Welcome!

@CloudExpo Authors: Liz McMillan, Elizabeth White, Pat Romanski, Cameron Van Orman, Flint Brenton

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Building Private Clouds

Moving to a private cloud is easier than you think.

While the hype rages around cloud computing, most cloud implementations go the way of the private cloud and avoid the public clouds for now.  Private clouds are exactly what they sound like.  Your own instance of SaaS, PaaS, or IaaS that exists in your own data center, all tucked away, protected and cozy.  You own the hardware, you can hug your server.

However, what defines a private cloud these days could also mean systems that are remotely hosted but dedicated to a single enterprise, and, in some cases, provided out of a public cloud data center as a virtual private cloud.  Thus any cloud infrastructure that's dedicated to a single organization is getting the "private cloud" label.  This includes the emerging relabeling of existing enterprise software and hardware solutions, looking to deliver cloud-in-a-box private clouds.

If this sounds confusing, it is.  The technology vendors and the hype clearly load up the term "private cloud" with everything and anything.  However, the concept of private cloud computing has the potential to bring a huge amount of value to enterprise IT.  That is, if we understand the right approach, and how to leverage the right technology to create the building blocks of the private cloud.

Why Go Private?
Most enterprises are eager to leverage cloud computing, but not so eager to place core business processing and critical business data on public clouds.  Indeed, there may even be legal restrictions on where data may exist, as we have seen in the financial and health verticals, where some types of data may not exist outside of the enterprise.  Or, the risk of compromised or lost data outweighs the value that public cloud computing will bring.

While the regulations are real, most of those who select private over public cloud computing do so around control issues.  Many in enterprise IT don't like to give up control of core business systems since that is where they may place their own value.  If these systems are controlled and managed by others outside of the enterprise, they feel their value will be diminished.  In most cases these are false perceptions.

Security is another reason to go private cloud.  Public clouds provide rudimentary security subsystems that have thus far had a good track record.  However, most enterprises do not consider public clouds as secure as systems that exist on site or as those remotely hosted but completely under the enterprise's control.  While public cloud security is getting better, private clouds do offer fewer security risks.

Finally, there are performance issues with public clouds that include the natural latency of leveraging the Internet.  This is a matter of how the applications and systems are designed more than limitations of the clouds, but in some instances these are valid concerns in problem domains with a high amount of data transfer between the data server and the consumer.

What's a Private Cloud?
NIST defines a private cloud as "The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise."
For the most part, that is the definition that many are running with.  However, let's go a few steps farther to define the core attributes of private clouds, and cloud computing in general.  They are:

  • Multitenancy and resource pooling
  • Self or auto-provisioning
  • Use-based accounting
  • Security
  • Governance

First you'll notice that virtualization is not on the list despite the fact that those who leverage virtualization often call clusters of virtualized servers a private cloud.  The reality is that virtualization is often used when building a private cloud, and it is described below as a building block.  But simple virtualization does not a private cloud make, and you choose to leverage it or not.  For example, Google's cloud systems do not leverage virtualization but Amazon's AWS does.

Multitenancy refers to the managed access to resources (such as storage and compute services) in an environment where there is more than one user sharing those resources.  This is a critical building block of private cloud computing.  We could have hundreds or thousands of users who share the same sets of servers and attached devices.  That creates the need to ensure that any particular resource does not get saturated or accessed simultaneously, and that user and application processes stay out of each other's way.  The mechanisms and approaches to multitenancy vary greatly from cloud to cloud, but the objectives are much the same.

Related to multitenancy, resource pooling means that the provider's computing resources are pooled to serve multiple consumers using a multitenant model.  Different physical and virtual resources are dynamically assigned and reassigned according to consumer demand.

Perhaps the most important concept of private cloud computing is self or auto-provisioning. This is the ability for an application or a user to dynamically allocate resources (such as storage and compute) during operations.  This is typically accomplished by invoking a provisioning API, or, in some cases, going to a Web page where the resources can be manually allocated.  In some cases the resources are automatically provisioned as needed.  In addition, the same mechanisms can de-provision these resources after use.

Because we pay for the minutes of use, even within a private cloud, this means we can allocate the resources required to perform an operation, and then put them back when done.  For instance, we could allocate a hundred servers to perform a database extraction in 10 minutes, and then returning those servers back to the cloud for others to use.  Thus, we're being as efficient as possible with both the resources and the dollars spent.  This provisioning mechanism also provides the elasticity that many count in the advantage column of cloud computing, which is the ability to expand and contract the use of cloud resources as needed to support the application.

Use-based accounting refers to an automated approach to keep track of those who leverage a private cloud, and charge them back for the use.  Most private clouds are known resources, typically within the same company or governance agency, so these are budget dollars.  Statements are typically sent that describe the use of resources, duration, and the cost.  This is also helpful to understand how applications and users consume the private cloud resources, and track the times of day when system loads could be an issue.

Security is required to ensure that only those with authorization, including both humans and machines, can leverage the private cloud.  Typically this is user ID and password role-based security.  New, more sophisticated security models such as federated identity management have proven to be more effective.  We'll cover more about security below.

Governance means that we not only secure our private cloud, but we can create and manage policies to control access to resources and services.  We can define limits on when and how resources (such as storage, compute, and database services) are accessed by applications and users who leverage the private cloud.

Private Cloud Configurations
The latest configurations of private clouds are no longer just for data centers.  As introduced above, many private clouds may be outsourced as "virtual private clouds" within public cloud computing providers.  Amazon Web Services (AWS) provides just such a service, called Virtual Private Cloud or VPC.  Using this service you have the ability to logically group Amazon EC2 instances and assign them to a private IP address, and thus control traffic to and from the server.  They also offer an additional layer of security that allows you to create and manage network Access Control Lists (ACLs).  Finally, you can connect to the AWS data center using a VPN connection, and thus make the VPC an extension of your enterprise network.  Moreover, the cloud provider maintains the hardware for you, but you don't have physical access to the servers.

In other offerings, public cloud providers may even provide you with access to a dedicated physical server that you never actually see.  Of course this is at an additional cost, but many enterprises feel better if their servers only store their data.  In a virtualized and multitenant cloud, you're mixed in with everyone else who uses that cloud.  Again, you don't have physical access to the hardware, but the maintenance is handled by the cloud provider.

Other private clouds may exist in colocation data centers, or CoLos.  These are data center rentals where you own a cage full of servers that are tied directly back to the enterprise.  Unlike virtual private clouds or virtual private instances, you have access to the physical hardware when using this configuration.  This means you need to maintain the hardware as well.

Another approach is something called "cloud-in-a-box," which is a server or clusters of servers that have been pre-configured to provide most of the private cloud services listed above.  You just purchase the thing as a stand-alone server or appliance, install it in the data center, and you have your private cloud.  Oracle's Exalogic private cloud solution is clearly an example of a private cloud-in-a-box that comes with a million dollar starting price.

Don't forget there is the traditional approach to private cloud computing, where software is installed and configured on commodity servers that exist within the data center and that becomes the private cloud.  Server-run private cloud software provides most or all of the core private cloud attributes listed above.  This is the most popular configuration today, with the configurations above show gains in light of the desire for convenience and speed.

Building Blocks of Private Cloud
The building blocks of private cloud computing include the server virtualization software the many employ as a foundation for creating the private cloud.  However, some private cloud solutions don't leverage virtualization, as described above.

A common mistake is to assume that several virtualized servers are a private cloud.  Without the addition of multitenancy, use-based accounting, auto or self-provisioning, and other cloudy features we've described above, the private cloud functionality won't be there.

However, many private cloud solutions are ready-made to take advantage of server virtualization, including VMware's vCloud Director which leverages VMWare hypervisors.  Or, if you're going to open source, Eucalyptus can use a variety of virtualization technologies including VMware, Xen and KVM hypervisors to implement the cloud abstractions it supports.

Private cloud software is mostly purchased as pre-built packages, although it's possible to roll-your-own using various software components that provide the services defined above.  Just as with the public cloud space, we can place private clouds into three core categories: IaaS, PaaS, and SaaS.

IaaS private clouds are perhaps the most popular type of private cloud.  They provide self-provisioned access to core infrastructure services including storage and compute.  The most popular packaged IaaS systems include VMware's vCloud Director and Eucalyptus Systems, Inc.'s Eucalyptus.  However, the popularity of cloud computing is driving newer private cloud software solutions to the market including cloud.com and Nimbula, just to name a few.  Moreover, there are private clouds that provide just storage or just database services, but no access to a complete platform of resources.

However, there are also PaaS-based private clouds that are beginning to show up in data centers.  Like their public computing counterparts, these platforms provide the benefit of shared application development and deployment platforms.  Examples of providers in this space include Microsoft with their private cloud version of Azure.

Finally, there are SaaS versions of private clouds that provide access to common application services using a SaaS model, but deploy from a private cloud.  These are typically tactical software instances, such as e-mail and calendaring, but can also be system management and even enterprise applications.

Another building block is cloud service management.  Here we leverage mechanisms to manage the private cloud instance, including allocating and de-allocating servers, user management, security management, and other maintenance issues that need to be dealt with during the operations of the private cloud.  While you would think that these services would come from the private cloud computing software provider, in some cases they have to be sourced from a third party, such as abstract management of virtualized servers or storage management.

Use-based accounting, as defined above, is the ability to track the usage of the private cloud by humans and machines.  Again, in many instances, this feature will be provided by the private cloud software, but third party software can be integrated, or you may even leverage a public cloud service to perform this function.

Security within a private cloud environment is typically pretty basic.  To create the proper security solution you need to work from the requirements, which usually involves existing security and compliance policies.  While simple role-based security is often fine for most applications, there are requirements for more sophisticated security mechanisms such as advanced encryption, or federated identity solutions that allow for a more granular security configuration.  The usual security suspects are where to look here, such as the RSA for encryption and IBM and Oracle for federated identity tech.

Governance solutions for private cloud computing are perhaps the most overlooked component of the private cloud solution, but something that most of those who implement private cloud services will require at some point.  Again, the concept is to place rules and policies around cloud services, insuring that they are properly leveraged by authorized clients.  There are a few governance solutions that now support private clouds, such as Layer 7, Oracle, and Vordel.

So what does the hardware footprint look like for a private cloud?    It's really a matter of the capacity you need to support, and it can be anywhere from one appliance to several dozen racks of servers.  They can cost from a few hundred dollars to over a million dollars, depending on the need and configuration.

Best Practices
While private clouds are still very new in our world, some best practices are beginning to emerge around how to define, design, and implement a private cloud.

The first best practice is to focus on the requirements before you begin your journey to a private cloud solution.  Many tasked to deploy private clouds often skip the requirements, and thus take a shot in the dark around the best architecture and technology requirements, and thus they often miss the mark.  As a rule, make sure to move from the requirements, to the architecture, and then to the solution.  While the lure of a private cloud-in-a-box is sometimes too difficult to resist, most solutions require a bit more complex planning process to deliver the value.

Also recommended is the use of service oriented architecture (SOA) approaches around the definition and architecture of private clouds.  Many find that the use of SOA concepts, which can deliver solutions as sets of services that can be configured into solutions, is a perfect match for those who design, build, and deploy private clouds.

The second best practice is to define the business value of the private cloud before the project begins.  There should be a direct business benefit that is gained from this technology.  Many private cloud deployments will cost many millions of dollars, and will thus draw questions from management.  You need to be prepared to provide solid answers as to the ROI.

The final best practice is to work in small increments.  While it may seem a good idea to fill half the data center with your new private cloud...you'll need the capacity at some point right?  Not now.  You should only create private cloud instances with the capacity requirements for the next year.  If you've designed your private cloud right, and have leveraged the right vendors, increasing capacity should be as easy as adding additional servers as needed.

In Your Future?
Private clouds are really a direct copy of the efficiency of public cloud computing architectures, repurposed for internal use within enterprises.  The benefits are somewhat different, as is the technology, architecture, and the way private clouds are deployed.  In many respects private clouds are just another internal system, but it's the patterns of use where the value of private clouds really shines through, including access to shared resources that can be allocated on-demand.

Challenges that exist include the confusion around the term "private cloud," which is overused simply as way to push an existing software or hardware product as something that's now "a cloud," and thus relevant and cool.  This cloud washing has been going on for some time with everything from disk drives, printers, and scanners being positioned within the emerging space of the private cloud as "clouds."

The only way to counter this confusion is to stick to our guns in terms of what a private cloud is, including its attributes and building blocks as discussed in this article.  Without a clear understanding of the concept of a private cloud, and the best practices and approaches to build a private cloud, it won't provide the value we expect.

More Stories By David Linthicum

Dave Linthicum is Sr. VP at Cloud Technology Partners, and an internationally known cloud computing and SOA expert. He is a sought-after consultant, speaker, and blogger. In his career, Dave has formed or enhanced many of the ideas behind modern distributed computing including EAI, B2B Application Integration, and SOA, approaches and technologies in wide use today. In addition, he is the Editor-in-Chief of SYS-CON's Virtualization Journal.

For the last 10 years, he has focused on the technology and strategies around cloud computing, including working with several cloud computing startups. His industry experience includes tenure as CTO and CEO of several successful software and cloud computing companies, and upper-level management positions in Fortune 500 companies. In addition, he was an associate professor of computer science for eight years, and continues to lecture at major technical colleges and universities, including University of Virginia and Arizona State University. He keynotes at many leading technology conferences, and has several well-read columns and blogs. Linthicum has authored 10 books, including the ground-breaking "Enterprise Application Integration" and "B2B Application Integration." You can reach him at [email protected] Or follow him on Twitter. Or view his profile on LinkedIn.

@CloudExpo Stories
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats ...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant th...
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...
Many companies start their journey to the cloud in the DevOps environment, where software engineers want self-service access to the custom tools and frameworks they need. Machine learning technology can help IT departments keep up with these demands. In his session at 21st Cloud Expo, Ajay Gulati, Co-Founder, CTO and Board Member at ZeroStack, will discuss the use of machine learning for automating provisioning of DevOps resources, taking the burden off IT teams.
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
What is the best strategy for selecting the right offshore company for your business? In his session at 21st Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, will discuss the things to look for - positive and negative - in evaluating your options. He will also discuss how to maximize productivity with your offshore developers. Before you start your search, clearly understand your business needs and how that impacts software choices.
SYS-CON Events announced today that Cedexis will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cedexis is the leader in data-driven enterprise global traffic management. Whether optimizing traffic through datacenters, clouds, CDNs, or any combination, Cedexis solutions drive quality and cost-effectiveness.
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.
Today traditional IT approaches leverage well-architected compute/networking domains to control what applications can access what data, and how. DevOps includes rapid application development/deployment leveraging concepts like containerization, third-party sourced applications and databases. Such applications need access to production data for its test and iteration cycles. Data Security? That sounds like a roadblock to DevOps vs. protecting the crown jewels to those in IT.
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology? In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions: Private or public or hybrid cloud Responsible governing bodies How can we accomplish?