Private Cloud 101: Move at the Speed of Business

With the cloud transforming application development and deployment—enabling organizations to improve flexibility, automate processes, and decrease time to market—some big questions remain. One of the most important issues an organization must address is how it can best employ the smarter tools and limitless scale that the cloud offers. One way that enterprises take advantage of the benefits of the cloud is by deploying their own private cloud, which is a computing model that fosters agility while allowing organizations to maintain control of their infrastructure, while better securing their applications and their data.

Some of the key advantages of deploying of a private cloud include infrastructure self-service, scalability, and multi-tenancy. Let’s take a quick look at each one before diving deeper into how a private cloud works—and what else it can do for your business.

The concept of self-service is one of the key drivers of private cloud adoption. Self-service enables organizations to deploy applications using infrastructure that is available now, without requiring installation of additional physical hardware. Instead, the team can request resources and have them provisioned immediately without manual intervention.

Another core feature of private cloud infrastructures is increased scalability. This means that the application can be designed so that when it needs additional resources, such as compute or storage, those resources are immediately—and often automatically—available to increase the capacity of the application.

Finally, multi-tenancy means that the application can behave as if it is the sole tenant on the resources it uses. Put another way, there is no need to coordinate resource changes with other application development teams. Access to these resources enables application development teams to iterate and make changes independently of each other—and independently of the infrastructure team.

The concept of self-service provisioning at the heart of the private cloud means that infrastructure resources are available on-demand because they are abstracted or virtualized. When development teams can provision their own compute, storage, and networking through GUIs and APIs, those teams can innovate and develop faster, independent of the pace of physical infrastructure provisioning. By abstracting the virtual resources away from the physical resources, automation tools empower development teams to become more agile.

Contrast this approach to the typical time- and labor-intensive deployment process in traditional data centers (as depicted in Figure 1). An application owner takes the requirements and works with an IT analyst to modify an existing application or introduce a new one. After the development and testing is complete, an analyst prepares a set of changes for introduction into the infrastructure. Most changes will involve shared resources, such as shared servers, OS instances, application instances, firewalls, and storage. To mitigate unintended impacts of the changes, a Change Advisory Board (CAB) exists to manage and approve all changes to the infrastructure. Once approved, an operations team makes the changes.

However, many IT operations have hundreds or thousands of simultaneous pending change requests that the CAB must manage, ensuring that no ill effects take place. To illustrate, suppose that a set of firewalls are approaching end of life and therefore need to be replaced with newer models before support ends. At the same time, another group is changing an application to a different set of protocols because an outside vendor is removing support for the existing protocols, requiring a set of firewall configuration changes. Simultaneously, a business customer is changing IP addresses, necessitating a set of firewall configuration changes. For safety, these three changes (replace firewalls, application protocol change, change customer IP addresses) should not be implemented simultaneously. The CAB is responsible for coordinating changes like these, ensuring that the changes are safe and effective. While working to ensure the security of the organization, the CAB can also be a bottleneck to promoting changes.

Private cloud environments can improve this change process by virtualizing compute, network, and storage. Once all the components are virtual, making changes requires only updating the virtual component—not the physical components. Since the components are virtualized and therefore separate, one application can be changed or added without affecting other applications. Provisioning components no longer requires physical intervention; only the virtual resources need to be changed. Automation tools can even allow development teams to provision their own resources without the involvement of the infrastructure team.

Self-service (or soft) provisioning enables application instances—as well as all the security and application delivery services provided by an Application Delivery Controller (ADC)—to be created and deleted without intervention from the infrastructure team (as shown in figure 2). Since each team can operate independently, there is no need to coordinate changes through a CAB. Instead, policies drive deployment practices where teams obtain their own virtual infrastructure from operations—and then deploy at their own speed.

To further automate the process of self-service provisioning, the entire collection of resources—including compute, network, storage, and ADC settings—can be specified as a template in a text file that can be stored in a source code repository. A template contains the definitions for a collection of resources and their configurations, known as a stack. This “infrastructure as code” approach ensures that any deployment can be easily repeated. Using templates not only speeds deployments and reduces errors, it also simplifies testing, since the stack can be assessed as a unit in a test environment.

The next step in boosting automation focuses on elasticity: automatic soft provisioning of resources without any human intervention. If the application is scalable across multiple instances, the instance count can be scaled up and down automatically with load (see figure 3 below). Elasticity takes soft provisioning to a level where resources can be provisioned and removed automatically using APIs. Just as elastic material stretches and contracts to meet the needs of the person wearing it, elastic resources expand and contract to meet the needs of the application. This flexibility boosts your operational efficiency, allowing you to ensure that your applications are always performing at peak levels without having to overprovision them.  

Recall that an advantage of a private cloud is the ability to make changes quickly and independently of other teams. Traditional data center environments have many component and resource interdependencies. However, in a private cloud it is possible for all the resources to be dedicated to one application, which means that application team can take complete control without fear of impacting other applications.

Virtualized compute, network, storage, and ADC resources make this possible. The cloud environment creates the illusion that resources are immediately available and dedicated to the application. There is no need for a CAB and no need to coordinate configurations with other teams and applications. Multi-tenancy allows each application team to manage its own application and resources at the speed appropriate for the business, decoupled from the speed and initiatives of other application teams.

The ADC is a key component of any stack, because deploying an application introduces several concerns not necessarily addressed by the application developers. These cross-discipline questions include:

• Which TLS protocol suite is appropriate for the end users and the expected security posture?
• How will DDoS attacks be identified and mitigated?
• Which load balancing strategy is optimal?
• How will client-side malware be managed?
• What is the best way to prevent SQL injection and cross-site scripting attacks?
• How will users be identified and authenticated?

Answers to these questions often require a domain expertise outside of the team developing application code. Through templates, an ADC resource definition can be created by domain experts—such as members of the traditional IT NetOps team who can leverage their ADC expertise—leaving the application developers free to concentrate on building their apps. Once created, the templates can be used by each application development team to deploy a stack as part of each application.

There is a range of private cloud environments, from pure open source all the way to proprietary systems. Which one is the right choice for your organization depends on several factors, including budget, internal expertise in managing a private cloud environment, integration concerns, maintenance issues, and comfort level with change.

The pure open source offerings, as the name suggests, can be deployed with literally no upfront acquisition license costs, other than hardware and labor costs (time). OpenStack is a leading open source private cloud environment that can be downloaded and installed for free. The challenge, of course, is that the group installing and maintaining it must acquire and maintain expertise in OpenStack, which has matured rapidly but is still complex to deploy. This will be true for any pure open source offering: your organization must become experts in the technology to use it most effectively.

To reduce the burden of maintaining in-house expertise (and the risks of not having that expertise), some firms offer support for open source projects. These commercial offerings have a financial cost, which may be offset by the vendor ensuring integration, testing, and validation issues have been addressed and that there is someone to contact in case of a problem.

Alternatively, several firms offer proprietary private cloud platforms. These deliver fully integrated and tested stacks with dedicated support, but they typically cost more than OpenStack–supported solutions. However, if your organization already is familiar with the vendor’s technology and interface, using one of these proprietary offerings can lessen the learning curve.

And finally, some vendors offer hosted services, allowing an organization take advantage of the open source private cloud (or of proprietary offerings) without needing hardware or data center space. These offerings usually have the highest price tag, but require the fewest in-house resources.

In addition to finding a private cloud solution that has the right features, organizations should look for a solution with the appropriate level of support. Where your organization lies on the continuum of cost and internal expertise can guide you in choosing the offering that best meets your needs.

A private cloud enables development teams to iterate independently of the speed of provisioning infrastructure and better respond to business requirements. Dependencies across teams can be reduced through multi-tenancy and soft provisioning of virtual resources. Templates allow an entire application stack—including compute, network, storage, and ADC—to be deployed as a complete and repeatable package. In short, a private cloud empowers organizational teams to move at the speed of business.

There is a spectrum of private cloud offerings across a range of costs and levels of internal expertise required. Whatever cloud you deploy, equipping it with the appropriate services and finding the right balance of cost and expertise should be one of your top priorities.

Read more about how a private cloud architecture can help your organization gain agility and efficiency while maintaining control over your infrastructure at Cloud Solutions | Private Cloud.