Inside the hybrid cloud, Part 3: Administration

When a hybrid cloud is created, the objective is to craft a solution that appears and functions seamlessly for the user, performs flawlessly, and secures the entire system from malicious and erroneous activities. To make all this happen, some IT fundamentals must be painstakingly planned and managed. Part 3 of this series peeks under the hood to see what it takes to make the hybrid powerhouse a reality.


Grace Walker, IT Consultant, Walker Automated Services

Grace Walker, a partner in Walker Automated Services in Chicago, Illinois, is an IT consultant with a diverse background and broad experience. She has worked in IT as a manager, administrator, programmer, instructor, business analyst, technical analyst, systems analyst, and web developer in various environments, including telecommunications, education, financial services, and software.

25 May 2012

Also available in Chinese Russian Japanese

We know that IT as a Service optimizes the production and consumption of services based on the requirements of the business, that Every Component as a Service makes for an efficient delivery method, and that the federated cloud can create effective service-oriented business partnerships. Now, we are going to look at what makes it possible for IT to deliver services so quickly, securely, and with minimal cost.

For a hybrid cloud to function effectively and securely, there must be well-managed workloads. The old IT paradigm was one application plus the operating system functioning on one server. The old way made management of both the infrastructure and business services simple, but scalability and agility were not part of this paradigm. Virtualization, which breaks the tether between software and hardware, takes the preliminary steps toward realizing the hybrid cloud by allowing us to establish a set of manageable workloads that can be recalibrated in a manner consistent with the requirements of the enterprise. However, that is just the beginning of the story.

Workload management

The user wants a service. The workload management system you put in place determines the quality and value of the service you deliver as well as its cost. The fundamental element—the workload—requires access to various resources, including processing power, storage, and network bandwidth. Its focus can be operational or business oriented.

A workload consists of an integrated software stack that includes just enough operating system (JeOS) to support the particular workload it runs, middleware to manage the communication among resources, and an application. A workload also has an identity that it uses to move between and run in physical, virtual, or cloud environments. It is the identity that allows policies to be associated with a workload. A workload, or an aggregation of workloads, creates a service that an end user can then consume.

The stylized vision of a workload shown in Figure 1 represents the relationship among the JeOS, which provides the support for the application, the application itself, and the middleware that manages resources that the workload requires.

Figure 1. A workload
Image showing a Q workload

For a workload to be optimally effective, it must be able to respond to change quickly while maintaining integrity and security. This need has engendered the intelligent workload management (IWM) paradigm.

Intelligent workload management

IWM is essential for the optimization of contemporary computing tasks. It presupposes an intelligent workload, which means that the workload must be policy driven, secure, and compliant.

An intelligent workload contains metadata that provides the information the workload needs to determine who is allowed to consume it, who has access rights to it, as well as who owns it. It knows what it is designed to do as well as what level of urgency the function has. It knows the best milieu for it to perform its function. It knows whether it can go into the public cloud or must stay private. It knows when it is approaching the limits of its capacity, triggering the management framework to dynamically add workload pools. An intelligent workload efficiently manages policy and compliance, ensuring observance while increasing agility and efficiency and decreasing cost. With IWM identity management, a workload implements tight security, enforces strict compliance, and facilitates portability.

Software appliance

IWM requires intelligent workloads, and intelligent workloads need software appliances. Software appliances provide the foundation on which IWM is built. A software appliance is the combination of an application and JeOS, integrated into one image optimized to run in a virtual machine (VM) on industry-standard hardware. Software appliances are also preconfigured, eradicating many data center issues related to configuration, installation, and maintenance.

The software appliance depicted in Figure 2 is the heart of the matter.

Figure 2. Software appliance
Image showing a software appliance

Software appliances provide the most profitable approach to building IWM-compliant workloads. It is a strategy based on the comprehension-driven utilization of operating system and policy-oriented tools used in workload construction, preparation, and migration. This approach is facilitated by the nature of the self-contained component structure.

The software appliance is key to the development of an efficient regime for migration of workloads and serves a critical function in the physical-system-to-virtual-to-cloud transference path. With efficient self-contained appliances, deployment and maintenance are accomplished without the over use of support staff for software configuration, updates, and the like. In addition, software appliances function in isolation and improve security. Any security problems that may affect the appliance are quarantined from the rest of the system.

The role of virtual software appliances—a critical subset of software appliances—is largely a function of packaging format and target platform. Each appliance image is dedicated to a unique virtual platform. Unlike a generic software appliance, it is specifically targeted for use in the virtual computing universe. When a software appliance is installed on a VM and packaged, it is transformed into a virtual appliance.

Traditional methods involve the installation of a software application in direct association with the operating system. The fact that the software appliance does not gives it much greater agility and ease of use. It simplifies deployment by alleviating the standard operating system concerns, such as compatibility.


Businesses are looking to the hybrid cloud as a solution that will reduce their costs and at the same time improve the scalability and flexibility of their business processes. The idea of dynamically moving workloads among various virtual and cloud resources based on current conditions along with the evident cost benefits and service level improvements can be quite intoxicating. However, this idea can't be allowed to override the operational controls that have been meticulously designed through time, experience, and policy or in any way increase risk to the business, however. When moving to a hybrid cloud model, the solution put in place must effectively support the security and privacy priorities of the business. It must reduce risk and protect confidentiality while defending computing resources and data integrity.

Security in the hybrid cloud is enhanced by IWM. IWM is able to provide integrated security and regulatory compliance along with manageability and portability. IWM also provides improved control of user access: Users are only allowed access to the information they are authorized to retrieve or alter.

IWM includes policy-driven workload management, which allows you to create standardized workload configurations powered by policy-driven regimes that regulate functionality. A policy-based IWM approach enhances security and compliance.

Much of the reluctance expressed related to moving to a hybrid cloud solution is the result of security and regulatory compliance concerns, which is why security must always be a major part of the service level agreement process. It is important to review vendor security and audit procedures to ensure compliance. A critical aspect of this process is verifying that your own configuration is in compliance—a key aspect of enhancing user security. Security must be jointly addressed by the enterprise and the cloud provider.

Comprehensive integration: banishing the silos

Integration is central to the hybrid cloud model. As the penetration of the hybrid cloud model intensifies, proper integration grows in importance. Extending a private infrastructure into the public cloud requires the creation of a finely honed solution that, to the end user, appears seamless. The business realities of the hybrid cloud demand solutions that provide an environment that is extremely flexible. This environment must integrate applications and services obtained from both inside and outside physical control of the enterprise. The aggregation of IT assets enables cost reductions and mitigates the enterprise's carbon footprint. The optimal use of the hybrid cloud model is based on how management, architecture, and other key stakeholders handle the fundamental issue of appropriate integration.

The hybrid cloud environment presents complex management challenges. To gain maximum benefit from the use of intelligent workloads, an enterprise must broaden the fundamental management and administrative methods put in place in support of the hybrid cloud's combined virtual and physical system. Most contemporary enterprises are still organized as silos. Each silo requires compliant and secure IT service management (ITSM) for workloads and business service management (BSM) asset tools for dashboards. Their governance and compliance mechanisms reflect a structure similar to that shown in Figure 3. The systems, service management, and governance for each area are isolated, causing the development and implementation of processes and procedures that are different and in some instances in contradiction to those of other areas.

Figure 3. Siloed approach
Image showing siloed governance and compliance

IWM replaces a siloed approach with a services-based approach that provides support for the physical, virtual, and cloud environments, as seen in Figure 4. The services-based approach provides the unity of purpose required to fulfill the vision of the hybrid cloud.

Figure 4. Service-based approach
Image showing integrated governance and compliance

In a hybrid cloud, intelligent workloads provide a means to remove the borders and eliminate the costly effects of the silo approach. Intelligent workloads make it possible to provide the same level of access to the management, security, monitoring, and compliance assets in the hybrid cloud available in the physical and virtual system components.


IWM environments must be constantly monitored. Accurate and timely information must be gathered to analyze present conditions and oversee compliance. IT must maintain a consistent assessment regime that monitors and maintains the desired functional level of delivered service. Doing so requires the timely identification of problems or patterns that are indicators of imminent system problems and interventions based on this knowledge to avoid outages.

Workload management requires tracking and careful administration and management if the system put in place is going to achieve the desired results. A proper tracking regime must be implemented for the reclaiming and reassigning of the workloads, managing changes provoked by peak hour usage, as well as special needs. In general, the manipulation and deployment of the capabilities and assets associated with the hybrid cloud must be managed and administered in the most efficient and profitable manner possible.

A window into the system must be provided to the business so it can evaluate performance and monitor its costs. This requires the use of management reports and dashboards that position workload consumption and performance level information in a manner that expedites the analysis of workload use in the enterprise's specific business context.

Use of policy-based automated management creates the conditions for pecuniary gain in that it reduces capital expenses (CapEx) and operational expenses (OpEx). This is a function of enhanced system operations and usage on one hand and improved implementation of business functions, such as maintaining the fundamental business activities with fewer negative events, on the other. These approaches and methods create the cornerstones of the IWM regime.


IWM is the key to IT as a Service. Using it, organizations can create efficient, safe, and compliant products and information services. The enterprises internalizing the benefits of this model are best positioned to maximize system resources, provide consistent access control and security, and control the operational and administrative costs that accompany virtualized workloads, which is essential for every enterprise that has or will embrace hybrid cloud computing strategies. Such a cloud configuration requires highly portable workloads that are in sync with all of the component parts of the system and comply with governance and security policies and constraints. The ability to abstract workloads from hardware and automate their management according to enterprise policy is critical.

Moving forward, the next and final article in this series will use our understanding of IWM and its role in the hybrid cloud as one of the fundamental pillars in the discussion of implementation considerations.



Get products and technologies

  • Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, use a product in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement service-oriented architecture efficiently.


  • Get involved in the developerWorks community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.


developerWorks: Sign in

Required fields are indicated with an asterisk (*).

Need an IBM ID?
Forgot your IBM ID?

Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.


All information submitted is secure.

Dig deeper into Cloud computing on developerWorks

  • developerWorks Premium

    Exclusive tools to build your next great app. Learn more.

  • Cloud newsletter

    Crazy about Cloud? Sign up for our monthly newsletter and the latest cloud news.

  • Try SoftLayer Cloud

    Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.

Zone=Cloud computing
ArticleTitle=Inside the hybrid cloud, Part 3: Administration