Welcome!

@CloudExpo Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, William Schmarzo

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Building Private Clouds

Moving to a private cloud is easier than you think.

While the hype rages around cloud computing, most cloud implementations go the way of the private cloud and avoid the public clouds for now.  Private clouds are exactly what they sound like.  Your own instance of SaaS, PaaS, or IaaS that exists in your own data center, all tucked away, protected and cozy.  You own the hardware, you can hug your server.

However, what defines a private cloud these days could also mean systems that are remotely hosted but dedicated to a single enterprise, and, in some cases, provided out of a public cloud data center as a virtual private cloud.  Thus any cloud infrastructure that's dedicated to a single organization is getting the "private cloud" label.  This includes the emerging relabeling of existing enterprise software and hardware solutions, looking to deliver cloud-in-a-box private clouds.

If this sounds confusing, it is.  The technology vendors and the hype clearly load up the term "private cloud" with everything and anything.  However, the concept of private cloud computing has the potential to bring a huge amount of value to enterprise IT.  That is, if we understand the right approach, and how to leverage the right technology to create the building blocks of the private cloud.

Why Go Private?
Most enterprises are eager to leverage cloud computing, but not so eager to place core business processing and critical business data on public clouds.  Indeed, there may even be legal restrictions on where data may exist, as we have seen in the financial and health verticals, where some types of data may not exist outside of the enterprise.  Or, the risk of compromised or lost data outweighs the value that public cloud computing will bring.

While the regulations are real, most of those who select private over public cloud computing do so around control issues.  Many in enterprise IT don't like to give up control of core business systems since that is where they may place their own value.  If these systems are controlled and managed by others outside of the enterprise, they feel their value will be diminished.  In most cases these are false perceptions.

Security is another reason to go private cloud.  Public clouds provide rudimentary security subsystems that have thus far had a good track record.  However, most enterprises do not consider public clouds as secure as systems that exist on site or as those remotely hosted but completely under the enterprise's control.  While public cloud security is getting better, private clouds do offer fewer security risks.

Finally, there are performance issues with public clouds that include the natural latency of leveraging the Internet.  This is a matter of how the applications and systems are designed more than limitations of the clouds, but in some instances these are valid concerns in problem domains with a high amount of data transfer between the data server and the consumer.

What's a Private Cloud?
NIST defines a private cloud as "The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise."
For the most part, that is the definition that many are running with.  However, let's go a few steps farther to define the core attributes of private clouds, and cloud computing in general.  They are:

  • Multitenancy and resource pooling
  • Self or auto-provisioning
  • Use-based accounting
  • Security
  • Governance

First you'll notice that virtualization is not on the list despite the fact that those who leverage virtualization often call clusters of virtualized servers a private cloud.  The reality is that virtualization is often used when building a private cloud, and it is described below as a building block.  But simple virtualization does not a private cloud make, and you choose to leverage it or not.  For example, Google's cloud systems do not leverage virtualization but Amazon's AWS does.

Multitenancy refers to the managed access to resources (such as storage and compute services) in an environment where there is more than one user sharing those resources.  This is a critical building block of private cloud computing.  We could have hundreds or thousands of users who share the same sets of servers and attached devices.  That creates the need to ensure that any particular resource does not get saturated or accessed simultaneously, and that user and application processes stay out of each other's way.  The mechanisms and approaches to multitenancy vary greatly from cloud to cloud, but the objectives are much the same.

Related to multitenancy, resource pooling means that the provider's computing resources are pooled to serve multiple consumers using a multitenant model.  Different physical and virtual resources are dynamically assigned and reassigned according to consumer demand.

Perhaps the most important concept of private cloud computing is self or auto-provisioning. This is the ability for an application or a user to dynamically allocate resources (such as storage and compute) during operations.  This is typically accomplished by invoking a provisioning API, or, in some cases, going to a Web page where the resources can be manually allocated.  In some cases the resources are automatically provisioned as needed.  In addition, the same mechanisms can de-provision these resources after use.

Because we pay for the minutes of use, even within a private cloud, this means we can allocate the resources required to perform an operation, and then put them back when done.  For instance, we could allocate a hundred servers to perform a database extraction in 10 minutes, and then returning those servers back to the cloud for others to use.  Thus, we're being as efficient as possible with both the resources and the dollars spent.  This provisioning mechanism also provides the elasticity that many count in the advantage column of cloud computing, which is the ability to expand and contract the use of cloud resources as needed to support the application.

Use-based accounting refers to an automated approach to keep track of those who leverage a private cloud, and charge them back for the use.  Most private clouds are known resources, typically within the same company or governance agency, so these are budget dollars.  Statements are typically sent that describe the use of resources, duration, and the cost.  This is also helpful to understand how applications and users consume the private cloud resources, and track the times of day when system loads could be an issue.

Security is required to ensure that only those with authorization, including both humans and machines, can leverage the private cloud.  Typically this is user ID and password role-based security.  New, more sophisticated security models such as federated identity management have proven to be more effective.  We'll cover more about security below.

Governance means that we not only secure our private cloud, but we can create and manage policies to control access to resources and services.  We can define limits on when and how resources (such as storage, compute, and database services) are accessed by applications and users who leverage the private cloud.

Private Cloud Configurations
The latest configurations of private clouds are no longer just for data centers.  As introduced above, many private clouds may be outsourced as "virtual private clouds" within public cloud computing providers.  Amazon Web Services (AWS) provides just such a service, called Virtual Private Cloud or VPC.  Using this service you have the ability to logically group Amazon EC2 instances and assign them to a private IP address, and thus control traffic to and from the server.  They also offer an additional layer of security that allows you to create and manage network Access Control Lists (ACLs).  Finally, you can connect to the AWS data center using a VPN connection, and thus make the VPC an extension of your enterprise network.  Moreover, the cloud provider maintains the hardware for you, but you don't have physical access to the servers.

In other offerings, public cloud providers may even provide you with access to a dedicated physical server that you never actually see.  Of course this is at an additional cost, but many enterprises feel better if their servers only store their data.  In a virtualized and multitenant cloud, you're mixed in with everyone else who uses that cloud.  Again, you don't have physical access to the hardware, but the maintenance is handled by the cloud provider.

Other private clouds may exist in colocation data centers, or CoLos.  These are data center rentals where you own a cage full of servers that are tied directly back to the enterprise.  Unlike virtual private clouds or virtual private instances, you have access to the physical hardware when using this configuration.  This means you need to maintain the hardware as well.

Another approach is something called "cloud-in-a-box," which is a server or clusters of servers that have been pre-configured to provide most of the private cloud services listed above.  You just purchase the thing as a stand-alone server or appliance, install it in the data center, and you have your private cloud.  Oracle's Exalogic private cloud solution is clearly an example of a private cloud-in-a-box that comes with a million dollar starting price.

Don't forget there is the traditional approach to private cloud computing, where software is installed and configured on commodity servers that exist within the data center and that becomes the private cloud.  Server-run private cloud software provides most or all of the core private cloud attributes listed above.  This is the most popular configuration today, with the configurations above show gains in light of the desire for convenience and speed.

Building Blocks of Private Cloud
The building blocks of private cloud computing include the server virtualization software the many employ as a foundation for creating the private cloud.  However, some private cloud solutions don't leverage virtualization, as described above.

A common mistake is to assume that several virtualized servers are a private cloud.  Without the addition of multitenancy, use-based accounting, auto or self-provisioning, and other cloudy features we've described above, the private cloud functionality won't be there.

However, many private cloud solutions are ready-made to take advantage of server virtualization, including VMware's vCloud Director which leverages VMWare hypervisors.  Or, if you're going to open source, Eucalyptus can use a variety of virtualization technologies including VMware, Xen and KVM hypervisors to implement the cloud abstractions it supports.

Private cloud software is mostly purchased as pre-built packages, although it's possible to roll-your-own using various software components that provide the services defined above.  Just as with the public cloud space, we can place private clouds into three core categories: IaaS, PaaS, and SaaS.

IaaS private clouds are perhaps the most popular type of private cloud.  They provide self-provisioned access to core infrastructure services including storage and compute.  The most popular packaged IaaS systems include VMware's vCloud Director and Eucalyptus Systems, Inc.'s Eucalyptus.  However, the popularity of cloud computing is driving newer private cloud software solutions to the market including cloud.com and Nimbula, just to name a few.  Moreover, there are private clouds that provide just storage or just database services, but no access to a complete platform of resources.

However, there are also PaaS-based private clouds that are beginning to show up in data centers.  Like their public computing counterparts, these platforms provide the benefit of shared application development and deployment platforms.  Examples of providers in this space include Microsoft with their private cloud version of Azure.

Finally, there are SaaS versions of private clouds that provide access to common application services using a SaaS model, but deploy from a private cloud.  These are typically tactical software instances, such as e-mail and calendaring, but can also be system management and even enterprise applications.

Another building block is cloud service management.  Here we leverage mechanisms to manage the private cloud instance, including allocating and de-allocating servers, user management, security management, and other maintenance issues that need to be dealt with during the operations of the private cloud.  While you would think that these services would come from the private cloud computing software provider, in some cases they have to be sourced from a third party, such as abstract management of virtualized servers or storage management.

Use-based accounting, as defined above, is the ability to track the usage of the private cloud by humans and machines.  Again, in many instances, this feature will be provided by the private cloud software, but third party software can be integrated, or you may even leverage a public cloud service to perform this function.

Security within a private cloud environment is typically pretty basic.  To create the proper security solution you need to work from the requirements, which usually involves existing security and compliance policies.  While simple role-based security is often fine for most applications, there are requirements for more sophisticated security mechanisms such as advanced encryption, or federated identity solutions that allow for a more granular security configuration.  The usual security suspects are where to look here, such as the RSA for encryption and IBM and Oracle for federated identity tech.

Governance solutions for private cloud computing are perhaps the most overlooked component of the private cloud solution, but something that most of those who implement private cloud services will require at some point.  Again, the concept is to place rules and policies around cloud services, insuring that they are properly leveraged by authorized clients.  There are a few governance solutions that now support private clouds, such as Layer 7, Oracle, and Vordel.

So what does the hardware footprint look like for a private cloud?    It's really a matter of the capacity you need to support, and it can be anywhere from one appliance to several dozen racks of servers.  They can cost from a few hundred dollars to over a million dollars, depending on the need and configuration.

Best Practices
While private clouds are still very new in our world, some best practices are beginning to emerge around how to define, design, and implement a private cloud.

The first best practice is to focus on the requirements before you begin your journey to a private cloud solution.  Many tasked to deploy private clouds often skip the requirements, and thus take a shot in the dark around the best architecture and technology requirements, and thus they often miss the mark.  As a rule, make sure to move from the requirements, to the architecture, and then to the solution.  While the lure of a private cloud-in-a-box is sometimes too difficult to resist, most solutions require a bit more complex planning process to deliver the value.

Also recommended is the use of service oriented architecture (SOA) approaches around the definition and architecture of private clouds.  Many find that the use of SOA concepts, which can deliver solutions as sets of services that can be configured into solutions, is a perfect match for those who design, build, and deploy private clouds.

The second best practice is to define the business value of the private cloud before the project begins.  There should be a direct business benefit that is gained from this technology.  Many private cloud deployments will cost many millions of dollars, and will thus draw questions from management.  You need to be prepared to provide solid answers as to the ROI.

The final best practice is to work in small increments.  While it may seem a good idea to fill half the data center with your new private cloud...you'll need the capacity at some point right?  Not now.  You should only create private cloud instances with the capacity requirements for the next year.  If you've designed your private cloud right, and have leveraged the right vendors, increasing capacity should be as easy as adding additional servers as needed.

In Your Future?
Private clouds are really a direct copy of the efficiency of public cloud computing architectures, repurposed for internal use within enterprises.  The benefits are somewhat different, as is the technology, architecture, and the way private clouds are deployed.  In many respects private clouds are just another internal system, but it's the patterns of use where the value of private clouds really shines through, including access to shared resources that can be allocated on-demand.

Challenges that exist include the confusion around the term "private cloud," which is overused simply as way to push an existing software or hardware product as something that's now "a cloud," and thus relevant and cool.  This cloud washing has been going on for some time with everything from disk drives, printers, and scanners being positioned within the emerging space of the private cloud as "clouds."

The only way to counter this confusion is to stick to our guns in terms of what a private cloud is, including its attributes and building blocks as discussed in this article.  Without a clear understanding of the concept of a private cloud, and the best practices and approaches to build a private cloud, it won't provide the value we expect.

More Stories By David Linthicum

Dave Linthicum is Sr. VP at Cloud Technology Partners, and an internationally known cloud computing and SOA expert. He is a sought-after consultant, speaker, and blogger. In his career, Dave has formed or enhanced many of the ideas behind modern distributed computing including EAI, B2B Application Integration, and SOA, approaches and technologies in wide use today. In addition, he is the Editor-in-Chief of SYS-CON's Virtualization Journal.

For the last 10 years, he has focused on the technology and strategies around cloud computing, including working with several cloud computing startups. His industry experience includes tenure as CTO and CEO of several successful software and cloud computing companies, and upper-level management positions in Fortune 500 companies. In addition, he was an associate professor of computer science for eight years, and continues to lecture at major technical colleges and universities, including University of Virginia and Arizona State University. He keynotes at many leading technology conferences, and has several well-read columns and blogs. Linthicum has authored 10 books, including the ground-breaking "Enterprise Application Integration" and "B2B Application Integration." You can reach him at [email protected] Or follow him on Twitter. Or view his profile on LinkedIn.

@CloudExpo Stories
SYS-CON Events announced today that EARP will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "We are a software house, so we perfectly understand challenges that other software houses face in their projects. We can augment a team, that will work with the same standards and processes as our partners' internal teams. Our teams will deliver the same quality within the required time and budget just as our partn...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
SYS-CON Events announced today that Tappest will exhibit MooseFS at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. MooseFS is a breakthrough concept in the storage industry. It allows you to secure stored data with either duplication or erasure coding using any server. The newest – 4.0 version of the software enables users to maintain the redundancy level with even 50% less hard drive space required. The software func...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software in the hope of capturing value in IoT. Although IoT is relatively new in the market, it has already gone through many promotional terms such as IoE, IoX, SDX, Edge/Fog, Mist Compute, etc. Ultimately, irrespective of the name, it is about deriving value from independent software assets participating in an ecosystem as one comprehensive solution.
Regardless of what business you’re in, it’s increasingly a software-driven business. Consumers’ rising expectations for connected digital and physical experiences are driving what some are calling the "Customer Experience Challenge.” In his session at @DevOpsSummit at 20th Cloud Expo, Marco Morales, Director of Global Solutions at CollabNet, will discuss how organizations are increasingly adopting a discipline of Value Stream Mapping to ensure that the software they are producing is poised to o...
IBM helps FinTechs and financial services companies build and monetize cognitive-enabled financial services apps quickly and at scale. Hosted on IBM Bluemix, IBM’s platform builds in customer insights, regulatory compliance analytics and security to help reduce development time and testing. In his session at 20th Cloud Expo, Tom Eck, Industry Platforms CTO at IBM Cloud, will discuss how these tools simplify the time-consuming tasks of selection, mapping and data integration, allowing developers ...
SYS-CON Events announced today that Outscale, a global pure play Infrastructure as a Service provider and strategic partner of Dassault Systèmes, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2010, Outscale simplifies infrastructure complexities and boosts the business agility of its customers. Outscale delivers a secure, reliable and industrial strength solution for its customers, which in...
SYS-CON Events announced today that Outscale will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outscale's technology makes an automated and adaptable Cloud available to businesses, supporting them in the most complex IT projects while controlling their operational aspects. You boost your IT infrastructure's reactivity, with request responses that only take a few seconds.
SYS-CON Events announced today that Systena America will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Systena Group has been in business for various software development and verification in Japan, US, ASEAN, and China by utilizing the knowledge we gained from all types of device development for various industries including smartphones (Android/iOS), wireless communication, security technology and IoT serv...
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...
Cloud applications are seeing a deluge of requests to support the exploding advanced analytics market. “Open analytics” is the emerging strategy to deliver that data through an open data access layer, in the cloud, to be directly consumed by external analytics tools and popular programming languages. An increasing number of data engineers and data scientists use a variety of platforms and advanced analytics languages such as SAS, R, Python and Java, as well as frameworks such as Hadoop and Spark...
Interested in leveling up on your Cloud Foundry skills? Join IBM for Cloud Foundry Days on June 7 at Cloud Expo New York at the Javits Center in New York City. Cloud Foundry Days is a free half day educational conference and networking event. Come find out why Cloud Foundry is the industry's fastest-growing and most adopted cloud application platform.
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing bes...
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
In order to meet the rapidly changing demands of today’s customers, companies are continually forced to redefine their business strategies in order to meet these needs, stay relevant and continue to see profitable growth. IoT deployment and development is integral in this transformation, and today businesses are increasingly seeing the value of investing their resources into IoT deployments. These technologies are able increase ROI through projects such as connecting supply chains or enabling sm...
SYS-CON Events announced today that Twistlock, the leading provider of cloud container security solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Twistlock is the industry's first enterprise security suite for container security. Twistlock's technology addresses risks on the host and within the application of the container, enabling enterprises to consistently enforce security policies, monitor...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...
Everywhere we turn in our industry we can find strong opinions about the direction, type and nature of cloud’s impact on computing and business. Another word that is used in every context in our industry is “hybrid.” In his session at 20th Cloud Expo, Alvaro Gonzalez, Director of Technical, Partner and Field Marketing at Peak 10, will use a combination of a few conceptual props and some research recently commissioned by Peak 10 to offer a real-world consideration of how the various categories of...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...