By Phyllis Teague

Thursday, April 27, 2017

New cloud services launched at Sandia

Forty hours or 30 minutes? The answer is easy when the question is, “How long will it take for me to acquire and deploy a new server?” How has Sandia achieved this nearly 99 percent time savings? By introducing “Infrastructure as a Service (IaaS),” an on-site cloud solution with a self-service portal.

What is Infrastructure as a Service?

IaaS is an industry-standard term that simply means the ability to “spin up” virtual computers and servers. At Sandia, it means an entire system and portal-based service that lives onsite (in a private cloud, that is) with which system administrators can deploy or decommission one or more virtual servers nearly instantly.

Why this is important?

According to Program Manager Jeremy Banks,“Sandia’s Enterprise Cloud Computing Team developed and implemented an Amazon-style ordering system with shopping cart [that allows] Sandia’s over 1,000 Certified System Administrators to rapidly deploy Red Hat Linux and Microsoft Windows servers into our enterprise IT environment.”

System administrators make all their configuration choices — including operating system, number of processors, size of RAM, and so on — right in the request form, submit the request, and the new virtual server is ready to go in about 30 minutes.

What it took to get to this place?

“We began in 2012,” says project lead Brandon Showers. “A cross-disciplinary team from Sandia’s Div. 9000 developed an extensive Cloud Strategy document. From there we engaged General Dynamics IT to update the strategy both to be more comprehensive and to fine tune it into a strategy we could execute.

“Sandia’s Cloud of Cloud cross-organizational team evaluated various cloud vendors and selected a cloud management system.”

Says Jeremy, “This five-year journey took executive and management stakeholder sponsorship and cross-organizational teamwork — led by the IT organizations in Center 9300 — among IT organizations in Centers 9300, 9500, and 8900 in California.

The team that developed the Cloud Strategy included Lawrence Arellano, Steven Arroyo, Gerald Giese, Phillip Cox, and G. Kelly Rogers.

Time and cost savings

Not only is this a dramatic time savings over the old request system, it represents a dramatic cost savings as well when factoring in the costs of heating/cooling, space, hardware, maintenance, and personnel costs of physical systems in the Data Center, says Jeremy.

 “A good analogy,” he says, “is purchasing a 1,000-gallon tank of water versus turning on the tap and getting only the amount of water you need at the moment. Applying this utility model to servers, you spin up what you need at the time and destroy [decommission] them when you’re done.”

Benefit of self-service

With self-service, Sandia organizations can control their server needs in real time. Since the new server “build” is automated, people can commission, decommission, and reconfigure servers on the fly. This effectively automates the many mundane, repetitive tasks of the system administrator.

Pete Warner, Sandia’s Information System Security manager, says, “This on-demand service initiates a system that meets security requirements and controls without interacting with a dedicated system administrator.”

Imagine this scenario: A group needs 50 virtual machines to run a simulation for a short-term project. They request and configure those 50 machines through the IaaS portal, receive them in less than an hour, run the simulation, and then decommission them once the simulation is done. It’s not quite “Beam me up, Scotty,” but it’s close.

And the potential uses are vast. “One option is to spin up replication (redundant) servers and database mirroring,” Pete says. “This system can also provide DEV/QUAL/PROD (development, quality testing, and production) systems, a one-off server to run a unique database, and so on.”

A few challenges still exist

  • Workforce wariness of cloud technology. Sandia has trained its workforce to be wary of external cloud-based services, and this can translate into slower adoption of internal cloud-based server technology. “People are very cautious about the security of systems and sharing physical hardware with other [virtual] systems,” says Brandon.
  • Additional complexity. IaaS also adds a layer of technical complexity, particularly with scripting and exchanging data with other apps. There’s also around a 20 percent performance overhead. “It takes a little more computer,” Brandon says, “to achieve the same performance as a physical computer. But the benefits well outweigh the costs.”
  • Still-emerging cloud strategy at Sandia. “We haven’t yet finalized our cloud strategy,” Pete says. “We are currently operating under an approval to test. That is, we have approval to process information inside the present system without revisiting the security requirements. But we are trying to let the Labs know we want to get there, but we’re not staffed yet to deal with the onslaught [of requests].”

What the future looks like

Jeremy and Brandon say Sandia anticipates moving existing systems onto the IaaS platform in the near future, and ROSTRA is a logical first effort. ROSTRA is a homegrown Platform as a Service solution that provides middleware tools and services to Sandia’s web application developer community. “Our vision,” says Jeremy, “is to put these two together as a Labs-wide service.” We are also looking at the possibility of moving Desktop as a Service virtual desktops into IaaS.

 “Eventually,” he says, “we hope to be using the Government Cloud or even a Hybrid Cloud for Sandia solutions. In any case, security requirements remain the top factor in how swiftly or prudently we move to cloud-based solutions.”

Cloud Computing types

Sandia’s cloud management portal is an example of a private cloud, where a server owned by Sandia and sitting in Sandia’s data center offers the virtualized services. What are the typical cloud types*?

* * *

  • Private cloud: Used by a single organization; owned, managed, and operated by that organization; and usually — but not always — hosted on premises.
  • Public cloud: Cloud services by third parties over an open network. Service providers such as Microsoft (Azure), Amazon (Amazon Web Services), and Google operate the infrastructure on their own premises and in their own data centers. Users access any applications in a public cloud via the internet.
  • Community cloud: The infrastructure that provides the cloud services is collaboratively owned by several organizations with common missions and/or concerns (security, compliance, and jurisdiction, for example).
  • Hybrid cloud: A cloud service consisting of two or more private, community, or public clouds from different service providers. These remain distinct clouds but are bound together in offering their cloud services.

* Sources: US General Services Administration (, NIST Special Publication 800-145, and Cloud Computing page on Wikipedia.