Easy Infrastructure as a Service (IaaS) : Setting up Enterprise Private Cloud - Eucalyptus

Usage Scenario:

During many phased of SDLC, there is a need to create hardware and software environments repeatedly to perform development, integration testing, system testing and user acceptance testing. This repeated deployment of hardware and software takes lot of time and eats into the bandwidth of today’s delivery organization to focus on the core responsibility of delivering tested application.

Delivery organization also needs to provision and re-provision hardware and software for ever increasing requirements of development and testing in addition to the resources. Also, setting up of separate hardware and software takes time as well as prone to configuration errors. Plus, separate hardware installations consumes space which is at a premium.

Solution:

The solution to above mentioned usage pain points is to setup private cloud. Eucalyptus, an open source private cloud provider provides software that can be deployed to setup private cloud within the organization’s internal premises.

Eucalyptus is software that implements scalable IaaS-style private and hybrid clouds. Eucalyptus implements the Amazon Web Services (AWS) API which allows interoperability with existing AWS-compatible services and tools.

The Eucalyptus private cloud brings following capability to the organization:

·        Standardization of virtual machines appliance. This means that a standard stack of operating system, web servers, databases are pre-grouped as a set and can be deployed on demand by the internal users of the organization.

·        Elimination of configuration errors while creating consistent development and test environments in terms of hardware and software configurations

·        Significant savings on cost for space and time to deploy the infrastructure

·        The deployment requests can be automated using a workflow and charge mechanisms can be created for the inventory of software and hardware for various departments within the organization.

Eucalyptus private cloud architecture:

The above diagram shows different components that make a Eucalyptus cloud cluster. The components are Cloud Controller, Walrus, Cluster Controller, Node Controller and Storage Controller.

The Cloud Controller provides Amazon Web Services like interface to control and manage the cloud. Walrus component is similar to AWS S3 storage and provides bucket like storage to user of cloud. Cluster controller manages the network of nodes in the cluster and storage controller manages AWS EBS kind of storage for the cloud. Every node in the cluster will be required to install Node Controller to manage each node and interact with the Cluster Controller.

Typical Configuration:

If you want to tryout the feature of Eucalyptus private cloud, you can create a 2 machine cluster as a minimum.

You can deploy a typical Eucalyptus installation in a 2 machine configuration. The components Cloud Controller, Walrus, Cluster Controller and Storage Controller reside on one machine. The other machine will contain Node controller.

Both the machines have Server Operating System as Ubuntu 10.04. The Ubuntu OS has option to deploy private Enterprise Cloud. The installation steps are given in the references section.

Conclusion:

Private Enterprise Cloud will change the way in which the computing is currently done in the Enterprises as well as Delivery organizations.  Private Enterprise Cloud brings flexibility in configuration management and deployment management. Coming quarters will see significant adoption of Private Enterprise Cloud as the de-facto platform for infrastructure management or Infrastructure as a Service(IaaS).

References:

(1) https://help.ubuntu.com/community/UEC/CDInstall

(2) http://open.eucalyptus.com/wiki/EucalyptusAdministratorGuide

 

Elastic Beanstalk : Amazon’s revolutionary approach to Cloud configuration management

Introduction:

Amazon recently announced an addition to their service portfolio  - Cloud Beanstalk. This service is as if it is magically simple to deploy application to the cloud. This simplicity is revolutionary approach from Amazon.

Usage scenario:

Cloud among other things promises scale up/scale down of hardware and software infrastructure. This means that cloud providers like Amazon (who are trend setters in the IaaS space) can appear as infinite source of hardware and software for cloud hosting service users.  However, all this infrastructure management can appear daunting to users who wants to deploy a typical JEE web application.

This is because of the fact that IaaS stack includes management of load balancers, security, firewall configuration and auto scale configurations. Beanstalk turns all this into bliss by simplifying the whole deployment and configuration management on Amazon Web Services.

Here’s what happens:

The application developer converts the web application into a WAR file and then selects the Amazon Beanstalk AMI. Then uploads the web application onto the instance. The entire groundwork of configuring load balancer, EC2 instance and Autoscaling configuration is managed by Amazon Beanstalk service in an integrated fashion. After uploading the application, it will be available in 5 minutes and can be accessed at http://myapp1.elasticbeanstalk.com.

What this means for you:

You can use the AWS toolkit which can be downloaded from the Amazon Web site. This tool provides IDE features to develop the JEE application on Tomcat server. The Amazon beanstalk AMI consists of Apache Web server, Linux OS, Tomcat Server. Amazon has plans to introduce IBM and Oracle stack at a future date. For now, you can design, develop and implement your web application inside a comfortable IDE like Eclipse which works directly with Amazon Beanstalk and can deploy on / configure cloud infrastructure.

This means that you can focus on your core responsibility of design, development and testing of your JEE web application deliveries.

What to watch out for:

You can watch out for SOA integrated AMIs providing  Amazon Beanstalk service for popular stacks from IBM and Oracle. This will mean that application developers can focus on working and building their application and can leave the complicated IaaS configuration tasks to Amazon Beanstalk service.

For more information and further reading:

http://aws.amazon.com/elasticbeanstalk/

Apache Directory Service – LDAP - Tutorial

Apache Directory Service – LDAP - Tutorial

Apache Directory Service is an Open Source Java implementation. It implements LDAP (Light Weight Directory Access) protocol. It listens to client requests for directory service, and allows for storing application data (including runtime Java objects) in Apache Directory Service.

What is a Directory Service ?

A directory service is a service that exposes API to store and organize data. Generally, this data is not frequently updated like user data in a organization. User data consists of attributes like, name, designation, role, telephone number, email, etc. All this data can be stores in a directory service in an organized fashion. A directory service also provides query interface API to query this data by different applications.

What is LDAP ?

Acronym LDAP stands for Light Weight Directory Access Protocol. LDAP defines request and response messages for directory operations. Directory operations include CRUD operations on data that can be stores in the directory.

The LDAP request to store new data in the directory is called a bind message. A bind message saves user data in the LDAP directory.

LDAP stores data using DN. DN stands for Distinguished Name. DN is unique throughout the LDAP directory interface. LDAP allows for search of data using DN.

Installation of Apache Directory Server:

For my evaluations, I have used Apache Directory Studio. It can be found here - http://directory.apache.org/studio/downloads.html

Apache directory studio contains embedded LDAP server as well as LDAP browser. However, I have also used another tool called Jxplorer. It can be found here - http://jxplorer.org/

What are the objectClasses in ApacheDS?

The following screenshot shows the person class and it’s attributes in the Apache Directory Studio.

The screenshot shows person class and it’s attributes. There are certain attributes that are mandatory and certain attributes that are optional. The attributes cn and sn are mandatory attributes for person class.

What are the types of objectClasses ?

There are three types of object classes : abstract, structural, and auxiliary.  All objectclasses extend from a class called top. So, top is an abstract class. In above example, person class is demonstrated which is a structural class. Auxiliary class extend from structural class and are meant for specific user purpose. For example, organizationalPerson class.

What are attributeTypes?

The following screenshot shows the common name attribute in the Apache Directory Studio.

There are several fields that make up the cn attribute. One of them is EQUALITY. EQUALITY specifies a search value when a search criteria is given. The default value for this field is caseIgnoreMatch. Using this attribute during the search operation means that when a person is searched, it will be case insensitive.

How to add data to LDAP ?

I will show you how to add data to the LDAP. Go to the users branch and click New. Select values as shown in the screenshot below.

The following screenshot shows 2 users under the Users tab.

How to serialize Java Serializable class to LDAP server?

Given below is the sample source code for MessafingPreferences class which is serialized and stored as preferences for the user Alice Shaw.

Here’s the code:

package com.server; import java.io.Serializable; public class MessagingPreferences implements Serializable {       static final long serialVersionUID = -1L;                   /**        * @param args        */       public static void main(String[] args) {             // TODO Auto-generated method stub       } }

package com.server; import java.io.FileInputStream; import java.io.InputStream; import java.util.Properties; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; public class Preferences {                   public Preferences(){         try {             InputStream inputStream = new FileInputStream( "preferences.properties");             Properties properties = new Properties();             properties.load(inputStream);             properties.setProperty("java.naming.security.credentials", "secret");             DirContext ctx = new InitialDirContext(properties);             MessagingPreferences preferences = new MessagingPreferences();             String bindContext = "cn=preferences,cn=AliceShaw,ou=users";             ctx.bind( bindContext, preferences);         } catch (Exception e) {             System.out.println("Operation failed: " + e);         }                   }       /**        * @param args        */       public static void main(String[] args) {             // TODO Auto-generated method stub             Preferences pr = new Preferences();       } }

Here’s the properties file:

java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory java.naming.provider.url=ldap://localhost:10389/ou=system java.naming.security.authentication=simple java.naming.security.principal=uid=admin,ou=system

The above 3 files are required on the Java client side to interface to the Apache Directory Server.

After running the source code, the user Alice Shaw has preferences branch which stores the MessagingPreferences class.

How to search for a particular user inside LDAP directory server?

The following code example demonstrates how to search for a particular user in the Apache Directory Server.

package com.server; import java.io.FileInputStream; import java.io.InputStream; import java.util.Enumeration; import java.util.Properties; import javax.naming.NamingEnumeration; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; import javax.naming.directory.BasicAttribute; import javax.naming.directory.BasicAttributes; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.directory.SearchResult; public class SearchUser {                 public SearchUser() {               try               {                   InputStream inputStream = new FileInputStream( "preferences.properties");                   Properties properties = new Properties();                   properties.load(inputStream);                   properties.setProperty("java.naming.security.credentials", "secret");                   DirContext ctx = new InitialDirContext(properties);                             String searchContext = "ou=users";                   Attribute cn = new BasicAttribute("cn");                   Attribute objclass = new BasicAttribute("objectClass");                   cn.add("AliceShaw");                   objclass.add("person");                   //Instantiate an Attributes object and put search attributes in it                   Attributes attrs = new BasicAttributes(true);                   attrs.put(cn);                   attrs.put(objclass);                   NamingEnumeration ne = ctx.search(searchContext, attrs);                                     if (ne != null)                   {                       while (ne.hasMore()) {                           SearchResult sr = (SearchResult) ne.next();                           String entryRDN = sr.getName();                           Attributes srAttrs = sr.getAttributes();                           if (srAttrs != null) {                                for (Enumeration e = attrs.getAll() ; e.hasMoreElements() ;)                                {                                     Attribute attr = (Attribute) e.nextElement();                                     String attrID = attr.getID();                                      System.out.println("Attribute Name: "+attrID);                                     System.out.println("Attribute Value(s):");                                     NamingEnumeration e1 = attr.getAll();                                       while (e1.hasMore())                                          System.out.println("\t\t"+e1.nextElement());                                }//for()                           }//if (srAttrs)                       }                   }//if (ne != null)                                      } catch (Exception e) {                   System.out.println("Operation failed: " + e);               }           }                   /**        * @param args        */       public static void main(String[] args) {             // TODO Auto-generated method stub             SearchUser su = new SearchUser();       } }

The above code sample gives following output:

Attribute Name: objectClass Attribute Value(s):             person Attribute Name: cn Attribute Value(s):             AliceShaw

The above code shows that using LDAP API, and the Apache Directory Service, previously stored data can be searched and retrieved.

Conclusion

This kind of mechanism can be easily used as a User management and authentication mechanism for enterprise applications. Users can be stored in the Apache Directory Server and enterprise applications can connect to the LDAP server and authenticate and authorize the server.