My Cloud: Private, Public or Something Else?
By Dipto Chakravarty, General Manager, Cloud Security & VP WW Engineering, Novell
If you have started to dig beneath the surface level of Cloud Computing, you have certainly discovered that there are many "Clouds" to consider, and it is not one single Cloud that will be part of your future. Likely the hottest trend we are seeing right now in enterprises is the focus on Private Clouds. What is a Private Cloud, and where does it fit in your future?
The National Institute of Standards and Technology (NIST) stepped forward with a definition of Clouds that is useful to consider. In their definition, four different Cloud deployments are specified:
- Public Cloud. As the name implies, this type of Cloud offering is generally available across the Internet and serves a virtually unlimited number of customers with the same infrastructure. Popular public Cloud offerings, such as those from Amazon, Rackspace, Salesforce.com, Microsoft and Google compete to provide a wide variety of IT services and business applications.
- Private Cloud. This type of Cloud is purposely built for a single organization, such as a financial institution or a government agency. Typically, the organization leverages technology for virtualizing operating systems and networks, and as a result may be able to collapse the number of servers and network devices Ė or at least manage them in a more coherent fashion.
- Community Cloud. This is a Cloud that is built for a discrete and well defined number of organizations. A supply chain or combination of several government agencies are good use cases to have in mind for this type of Cloud.
- Hybrid Cloud. This defines a combination of multiple of the above Cloud deployments, which are integrated in some way to achieve communications in support of some business initiative. A user may need to access multiple Clouds with a single set of credentials, data may need to flow between Clouds, or a Private Cloud application may need to temporarily use Public Cloud resources (known as "Cloud bursting").
For many enterprises building their Cloud Computing strategy, the focus has been restricted to the comparison between Public and Private Clouds. This is a fair starting point; large organizations have over time built relatively sophisticated IT architectures, systems and processes. This "internal" network provides context for considering a Private Cloud, while notions of outsourcing provide context for migrating systems into a Public Cloud. When comparing Public and Private Clouds today, organizations are typically considering the following factors:
- Cost. Which type of Cloud is cheaper now and over time?
- Security. How does the security of a Public Cloud compare to what I can accomplish internally, and what are the risks to my organization?
- Compliance. Am I able to demonstrate compliance to necessary regulations if I use a Public Cloud?
- Governance. What sort of visibility do I have into both the technology and the business practices of a Public Cloud provider, and do I have tools to manage the Cloud provider?
Not all organizations are coming to the same conclusion today, but at this stage we are generally seeing organizations make plans to both implement Private Clouds and utilize some services within Public Clouds. Organizational decision processes differ, some may be using sophisticated risk-based decision support processes, while others may be driven solely by cost to determine which IT service is handled by which Cloud deployment type. While there are certainly outliers, within enterprises that are evaluating Cloud computing, they are almost always considering both Public and Private Clouds. Private Clouds are getting more attention now as they provide means for gaining some benefits of Cloud computing while maintaining a sense of control. In the long run, it is doubtful that organizations will be able to compete with the efficiencies of Public Cloud providers, however, the short run of Private Clouds may in fact be very lengthy as organizations deal with very sensitive data and mission critical systems.
This consensus strategy of using both Private and Public Clouds by its definition means that organizations are moving in the direction of Hybrid Clouds. However, it is rare to see an organization with a roadmap to integrate these Clouds. Developing trust to allow authorized users to access each Cloud, share appropriate data between Clouds and providing application portability is the next critical step for enterprises. Lacking the Hybrid Cloud strategy is a recipe for disaster as user credentials will multiply while important data is left unprotected and critical business processes are hindered.
In evaluating organizations tackling the Hybrid Cloud roadmap, it is clear that Identity Management is at the very core of the strategy. Leveraging the enterprise directory as the primary identity provider is likely critical, but integrating thousands of Public and Private Cloud applications as "relying parties" is daunting. The promised economic benefits of Cloud computing will evaporate if organizations must manage the account provisioning, authentication, application entitlements and other IdM tasks manually.
Solving this "one to many" problem is no doubt a matter of federated identity management. Clearly there are standards such as SAML, SPML, OpenID and OAUTH that can be applied to the problem. Early adopters looking at Hybrid Cloud architectures are taking a close look at these standards and how they can encourage compliance from within their ecosystem of application providers, whether internally or within public SaaS providers. However, the scale of this problem has prevented most organizations from architecting the solution, let alone implementing it.
Ultimately a market solution is required that distributes the federation workload equally to the enterprise, SaaS providers and the developers of Private Cloud applications. Providing a service that is able to broker identity-based transactions using the common standards creates a platform for businesses to efficiently access applications on demand without compromising the integrity of its identity management system. If each application provider is able to perform the minimal steps to become a relying party, such as through using the SAML 2.0 protocol, enterprises can immediately access the application through its native directory store. The early adopters we have talked to understand this, and are requiring new SaaS applications being procured to support standards like SAML, even if they are not being federated out of the box.
Private AND Public Clouds are no doubt a part of the future of your enterprise. Welcome to the world of Hybrid Clouds, and the key identity management standards that will enable it.
About the Author
Dipto Chakravarty is the General Manager of Cloud Security, a new startup division of Novell, Inc. He also serves as the Vice President of Worldwide Engineering for Novellís Identity and Security business unit. Prior to Novell, Chakravarty ran product engineering for e-Security. He previously served as CTO and founder at Artesia, a firm he started with management buyout in 1999. Besides startup businesses, Chakravarty has held a variety of management positions at IBMís AIX kernel group, Thomsonís e-publishing group, and Bell Labís device drivers group.
In addition to being a 20-year software industry veteran, Chakravarty is the author of two best-selling computer books from McGraw-Hill that have been translated in five languages, has published over 45 technical papers in refereed journals, and holds several patents. Chakravarty holds a B.S and M.S in Computer Science and Electrical Engineering from University of Maryland, an MBA from Wharton Business School, and has completed the GMP program from Harvard Business School.More by Dipto Chakravarty