 Okay thanks everyone for coming it's more people than expected to see here I'm gonna fit in the abstract for this. Thanks very much. My name is Campbell McNeil and I'm an architect at Dell. I'm responsible for the online experience and the whole onboarding process and the sort of back office management processes of the Dell cloud console which we use for provisioning existing cloud services and I'm also heavily involved in what we're going to be doing for private cloud in terms of what we're doing with OpenStack, how we're integrating that with enterprises that kind of thing. Now apologies for the slight disaster here with the sidebar. I'll just progress with it because I could fit it with us all day. Okay so what am I going to talk about? First thing how many people in the room are either somewhat involved with a service provider or planning becoming a service provider that kind of thing can I get a show of hands of people who plan to stand up public cloud services. Great, good to see you here. It's something that you know OpenStack gives you some of the tools that you need for but there's so much more you got to go and do anyway to actually become someone that can sell cloud whether you can sell it to the the credit card paying public or you can you can go and sell it into an enterprise and actually have it you know managed within an enterprise. With OpenStack what you do do get is you get Horizon. I consider Horizon to be a consumption UI. Horizon allows you to consume resources but it doesn't get you to Horizon and there's a lot of process that needs to take place to get someone to Horizon and there's a lot of process that needs to take place after where Horizon fits in to actually provide services. Yeah of course. What I'll do is afterwards I'll put them in slideshare and tweet at the link and you can just email me or whatever. No worries. Okay so as I said Horizon is a consumption portal. It allows you to create your VMs, your networks, that kind of thing. It allows you to manage your storage but it doesn't get you there. You know it leaves that OpenStack as an island. If I stand up OpenStack as it is, what happens is I've got something there but separate identity services. I've got to manually put people on there that kind of thing. That's going to use them especially as a service provider. You know I can't sell OpenStack by you know having someone send me an email and say they want me to want an account and that kind of thing. I've got to go a lot further than that. Also it doesn't give you anything around operations. That's beyond the scope of this talk. But you know there's a lot of sessions here on operational management. That's obviously a key consideration for any service provider. Both a public cloud service provider and internal IT service provider. Okay in order to set the scene for what you need to do in terms of implementing these services we at Dell we use this thing called a reference architecture. I flagged up the NIST and this reference architecture for cloud computing. Once again there's links to all this stuff at the end you know if people really want to read up in this stuff. The purpose of the reference architecture is to give you a set of boxes. A set of you know what you need to do to become something. You know so if you want to stand up a service you can use the reference architecture to say these are the suite of services I need to build up my composite public cloud service. And just a bit more detail there. Around what we do as a service provider we need to provide a set of things you know service management or sometimes called business support services BSS and just as part of that you know you've got your you've got your whole things you need to include there in customer management contracts inventory you know accounting reports pricing you're gonna be able to provision you're gonna be able to meet her you're gonna be able to monitor you're gonna be able to manage your SLAs you might have to pay out if you don't meet an SLA that kind of thing and then there's this stuff not something to cover but you know you got the whole the whole notion of it I'm a service provider I stand up a cloud I've got to be able to get customers workload on to my cloud so you know these are considerations you need to make in terms of actually building up a service that people will pay money for. Yeah no exactly this is the scope of this is to you know explain beyond what OpenStack provides you is OpenStack being a cloud delivery platform you know a service platform for living VMs networks that kind of thing this is a bit the suite of services that you need beyond that to take and make money from it. Okay what I've done here is just provided in a very abstract level what it might look like if I'm a service provider I've got to provide something beyond horizon this is horizon on the right hand side here what I've got here is basically I call it service management portal service management console you can call it what you like the whole point in the service management console is before you actually get into the consumption of your cloud services you actually have the ability to manage the specifics around those services OpenStack Nova being you know compute being a cloud service object storage being a cloud service you might have SaaS applications in your cloud portfolio we certainly have some may have different cloud offers based on different platforms that kind of thing platform as a service that kind of thing at a higher level what you want to do is basically have a management console around that and allow customers to basically see things cross-cloud platform around a specific cloud platform and then what that does is that gives them access flips them over into the likes of horizon so you can do cloud consumption. Okay so what basically you know described there is what you want to do is you have your whole service management stuff that you're going to more detail in a minute on one side then you use OpenStack from the community differentiate in top of that as part of your cloud service platform and you stand up as a separate service but you consolidate identity between them and a high level architecture these are some of the problems you've got to solve when you're a public cloud service provider and you've got certain things that go beyond the core OpenStack platform which I've got down here things that you need to go and do which I'm going to go into a bit of detail on so you understand some of the problems you've got to solve as a you know a service provider you got a whole sign-up process and a couple ways you can do that there's obviously a process that people are probably used to when they think of cloud it's you know you go through a process she's like you give you a credit card number you get an account and then you go in do things you get provisions you go and do things. Another way that we do it now which is you know an interesting thing for service providers is we have a CRM driven process where a sales person can go and create a prospect basically create a lead then that lead can you know have a quote generated against it and then once the customer accepts that quote and basically orders that quote the orders created then you dovetail into a similar process that you would do at the end of a you know credit card checkout process so you get that that means you're doing things as well. Service management I've already talked about a little bit you know that's the whole notion of going around and actually managing that service. Support I'll talk a little bit more about that in a minute most people know what support is but you know it's a key consideration that as a service provider you got to be able to provide support for your offer and obviously billing you know I'm a service provider and on top of that you know you got to provide services around around what you're doing with OpenStack that not don't necessarily form part of OpenStack core. I say identity here because there's you have keystone for OpenStack identity but if you're a service provider one you might already have your own view of what identity is you know you might have a friend since Amazon has an Amazon account, Adele we've got a my account is called that kind of thing. You might have a notion of an existing identity provider which is going to drive some of the stuff you do with keystone. A rating engine, salamity provides meters it doesn't rate a rating engine basically takes the meters and turns them into something tangible you can charge for. Rating is the act of taking the usage and actually putting so the question is what's the difference between rating and billing? Ratings that act of taking the meters and turning them into something tangible you know like you actually putting against the price a rate plan as it were we call it a rate plan so you take you know I've used you know a hundred VCPU hours or something a dollar an hour that's a hundred dollars and then billing is the act of actually invoicing for that and getting the money in for it. Or it's something that we provide it's something that's important to consider but doesn't come directly out of open stack that's you know the notion of being able to provide a traceability across what people have done when who did what when so you can actually audit the service and provisioning is the act of when somebody orders something actually creating that service for them by means of that what I mean is you know creating your open stack identity is potentially creating a service plan in your billing engine you got to create a subscription in there that you know it's going to be reconciled against when you actually go into your rating in your billing that kind of thing is the sort of thing you do in provisioning. Okay so more detail I promise more detail around these things for each of the sort of four pillars that I've described there there's a lot of considerations you need to make as a service provider and this is kind of just a bit more detail around what the next reference architecture provides and what we do at Dell. So I just go through some of the things that we actually do is each of these processes. So when you sign up to a service you're going to have a service catalog you know you've got to have a feature in there which says these are all the things I can buy you know typically clouds pay as you go but you might have reserve rate plans you might have dedicated rate plans that kind of thing so that's part of the service catalog you got to provide that so somebody can sign up to something. You got to set up your login I kind of touched on that when I talked about identity. It seems it seems simple but the customer you might have your own identity provider as we do and the customer may not have an existing account with you so you got to set that up or you've got to create some sort of you know trust relation or some sort of you know associated account with your Facebook account or an open ID or that kind of thing it might be federated identity. You got to set that up. You got to validate when they sell their account you know you're not giving you garbage. Okay so we've got several steps around that. Validating the address is correct. Set up their payment. At Dell we accept both credit cards and purchase orders. Purchase orders is a back-end process to reconcile with a purchase order system but in terms of credit cards you got to validate that you know your credit card first you need to check some ID on the credit card number make sure they haven't typoed something you got to go away and actually validate that credit card blums that they're stated address. You got to check their CV2 number whatever it's called and you got to validate that. Basically going to make sure you're not getting garbage and in addition you've got to carry out a fraud check. Now you get as a cloud service provider you get an awful lot of people trying to use stolen credit cards to try and sign up for your services they're always trying to get something for free. You got to put a fraud prevention check in there to try and mitigate some of that. The way you can do that is you can use fraud providers a simple way is to you know validate their phone number actually belongs to them. A lot of people who try and do fraud use dodgy phone numbers i.e. phone numbers that might go to a switchboard a company they're pretending to represent or something like that or you know to a track phone that kind of thing. It's an important consideration to use some sort of you know some sort of mechanism there to try and make sure that person who's signing up for that service is actually a genuine person they actually do own that credit card and they actually do represent whoever they say they represent. Credit checks something that's important you know if you know if someone signs up for your cloud with a credit card that's got a $500 limit on it you probably don't want them going away going crazy and consuming a lot of resources and likewise if your company already has an existing business it might be an existing company but you're going to have a credit department who's going to basically have standard credit terms for that customer and that's going to influence what you can actually let allow them to use in the cloud. That's an important part of the process. And compliance check most you're probably already aware America's not very friendly with Iran and you know North Korea and people like that. A compliance check will be a trade compliance check or an export compliance check whereby you're actually making sure that the customer who's signing up is an allocation that you've validated and aren't trying to do something from an embargo country which if they did do something from an embargo country you'd leave your company open to a lot of fines and bad press that kind of thing. And then there's the concept you know somebody's got to sign terms and conditions you know we've got two means of doing that you know click I approve once you've read this huge bit of legalese and when we do our sales person driven process we've got an electronic signature mechanism we use so people can actually electronically sign for the service and agree to move forward we can move forward at that point of provisioning. Okay considerations for service management. Upgrades if I might you know let's just say my page you go customer I might want to upgrade my account to a reserved account you know I've been using the cloud for six months now I know what my utilization is like I want to look in that utilization in a reserved account so I'll pay for a certain amount of CPU hours for a fixed rate per month that kind of thing. That's great as a service provider as well if you can get people to look in a reserved as well because it allows you to capacity plan a lot better. Downgrades once again just to reverse people are you know looking to downgrade their subscription they might have a certain amount reserved they might want to go to a smaller amount reserved that kind of thing you've got to put a process in place for that. User management is describing the ability of managing users across cloud the reason I say across cloud is you do have user management and open stack at a project level but if you have multiple services out there you know at Dell we certainly do you want to be able to manage the same identity and entitlement of that identity across mobile services. Payment change represents your ability to change how you're paying how you're paying different credit card that kind of thing. If someone wants to change their credit card you're gonna have to go through all this again. You've got to validate that they know they haven't gone from a good credit card to a bad credit card that kind of thing. Invoicing you know historical invoices I'll talk a little bit about invoicing here but we've got historical invoices people in their service management portal expect to be able to see what they paid for when over a period of time. Obviously that's a role-based consideration if you're setting up an account for a big corporate customer not every user is going to get to see the invoices there's going to be a finance type user there once again that goes beyond the roles that you typically get with Keystone you've got that kind of role management you implement your service management level. Run rate represents how much have I consumed for this billing period so you know how much have you spent maybe up to the last midnight we'll run a rating run every midnight so up until that last midnight somebody can see where they're at allows you to implement cost control as a consumer. Use of statistics slightly different from run rate what I consider use of statistics to be is you know what users are using what in my cloud that kind of thing once again from service management point of view as a consumer if I'm the admin I want to see who's doing what and who's using up all the resources versus maybe I expect some people would be doing something and they're not. Audit I mentioned earlier audits the ability to see who did what when and for you know someone creates a VM you kind of want to know who created it if someone powers off a VM you probably want to know who did that you know all this could ultimately you know influence you know like an audit if someone actually wants to put their their actual their actual production IT infrastructure up in the cloud. Quota management obviously as a service provider I've got a quota that ties in with the credit check I don't want someone generating any more spend than what I did them to be credit worthy to do but also internal to service management you may want to manage quotas for subtenant in your cloud subscription so if I'm the if I'm a you know a CIO and I've gone to public live from a Dev and QA I don't want to set up quotas for each sub team that are going to consume off that account and obviously people may get fed up with your service we need to automate a process to let them to cancel service you know that would be no things like finalizing their invoices the ability to you know shut down their VMs kill kill their data after a certain period of time you know for instance at Dell we attend it for 60 days before before actually bleeding it in case there's a service restart that kind of things part of the SL or part part of the service agreement. From a support point of view you've got to provide means that people can get help with using your cloud and it's not something that comes out the box unfortunately and there's quite a lot of opportunities and support to implement some certain things I'm considering from what we are doing is you know if I'm in a VM and I'm having a problem with it when I create a support ticket I want to be able to you know snapshot all the data and all the details of what that person is doing then and there and so that when the support agent picks up that ticket they can see the VM they can maybe click on a link to get directly to the VM you know it's a big opportunity with support to create a very great experience there for getting people help and making the people who give the help very efficient and beyond that you know you want to maintain a good good database of how to use that kind of thing for them so people can help each other you know something you might support is you know an image repository as a service provider if you're supporting an image repository let's just say I'm supporting Windows site if I put a Windows image out there that I'm going to charge for you know what's my customer's expectation on the state of that image you know you got to provide support around that and I mean that I just put Windows Server 2008 R2 out there and just leave it I can't do that there's a big liability associated with that because if I leave that for six months it's so unpatched as soon as someone spins that image up it's going to have problems so you know you have the whole notion of supporting that kind of thing and making sure that any service you do provide is evergreen as it were and we like to provide white papers and documentation and you know how people can do things the best practices how to get your lamp stack up and running in five minutes and come in and last but not least in this in these in these pillars billing billing I mentioned previously once you've rated the data you got an invoice for it so you get the whole process of either sending email and someone an invoice having payment coming and reconciling that payment with that invoice if it's a purchase order or you have the process of charging someone's credit card you probably got to implement processes while they're where you know if someone's credit card declines how do you deal with that you know that kind of thing part of the billing process tax calculation is an important consideration you got different types regimes in different states we do and we've got you know different types regimes in different states if you do business in states you got to charge sales tax in those states and likewise if you go globally you've got different tax regimes in different countries you do business so we've had to put a system in place for you calculate tax based on where that customer is and where you do business that kind of thing. Sales compensation sounds like a weird one but it's a big consideration for instance if you've got a salesman that's sold how do you compensate that salesman wants to customer use it depends on what your sales compensation plan is you typically assist them to do that so the sales guy gets comped on what he's actually sold and I put general ledger there because ultimately all the money you're making and how you're making that money and where it goes to goes back into your company's book somewhere so it goes against the bigger the bigger financial reporting things which are way beyond my pay grade. Okay so that was all about public cloud service provider type stuff. Private cloud in the enterprise is kind of similar but it's a way a bit cut down but there's a couple of different considerations of some of the considerations I make that I want to point out might be useful for some people. You still have your horizon there you know but you know if you set up price and as it is today in a lab you know your lab manager is probably gonna send out somebody credentials and they're just gonna use that and it's kind of gonna be a once again still an island. One of the things we do is we want to provide a means of managing service entitlement inside an enterprise so let's just say a company's you know got a very strategic point of view that we want to move all of our infrastructure on the cloud we're sick of all these teams with siloed little pieces of infrastructure virtual infrastructure whatever you've got we want to invest big stuff we want to go big and open stack we want to build that in there and we want to basically move all of our workload on to open stack so we have a single management paying for that workload and in a small company it's easy to manage just with you know just for this but in a large company it becomes a bit more of an arduous process so to do that what we do is we provide basically a service enablement portal and website or if you want to call it which allows people to provision services within the enterprise well some could be within the enterprise some that could be without with the enterprise but ultimately it allows people to provision stuff as far as what they're entitled to do and so the user experience around this is I'm a dev lead I need any I'm gonna need ten VMs for my project for my dev and go in this I can click on I want something in the computer lab and that can provision me an entitlement in the computer lab there's a process behind that that needs to be considered and I'll go on to that so now a similar slant with regards to the the sort of overall architecture it's similar to what you saw before but the semantics of what's in these pillars is different I've not called it sign up because it's more of an onboarding process and inside the enterprise you know to get that user on board onto the system from an entitlement point of view there's certain other considerations there bearing in mind that just because it's internal doesn't mean you're not you know you're not incurring spend by using those resources support once again similar and billing is slightly different but it still needs to be there so going to a bit more detail around those you still have a service catalog you know and open that compute as a service and swift that's a service you might have other services for instance we have to manage entitlement around salesforce.com you know you pay sales force 500 seats and you got to manage that entitlement you know it's a cloud server so it's an internal service it doesn't really matter the fact of the matter is is someone's got to basically ask to get it they don't just get it and then there's a notion of approval because there's a cost so say with fish you know it's going to get built by a charge back within the same company and you've got to basically go through the process of having your manager sign off or whoever pays the bill sign off that that resource utilization and then based on that I'm going to set up an entitlement you know if I'm a dev lead I get 10 VMs I'll get set up an entitlement from a 10 VMs and you got to record the cost center you know my department whoever whoever I work for who's going to pay the bill I got to record that cost center. Inside the you know in the process of managing entitlement slightly different from what we've seen before policy management some of the policy management is you know if I've got an environment who has rights to do things in that environment versus other environments if I were not like an application development lifecycle process I might have some entitlements which are using the dev environment whereas other people can promote code to the QA environment that kind of thing. CMDB you're inside an enterprise now you've got to record the VM based on the VM name that doesn't tell you very much you got to record what the workload is in that VM that's part of what has to be integrated there. User management as I said before service change is you know changing the entitlement around that service you know or you know like I need more VMs how do I manage that these are just the same as before what am I using when am I using it. Audit as before and quote management and service cancellation a project comes to an end they might not need the resources anymore it'd be nicer to freeze them up so I could reuse them. Support just as before but obviously you're gonna have to integrate in this case with that probably when you when you build a cloud for an enterprise they're gonna have an existing support system so rather than roll your own or use your own point of view you've got to integrate with what they already have. Cost center charge back. Just say charge back. Once you've actually used it you've got to do your internal billing integrate whatever system a customer has for internal billing and once again financial reporting around the use of the cloud. Just a couple of pointers from what I've learned at Dell on user experience. User experience around using the cloud. What you do with horizons great at low level you know you create VMs you create networks you you can deploy images that kind of thing but it's kind of it's kind of pretty pretty hands-on pretty step intensive that kind of thing. What we like to do around common tasks etc is basically provide you know a composite API effectively which actually rolls up and means that you know from the client side you're not having to go through a lot of steps a lot of chatty steps a lot of slow things to actually build up a service so you know when you're providing you know UIs and extensions as a provider you want to basically you know make long running and complicated tasks easy but providing composite services to provide those and another tip that we learned at Dell is a lot of our customers are very very afraid of running up a big bill so when you're on a page you go model inside your cloud that kind of thing what you want to do is really you know roll up and pull cost into every bit of consumption so if I create a VM rather than just create a VM I want to see that you know if I'm a consumer of public cloud this VM is going to cost me X a month amount per billing period and see it right then in my face you know big criticism of Amazon as you kind of don't know what you're spending and how you spend it it's very very difficult to actually see what things are going to cost so there's a usability type tip it's really good to be able to pull that in around the consumption UI. That's basically all I like to talk about one thing that's just very very interesting to me and hopefully interesting to everyone in this room in terms of standing up the service is the keystone work that's going around Federation you know off it's something as a service provider I really need to see so that when I stand up a cloud either private cloud or public cloud I can allow customers to use what they already have as their current identity providers and you know create that consumption experience has been as seamless as possible isn't it great as possible with what they already have so I'll be at those sessions this week and I'll put the links out there for some of the other stuff shown as well so any questions or happy questions how difficult is it to integrate identity management it depends on what identity management you really have and in our experience keystone is not too bad but it depends on how you manage the identities between them with when keystone supports Federation will be a lot better because then you have the concept of you see our part this and STS you know you you and this you party STS and keystone would be our line party STS and you have trust between them if you don't you've kind of got to go through a push mechanism of fishing identity out to keystone then doing some sort of proxy mechanism to basically get a single sign on through if you don't have that set up it works but it's just a little more clunky because then you have to synchronize identities between the two the great thing if you get to a Federation which we hope to get is I'd be able to go to horizon and use my NTA I can't straighten horizon rather than having to you know go through a step what we found is where where where the services we're providing for don't support that level of Federation you have to go through dodgy steps like right now cookies that kind of thing and syncing passwords with rear-end back-end databases and you can get into some edge cases there where you listen to my station few considerations thanks very much I'll send out links to the slide