The early days of on-premises management was comprised primarily of per device element managers. However, chasing problems from machine to machine proved to not only be maddening but grossly inefficient. And before you knew it, many isolated issues quickly piled up, throwing your plans for the day out of the window while you confronted the most pressing threats. The increasing clash between the growing pressure to reduce costs and headcount and the growing responsibilities of a global IT team then ensued. The expectations of fast and continuous improvement failed to be accompanied by more resources forcing a new framework for dealing with the sprawl of on-premises management.
Enter the Management Server console (or station if you prefer), a solution that all on-prem/hyper-converged infrastructure administrators are more than familiar with. Designed to provide a holistic management view of all your IT assets while offering the ability to drill down to either group or individual systems. It became necessary as globalization steamrolled on, and the IT infrastructure became widely distributed around the world. This new management framework was expected to increase productivity, save money, and create efficiencies; however, as it grew it also proved to be complex and expensive to maintain. And it is at odds with the familiar public cloud model of manageability that we’ve grown to appreciate.
Too many management consoles will drive a person insane
You know the scenario. You’ve just bought some shiny, brand-new application, server, network switch, storage system, hyper-converged infrastructure solution or other on-premises device. You ask how it’s managed, and the simple answer is to use their really awesome, cool custom management console that runs as a simple VM in your virtualized infrastructure – each complete with its own learning curve. Of course, you’ll need to cluster it for high availability and provision it accordingly for future growth. Over time you’ll need several of them in order to scale and be globally distributed. Management consoles are like rabbits (or Tribbles if you’re a trekkie.) You get a couple and learn how to handle them, and pretty soon you have a dozen (or more)!
Virtualization, Kubernetes, Bare Metal, networking, storage, backup, the list goes on…Trying to manage all of these following a ‘silo’ management strategy, where multiple point solutions are used to administer each network or tier separately is madness – it’s no wonder you may be spending the bulk of your time managing your management systems!
Management console sprawl
Your first server, storage or hyper-converged infrastructure management console might have been in the same server room, but over time multiple instances of it has spread across multiple facilities in widespread geographical locations, especially in cases where one company has acquired another one or where two companies have merged.
You already have different on-premises management consoles for various applications and as such, the physical servers (or VMs) they run on require different levels of processing, data storage, and networking. And while most of these run as VMs there’s still a cost to you and your IT team.
- Infrastructure costs. The costs of keeping a management console up and running include powering the server itself, as well as added costs for cooling the data center in which the server is running. Network connectivity, data processing, data storage and other facilities costs for additional workloads brought online further escalates management console costs. In many cases you may need to ensure proper physical server (or VM) sizing including the number of server(s) (VMs) required for availability in order to manage all the registered application servers. You may even find that certain management features require additional resources (CPU, storage, etc.) before enabling them.
- Administration costs. Management console sprawl can increase administrative costs. Every new management console costs hours in laborious provisioning, setup, and day-2 maintenance time. Additional software licensing fees, system administration tasks, maintenance and access control increase proportionally to the number of servers. You carry the full burden of installing, configuring, patching, and upgrading these servers.
- Business costs. Management console sprawl can make reporting produce incomplete or incongruous results – for example, when telemetry/usage data is not fully in sync across all stations. Inconsistency in how management servers are deployed (aka configuration drift) can expose an organization to security vulnerabilities where RBAC and password settings are absent or ill-configured on different consoles. Some management consoles may be out-of-sync for enforcement of provisioning rules and best practices when applications are deployed thereby causing inconsistency in how apps are deployed. For instance, application owners and developers may be taking provisioning matters into their own hands, resulting in deployments consisting of unsupported apps where security, performance, data protection and compatibility problems are likely to surface.
- Opportunity costs. Resources spent on managing management consoles can’t be used to make more productive investments for the organization. Because of that, they’re not upgraded nearly as often as they should be and the risk of an upgrade destabilizing an already running solution is too high which leads to systems that remain static with antiquated user interfaces and archaic design principles.
- Career costs. “My boss wouldn’t know a SAS expander if I dropped one on his foot” Your manager and corporate IT decision-makers don’t have the same insight into the daily on-goings of your IT infrastructure as you might. A hodge-podge of different management consoles makes it hard to articulate or report-up on the current, holistic view of your infrastructure and poorly justifies your future needs – “We’re running out of capacity!” If no one understands what you and your team are doing, no one will have your back during closed-door meetings and you may not get the resources you need.
Rethinking the management console
What if I told you could manage your IT assets (applications, servers, and storage) with a management framework that incurred none of the previously mentioned costs or downsides? It is possible and it’s accomplished by leveraging the cloud – specifically a cloud control plane. One that abstracts and centralizes the administrative management of resources – what the cloud does best. Instead of controlling a data center configuration with on-premises management consoles, it is now controlled from the cloud with API calls and web consoles.
Why a cloud control plane?
Well, we’ve already seen this in practice for managing other on-premises devices such as Google’s Nest and with some of the newer WiFi access point networking companies (e.g. Cisco’s Meraki and Juniper’s Mist.) The cloud management plane consolidates many things we previously managed through separate on-premises systems and tools, and then makes them Internet-accessible through a single API and with a single set of authentication credentials. In essence, it removes the nightmarish “management console behind another management console” situation we find ourselves in today and for which we don’t have any other great solutions for.
The Nebulon cloud control plane
The Nebulon cloud control plane, Nebulon ON, is a component of Nebulon smartInfrastructure, server-embedded, infrastructure software delivered as-a-service, which offers the benefits of the public cloud on-premises, from core to edge for any application—containerized, virtualized or bare-metal.
Using a cloud control plane like Nebulon ON to manage your on-premises IT infrastructure is something that was a day-1 design decision. Let’s re-examine why we chose this path:
- No more management console sprawl
It’s a single, API consistent, portal for managing your entire global Nebulon infrastructure (all clusters) indefinitely as it continues to scale.
- No need to host the service on your infrastructure
All services are hosted by Nebulon as a control plane in the cloud for all your Nebulon clusters.
- No need to install, size or configure a management console(s)
Management service is dynamically sized for your environment without your involvement.
- No need to manage or upgrade (e.g., day-2 stuff) management service
It’s all automated and controlled by Nebulon.
- No separate, additional licenses needed for advanced features like analytics, capacity planning, custom dashboards, audit reporting and search capabilities.
- Always running the latest version!
New features and capabilities are introduced frequently (every month) and available as soon as you login.
- No risk of an upgrade taking down your server & storage infrastructure
Nebulon ON cloud control plane runs completely separate from the on-premises data plane.
- Centralization also brings security benefits.
There are no hidden resources – you always know where everything you own is at all times, and how it is configured. The cloud plane always knows what resources are in your IT org, where they are allocated, and who (or what) has access to them.
- Single, consistent view of all assets (servers, storage, apps, analytics, audit logs, etc.)
- Single, consistent namespace for all security and RBAC policies, provisioning templates, etc.)
Template driven provisioning ensures application owners and developers are deploying approved applications in a secure, performant, protected, and compatible fashion. You no longer need to play it safe by over-provisioning, which is expensive and wasteful, taking up much-needed bandwidth and server capacity.
- Know your environment!
Single dashboard and reporting view where the current health, performance, and predicted risks of your entire IT infrastructure can be immediately viewable. Be alerted to latent issues and proactively plan for needed changes in performance and storage capacity.
How secure is this?
You may be thinking that someone having access to the cloud management plane is like gaining unfettered access to your data center. Unless proper security controls are in place to limit who can access the management plane and what they can do within it, this is true. Nebulon’s cloud management plane was designed and built with a zero-trust approach. The net of this is your private data remains on your servers in your data centers, only the metadata is in the cloud. We use end-to-end encryption with modern TLS between API-client, cloud, and infrastructure to prevent eavesdropping. In addition to that, data-at-rest encryption in the cloud ensures secure storage of telemetry data and all actions are role-based access control secured and audited within Nebulon cloud to allow and monitor delegated management. Furthermore, our security triangle (as described here) prevents modifications of infrastructure from outside an organization’s firewall.
The last thing we want to sell you is yet another management console – it’s so 1990’s. With Nebulon deploying, managing, and maintaining on-premises enterprise application data at-scale, is as simple and rapid as it is in the public cloud. Our view is that we should be leveraging the public cloud for the strengths of what it offers on-premises today. We think you should too. Unless you really like rabbits.
To learn more about Nebulon smartInfrastructure and the Nebulon ON cloud control plane, click here.