Interest Growing in Private Cloud Computing

Who says private clouds don't exist? Merrill Lynch says the public and private cloud infrastructure will be a $160 billion market by 2011. Someone is building private clouds. Understanding the concepts and principles behind private cloud will help you evaluate your options and lay the foundation in place for the future.

While there's still plenty of room for growth among enterprises for straight ahead, consolidation-oriented server virtualization projects, many organizations are looking to take their virtualization deployments to the next level. How? By shaping their data centers into elastic and self-service platforms akin to those built by large cloud computing outfits such as Amazon.com and Salesforce.com.

"Customers are quickly moving beyond the core hypervisor and focusing on mobility, self-provisioning, and metering and chargeback capabilities," said Matt Eastwood, group vice president of Enterprise Platforms at IDC. Eastwood, along with a host of analysts, pundits and vendors, have a name for these next-generation virtualization deployments: the private cloud.

Settling on a precise definition of the term isn't easy, since the term "cloud," on its own, remains rather nebulous, but for the purposes of initiating a discussion, let's say that the private cloud boils down to a set of scalable, dynamically provisioned, IT services which, unlike the public cloud, are hosted within an organization's corporate data center.

All the elasticity and convenience of a public cloud service, with the same option to go hug your servers that IT admins have always had-or so the sales pitch goes.

According to Matthew Richards, senior director of Product Marketing, Cloud Computing, at CA Technologies, "There's a lot of interest in building private clouds on the part of large enterprises today. It's becoming more and more important for IT departments to think of themselves as an internal service provider and focus on the services that are being delivered to business people." CA Technologies swept up a bunch of startups and recently released CA 3Tera AppLogic 2.9, a turnkey platform that facilitates the rapid delivery of application-centric public and private clouds.

And CA is far from alone: A broad swath of vendors, from server manufacturers on up has some product targeted at building and/or maintaining the private cloud. At this year's VMworld, VMware announced a slew of products to enhance vSphere with private cloud functionality, such as support for pooling virtual infrastructure resources for delivery as catalog-based services, and for chargeback models to measure and assign costs of virtual machines. Truly exciting is the availability of vSphere Enterprise Plus, which can be used to build private clouds and bridge to public clouds to automate the creation of hybrid clouds.

Other prominent initiatives in the private cloud space include Amazon Virtual Private Cloud, IBM CloudBurst and VMware's vSphere and vCenter. Dell offers Virtual Integrated System, Novell has Cloud Manager-and then there's Intalio, Oracle, Fujitsu-the list goes on and on.

Of course, it's not as simple as merely buying the right software. Amazon EC2 or Salesforce.com weren't built in a day, and companies that are in the business of providing utility compute services as their core business will always boast more resources, know-how and sheer scale than will be available to any single private enterprise. Public cloud players are quick to point out the scale issue in their criticism of the private cloud concept. Salesforce.com CEO Marc Benioff urged attendees at this year's Cloudforce to "beware of the false cloud. The false cloud is not efficient."

With that said, there's value in maintaining your own private IT resources that's not easily obtained from the public cloud, particularly where security, compliance and legal discovery are concerned. What's more, a lack for public cloud-size scale doesn't mean that organizations can't derive real benefits from organizing your infrastructure into a more cloud-like form. For enterprises already embracing x86 server consolidation to boost utilization and agility, combining multiple departmental virtual server farms into a single private cloud can, if executed well, lead to more efficient use of these resources.

What's So Attractive About the Private Cloud?

The perceived weaknesses of the public cloud approach typically revolve around security, control and demonstrating that both exist. The paradigm of protecting data by securing it within the corporate perimeter is familiar to just about every IT staffer. So in many ways the public cloud is a challenge to the status quo. Just as people love their privacy, enterprises want to keep their clouds private. We understand how to protect something that's private.

"It isn't necessarily that public cloud services are insecure by nature, but rather that they are not under a company's direct control," said Scott Crenshaw, vice president and general manager of the Cloud at Red Hat. "We know how to achieve compliance with internal resources, but don't fully understand the ramifications of doing so in a public environment."

Even in private cloud environments, however, multitenancy is a word that can strike fear in many an IT security administrators' hearts, particularly those responsible for audits and compliance. According to Eric Chiu, president and CEO of Hytrust, "the challenge becomes how to thrive in a multitenancy environment while preserving VM and data segregation as well as separation of duties." Virtual policy enforcement solutions such as Hytrust allow administrators to logically separate environments within the private cloud. Similarly, Checkpoint and Altor Networks apply security policy in virtual environments.

Assess the current regulatory environment and make sure that you can build a private cloud that is compliant today and hopefully in the future, or at least be updated when future changes occur. Compliance typically revolves around proving the confidentiality, integrity and chain of custody for sensitive pieces of data. Organizations must demonstrate compliance with regulatory requirements such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley Act and PCI, even as these regulations change. Version 2.0 of the PCI-DSS, which is set explicitly to address virtualization security, is due out any day now.

In addition, legal discovery or e-discovery, particularly the cost of the process, is a growing concern in virtualized and cloud environments. Managing virtual sprawl is one thing, but building a secure environment that preserves security controls over applications, data, personnel and the virtual machines is another.

"Many enterprises realize one day that they have terabytes or petabytes of files and they literally have no idea what is in them," said to Steve Akers, CTO and founder of Digital Reef, a company that provides e-discovery and governance solutions. "Organizations now have huge numbers of virtual machines (many of them with sensitive data on them) and files. A system must be in place to track virtual machine provisioning, file ownership and file contents. Private cloud operators must prepare for e-discovery [and compliance] in advance by establishing strong controls, maintaining a clear chain of custody and having audit services in place before they are needed."

Plan for Flexibility

There are many ways to get a private cloud off the ground. As usual, meet today's needs and build an adaptable management and security foundation for the future. Several current initiatives offer on-premise, cloud-like options for customers that entail the possibility of tapping a hybrid model in the future-you organize your internal stuff in a cloud-like way, you get more flexibility internally, and you get the option of hitting up public cloud resources to solve that elusive scale or capacity bursting bit of the equation when you need it and when you're comfortable with it.

An important consideration in building a private cloud or using a combination of public and private clouds is the interoperability and portability of virtual machines and virtualized workloads. The OVF (Open Virtualization Format) is an open and secure format for the packaging and distribution of virtual machines. A DMTF (Desktop Management Task Force) initiative, OVF promises to facilitate portable VM packaging, among other things, but difficulties regarding portability of VM's remain. "OVF isn't fully supported across vendors," said Navin Thadani, senior director, Virtualization Business at Red Hat, "and as a result we're seeing a great deal of demand for portability tools, especially from companies looking to cloudburst by dynamically scaling the private cloud into the public cloud."