Case Study: OpSource Builds Highly Secure Public Cloud
PDF(297.7 KB) View with Adobe Reader on a variety of devices
Updated:December 16, 2013
OpSource, Inc. enabled customers to provision compute and storage, plus network security services and load balancing.
Headquartered in Santa Clara, California, OpSource, Inc. provides cloud and managed hosting services for global customers, including Fortune 1000 companies, software-as-a-service (SaaS) providers, mid-sized businesses, and service providers. The company's seven data centers in North America and Europe support hundreds of applications, millions of users, and billions of transactions daily.
OpSource wanted to develop a public cloud service tailored to enterprise needs. "Our goal was to expand the use of cloud computing beyond testing and development to mission-critical production applications," says John Rowell, chief technology officer and senior vice president of operations for OpSource. "To achieve the vision, we knew we needed to start with the network."
OpSource's idea was to provide customers their own Layer 2 VLANs and allow them to self-provision enterprise security and load-balancing services along with virtualized compute and storage resources. A customer that needed to temporarily augment compute and storage resources, for example, would be able to use a web interface or API to set up a secure VPN, configure appropriate firewall settings, deploy the needed cloud-based compute and storage, and then balance workloads between the enterprise data center and the OpSource Cloud.
Another goal was to automate resource provisioning based on real-time usage. Automation would benefit customers by making sure they had the resources necessary for optimum performance while not paying for more than they actually needed. At the same time, automation would support OpSource's projected growth by enabling the company to serve more customers without adding staff.
OpSource realized the vision for the OpSource Cloud using Cisco
® Data Center Business Advantage solutions, including Cisco Catalyst
® 6500 Switches for the core and Cisco MDS 9000 Series Multilayer Directors for storage access. The Cisco Catalyst 6500 Switches contain Cisco ACE Application Control Engine Modules and Cisco Firewall Services Modules. "We chose the Cisco solution because a single chassis provides Layer 2 networking, firewall services, and load balancing, which is more cost-effective than purchasing, managing, and scaling two or three separate products from multiple vendors," says Rowell. "We also know from experience that Cisco is committed to quick technical responses, allowing us to offer industry-leading service-level agreements."
Each customer receives private Layer 2 VLANs on which they can build compute and storage resources. Customers connect to the OpSource Cloud using Cisco AnyConnect VPN Clients or site-to-site VPN terminations. The OpSource Cloud becomes an extension of the customer's own data center, and customers can provision the same network services they have in their own data center, including firewalling, load balancing, network address translation, and multicast support. Customers can also map public IP addresses to provide public Internet access to their virtual servers.
To set up automatic provisioning, customers use OpSource's representational state transfer (REST) API to automatically start up the appropriate number of virtual machines and VLAN partitions, configure firewall properties including access control, all based on demand. The Cisco ACE module load balances traffic between servers. When traffic levels drop below the threshold, the on-demand resources are automatically de-provisioned. "Our customers pay for resources only when they need them instead of paying for resources that remain idle much of the time," says Rowell.
Several major carriers in the United States and United Kingdom offer the OpSource Cloud under their own brand, because it addresses enterprise cloud security challenges.
Elastic Services for Pay-As-You-Go Computing
The OpSource Cloud addresses the growing demand for secure cloud services for the enterprise. "Until now, enterprises that wanted to add appropriate security and enhanced networking capabilities in a public cloud had to figure out how to do it themselves," says Rowell. "With the OpSource Cloud, customers can add firewall, network address translation, VPN, load balancing, and multicast capabilities just like they can in their own data centers."
Some customers have transformed operations using the OpSource Cloud, reducing costs or enabling new business models. For example, a brand retailer uses the service to accommodate traffic bursts on its gaming site, usually about 10 hours a day on the weekend. The alternative would have been purchasing 50 new servers that are idle five days a week. "The Cisco ACE module enables our customers to securely use the cloud and benefit from high-performance burstable computing, saving more than 70 percent in amortized server costs alone," Rowell says. "And it all happens automatically, without any involvement by the customer's IT team or the OpSource team."
Another customer, a major software developer, uses the OpSource Cloud to augment its own data center. Using the Cisco ACE module and Cisco ASA Adaptive Security Appliance, the customer can extend its data center securely and privately, without exposing data or cloud servers to the public.
A SaaS provider uses the OpSource Cloud as the basis of its application load testing service. When requesting hundreds or thousands of servers to test performance, the provider uses the OpSource web interface to provision the needed compute, firewall, and load-balancing resources. When the test is complete, the resources are released back into the shared pool for other customers' use.
Support for Service-level Agreements
Using Cisco Data Center Business Advantage solutions enables OpSource to offer customers a service-level agreement (SLA) for less than 1-millisecond latency between virtual machines. OpSource also offers a 100 percent network uptime SLA, and the service has operated without interruption since its launch in October 2009.
Rowell concludes, "The OpSource Cloud is truly an extension of the enterprise data center, offering the same security services, managed the same way. The difference is that our customers get systems and networks faster than they do from their own data centers, don't have to make a capital outlay, and pay only for resources they actually use."