Virtual Infrastructure Provider Development: 1cloud Experience
According to Gartner, the cloud services market is growing faster than other IT areas - in 2016, the growth was 31%. At the same time, the market includes a large number of services: starting with the usual IaaS , PaaS, SaaS and ending with DBaaS, DRaaS and AIaaS.
To create a company that provides one of these services, you need to take into account certain features. But since 1cloud is an IaaS provider, we would like to talk about the principles that guide us in developing and providing IaaS services.
/ Equipment in Ahost / 1cloud
')
It is important to understand what customers have values ​​and objectives: what developers, web studios, integrator companies need. We take into account their desires and tailor services to the needs of users. For example, the majority of our clients are legal entities, so we introduced an electronic document management system.
The accounting subsystem is integrated with the EDO “Tenzor”, “Diadok” and “1C-EDO” operators. In the future, we plan to establish partnerships with other providers. You can find out how the solution works in our blog .
We also improve the visual design and architecture of services and configurators. All decisions on changes are made based on market analysis and feedback. Based on customer feedback, we redesigned the company's website and made further improvements: we developed a calculator for setting infrastructure parameters and estimating its cost and automating service tasks.
One example of automation is the implementation of a DNS manager. It was based on the ANS Carrier-Grade DNS Appliance DNS server solution, which is accessed via the API. A service task handler is launched from the control panel, which changes the DNS settings without the intervention of technical support experts.
/ Change DNS settings
We also regularly improve the control panel. We added the ability to track licenses and gave customers the right to control the speed of the Internet connection of virtual servers. Until recently, this was done only by contacting technical support. We decided that sometimes it is worth more to trust the client and give him the "reins of government." About the benefits it brings, in our blog there is a separate material .
One of the latest service updates is the ability to create client public networks . The use of such networks allows our clients to achieve greater security of their solutions, since for each public network a dedicated router is created through which only the traffic of this client goes. And the public IP addresses assigned to the user from one range make it easier to administer the solution.
/ Implementation of the client public network
Such improvements and improvements increase the level of accessibility for customers, but at the same time they require serious efforts for implementation. For example, it took us about 2 months to develop the functionality that allows for the creation of client public networks - the innovation required significant changes to the service architecture:
Of course, such decisions are not made spontaneously - we collect feedback from customers, analyze Western and Russian services that provide similar services. Now we have several important updates in our plans:
Flexibility and scalability are among the core values ​​of the concept of cloud technologies and IaaS products. For example, we give new customers to test the virtual infrastructure so that they can independently form an opinion on the quality of the service. In this case, sign up for a "test drive" in several ways: through the form , a letter to support@1cloud.ru or by contacting support.
Another example is the procedure for working with a high-performance server pool. When the number of requests grows and the server does not have time to cope with them, it is important for businesses to quickly increase their capacity. Therefore, we have developed a mechanism that allows you to transfer the infrastructure to a more powerful pool at any time.
And so that the client could decide for himself when he would connect or disconnect additional capacity, we implemented a monitoring system in the control panel. The graphs show CPU, memory, disk, and network load. Based on this data, the administrator can independently draw conclusions and decide on making changes to the configuration.
Flexibility should also be manifested in customer service, so we pay close attention to support in 1cloud. Support works around the clock every day. If we receive mass calls about the problem, we will immediately organize a conference with representatives of all directions and promptly develop an action plan.
The work of technical support is organized according to the principles of ITIL, described in the book of Rob Ingland (Rob England). In this case, three-level technical support. The first level has a basic knowledge of administering the OS and building a virtual infrastructure. The second level knows how to work with VMware networks and software. The third level is “dedicated” in particular to the implementation of the IaaS provider 1cloud and deals with the most difficult but interesting tasks.
On the work of the technical support service 1cloud we did a separate material . There we talked about the order of processing calls, communication channels, etc. And you can find out how to make the services of an IaaS provider more accessible.
In our opinion, the main task of an IaaS provider is to make complex things (in terms of IT infrastructure management) simple for users. Among our clients there are indie developers and studios who do not want to spend time setting up hosting. For such clients, we have implemented our calculator , which allows you to order virtual servers in a couple of clicks. The client immediately receives the ISPmanager 5 control panel with the REST API.
Guided by this principle, we also developed virtual server templates. We want users with different backgrounds to be equally comfortable working with our product.
We wrote in our blog about other little things that we noticed when developing the IaaS provider 1cloud.
/ frame from the video about our SDN data center
The infrastructure in the cloud is still associated with many concerns and fears, including those related to security. Some of these misconceptions we have debunked in our series of posts about the myths of cloud technologies ( part 1 , part 2 , part 3 ). However, the IaaS provider, on whose shoulders the security responsibility falls, is able to better protect the infrastructure with current solutions and specialization.
The cloud provider can monitor storage, computing resources and databases, organize protection against DDoS attacks and spoofing.
For example, to prevent data loss, we have implemented a backup service. In the configurator, the frequency of automatic backup creation is configured. In the event of an emergency, the user will always have at hand data that will allow the server to be restored. How much to store copies, determines the client. About this and other things that are worth paying attention to when organizing cloud protection, we wrote here .
To avoid downtime and increase system availability, all infrastructure nodes are duplicated. And used "iron" has high performance. For example, 1cloud VMs are hosted on NetApp disk arrays with Intel chipsets — they have high-performance memory and NVRAM that guarantee the availability of five nines. In this case, the controllers have their own small service processors, which “pick up” the work even if the components of the motherboard fail.
The very same equipment is located in the data center SDN (St. Petersburg) and Dataspace (Moscow), certified by the Uptime Institute for the level of Tier lll. And recently we opened a data center in Almaty. Description of Alma-Ata data center you can find here . The security complexes of these data centers form another “protection line” that stores customer data.
PS Materials on the topic from our blog on Habré:
PS A few more materials about the organization of the work of IaaS-provider 1cloud:
To create a company that provides one of these services, you need to take into account certain features. But since 1cloud is an IaaS provider, we would like to talk about the principles that guide us in developing and providing IaaS services.
/ Equipment in Ahost / 1cloud
')
Know customers
It is important to understand what customers have values ​​and objectives: what developers, web studios, integrator companies need. We take into account their desires and tailor services to the needs of users. For example, the majority of our clients are legal entities, so we introduced an electronic document management system.
The accounting subsystem is integrated with the EDO “Tenzor”, “Diadok” and “1C-EDO” operators. In the future, we plan to establish partnerships with other providers. You can find out how the solution works in our blog .
We also improve the visual design and architecture of services and configurators. All decisions on changes are made based on market analysis and feedback. Based on customer feedback, we redesigned the company's website and made further improvements: we developed a calculator for setting infrastructure parameters and estimating its cost and automating service tasks.
One example of automation is the implementation of a DNS manager. It was based on the ANS Carrier-Grade DNS Appliance DNS server solution, which is accessed via the API. A service task handler is launched from the control panel, which changes the DNS settings without the intervention of technical support experts.
/ Change DNS settings
We also regularly improve the control panel. We added the ability to track licenses and gave customers the right to control the speed of the Internet connection of virtual servers. Until recently, this was done only by contacting technical support. We decided that sometimes it is worth more to trust the client and give him the "reins of government." About the benefits it brings, in our blog there is a separate material .
One of the latest service updates is the ability to create client public networks . The use of such networks allows our clients to achieve greater security of their solutions, since for each public network a dedicated router is created through which only the traffic of this client goes. And the public IP addresses assigned to the user from one range make it easier to administer the solution.
/ Implementation of the client public network
Such improvements and improvements increase the level of accessibility for customers, but at the same time they require serious efforts for implementation. For example, it took us about 2 months to develop the functionality that allows for the creation of client public networks - the innovation required significant changes to the service architecture:
[I had to change] the vCloudDirector settings, modify the mechanism of interaction with VMware management software, rework the architecture of the service databases. Modify modules for billing, task handler, web user interfaces and administrator, notification system, etc.
Practically all divisions of the company participate in the implementation of such a “feature”: administrators, backend developers, front-end developers and even marketing specialists (they are involved in the decision-making process on changing old interfaces and developing new usability principles).
- Sergey Belkin, Head of Development, 1cloud project
Of course, such decisions are not made spontaneously - we collect feedback from customers, analyze Western and Russian services that provide similar services. Now we have several important updates in our plans:
These are monitoring systems, load balancers, and many other features. The nearest innovation - cloud S3-storage. This is a new service 1cloud. We are planning to launch it in the next few weeks.
- Sergey Belkin
Stay flexible
Flexibility and scalability are among the core values ​​of the concept of cloud technologies and IaaS products. For example, we give new customers to test the virtual infrastructure so that they can independently form an opinion on the quality of the service. In this case, sign up for a "test drive" in several ways: through the form , a letter to support@1cloud.ru or by contacting support.
Another example is the procedure for working with a high-performance server pool. When the number of requests grows and the server does not have time to cope with them, it is important for businesses to quickly increase their capacity. Therefore, we have developed a mechanism that allows you to transfer the infrastructure to a more powerful pool at any time.
And so that the client could decide for himself when he would connect or disconnect additional capacity, we implemented a monitoring system in the control panel. The graphs show CPU, memory, disk, and network load. Based on this data, the administrator can independently draw conclusions and decide on making changes to the configuration.
Flexibility should also be manifested in customer service, so we pay close attention to support in 1cloud. Support works around the clock every day. If we receive mass calls about the problem, we will immediately organize a conference with representatives of all directions and promptly develop an action plan.
The work of technical support is organized according to the principles of ITIL, described in the book of Rob Ingland (Rob England). In this case, three-level technical support. The first level has a basic knowledge of administering the OS and building a virtual infrastructure. The second level knows how to work with VMware networks and software. The third level is “dedicated” in particular to the implementation of the IaaS provider 1cloud and deals with the most difficult but interesting tasks.
On the work of the technical support service 1cloud we did a separate material . There we talked about the order of processing calls, communication channels, etc. And you can find out how to make the services of an IaaS provider more accessible.
Do not complicate
In our opinion, the main task of an IaaS provider is to make complex things (in terms of IT infrastructure management) simple for users. Among our clients there are indie developers and studios who do not want to spend time setting up hosting. For such clients, we have implemented our calculator , which allows you to order virtual servers in a couple of clicks. The client immediately receives the ISPmanager 5 control panel with the REST API.
Guided by this principle, we also developed virtual server templates. We want users with different backgrounds to be equally comfortable working with our product.
We wrote in our blog about other little things that we noticed when developing the IaaS provider 1cloud.
/ frame from the video about our SDN data center
Provide security
The infrastructure in the cloud is still associated with many concerns and fears, including those related to security. Some of these misconceptions we have debunked in our series of posts about the myths of cloud technologies ( part 1 , part 2 , part 3 ). However, the IaaS provider, on whose shoulders the security responsibility falls, is able to better protect the infrastructure with current solutions and specialization.
The cloud provider can monitor storage, computing resources and databases, organize protection against DDoS attacks and spoofing.
For example, to prevent data loss, we have implemented a backup service. In the configurator, the frequency of automatic backup creation is configured. In the event of an emergency, the user will always have at hand data that will allow the server to be restored. How much to store copies, determines the client. About this and other things that are worth paying attention to when organizing cloud protection, we wrote here .
To avoid downtime and increase system availability, all infrastructure nodes are duplicated. And used "iron" has high performance. For example, 1cloud VMs are hosted on NetApp disk arrays with Intel chipsets — they have high-performance memory and NVRAM that guarantee the availability of five nines. In this case, the controllers have their own small service processors, which “pick up” the work even if the components of the motherboard fail.
The very same equipment is located in the data center SDN (St. Petersburg) and Dataspace (Moscow), certified by the Uptime Institute for the level of Tier lll. And recently we opened a data center in Almaty. Description of Alma-Ata data center you can find here . The security complexes of these data centers form another “protection line” that stores customer data.
PS Materials on the topic from our blog on Habré:
- Energy efficient data center: familiarity with international experience
- "Siege affairs": How companies build a solid fortress to protect the clouds
PS A few more materials about the organization of the work of IaaS-provider 1cloud:
Source: https://habr.com/ru/post/341182/
All Articles