Infrastructure is where the public cloud model can offer the biggest benefit for startups. Public clouds allow...
startups to spin up their businesses quickly without eating into smaller cash flows by wasting dollars on building their own internal IT infrastructures.
Whereas virtualization was a tactical solution that evolved into a strategic model, the cloud represents a strategic shift.
But there is an unhealthy assumption that by merely adopting a public cloud strategy, organizations will automatically save money. This is not necessarily true.
Some employees may be using the cloud right now without even knowing. This represents a hidden "iceberg" of cost, where employees may be spending their organization’s money on virtual machines (VMs) with providers like Amazon EC2. This not only circumvents the standard operating procedures of many organizations but also their accounting and auditing systems as well.
For two major reasons – to guarantee that commercially sensitive content remains private and to ensure the application of proper accountancy practices -- it may be time for organizations to legitimize public cloud for certain types of work. Costs will be incurred, but they should not be hidden from the business like a dirty little secret.
Managing the cloud
The two main areas of the cloud that users interact with are the service catalog and the self-service portal. It’s important to remember that having these features doesn't equal having a cloud; these are just the elements that are visible in the user interface.
There are management tasks that need to be carried out before users can even log on and start working. Envision the service catalog as the storefront or shop window from which the business offers pre-packaged and configured applications that consumers can use.
The vApps in this catalog should represent the applications that business units want and need. Consider an audit of these applications to make sure that they are what different business units require. The service catalog needs to be presented in an attractive and simple way via the self-service portal.
The real management challenges involve trying to integrate a cloud automation system on top of an existing virtual and physical infrastructure. Just as virtualization introduced new changes at the network and storage layer, so does the cloud.
Private clouds may introduce new requirements that are go beyond normal virtualization needs. On the network side, you will need to ask your network team to create a significant number of VLANs on the physical switches to offer up pools of networks that cloud users can address. Typically, users creating new vApps initiate these requests.
Network teams may react negatively to the idea that countless dormant VLANs are being created without knowing when they will be used. Therefore, the cloud and virtualization administration teams will have to explain, and justify in detail, the need for this configuration.
Storage in the cloud
Similarly, even larger pools of storage will need to be created, often using other tiers of arrays as well as different types and numbers of spindles, capacity and redundancy. These will then be displayed to users as data stores offering gold, silver and bronze classes of storage. Technologies such as thin provisioning and data deduplication may elevate this anxiety, but the main concern will be that the storage team is losing control of its part of the physical infrastructure.
The way most clouds present storage is at odds with the best practices of virtualization vendors. The general recommendation is to split the virtual disks across different classes for optimum performance -- fitting the demands of each virtual disk against its IOPS needs.
The cloud doesn’t currently offer this level of granularity, with the boot OS, log files and data all being dumped on the same class of storage. Thus, it is possible for ancillary log files to be stored on some of the most expensive storage available. So there is tension surrounding the attempt to simplify the virtualization environment without losing the granularity that application owners have come to expect in recent years.
Securing the cloud
The focus of cloud security has been multi-tenancy, which can be compared to an office block that is shared by many different businesses: Businesses rent the space and services they need without the burden of managing and maintaining the physical infrastructure. Security practices must ensure that any shared-access model does not allow for one business to intrude upon another. After all, you might be sharing the office block with one of your competitors.
Some employees may be using the cloud right now without even knowing.
One area of concern is whether the cloud security model allows for these organizational units to be secured from unauthorized access by a cloud provider. Who polices the police?
If the cloud administrator has access to the underlying virtual infrastructure, then there is little to stop him or her from duplicating the data that resides inside a VM’s virtual disks and attaching that data to a VM for which they have system-wide administrative privileges. So one major challenge of the cloud model is ensuring that correct role-based access privileges have been assigned in such a way that one individual does not hold all the keys to the kingdom. In the case of the public cloud, it means trusting your provider to apply appropriate security procedures in its delegation process.
Overemphasis on multi-tenancy unduly places focus purely on the network layer, often at the expense of analyzing how raw data is secured and protected. For this reason, it is worth investigating private key encryption of data balanced against the regional laws that govern the physical location of the cloud.
Before adopting any cloud automation layer, it’s necessary to conduct a root and branch audit of your existing virtual infrastructure. Whereas virtualization was a tactical solution that evolved into a strategic model, the cloud represents a strategic shift. Even more so than virtualization, cloud technology needs backing from senior managers and a project manager who is dedicated full time to delivering it.
ABOUT THE AUTHOR:
Mike Laverick (VCP) has been involved with the VMware community since 2003. Laverick is a VMware forum moderator and member of the London VMware User Group Steering Committee. Laverick is the owner and author of the virtualization website and blog RTFM Education, where he publishes free guides and utilities aimed at VMware ESX/VirtualCenter users, and has recently joined SearchVMware.com as an Editor at Large. In 2009, Laverick received the VMware vExpert award and helped found the Irish and Scottish VMware user groups. Laverick has had books published on VMware Virtual Infrastructure 3, VMware vSphere4 and VMware Site Recovery Manager.