Evolution of Enterprise PaaS

New Technologies Evolving From Older Concepts

Concepts of Platform as a Service (PaaS) originate from shared IT services (Shadow IT model), wherein multiple tenants run applications on shared systems (local data center, under your desk…. etc.).

Over the recent years, Enterprise IT was understandably reluctant to provision business-critical applications on the cloud. Lately, I found Enterprise community retracing its conversations to unlock the larger potential of PaaS platforms and augment their existing investments in SaaS applications. With the advancement of containerized, multi-stack PaaS software, it’s worth looking at how private/hybrid PaaS can enable new ways of deploying and hosting applications within the enterprise.

saas-vendors

The Evolution of Virtualization

Before IaaS, the IT community hosted our business applications on bare metals. We would have regional data centers, full of racks, servers (dedicated OS), web servers, dedicated database servers, Routers and everything in between.

Concepts of Virtualization has evolved from IBM Mainframes tracing back to the 1960’s. Instead of running individual physical servers for each application, we spun out VMs for specific applications. Although each VMs would need to be provisioned in advance, it added the much-desired benefit of remote management and segregation of resources, while avoiding the pains associated with managing individual bare metals for each application. This provided Enterprises a way to share or spread its IT investments across multiple business applications.

As we migrated to the Cloud, this notion of virtualization has been carried forward by the vendors. NIST requires Cloud Computing Vendors/Products (NIST’S Definition of Cloud) to have the below essential characteristics:

  1. On-demand Self-Service
  2. Broad network access
  3. Resource pooling
  4. Rapid elasticity
  5. Measured Service

Note that ‘Virtualization’ is not listed as a required characteristic listed. Although many would detest this definition, we all concede that without some form of Virtualization, these key characteristics could not be delivered.

What is Virtualization?

Virtualization allows us to run one or multiple Operating Systems (guest OS’s) on top of an Host OS, while allowing hardware resources to be shared across all the guest OS’s.

P.S. – We will NOT be discussing Bare-metal Hypervisors in this post.

This often creates the misnomer that Virtualization (Hypervisor technologies) will continue to drive Paas (Cloud) adoption.

One significant limitation of Virtualization is that VMs remain tightly coupled to the underlying OS as well as to the application it hosts. This created a performance roadblock of Scaling Out these applications (as opposed to Scaling Up).

We can argue about cloning entire VMs to spin out multiple instances (e.g. VMIs on AWS or VMs on Azure). However, there are significant CPU and Memory overheads which make VMs slow to deploy and boot. Not to mention the need to boot up the Guest OS’s.

Lastly, the licensing costs associated with OS licenses for each VM (E.g. Windows). This significantly limits Dev Ops agility, which is a key benefit of adopting Platform-As-A-Service (PaaS). The need for Continuous Delivery (CD) and Continuous Deployment (CD) inherently depends on our ability to efficiently provision instances (Dev, QA, Test, UAT etc…) as needed and automating the release processes.

Enters Containerization

Containerization is an ability to virtualize the OS resources instead of the underlying hardware while it sits directly on top of the bare metal. Thereby allowing to eliminate the need for multiple OS’s for each Container.

Although, this has been a natural evolution from the roadblocks of Virtualization. But, one can trace the concepts of containerization to early 2000’s from FreeBSD Jails and eventually from Oracle Solaris’s Zones.

docker-containers-vms

Simplicity always encapsulates the complex world beneath. (Image Source: Docker Inc.)

It allowed to install a Container engine which hosted Containers to share the underlying OS. Linux Containers (LXC) predominantly has gained popularity since Docker challenged the Virtualization market. With LXC, individual applications can run within their own container (dedicated file system, storage, CPU & Memory) while sharing a common Linux kernel. Unlike VMs, there is no abstraction to the hardware.

The key benefits convincingly demonstrated so far are:

  • Speed of deployment
  • Migration of Legacy applications (does not follow Microservices architecture)
  • Density of Apps (due to low footprint of Containers)

At the time of writing this post, Windows Containers have been released by Microsoft (Hyper-V Containers). Hyper-V Containers take a slightly different approach to Containerization for stricter isolation. We can review that in a future post.

While Security around Containers has been a concern in mass adoption within Enterprises , it is being addressed aggressively. Since a common Kernel is being shared across Containers, the primary concern being addressed is in further reducing the security/attack surface area in this architecture. We will discuss security Vulnerabilities further in future posts.

Major PaaS providers, like Azure, AWS, Salesforce and others solve many of the problems we faced with environment provisioning, expensive or non-existent fail-over options for web applications and networks, costly management, barriers to continuous delivery (CI/CD/CD), and inherent technical debt. While none presents the single bullet, these companies are leading the innovation to True PaaS.

For optimal leverage, these technologies also mandate us to redefine (read rewrite) our applications to follow the principles of micro-services architecture, which has its roots in Service Oriented Architecture (SOA).

Let’s toast to 2016 and our quest for Continuous Evolution (CE?)

By Paul Sourin

Louis
More CISOs will have to deliver revenue growth to protect their budgets and grow their careers in 2023 and beyond, and a core part of that will be getting multicloud security right. It’s the most common infrastructure strategy for ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Stacey Farrar
Modern Auth and Exchange Online Migrations Microsoft has phased out Basic Authentication (Basic Auth), replacing it with Modern Authentication (Modern Auth) to provide increased protection and user security. Through this, Microsoft has turned off Basic ...
Anita Raj
Coronavirus and Telemedicine Technology COVID-19 has brought the world to a near standstill. From NBA to Met Ball and Coachella, all major events and festivals are canceled. Disneyland is shut and movies are postponed. Flights ...
Security Breach 10 Useful Cloud Security Tools
Cloud Security Tools Cloud providing vendors need to embed cloud security tools within their infrastructure. They should not emphasize keeping high uptime at the expense of security. Cloud computing has become a business solution for ...
Patrick Melampy
Cloud On-Ramp and Protecting Performance The expansion of remote work and the massive growth in usage of cloud-based applications have stressed existing infrastructure and put a keen focus on the performance of everyone’s network environment ...
Frank Suglia
Migrating Microsoft Office 2013 As of April 11, 2023, Microsoft will stop supporting Office 2013. The decision to end support for Office 2013 should come as no surprise. Over the past several years, Microsoft has ...
Hair Loss.png
David Fletcher Blown Image
Twitbook.png
The Manuscript.png

PLURALSITE

Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 

(ISC)²

(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.

CYBRARY

CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.