If you are thinking of a PaaS then you need to consider some important features and understand how to think about the different vendors. There are literally hundreds of PaaS vendors. Why? It's a very important and powerful step in improving time to market and costs for software development. Issues like Resource Sharing, Hybrid, Polyglot, Security, HA / DR, Ecosystem PaaS, Lifecycle management, DevOps vs PaaS, different IaaS Vendors migrating into PaaS services, Autoscaling, Open Source vs Proprietary, Performance Management, Operations

1. Understanding the Taxonomy and complexity of
PaaS for Enterprises, May 28, 2014
John Mathon
VP, Enterprise Evangelism
Blog: Johnmathon.wordpress.com (CloudRamblings)
Twitter: @john_mathon
Mail: john@wso2.com
(C) WSO2 2014

2. © WSO2 2014
In this talk
• Covered
– Quick intro to WSO2 for those who don’t know
– What is a PaaS / DevOps – Taxonomy
– Enterprise Issues for PaaS
– Generic PH PaaS
– Ecosystem PaaS
• Not Covered
– This is not a “survey” of all open source or other PaaS
• Application PaaS
• Functional PaaS
• Vendor PaaS

3. © WSO2 2014
WSO2 - 8 years Apache and OpenSource
Contributor
• … from the past – Axis2, Synapse and contributors on 20
other Apache Projects
• All wso2 software is 100% open source not enterprise
license in any way (Apache licensed)
• Now contributed Stratos as Cloud PaaS layer
– True polyglot, hybrid PaaS
– Contributors WSO2, Indiana University, Citrix, EngineYard,
Cisco, NASA, SunGaurd, Georgia Tech, …
• Also have in open source cloud Ecosystem PaaS
– App Factory
• WSO2 will also offer Cloud Services based on all our open
source tools in 2014/2015

4. Legacy Integration Stack
ESB, C/As, Adapters, DSS, MB, AS
API Management
APIM, ELB, ESB, BAM, IM, DSS, SS, ES
Middleware / SOA
ESB, C/As, MB, BPS, DSS, AS
BigData NSA for you
BAM, DSS, SS, Cassandra, C/As, CEP, UES
Advanced Governance and
Security
IM, gReg, BRS, BAM, CEP, MDM, MAM, ES
Mobile
MDM, MAM, ES, gReg, AS
POLYGLOT HYBRID PAAS
CC, CS, CA, ELB, CEP
Connected Business
APIM, App Factory, ES, Integration, NSA4U
Ecosystem PaaS
Private PaaS, BPS, DSS, SS, ES, Git, Maven,
Jenkins, Redmine,
Development Tools
Developer Studio, CodeEnvy, UES
WSO2

5. © WSO2 2014
Over 200 Customers: Ebay, Boeing, Banks…

6. © WSO2 2014
Some Key PaaS customers for WSO2
• Cisco – 7 instances with telecom providers
– $1Billion revenue will be running on our PaaS
• Boeing – App Factory and Stratos
• State of Arizona
END OF COMMERCIAL

7. © WSO2 2014
60 years ago the first computer
40 years ago the first microcomputer
20 years ago the internet
Today Cloud, IOT, PaaS, Mobile…

8. © WSO2 2014
PaaS is “aaS” for Services and Applications
Development (see blog below)
• Low Initial Cost to Deploy
• Incremental Cost as you use or develop more
• Automated Deployment
• Management Built-In
• Best Practices baked in
• Self-Service
• Lifecycle Managed
• Reuse
• Resource Sharing
johnmathon.wordpress.com CloudRamblings – A simple guide to Cloud Computing

9. © WSO2 2014
Roles for PaaS
• Super-Tenant (and related roles)
– Configures and manages operations across subtenants and
applications during the entire lifecycle
– Defines the lifecycle
• Tenant
– Can build, integrate, test, deploy versions of applications or
services
• User
– Uses an application (may not be aware that a PaaS exists)

10. © WSO2 2014
What’s the difference DevOps/PaaS?
DevOps – DIY automation
• Use Chef, Puppet
• You write the rules
• You script deployment
• No auto Scaling
• You do FT/HA strategy
• Tenant management
and other tasks like
security may be very
manual still
PaaS – its built in
• Continuous deployment
• Multiple clouds
simultaneously
• Auto-scales / Load
Balances
• Self-service Automation
• Gives you a dashboard
• May not work with your
tools or processes

11. © WSO2 2014
There are many different types of PaaS
• Application PaaS – Force.com
• Infrastructure Tied PaaS - Azure
• Development Environment Tied PaaS –
Openshift, mPaaS, iPaaS, BPMaaS, APIMaaS, …
• Generic PaaS – CloudFoundry, Apache
Stratos(WSO2 Private PaaS)
• Ecosystem PaaS – Heroku, WSO2 App Factory,
Force
• DevOps PaaS – CloudFoundry, OpenShift, Stratos,
…

12. © WSO2 2014
Another PaaS Taxonomy
• Vendor Tied PaaS – could be one application, one
development environment, one operating system, one IaaS, one
virtualization technology
• Functional PaaS – oriented around one developmental
function such as iPaaS, BPMaaS, APIMaaS
• Hybrid PaaS – support for more than one IaaS environment
• Polyglot PaaS – support for more than one development
environment
• Ecosystem PaaS – Support for full lifecycle including
development environment and store

13. © WSO2 2014
Why so many PaaS?
Bottom Line: Faster Time to Market
Before - software development is
costly, risky and slow process
• Do tests on early versions of software to determine loads
from customers
• Plan demand expectation and hardware required
• Acquire hardware and networking equipment for a time
period including additional hardware for failures and
expected peak periods
• Find space for hardware, plan network integration plan, rule
changes in switches, routers, update configuration
management, outages for upgrades and changes
• Test hardware and network with software to insure it works
• Understand failure modes, when to scale, runbooks for
different scenarios, train people in operation and what to do
in different scenarios. Write scripts to detect scenarios and
provide needed information in failures.
• Write or acquire management tools, put in instrumentation in
hardware.
• Plan for upgrade strategies, outages and SLA measurements,
backup policies.
• Beta customers
• Go Live
Now – cheaper, faster, less risky
• Choose IaaS vendor
• Choose PaaS platform
• Write some runbooks for different scenarios,
train people in PaaS operation
• Deploy software
• Beta customers
• Go live
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Time
Cost
Time
Cost
Development
Test/Deployment
Operations
$$$$$$$$$$$$$$$$$$$$$$$ SAVED!
SAVED!

14. © WSO2 2014
Entry Points for PaaS
• Inside Organization
– DevOps automation
– Cloud Busting
– Resource Sharing
– Enterprise Refactoring and Renewal
• Outside Organization
– SaaS application development
– External API service development
– PaaS for partners/customers

15. © WSO2 2014
I’m going to talk about Polyglot Hybrid
Generic PaaS’s
YES
• Polyglot Hybrid PaaS
• Ecosystem PaaS
NO
• Competitive landscape
• Application PaaS’s
• Vendor PaaS’s
• Functional PaaS’s

16. © WSO2 2014
Typical Hybrid Polyglot PaaS architecture

17. © WSO2 2014
Enterprise Issues to be discussed
PH PaaS
• Private or Public
• Hybrid Cloud Capability
• Resource Sharing differences
• Security Concerns
• High Availability
• Polyglot
• Management and Performance
Monitoring
• Automated Resource Allocation
• Scaling Automatically
• Operations Support
• Pluggability
• Multi-tenancy of applications and
users
Ecosystem PaaS = PH PaaS +
• Multi-Environment
support
• Business Process
Automation
• Lifecycle support
• Social Capabilities
• Store
• Reuse

18. © WSO2 2014
Private or Public
Private / Run yourself
• More flexibility to use
hybrid capabilities,
customize for your
development
• Gain Experience
yourself before
launching into public
sphere
Public
• Start cheap and small
• Running a PaaS isn’t
trivial
• Possibly locked in to a
vendor and its
problems and
limitations on
performance and scale,
compliance, security …

19. © WSO2 2014
Hybrid Capability Has been deemed Important
which is why we see some possibly misusing the
term
• Change cloud vendors based on:
– Security
– Cost
– Zone Coverage
– Performance Problems
– Vendor instability
– Or any reason that may occur
• Use Multiple Clouds
– Have on premise hardware as well as public
– Burst on demand
– Run certain services in some clouds that perform better
– Run some tenants in some regions on different clouds
– Run production, test, demo, staging … in different clouds
Some Vendors claim Hybrid meaning: not different types of clouds.
Seriously restricts choices

20. © WSO2 2014
Public IaaS Vendors – large variability
High Risk – not all PaaS’s run on all IaaS
10:1 price / performance or more
Dell*, Azure**
• Microsoft (Free)
• Dell - On-premise like
Joyent**, SoftLayer*
• High Performance
– Joyent special virtualization,
SmartOS
– Softlayer – bare metal
• MongoDB, Hadoop
Rackspace*, HP*
• MySQL
• OpenStack Pioneer
Google**
• Google Compute Cloud
• Google App Cloud
Amazon AWS**
• Wide variety of choices
• Lots of extra value
services
• Poorest performance
• Highest cost
*OpenStack ** Proprietary

21. © WSO2 2014
Private IaaS Choices
VMWare – expensive
Eucalyptus(AWS) – ties you
to Amazon
OpenStack
– Many supporters
Cloudstack
OpenNebula

22. © WSO2 2014
Polyglot – pluggable componentized

23. © WSO2 2014
You die and go to Heaven in the Cloud
Heaven is a PaaS
You ask at the gates:
Is Heaven PaaS a Hybrid PaaS?
Saint Peter Responds: No, there is
Only one Heaven and you will find it perfect
You’re a little skeptical but you nod
and ask: Is Heaven a Polyglot PaaS
Saint Peter responds: No, everybody in
Heaven speaks the same language
You ask: Does Heaven have multi-level
multi-tenant isolation?
Saint Peter is clearly getting annoyed and
Disturbed at the direction of your questions:
We have no secrets here in Heaven.
Finally you ask: Does Heaven have multi-
tenant component sharing?
Saint Peter: Look boy, you are looking for hell.
There they have many different hells, they all
Speak in tongues and everybody is a whore.

24. Resource Sharing is Critical Performance
Issue
Dedicated Instances
Great Performance but expensive!Multi-tenancy
Allows each instance
To be shared – better
utilization 
Break into components
Allows each piece to be utilized
And split to different servers
Giving higher performance
Multiple copies of
Each component
Allows unlimited
scale
Individual components can be scaled independently
Giving maximum utilization and scalability as well as
Fastest response to load changes
Tear down
Instances faster
And easier too
Dedicated instances expensive
But scales
(C) WSO2 2014

25. © WSO2 2014
High Availability / Disaster Recovery
HA
• Is the PaaS itself fault
tolerant?
• Fault tolerant
technologies for all
supplied cartridges?
• Active/Passive and
Active/Active
deployments supported?
• Load Balancing between
fault tolerant
components?
• Single points of failure
anywhere in the system?
DR
• Does the PaaS include
a gReg to replicate
governance data
between regions?
• Does the PaaS support
artifact distribution
automatically to all
regions?
• Does the PaaS support
resource backup?

26. © WSO2 2014
Security built-in?
Authentication
• Federated Identity
support including
OPENID, SAML and dual
factor auth?
• Support for multiple
LDAPs or at least one
LDAP per tenant?
• Is the IM scalable to
support your needs?
Authorization, Audit
• Does the PaaS support
OAUTH2, XACML and
other authentication
standards?
• Does it scale to your
needs?
• Can you audit the logs
or easily build alerts to
detect potential break-
ins or fraud?

27. © WSO2 2014
Auto Scaling
Metrics
– Most use http queue
length
Or do you need:
– CEP real time events –
use any metric or load,
application log or data
How Automatic
• Is the scaling manual?
• Does it do automatic up AND
down
• Can you set rules
• by tenant
• different clouds
• time of day or by region
depending on the load in that
region?
• Can you scale individual
cartridges or only whole
applications?
• Can you scale resources as well
as CPU, i.e. # of nodes in
cassandra for instance

28. © WSO2 2014
CEP Real time Metrics Gathering

29. © WSO2 2014
Open Source or Proprietary?
• Private PaaS
Open Source is the only way (in my opinion)
• Public PaaS
• in general will probably not be open source
•Won’t be as flexible

30. © WSO2 2014
Performance Management?
Management Capabilities
• Does the system come
with integrated BAM or
other performance
management?
• Does it allow 3rd party
monitoring to be
added?
• Does the system check
internal and external
performance?
Visualization and Escalations
• Do you get good
visualization tools
• Is the monitoring flexible
• Can the system detect
anomalous situations
and instantiate a
workflow
• Can the system perform
automatic workarounds
to known events or
scenarios?

31. © WSO2 2014
PaaS Management
• Do all parts of the PaaS have APIs?
• Do all parts have CLI interfaces?
• Does the PaaS have consistent operation for all parts?
• Is there a flexible enough billing and accounting
component?
• Is the security component flexible enough to meet
your growing needs?

32. © WSO2 2014
Upgrades? Down Times
• What are the components to be upgraded and can
they all be upgraded without any or very little
interruption?
• What modules will require down time or
maintenance?
• Are downtimes required for data backup or other
maintenance?

33. © WSO2 2014
Management Data / BigData
Integrated
• Is bigdata and CEP
integrated with the
system
• Can it be used for both
PaaS purposes and
application purposes?
• Can column stores be
allocation automatically
for applications or
tenants?
Ready
• Is the PaaS
instrumented?
• Can the system log
data from applications
as well as the PaaS to
be used for analyzing
tenant usage

34. © WSO2 2014
Multi-Tenancy
• Multi-tenancy means isolation of
data and process
– Can you isolate at the
hardware level
– Can you isolate at the
container level
– Can you isolate at the
cartridge level
– Can you isolate at the OS level
• Can you isolate by role or group
– Application development
tenants
– Application user tenants
– Supertenants
• Examples:
– Different tenants can be on
different physical machines
located in different regions
of the world
– Different tenants can be
allocated isolated private
instances of cartridges or
containers
– Application developers can
be isolated from
production users

35. Ecosystem PaaS
Full lifecycle PaaS
Collaborative PaaS
Inner Source

36. © WSO2 2014
Ecosystem PaaS

37. © WSO2 2014
Ecosystem PaaS
Become a leader in your
Ecosystem
• Provide your customers
with complete
development
environment
• Share your APIs,
Applications
• Allow them to share their
APIs and Applications
• Provide quality control of
end products and usage
Ecosystem Examples
• Boeing
– Make Buying Boeing
Aircraft easier to operate
in a best practices way
– Allow tighter integration
of Boeing, Airline and
Support Vendors
• Force.com
– Make integration with
Salesforce easier
• Heroku
– Make development
easier

38. © WSO2 2014
What is an Ecosystem PaaS?
• Full Lifecycle support for tenants to develop their
own services, mobile applications or web applications
– including source code repository, agile project management,
automated build, continuous integration, continuous
deployment for each tenant and tenant application
• Governance
– Decide who can see or share or run what services, mobile
applications, source code, what approval for promotion,
how many resources each tenant can use, service tiers,
track usage of each tenant of the PaaS or any of the services
in the PaaS
• A social Store to share entities
– APIs, mobile applications or web applications between
tenants, promote collaboration

39. CXO Dashboard
(C) WSO2 2014

40. © WSO2 2014
Managing Environments
• Dev
• Test
• Production
• Staging?
• Demo?
• Training?
• UAT?
• LastGood?
• Partner?
• …
• governance support for
all environments
• automate approval or
testing before
promotion
• Isolation of environment
cartridges, tenants,
users, hardware,…
• Isolation of services,
applications or
delivering different tiers
of service to different
users

41. © WSO2 2014
Publish and Socialize to facilitate Reuse

42. © WSO2 2014
Tenant Administration?
Creating / Assigning Tenants
• Assign tenants
resources in different
locations / clouds
• Tenant LDAP / security
policies supported?
• Different tenant tshirt
sizes supported?
Administration of tenants
• Tenant size migration
• Tenant instance
migration
• Tenant backup
• Tenant isolation
• tenant SLAs and
performance
• Tenant logs
• Tenant billing
• Tenant support with easy
problem reporting and
documentation, chat

43. © WSO2 2014
Application Lifecycle Management
No Lifecycle support
• The devOps will have more
manual elements more
room for error and less
consistency
• You are using tools that
cannot be integrated into
your DevOps Platform?
• You aren’t requiring
promote standard processes
in development?
• You don’t have
requirements for automated
governance of development
products
Lifecycle support
• Controls and Policies
• Standardize on tools
like Maven, Jenkins,
Agile project
management, Git?
• Do you have both
automated tasks to
perform as part of
promotion and human
involvement and
approval?

44. © WSO2 2014
More Information
• John Mathon john@wso2.com
• Twitter Feed: @john_mathon
• Blog: johnmathon.wordpress.com
• Cloud: wso2.com/cloud
• Download: wso2.com
• App Factory Signon: https://cloudpreview.wso2.com/