Recently, CloudBolt held a customer case study webinar with Rutger Tromp, technical product manager at SURFnet, based in the Netherlands. Below, in his own words, are details of how his organization utilizes CloudBolt as its cloud management platform and provides extensibility especially around SURFnet’s Microsoft Azure environment.
(Note: the transcript of the webinar has been lightly edited for clarity and length. You can watch the full video here or below.)
What is SURF?
We help educational institutions in the Netherlands to make use of, and benefit from, cloud services.
First, some background information about our organization, SURF, and our SURFcumulus service. SURF is a Dutch national research and education network, which is quite similar to Internet2 in the United States. SURF ensures that students, lecturers and researchers in education and research have access to the best possible ICT resources on favorable terms for the purpose of top-level research and talent development in national and international collaboration. SURF therefore develops, innovates and operates an advanced, federated e-infrastructure in conjunction with the institutions. SURF also organizes demand aggregation, collaboration and knowledge sharing in relation to ICT themes for the member institutions.
SURF is a strategic partner delivering and developing IT services. We have a clear vision on technology and always try to implement new technologies to facilitate that in a technical way by connecting institutions, and also by sharing knowledge and facilitating user groups.
SURFcumulus is a service provided by SURF. Our aim is to deliver cloud services to SURF members. Back in 2016, SURFcumulus was founded together in cooperation with our institutions. Together with our members, we have decided to set up a cloud management platform and share this platform, instead of everyone for themselves. This shared CMP environment is managed and further developed by SURF.
Our members are able to make use of a platform for provisioning and managing cloud resources. We do that with CloudBolt. Finally, SURFcumulus is not a service we offer for profit, but also not for loss. As SURF is a not-for-profit organization, we ask a fee for the use of CloudBolt to cover our costs.
We think it’s important to lower the threshold for our members and our institutions to start using cloud services, because migrating to the cloud can be quite challenging. In the Netherlands, our members and our institutions are obliged to tender for contracts if they spend a certain amount of money on cloud services. That takes a lot of time and takes a lot of money as well. Combining forces can support our members during the cloud transition process as a trusted advisor.
Why did you choose CloudBolt?
What we saw in CloudBolt was a strong capability to offer the true single pane of glass experience. We believe in multi-, hybrid- and single-cloud strategies. They can live together. Also, if you are using one cloud service together with your on-premises infrastructure, you can still use CloudBolt to have that single pane of glass.
CloudBolt was able to offer a true multi-tenancy experience. A lot of members have one tenant. Another strong point was the support for a lot of cloud technologies. It’s quite an impressive list.
CloudBolt has strong provisioning and management capabilities and a simple UI, which is really important for our end users to remove all the complexity of some of the cloud platforms, and fit in a simple UI with a simple workflow for provisioning and managing resources.
We found CloudBolt suitable as a platform for self-service IT. Our members and our institutions use CloudBolt to deliver services in their organization. For example, a researcher, or a teacher, or sometimes even a student can use the platform and provision infrastructure.
Another important point for us was the ability to create extensions and to add plugins. And since CloudBolt has so many hooks to develop on, it is a scalable platform, which we could modify and extend to fit our needs. And also, very important for us was the ability for CloudBolt to connect to our federated authentication mechanism, SURFconext.
What does a cloud management platform offering for an institution look like?
We at SURF run a single CloudBolt environment, and on that single CloudBolt environment our members receive one tenant as soon as they are onboarded by me. We do support single-cloud, multi-cloud and hybrid cloud strategies. An institution can can choose from a wide range of cloud providers and also connect their own on-premises infrastructure and use that all together.
We use CloudBolt also as a self-service platform for our internal users at SURF. They have access to the cloud management platform, and they can provision servers on their platform of choice. We also use CloudBolt’s showback and chargeback capabilities.
At the moment we have over 250 active users, over 60 resource handlers, over 50 blueprints and over 1,500 resources managed from our CloudBolt cloud management platform. The most popular cloud technology for us is far and away Microsoft Azure. In terms of VM count, VMware technology type is growing. We’re seeing interest growing in AWS. We started with Google, we’ve tested it and we offer it to our members.
We have selected CloudBolt through a European tender. This was won by Aves IT, partner of CloudBolt. We also work with Aves IT for plugin development and support on our CloudBolt environment. Our CloudBolt servers are managed by an external supplier, under our supervision.
How are you using CloudBolt?
The first challenge we had was to use CloudBolt as a multi-tenancy platform. Now in version 9.3, it is possible to connect to an SSL provider based on SAML2. That was not an option when we started with CloudBolt, so we created a custom SAML2 configuration to assign users at their login to the right organization.
Our environment is connected to a federated authentication platform, SURFconext, all our members are connected to this authentication gateway with their identity providers. This was a really important step to make it work.
Another thing we found out was that end users find it difficult to understand node type and instance type offered by Azure and AWS. For example, when you want to have a particular server on AWS, you have to know [what all the individual servers are]. So, when you ask someone who doesn’t know Azure that well, and they don’t know how many CPUs you get, how much memory, how fast is your machine, is it optimized for compute or memory?
We created an action that adds, on the fly, a bit of a description and explanation to the node size and instance type in the dropdowns in CloudBolt. For example, when you want to order a virtual machine, you select your group, your environment, then in the node size dropdown, there is a little more information on what the node size is about. You see what the memory is, CPU information, is it optimized, etc. It’s the same for AWS, we have an instance type dropdown that we added to make it more readable.
End users also want more information about network configuration. When you offer blueprints and ask users to self-provision new virtual machines, they need to know something about available networks and, sometimes, network configuration. So, what we did was create a custom report to give non-admin users information about networks they have access to.
In custom reports in CloudBolt 9.3.1, we have a Network Details Report. You can see the networks you have access to, just that little bit of extra information about gateway, netmask or DNS settings, and addressing types.
We have a lot of Azure VMs in the system, and a lot of Azure resource handlers. Our end users want to have the ability to create snapshots before making significant changes to their Azure virtual machines. A lot of users are used to the VMware world where you can easily create and restore snapshots. In Azure it is a bit different. We investigated the possibility of doing this and we decided we could create a server action in CloudBolt which end users can use to create Azure snapshots for managed disks.
There’s a new server action in CloudBolt called “Create Snapshot” when a user opens an Azure VM. When I run it, I can select the disk that I want to create a snapshot of, and a job is created in Azure to make the snapshot of the specific disk. We can use the snapshot to restore this machine and this specific situation before changes were made. Depending on the size of the machine, it will take 20 to 30 seconds for the snapshot to show up.
To take it a step further, if you want not only a snapshot of a moment in time, but also regular backups of an Azure VM created with CloudBolt, we investigated and found that it was possible. We created a blueprint and a couple of actions to make that happen. It is very easy to create a new Azure vault as a result within CloudBolt. It is also possible to create more retention schemes based on your needs. You can do daily, weekly or monthly backups.
We also created server actions specifically for IT admins who want to change network configuration for Azure virtual machines without the need to send their users to the Azure portal and without the need to assign too much privilege to end users. These server actions change IP addressing and DNS settings.
Lastly, the final example of an extension we made based on Azure with the help of CloudBolt is around end users who want to self-manage Azure firewall rules. They often have requests for ports they want to open or close for their VMs. This is typically a scenario where someone provisions a VM in Azure and want to access it with remote desktop, or with SSH, or turn it into a web server, or limit access to a specific source address.
We created a specific UI extension with an additional step in the UI called firewall. This is all done with CloudBolt UI extensions. If a specific user wants to have access to a server from the web, or maybe from SSH, with this extension we decided to offer them a few pre-defined profiles to allow access to specific ports or their VMs.
How do you plan to use CloudBolt going forward?
For further developments, we’re seeing growing interest in Kubernetes and Platform-as-a-Service (PaaS) services. We’re seeing a slight move away from VMs to more managed solutions. We are planning to develop an integration with JIRA for issue tracking and support, because we also deliver support to our members ourselves and we want to have that as part of our cloud management platform. We also want to make it possible to manage Azure VM extensions, for example Boot Diagnostics, or integration with Azure Active Directory.
We are looking at the ability to implement one-off budgets, and options to delegate more controls and more management options to power users based on what they can do with a resource handler and a given environment without needing to assign them the global admin role. We are also looking at ways to enable power users to create and run their own actions and plugins within CloudBolt.
