Private clouds often require the use of third-party tools for tasks such as migrating applications, automating virtual machine provisioning and monitoring the environment. Three other facets of private
Service catalogs, or self-service portals, are the crux of the private cloud. They put the power in the end users’ hands by allowing them to choose from a list of available cloud services. Without proper management or visibility into service use, your cloud can get out of control.
Security is a major consideration in any virtualized environment, and the cloud is no different. But native security measures may not be enough and traditional security tactics won’t properly protect a cloud. And while cloud may seem to offer unlimited storage capabilities, mismanagement or improper allocation can actually increase storage use.
Service catalogs and the self-service portal
Service catalogs and self-service portals sometimes are treated as different entities, wherein the self-service portal acts as the interface to the service catalog. In cloud, however, these technologies are a single entity.
A service catalog typically contains a list of services being automated and made available to users. It is the source of record for the services that IT offers to internal users. A service catalog can contain the name, description, cost and information for services delivered by the back-office IT infrastructure. It allows users to serve themselves from a menu of cloud service offerings. A well-designed and integrated service catalog is an essential ingredient of a cloud.
When Suncorp, a financial services provider in Brisbane, Australia, was building its private cloud, an initial step was to create a service catalog. Suncorp’s service catalog contains the list of cloud services being automated for internal use and made available to business users via a self-service portal.
Service catalogs not only provide the list of services and their characteristics to users in cloud environments, they can also be integrated with a configuration management database (CMDB). For example, if you use your service catalog to provision virtual servers and a change in physical servers -- as denoted in the CMDB via a configuration management ticket -- impacts the number of CPUs available for these virtual servers, then this change would also be reflected in the service catalog.
The following is a list of companies that provide service catalogs and self-service portals:
- newScale, which Cisco acquired in April 2011, is the basis for Cisco’s Intelligent Automation tools for IT portals, service catalogs and lifecycle management software. This software helps IT organizations create self-service storefronts for data center and workspace services across physical, virtual and cloud environments.
- CA Service Catalog from CA Technologies enables organizations to define service offerings. Native multi-tenancy allows multiple physical catalogs to support multiple business models across physical, virtual and cloud environments. It uses a billing engine to automatically associate service usage with departments, cost centers and customers and can send out invoices.
- Nimsoft Service Desk module is a component of the Nimsoft Unified Manager offering that enables users to access the service catalog and submit change requests, report incidents, etc. Nimsoft Service Catalog uses ticket templates that allow users to enter requests for a cloud service. A workflow engine automatically routes all tickets to the appropriate group based on a combination of the requesters’ information and ticket information.
Where cloud security matters
Companies that move from physical to virtual environments, such as clouds, need to update their security. You can’t install a traditional firewall or antivirus software on a cloud-based virtual environment; physical firewalls aren’t designed to inspect and filter the traffic originating from a hypervisor that’s running several virtual servers. Whatever protection you have, it must be able to handle various activities like starting and stopping virtual servers and moving them.
There is little to say about the importance of security in the cloud that hasn’t been said already. However, many admins tend to overlook where security is important. Hypervisor security, for example, is both critical and overlooked. If an intruder gains control of a virtual server, he may be able to gain control of the hypervisor. A whole new set of security issues are coming to the fore as enterprises allow employees to access corporate data with smartphones and tablets, such as Apple’s iPad.
Security problems will be exacerbated if employees access back-office databases on mobile devices. Mobile clouds can help to resolve these security problems as they allow IT admins to centrally control security.
Important security facets in the cloud include auditing, intrusion detection, access controls and antivirus protection. A number of vendors provide the distinctive security protection that clouds require:
- Catbird’s vSecurity provides automated monitoring and enforcement for seven control areas: auditing, inventory management, configuration management, change management, access control, vulnerability management and incident response.
- Juniper Networks’ Altor VF integrates Altor’s virtual firewall technology with Juniper Networks’ Network and Security Manager and Juniper Network’s STRM Series Security Threat Response Managers. It enables users to secure their virtual servers and cloud environments.
- AppRiver SecureSurf cloud security suite includes email hosting, email security, archiving and Web protection services. SecureSurf, which is a relatively new addition to the AppRiver portfolio, is a Web filtering and malware protection offering. AppRiver provides its security services as a Software as a Service (SaaS).
- Barracuda Networks' Email Security Service provides a cloud-based email filtering service that can be used as a cloud protection layer for the Barracuda Spam and Virus Firewall.
- McAfee Cloud Security suite secures email, identity traffic and Web traffic. The McAfee Cloud Security Platform offers a variety of deployment options, ranging from on-premises solutions to SaaS solutions, to a hybrid combination of both.
Keeping cloud storage under control
Server virtualization has lowered IT costs and improved server utilization, but its proliferation has increased the amount of storage required. Some IT managers have discovered that money saved with server virtualization is now being spent on storage.
Virtual servers can consume up to 30% more disk space than physical servers. And VM sprawl, an unfortunate result of improperly managed virtual servers, has forced many enterprises to overhaul their data backup and disaster recovery (DR) strategies.
Some companies have indicated that they had to upgrade storage devices to handle the extra storage required for virtual server environments such as clouds. Other companies, such as Concur Technologies, a travel and management solutions provider headquartered in Redmond, Wash., not only moved storage up a tier from Serial ATA to Integrated Drive Electronics (IDE) to resolve performance issues, it also used data deduplication.
When creating virtual servers in a private cloud become more commonplace in enterprises and IT organizations begin supporting mobile devices, the amount of required storage will increase significantly. This increased storage use will push us to take a more serious look at storage virtualization, data deduplication and thin provisioning as well as a second look at data backup.
Enterprises have a few options for handling storage issues that crop up in virtualized environments. Technologies such as storage virtualization, deduplication and thin provisioning can optimize the storage requirements of a cloud environment. And several vendors offer tools that address the increase in storage use in cloud environments.
Some tools in this area include:
- NetApp MultiStore, which lets users create isolated logical partitions on a single storage system such that unauthorized users cannot access information on a secured virtual partition. MultiStore allows you to easily move virtual partitions between storage systems and provide DR in the cloud.
- DataCore SANsymphony-V storage hypervisor is a portable software package that’s used to enhance multiple disk storage systems by supplementing individual capabilities with extended provisioning, replication and performance. It offers a transparent virtual layer across consolidated disk pools, which can improve storage utilization.
- FalconStor FDS is a LAN-based deduplication tool that reduces storage capacity. It uses a centralized management graphical user interface (GUI) that allows users to define deduplication policies. FalconStor FDS scales from a small footprint to rack-size installments that support petabytes of logical storage capacity.
- Syncplicity's Virtual Private Cloud automatically synchronizes an unlimited number of files and folders across PCs, Macs, file servers, Google Docs and other cloud applications. It ensures that every file and file version is backed up to your own Virtual Private Cloud automatically -- on or off the corporate network.
- Axcient RapidRestore is a hybrid storage model that includes a storage appliance and an Internet storage service. Customers can back up storage locally and online for archiving. Axcient’s RapidRestore storage appliances have capacities ranging from 500 GB to 10 TB.
- Riverbed Whitewater appliance focuses on data security, accelerates transmission of data over the Internet and ensures data availability in cloud environments. Security of data and slow speeds of transmission of data to and from clouds are major concerns of cloud users.
Bill Claybrook is a marketing research analyst with over 35 years of experience in the computer industry with the last dozen years in Linux, open source and cloud computing. Bill was research director, Linux and Open Source, at The Aberdeen Group in Boston and a competitive analyst/Linux product marketing manager at Novell. He is currently president of New River Marketing Research and Directions on Red Hat. He holds a Ph.D. in computer science.
This was first published in January 2012