Enterprise Cloud Architecture Best Practices
Introduction to cloud service models – IAAS, SAAS, PAAS.
Best practices for enterprise cloud service architecture, with a focus on Western companies operating in the China market.
Comparison of Azure and AWS from cost and feature perspective.
Cloud Service Best
Table of Contents
•Cloud computing service models: IaaS, SaaS, PaaS
•Cloud Service Providers Overview
•Cloud Service Price Comparison
•Running and Scaling Software in the Cloud
•China Firewall Considerations
•Cloud Migration Recommendations
Cloud computing service
models: IaaS, SaaS, PaaS
Traditional IT Infrastructure Model
The traditional model of providing service to the business: purchase hardware and license or
build software to provide services to support business operations.
◦ Low asset utilization
◦ Fragmented demand for resources
◦ Duplicative systems
◦ Long procurement lead times
SAAS: Software as a Service
A cloud application service provider manages an application which provides services to the
business. Application typically accessed using a website only.
SaaS Examples: Google Apps, Salesforce, Workday, Concur, Citrix GoToMeeting, Cisco WebEx
Common SaaS Use-Case: Replaces traditional on-device software (email client)
PAAS: Platform as a Service
A platform which can be used by other applications. Used as a framework to develop or
customized applications. The provider manages OSes, server, storage, networking, and the PaaS
platforms. The developers are only responsible for their own applicatyions.
PaaS Examples: Amazon Web Services: AWS Elastic Beanstalk, AWS S3, AWS RDS, Google App
Engine, Apache Stratos, Amazon AMIs (pre-packages VMs)
IaaS: Infrastructure as a Service
A self-service platform for accessing, monitoring and managing remote datacenter
infrastructures. Instead of having to purchase hardware outright, users can purchase IaaS
based on consumption, similar to electricity or other utility billing. Compared to SaaS and PaaS,
IaaS users are responsible for managing applications, data, runtime, middleware, and OSes.
Providers still manage virtualization, servers, hard drives, storage, and networking.
IAAs Examples: Amazon EC2, Microsoft Azure, Google Compute Engine
Comparison of IAAS, PAAS, SAAS, with
Google as example
IAAS : Google Compute Engine (One can develop programs to be run on high performing
google’s computing infrastructure)
PAAS : Google App Engine (One can develop applications and let them execute on top of Google
app engine which take care of the execution)
SAAS : Google Search, Gmail, Google+ etc
Recommendation #1: selecting a cloud
service model for new projects
1. Try to find a SAAS service that provides all needed features and avoid any custom
2. If custom development is required, use PAAS infrastructure and allow developers to focus on
business logic instead of building architecture.
3. If the project requires hosting applications in a dedicated virtual machine, use IAAS
4. Prefer to use services offered by cloud service providers instead of hosting the same service
Cloud Service Provider
• AMAZON WEB SERVICES
• AMAZON WEB SERVICES CHINA
• MICROSOFT AZURE
• MICROSOFT AZURE CHINA
Amazon Web Services:
•World’s largest Iaas and Paas provider, by far
•Building block for many SaaS platforms
•Offers “Broad & Deep Core Cloud Infrastructure
•Strong support from SDKs and third party services
Sample media hosting application in AWS
• EC2 for Web Website
• RDS for SQL Server DB
• S3 for Media Storage
• CloudFront for CDN
• SES for Email Notifications
• Route 53 for DNS
• Elastic Beanstalk for configuration
Could also use:
• Elastic Transcoder for media encoding
• Lambda for web services
• SQS for media processing pipeline
• S3 for website
Amazon Web Services – China
Operated by China Net Center
Subset of services provided
by Amazon global.
Microsoft Azure – Global
•Cloud services from Microsoft.
•Deep integration with Microsoft products
•Web/Mobile Apps(HA & Scalable & Schedulable, .NET + PHP + Node.JS)
•Virtual Machines (Windows/Linux)
•Microsoft SQL Server (2014 and 2016)
•Storage (Blob, Hash Table, Queue)
•HDInsight (HADOOP, HBASE, STORM)
•Active Directory Integration
•Scheduler (Scheduled Tasks, supporting any script and exe)
Microsoft Azure China
Operated by 21vianet
Subset of services provided
by Azure global.
Aliyun (in Greater China)
•Most popular Chinese
•Has a reputation for being
unreliable (several outages in
the last few years).
•Imitates Amazon Web
•Hosting only available in
Aliyun services – translated
SDK Overview from Amazon, Azure, Aliyn
•Amazon .Net SDK:
• Amazon has rich SDKs for all platforms, integration with Visual Studio.
• SDKs for all platforms and deep Visual Studio integration.
•Aliyun .Net SDK:
• Support seems minimal. The .Net SDK is a 404, and other PHP/python languages have basic SDKs.
•Azure/AWS China support:
• Azure CN does not have support for the China region, although some or most of the SDK can be used by
overriding the SDK class.
• Amazon CN has (as of 2015) full support for the China region.
Cloud Service Price
Three products are compared:
1 Compute Unit (1 core, 2gb memory)
1 GB storage per month
1 GB data transfer
Prices for sample cloud services
Third Party Comparisons
Pricing of a sample application in
•Windows t2.medium VM
•1 TB S3 Data Storage
•250GB external data transfer
•1 SQL Server RDS DB with 250GB
•Basic Support Plan (Free)
Pricing of a sample application in Azure
Service Type Amount Price(USD) Description
Windows VM Basic M 1 133.92
2 x 1.6GHz
Storage Block blob 1 24.58 1024GB
SQL Server Standard S0 1 15.03 Size: 250GB
Data Traffic 0 5TB FREE
• CDN is not included.
• Basic FREE support is included.
Pricing of a sample application in Azure
Service Type Amount Price(CNY) Description
Windows VM Basic M 1 818.4
2 x 1.6GHz
Storage Block blob 1 609.28 1536GB
SQL Server Standard S0 1 130 Size: 250GB
Data Traffic 1 180
1TB Free +
• CDN is not included.
• Basic FREE support is included.
Cloud Services Pricing Summary
•Each cloud service provider has a unique bundle of services and pricing model. Different
providers have unique price advantages for different products. Provider selection should be
based on a typical application mix for our business.
•Azure may have a price advantage over Amazon when using cloud-optimized architecture based
on Microsoft products
•Softlayer, Digital Ocean, and Google Compute all have better prices than bost for various
scenarios, especially Windows VM, but offer fewer services.
•Chinese versions of Amazon and Azure are cheaper, but have a subset of core services.
•Aliyun has the best prices, but is not known for reliability and requires a China-specific
•Cost is just one of many criteria for choosing a provider! No provider has a decisive advantage
for all scenarios.
Recommendation #2: Pricing
1. Use the pricing calculator offered by each provider to estimate total application cost for
specific applications. Keep in mind cloud-optimized architectures may have a much lower
cost. (For example, compute functions instantiated on-demand, auto-scaling, etc.)
2. Amazon and Azure have higher pricing than most other providers, but offer many more
services, which can improve developer productivity and lower maintenance costs.
3. Do not make pricing the primary consideration in provider selection unless the cost
difference is critical to businesses requirements. In general, major service and quality
differences between providers are more important than pricing considerations.
4. Developing deep expertise and service integration with a cloud provider is usually more
important than cost differences for individual projects.
Amazon Web Services
vs Microsoft Azure
Recommendation #3: Provider Selection
•Durability: guarantee against data loss: redundant storage and low-cost multi-availability zone
•Availability: uptime guarantee and SLA terms
•Performance: up to date hardware and baseline network performance (SSD by default, latest
Xeon CPU, gigabit LAN, etc)
•Capacity cost: cost per storage/computing unit
•Monitoring: pro-active, built-in, automatic long-term monitoring tools
•Life-cycle management: configuration/deployment automation
•Enterprise integration: Virtual Private Cloud support, Active Directory integration
•China compatibility: services should be available in China region
(Gartner provides 205 individual criteria for Cloud IaaS selection)
Gartner Magic Quadrant
AWS vs Azure Service Comparison
•Amazon Web Service and Microsoft Azure are the only providers offering a broad and deep
•While they have a similar product line up, some patterns emerge:
•Amazon offers more services, more powerful features for scalability, security, and open-source
products, better support from third party products and services
•Azure offers deep integration with Microsoft products, which provides some cost and
productivity benefits for Microsoft-stack-based cloud-optimized SAAS applications*.
•So far, China Azure has been more proactive than Amazon in introducing features from Azure
Global to China. However both platforms are new to China, so this may change.
•Independent reviews give an edge to Amazon in most or all categories.
Recommendation #4: Provider
1. Although neither has the best prices, Amazon and Azure are the best options for :
• Standardized and mature toolkit accessible to more developers
• A large set of wide and deep services for any kind of projects
• Presence in China via partners
2. Amazon is superior in the following areas:
• Supporting more services, especially the AMI marketplace
• Greater scalability and automation (ex: auto-scaling in Azure limited to pre-provisioned
• Local and global availability (regional datacenter and seamless multi-AZ integration)
• Most robust feature set.
• Security (firewalls & ACL, RBAC (compute/network), automated key rotation
3. Develop expertise in both platforms as cloud landscape can change rapidly,
especially in China.
Running and Scaling
Software in the Cloud
ELASTIC BEANSTALK AND RELATED AUTO-SCALING FEATURES
Traditional Hardware Allocation Model
•Collect requirements for peak
usage during the next fiscal
•Acquire hardware that can
handle predicted peak load
•Add more hardware if
performance is not acceptable
•= Fixed monthly cost
Scaling in the Cloud
•Collect a variety of metrics every few seconds
•Dynamically allocate hardware to meet current usage levels
•Pay only for the minutes or hours (depending on provider)
that you use.
•Monthly cost correlates to actually business activity
systems that scale
Red= # of servers
Green = CPU
Netflix – Chaos Monkey
Chaos Monkey is a set of services which simulates and detects a variety
of problems on Netflix servers in their production. The Netflix auto-scaler
detect these malfunctioning servers and destroys them, so that the auto-
scaler will automatically replace them with healthy machines.
The simulation includes outages of an entire availability zone (data center)
in their production environment. A properly configured Amazon cloud
can handle these outages without any customer impact because 100% of
the application is distributed and self-healing.
Cloud Auto-Scaling Models
◦ Scale a single system by upgrading hardware configuration: typically requires a
reboot to add cores, memory, disk, etc.
◦ Burstable instances: Compute nodes accrue “cpu credits” over a 24 hour
period, which can be spent over several hours. Useful for applications with
daily load cycles.
◦ Auto-scale with nodes (horizontal): Each compute node can be very small (1
core, .5GB ram, etc). More nodes are added to as load increases
◦ Compute service: small cloud service scale automatically and invisibly. Pay
directly for compute time, in units of 100 milliseconds. Closest match of
usage to cost. (Amazon Lambda)
Recommendation #6: Cloud Scaling
•Don’t scale servers by reconfiguring hardware
•Use burstable instances for applications with strong daily load cycles
•Make individual nodes a small as practical to permit quick response times
for individual request, then scale horizontally.
•Automate software deployment and scaling – never deploy software to
load-balanced servers by copy/paste.
•Target 60% CPU utilization as the scaling threshold.1
•Scale up early (respond quickly – 5 minutes or less), scale down slowly
(configure cool-down of 20 minutes)
Deployment In the Cloud
Traditional (or IaaS) Deployment Model
•Allocate Physical/virtual hardware needs for application – servers, firewall, load balancer, etc
•Install all necessary services (load balancer, database, web server, email server, caching service, media encoder, etc)
•Configure IP addresses, host names & firewall rules, security roles to allow components to identity and authenticate to
Cloud (PaaS) Deployment Model
•Identify services which application will need.
•Create an Elastic Beanstalk or similar application configuration which specifies the which custom code will be deployed,
what resources it requires, what address it will be deployed to, and what security roles each component requires.
•Create post-launch configuration scripts which allow nodes to auto-configure and allocate the resources they need.
•Launch environment via UI or command line.
Software Updates In the Cloud
Software Updates In the Cloud
Traditional Update Model
•Test software in the QA/Staging environment
•Deploy customer’s software to live server by copying application binaries.
•New versions of customer’s software are deployed by overwriting the previous binaries.
Cloud Update Model
•Execute Elastic Beanstalk configuration to deploy a new application version.
•The cloud service either creates a new environment from scratch or updates the existing one. When updating, git
is used to only upload/deploy modified files.
•For cloud configuration changes, create and test a new environment. If test passes, switch to new load balancer
and destroy the old version.
Recommendation #7: Test in the cloud
•Create test deployments on demand by launching the production
configuration to a temporary environment.
•Run realistic stress tests at low costs by simulating a complete
production environment for a short time. Test environments should
auto-scale the same as production.
•Run all dev/test environments in the cloud.
•For architectural changes, don’t update environments. Create and
test a new environment, switch to it, then destroy the old one.
CHINA BASED PROVIDERS:
•AMAZON WEB SERVICES CHINA
•ALIYUN, BAIDU CLOUD, ETC
Host in China cloud or not?
•Best network performance inside China
•No risk of being blocked
•For Amazon and Azure, cost is lower in China
•For Chinese providers (Aliyun) reliability is lower
•Amazon and Azure China are run by local partners and provide a subset of services.
•Standard SDKs provided by Amazon and Azure don’t have 100% compatibility with China; SDK by Aliyun offers limited
•ICP license is required to operate in China
AWS Global vs AWS China
Azure Global vs Azure China
Recommendation #8: Cloud Hosting in
•Create dedicated China-based websites for China-based customers
in China. This means deploying an application to both regions.
•For applications with a global customer base, try to use the same
cloud provider in order to share the technology stack.
•Verify if the global application design depends on services which are
not available in China.
•Expect slow, but reliable access to China-hosted content from
Recommendation #9: Suggested criteria
for cloud adoption or migration
The following criteria should be used when deciding which candidate
systems should be hosted in the cloud:
•System does not need high-bandwidth interconnectivity with systems
hosted in other regions. For example, don’t host a website in AWS which
connects directly to a database in corporate datacenter.
•System can be hosted in the same region (China, Asia, Europe) as the
•Secure SOA architecture can be ensured for all interconnectivity with
other platforms. Production access to the cloud-hosted system should be
over web and authenticated services.
•Development team has experience with cloud hosting
Recommendation #10: Non-technical
considerations for wider cloud adoption
The following factors should be considered before systems are deployed to the cloud:
•Are there any legal constraints in storing data in a specific cloud? (For example, storing
Russian customer data outside of Russia.)
•What regulatory or contract issues must be resolved? For example, an ICP license for
the domain is needed in China, and paying to Chinese companies may require a
contract or business license documents.
•Evaluate the business risk associated with using services in beta (Amazon and Azure are
new in China).
•Consider possible global expansion or need for China support. In other words, select
providers which offer the equivalent service inside China for the specific aplication.
Recommendation #11: Technical
prerequisites for wider cloud adoption
The following prerequisites may be required in a specific provider
region before cloud applications can be deployed:
•Configure federated domain authentication for cloud services
•Configure VPN endpoint for AD network
•Configure VPC (cloud-hosted LAN) to provide proper peer visibility
and isolation isolation to cloud recourses
•Build secure API for core business services (ODIN+ API)
Recommendation #12: AWS Instance
•Use the latest generation of instance types (x4/t2)
•Use burstable instances for applications with high daily variability
•Evaluate whether applications are CPU, memory, or IO intensive and
select the appropriate type – scale up the particular bottleneck
which is hit.
•For applications with consistent and predicable load, prefer larger
instances; for applications with unpredictable load, scale horizontally
with more burstable instances.