Building a local Cloud environment

It can be said that a local Cloud environment is not much different from the traditional data center.

However, by employing modern Cloud technology and architectures large organizations can benefit from the better of two worlds, both the private data center and the Cloud. A private data center provides you with complete control and your own internal security mechanisms rule. In addition, a private Cloud gives you flexibility, enhanced scalability and enhanced accessibility for employees;

for example supporting secure home working places using VPN connections. Many large

organizations already have experience with VPN and managed office solutions based on the Citrix architecture. Moving into the Cloud seems to be the next logical step.

2.1.1 Main components of a local Cloud environment

This paragraph gives a quick overview of the main hardware and software components of a local Cloud environment as well as some key performance criteria.

Main hardware components

− Blade server arrays; minimized and often diskless servers that boot from a SAN array hich are used for specific purposes such as web hosting, virtualization, and cluster computing.

(Devcentral.f5.com, 2009) Some examples:

o Different type of servers; Database servers, Application servers, Web servers, Backup servers, Network/domain servers (Windows server 2008, Unix, Linux)

o Workstation or virtual desktop

− Local Area Network (LAN)

− Storage;

o Storage Area Network (SAN); dedicated network that provides access to consolidated, data storage.

o Network Attached Storage (NAS)

− Load balancer; A load balancer provides the means by which instances of applications can be provisioned and de-provisioned automatically, without requiring changes to the network or its configuration. It automatically handles the increases and decreases in capacity and adapts its distribution decisions based on the capacity available at the time a request is made.

Main software components

− Virtualization software (like VMware)

− Cloud application software (i.e. CRM, Office suite, ERP, etc.)

− Database software (Oracle, IBM DB2, Microsoft SQL, etc.)

− Middleware; ‘a set of intermediaries for the components in a distributed computing system’

(Bernstein, 1996)

− Operating systems (Microsoft, UNIX, open source)

Architectural considerations:

In order to make maximum use of the interoperability principle of Cloud computing it is important to standardize the architecture by using standard protocols and other building blocks that are location and vendor independent. Some examples of these are: virtualization, SAN and Blade servers, load balancing. To manage the infrastructure a central management console is needed.

Furthermore, we need to consider the security and service continuity of a local Cloud environment.

Ideally it consists of multiple sites to assist with disaster prevention and recovery (business continuity), uses proper backup mechanisms and data storage replication across sites, and uses common and high security elements like: firewalls, DMZ, security software, role based user profiles, etc.

Successful Cloud solutions require specific performance criteria. Some examples are:

− Physical components: Scalability of server and storage capacity

− Storage: SAN performance (read, write and delete times)

− Internal processes: Connection speed, Deployment latency and Lag time

2.1.2 Virtual Private Network access

In order to grant secure access to the local Cloud environment from remote locations a Virtual Private Network (VPN) is needed. A VPN is typically made up from a central computing

environment, remote office locations and other remote employee locations like their home office.

The key benefits of using a VPN are:

− Remote secure connectivity; extends your LAN/WAN to a global scale

− Cheaper than using traditional rented network connections; it makes use of standard Internet connections through DSL connections at home or fast cellphone network data connections

− More mobility for employees; improve productivity for employees working from their home

Architectural considerations

For most VPN connections the principle of IP-tunneling is employed. You create a secure point-to-point connection, a tunnel, through which you transfer your data. Technically tunneling is the process of placing a packet within another packet and sending it over a network. Three different protocols are needed for tunneling: Carrier protocol - The protocol used by the network,

encapsulating protocol - The protocol ‘wrapping’ the original data and Passenger protocol - The original data (i.e. IP).

Key building blocks are: IP-tunneling, Security (Firewalls, Internet Protocol Security Protocol (IPsec) and Encryption, and Authentication, authorization and accounting servers (AAA).

2.1.3 Risks of connecting a local Cloud network to the public Internet

The IT Security Network Company SecPoint asks an interesting question concerning Cloud Internet security:

‘Are companies really willing to risk having all their information, data, privacy, and software handled in a virtual Cloud—a place where they're most susceptible to hack attacks and cyber invasions?’

(www.secpoint.com)

Storing data in the Cloud looks a lot like storing your precious goods in a bank vault, but in the case of the bank you know where it is, and in which locker your goods are stored. In the case of the Cloud, how well is it protected against theft?

Key considerations will have to do with security of data. With Internet based Cloud services data can be stored in any place in the world without you knowing it. Also, what happens to your data when you are not using it? Is it automatically put under lock and key, or are your databases still open to the outside world. A lot of responsibility lies with the provider.

Secpoint formulate this as follows:

‘Cloud providers have a responsibility in ensuring that there are no exploitable bugs in their SAAS collection by deploying penetration testing and vulnerability assessment procedures on each and every last program they have available. Packaged or outsourced application code must be sorted out, examined, and monitored from the inside out as well.’

There also lies a heavy responsibility with the customers. They need to check if their provider has