Completion Report

Closure Report V1.0

ENT010 – Private Cloud Provisioning

Approvals

Name

Role

Position

Date

Graeme Wood

Project Manager/Senior User

Head, ITI Enterprise Services

20/12/2019

Martin Campbell

Senior Supplier

Team Leader, ENT Unix Platforms

20/12/2019

 

 

 

           

 

 

 

 

Project Summary

This project was initiated to deliver an OpenStack private cloud service based on VMware's implementaton of OpenStack. This will complement the OpenStack interface to the Eddie research computing facility and provide a single private cloud service with two streams of support geared towards the different use cases required for non-research support and research. The service will provide a "burst out" capability for services that require elastic growth to meet demand and also give people the ability to quickly spin up virtual machine instances for rapid development. The service will support migration of VM instances into the virtual hosting environment once the development lifecycle is complete.

 

Project Scope

The project’s main goal was to implement a secure and robust Openstack service.

To deliver a private cloud service based on OpenStack to deliver an enterprise class server to support:

  • a rapid deployment environment for developers to quickly spin up and destroy virtual machines
  • a system to provide burst capacity for existing applications that need to scale-out during busy periods

It is not in scope to provide support for research use. That will be provided by a complementing service hosted on the Eddie compute platform. However, we will deliver a consistent service offering across IS to customers to allow users to select the most appropriate platform for their needs and provide support to migrate virtual machines between the platforms and the virtual hosting service.

 

Outcomes

The project was initiated in March 2016 with planning completed at the start of May 2016. The original schedule to go live on at the end of 2017 was not met and the project was closed in December 2019. There were multiple delays mainly due to resourcing being taken away for operational reasons and for higher priority projects. There was also a major delay due to the underlying network not being ready for production service that meant this project was on hold for the better part of a year.

Objectives

To deliver a private cloud service that meets the needs of schools and IS divisions for a rapid development platform and a burst-out service.

Requirements

The key requirements and the associated priorities are outlined below and were met by project closure.

Requirement

MoSCoW

Status

Provide a resilient Openstack service

Must

Delivered

Provide a supportable/upgradeable service

Must

Delivered

Provide documentation for support and use of the service

Must

Delivered

Integration with VMware

Must

Delivered

The main areas of work of the project covered –

  • Install and configure VMWare Openstack
  • Configure hosts on 10Gb Brocade network
  • Integrate service into vSphere
  • Define free quotas for people to trial/test or do small deployments
  • Configure firewalls to provide administrator access to service VLANs and servers
  • Configure external facing network firewalls to enable remote access to the service

Deliverables

The following deliverables and acceptance criteria to meet the objectives of the project were all delivered as specified.

Objective

Deliverable(s)

Acceptance Criteria

Install, configure, test and commission a secure and robust remote Windows server management solution using Microsoft’s Remote Desktop Gateway

Gateway servers (at JCMB and Appleton Tower) hosting the gateway and providing access for ENT and IS Apps administrators to servers in the ENT managed space

The gateways are fully tested and a recognised process is embedded in ENT operational policies as a secure and accepted method to remotely access Windows servers for maintenance and troubleshooting

Provide user procedures on the use of Windows Remote Desktop to enable authorised administrators to access servers remotely

Documentation on the ENT wiki providing usage and configuration details 

Approved user documentation available on the ENT wiki

Provide user procedures on (a) the registration of new administrators, groups, servers, and VLANs and requests for whitelisting and (b) removal of administrators, servers, etc. from the gateway

Documentation on the ENT wiki providing details on requests for registration, update and removal administrators, servers, etc.

User documentation reviewed, approved and available on the ENT wiki

Develop operational procedures covering the management of administrators, groups, servers, and VLANs on the gateway plus the whitelisting of servers to be added to the gateway and requests for any additional network firewall configuration on the gateway

Documentation on the ENT wiki providing procedures for adding, updating and removing administrators, servers, etc. on the gateway

Operational documentation reviewed, approved and available on the ENT wiki

Develop a process to migrate gateway logs to the central logging system

Link to the central logging system in place providing logs from the gateway on a regular basis

Gateway logs available in the central logging system for review and audit

Benefits

The successful delivery of this project was expected to provide the benefits listed below, which have been achieved.

  • More rapid development lifecycle achievable to support developers.
  • Removal of bottlenecks to deploy virtual machines quickly.
  • A burst out service to support applications that need to expand dynamically to meet demand.

 

Success Criteria

The following are the criteria were met to ensure a successful completion of the project.

  • An operational gateway service enabling ENT and IS Apps staff access to servers on a remote basis
  • A secure service that ensures only access to assigned servers by authorised administrators is possible; service was penetration tested successfully
  • An operational process that adds, updates and deletes authorised users in an efficient and timely manner
  • User documentation has been prepared and is available on the ENT wiki at https://www.wiki.ed.ac.uk/pages/viewpage.action?pageId=412866649

Alignment with IS Change Programme

This section reviews retrospectively how the project, at closure, contributed to the themes of the IS Change Programme.

Theme

Contribution

Project Management

Formal ISG project management processes for a small project were applied successfully

Working Together

The project was a successful collaboration between ITI Enterprise Service, IS Apps Development Technology and IS Apps Technology Management.

Standards and Technical Leadership

ITI Enterprise Services implemented a private cloud service 

Staff Learning and Development

The project provided team members with exposure to a new technology

Service Based Culture

A more self-service based server infrastructure deployment service has been provided.

Equality and Diversity

N/A

Innovation

Implementation of an industry standard (Openstack) cloud service

Flexible Resourcing

The project was delivered with limited resources over an extended period so that resourcing for higher priority projects and BAU activity was maintained

Communication and Branding

Communication on requirements and testing was sent out well in advance; notification of the service was given to management of impacted ENT and IS Apps teams and other interested parties.

Project Quality

Project Plan

The project plan was developed in March 2016. The project suffered from lack of resource and lack of professional project management.

Project Resourcing

The project resource budget was sufficient to meet the needs of the project but the resource priority was low that meant timescales and milestones were repeatedly not met. Additionally, there was an underlying network requirement out of the scope of the project that was needed to deliver the project into production and this was not being delivered on time due to lack of project management.

Project Budget

The project was mainly resource based and but had initial financial investment for servers and licences. These additional licences are bundled into our Enterprise Licence Agreement with VMware and the hardware costs are within the capital depreciation plan.

Outstanding Issues

The following work is ongoing but still to be completed –

  • Inclusion in the University’s Service Catalogue 

The following requirements were reviewed but not considered necessary for this restricted infrastructure service –

  • Completion of Equality Impact Assessment (EQIA)
  • Completion of Data Protection Impact Assessment (DPIA)

Lessons Learned

The key observations from the project are summarised in the table below –

 

Project Info

Project
Private Cloud Provisioning
Code
ENT010
Programme
ITI - Enterprise Services (ENT)
Management Office
ISG PMO
Project Manager
Graeme Wood
Project Sponsor
Anthony Weir
Current Stage
Close
Status
Closed
Project Classification
Run
Start Date
15-Mar-2016
Planning Date
07-May-2016
Delivery Date
15-Nov-2019
Close Date
20-Dec-2019
Overall Priority
Higher
Category
Compliance

Documentation

Close