Who says private clouds don't exist? Merrill Lynch says the public and private cloud infrastructure will be a $160 billion market by 2011. Someone is building private clouds. Understanding the concepts and principles behind private cloud will help you evaluate your options and lay the foundation in place for the future.
While there's still plenty of
room for growth among enterprises for straight ahead, consolidation-oriented
server virtualization projects, many organizations are looking to take their
virtualization deployments to the next level. How? By shaping their data
centers into elastic and self-service platforms akin to those built by large
cloud computing outfits such as Amazon.com and Salesforce.com.
"Customers are quickly
moving beyond the core hypervisor and focusing on mobility, self-provisioning,
and metering and chargeback capabilities," said Matt Eastwood, group vice
president of Enterprise Platforms at IDC. Eastwood, along with a host of
analysts, pundits and vendors, have a name for these next-generation
virtualization deployments: the private cloud.
Settling on a precise definition
of the term isn't easy, since the term "cloud," on its own, remains rather
nebulous, but for the purposes of initiating a discussion, let's say that the
private cloud boils down to a set of scalable, dynamically provisioned, IT
services which, unlike the public cloud, are hosted within an organization's corporate
All the elasticity and
convenience of a public cloud service, with the same option to go hug your
servers that IT admins have always had-or so the sales pitch goes.
According to Matthew Richards,
senior director of Product Marketing, Cloud Computing, at CA Technologies,
"There's a lot of interest in building private clouds on the part of large
enterprises today. It's becoming more and more important for IT departments to
think of themselves as an internal service provider and focus on the services
that are being delivered to business people." CA Technologies swept up a bunch
of startups and recently released CA 3Tera AppLogic 2.9, a turnkey platform
that facilitates the rapid delivery of application-centric public and private
And CA is far from alone: A
broad swath of vendors, from server manufacturers on up has some product
targeted at building and/or maintaining the private cloud. At this year's
VMworld, VMware announced a slew of products to enhance vSphere with private
cloud functionality, such as support for pooling virtual infrastructure
resources for delivery as catalog-based services, and for chargeback models to measure
and assign costs of virtual machines. Truly exciting is the availability of
vSphere Enterprise Plus, which can be used to build private clouds and bridge
to public clouds to automate the creation of hybrid clouds.
Other prominent initiatives in
the private cloud space include Amazon Virtual Private Cloud, IBM
CloudBurst and VMware's vSphere and vCenter. Dell offers Virtual Integrated
System, Novell has Cloud Manager-and then there's Intalio, Oracle, Fujitsu-the
list goes on and on.
Of course, it's not as simple as
merely buying the right software. Amazon EC2 or Salesforce.com weren't built in
a day, and companies that are in the business of providing utility compute
services as their core business will always boast more resources, know-how and
sheer scale than will be available to any single private enterprise. Public
cloud players are quick to point out the scale issue in their criticism of the
private cloud concept. Salesforce.com CEO Marc Benioff urged attendees at this
year's Cloudforce to "beware of the false cloud. The false cloud is not
With that said, there's value in
maintaining your own private IT resources that's not easily obtained from the
public cloud, particularly where security, compliance and legal discovery are
concerned. What's more, a lack for public cloud-size scale doesn't mean that
organizations can't derive real benefits from organizing your infrastructure
into a more cloud-like form. For enterprises already embracing x86 server
consolidation to boost utilization and agility, combining multiple departmental
virtual server farms into a single private cloud can, if executed well, lead to
more efficient use of these resources.
What's So Attractive About the Private Cloud?
The perceived weaknesses of the
public cloud approach typically revolve around security, control and
demonstrating that both exist. The paradigm of protecting data by securing it
within the corporate perimeter is familiar to just about every IT staffer. So
in many ways the public cloud is a challenge to the status quo. Just as people
love their privacy, enterprises want to keep their clouds private. We
understand how to protect something that's private.
"It isn't necessarily that
public cloud services are insecure by nature, but rather that they are not
under a company's direct control," said Scott Crenshaw, vice president and
general manager of the Cloud at Red Hat. "We know how to achieve compliance
with internal resources, but don't fully understand the ramifications of doing
so in a public environment."
Even in private cloud
environments, however, multitenancy is a word that can strike fear in many an
IT security administrators' hearts, particularly those responsible for audits
and compliance. According to Eric Chiu, president and CEO of Hytrust, "the
challenge becomes how to thrive in a multitenancy environment while preserving
VM and data segregation as well as separation of duties." Virtual policy enforcement solutions such as Hytrust allow administrators to logically separate environments within
the private cloud. Similarly, Checkpoint and Altor Networks apply security
policy in virtual environments.
Assess the current regulatory
environment and make sure that you can build a private cloud that is compliant
today and hopefully in the future, or at least be updated when future changes
occur. Compliance typically revolves around proving the confidentiality,
integrity and chain of custody for sensitive pieces of data. Organizations must
demonstrate compliance with regulatory requirements such as HIPAA (Health
Insurance Portability and Accountability Act), Sarbanes-Oxley Act and PCI, even
as these regulations change. Version 2.0 of the PCI-DSS, which
is set explicitly to address virtualization security, is due out any day now.
In addition, legal discovery or
e-discovery, particularly the cost of the process, is a growing concern in
virtualized and cloud environments. Managing virtual sprawl is one thing, but
building a secure environment that preserves security controls over
applications, data, personnel and the virtual machines is another.
"Many enterprises realize one
day that they have terabytes or petabytes of files and they literally have no
idea what is in them," said to Steve Akers, CTO and
founder of Digital Reef, a company that provides e-discovery and governance
solutions. "Organizations now have huge numbers of virtual machines (many of
them with sensitive data on them) and files. A system must be in place to track
virtual machine provisioning, file ownership and file contents. Private cloud
operators must prepare for e-discovery [and compliance] in advance by
establishing strong controls, maintaining a clear chain of custody and having
audit services in place before they are needed."
Plan for Flexibility
There are many ways to get a
private cloud off the ground. As usual, meet today's needs and build an
adaptable management and security foundation for the future. Several current
initiatives offer on-premise, cloud-like options for customers that entail the
possibility of tapping a hybrid model in the future-you organize your internal
stuff in a cloud-like way, you get more flexibility internally, and you get the
option of hitting up public cloud resources to solve that elusive scale or
capacity bursting bit of the equation when you need it and when you're
comfortable with it.
An important consideration in
building a private cloud or using a combination of public and private clouds is
the interoperability and portability of virtual machines and virtualized
workloads. The OVF (Open Virtualization Format) is an open and secure format
for the packaging and distribution of virtual machines. A DMTF (Desktop
Management Task Force) initiative, OVF promises to facilitate portable VM
packaging, among other things, but difficulties regarding portability of VM's
remain. "OVF isn't fully supported across vendors," said Navin Thadani, senior
director, Virtualization Business at Red Hat, "and as a result we're seeing a
great deal of demand for portability tools, especially from companies looking
to cloudburst by dynamically scaling the private cloud into the public cloud."
Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.