You have to admit that Cloud Computing has some very attractive features. It’s off-site of your premises, it comes with services levels, third party maintenance expertise and, in theory, a whole raft of lower costs (or at least costs that are off your company balance sheet).
However, best not ignore the downsides; physical and software security, data security, network reliability, business continuity, vendor lock-in, and long-term capacity planning. Suddenly those savings shrink in the face of all those uncertainties and potential catastrophes. So why are so many organisations now investing in Private Clouds?
Almost certainly the attractions win out. Secure a decent contract with a Cloud Services Provider and what you get are:
- Elasticity and scalability, where you get computing on demand and the ability to cover spikes in demand without sitting on a stack of servers in your own data centre, drinking energy and manpower 24/7.
- Computing as a commodity, bought as needed without resort to expensive tendering and capacity planning. Negotiate a bundled deal for so many processing cores and the technical specification of individual machines becomes a non-issue.
- Pay-as-you-go computing. Popularised by Amazon’s EC2 service, you only pay for computing resources for the amount of time that you need them. What this means is that individual departments and business units can pay for whatever IT they need as long as it is within their budget, without the central IT department having to directly support them. Of course, this relies on the budget holding up, so your head of department better have some good financial support and the assistance of smart procurement people to get those deals in the first place.
- Service level agreements. These are critical if you are to achieve economical service levels, even through unpredictable demand spikes.
- Lower costs. The savings to be had from the use of commoditised computing resources, snapped on and off and spread across low-cost locations are the Holy Grail.
Key to delivery is Para-virtualisation, wherein a number of powerful physical servers can be pooled to run many interchangeable, scalable virtual machines, to be swapped in and out as needed.
Objections to the Cloud model include the loss of control over enterprise and customer data, serious concerns over security and regulatory compliance. There’s an extra layer of protocols (technical and business) required in building a Private Cloud fit to overcome these objections.
To this end, you will find many IT departments building what looks like a Private Cloud inside the corporate firewall, perhaps only later moving it off-site to a third-party, hosted data centre. The question of who controls and supplies it is central to the definition of a Private Cloud. In this model, the economies of scale of the true Cloud Service are lacking, particularly if the physical server pool is capped and the IT department retains responsibility instead of a specialist third-party provider.
When Private Means Private
- Who owns and manages the cloud platform?
- Are other companies’ virtual machines hosted on the same cloud platform?
- Who is liable for breaches of the SLA’s?
- Who manages and controls the applications running on the cloud platform?
- Is your third party provider compelled to hand over data to law enforcement agencies?
- Are you connected to your Cloud over a private or public network?
The answers to these questions determine whether your Cloud infrastructure is truly private.
It’s possible to use the tools to Do-IT-Yourself and fashion your own virtualised infrastructure: VMWare, VirtualBox (ex-Sun, now owned by Oracle), Parallels and others have a low start-up threshold. I’ve got several Virtual Machines (VM’s) running on my desktop box. However, moving up the scale, the tools for managing a large, diverse and mission-critical infrastructure is non-trivial (I can now join the IT Professionals Club for using that phrase), as additional security tools are needed, not forgetting virtual and physical asset management, VM-image management (that’s build, deployment, version control), performance monitoring, prioritisation and the system administrators’ policies and procedures. Sometimes it’s better to let the big boys run the shop, leaving you, the customer, always in the right (contracts permitting!) Fortunately, there’s an expanding base of dedicated professionals skilling up for this area. Hire them direct or contract out, just make sure you get the right ones. AJS
Image: Clouds by Michael Drummond