Security and the private cloud
4.4 Private cloud s in practice
Let’s look at three specific private cloud initiatives and implementations as a way to under- stand how attributes such as the security constraints of the application and requirements of specific organizations caused the implementation to take a private cloud route. 4.4.1 Sprint: private cloud for fraud-detection application
The first example comes from the telecommunications industry and involves Sprint. Sprint is the third largest provider of wireless voice and communications in the U.S. It has roughly 50 million subscribers and needs to process the operational events gener- ated by these users across a nationally distributed network in real time. Sprint chose to deploy a private cloud to process this data for the purposes of fraud detection .
A fraud application deals with private information of the wireless carrier’s subscribers; using a private cloud makes good sense. In addition to private data related to your identity, such as your credit card information, a wireless carrier also has access to data relating to your geographic location in real time. Not only can it determine your location from the cell tower your phone is using during a call, but often, if the cell phone is on, it can determine your location at all times.
Sprint could have chosen to deploy the fraud application in a traditional manner, utilizing a few expensive, high-performance computing servers. Instead, the company chose a cloud-like approach of developing the application for deployment on many commodity x86 servers. The Sprint private cloud is small scale in comparison to a public cloud, using on the order of 100 commodity servers as opposed to the thousands or more that are involved in a public cloud deployment. It uses software from Appistry as the cloud technology to provide management infrastructure for these servers. Appistry also provides the middleware layer that allows the application to be distributed and load-balanced across multiple servers so that it can run reliably and in a fault-tolerant manner across the infrastructure.
The cheap, commodity-server strategy allows an organization to deploy incrementally and dynamically as load increases. Deploying as a private cloud, as opposed to a public cloud, allows for greater control and a guarantee that all available resources can be allocated to the task. This example, although it’s small scale, demonstrates many of the aspects of a successful private cloud deployment.
One aspect of a private cloud, although not present in this example, is that it isn’t strictly speaking a utility platform for general computing, and it isn’t shared across multiple constituencies for various purposes. In the next example, we’ll look at a deployment that does have this characteristic.
4.4.2 Bechtel Project Services Network (PSN)
Bechtel is a large construction and engineering company with over 40,000 employees. The company runs projects in 50 countries worldwide. Its CIO, Geir Ramleth , set out in 2006 to transform the traditional IT infrastructure into one that was state of the art. His basic premise was that in the last decade, most IT innovation was being performed in consumer-oriented companies. He studied 18 of them to see how he could improve the way his organization operated. He found there were drastic differences in the cost and efficiency of his organization when compared with these best-in-class operations. In his keynote address at the 2008 IT Roadmap Conference and Expo , Ramleth cited some of these differences:
■ Bandwidth—YouTube pays $10-15/megabit for its WAN bandwidth, whereas Bechtel paid $500/megabit.
■ Storage—Amazon charges its cloud customers $0.15/GB/month, compared to the $3.75/GB/month Bechtel pays.
■ IT server maintenance—Google can maintain 20,000 servers with one systems ad- ministrator, whereas Bechtel needed 1 for every 100 servers.
■ Software applications—Salesforce.com has only one version of its application ser- vicing 1 million users, which it upgrades four times a year with little downtime and few training requirements. In comparison, Bechtel used 230 different appli- cations with up to 5 versions each, amounting to almost 800 different versions of applications servicing 40,000 employees. These applications required ongoing training and frequent maintenance upgrades.
Bechtel transformed its IT infrastructure into a private cloud by standardizing its hard- ware and software infrastructure. It consolidated its data-center assets, closing seven data centers and consolidating its core computational assets into three retooled and standardized centers. It virtualized its infrastructure, resulting in improved server and storage utilization. From the application perspective, it moved to a more standardized overall portal with modules for customized applications. The result of the transforma- tion was a savings of 25 to 30 percent in overall IT costs.
4.4.3 Government private clouds
As our final private cloud example, let’s look at the government sector. In September 2009, the federal CIO, Vivek Kunda, announced the launch of a government cloud ini- tiative. The aim of this initiative was to save money by reducing the cost of government data centers while simultaneously maintaining a high level of security.
The federal government has an annual IT budget of over $75 billion. Kunda stated, “We need a new model to lower costs and innovate. The government should solve problems, not run data centers.” For nonsecret applications, there’s a push toward using public-cloud-powered solutions to reduce cost. The Apps.gov website ( http:// apps.gov) allows sourcing of cloud-provided technologies by government agencies (see figure 4.10).
In the case of applications that require secrecy, private clouds are also under development. In October 2008, the Defense Information Systems Agency (DISA), which operates under the Department of Defense (DoD), launched a private cloud military application called the Rapid Access Computing Environment (RACE) . The RACE platform is the military version of Amazon’s AWS. It streamlines the acquisition, customization, and provisioning of computing resources, bringing up test and development environments in 24 hours and true production environments in 72 hours.
Figure 4.10 The federal government is proceeding headlong into using public cloud services as a means of reducing costs. On the Apps.gov website, SaaS and cloud-based offerings can be purchased with a government credit card and the appropriate approvals.
Computing resources run on a LAMP stack (Linux, Apache, MySQL, PHP) and are available in both Linux and Windows environments, with configurations of 1–4 CPUs, 1–8 GB RAM, and 60 GB to 1 TB of SAN storage. As in the case of a public cloud, these resources are offered in a pay-as-you-go model on a monthly basis, with pricing starting at $500/instance/month, and can be purchased with a government credit card.
4.5
The long-term viability of private clouds
As you’ve seen throughout this chapter, private cloud computing is a burgeoning area, and in some cases deployments of this kind make sense today. Such a deployment re- quires a lot of existing investment in data centers. Also, best IT practices as they relate to security in the public cloud haven’t been entirely worked out. As these best practices are worked out over the next several years, it remains an open question whether the private cloud will become a pervasive phenomenon.
It may be useful to think of cloud computing in the context of the way electric power is generated and consumed today. In his book The Big Switch , Nicholas Carr describes how in the 18th century, companies used waterwheels to generate their own electricity . Waterwheels and expertise in generating electricity for factories were considered competitive differentiators.
As public utilities reached scale, it was no longer a competitive differentiator to maintain your own waterwheel. In fact, doing so became a potential liability as electricity provided through the electric grid by dedicated electric utilities became more cost-effective than generators.
Electric power generation outside of public electric utilities didn’t disappear entirely: companies and governments maintain their own power-generation capabilities as necessary in the form of backup generators in hospitals and factories as well as generators in field operations on the battlefield or to power cruise ships or nuclear submarines. In the same way, you might expect that in a decade or so, there will still be instances of private clouds, but they will become less and less prevalent. The challenge for companies that have private clouds is to understand whether it continues to make sense to have them or whether ultimately they should migrate to a public cloud.
4.6
Summary
Security remains the single biggest fear factor for larger organizations considering a major move to the cloud. This chapter delved into security in general, discussed how it’s being practiced by major cloud providers, and examined the case for and against private clouds.
Private cloud computing is a potential alternative deployment option available and may make sense for large enterprises and organizations. For organizations with enough scale, buying power, and expertise, private clouds offer the advantages of increased control, predictability, and security. You have many options available, including building a private cloud from open-source technologies, using proprietary purpose-built solutions, and partnering with service providers willing to allocate or
partition dedicated resources for a private cloud. We also discussed a variant of the private cloud—the virtual private cloud—and explained how it works, what it’s good for, and how to use it.
We finished with a survey of private clouds in practice. Looking at things from the perspective of the cloud provider, let’s return to examining the cloud from the perspective of a cloud user. In chapter 5, you’ll learn how applications should be designed and architected for the cloud (either public or private).
5
100