Defining Private Clouds, Part One

Defining Private Clouds, Part One

Your guide to public vs private

Absent excellent capacity planning, it's possible that resource demands from applications will come up dry, leading to insufficient capacity to meet computing demands as well as to uncomfortable meetings regarding the functionality of the private cloud. In a world of increased variability and low-visibility demand (after all, a private cloud implies that application managers can just press a button and get more of everything), capacity planning will move to a key role.

Security: Rather than being tied to resource provisioning as with the layers nearer the Hardware and Software Resources, security is an underpinning for all computing, no matter what specific resource is being used. The Cloud Security Alliance (CSA) just published a report on Cloud Computing Security, which is well worth reading. I will discuss the report in a future posting, but want to address a few specifics regarding how security must operate in cloud environments, including private clouds.

In a private cloud, security cannot be something to be evaluated on a case-by-case basis, subject to manual review, etc. In this sense, security for individual applications must be available just like the computing resources themselves: called by external actions and applied in an automated fashion. Security policy should be evaluated and defined generally, and then captured as individual rules to be applied according to application profile.

So, for example, if an application requires compliance with certain regulations, there must be a way to ensure those compliance measures are codified in some kind of rule that can be executed during application set up. Any need to examine the application's security requirements via human intervention and then implement them via someone doing manual configuration just introduces friction in the provisioning process and stalls the benefits of a private cloud.

The CSA's report goes into great detail about the security issues impinging on cloud environments; it's too much detail for me to address in this post, but the key point to be raised is that for a private cloud to really operate as a cloud, it must move all discussions and manual configuration out of the path of application initiation. The security capabilities of the internal cloud must be sufficiently defined and granular enough that an application can define its security requirements and have them applied to the resulting software components and hardware resources automatically.

Bandwidth: This is a critical resource and one that is going to be stressed in the future. The low-friction application creation and (especially) the enormous growth in data storage enterprises will continue to experience, along with the increasing use of external services as part of application architectures, means that lots more traffic is going to get pushed through pipes. Moreover, it's not enough that raw bandwidth is available, it has to support the latency levels needed by the various application components, which, just to reiterate the point, are likely to be more numerous than in the old, manual-oriented data center world, and also, as a result of larger data volumes, will require much more bandwidth. Perhaps it would be appropriate to say that this is a resource for which capacity planning will need to keep on top of demand patterns.

Identity Management: A robust identity management system needs to be in place to enable automation. Requests for computing services will come not from a sit-down meeting where authentication and authorization will be done on a personal basis—i.e., direct face-to-face interaction enabling the resource granter to identify the legitimacy of the request and the requestor—but from an service request via a software-enabled mechanism like an internal portal. This means that an identity management system must operate that encompasses all potential resource requesters as well as any system administration people involved in deploying resources. This identity management will need to be extended to incorporate roles to enable appropriate workflow, e.g., a project engineer requests resources (identity management system checked to see if this is an appropriate request for this individual), the request is passed on to the engineer's manager for approval (system checked to see who is appropriate approver as well as authority to approve), and so on.

Policy: A policy engine that contains the rules for resource requests is a necessary complement to the identity management system. The policy system ties together requests for resources, checking authorization and authentication, assignment of resources, and output of access information back to the requester.

The important thing to keep in mind regarding private clouds is that: (1) it creates a greater segregation between resource provisioning and resource demand; (2) it is likely to increase the overall demand for resources, given that reduced friction in resource requests will inevitably cause people to use more; (3) that implementing the automated data center will require additional hardware resources to enable remote resource association with individual application instances; and (4) capacity planning to ensure resource availability will become a core data center operations skill.

With respect to number 4, capacity planning needs to implement something like "just-in-time" infrastructure availability. This is because having too much capacity, with resources lying fallow, means a waste of capital (a no-no these days); while having too little capacity will restrict application agility, which is one of the main points for implementing a private cloud in the first place.

Next week, I'll look at private clouds from the User perspective, and discuss what processes and resources need to be in place for private clouds to be a workable solution.

Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.

Cloud Computing Seminars HyperStratus is offering three one-day seminars. The topics are: 1. Cloud fundamentals: key technologies, market landscape, adoption drivers, benefits and risks, creating an action plan 2. Cloud applications: selecting cloud-appropriate applications, application architectures, lifecycle management, hands-on exercises 3. Cloud deployment: private vs. public options, creating a private cloud, key technologies, system management The seminars can be delivered individually or in combination. For more information, see

Follow everything from on Twitter @CIOonline

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Cloudcloud computingprivate cloudBernard Goldenenterprise cloudHyperStratusinternal cloud

More about Amazon Web ServicesCSAEDS AustraliaGoogleStratusWal-Mart

Show Comments
<img height="1" width="1" style="border-style:none;" alt="" src="//"/>