This action might not be possible to undo. Are you sure you want to continue?
Posted: Friday 21st of May 2010 11:01:44 AM By Rich Wolski
The phrases "cloud computing" and "private cloud" have permeated the technical zeitgeist with a rapidity that we have rarely seen. As a result, we spend a good deal of our time discussing these concepts with our customers, partners, and technical colleagues in an effort to understand what they mean in concrete terms. In an effort to bring some clarity to these ruminations (primarily to myself), I've tried to distill them into a "Top 5" list of questions we are asked and to formulate my opinion of how they can, and in some cases should, be answered. First, the questions in dramatically paraphrased form are:
o o o o o
What is a "private cloud" and how is it different from a "public cloud" and a "virtualized data center?" Is a private cloud secure? How do I build a cloud? How do turn a private cloud into a hybrid cloud? What will I need to do to my applications to get them to run in a cloud, private or public? Clearly these questions are directed to us because of what we make (hence the bias towards private clouds). In putting this thinking together, it also occurred to me that this list is a product of the time frame in which it is formulated. That is, the five most frequent and pertinent questions we were being asked one year ago were quite different, and mostly focused on the impact of public clouds on the economics of Information Technology (IT). Be as it may, I provide my best effort to answer the questions as we see them in Spring of 2010. I provide these answers via a series of blogs to lessen the amount of time within one sitting you need to peruse my musing. In this posting, I tackle the first two questions.
What is a "private cloud" and how is it different from a "public cloud" and from a "virtualized data center?"
A private cloud is a cloud that implements the "cloud computing" model in a "private" setting where only a single organization has access to the resources that are used to implement the cloud. In other words, it is a cloud that an organization implements using its own resources (machines, networks, storage, data centers, etc.) Trivially, then, a private cloud is different from a public cloud because the public version implements cloud computing for multiple, possibly competing organizations using a single set of resources. The basic model for a public cloud is similar to that for a public power utility: a third-party vendor manages the infrastructure necessary to deliver
However. The common-carrier Internet plays the role of the transmission lines in this highly stylized analogy. When used as a data center control technology the "operator" (typically a system administrator) uses virtualization to abstract the "server" running in a VM away from the hardware on which it runs. which is to provide isolation between resources allocations. suspended. when an administrator issues a control command. by the time a correct accounting of the operations performed in a cloud is recorded.it is plural. The key difference lies in the purpose virtualization fulfills when it is used to control a data center versus when it is used to implement a cloud. but by itself. the internal state will have changed.g. Operating system virtualization is an important component of a private cloud. or upgraded independently of how the hardware running it is manipulated. In a cloud. Thus a private cloud should embody and reflect the "structure" that the organization imposes on it while a public cloud "flattens" the structure into a high-quality commodity that can be provided for a low cost at scale. to be an effective tool for administration. Put another way. and privacy. we are also asked to differentiate private clouds from virtualized data centers. Operating system virtualization (the ability to run "virtual machines" using a hypervisor as the base software layer) is a powerful tool and many IT organizations have implemented plans to use this tool to improve IT operations. Put in another less cryptic way. public clouds. By making a server a virtual entity (one not attached to a specific piece of hardware) it can be moved.two key functionalities used heavily in virtualized data centers. cloud platforms use virtualization asynchronously. virtualization inside a cloud prevents different collections of virtual machines from interfering with each other. "security" refers to the amount of "trust" a user or organization places in a particular technology with respect to theft. for reasons of scale. it does not implement a private cloud. The only way to prevent this state of affairs is to make the cloud handle requests one-at-a-time so that the internal state changes sequentially. Thus virtualization provides a way for a system administrator to manipulate the resources in a data center more flexibly and faster to achieve greater efficiencies. tend to provide low-cost but high-quality commoditized services to their customers in the spirit of a general utility. Most prominently. the command is implemented and the result returned in a way that allows the system administrator to know the state of the system from moment to moment. tampering. Frequently. a private cloud depends on operating system virtualization but it also requires quite a bit in addition to the ability to run virtual machines even if the virtualization technology supports this ability across the data center. Indeed many clouds do not take advantage of the VM mobility and multi-tenancy functions supported by most hypervisors -. In addition. private clouds must be able to incorporate the policies and infrastructure capabilities that are implemented by the organization that deploys them. That is. .computing capability to customers who pay usage fees. There is no cloud "console" that can report the state of the resources faithfully because to implement one. There are more subtle differences between these two paradigms as well. virtualization serves a different purpose. That is. Is a private cloud secure? The first observation I usually make in response to this question is that security is not a singular noun -. That trust is necessarily subjective (e. what I may trust you or may not and vice versa) so it is difficult to talk about security in absolute terms. That is. the cloud would need to make virtualization requests one-at-atime so that the state would be clearly known at the time it is reported. "Are these virtualized data centers not just private clouds?" is a typical question posed to us. Synchronizing requests in this way severely limits scalability. In contrast. the data center virtualization tools must operate as a console. even when deployed data center wide.
One of the characteristics of private clouds that make them attractive to an organization is that the degree of security (the degree of trust) can be completely controlled by the organization itself. particular with respect to the implementation of security policy. It can also audit and manage the implementation of security for the private cloud much in the same way it audits and manages security in a data center. is not about the degree of security that a private cloud offers over a public one. Because public clouds must serve a vast set of competing needs. it can. a private cloud should be no less secure than the data center in which it runs. If an organization wants to implement greater security or to relax security in a private cloud. they are necessarily limited in their ability to allow their users to customize them. Conversely. To withstand this Maelstrom they must constantly implement the state-of-the-art in counter measures. A private cloud must be able to allow organizations to specify (and change) security policies and subsequently to implement those policies using for resources under its control." A second and related predictive question that we get asked frequently is "Will public clouds ever be secure enough to supplant private clouds?" I'll leave this question for another time as answering it requires a rather even more voluminous analysis of the fundamental tenets underpinning cloud-computing security. I believe the real motivation for this question. That is. the public clouds are almost assuredly exposed to a constant barrage of very clever attacks. a private cloud must support local policy definition and customization and hence there is a perception that they are "more secure. and changed in response to the needs of the organization. Fundamentally. monitored. Moreover. . security is a matter of policy specification and implementation. but the degree to which security policy can be controlled. it is possible to deploy a private cloud in a way that is far less secure than the current batch of public clouds just as it is possible to deploy any infrastructure in an insecure way. I suspect that this question is also one that is motivated by a comparison of public cloud security characteristics with those of a private cloud. then. Often. if implemented properly. In fact. private cloud proponents claim that private clouds are more secure than public clouds.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.