Baseline Magazine - May/June 2010

private clouds, which provide an ideal situation for enterprise servers and mainframes. These environments are known for flexibility, scalability, security and high utilization, as well as for optimizing delivery of IT resources to mixed workloads.

These companies have enterprise IT expertise and experience that can create dynamic virtualized environments that are ideally situated for success in the private cloud model. The combination of skilled staff and attractive software pricing models for virtual systems on enterprise servers provides an appealing setting that serves as an inexpensive, value-added host for private cloud offerings.

The most common initial use for the private cloud is to provide test and development environments for enterprise applications. Developers are able to request resources and almost immediately get access to an environment on which to build and test their applications. When the development is complete, the resources can be returned for use by others.

While cloud computing insulates the IT user from the management of the infrastructure, someone still has to manage the IT resources. Private clouds clearly have a major impact on IT departments, since these organizations will need to provide clouds with additional capabilities to handle dynamic provisioning and automated request processes.

Those requests for service will be handled automatically without the IT organization’s intervention. Thus, monitoring and balancing workloads will need to be an ongoing focus. Also, fair chargeback algorithms will have to be developed and implemented to provide incentives for appropriate usage behavior.

ILLUSTRATION BY WALTER MAKARUCHA JR.

Microsoft Azure. A public cloud allows customers to create their own images, and they pay only for their hourly use, including data storage and transfers. While a public cloud offers the ultimate in convenience, a private cloud seems to provide better control and assurance of security and privacy.

Regardless of which approach an IT organization takes, enterprises that deploy mission-critical applications want assurances of reasonable system responsiveness through service-level agreements. They also want protection through data isolation in a multitenant environment, failover protection to minimize service outages and predictable recharge rates.

Portability is also an issue. For example, public cloud users want to know if they can easily change providers. What about software licenses? Can they be moved from one cloud provider to another?

Another area of concern: When an enterprise IT organization is done with its public cloud environment, what assurance does it have that all the private data that was used has been removed? Data privacy is a critical concern that requires tight standards.

Ideally, a public cloud offers zero capital costs of acquisition, since IT organizations pay only for what they use. There aren’t any facility or energy costs. But that still leaves concerns about public cloud security, resilience and service.

The public cloud does offer security, but it’s still not clear to many enterprise IT organizations whether the level of security offered will meet the needs of corporations that are notoriously protective of their data, including credit card numbers and medical records. Convincing corporate security management that data stored with a third party is safe remains a significant challenge, and there is also the question of liability if any data is compromised.

Reliability is another major issue. Public cloud providers offer reliable environments in which replacement instances can be created, but is that good enough? What about data and transactions in flight? Do partially completed transactions get backed out? Enterprise IT typically has disaster-recovery sites to take over operations if there is an event at their primary site, and significant effort is expended to ensure the integrity of transactions.

And, of course, the price of cloud computing is a key issue. The public cloud offers pay per use, which can provide low-cost options for short-term projects. Still, for long-term use, enterprise IT organizations may be better off making a capital investment to purchase additional hardware and software. Enterprises need to conduct a break-even analysis to determine whether a public or private cloud would be more cost-effective for them.

The public cloud offers benefits for application development resulting from rapid acquisition time and reduced capital expenditures. But for high-availability, data security and privacy reasons, enterprise IT organizations remain skeptical about turning to the public cloud for mission-critical applications and sensitive or confidential data.

HEAD IN THE CLOUD

Cloud computing is still an emerging capability, and many enterprise IT organizations are just starting to poke their heads in the cloud. For many, there are more questions than answers. That’s why we continue to examine some of the early cloud implementations and look to develop much-needed requirements for IT providers, as well as best practices for managing cloud environments.

The enterprise IT community is evaluating emerging cloud computing concerns regarding service levels, the best workloads, disaster recovery, help desks, change-control issues, approval and audit issues, and the management of rapidly changing environments.

There are some very down-to-earth benefits to using the cloud model to facilitate rapid availability of IT resources, whether public or private. What is necessary now is a way to document the needs of enterprise IT managers to make both public and private cloud computing more secure, reliable, resilient and suitable for mission-critical uses. Create that, and they will be nothing but blue skies ahead. 3

Raymond J. Sun serves on the SHARE board of directors and has been involved with the organization for more than 25 years. He is a frequent speaker on topics such as service management, virtualization and cloud computing.

GOING PRIVATE

Many corporations are looking to benefit from cloud computing. However, since a number of them are concerned about availability and security issues, they are looking to