IBM Cloud Computing represents a new way for IBM and its partners and customers to work together. While IBM and its partners will continue to create software solutions to help customers apply analytics, security and compliance, business processes, and business intelligence to ultimately achieve process optimization, profitability, and competitiveness, now they can offer these solutions in the cloud – providing rapid, almost on-demand, principal benefits for customers seeking agility, fund preservation, and economies of scale.

IBM Software – IBM’s industry-leading software portfolio further distinguishes IBM Cloud Computing as the leading cloud computing platform – a cloud services operating platform based on standards and pragmatically architected with a unifying management control layer for virtual assets, user access, services management, application usage, and accounting.

IBM Hardware – IBM’s server (X-series or iSeries), storage devices, and networking will shape the cloud computing environment’s architecture, creating a standard IBM hardware platform designed to be optimized, cost-effective, and differentiated.

IBM services – IBM Cloud Computing is more than just servers and software. With IBM Services, IBM can help a customer adopt cloud computing. This can range from building solutions from end to end and managing all the customer’s cloud needs or filling a specific gap such as hosting a customer’s messaging system.

IBM Cloud Computing is the perfect complement to IBM’s goal to bring the benefits of service-oriented architecture (SOA) to all of its customers. Cloud computing also builds off the power of grid computing because cloud computing breaks a computing task into pieces and distributes those pieces to several unused computers in the data center, reducing the amount of time it takes to run and pay for the computing task.

IBM Cloud Computing combines cloud computing, IBM software, and IBM services to create a virtual hosted environment that lets companies easily add new services and applications as they grow. It’s a scalable architecture – that means customers can easily use more or fewer services as needs change. Customers only pay for what they use.

Overview of IBM Cloud Services

IBM Cloud Services is a service providing test tools running on IBM System x servers. Users can create and manage images that are a redaction of existing images that can be run on System x hardware, where the original image was created on IBM hardware. The user creates these images by connecting to the service and either uploading previously created images in either streaming or file-based mode, or files that contain customized tests. The customized tests are uploaded as a compressed collection, which either represents a full image or a redaction of the images. Created by response, where the customized tests are targeted to a particular class of images filtered on the characteristics of the image templates. These image templates are provided and managed by IBM Cloud Services datacenter managers. The redaction of the customizable images can be applied at multiple granularities, if the tests are customized at the multiple granularity levels, and they can also be applied to a hierarchy of customizable images.

IBM has developed a public cloud service named the IBM Smart Business Development and Test on the IBM Cloud, available to development and testing communities. IBM Smart Business Development and Test on the IBM Cloud is a cost-effective service that can help independent software vendors (ISVs) and enterprise IT departments quickly and easily set up test environments by provisioning (in a self-service manner), configuring, and running development and test workloads on IBM software infrastructure, helping to increase utilization and reduce the time to market of your application on an IBM AIX, IBM i, or Linux on POWER testing to increase resource utilization.

Red Hat OpenShift on IBM Cloud

Red Hat OpenShift on IBM Cloud offers the same speed and flexibility. Take advantage of Red Hat OpenShift on IBM Cloud as a development platform for building containerized cloud applications that run anywhere. Built around Red Hat OpenShift Enterprise 4.6 and Kubernetes build, run, manage, and scale, it introduces a comprehensive cloud container platform leading to include aspects such as cognitive, data, and open hybrid multicloud security. The cognitive container framework offered by Red Hat OpenShift on IBM Cloud not only allows you to embed AI models and add Watson services to your applications but also provides valuable insights by analyzing real-time, streaming data. To further improve the security of Red Hat OpenShift on IBM Cloud, Red Hat & IBM engineering teams must harden the solution and service of the container platform and the operating system.

To build IT systems and applications quickly and flexibly, developers seek a platform that integrates the leading-edge development, deployment, scale, run, and manage innovative containerized cloud-native applications based on Kubernetes. To rapidly develop, deploy, and manage containerized cloud applications, AI models, and data, Red Hat OpenShift Container Platform is a leading enterprise solution for developers.

Understanding Red Hat OpenShift

The Red Hat OpenShift Container Platform (OCP) is a developer and operator-friendly, managed Kubernetes offering operationalized for the enterprise. It integrates Red Hat’s proven products and best practices used by Global 500 companies and their architects when relying on Kubernetes in production. It is designed to give your development team an on-demand application platform as a service or a cloud platform and target the deployment of Red Hat certified containers on a compliant cluster, with pre-configured enterprise workloads and a fully integrated development environment necessary to build those applications. The integrated Developer Console is a responsive web-based design developed for the developer, making development of your containerized applications in your OpenShift Cluster beautiful and fun! You can fully control and administrate your clusters through role-based access controlled web-based or command line management alternatives. Additionally, cluster monitoring and logging data aggregations can provide full transparency to ensure operational efficiency and security.

Red Hat OpenShift is a family of containerization software products developed by Red Hat. Its flagship product is the OpenShift Container Platform – an on-premises platform as a service built around Docker containers orchestrated and managed by Kubernetes on a foundation of Red Hat Enterprise Linux. The family’s other products provide this platform through different environments: OKD serves the open source community, OpenShift Online is the platform offered as Software as a Service, and OpenShift Dedicated is the platform offered as a managed service. The main difference between this family of products as opposed to Kubernetes is the developer workflow and other additions built on top of the mature Kubernetes framework to avoid much of the complexity of working with Kubernetes.

Integration with IBM Cloud

Products: It is IBM Cloud’s offering, all integrated in the IBM Cloud Catalog. Red Hat: The Red Hat OpenShift Kubernetes service is integrated in IBM Cloud Console for easier access. As most, if not every, IBM application in the cloud will sooner or later update for their IBM Cloud Pak builds, they’ll have to trust the Red Hat products for their technology as IBM consumed Red Hat for a considerable amount of money. VPC Infrastructure: IBM Cloud’s IaaS offering (VPC Virtual Private Cloud) is also available and integrated in the IBM Cloud Console. Monitor: The IBM’s monitoring tool, integrated with IBM Cloud applications. Instances: This is the most common IBM Cloud product, offering versatile possibilities for hosting, mostly from IaaS or PaaS models.

IBM Cloud offers a unified user experience by integrating some key offerings of the IBM Cloud ecosystem into the IBM Cloud Console. These offerings can also be found directly through each service’s page or IBM Cloud Catalog. Some of these solutions can be found in the IBM Cloud console left side menu. The main Cloud offerings integrated into the IBM Cloud Console are:

Choosing Between Bare Metal and Virtual Servers

In server configurations, clarity amount requirements vary between users and practices and due to business requirements. In terms of time a user can use in the data center to obtain hardware and network infrastructure, which in turn affects the ability of a user to meet the rough features of a Service Service (SLA) service, defined. For a user, a company or a business unit, it is important to define the extent to requirements that are difficult to scale (such as putting heavy hardware at the top of the rack environment). Innovation does not spend much time in the data center (which includes users who are not completely dependent on a single data center or can take advantage of a distributed data center).

In this chapter, we will discuss strategies for doing so, the rationale and the features that differentiate various IBM Softlayer products. We will also discuss how these services compare to traditional cloud services offered by other vendors. The earlier chapters in this book discussed the various scenarios under which one would want to use a public cloud. However, we only introduced the IBM public cloud as a product. In chapter 3, we will discuss certain key features of IBM services.

Advantages and Disadvantages of Each

We could see that there is no definitive answer as to which model is best. It really comes down to the organization’s motivations and objectives. Large companies might be more interested in moving a portion of their existing services to the cloud as a way to reduce costs, while smaller organizations might look to cloud computing to provide them with services that they couldn’t afford to provide themselves. An office suite in the cloud can be beneficial for any organization. Tasks such as routine office productivity services are well-suited to the cloud since they don’t require a major investment on the part of the cloud provider, and services are often more cost-effective if sold in bulk. It often comes down to dollars and sense. Based on the figure, the chart on the left of the on-premise, cloud, and hybrid solutions will become the nucleus of a more elaborate comparison chart as they branched out into their sub-components.

When considering on-premise, cloud, and hybrid solutions, there is no one-size-fits-all. Each one has both positive and negative points. Here is a comparison chart for some of the advantages and disadvantages of each.

Deploying and Accessing Virtualized IT Resources

Accessing your VM is a two-stage process. To start, you want to be able to SSH into your VM over the cloud-provided network. Second, you want to remove SSH protection and enable browser access, port 80, 443, over the Internet, subject to conventional security measures such as IPS, VPC, etc. The best cloud solutions automate the provisioning process and handle many hardware tasks for you. These are generally major routines and hardware tasks such as: packing multiple physical servers into a rack, programming the bootloader to support cloud operations, generating OS system images that will be installed, installing DHCP services so booting VMs have an IP address, performing the tasks to scale a VMOS image to match the boot disk, inserting a NIC into the appropriate VLAN, and programming the hypervisor, e.g. running instances.

You might prefer cloud because it shields you from responsibility for setting up and managing physical computer resources such as racks, servers, and cables. This is true to an extent. But in practice, you will want to roll up your sleeves and get to grips with both hardware and software management tasks. As a cloud participant, you can request a pre-installed server in a variety of ways: select from a catalog list of pre-built VMs, submit your own prepared VM image, or run VM installation software via the cloud portal, API or command line. You can also add disks and network connections to your taste. When your IT resource is in the rack, browser access, command line, or other remote access connections allow you to control the system and install your choice of applications as if you were sitting next to it.

Best Practices for Deployment

As a part of a disciplined development cycle, it is often a good practice to build and test the application on a virgin server identical to the targeted cluster on IBM Smart Cloud Enterprise. This enables you to determine which third-party applications and patches that you have installed on the server. There are known issues with the customer images and the servers located at certain data centers. Review and validate the performance, quality, and security of the application. Refrain from the use of insecure or preliminary versions of the operating system or any file paths for users. They can affect the quality of the applications and make them unsupportable. BSD-style Unix and LAMP applications are preferred since they adopt a security measure to run as a non-privileged superuser or a non-privileged user or IP address-based security. To prevent loss of self-data, use the image backup capability available on the system.

When contemplating deploying your applications on IBM Smart Cloud Enterprise, you should keep the following best practices in mind. Carry out all development in-house or validate any LAMP or enterprise-style application before you deploy. Determine the URL or the hostname of the instance, proxy or proxy cluster to which you will deploy, after obtaining details from the IBM Smart Cloud Enterprise welcome email. If you have SSL certificates for a hostname or fully qualified domain name (or both) of your choice, you can contact IBM for these. Activate the VPN access for Smart Business Development and Test. This prerequisite enables VPN access to the cloud from any on-premises systems and is necessary to transfer large data files or to verify an application before making them live. Build, test, and verify that the application is compiled and works correctly on top of a virtual server, not only on your desktop. There are several differences between developing in-house and on the cloud due to variations in configurations of standard libraries, user RW, and the like.

IBM’s Acquisition of SoftLayer

It was long that IBM had been laggards in the IaaS arena and there was a lack of right strategy to guide the software developers around their integrated tech stack that is a sensation among all the software developers. The integration process was long and we started to see a successful pilot as the OpenStack initiative was proven to be very successful. The Open source software is critical and SoftLayer was heavily involved in OpenStack. However, what is also critical to understand is the existing environment of VMware virtualization where SoftLayer is a key partner in terms of currency to develop the next set of killer applications.

The blood and sweat acquisition of SoftLayer was a decision which was understood poorly by some of the major analysts of the IT domain. However, it has already been pivotal in the strategy of IBM’s IaaS. Not only that, it has also helped IBM Cloud Platform to reach a dominating position among some of the largest players in the world with reference to IaaS. The IT domain has been stunned by some of the red marked acquisitions of IBM over the last couple of years. IBM acquired 150 companies for a sum that amounts to $23 billion and this equates to about 1% for the market capitalization of IBM. It has shifted the business mix in favor of high margin products that are of strategic importance to them. The acquisition of SoftLayer has only been pivotal to the way IBM IT Infrastructure has evolved in the last few months.

History and Background

The cloud depends on the ability to virtualize computer resources, making the software running on individual machines independent of particular hardware systems by insulating it behind a virtual machine boundary. This means that a given set of physical resources can be used to support many operating system and application environments, with different systems sharing the underlying hardware and importantly allowing the cloud operating company to move and replicate virtual machines among the physical hosts at will. The result is a pool of servers that can be used more or less efficiently, depending on the overlapping requirements of applications from customers who may only be aware of a cloud as a software construct.

Cloud computing has several years of history and a large ecosystem of deployed applications and systems. For the purposes of this book, cloud computing refers to compute resources offered to users over the network regardless of where the actual computation takes place. The on-site or local front-end in cloud jargon is used to distinguish the client interface from the problems of physically transporting feeding data back and forth. A cloud can be thought of as the user-rationale part of a distributed system coupled with the economy of scale associated with operating such a system. Without net access, it’s something akin to Hamlet without the prince, or at least Hamlet only with Polonius; the crucial act of networking – transporting your job to where the resources are and its results back to you – is the essential part of a cloud.

Open Source Cloud Platforms

Open source cloud platforms are extremely useful to explore the IBM Cloud and the other cloud platforms since cloud-enabled applications of these platforms can be easily ported to IBM infrastructure performing the necessary IBM Cloud specification. That is, the IBM Cloud enables the provisioning of geographically distributed physical and/or virtual servers, network equipment, and storage units. It can manage these resources and allows for the execution of software in the provisioned virtual servers.

The exploration provided was based on the investigation of the Open Nebula, CloudStack, Eucalyptus, and OpenStack frameworks. The IBM Cloud, which is capable of running applications on multiple cloud platforms, and pioneering open source initiatives for dynamic resource allocation, are a clear indication of this trend. This justifies the relevance in exploring the IBM Cloud platform for cloud-enabled application development as it supports their deployment in many cloud platforms.

We provide a list of some open source cloud platforms that IBM Cloud-enabled applications. Since the IBM Cloud fosters interoperability, cloud-enabled applications developed for these open source cloud platforms can be deployed to the IBM Cloud using a different cloud platform. The list is based on a survey of different open source cloud platforms – Open Nebula, CloudStack, Eucalyptus, and OpenStack, and a provision service that can manage server clusters and can be easily adapted to the IBM Cloud using the OpenStack capabilities.

Key Features and Benefits

1. Integration 2. Flexibility 3. Quality of service 4. Security 5. Service management 6. Investment protection 7. Development and test facilities.

In short, the following are key features and benefits:

– Capability to easily create cloud applications and services – Integration across all the key deployment models, including shared, dedicated, and local – Capable, scalable, secure service delivery platform – Pre-built, reusable services, such as email, collaboration services, and web services – Middleware, such as managing service buses and necessary developer tooling clouds to define, develop, and manage your cloud applications and services – Access to the IBM Marketplace, with its catalog of trustworthy and integrated partner applications and services – Business processes are easily optimized by defining cloud-based business process management services – Capabilities to monitor, manage, and bill for your cloud applications and services with business tooling

Several key features contribute to the overall cloud computing characteristics of excessive resource availability. IBM Smart Business Cloud provides these features and benefits:

Identity and Access Management for Virtualized IT Resources

While cloud computing vendors typically have a virtualized multitenant infrastructure that performs resource allocation and isolation, virtualization here is application-level virtualization. In other words, cloud computing capabilities are achieved through a web interface to the underlying datacenter, application, and storage service management systems, as well as policy-driven resource allocation and isolation. All of the web engagements are tied to customizable workflows and built-in service monitoring.

The next generation of IT systems, or smart systems, is starting to emerge. These loosely integrated systems will provide opportunities for innovation, but also will present challenges. The building blocks are already here: service oriented architecture (SOA) is the foundation for service management and virtualization provides the infrastructure management capability. In this article, we reviewed approaches to providing identity, access, and usage management using Web services and SOA. These capabilities are key enablers for an automated, on-demand service management infrastructure. Automating the management and governance of IT services using policy is now more feasible, but a lot of work and standards development is necessary to help vendors provide services that can be integrated easily. Providing access management based on context, in a secure and privacy-abiding manner, is a critical aspect that must be addressed.

Importance of IAM in Cloud Computing

Previously, when users used to sign on internally, IAM just made sure that they are authenticated and they have the required authority to access the system. However, in the cloud, user profiles come from a variety of users such as internal basic (end) users, privileged users (such as system managers and service operations), administrators, software service users (used by applications across different machines), and partner application users. Such IAM profiles directly influence the level of control, scope, and responsibility of the cloud service provider and user. Therefore, on the cloud (or even self-managed hybrid cloud), IAM becomes a differentiating capability and delivery attribute.

However, in the world of cloud computing, my opinion is that the straightforward answer is ‘a lot’. IAM is a top drawer concern for a cloud application. IAM refers to the policies, standards, and technologies that allow only the right people (users) to access information, applications, resources, and facilities. With the number of cloud services and subscription users growing, IAM is becoming even more important for both software vendors and users.

While building software applications earlier, most of us would not have spent much time thinking about these questions. As system developers and architects, our main focus has always been on delivering the main business functionalities and features while ensuring necessary speed, performance, and quality. On liability, we would spend time only on business features, but never that much on IAM remaining soft topics. Moreover, usually IAM also would be outsourced to a module or product, which would be partly integrated during architecture and implementation stages. These activities would be more with respect to security and access control only.

First, let us start with some questions… What is IAM? Why is there a need to have IAM on cloud applications? When we know users and applications, what makes IAM so important in cloud applications? Lastly, what are the necessary and complementary tools that help us in having simpler and more secure IAM?