Freedom for Servers, Drives & Desktops

(1)

a cloud commerce marketplace

THE

CLOUD

REVOLUTION:

(2)

(3)

The Cloud Revolution

There has been so much talk about the cloud lately

that it seems like old news. The truth, however, is

that cloud adoption is hotter than ever. In years

to come, the standard model for the delivery

of computing power will be akin to receiving

electricity from a power grid.

Electric companies have eliminated the need for generating personal electricity. Similarly, cloud computing will eliminate the need for a business to manage its own network and IT system components. Laptops and desktop computers will no longer be tasked with the “heavy lifting.” Meanwhile, critical systems and data stores are maintained and managed with an unprecedented level of expertise. The cloud is a game changer. The Cloud Revolution has begun.

In addition to lower costs and improved efficiency, cloud computing offers flexible scalability, elasticity, payment models linked to usage, and access to a wide variety of business automation software. Through its ease of access, low cost and abundant services, cloud computing is enabling small and medium businesses (SMBs) to compete with the upper echelon of corporate America.

The Virtual Private Cloud

Among one of the most exciting recent developments is the Virtual Private Cloud (VPC) for SMBs. A VPC is a private network in the cloud that consolidates scattered computer resources and assets, streamlining them into an efficiently managed and monitored system while providing employees access from anywhere on any device, including their tablets, phones or home computers. Think of a company’s VPC as their own private mini-data center.

Today’s SMBs need – and can benefit greatly from - the virtual private cloud because it gives them an enterprise level of efficiency in their technology, with increased reliability and unparalleled flexibility. The traditional environment of servers and workstations is no longer cost effective. Cloud computing eliminates hardware and software capital costs, administration costs, upgrade costs, and the cost of ownership and footprint.

Besides lower cost, the key drivers for SMBs include the

the aggregate total of the other 14 providers in Gartner’s Magic Quadrant.

AWS is the IaaS provider of choice for many notable

companies, including Dow Jones, LinkedIn, Expedia, Unilever, SAP, Citrix, Adobe, Nokia, Netflix, Bristol-Myers Squibb, News Corporation, and Newsweek, just to name a few. The US Central Intelligence Agency has recently signed a 10-year $600 million cloud contract with AWS. Interestingly, the CIA chose AWS over a leading competitor even though the AWS bid was $54 million higher, with the rationale that the extra fee “was offset by Amazon’s superior technical solution.”

VPC Made Simple

AWS IaaS services are optimized for flexibility rather than simplicity, requiring specialized expertise in order to configure a complete network. Solution-based cloud marketplaces such as Pax8 have teamed up with AWS to develop cloud marketplace catalogs that automate the set up and configuration of the VPC along with all its components and integrated management software for the best SMB experience. With the advent of this marketplace, obtaining a ready-made VPC is as simple as specifying the server size, the number of workstations, and the size of the shared disk. Each user on the system is sent login credentials, whereupon users are ready to log into a completed system.

Pax8 Cloud Network

Cloud Servers Cloud Desktops Cloud Drive

Figure 1 - Pax8 Cloud Network

(4)

If, for example, a server is subsequently ordered on the same account, then that server automatically becomes the domain controller for that workstation. Software installed on that server can be run seamlessly from the desktop. If another desktop is purchased, then that desktop is also added to the network with the same capability. If a network drive is subsequently ordered on that same account, then that network drive is seen from all desktops and the server can be used to control access to it. Let’s take a closer look at the various attributes of this network.

...no restrictions are placed on how the server can

be used in the cloud environment.

Security. Each VPC is isolated from external threats by a series

of preventative measures, which include containing each VPC in its own isolated subnet, protecting the VPC with an enterprise-grade firewall, protecting each computer on the VPC on an OS-level firewall for more granular access control, and encrypting Remote Desktop Protocol (RDP) connections to servers and desktops.

Server. The server comes with a complete install of

Windows 2012. Full administration permissions are granted to the administrator, the communications of which are SSL-encoded. Unlike servers offered on many other IaaS platforms, no restrictions are placed on how the server can be used in the cloud environment. The Active Directory is fully operational, and can be used to control access to desktops, just as they would be in a typical on-premises network. You can also install software on the server, just as you might on your on-premises network.

Desktops. Every desktop comes with a fully installed

Windows OS. Each user receives a login to their own desktop. If a server has been requested, then it will be mounted on the same VPC, enabling the capability to run software that resides on the server seamlessly. Network drives on the VPC will appear as a mapped drive on each of the desktops.

Access to Server and Desktops. Access to desktops and

servers are achieved through an RDP. These clients are free, and are available for a variety of devices, including Windows- and iOS-based PCs, laptops, tablets and phones, and Android phones. Users simply download the RDP software onto the desired computer or device, install, and enter login credentials. A window will open on the client device that displays the user’s desktop in the cloud. If desired, additional windows can be opened for other desktops and the server, resulting in one window on the client for each cloud computer. It is also possible to make selections on the RDP software that will automatically map the disk drives on a local computer to the cloud computer, enabling easy transfer of files between the computers.

Cloud Network Drive. One of the most powerful

components on the VPC network is the network drive. When launched, this network drive will map to every computer on the private cloud. In addition, client software is available for Windows and iOS that allows a permanent mapping of that network drive to local machines as well. Now your cloud computers and your local devices share the same file folders, making it easy to share files between your local and cloud computers, as well as with the computers of fellow employees. Files can also be accessed from Windows-, iOS-, and Android-based devices. This opens the road to easy collaboration and file sharing. Access permission to individual folders can be controlled by an individual user or centrally from the server. The data and file permissions on an existing network drive can easily migrate to the cloud network drive with an easy-to-use migration tool. The cloud network drive is flexibly configured, allowing the drive to deliver a number of important functions.

Cloud Drive. The cloud network drive becomes an

extension of your storage capability without consuming local disk space. The cloud drive is automatically mounted as a network drive on the cloud computers. Client software is available for local Windows or iOS computers to mount the cloud drive on local computers as well. Files can be used directly by applications on your local machine or on your cloud computer.

File Sync. Files on local machines can be synchronized

to the cloud drive, thereby making them available from anywhere from a wide variety of devices.

File Backup. The cloud drive can be set up to keep

a copy of file versions as they change over time. The number of previous file versions to be kept can be specified as desired.

Image backup. Image backups produced by third party

software, such as Infrascale Bare Metal Backup (Shadow Protect), can be stored on the cloud drive so that a copy exists outside the local facility. This type of protection guards against facility catastrophes such as fire, flood, or electrical surge that could destroy multiple machines at once.

File Transfer. Since the cloud drive is visible from a

variety of local devices as well as cloud computers, it serves as an ideal method of transferring files between local devices and cloud resources.

(5)

User Management. User permissions to folders on

the cloud drive can be managed from a centralized dashboard. Group policy permission structures can be imported. LDAPs can also be set up, if desired.

Mobile Accessibility. Data on cloud drives is accessible

through an app, available through the iTunes Store for iOS devices and Google Play for Android devices.

Connecting the VPC with a LAN

A plan for connecting a business’ local LAN to their VPC enables the business to migrate from on-premises environment to the cloud incrementally. For example, when a new employee joins the company, a desktop could be added to the VPC while the server to control access to that workstation is on the local LAN. Or, perhaps the business would like to place the server on a VPC, while leaving all or some of the employees on desktops connected to the local LAN. This functionality can be achieved with a VPN.

When a VPN is configured between the router on the local LAN and the VPC, the two networks will act as a single unified network. With it in place, a computer sends and receives data across the two networks as if they were directly connected to a single network through the use of secure tunneling protocols. (See Fig. 2)

Private Virtual Cloud

Private Virtual Cloud VPN

Figure 2 - VPN configuration

Private-Public DMZ Networks

The network structure described above can be extended to a structure that divides the network into two parts, a public facing network sometimes called “DMZ network” or “perimeter network”, and a secure private trusted network sometimes called the “internal network” or “screened subnet”. This type of network is appropriate for businesses that have a need for both a highly secure network that can be accessed only by trusted individuals and a separate network that is exposed to the public.

The basic structure of this type of network is illustrated above. The DMZ network is connected to the Internet through a firewall, which has all necessary ports for the public applications open. For example, the DMZ might run a web server for which ports 80 and 443 are open. Requests made to a machine on the internal network are routed through a Proxy Server, which contains rules for allowing access. The internal network is isolated, and contains only instances that are not addressable from the outside. The Proxy server acts as an intermediary for requests from clients seeking resources from the server inside the internal network.

(6)

About Pax8

Pax8 is a cloud commerce marketplace, delivering strategic integrated cloud services to businesses through its global network of channel partners.

Pax8 is leading the transformation of its partners’ businesses to become cloud centric by efficiently delivering aggregated cloud solutions through its proprietary cloud marketplace technology platform, and accelerating existing client adoption and new client growth through its proven, collaborative customer acquisition programs.

High Reliability Fault-Tolerance Networks

Another standard network extension is a high reliability network. This is achieved by creating separate subnets inside the VPC, and placing each subnet into distinct availability zones, while utilizing a load balancer to direct the traffic into a primary or secondary location.

Primary Network Secondary Network

Internet

Load Balancer