers/software systems. On Demand
Software as a service, delivers a single application through the browser to thousands of customers using a multitenant architecture. In the cloud service side, it only requires to maintain and manage one application on the cloud and in the client side, there are no any need of upfront investing on servers, software and license etc.
Salesforce, Google, NetSuit, Taleo, Concur Technologies 

Platform as a Service (PaaS) 

PaaS delivers development environments as a service. You build your own applications that run on the provider's infrastructure and are delivered to your users via the Internet from the provider's servers.
Salesforce's platform, Amazon Elastic Compute Cloud (EC2), Google App Engine, Coghead, Yahoo pipes, Windows Azure 

Infrastructure as a Service (IaaS) 

Infrastructure as a Service, is very much the backbone of the entire cloud computing concept. A well known examples include, Infrastructure vendors environments like Google gears which allow users to build applications and Cloud storages, such as Amazon Simple Storage Service (S3) which allows user to store and retrieve any amount of data, at any time, from anywhere on the web.
Google Gears, Amazon S3 

Cloud Computing Deployment Models



Public Clouds 

In a public clouds, the services and infrastructure are provided off-site over the Internet. These clouds offer the greatest level of efficiency in shared resources; however, they are less secured and more vulnerable than private clouds.  

Private Clouds

Unlike public clouds, in the Private Clouds, the services and infrastructure are maintained on a private network. These clouds offer the greatest level of security and control. However they require the company to still purchase and maintain all the software and infrastructure.

Hybrid Clouds 

A hybrid cloud includes a variety of public and private options with multiple providers.

Pricing Schema

Cloud computing is often offered with a pricing model that lets you pay as you go and for just the services that you need. No capital expenditure is required.

Next big thing..


source: salesforce

Author: Kasun Indrasiri, Senior Software Engineer, WSO2 Inc

WSO2 Stratos – A Comprehensive Open Source Middleware Platform

There are a lot of cloud solution providers in the market today that it is a challenge to identify what works best for an enterprise and its business model. This is why an understanding of what makes a good cloud solution is important.
Reality is, some of the popular solution providers offer over-bloated middleware products which have evolved though the years with patches and fixes. These solutions are not only expensive but utilize a lot of resources. Their proprietary software carries a long-term business risk well-known in the cloud realm as vendor cloud lock-in.
WSO2 Stratos, the industry’s first, complete, 100% open source cloud middleware Platform as a Service, addresses most of these problems with its low footprint, agile model. Built from ground-up, Stratos is capable of leveraging the cloud technology to its fullest potential. It offers organizations of all sizes, a fully-hosted middleware platform that extends WSO2 Carbon - the award-winning, OSGi-compliant middleware platform.
Read more to find out what key features make WSO2 Stratos effective as a PaaS.
  • A bit of the Terminology
  • WSO2 Stratos
  • The Core Features of Stratos

A bit of the Terminology
Before going into detail about WSO2 Stratos, let's take a look at what Middleware and Platform as a Service mean.
What is Middleware
Middleware is software that facilitates exchange of data between two application programs within the same environment, or across different hardware and network environments. Middleware manages the interaction between disparate applications across diverse computing platforms.
The middleware layer usually addresses common concerns of Enterprise applications such as authentication, authorization, logging, centralized thread pool management, governance and so on. These are common but crucial aspects that need to be addressed in the development of Enterprise Software. Middleware provides interfaces to developers to write end user software. So the developers will be calling the corresponding Application Programming Interfaces for this purpose.
What is Platform as a Service (PaaS)
Platform as a Service (PaaS) is the delivery of middleware, as a service. PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities. PaaS provides all the infrastructure needed to run applications on the cloud. It's delivered in the same way as a utility like electricity or water. Users simply consume these utilities without worrying about the complexity behind the scene such as hosting, scaling, availability and security. And just like a utility, PaaS is based on a metering or subscription model so users only pay for what they use. PaaS provides a clean API to software developers to build end-user software.
WSO2 Stratos
Stratos is WSO2's Platform as a Service offering for public, private and hybrid cloud deployments. Before looking into its features, let's investigate its coverage and scope in the middleware space.
WSO2 has a range of middleware products built on one platform known as the WSO2 Carbon Platform. These products include an Enterprise Service Bus (ESB), a Governance Registry, an Application Server among many others. More information and product downloads can be found here in the Oxygen Tank.
The same comprehensive Carbon platform and products stack can be hosted on the cloud as a PaaS. This is called WSO2 Stratos. In other words, it’s the same set of products available for stand-alone installation, now offered as a Platform as a Service offering.
Stratos is the industry's first 100% open source, low-footprint, complete cloud middleware platform for enterprise applications. WSO2 Stratos fulfills an array of middleware requirements such as service management, mediation, security, governance, monitoring, process and rules management, gadgets, mash-ups and more. Through instant, self-service provisioning, users can simply leverage these capabilities on demand, without product installation and middleware configuration overhead. Users can choose what they want and build their software using the relevant platform components.
The Core Features of Stratos
There are few key features which make WSO2 Stratos stand out from competitive PaaS offerings. But, before we get to that, do you know what makes a PaaS reliable and powerful? Given below is a list of key attributes that you should look for in a PaaS.
  1. Leanness
  2. Availability of a set of core services; not just an App Server but Identity, Governance, Data, Cache, ESB, BPS, Billing, Logging etc.
  3. Self Service
  4. Multi-Tenancy
  5. Elasticity
  6. Metering
  7. Incremental Deployment
  8. Testability
Now that we know what to look for in a PaaS, let's look at some core features of Stratos and see how they relate to the attributes listed above.
What Makes Stratos Stand out
  • It's complete. WSO2 Stratos offers the entire award winning WSO2 platform as a service. Not just an Application Server and an ESB but so much more! You will enjoy an assortment of services catered just for your middleware needs.
  • It's cost effective. As a 100% open source solution, Stratos does not involve any licensing fees and the risks of cloud vendor lock-in are completely removed.
  • It's secure. Stratos prevents tenants from writing code with privileged operations so that they will not be able to write malicious code. Stratos provides a Sandbox environment that is similar to applets. It only allows to run code that is signed by a particular key.
  • Offers increased deployment flexibility. Each middleware product Stratos offers as a Service has the same programming model of its stand-alone counterpart. As a result, on-premise applications can be seamlessly migrated to a cloud environment with minimum configuration effort. Users can choose the right scalable infrastructure for their offerings, develop and test applications on-premise before migrating them to the cloud. More importantly, deployments on Stratos can be seamlessly migrated to an on-premise deployment environment or to a private cloud, allowing full freedom from cloud lock-in.
  • Involves minimized risks to business continuity. Since WSO2 Stratos is offered for both public and private cloud options, users can host business-critical applications on a private cloud and the rest on the public cloud, thereby minimizing disruptions and the business impact of a potential fail-over.
  • It's distributed and dynamically wired. The Stratos architecture is clustered and thereby enables multiple applications running in different machines to concurrently share resources.
  • It's multi-tenanted. That means, it’s the same platform shared by multiple tenants. Think of a tenant as a company, e.g., For each tenant there will be a set of users, user roles etc. Stratos supports multi tenancy so multiple organizations can register as separate organizations and use the system without interfering with the data from other organizations.
  • It's elastic. This means when the load increases, the system expands and when the load reduces the system shrinks. Therefore the resources are optimized. So you’re using only what you require.
  • Accurately metered and billed. The usage of Stratos is metered and you’re billed for what you use. It's like any utility billing system. So what is the Metering Process in Stratos? Each service collects the number of service calls, request/response bandwidth, registry bandwidth (upload/download) and the total registry space usage.The collected data is sent to WSO2 Business Activity Monitoring (BAM) publishers, which sends the data to the BAM service. The BAM service summarizes periodically and the summarized data is made available on the Stratos Manager. How does Billing work in Stratos? A scheduled invoice is generated. A user is able to view past invoices and the current (interim) invoice and securely pay the invoice via Paypal. Stratos notifies the customer via email on received payments and also notifies the administrator on customers exceeding the credit limit. Stratos presents a summarized view to the administrator.
  • Provides tenant isolation and execution. In Stratos, each tenant is given a security domain. Each domain may have its own user store and permissions and therefore can have a set of users and permissions enabling users to access resources. Each domain is isolated and does not have access to other domains. It achieves execution isolation by keeping all states in a context and for each tenant, different contexts are created.
  • Allows self service provisioning. Stratos enables you to set up your own tenants, manage and configure them according to your unique business needs.
  • Provides an identity service. In Stratos, each tenant has access to an identity service and can create its own user key stores, permissions and roles. Each tenant is identified by its domain.
  • Provides throttling. Stratos restricts tenants from using more than the allocated resources depending on the usage plan. These resources are the number of users per tenant, storage space and number of requests to webapps, services etc.
  • Provides Google authentication. Enables sign into Stratos using Google Apps username and password. If a tenant does not exist, it will be created with the same name as Google Apps Domain.
Apart from all that, Stratos is lean, testable and incrementally deployable. Therefore Stratos covers the entire spectrum of the key attributes of a reliable and efficient Platform as a Service. Try it out for yourself!


Dakshitha Ratnayake, Software Engineer, WSO2 Inc.

Comparison of WSO2 Stratos with Other PaaS Offerings

The number of Platform as a Service (PaaS) offerings is constantly increasing. Therefore, an understanding of the key strengths of each is vital in selecting the right PaaS for an enterprise’s business model and requirements. This article is a good place to start your analysis.

WSO2 StratosLive is the public PaaS offered by WSO2, which is powered by WSO2 Stratos, the complete, low foot-print, 100% open source, multi-tenented PaaS for public, private and hybrid cloud deployments. StratosLive offers a complete stack of middleware products as a Service. It has capability for service management, mediation, security, governance, monitoring, process and rules management, gadgets, mash-ups and more. Built on top of the the award-winning, OSGi-compliant, component-based WSO2 Carbon platform, WSO2 StratosLive has the same programming model of any of its stand-alone  middleware products. This offers remarkable deployment flexibility and is also a factor enabling freedom from vendor cloud lockin in addition to its open source model. 
Without further elaboration, let’s do a factual analysis of  the features of WSO2 StratosLive with three leading PaaS providers available today: Google AppEngine, Amazon Elastic Beanstalk, and CloudBees RUN@Cloud.

Applies To:
The Comprison
The following table provides a summarization of the article "Java PaaS shootout" by Michael J. Yuan1 while adding WSO2 StratosLive to the comparison.
App Engine
Amazon Beanstalk
CloudBee's Run@Cloud
WSO2 StratosLive
What is it?
Users can upload servlets. AppEngine hosts them and manages them. 
Managed Tomcat.
Tomcat, load balancer. Integrated with SVN. Can change source code and update all deployment aspects.
SOA middleware platform as a service.
Fully multi-tenant.
Support both Java Web apps and Web services.
Java support
Yes, but does not support some I/O and network operations
Full Java
Full Java
Yes, but File access is limited
Outbound connections
Time out in 10 seconds
Support for standard Java Libs
Have problems when they use unsupported APIs
Yes (Java security manager limits file accesses)
Performance and scalability
Auto scale, High scalability, but have bit high latency.
Swapping the app out might slow down first request.
Auto scale by creating EC2 instances.
Can swap unused processes out of JVM. Can load-balance multiple tomcats in the same EC2 instance.
Auto scales (up & down) by monitoring the load and creating/shutting down new nodes.

Load Balancer routes the requests.

Can lazy-load services and other artifacts.
Supports Big Table and Hosted MySQL. 
However, search support in BigTable case is limited. 
e.g.  Each query can only have 100 results.
Supports RDS (relational) , SimpleDB (NoSQL) or can run with your own DB.
Has managed MySQL databases and provides a console to manage them.
Supports Cassandra as a Service, managed MySQL, and HDFS. 
Cassandra and HDFS support native multi-tenancy.
Import/ export data
No (It is difficult due to 30 second time limit).
Can write code to automate.
Can write code to automate.
Can write code to automate.
Integration with others
Integrates well with other Google services.
SQS, SES (email service), payment APIs
S3, SQS, SES etc.
Integrates with Google auth model and other WSO2 services. Also S3, SQS, SES etc. 
Session handling
Stores sessions to storage and handles them seamlessly.
Only sticky sessions.
Transparent session management.
Only sticky sessions.

Here are few more key differentiators of WSO2 StratosLive:
  1. All these offerings support Web App Hosting as a Service. WSO2 StratosLive supports this and more. In addition to Web App Hosting, it also supports hosting Axis2-based services, Mediation, and Workflow hosting as a Service. WSO2 StratosLive is a real SOA platform as a Service and the only one that is.
  2. WSO2 StratosLive lets you move Axis2-based Web Services (.aar files) and workflows to the Cloud (to WSO2 StratosLive) without any changes to them. If you have some Axis2-based services, you can upload them to WSO2 StratosLive and it will just work. More importantly, deployments on StratosLive can be seamlessly migrated to an on-premise deployment environment or to a private cloud with minimum configuration effort, offering full freedom from cloud lock-in and remarkable deployment flexibility.
  3. WSO2 Stratos provides real multi-tenancy support. That is, different tenants think that they have their own servers, while they are actually served from one Java Server. In other words, tenant isolation is done at Java level, not at Virtualization level. That means, Stratos provides greater sharing capability and "Pay as you go" and "Pay for what you use" better than a VM-based model. WSO2 Stratos is the only AppEngine that does this out of other three PaaS offerings discussed here. For more details, please refer the papers 3, 4 and 5 in the references section.
1. Java PaaS shootout - a technical comparison, Michael J. Yuan, Chief Scientist, Ringful Health, 2011
3. Multi-tenant SOA Middleware for Cloud Computing 458–465, A. Azeez, S. Perera, D. Gamage, In 2010 IEEE 3rd International Conference on Cloud Computing
4. WSO2 Stratos: An Industrial Stack to Support Cloud Computing, IT: Methods and Applications of Informatics and Information Technology Journal, the special Issue on Cloud Computing, A. Azeez and S. Perera, 2011
5. A Multi-tenant Architecture for Business Process Execution - 9th International Conference on Web Services (ICWS), Milinda Pathirage, Srinath Perera, Sanjiva Weerawarana, Indika Kumara, 2011
Srinath Perera, Software Architect, WSO2 Inc.

How WSO2 StratosLive meets Security Challenges in Cloud

This is an extention of the previous article: Security Challenges in the Cloud, which introduces the security concerns encountered in cloud space. Since cloud computing paradigm encourages cloud users to use IaaS, PaaS and SaaS provided by third-party cloud service providers to host their data/applications and perform critical operations, it is important that the security requirements are accomplished by the service providers themselves. This article discusses how WSO2 StratosLive, as a comprehensive PaaS provider, meets these security challenges.
Applies To:
Overview of WSO2 StratosLive
WSO2 StratosLive is the public and 100% open source platform as a service (PaaS) operated by WSO2. In other words, it is the cloud middleware platform developed by WSO2, readily available as a service (PaaS) in the cloud. It includes the whole enterprise middleware products stack developed as different services in cloud.
How WSO2 StratosLive meets cloud's security challenges.
I encourage you to refer to my previous article on "Security Challenges in the Cloud" to get an understanding about some of the security concerns before continuing with this article. I have extracted the security challenges described in the previous article and discussed here how StratosLive has overcome them.
To withstand the load and function with minimum or no downtime in the face of high loads ensuring availability, WSO2 StratosLive incorporates load balancers, clustering and auto-scaling.

Data isolation:
Data isolation in registry is achieved with the tenant domain id, in a shared schema, shared database pattern, while the registry data storage is hosted in a DMZ. If a tenant wants to store data related to an application that he has hosted, then he can create his own storage instance in the Data PaaS offerings provided with SLive such as RDS (Relational Databse as a Service) or Apache Cassandra as a service.

Data protection (during transport, processing and storage):
Data communication from the browser to back-end Admin Services happens over https (encrypted), which provides transport-level protection. Custom code deployed by tenants (webapps, web services) does not have access to data processing code  which is protected by java security manager. The data storage is hosted in a DMZ (De Militarized Zone) which ensures that incoming connections from only a set of trusted hosts are granted access to the data storage. Also, the RDS instances that tenants can create are protected with username/password authentication.

Tenant isolation:
Each tenant is given a separate security domain such that each domain is isolated and does not have access to other domains.
For an example, when a tenant is created, a separate realm is created for that tenant which includes its own UserStoreManager, RealmConfiguration and AuthorizationManager so that user management and permission management happens without interfering with other tenants.
Image 1: Tenant isolation with a separate security domain for each tenant.
Logic/Execution isolation:
From architecture, design and code level of all most all the carbon components which are the building blocks of cloud middleware platform, are  developed in a manner that supports multi-tenancy.  (Multi-tenancy is serving multiple client organizations with multiple virtual instances isolated from one another, while there is a single instance of the software running on the server).
Also, different Axis2 contexts are created for each tenant where all the tenant specific states are kept which facilitates execution isolation for each tenant. (Apache Axis2 is the underlying web services engine used in WSO2 Carbon platform).

Protection form malicious code:
Since the middleware platform allows tenants to host their own code, privileged actions in the platform are being protected such that those operations can not be invoked by tenants' code deployed in the platform. This is achieved by restricting access to critical code through Java Security Manager. Access is allowed only from code that is signed properly.

Identity Management: This is the most widely discussed topic in cloud security which has following four key aspects.
   1. Authentication : In addition to basic username, password based authentication, number of industry standard authentication mechanisms are supported.
         *. XMPP based Multifactor Authentication for stronger authentication
         *. Federated authentication mechanisms such as OpenID provider and SAML2.
         *. SAML2 based Single Sign On among all the services in SLive.
         *. Authentication delegations mechanisms such as OAuth.
         *. Cloud users are provided with the ability of securing communication to their services hosted in SLive with WS-Security mechanisms powered by Apache Rampart which is the security module of Axis2.
         *. Further, tenants can integrate their custom webapps deployed SLive, with their tenant-specific user store in SLive in order to authenticate users into those webapps.
   2Authorization : Role based permission model as well as powerful, fine grained and flexible Policy Based Access Control with XACML are supported.
   3Auditing : Tenants' logs are isolated and each tenant admin can download logs related to its tenant from the Manager service. Distributed auditing mechanism is under development.
   4Administration : Currently two different user provisioning mechanisms are supported: Bulk User import and provisioning users from google app domain into SLive.
Image 2: Identity as a Service in StratosLive, which provides Identity and Entitlement Management Solutions.
Cloud Service Gateway: This can be introduced as a Private-Public Cloud bridge which facilitates the cloud consumers with a mechanism of securely connecting to public cloud from their internal network/private cloud.
Image 3: Deployment of Cloud Service Gateway.
Above is a list of mechanisms how SLive meets some of the common security challenges found in PaaS space. If you are interested in more, you can listen to the following two webinars conducted during WSO2 Summer School sessions in 2011.