In last month's column I had given a brief overview of this whole business called Cloud Computing. In this column I will tell you why Cloud computing remains a myth or at best a hodgepodge half-baked solution for most enterprises.
Today if you are a kid out of high school or college with an idea to create something new like an app for a phone or a new website, in most cases you can easily launch a full fledged platform needed to support your app right on Amazon's EC2 Cloud with pennies on the dollar. The ease with which kids can ride on the Cloud is diametrically opposite to the difficulties big companies face with millions of invested IT dollars face when confronting the Cloud wave. So what's wrong here?
There are many things wrong with the guys with the big data centers. The most obvious ones being people with vested interests not wanting to change, people at the upper management level pooh pooing the cloud, pure ignorance or worst still, a don't care attitude. Now, apart from these there are a few others who have tested the waters but then shied away primarily because of a perceived lack of security, the fear of the unknown, not thinking big, fear of loss of control over the network, etc. Others have managed to overcome fear but ended up creating stuff in the Cloud that is an island to itself, a separate system that comes with all the management nightmares. So how can enterprises extend their data center into the Cloud without having to throw away the old investments and without creating yet another island. The answer is simple, and once you read this you may even ask, "What? That's it?!"
The key in being able to utilize the Cloud is firstly the ability to transparently extend your data center into the Cloud while still maintaining the same private IP space your enterprise uses and enforce the same security that you would for any asset in your data center.
In order to make this happen the key bridge that you would need is the network VPN. I am not talking here about the IPSec VPNs but Layer 3 or Layer 2 network VPNs that are provided by the Internet providers using either MPLS or VPLS. The key is to ensure that the Cloud provider and the Internet providers can come together to create this network using the network VPN interface provided at the edge routers on the side that connects to the Cloud and on the side that connects your data center to the network. The Cloud provider must treat any routers, switches etc that are part of this network in their data center as being local to your data center and must provide isolation. This ensures security. The network VPNs used here create the abstraction needed as far as your network and IP addresses since IP addresses are specific to the VPN, the Cloud provider can provide you with the same IP address space that your data center uses.
While using firewalls could be argued as providing the same thing, in my opinion that is truly not the case because of the complexity of managing firewall rules, misconfigurations that can happen and the fact that dynamic addition of new Virtual Machines or moving them may become exceedingly difficult due to new holes that needs to be punched through the firewall.
While most network admins and intelligent IT people everywhere are aware of these technologies, what is really needed is a way to architect and orchestrate existing fool proof technologies so that you can truly take advantage of Cloud computing and all the benefits that come with it. While I have distilled this to the simplest possible manner, a diagram would have explained it even better but in any case what I have illustrated is easily doable and not that hard. The initial hand shake and getting the Internet provider and Cloud provider all on the same page would be the hardest part if anything. If you are able to create network VPN based solution in conjunction with your Internet provider and the Cloud provider, you can automate many of these VPN provisioning tasks and not only that you can consume Virtual Machines from multiple Cloud providers across data centers and your IT consumers will still think they all come from your data center! And you can provision entire platforms or a single VM in minutes instead of yet another project that takes weeks!! And they would think you must be some sort of a wizard!
Comments