Reading an article from Bill Claybrook, titled “The challenges of moving to a private cloud” in Computerworld, got me thinking about what a private cloud really is. I found several definitions on the internet. SeachCloudComputing.com on the one hand speaks about virtualized and distributed computing environments behind the firewall, and on the other speaks about the need of organizations that want more control over their data than what they can get from third party hosted services such as Amazon EC2. PC Magazine speaks about cloud computing deployed internally and Webopedia speaks about a cloud computing platform that is implemented within the corporate firewall, under the control of IT. Let’s close this with the definition of the national Institute of Standards and Technologies (NiST): “The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise”. There are many more, but one thing is clear, they’re all over the place
Let’s now come back to reality and ask ourselves what customers want, and what they are afraid of in the public cloud. The latest IDC Survey “Risk in the Cloud” highlights a well-known tune. 87% of respondents cited security concerns, 83.5 % availability, 83% performance and 80% cited a lack of interoperability standards. A recent survey of cloud computing contracts by the School of Law at Queen Mary University of London identified that many contracts have clauses that could have a negative effect on the rights and concerns of customers.
The cost element also plays a role. Unfortunately comparing public cloud services is often like comparing budget airlines. The only consistent fact is that what you end up paying does not bare any resemblance with the advertised price. And this is due to the additional costs for inbound/outbound traffic, for writing to storage, for an IP address etc. From research done in house, we found out those requiring instances for less than 8 to 10 weeks may want to do it on the public cloud, if they are OK with the other elements listed above. But beyond that duration, another type of cloud turns out to be cheaper. I found similar conclusions in blog entries from wikibon and Out of the Box. Obviously, you have the counter arguments pointing out the higher efficiencies that can be achieved in public clouds. Well, that’s an interesting topic. I would dare to argue that, the larger the enterprise, the smaller the delta between the efficiencies achieved in public clouds and well managed private ones. Obviously, they need to be well managed and use similar approaches than the public ones. The advantage of private clouds, they don’t need to make a profit.
But my point is not there. What if we could deliver a service, private or public, that addresses the security, availability and performance fears, while maximizing interoperability, waiting for standards to emerge? We call that an “enterprise class” cloud. It’s a cloud where users are segregated properly and that they can reach through a variety of secure means, one that can be audited and for which the data center locations are known (ensuring compliance). It’s a cloud with proper service level agreements and contracts in place. It’s a cloud where the customer can decide whether he needs dedicated servers or can work with shared ones. And I could go on like this. A couple companies, HP being one of them, have started offering such services to their customers. In HP’s case it’s called Utility Services.
Let me come back to my original question. Are these public or private cloud services? Well depends. If I compare to the first three definitions highlighted, they are definitely public. Hang on; you can actually extend the firewall to those services through a leased line access. So, then they would be private? Well, you can have multiple customers sharing the same infrastructure, albeit fully segregated from each other.
You get the point. The NiST definition does not get us any further, but for a different reason. If the cloud is part of an infrastructure that is managed for more than one customer, it is a public cloud… even if a dedicated set of resources are reserved for a particular client.
I would like to suggest we look at things differently. Where are the potential issues? They are related to the fact that if the resources are shared amongst multiple users, there is a higher probability of security breach than if they are dedicated to one user. So, shouldn’t we start from that point? A private cloud is a cloud is a cloud that uses dedicated resources, whether on premise or off premise, a public one is one that uses shared resources. The one question that remains now, is whether having one team managing multiple private clouds (dedicated resource pools) is allowed in a private cloud? Yes it potentially increases the risk, but it is known in advance by the user. Sourcing such services from a well-known service provider should protect the user well as he/she would have contracts in place that include appropriate legal terms.
If you disagree with me, don’t hesitate to comment. I’m looking forward to it.