Welcome!

@CloudExpo Authors: Liz McMillan, Pat Romanski, Jason Bloomberg, Elizabeth White, Kevin Jackson

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Building Private Clouds

Moving to a private cloud is easier than you think.

While the hype rages around cloud computing, most cloud implementations go the way of the private cloud and avoid the public clouds for now.  Private clouds are exactly what they sound like.  Your own instance of SaaS, PaaS, or IaaS that exists in your own data center, all tucked away, protected and cozy.  You own the hardware, you can hug your server.

However, what defines a private cloud these days could also mean systems that are remotely hosted but dedicated to a single enterprise, and, in some cases, provided out of a public cloud data center as a virtual private cloud.  Thus any cloud infrastructure that's dedicated to a single organization is getting the "private cloud" label.  This includes the emerging relabeling of existing enterprise software and hardware solutions, looking to deliver cloud-in-a-box private clouds.

If this sounds confusing, it is.  The technology vendors and the hype clearly load up the term "private cloud" with everything and anything.  However, the concept of private cloud computing has the potential to bring a huge amount of value to enterprise IT.  That is, if we understand the right approach, and how to leverage the right technology to create the building blocks of the private cloud.

Why Go Private?
Most enterprises are eager to leverage cloud computing, but not so eager to place core business processing and critical business data on public clouds.  Indeed, there may even be legal restrictions on where data may exist, as we have seen in the financial and health verticals, where some types of data may not exist outside of the enterprise.  Or, the risk of compromised or lost data outweighs the value that public cloud computing will bring.

While the regulations are real, most of those who select private over public cloud computing do so around control issues.  Many in enterprise IT don't like to give up control of core business systems since that is where they may place their own value.  If these systems are controlled and managed by others outside of the enterprise, they feel their value will be diminished.  In most cases these are false perceptions.

Security is another reason to go private cloud.  Public clouds provide rudimentary security subsystems that have thus far had a good track record.  However, most enterprises do not consider public clouds as secure as systems that exist on site or as those remotely hosted but completely under the enterprise's control.  While public cloud security is getting better, private clouds do offer fewer security risks.

Finally, there are performance issues with public clouds that include the natural latency of leveraging the Internet.  This is a matter of how the applications and systems are designed more than limitations of the clouds, but in some instances these are valid concerns in problem domains with a high amount of data transfer between the data server and the consumer.

What's a Private Cloud?
NIST defines a private cloud as "The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise."
For the most part, that is the definition that many are running with.  However, let's go a few steps farther to define the core attributes of private clouds, and cloud computing in general.  They are:

  • Multitenancy and resource pooling
  • Self or auto-provisioning
  • Use-based accounting
  • Security
  • Governance

First you'll notice that virtualization is not on the list despite the fact that those who leverage virtualization often call clusters of virtualized servers a private cloud.  The reality is that virtualization is often used when building a private cloud, and it is described below as a building block.  But simple virtualization does not a private cloud make, and you choose to leverage it or not.  For example, Google's cloud systems do not leverage virtualization but Amazon's AWS does.

Multitenancy refers to the managed access to resources (such as storage and compute services) in an environment where there is more than one user sharing those resources.  This is a critical building block of private cloud computing.  We could have hundreds or thousands of users who share the same sets of servers and attached devices.  That creates the need to ensure that any particular resource does not get saturated or accessed simultaneously, and that user and application processes stay out of each other's way.  The mechanisms and approaches to multitenancy vary greatly from cloud to cloud, but the objectives are much the same.

Related to multitenancy, resource pooling means that the provider's computing resources are pooled to serve multiple consumers using a multitenant model.  Different physical and virtual resources are dynamically assigned and reassigned according to consumer demand.

Perhaps the most important concept of private cloud computing is self or auto-provisioning. This is the ability for an application or a user to dynamically allocate resources (such as storage and compute) during operations.  This is typically accomplished by invoking a provisioning API, or, in some cases, going to a Web page where the resources can be manually allocated.  In some cases the resources are automatically provisioned as needed.  In addition, the same mechanisms can de-provision these resources after use.

Because we pay for the minutes of use, even within a private cloud, this means we can allocate the resources required to perform an operation, and then put them back when done.  For instance, we could allocate a hundred servers to perform a database extraction in 10 minutes, and then returning those servers back to the cloud for others to use.  Thus, we're being as efficient as possible with both the resources and the dollars spent.  This provisioning mechanism also provides the elasticity that many count in the advantage column of cloud computing, which is the ability to expand and contract the use of cloud resources as needed to support the application.

Use-based accounting refers to an automated approach to keep track of those who leverage a private cloud, and charge them back for the use.  Most private clouds are known resources, typically within the same company or governance agency, so these are budget dollars.  Statements are typically sent that describe the use of resources, duration, and the cost.  This is also helpful to understand how applications and users consume the private cloud resources, and track the times of day when system loads could be an issue.

Security is required to ensure that only those with authorization, including both humans and machines, can leverage the private cloud.  Typically this is user ID and password role-based security.  New, more sophisticated security models such as federated identity management have proven to be more effective.  We'll cover more about security below.

Governance means that we not only secure our private cloud, but we can create and manage policies to control access to resources and services.  We can define limits on when and how resources (such as storage, compute, and database services) are accessed by applications and users who leverage the private cloud.

Private Cloud Configurations
The latest configurations of private clouds are no longer just for data centers.  As introduced above, many private clouds may be outsourced as "virtual private clouds" within public cloud computing providers.  Amazon Web Services (AWS) provides just such a service, called Virtual Private Cloud or VPC.  Using this service you have the ability to logically group Amazon EC2 instances and assign them to a private IP address, and thus control traffic to and from the server.  They also offer an additional layer of security that allows you to create and manage network Access Control Lists (ACLs).  Finally, you can connect to the AWS data center using a VPN connection, and thus make the VPC an extension of your enterprise network.  Moreover, the cloud provider maintains the hardware for you, but you don't have physical access to the servers.

In other offerings, public cloud providers may even provide you with access to a dedicated physical server that you never actually see.  Of course this is at an additional cost, but many enterprises feel better if their servers only store their data.  In a virtualized and multitenant cloud, you're mixed in with everyone else who uses that cloud.  Again, you don't have physical access to the hardware, but the maintenance is handled by the cloud provider.

Other private clouds may exist in colocation data centers, or CoLos.  These are data center rentals where you own a cage full of servers that are tied directly back to the enterprise.  Unlike virtual private clouds or virtual private instances, you have access to the physical hardware when using this configuration.  This means you need to maintain the hardware as well.

Another approach is something called "cloud-in-a-box," which is a server or clusters of servers that have been pre-configured to provide most of the private cloud services listed above.  You just purchase the thing as a stand-alone server or appliance, install it in the data center, and you have your private cloud.  Oracle's Exalogic private cloud solution is clearly an example of a private cloud-in-a-box that comes with a million dollar starting price.

Don't forget there is the traditional approach to private cloud computing, where software is installed and configured on commodity servers that exist within the data center and that becomes the private cloud.  Server-run private cloud software provides most or all of the core private cloud attributes listed above.  This is the most popular configuration today, with the configurations above show gains in light of the desire for convenience and speed.

Building Blocks of Private Cloud
The building blocks of private cloud computing include the server virtualization software the many employ as a foundation for creating the private cloud.  However, some private cloud solutions don't leverage virtualization, as described above.

A common mistake is to assume that several virtualized servers are a private cloud.  Without the addition of multitenancy, use-based accounting, auto or self-provisioning, and other cloudy features we've described above, the private cloud functionality won't be there.

However, many private cloud solutions are ready-made to take advantage of server virtualization, including VMware's vCloud Director which leverages VMWare hypervisors.  Or, if you're going to open source, Eucalyptus can use a variety of virtualization technologies including VMware, Xen and KVM hypervisors to implement the cloud abstractions it supports.

Private cloud software is mostly purchased as pre-built packages, although it's possible to roll-your-own using various software components that provide the services defined above.  Just as with the public cloud space, we can place private clouds into three core categories: IaaS, PaaS, and SaaS.

IaaS private clouds are perhaps the most popular type of private cloud.  They provide self-provisioned access to core infrastructure services including storage and compute.  The most popular packaged IaaS systems include VMware's vCloud Director and Eucalyptus Systems, Inc.'s Eucalyptus.  However, the popularity of cloud computing is driving newer private cloud software solutions to the market including cloud.com and Nimbula, just to name a few.  Moreover, there are private clouds that provide just storage or just database services, but no access to a complete platform of resources.

However, there are also PaaS-based private clouds that are beginning to show up in data centers.  Like their public computing counterparts, these platforms provide the benefit of shared application development and deployment platforms.  Examples of providers in this space include Microsoft with their private cloud version of Azure.

Finally, there are SaaS versions of private clouds that provide access to common application services using a SaaS model, but deploy from a private cloud.  These are typically tactical software instances, such as e-mail and calendaring, but can also be system management and even enterprise applications.

Another building block is cloud service management.  Here we leverage mechanisms to manage the private cloud instance, including allocating and de-allocating servers, user management, security management, and other maintenance issues that need to be dealt with during the operations of the private cloud.  While you would think that these services would come from the private cloud computing software provider, in some cases they have to be sourced from a third party, such as abstract management of virtualized servers or storage management.

Use-based accounting, as defined above, is the ability to track the usage of the private cloud by humans and machines.  Again, in many instances, this feature will be provided by the private cloud software, but third party software can be integrated, or you may even leverage a public cloud service to perform this function.

Security within a private cloud environment is typically pretty basic.  To create the proper security solution you need to work from the requirements, which usually involves existing security and compliance policies.  While simple role-based security is often fine for most applications, there are requirements for more sophisticated security mechanisms such as advanced encryption, or federated identity solutions that allow for a more granular security configuration.  The usual security suspects are where to look here, such as the RSA for encryption and IBM and Oracle for federated identity tech.

Governance solutions for private cloud computing are perhaps the most overlooked component of the private cloud solution, but something that most of those who implement private cloud services will require at some point.  Again, the concept is to place rules and policies around cloud services, insuring that they are properly leveraged by authorized clients.  There are a few governance solutions that now support private clouds, such as Layer 7, Oracle, and Vordel.

So what does the hardware footprint look like for a private cloud?    It's really a matter of the capacity you need to support, and it can be anywhere from one appliance to several dozen racks of servers.  They can cost from a few hundred dollars to over a million dollars, depending on the need and configuration.

Best Practices
While private clouds are still very new in our world, some best practices are beginning to emerge around how to define, design, and implement a private cloud.

The first best practice is to focus on the requirements before you begin your journey to a private cloud solution.  Many tasked to deploy private clouds often skip the requirements, and thus take a shot in the dark around the best architecture and technology requirements, and thus they often miss the mark.  As a rule, make sure to move from the requirements, to the architecture, and then to the solution.  While the lure of a private cloud-in-a-box is sometimes too difficult to resist, most solutions require a bit more complex planning process to deliver the value.

Also recommended is the use of service oriented architecture (SOA) approaches around the definition and architecture of private clouds.  Many find that the use of SOA concepts, which can deliver solutions as sets of services that can be configured into solutions, is a perfect match for those who design, build, and deploy private clouds.

The second best practice is to define the business value of the private cloud before the project begins.  There should be a direct business benefit that is gained from this technology.  Many private cloud deployments will cost many millions of dollars, and will thus draw questions from management.  You need to be prepared to provide solid answers as to the ROI.

The final best practice is to work in small increments.  While it may seem a good idea to fill half the data center with your new private cloud...you'll need the capacity at some point right?  Not now.  You should only create private cloud instances with the capacity requirements for the next year.  If you've designed your private cloud right, and have leveraged the right vendors, increasing capacity should be as easy as adding additional servers as needed.

In Your Future?
Private clouds are really a direct copy of the efficiency of public cloud computing architectures, repurposed for internal use within enterprises.  The benefits are somewhat different, as is the technology, architecture, and the way private clouds are deployed.  In many respects private clouds are just another internal system, but it's the patterns of use where the value of private clouds really shines through, including access to shared resources that can be allocated on-demand.

Challenges that exist include the confusion around the term "private cloud," which is overused simply as way to push an existing software or hardware product as something that's now "a cloud," and thus relevant and cool.  This cloud washing has been going on for some time with everything from disk drives, printers, and scanners being positioned within the emerging space of the private cloud as "clouds."

The only way to counter this confusion is to stick to our guns in terms of what a private cloud is, including its attributes and building blocks as discussed in this article.  Without a clear understanding of the concept of a private cloud, and the best practices and approaches to build a private cloud, it won't provide the value we expect.

More Stories By David Linthicum

Dave Linthicum is Sr. VP at Cloud Technology Partners, and an internationally known cloud computing and SOA expert. He is a sought-after consultant, speaker, and blogger. In his career, Dave has formed or enhanced many of the ideas behind modern distributed computing including EAI, B2B Application Integration, and SOA, approaches and technologies in wide use today. In addition, he is the Editor-in-Chief of SYS-CON's Virtualization Journal.

For the last 10 years, he has focused on the technology and strategies around cloud computing, including working with several cloud computing startups. His industry experience includes tenure as CTO and CEO of several successful software and cloud computing companies, and upper-level management positions in Fortune 500 companies. In addition, he was an associate professor of computer science for eight years, and continues to lecture at major technical colleges and universities, including University of Virginia and Arizona State University. He keynotes at many leading technology conferences, and has several well-read columns and blogs. Linthicum has authored 10 books, including the ground-breaking "Enterprise Application Integration" and "B2B Application Integration." You can reach him at [email protected] Or follow him on Twitter. Or view his profile on LinkedIn.

@CloudExpo Stories
"We want to show that our solution is far less expensive with a much better total cost of ownership so we announced several key features. One is called geo-distributed erasure coding, another is support for KVM and we introduced a new capability called Multi-Part," explained Tim Desai, Senior Product Marketing Manager at Hitachi Data Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-securit...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, will examine the regulations and provide insight on how it affects technology, challenges the established rules and will usher in new levels of diligence...
"DX encompasses the continuing technology revolution, and is addressing society's most important issues throughout the entire $78 trillion 21st-century global economy," said Roger Strukhoff, Conference Chair. "DX World Expo has organized these issues along 10 tracks with more than 150 of the world's top speakers coming to Istanbul to help change the world."
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
SYS-CON Events announced today that Calligo has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo is an innovative cloud service provider offering mid-sized companies the highest levels of data privacy. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalized support service from its globally located cloud platfor...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"Outscale was founded in 2010, is based in France, is a strategic partner to Dassault Systémes and has done quite a bit of work with divisions of Dassault," explained Jackie Funk, Digital Marketing exec at Outscale, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.