Welcome!

@CloudExpo Authors: Liz McMillan, Pat Romanski, Elizabeth White, Automic Blog, Kevin Jackson

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Building Private Clouds

Moving to a private cloud is easier than you think.

While the hype rages around cloud computing, most cloud implementations go the way of the private cloud and avoid the public clouds for now.  Private clouds are exactly what they sound like.  Your own instance of SaaS, PaaS, or IaaS that exists in your own data center, all tucked away, protected and cozy.  You own the hardware, you can hug your server.

However, what defines a private cloud these days could also mean systems that are remotely hosted but dedicated to a single enterprise, and, in some cases, provided out of a public cloud data center as a virtual private cloud.  Thus any cloud infrastructure that's dedicated to a single organization is getting the "private cloud" label.  This includes the emerging relabeling of existing enterprise software and hardware solutions, looking to deliver cloud-in-a-box private clouds.

If this sounds confusing, it is.  The technology vendors and the hype clearly load up the term "private cloud" with everything and anything.  However, the concept of private cloud computing has the potential to bring a huge amount of value to enterprise IT.  That is, if we understand the right approach, and how to leverage the right technology to create the building blocks of the private cloud.

Why Go Private?
Most enterprises are eager to leverage cloud computing, but not so eager to place core business processing and critical business data on public clouds.  Indeed, there may even be legal restrictions on where data may exist, as we have seen in the financial and health verticals, where some types of data may not exist outside of the enterprise.  Or, the risk of compromised or lost data outweighs the value that public cloud computing will bring.

While the regulations are real, most of those who select private over public cloud computing do so around control issues.  Many in enterprise IT don't like to give up control of core business systems since that is where they may place their own value.  If these systems are controlled and managed by others outside of the enterprise, they feel their value will be diminished.  In most cases these are false perceptions.

Security is another reason to go private cloud.  Public clouds provide rudimentary security subsystems that have thus far had a good track record.  However, most enterprises do not consider public clouds as secure as systems that exist on site or as those remotely hosted but completely under the enterprise's control.  While public cloud security is getting better, private clouds do offer fewer security risks.

Finally, there are performance issues with public clouds that include the natural latency of leveraging the Internet.  This is a matter of how the applications and systems are designed more than limitations of the clouds, but in some instances these are valid concerns in problem domains with a high amount of data transfer between the data server and the consumer.

What's a Private Cloud?
NIST defines a private cloud as "The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise."
For the most part, that is the definition that many are running with.  However, let's go a few steps farther to define the core attributes of private clouds, and cloud computing in general.  They are:

  • Multitenancy and resource pooling
  • Self or auto-provisioning
  • Use-based accounting
  • Security
  • Governance

First you'll notice that virtualization is not on the list despite the fact that those who leverage virtualization often call clusters of virtualized servers a private cloud.  The reality is that virtualization is often used when building a private cloud, and it is described below as a building block.  But simple virtualization does not a private cloud make, and you choose to leverage it or not.  For example, Google's cloud systems do not leverage virtualization but Amazon's AWS does.

Multitenancy refers to the managed access to resources (such as storage and compute services) in an environment where there is more than one user sharing those resources.  This is a critical building block of private cloud computing.  We could have hundreds or thousands of users who share the same sets of servers and attached devices.  That creates the need to ensure that any particular resource does not get saturated or accessed simultaneously, and that user and application processes stay out of each other's way.  The mechanisms and approaches to multitenancy vary greatly from cloud to cloud, but the objectives are much the same.

Related to multitenancy, resource pooling means that the provider's computing resources are pooled to serve multiple consumers using a multitenant model.  Different physical and virtual resources are dynamically assigned and reassigned according to consumer demand.

Perhaps the most important concept of private cloud computing is self or auto-provisioning. This is the ability for an application or a user to dynamically allocate resources (such as storage and compute) during operations.  This is typically accomplished by invoking a provisioning API, or, in some cases, going to a Web page where the resources can be manually allocated.  In some cases the resources are automatically provisioned as needed.  In addition, the same mechanisms can de-provision these resources after use.

Because we pay for the minutes of use, even within a private cloud, this means we can allocate the resources required to perform an operation, and then put them back when done.  For instance, we could allocate a hundred servers to perform a database extraction in 10 minutes, and then returning those servers back to the cloud for others to use.  Thus, we're being as efficient as possible with both the resources and the dollars spent.  This provisioning mechanism also provides the elasticity that many count in the advantage column of cloud computing, which is the ability to expand and contract the use of cloud resources as needed to support the application.

Use-based accounting refers to an automated approach to keep track of those who leverage a private cloud, and charge them back for the use.  Most private clouds are known resources, typically within the same company or governance agency, so these are budget dollars.  Statements are typically sent that describe the use of resources, duration, and the cost.  This is also helpful to understand how applications and users consume the private cloud resources, and track the times of day when system loads could be an issue.

Security is required to ensure that only those with authorization, including both humans and machines, can leverage the private cloud.  Typically this is user ID and password role-based security.  New, more sophisticated security models such as federated identity management have proven to be more effective.  We'll cover more about security below.

Governance means that we not only secure our private cloud, but we can create and manage policies to control access to resources and services.  We can define limits on when and how resources (such as storage, compute, and database services) are accessed by applications and users who leverage the private cloud.

Private Cloud Configurations
The latest configurations of private clouds are no longer just for data centers.  As introduced above, many private clouds may be outsourced as "virtual private clouds" within public cloud computing providers.  Amazon Web Services (AWS) provides just such a service, called Virtual Private Cloud or VPC.  Using this service you have the ability to logically group Amazon EC2 instances and assign them to a private IP address, and thus control traffic to and from the server.  They also offer an additional layer of security that allows you to create and manage network Access Control Lists (ACLs).  Finally, you can connect to the AWS data center using a VPN connection, and thus make the VPC an extension of your enterprise network.  Moreover, the cloud provider maintains the hardware for you, but you don't have physical access to the servers.

In other offerings, public cloud providers may even provide you with access to a dedicated physical server that you never actually see.  Of course this is at an additional cost, but many enterprises feel better if their servers only store their data.  In a virtualized and multitenant cloud, you're mixed in with everyone else who uses that cloud.  Again, you don't have physical access to the hardware, but the maintenance is handled by the cloud provider.

Other private clouds may exist in colocation data centers, or CoLos.  These are data center rentals where you own a cage full of servers that are tied directly back to the enterprise.  Unlike virtual private clouds or virtual private instances, you have access to the physical hardware when using this configuration.  This means you need to maintain the hardware as well.

Another approach is something called "cloud-in-a-box," which is a server or clusters of servers that have been pre-configured to provide most of the private cloud services listed above.  You just purchase the thing as a stand-alone server or appliance, install it in the data center, and you have your private cloud.  Oracle's Exalogic private cloud solution is clearly an example of a private cloud-in-a-box that comes with a million dollar starting price.

Don't forget there is the traditional approach to private cloud computing, where software is installed and configured on commodity servers that exist within the data center and that becomes the private cloud.  Server-run private cloud software provides most or all of the core private cloud attributes listed above.  This is the most popular configuration today, with the configurations above show gains in light of the desire for convenience and speed.

Building Blocks of Private Cloud
The building blocks of private cloud computing include the server virtualization software the many employ as a foundation for creating the private cloud.  However, some private cloud solutions don't leverage virtualization, as described above.

A common mistake is to assume that several virtualized servers are a private cloud.  Without the addition of multitenancy, use-based accounting, auto or self-provisioning, and other cloudy features we've described above, the private cloud functionality won't be there.

However, many private cloud solutions are ready-made to take advantage of server virtualization, including VMware's vCloud Director which leverages VMWare hypervisors.  Or, if you're going to open source, Eucalyptus can use a variety of virtualization technologies including VMware, Xen and KVM hypervisors to implement the cloud abstractions it supports.

Private cloud software is mostly purchased as pre-built packages, although it's possible to roll-your-own using various software components that provide the services defined above.  Just as with the public cloud space, we can place private clouds into three core categories: IaaS, PaaS, and SaaS.

IaaS private clouds are perhaps the most popular type of private cloud.  They provide self-provisioned access to core infrastructure services including storage and compute.  The most popular packaged IaaS systems include VMware's vCloud Director and Eucalyptus Systems, Inc.'s Eucalyptus.  However, the popularity of cloud computing is driving newer private cloud software solutions to the market including cloud.com and Nimbula, just to name a few.  Moreover, there are private clouds that provide just storage or just database services, but no access to a complete platform of resources.

However, there are also PaaS-based private clouds that are beginning to show up in data centers.  Like their public computing counterparts, these platforms provide the benefit of shared application development and deployment platforms.  Examples of providers in this space include Microsoft with their private cloud version of Azure.

Finally, there are SaaS versions of private clouds that provide access to common application services using a SaaS model, but deploy from a private cloud.  These are typically tactical software instances, such as e-mail and calendaring, but can also be system management and even enterprise applications.

Another building block is cloud service management.  Here we leverage mechanisms to manage the private cloud instance, including allocating and de-allocating servers, user management, security management, and other maintenance issues that need to be dealt with during the operations of the private cloud.  While you would think that these services would come from the private cloud computing software provider, in some cases they have to be sourced from a third party, such as abstract management of virtualized servers or storage management.

Use-based accounting, as defined above, is the ability to track the usage of the private cloud by humans and machines.  Again, in many instances, this feature will be provided by the private cloud software, but third party software can be integrated, or you may even leverage a public cloud service to perform this function.

Security within a private cloud environment is typically pretty basic.  To create the proper security solution you need to work from the requirements, which usually involves existing security and compliance policies.  While simple role-based security is often fine for most applications, there are requirements for more sophisticated security mechanisms such as advanced encryption, or federated identity solutions that allow for a more granular security configuration.  The usual security suspects are where to look here, such as the RSA for encryption and IBM and Oracle for federated identity tech.

Governance solutions for private cloud computing are perhaps the most overlooked component of the private cloud solution, but something that most of those who implement private cloud services will require at some point.  Again, the concept is to place rules and policies around cloud services, insuring that they are properly leveraged by authorized clients.  There are a few governance solutions that now support private clouds, such as Layer 7, Oracle, and Vordel.

So what does the hardware footprint look like for a private cloud?    It's really a matter of the capacity you need to support, and it can be anywhere from one appliance to several dozen racks of servers.  They can cost from a few hundred dollars to over a million dollars, depending on the need and configuration.

Best Practices
While private clouds are still very new in our world, some best practices are beginning to emerge around how to define, design, and implement a private cloud.

The first best practice is to focus on the requirements before you begin your journey to a private cloud solution.  Many tasked to deploy private clouds often skip the requirements, and thus take a shot in the dark around the best architecture and technology requirements, and thus they often miss the mark.  As a rule, make sure to move from the requirements, to the architecture, and then to the solution.  While the lure of a private cloud-in-a-box is sometimes too difficult to resist, most solutions require a bit more complex planning process to deliver the value.

Also recommended is the use of service oriented architecture (SOA) approaches around the definition and architecture of private clouds.  Many find that the use of SOA concepts, which can deliver solutions as sets of services that can be configured into solutions, is a perfect match for those who design, build, and deploy private clouds.

The second best practice is to define the business value of the private cloud before the project begins.  There should be a direct business benefit that is gained from this technology.  Many private cloud deployments will cost many millions of dollars, and will thus draw questions from management.  You need to be prepared to provide solid answers as to the ROI.

The final best practice is to work in small increments.  While it may seem a good idea to fill half the data center with your new private cloud...you'll need the capacity at some point right?  Not now.  You should only create private cloud instances with the capacity requirements for the next year.  If you've designed your private cloud right, and have leveraged the right vendors, increasing capacity should be as easy as adding additional servers as needed.

In Your Future?
Private clouds are really a direct copy of the efficiency of public cloud computing architectures, repurposed for internal use within enterprises.  The benefits are somewhat different, as is the technology, architecture, and the way private clouds are deployed.  In many respects private clouds are just another internal system, but it's the patterns of use where the value of private clouds really shines through, including access to shared resources that can be allocated on-demand.

Challenges that exist include the confusion around the term "private cloud," which is overused simply as way to push an existing software or hardware product as something that's now "a cloud," and thus relevant and cool.  This cloud washing has been going on for some time with everything from disk drives, printers, and scanners being positioned within the emerging space of the private cloud as "clouds."

The only way to counter this confusion is to stick to our guns in terms of what a private cloud is, including its attributes and building blocks as discussed in this article.  Without a clear understanding of the concept of a private cloud, and the best practices and approaches to build a private cloud, it won't provide the value we expect.

More Stories By David Linthicum

Dave Linthicum is Sr. VP at Cloud Technology Partners, and an internationally known cloud computing and SOA expert. He is a sought-after consultant, speaker, and blogger. In his career, Dave has formed or enhanced many of the ideas behind modern distributed computing including EAI, B2B Application Integration, and SOA, approaches and technologies in wide use today. In addition, he is the Editor-in-Chief of SYS-CON's Virtualization Journal.

For the last 10 years, he has focused on the technology and strategies around cloud computing, including working with several cloud computing startups. His industry experience includes tenure as CTO and CEO of several successful software and cloud computing companies, and upper-level management positions in Fortune 500 companies. In addition, he was an associate professor of computer science for eight years, and continues to lecture at major technical colleges and universities, including University of Virginia and Arizona State University. He keynotes at many leading technology conferences, and has several well-read columns and blogs. Linthicum has authored 10 books, including the ground-breaking "Enterprise Application Integration" and "B2B Application Integration." You can reach him at [email protected] Or follow him on Twitter. Or view his profile on LinkedIn.

@CloudExpo Stories
SYS-CON Events announced today that Evatronix will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Evatronix SA offers comprehensive solutions in the design and implementation of electronic systems, in CAD / CAM deployment, and also is a designer and manufacturer of advanced 3D scanners for professional applications.
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone inn...
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
DevOps promotes continuous improvement through a culture of collaboration. But in real terms, how do you: Integrate activities across diverse teams and services? Make objective decisions with system-wide visibility? Use feedback loops to enable learning and improvement? With technology insights and real-world examples, in his general session at @DevOpsSummit, at 21st Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, explored how leading organizations use data-driven DevOps to close th...
"Digital transformation - what we knew about it in the past has been redefined. Automation is going to play such a huge role in that because the culture, the technology, and the business operations are being shifted now," stated Brian Boeggeman, VP of Alliances & Partnerships at Ayehu, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
"WineSOFT is a software company making proxy server software, which is widely used in the telecommunication industry or the content delivery networks or e-commerce," explained Jonathan Ahn, COO of WineSOFT, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve f...
Digital Transformation (DX) is not a "one-size-fits all" strategy. Each organization needs to develop its own unique, long-term DX plan. It must do so by realizing that we now live in a data-driven age, and that technologies such as Cloud Computing, Big Data, the IoT, Cognitive Computing, and Blockchain are only tools. In her general session at 21st Cloud Expo, Rebecca Wanta explained how the strategy must focus on DX and include a commitment from top management to create great IT jobs, monitor ...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
You know you need the cloud, but you're hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You're looking at private cloud solutions based on hyperconverged infrastructure, but you're concerned with the limits inherent in those technologies. What do you do?