iSoftStone Multi-Cloud Management Platform

A Cloud-native Based Solution for Management and Monitoring of Heterogeneous Cloud Resources

iSoftStone Multi-cloud Management System (iMMS) is an enterprise-level cloud management platform applied in multiple public clouds and public-private hybrid cloud scenarios. It provides consistent self-service and operation management capabilities on heterogeneous resources which include centralized resource management and control, automated resource delivery, intelligent operation analysis and O&M management to reduce the costs of hybrid cloud management.

图片1.png

Product Advantages

Centralized Management:

1. Centralized management of heterogeneous cloud resources;support centralized management of multiple kubernetes container platforms and IAAS resources on multiple clouds.

2. Intelligent operation analysis and O&M management capabilities

3. Reduce the complexity of cloud management.

Multi-tenancy Management:

1. Support single sign-on and can establish mutual trust with the enterprise authentication system

2. Also support login from a third-party account.

Operation Optimization:

1. Cost analysis and optimization

2. Provide visualized cloud billing reporting

3. Accurately manage resource costs and provide strong data support for business planning.

Automated O&M:

1. Provide a variety of O&M methods to meet personalized O&M needs;

2. Provide topology of resources that covers all scenarios to visualize connections between cloud resources.

Centralized Monitoring:

1. Centralized monitoring of the multi-cloud infrastructure layer;

2. Provide a large monitor, which simplifies monitoring in heterogeneous multi-cloud scenarios;

3. Support pushing alarms to users through SMS and email.

Cloud Safety:

1. RBAC-based refinement of permission control

2. Real-time monitoring of safety-related resources such as hosts and networks for timely discovery of safety vulnerabilities

3. Define operations related to safety risks to facilitate later audits.

Highly Available and Easily Extensible Architecture:

1. Cloud native development based on kubernetes, capable of load-oriented horizontal scaling, self-recovery from fault, and dynamic migration.

2. Template-based installation based on helm, deployed to any kubernetes cluster with one click.

Cloud Management

iSoftStone Multi-cloud Management Platform (iMMP) manages cloud resources (cloud servers, cloud load balancing, cloud object storage, virtual private networks, web application firewalls, etc.) based on the directory of the cloud service provider in a manner that supports self-service. The management runs through the life cycle of cloud resources in a hybrid cloud scenario, from resource access, application, automatic distribution, network configuration, purchase and renewal, configuration change to final release.


2.png

Elastic Computing

Kubernetes Container Management

Cluster Management

Support centralized management of kubernetes related clusters, such as Alibaba Cloud ACK, Huawei CCE, and self-built clusters. Also support cluster creation, cluster deletion, and certificate rotation by calling the interface of the corresponding cloud manufacturer.

Node Management

Support viewing the node management of kubernetes container platform, including label management and taint management.

Life cycle management of node, including basic life cycle control such as creation, deletion, and operation record query.

Workload

The service provides container application deployment and management capabilities based on the type of Kubernetes cloud native, and supports life cycle management such as deployment, configuration, monitoring, expansion, upgrade, uninstallation, service discovery, and balancing of container workload.

Network

Support http exposure through ingress and forwarding of the seven-layer protocol of http.

Support clusterIP, nodePort, and LoadBalancer; support direct connection to the load balancing of Alibaba Cloud.

Provide white list-based configuration rules, and allow access of namespaces or jobs under the white list only for network isolation.

Storage

Provide centralized management of storage resources, and visualize storage management throughout the life cycle, including addition, deletion and status view of storage volumes.

Permission Management

A fine-grained permission management feature based on Kubernetes’ RBAC (Role Based Access Control) capability and combined with the permission systems of various cloud manufacturers, supporting permission control at cluster and namespace levels and helping users with easy and flexible setting of operating permissions for users and user groups.

Backup

Provide a workload backup method based on the kubernetes namespace, and support the backup of workload and corresponding pv to OSS.

Cloud Server

Intended for life cycle management of cloud host.

Support operations such as creation, stop, start, restart, and deletion, as well as batch management.

Support creation of cloud host snapshots online for data backup, mirror customization, application-level disaster recovery and other scenarios.

Supports online mirror creation and dynamic loading and unloading of cloud disks during operation.

Support real-time performance monitoring, collect CPU, memory, disk IO, and network-related data from the cloud host, and provide graphical visualization.

Mirror

Support public mirror officially provided by public cloud, user-defined mirror, user-shared mirror, and mirror from the mirror market.

Support instantiation of the cloud host through mirror and life cycle management of custom mirror.

Cloud Disk

Cloud disk management: Support creation, deletion, mounting and unmounting of cloud disk, and creation of the snapshot.

Snapshot of cloud disk: Snapshots are taken when a cloud disk is in use.

Snapshot

Support manual creation of snapshots in terms of creation method and automatic backup of data in the cloud disk to enhance the safety of business data.

Support full-scale and incremental snapshots in terms of the order of creation.

Safety Group

Support the control of incoming and outflow traffic of one or more cloud host instances in and through the safety group.

Support the safety policies of different protocols, including TCP, UDP, ICMP, GRE, etc.

Physical Machine

Information query and management, resource attribution, IP address, monitoring, and release on the physical machine.

View monitoring information on the physical machine: performance and power monitoring information (status).

Storage

Object Storage Management

Support the creation and deletion of buckets, as well as management of files and folders.

Support the setting of cross-domain access rules.

File Storage

Support file system query and mounting point management, as well as the display of operating status and capacity monitoring.

Network

Private Network VPC

Support the creation of VPC networks, addition/deletion of subnets and NAT gateways, VPC routing table, and deletion.

Load Balancing

Support instance management and information query for load balancing, service listener management, health check configuration management, creation and deletion of forwarding rules, and query and management of back-end servers.

Elastic Public Network IP

Support query and creation, binding/unbinding, and query monitoring of instances.

NAT Gateway

Support management and query of NAT gateway.

 Cloud Operation

iMMP provides visualized cloud billing reporting, multi-dimensional reporting, cost optimization, cost monitoring, etc. to accurately manage resource costs and lend strong data support to business planning.

Cost Analysis

Application Scenarios:

Support users to flexibly define the analysis strategy of resource usage and cost billing statistics by organizational structure, account, product type, and time frame. The consumption structure is clear-cut. Support the possibilities of optimizing resources, improving resource utilization, preventing resource waste, and reducing cloud resources through analysis.

Features

Global cost summary: Summarize and analyze all cloud resource costs listed in charts and graphics.

Suggestions on cost optimization: Generate suggestions on cost optimization automatically based on a comprehensive analysis of the pressure load, configuration, and costs of cloud resources.

Resources Analysis

Based on the summary and analysis of resource load data on business applications, the system intelligently recommends options for rational use, allocation and optimization of resources, tracking the utilization of resources throughout the process, clearing idle resources, greatly improving the utilization rate of resources, and indirectly reducing the costs of resource usage.

Resources Analysis

Support automatic synchronization of computing resources (such as cloud servers and physical machines) and storage resources (such as object storage and block storage), display of monitoring data on each resource, and analysis on virtual machine hosts by CPU, memory, etc.

Suggestions on Resource Optimization

Support automatic filtering of virtual machines to be upgraded, downgraded, and deleted according to specified rules.

Intelligently identify resources with low utilization or high load.

Capacity Analysis

Provide a global capacity analysis report on resources such as metadata, monitoring data, and status data in each heterogeneous resource pool to visualize the capacity of enterprise cloud resources. Also, provide capacity trend forecasts to assist business decision-making and help enterprises adjust their capacity expansion plan promptly.

Resource Pool Analysis

Capacity analysis on block storage resources, object storage resources, and computing resources in resource pools, as well as their current distribution and usage.

Global Capacity Statistics

The cloud management platform should provide overall statistical analysis data of resource pools and a global resource view which should include the total capacity, used capacity, remaining capacity, and capacity trend analysis of resource pools (including virtual machines, physical machines, storage services, etc.).

Cloud O&M

Resource Orchestration Service

The resource orchestration service has a wide range of application scenarios to not only help enterprises migrate to the cloud rapidly but also enable batch deployment and distribution in a business environment on demand. At the same time, it deploys the cloud environment using only approved templates to enable IT compliance and avoid financial risks.

 3.png


Rapid Migration to the Cloud: Use the best practice of cloud precipitation, without requiring professional IT skills and cloud architecture design experience; make all resources at the solution level available with one click; optimize the cloud architecture.

On-demand Batch Deployment: Deploy multiple sets of environments where applications are run on demand in response to business expansion needs or DevOps scenarios.

Distribution in Business Environment: Realize consistent distribution in standardized environments across regions and accounts in a centralized IT management scenario to meet the business needs of organizations and teams.

Centralized Orchestration of IAAS and PAAS: first orchestrate IAAS resources such as cloud hosts, networks, and storage based on template, and then deploy PAAS resources such as kubernetes environments, RDS, and OSS, and even container applications.

Cloud Environment Management and Control: Deploy the cloud environment using only approved templates to meet internal compliance control requirements, which enables IT compliance and avoids financial risks.

O&M Job Management

With iMMS, O&M administrators of enterprises can select the script specified for the execution of target resources on the Web page and view script output. The system supports batch management of scripts such as Shell and Python and automated distribution of script tasks to realize more efficient O&M management.

Cross-cloud Disaster Recovery and Backup


4.png

Hybrid Cloud Disaster Recovery: Customers have strict requirements on application continuity in the local IDC room and hope to establish disaster recovery and backup center. However, traditional disaster recovery and backup center requires a large investment and can be costly. They hope to build an application disaster recovery center on the public cloud

Hybrid Cloud Backup: Customers are not happy to suffer data loss and hope to have the data in the local data center backed up on the cloud to ensure sustainability and also save the cost that otherwise results from the construction of a traditional backup center.

Hybrid Cloud Emergency Takeover: When the local data center fails, the data center on the cloud can quickly take over to ensure business continuity and take this opportunity to gradually accommodate business migrated from the local IDC room.

 Cloud Monitoring

Monitoring Alarm

The centralized monitoring center provides an out-of-the-box one-stop multi-cloud monitoring solution which enables all-round intelligent monitoring and alarming of cloud services, servers,kuberentes container platforms, and business applications in different cloud resource pools.

iMMP provides two accesses for the connection of monitoring data. For cloud environments where APIs for complete monitoring services or local area networks are available, the monitoring data can be connected to the centralized monitoring center through API adaptation, or more monitoring indicators can be collected through the implantation of a lightweight Agent.

Log Management

CSP monitoring provides one-stop log data management services, supports storage of cloud server logs at a low cost, and provides real-time retrieval, query and analysis, and audit of the log.

 Cloud Safety

Personnel Management

The personnel management module supports addition, deletion, modification, view, enabling, disabling, and password resetting of users. When users log in to the management and control platform for the first time, they must change the default login password. The module supports self-registration and retrieval of passwords.

Authority Management

The authority management module supports the creation of a user and assignment of different authority policies to users to meet their demand for access to and control of the system. The platform provides default role authority for system administrators and operation administrators. The operation administrator can customize roles and their scope of authority, so as to grant different users different authority to resource operations. Hence, resources can be under refined management.

Audit Log

Log audit is provided. The audit log records various information such as resource operations in each cloud environment, safety events of the system, user access records, system operation log, and system operation status. Logs in a consistent format are stored and managed centrally. Information system logs are fully audited.

 Multi-tenancy

iMMP supports hierarchical management of tenants and the application and management of resources by tenants from different departments and for different project purposes, etc. The administrator can collect statistics by department, project or other dimensions.

The system provides online standardized environments where applications are run and resource self-service. Application development and testing operators and O&M personnel can apply online for environments and resources to support the running of applications on various infrastructure platforms and quickly acquire them during application development and testing and production operation.

The system also supports locating, changing, operating, and recycling instances of resources in the runtime environment, as well as deploying and changing the operating system environment through the configuration of script tasks in batch.

After an application is filed to change the configuration of resources in the runtime environment, codes can be deployed continuously in the runtime environment for testing and the release version can be deployed in the runtime environment for production.

Resource Pool

Enterprises own multiple accounts and cloud resources with different cloud vendors. These can be divided into resource pools at the disposal of corresponding IT O&M personnel.

Support the creation, modification and deletion of resource pools, as well as the appointment of resource pool administrators.

Application and Approval of Resources

Tenants create a project and apply for an order within the project. The order is divided into quota order and resource order. If a quota is assigned to the project, the resource order proposed by the tenant will be automatically processed, including requisition, upgrading and downgrading, and release of resources. Tenants can view resources by project,cost overhead of the project, etc.

The administrator can proactively assign quotas to projects, and resources within the quota are not subject to approval. After the administrator receives an order from a user, he can process the order manually for approval.

Project

The department, number, name, description, corresponding resource pool, and authority (administration authority/use authority) of the project under the organization;

Order

Provide applications for various types of public cloud resources, including on a pay-per-click and yearly/monthly package basis, as well as various private cloud resources.

Support configuration changes and surrender of tenancy of various resources, as well as the flow of order processes.

Support viewing of basic order information, approval status, and resource list.

Approval

View all currently authorized applications for details. Support application approval, approval processing, and viewing of approval.

Quota

Support configuration for project setting and restrictions on CPU, memory and storage, or the number of cloud hosts.

System Management

Organization user management services are provided for operation administrators in enterprises to help them with easy multi-tenancy management, organization management, quota management, and authority management on the platform to achieve efficient IT governance.

Access to CSP Environment

iMMP supports access to mainstream public cloud environments, private cloud OpenStack and VMware environments, container clusters, virtual machines, physical machines and other types of resources. System administrators can allow access and synchronization of resources from hybrid cloud environments to the CSP configuration, and the LStack hybrid management platform can also adapt to more cloud resource environments based on the needs of users.

Personnel Management

The personnel management module supports addition, deletion, modification, view, enabling, disabling, and password resetting of users. When users log in to the management and control platform for the first time, they must change the default login password. The module supports self-registration and retrieval of passwords.

User Management

Support creation of users, setting of user groups, and establishment of user-based organizational architecture.

User Group

Support creation, deletion and modification of user groups, change of passwords, and addition and deletion of group members.

Import Users

Support integration with AD or common LDAP; import users from AD/LDAP.

Organization View

Support operation administrators in enterprises to configure multi-level enterprise branches and organizational interdepartmental relationships in a tree structure. They can also configure user information such as administrators for enterprise branches at all levels and assign different access rights to users based on their responsibilities in order to control their access to cloud resources. The system can be connected to the CSP identity authentication system to support joint identity authentication and single sign-on.

Supports quota setting across the organizational architecture, with the controllable cost of cloud resources and traceable usage of resources, to reduce the overall cost of IT resources for enterprises.

Organizational Management

Support visualization of the list of organizational departments and their user members in a tree structure.

Support addition of custom subordinate organizational units.

Support filtering users by department and movement of users between different departments.

Quota Management

Creation, deletion, modification and query of quotas.

Support setting of specified resource quota (including but not limited to CPU and memory) for each department or project, provided that the overall resources of the organization shall not exceed the set resource quotas.

Authority Management

The authority management module supports the creation of a user and assignment of different authority policies to users to meet their demand for access to and control of the system. The platform provides default role authority for system administrators and operation administrators. The operation administrator can customize roles and their scope of authority, so as to grant different users different authority to resource operations. Hence, resources can be under refined management.

Authorization Management

Support administrators to retrieve global users globally and choose to confer the default authority policy of the system or custom authority policy.

Support removal of historical authorization policies.

Authority Policy Management

Provide default authority policy and support authorized users to access relevant cloud services for operations.

Audit Log

Log audit is provided. The audit log records various information such as resource operations in each cloud environment, safety events of the system, user access records, system operation log, and system operation status. Logs in a consistent format are stored and managed centrally. Information system logs are fully audited.

License Management

License management is used to restrict and guarantee the use of the system by users within the authorized scope.

System Configuration

Storage service setting: Set the object storage resource information of iMMP related data

Message setting: Support viewing and setting of email, SMS notification, and gateway resource information in the system.

Language setting: Support viewing and setting of the default language of the system.

Logo setting: Support replacement of logos of the browser, navigation bar, and advertising area on the login page.

Support custom settings of the portal system, supported languages, copyright information, and quick navigation.

Announcement Management

Announcement creation: Level, content, release time, and expiration time of announcement.

Announcement management: List query, and creation, release, modification, deletion, expiration and top-posting of the announcement.

 Application Scenarios

Public Cloud + Private Cloud

Subject to industry regulation and policy compliance requirements, finance, government, and hospital customers, for example, will deploy less sensitive applications of business access on the public cloud and more sensitive applications of data processing on a local private cloud environment.

Heterogeneous Private Cloud

Over the long-term business development course, some traditional industries will find their IT infrastructure evolve into a hybrid cloud environment that includes systems with multiple architectures, such as the coexistence of VMware and OpenStack, and even some key applications can only run on physical machines, such as government service cloud and large-scale manufacturing industries.

Multiple Public Clouds

Concerned about the industry ecological environment and the business sensitivity of cloud vendors, customers in characteristic industries tend to deploy their business systems in multiple cloud vendors to avoid vendor lock-in and reduce strategic risks. E-commerce, game, and live streaming companies that start in China and then move to overseas markets, for example, deploy much more resource nodes with overseas public cloud vendors than domestic ones and enjoy better customer experience.

Central Cloud + Edge Cloud

In application fields such as security monitoring and industrial Internet of Things, the central cloud is suitable for scenarios characterized by non-real-time requirements, long-cycle data, and business decision-making, while the edge cloud is suitable for scenarios characterized by real-time requirements, short-cycle data, and local decision-making.


Contact Us

Name

Position

Company

Region

Telephone

E-mail

Description

Code

Submit

Zip code:100193

E-mail:contact@isoftstone.com

Telephone:+86 105874 9000

Fax:+86 105874 9001

Address:East Bldg. 16, Courtyard #10, Xibeiwang East Road, Haidian Dist., Beijing 100193, China