Archive for Cloud

#SAPAdmin or #DevOp – either or both

/ May 21, 2012 / One comment

My last blog post explored my desire to increase my skill set to become more of a DevOp to help me to support current systems and also the new hybrid architectures which are entering our workplaces. I started a 2nd post to describe to people unfamiliar with DevOps what it is and what it is not – during the post I realised that I should really be describing in terms of #SAPAdmin, hence the title.

#SAPAdmin was 1st described, as far as I am aware, by Tom Cenens as a way of connecting the various Administrators within the SAP community – by reputation we are not the most social of bunches in the world :-). Although it is a great idea, I know that it has not seen as much traction as either Tom, Martin English and I would have liked.  I think that part of the problem has been a lack of direction in terms of what it stands for, and I feel that using the core concepts of #DevOps – we can bring that direction and purpose into the #SAPAdmin  ethos and provide a more coherent entity for admins to get behind.

So lets get stuck in with a quick breakdown of what #DevOps is and what it is not

1.  DevOps is noun which describes a person and a philosophy/methodology of supporting an IT landscape.

As a person, it is an individual who understands both infrastructure and code to enable them to support their applications and also bridge the gaps created by support silos.

As a methodology, it aligns itself with Lean and Agile and so embeds with the smaller team and faster deployment model of projects as opposed to the traditional waterfall life cycle support model.

2. DevOps has a useful memonic – CAMS

  •  Culture – this is critical to the whole thing, the culture of the participating teams must embrace openess
  • Automation – Why spend an hour on a daily task when you can spend two and have the results e-mailed to you every day
  • Measurements – how can you improve if you do not measure, everything!
  • Sharing – why write a script to check if your SAP system is up, go on the internet and find one. If one does not exist, then write it – but you MUST put it on the internet for others to find, pay it forward.

3. DevOps is not about just automation

Although automation plays a massive role in DevOps, through it’s emphasis on Event processing, KPI measurement etc… The real benefit in DevOps is for people to bridge the gaps in the Silos, something Basis admins/consultants traditionally do very well. This does however exact a price upon the practitioner, the requirement to keep learning and keep applying what they have learnt – it does not, will not and cannot stop.

4. DevOps is not a job title

DevOps is way of thinking and working, through sharing and collaboration you and the teams you work with create a culture that brings the best from yourselves and because you share as a team, it enriches the ecosystem in which you work.

5. It is not handing Developer keys to Basis admins, or giving Root access to developers

We each have a skill set with strengths and weaknesses, a DevOp is a person who is an all rounder with most technologies and is able/willing to work in the grey areas to get the work done. So Developers do not usually get Root access without a good reason or the proven ability to actually be trusted. Similarly a Basis admin does not get the right to deploy code to Production for the same reasons and the same validation requirements. DevOps work in the grey spaces between the silos

6. DevOps is not an end run around IT

DevOps is not a way for guerilla IT to enable people to bypass process, I would say that the use of measurement and automation enables IT departments to make better use of it’s information in Structured and Unstructured data sets to create things like Change controls and documentation. You know the things that are necessary to run a good solid service, that take forever to create and get approved and then never really get updated again. DevOps uses the principles of Lean and Agile applies them to process and documentation.

7. DevOps is not a reaction to a technology problem but a business problem

DevOps enable businesses and core IT to move faster in implementing and support technology/applications as quickly as Agile projects deliver them. This is absolutely vital in this age of outsourcing, a good solid DevOps team can run and support a service for a client ensuring that the contextual information that so often gets lost when working remotely is maintained.

We have all seen SAP embrace and encourage the principles of Lean and Agile, providing accelerators and advice to adopters. I believe that this is a great time to start to apply the lessons our organisations have learnt in terms of Agile and Lean projects to our staid and overly complicated silo’d support structures.

As DevOps we have a massive advantage over other software/systems administrators – we have 2 products that are open, extensible, stable and free to build a DevOps service around

  • Solution Manager 7.1 – the structured data component of the landscape providing all measures and KPIs and something which can be closely aligned to the business and it’s processes
  • SAP Streamworks – the collaboration tool which through Web Services can/should be able to be extended to work with Solution Manager

Let me know what you think of applying the concepts of DevOps to the SAPAdmin community

Reference Links

What is the DevOps thing anyway

What Devops means to me 

 DevOps and Agile Operations

What DevOps is not

FacebookDeliciousPosterousDiggTwitterStumbleUponShare
Category: Cloud, DevOps, Interesting, Lifestream, SAP /

Yet again Amazon Web Services deliver on their promises

/ January 11, 2012 / No comments

Today I found that a product I have been hearing whispers and rumours about and was trialled in the US last year is finally with us in the UK, network connectivity using private circuits into specific telecoms centres.

This is a great development as produces 3 main effects

1. Reduced network costs out of AWS, which is valuable for applications with high data requirements

2. More consistent performance for Internet based applications

3. Increases connectivity options for companies that have security policies which do nt allow VPN connections to Cloud services

For me as a consultant for a large SI, this additional connectivity option is a major plus when talking to customers, some of whom have security policies which forbid connections to the Cloud.

The service is not available through the AWS Management Console, an application must be made in a form to AWS – I have no idea how long this process with take, but as it involves actual people I know it will move at the normal speed of Cloud!

Personally I am looking forward to my next partner briefing and hopefully getting a demonstration of this product. In the interim, AWS need to be getting some good collateral out to customers and partners – traditionally AWS have not produced brilliant documentation 1st time out and a service like this needs good solid documentation as it will be used to convince the unconverted.

AWS – I am looking forward to seeing this product in action and implementing it, give us the tools and the documentation to convert the unconverted to use your services.

 

 

 

 

FacebookDeliciousPosterousDiggTwitterStumbleUponShare
Category: Cloud, Lifestream, SAP /

Why I am learning to program (again)

/ January 10, 2012 / No comments

Well it is the 2nd week in January and for some people the New Years resolutions are slipping, but for many of us there is 1 resolution I hope is not slipping and that is the massive challenge set by many organisations like CodeAcademy to learn a new computer language this year.

I made the decision upon my return from TechEd in November to learn 2 new languages - Ruby and C#. The turning point for me was I suppose threefold

1. I wanted greater flexibility in managing my Cloud environments – I knew VBScript and could use that, but I fancied a little bit more of a challenge. Ruby is a flexible, powerful and concise scripted language, it is also cross platform which helps!

2. I had an idea for a Kinect application for Solution Manager, the SDK for the Kinect uses either C++ or C# so I needed to use one of them

3. Being able to interact with the vast world of web services and APIs to do things in a more structured and less manual way

I would put Owen Pettiford great blog on why “Developers are the new king makers” – a great blog with a powerful message.

I picked 2 languages, Ruby and C# because they are both important in the wider world and because they are fundamentally different.

Ruby is a Scripting language, which means it is compiled at runtime, meaning that changes can be performed between executions without needing to be recompiled. It is a very lightweight and scalable language, which when used as Ruby on Rails is the basis of many web applications. So through knowing Ruby and some Rails, I would be able to interact programmatically with many web sites, web services and APIs. Importantly, Ruby is considered an Edge component of SAP PaaS platforms, so knowing Ruby would help me to take advantage of PaaS services.

C# is a compiled language, which means that it is compiled at design time and often runs faster as the compilation overhead is removed. C# is a Microsoft language which forms a key part of the .Net framework, as Microsoft is a major SAP partner and many external interfaces and user interactions are through Microsoft – eg Duet Enterprise, Sharepoint, BizTalk. Knowing C# would help me to adapt and understand many of the new technologies coming from SAP and Microsoft – like the Kinect. C# is also not that far removed from Java, so any delta training required should be a little easier.

I know I would struggle to learn two languages at the same time and do my day job, so I have concentrated on Ruby as it appears to have a faster pay off to effort ratio – which will keep me interested and also provide me with value which I can put back into my day job. It will also get me back into OO programming, something I have not looked at since my Computer Graphics days in University.

Hopefully many of you are also taking on the CodeAcademy challenge to get t grips with programming, and I hope you succeed at it because there is a world of data out there. Human beings are producing more data in 1 year than previously existed in all the combined previous years. So being able to work with it, manipulate it and use it to do amazing things is paramount to not being held hostage by others who can do it.

FacebookDeliciousPosterousDiggTwitterStumbleUponShare
Category: Capgemini, Cloud, Lifestream, Project Stuff /

SAP in IaaS Cloud environments – why are they so difficult to manage

/ October 30, 2011 / No comments

Having worked with SAP landscapes in various IaaS platforms, I have come to a disturbing conclusion – they are damn hard to keep control of and manage on a medium to long term basis. This has become something of an elephant in the room for many of us Cloud evangelists, but I feel that it is something that must be addressed in order to allow Cloud environments to progress from great finite lifespan systems to systems that are fully integrated into normal landscapes. discussed below are some of the major challenges that can effect Cloud projects/implementations.

Flexibility

It is one of the biggest selling points of IaaS environments is the level of flexibility that they provide. Through this flexibility, we have the ability to do things like

  • Cloning systems – creating clones of systems is as easy as a few mouse clicks, similarly creating instances from these clones is just as easy. This is a double edged sword as creating snapshots of instances requires additional storage, which needs monitored, managed and paid for. By creating a clone, we have doubled the amount of resources being used, if we then create an instance from that clone, we have now tripled the amount of resources being used. As you can see it is very easy to increase the amount of resources being charged for by the IaaS provider.
  • Allocate new infrastructure – creating/allocating new infrastructure is deceptively easy, this is because although it is easy to create an additional 100Gb volume – it requires discipline/processes to make sure it is labelled and catalogued properly to ease administration. The diagram below shows the nightmare that can be unleashed through a lack of discipline.

Volumes_No_Details

 

The graphs below show the growth month by month of the number of volumes against the number of servers of an implementation I managed recently. In July and August, the system was implemented and stable, in Sept it underwent some DR testing which increased the number of servers and the number of volumes. Despite this testing being complete in October, the number of volumes has not returned to the baseline, in fact it is not even close – even though the number of servers has dropped to baseline.

 

The graph below shows in more detail the spread between those volumes which are Available and those In-Use, this confirms that in October the number of volumes which were not attached to servers increased. This indicates that although the servers were terminated, people are not deleting the associated storage – because “you never know if you’ll reuse it”.

  • Create new snapshots – snapshots are the “get out of jail free” card of data backups, most IaaS platforms have native snapshot capability which can be used as a replacement for normal backup applications. Although these like backup media need to managed and aged properly to make sure that backup snapshots do not become en exponential mess. Like the diagram above, this ease of creation means that people performing any changes will snapshot a volume ‘just in case’ something goes wrong.


 

Security

Security has been and continues to be a worry for some on IaaS platforms, and in my opinion a little unfairly.  Many service providers provide deep and granular controls of their services, for example Amazon has the IAM, which provides granular security. Within the AWS platform, each user gets a log on for the AWS console as well as an X509 certificate for signing web service calls. This X509 certificate can be used by any 3rd party application or service and maintains the permissions defined by the IAM. Often people focus on the platform security issues without talking about the security of the OS and application layers, it is easy to hypothesize why this might be the case and many articles have been written to compare IaaS security with on-premise security. Due to the self-service nature of IaaS providers, their desire to make security as easy as possible and the “Jack of all trades – Master of none” approach taken by many IaaS practitioners, it is understandable why companies and people are wary of it. In order to provide good assurances, IaaS platform security must provide auditing and inspection of configuration using existing deployed toolsets, otherwise the security which is not transparent will never be fully trusted. 

Operations

In order to move IaaS landscapes from temporary/finite systems to systems that are properly integrated into landscapes, they need to be able to be managed in the same way. This includes tasks like –

Backups – although it is possible to use the native snapshot ability on data volumes, this is not a great solution. This is because ageing the snapshots is difficult but not impossible, take a look at a service called Skeddly.com, this allows you to age and delete snapshots on a scheduled basis. For many operations people, using a proper managed and integrated backup product is still the right way to go.

Startup/Shutdown – in order to achieve the savings quoted by many people, systems should be run only for the periods for which they are required. This means that instances need to be started and stopped according to a defined schedule, for example my own template systems run between 6am and 10pm. In order to achieve this something needs to run the start and stop scripts, two options exist

  1. Run a single instance 24*7 to run command line tools to start and stop the other instances – this goes against the principle of what we want to achieve but it can be used for other purposes as well.
  2. Use a web based service to start and stop the instances remotely, for me this is an attractive option and I have used a service called Skeddly.com to perform scheduled actions on my AWS EC2 landscape.

Management tools

The biggest bug bear I and anyone I have spoken to has, is the lack of a toolset which captures and enables system owners and maintainers to quickly and easily find out how every resource is connected and utilised. All the information is present in every management interface provided, but in every one of them I have used, all the infrastructure components are on different pages – see the diagram below.

 

Combined_Infrastructr_categories

As you can see from above, I can see the status of all my instances, but if I want to see all the volumes attached I need to go to a different page. This assumes that I have correctly populated the Meta-Data tags from the instances page so I can determine what each volume is attached to (see volume storage nightmare picture above)

Several people have suggested a number of applications like Chef or Puppet, which I have not had a chance to deploy as they are quite outside my core area of expertise – but I do know that Rightscale uses Chef to manage customers’ infrastructures.

Ultimately, Cloud environments will always walk the fine line between flexibility and uncontrollability. This is simply because if it was easy to provide a simple, flexible and controllable service all host providers and data centres would have them. In order to maximise the benefits of IaaS, there needs to be a clear consensus between the business and IT to define what they want from each system. This will enable IT to create a flexible wrapper round these systems to provide solid management without too much overhead. The really good IT departments will drive this work themselves and automate as much as possible so they can drive their own efficiencies whilst still serving the business. The explosion of IaaS services is partly because businesses got tired of IT departments telling them ‘No’ or it’ll take 4 weeks to create that 10Gb volume.

FacebookDeliciousPosterousDiggTwitterStumbleUponShare
Category: Capgemini, Cloud, Lifestream /

Landscape and Virtualisation Manager concerns

/ October 26, 2011 / No comments

 

Last week I received some disturbing news about the license model of the new Landscape and Virtualisation Manager (LVM) which is entering Ramp-Up in November, before I get to the news I received lets look at what the LVM is.

The LVM is a new product from SAP which is the replacement for the Adaptive Computing Controller (ACC), the new LVM has increased capabilities over and above the ACC – for example the LVM has the ability to script and execute system copies automatically, it has dashboards and lots of management capability of physical, virtual and (hopefully soon) Cloud environments.

The LVM is, for me, one of the most exciting SAP products coming out in the next year, it effectively ‘closes the circle’ of the SAP technical administration tools – Landscape Management Database, SMSY (System Landscape) and System Landscape Directory.

 

LVM_Pic

 

By ‘closing the circle’ in terms of Technical administration I mean, the ability to have multiple sources of information cross-feeding each other efficiently providing a single version of the truth for each of the administration applications

LMDB – Analogous to the SLD, it provides many of the same functions and synchronises directly with SMSY

SLD – Provides information on each registered system, providing software component and patch levels.

SMSY – This is the central hub of all information in Solution Manager, everything that is associated with a system gets it’s information from here

LVM – Provides dashboards, control capabilities for instances like start/stop or relocate

 

image

During Teched Bangalore, a colleague of mine was attending a Virtualisation session, during this session it was mentioned that the LVM will be a licensed product and will not be provided as part of the SAP license like Solution Manager. This to me was a vey strange statement as it was always my understanding that the LVM, like the ACC would be provided as part of the SAP License and would be available to all for download. For me, not providing it in this fashion would be a bad idea for the following reasons

 

1. No-one will use it.

The ACC has taken many years to get to where it is today, and it is a far more useable product in the last 2 versions that it ever was before. Still there has not been great uptake for it with customers, again for a number of reasons (integration with SolMan being one of them), but at least the ACC was free, this encouraged people to use it, even if was a skunk works project by the Basis team after seeing it demonstrated. If you make people pay for it, and get the price wrong then you alienate your market. Also how do you really quantify the ROI in saving the Basis team nearly an hour when doing a kernel upgrade across 15 servers. SAP have been promising for years to make administration easier to reduce TCO etc…, now that they have delivered tools like Solution Manager 7.1, the LMDB and the LVM, those statements have never looked so attractive or achievable.

 

2. It will not function within the partner ecosystem

One of the key selling points for LVM is both the extensibility of the product to link up with different infrastructures (see top diagram), it will not replace your Tivoli or HP equivalent, but work with them in a push/pull fashion. Partners will provide good resources if there is a demand from customers, they will just provide plain resources if it’s contractual. If no-one uses the product, then SAP can expect to see poor partner development of add-ons for the product which would make it a killer application.

 

3. Value proposition disappears

One of the many things that SAP have touted within the LVM is the ability to run system copies and refreshes, for this capability there was an expectation of paying for a license – which was reasonable. The main value proposition is that by using LVM, and with it’s tight integration into all the landscape management components mentioned above, the whole management of the pre, during and post tasks was infinitely simpler. If the whole LVM incurs a license fee, and the partner ecosystem falters, then the 3rd party tools, which handle more than just SAP start to look attractive again and SAP will have developed a smart application which no-one uses.

 

Today I have a call with SAP to get to the bottom of this and hopefully I will be happy, although probably under NDA so will not be able to write about it until ramp up. Regardless of what SAP are going to do with the product, I would strongly urge you to look at the product – it is a great piece of technology and does ‘close the circle’ on technical administration. If SAP treat it right and nurture both it’s partners and the ecosystem, then LVM can grow into a cornerstone product for SAP applications, if SAP treats it’s customers as a way to make a fast buck out of licenses then SAP will have wasted both money and brownie points with the #sapadmin community. SAP will have pods for the LVM at Madrid and also check out session TEC120 for more information.

 

 

FacebookDeliciousPosterousDiggTwitterStumbleUponShare
Category: Capgemini, Cloud, Lifestream, SAP /
 

Switch to our mobile site