Mitigating Compute Design Problem Spectre, alternate Solution to Public Cloud

I discussed in my last blog about the computer processor design flaw “Spectre”.

Now due to this design flaw in the processor ,many big cloud customers are now have a serious doubt about the security of their applications and data in the public cloud. Which is very much valid and worrisome ,then how to mitigate this problem is the next question,as the problem is with the hardware itself updating the hardware or releasing a hardware patch is too difficult task to achieve in a small span of time.And it is too impractical to remove the old processor and put a new one with a proper design.

Then what is the possible solution ? In my opinion seeing the different side to cloud computing,

Let’s understand the problem again,the design problem with the processor can give access to sensitive data when the attacker runs his code in the same hardware processor, it is a problem in a shared hardware resource environment like public cloud.So this problem does not have any impact on a non-shared hardware resource environment.

So if we prevent the attacker to have access to the underlying hardware,so that he can not have direct access to the processor or memory to run his code then we are safe,and how that can be possible ? If we run our application in our own data center and the data inside our own company firewall.

That gives us the answer,rethinking on our private cloud strategy.

Let’s discuss what we can derive from our experience from a public cloud.

Inspiration Drawn From Public Cloud

  • Start Quickly
    • Can we start a Project quickly as the Business user need? Answer is, Yes we can.
  • Start Small
    • Can we Start Small so that you can right size to match the need, right size the infrastructure spend to match your business spend? Answer is, Yes we can.
  • Scale as you grow
    • As we business grow up and down, can you scale up and down with your infrastructure? Answer is, Yes we can.

AWS, Azure, Google?

Yes, but it is important to answer the following questions before you should move your workload to public cloud.

  • Are all of your business Application Designed to run in the cloud?
  • Do you have many Predictive workload?
  • How many Elastic workload you run in the Public Cloud?
  • Does the economic reality of Public Cloud align with your business objective?
  • Does public Cloud security meet your business requirements?

The Hyperconverged Infrastructure can bring the Advantage of the Public Cloud along with the lower per VM cost and the required security we need for our Enterprise Data.

Hyperconverged Infrastructure Advantage

inspiration-public-cloud

So let’s see how we can achieve the Public Cloud functionality with Hyperconverged Infrastructure for a Private Cloud.

  1. Start Quickly – You can order one node and start working, One question is do you really start working on a Public Cloud VM after just purchasing it with a Credit Card? Off course not, we need time to plan and then Cloud architect or admin has to the design ,create the infrastructure before using it, In the same time we can also order one Hyperconverged Infrastructure and start using it.
  2. Start Small – Yes we can start with one node.
  3. Scale as you grow – We can buy more nodes as we progress with our Project and Increase in demand. The existing Infrastructure will scale and rebalance itself without much administration headache.
  4. Shrink or release the Infra as and when you are done: ?

Well that’s a Question mark, I am sure we can’t return a VXRAIL or Nutanix after using it, But then we can carefully plan our requirement so that we don’t have to return the Compute power we are already using.

So we almost get all the advantages of Public Cloud with a cheaper price and higher security of Data as we are doing it all in a Private Cloud.

Let’s discuss about some of the latest innovations also happened with processor, memory, networking and storage technology using which cloud computing became matured.

Server Power, Size and Cost

As the public cloud gained maturity, the hardware cost and the size has gone significantly low and small too. To give an example a “Raspberry Pi Zero” with a specification of 1GHz single-core CPU, 512MB RAM cost only $5, where we can very well run Ubuntu Linux.

You see Per CPU core ratio has gone up, Memory cost has gone down, SSD cost has gone down.This has an impact in the server cost and power used, we can get a very powerful server with a lot of storage with very low price and size.

Here is a small explanation of the way one can create a private cloud environment with different underlying hardware and technology. The right-hand side of the picture it shows how the per VM cost in a cloud environment has gone down.

pervm-cost

Let’s See how much the cost has gone down of the Hardware (I am assuming this configuration is not for a mission critical application) because I believe still mission critical application has not completely found their ways to Public Cloud.

A Server from 2U Rack mount Supermicro with following Quick Configuration may cost around $14000

2 CPU 24 Core, 256 GB DDR 4 RAM, Around 5 TB of Usable Storage.

Let’s assume I get 3 Servers and VMware vSphere Essentials Kit – $660 with 3 years Support.

Total cost is $14000 *3 + $660 = $42660 + Admin Cost

This configuration has –

24 * 3 = 72 Compute Cores

256 * 3 = 768 GB RAM

5 TB * 3 = 15 TB of Usable Storage.

VMware vSphere with one vCenter Server Instance.

I assume this Server configuration I can run for next 4 years (Enterprise Hardware is pretty stable and robust now) and if I don’t need all those HA and Data backup and Disaster Recovery Plan etc, I know I am over simplifying for the sake of Cost Containment but do all Enterprises really need all those features like Development and Testing team. Some low priority Software Servers etc?

Let’s see how many test Servers I can assign to my Development and Test team.

Assuming I ll give a minimum of 8 GB RAM server, I can create 768/8 = 96 VMs in this Server configuration. As I have 72 Compute Cores I ll reduce it to 72 Instances, assigning 1 core to 1 Instance.

Assuming my Developers will work 10 hrs per day, in Office 8hrs and may be 2 hrs. More in their own private time which is true, Developers work more than 8 hrs J.

I know I have to add the Electricity Cost, cooling cost, the real estate cost and the Human Resource cost etc to this calculation, but considering the size of today’s hardware I am sure it’s not too much, because the configuration I am speaking will hardly take any space, Any company can just create a small partition and run the server and secure it, It ll not add up any real estate cost.

Let’s compare this cost to same number of Instances of Same size on AWS.

http://calculator.s3.amazonaws.com/index.html

aws-cost-calculator

It comes as $2038/month

So for 48 months, $2038 * 48 = $97820 + Admin Cost.

$42,660 + Admin Cost vs  $97820 + Admin Cost in 4 years.

Let’s consider another configuration of VMs for the Server configuration above.

24 * 3 = 72 Compute Cores

256 * 3 = 768 GB RAM

5 TB * 3 = 15 TB of Usable Storage.

We have 72 physical cores i.e 72 * 2 = 144 Logical Processor Threads.

So I can run 144 VMs with one thread each which is the vCPU we know in any Public Cloud.

So if I assign 4 GB RAM to each VM with then I ll need 144 * 4 = 576 GB or RAM which is still less than our available RAM.

So let’s calculate the cost of 144 VMs with 1 vCPU and 4 GB ram on AWS.

Almost same result.

Actually the vCPU given by AWS is not a whole thread provided to your VM,It is a Shared Environment,and our logical CPU can be divided into many vCPUs.So actually we can create more number of VMs in our Server Env,if I go with RAM availability we can create 768/4 = 192 number of VMs with 1vCPU and 4 GB RAM.As the users are not going to use the processor continuously so the Environment is perfectly valid and can work as desired.

Let’s see what the cost with AWS is.

$2718/month * 12 (months) * 4 years = $130, 464.

So now we can compare again the cost.

$42,660 + Admin Cost vs  $130, 464 + Admin Cost in 4 years.

Here also you ll need a Cloud administrator, so the administrator cost is not we can add here as same you would incurred for creating your private cloud too.

Hyper Converged Infrastructure

Let’s consider the cost of Hyper Converged Infrastructure for your Private Cloud.Though this is an old blog from VMware, and I am not comparing any Hyperconverged Infrastructure vendors here. My cost assumptions almost correct here in the blog each server cost $27229, naturally the server is double powerful than my configuration.

Refer to the following 451 RESEARCH report

451-research

And referring to the blog from virtualgeek , The minimum cost of a VxRAIL Appliance from VMware cost around 60K.

From 6 cores to all the way up to 40 cores per CPU, from 64GB of memory all the way up to 1536GB of memory, from 3.6TB of storage all the way up to 48TB of storage.

vxrail

Let’s have a Quick Comparisons of Different Series of VxRAILs

VxRail Node Comparisons
  G Series E Series V Series P Series S Series
Form Factor 2U4N 1U1N 2U1N 2U1N 2U1N
Cores 8 – 32 6 – 40 16 – 40 8 – 44 6 – 36
Memory 64 GB – 512 GB 64 GB – 1536 GB 128 GB – 1024 GB 128 GB – 1536 GB 64 GB – 1536 GB
Hybrid Storage Capacity 3.6 TB – 10 TB 1.2 TB – 16 TB 1.2 TB – 24 TB 1.2 TB – 24 TB 4 TB – 48 TB
All-Flash Storage Capacity 3.84 TB – 19.2 TB 1.92 TB – 30.7 TB 1.92 TB – 46 TB 1.92 TB – 46 TB N/A
Use Cases General-purpose for broad hyper-converged use cases Basic for remote office, stretch cluster or entry workloads Graphics-ready for uses such as high-end 2D/3D visualization High-performance optimized for heavy workloads such as databases Capacity-optimized with expanded storage for collaboration, data, and analytics

 So the Hyperconverged Infrastructure can bring the Advantage of the Public Cloud along with the lower per VM cost and the required security we need for our Enterprise Data.

2018 Trends shaping IT cloud strategies

Here are some of the trends I believe will be followed post Meltdown and Spectre.

  • Co-location services are on the rise (It makes it easier to have multi-cloud strategy)
  • Hyperconverge your private cloud (build private clouds that operate like public clouds)
  • Use of container will be still a Question Mark as the Processor Design Flaw (Spectre in particular allows One Container can Access Data from another Container in the Same Host.
  • Cloud cost containment
  • Lift and shift those cloud apps (Lift-and-shift migration tools will accelerate the rate of cloud migration)
  • Enterprise apps may find their way out of Public Cloud to a more secured Co-Lo or a Hyper Converged Infrastructure based Private Cloud.
  • Openstack , Open Source Cloud Software adaption will be interesting to watch.

Please leave your comments.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s