Is private cloud the only way to guarantee security?

Some believe this is the only true way forwards in the world of data privacy, yet according to the official NIST definition, “cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) -that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

The purpose of cloud computing is to create an “on-demand” computing service, delivered as a utility to be used as and when you need it – so that your IT provision no longer hinders your company growth by placing either over-budgeting restrictions or under provisioned equipment.

In a private cloud you have a virtualisation platform, yes you know that it’s yours and is not shared, therefore you have peace of mind with data security and the cross-contamination of others stealing resources on the platform – but you are still fixed to the initial size you buy. This still requires an estimate of what you may need in the future, restricting your growth without significant investment in additional hardware and overspending in order to ensure that you have the resilience to cope with hardware failure or wasted resource – if your company direction changes and you no longer have the same needs.

It is essentially the same model that has been deployed on-premise for years, but now outsourced for someone else to manage in a datacenter.

As a little secret (unless you are one of the three hyperscale cloud providers), some Value Added Resellers, and Managed Service Providers turned Cloud Service Providers want to sell you private cloud. It has the perfect mix of still selling hardware in the same manner they have done for the past two decades. It guarantees a revenue stream for a fixed term period and still has the word ‘cloud’ in the title therefore is it modern and relevant.

Certain cloud companies still struggle to transform their business models and financial models and to that end sales targets are easier to set and meet when selling a private cloud – as opposed to selling something that by design is flexible and therefore can change in value, size or can even disappear completely. No one wants to stand up at the of quarter sales meeting having gone from 150% of sales target to 60%, because they sold something that was changeable. Therefore it is easier to sell a fixed term private cloud.

Why not use public cloud?

Public cloud essentially delivers the same service as a private cloud – the difference being that you are sharing an underlying platform, that is on a much larger scale and takes advantage of the increases in the resilience of this larger platform. As you do not have to build resilience into your model, you can now use and pay for only what you need to operate your IT service at any point in time, without concern of budgeting for future capacity,  or leaving unused capacity. The real advantage is in the flexibility to change when you need to.

The only certainty is that things will change and for any business to survive it needs to have the flexibility to adapt. Everyday another high street store is closing, another company has gone to the wall because they did not adjust to the changing market.

A quick search will find you 100’s of companies that failed, or conversely 100’s of large world leading companies that are less than 10 years old.

Whilst AirBNB and Uber (who will come up in your search) are not lumbered with investment in real estate or vehicles and do not have to carry any cost when its not rented out. All companies can use the same mindset for their IT provision with the use of public cloud, back to the point of cloud computing being a model for enabling, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services).

Then comes the security question – only two years ago this was the biggest obstacle for not using cloud services, and arguably is still the biggest reason if you strip the word “cloud” out of “private cloud” – as you end up with a collocated, dedicated, managed virtualisation platform.

PeaSoup, a born in the cloud company has the advantage of not having to transform an existing business model. We do not have to sell companies what we want them to buy in order to satisfy an outdated sales process, and financial reporting model – instead we focus on turning computing into a service.

Public Cloud Architecture

There are many choices in architecture, but the best known and the preference for PeaSoup was to utilise a product called vCloud Director – as a side note I first saw the concept of vCloud Director in France, February 2008, so this technology has plenty of development history since its first release in 2010, and is now used by over 4000 providers in around 10 countries.

VMware vCloud Director is a flexible mechanism.  It powers and leverages VMware’s main virtualisation technologies, aligning them for cloud environments.

vCloud Director facilitates a multi-tenanted environment and segments this into software-defined datacentres. Each virtual datacentre consists of its own complete IT environment allowing differences in network architecture, topology and security systems to meet any customer requirements. Using a combination of VMware vSphere and VMware NSX infrastructure, vCloud Director enables complete isolation of tenants.

vCloud consists of several servers, each server runs specific services that collectively create a vCloud Director cell. As shown in the following figure, vCloud Director consists of a database and cells that share that database to connect multiple vCenter Servers, the ESXi hosts that the vCenter servers manage and NSX managers for controlling the networking services to establish a complex and secure cloud architecture.

 

The cloud abstraction layer is built using the software of vCloud Director and leveraging capabilities in both vCenter and NSX while connecting to the server group.

Cloud Security

From a security point of view, there is two type of threats that can exist with the cloud –  internal threats and external threats. Whilst external threats are common across both public and private cloud, internal threats are normally related to multi-tenancy environments and cause the most concerns in the adoption of public cloud services, vCloud director protects from both of these threats.

The main portion of vCloud Director security is to protect cloud tenants from internal threats from the security design and configuration of underlying virtualisation layer – which includes the design and configuration of vSphere, additional vCloud Director software-defined networks security, NSX, and ESXi hosts security.

vCloud Director enforces strict isolation and separation between vSphere operations and day-to-day tenants’ operations. This abstraction allows PeaSoup to delegate administration and the management of virtual datacenters to its customers who don’t manage common vCenter features like vMotion, vSAN, HA, DRS etc. Instead, the customer deals with deploying servers, organising them into vApp workloads, managing resource pools, storage, and creating/connecting them to networks with internetwork security, managing edge devices, firewall rules, VPN, load balancers and all other external security parameters with threat analysis techniques.

If this seems too much, the staff at PeaSoup are here to advise and assist at all times.

Most importantly, this functionality is controlled from a fully functional portal interface, delivering the true cloud computing model. This enables ubiquitous, convenient, on-demand network access to a shared pool of configurable computing, that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Conclusion

Everything the Cloud Infrastructure as a Service has promised to deliver, the reasons for using Cloud Services and the flexibility of Cloud Services comes from utilising the benefits of large-scale infrastructure,  that would be uneconomical for your business to acquire, manage and maintain.

Not so long ago, enterprise organisations had large scale IT infrastructures and therefore the concept of a private cloud was created. Now with the Hyper-Scale clouds, more enterprise organisations are moving to public cloud services for the benefits of costs saving. They are no longer having to shape their business decision of the amount of IT compute power they have available. SME organisations have always seen the advantage of moving to public cloud, but the IT industry as a whole has been reluctant to change, holding onto defunct business models and using the word ‘cloud’ to add a sheen to old solutions.

With change comes opportunity and the only certainty in business is that there will be change. Public Cloud, or just Cloud (as it should be called) – is the way to free your business to allow delivery of that change.