The bumpy road to private clouds
- 21 December, 2010 04:40
When we first heard about cloud computing, public clouds got most of the attention. But as IT managers looked at the security risks of having data outside the corporate firewall, they turned their attention to private clouds, which analysts and various surveys suggest will get more enterprise investment in the next few years.
But private clouds have their share of challenges too. There are management issues and operational processes to figure out. And, of course, an on-premises private cloud needs to be built internally by IT, which takes time, money and a climb up the learning curve. Indeed, the transition from a traditional data center -- even one with some servers virtualized -- to a private cloud architecture is no easy task, especially given that the entire data center won't be cloud-enabled, at least not right away.
(While we generally think of a private cloud as being inside a company's firewall, a private cloud can also be off-premises -- hosted by a third party -- and still remain under the control of the company's IT organization. But this article is only about on-premises private clouds.)
Also, despite the hype you might hear, no single vendor today provides all of the software required to build and manage a real private cloud -- that is, one with server virtualization, storage virtualization, network virtualization, and resource automation and orchestration. Look for vendors to increasingly create their own definitions of private cloud to fit their product sets.
Moreover, you'll have to determine whether your staff has the experience and skills required to support a private-cloud environment, or whether you need to hire someone who has been involved in building private clouds.
Not a Traditional Data Center
Many IT managers equate a private cloud with virtualization. What they describe is usually virtual infrastructure, meaning that "you can treat your servers, storage and networks as a single pool of resources that workloads can request on demand," explains Tony Iams, an analyst at Ideas International Ltd., an IT research firm.
But virtualization and the cloud aren't the same thing; to be considered a cloud, the architecture must be set up to provide resource orchestration and automation on top of the virtualization layer.
Orchestration is the coordinated delivery of many types of resources, such as processors, storage and networks, to provide an integrated provisioning process. It means that resources can be delivered in minutes rather than days or weeks. A single command or request causes a number of actions to occur, possibly in a specific sequence, to coordinate the provisioning request.
The whole point of a private cloud is to allow IT managers to reduce costs and provide so-called agile provisioning rather than just making management of the infrastructure more convenient. A private cloud with virtualization underpinnings turns the technology infrastructure into a pool of resources that can be provisioned on demand with minimal manual labor.
Page Break
In Perspective
Are You Ready? Probably Not
Forrester Research estimates that only 5% of corporate IT shops are really ready to offer private cloud service. A recent Forrester report by analyst James Staten says that your IT operation is "cloud-ready" if:
* You have standardized procedures for the deployment, configuration and management of virtual machines.
* You have turned over the deployment and management of virtual machines to automated tools.
* You provide self-service access for end users.
* Your business units are ready to share the same infrastructure.
Before moving toward private clouds, IT shops must become even more efficient at server virtualization. Most IT departments lack consistent procedures for tracking the deployment, usage and ownership of virtual machines; that leads to "virtual machine sprawl," which will cancel out the economic savings of a private cloud, Forrester says.
IT shops also need to learn to manage the entire pool of virtualized servers rather than single virtual machines or workloads, the report adds.
Once your virtualization house is in order, Forrester suggests the following steps to get started with a private cloud:
* Begin with noncritical workloads to show that it works.
* If a business unit is willing to invest in cloud computing, set up a brand-new cloud environment just for them.
* Get executive support -- actually, a mandate -- so that business units will share the pool of virtual resources.
* Show the benefits, such as dramatically faster deployment and lower costs.
* Embrace public clouds that can supplement your internal cloud.
In a traditional data center setup, "every time you add a server, somebody has to walk to a firewall console, set up firewall rules, attach the server to a VLAN, set up load balancing" and do many other tasks, explains Jeff Deacon, cloud computing principal at Verizon Business, a unit of Verizon Communications Inc. that provides managed services. But a private cloud needs little human intervention other than bringing in new computers or storage to keep up with demand. In a cloud environment, there is one console that lets operators set parameters to automate the entire process, rather than requiring IT personnel to log into different consoles for security, networking and server operating system functions.
Another big difference between private clouds and traditional data centers involves IT processes, which probably need to be revamped for a private cloud. Today, for example, to provide computing resources, IT organizations typically have to get budget approvals, discuss the implications with storage, network and server groups, and fill out tons of paperwork. This type of process is in stark contrast to the streamlined, short-duration provisioning done in clouds. The time-to-provision may go from weeks in the traditional data center to minutes in a cloud.
The systems running older applications may need an overhaul too, if they're based on mainframes and proprietary Unix platforms. Most virtualized environments, including private clouds, are geared to run on x86-based systems. Also, in a virtualized environment, you generally don't know exactly where an application is running at any given time. Because most legacy applications are tied to a specific platform, running them in a private cloud will often require re-architecting them.
Divorcing applications from the hardware is a hallmark of clouds, including private clouds. In a traditional data center, you might have 10 servers running billing applications, and five other servers running customer data apps. But with a private cloud, it's not known ahead of time which servers will run which specific applications. The applications run on whichever servers have free cycles at the time the apps need to run.
Private clouds involve two groups of people: the IT operations staff and the business users who want to run applications. A private cloud gives business users the opportunity to quickly provision a server and run an application when they want to, without human intervention.
The IT operations staffers have to make sure that sufficient resources are available for the type of on-demand computing that business users have heard is available with public clouds, and that usually means that the wait for user-requested resources is minutes, not days. Anything short of this, and end users won't be happy.
Page Break
By the Numbers
Private Clouds: Pros and Cons
What kind of cloud computing are you planning or implementing?
* No clouds under consideration at this time: 53%
* Private cloud only: 18%
* A combination of public and private clouds: 17%
* Public cloud only: 12%
Base: 155 IT managers
What do you see as the advantages of private clouds over public clouds?
* 1. Better security/control
* 2. Self-service provisioning
* 3. Little or no learning curve for end users
* 4. Better or more-efficient scaling
Base: 54 respondents planning or implementing private clouds; multiple responses allowed.
What do you see as the drawbacks of private clouds compared to public clouds?
* 1. Having to build it all internally: time, cost, learning curve for IT
* 2. Scalability
* 3. Having to handle virtualization, automation and orchestration
Base: 54 respondents planning or implementing private clouds; multiple responses allowed.
What's the most challenging part of implementing a private cloud?
* 1. Software licensing/pricing issues
(tie) Finding tools to help us build our cloud
(tie) Ensuring economies of scale
* 4. Finding tools to help us manage our cloud
* 5. Making it all work together (interoperability)
(tie) Technology obsolescence
* 7. Lack of cloud standards
Base: 54 respondents planning or implementing private clouds; multiple responses allowed.
Source: Computerworld online survey, November 2010; Research assistance provided by Mari Keefe, editorial project manager.
This is what private clouds are all about: providing the on-demand elasticity of public clouds, but doing it within the company's firewall.
By the way, business users may expect private clouds to act like public clouds. In a public cloud, the public cloud provider's IT operations group is responsible for the computer infrastructure, and the customer's business application groups manage and monitor their own applications on the public cloud. If the private cloud is expected to operate in a similar manner, then the IT group may need to give up its traditional application-management role.
Getting Started
The first step down the path to a private cloud is to go beyond server virtualization. Iams outlines these subsequent steps:
• Virtualize your storage and try to achieve the same flexibility with storage that you already have with virtualized servers.
• Coordinate server virtualization and storage virtualization using management tools such as Microsoft Corp.'s Windows Azure Storage or VMware's vStorage.
• Virtualize your network infrastructure and, again, coordinate that with your management tools.
You know that your infrastructure has been fully virtualized when you have server virtualization, storage virtualization and network virtualization. The crossover point from a virtual infrastructure to private cloud comes when you have the management tools that treat all three types of resources -- servers, storage and networks -- as a single pool that can be allocated on demand.
Of course, all this is from a technology point of view. Iams says that there is a parallel set of steps from the organizational perspective, including people, processes, governance, policy and funding. One key question: What does a private cloud structure do to budgets and financial flow within an organization?
Public clouds require users to pay only for what they use. Because a private cloud doesn't provide users with a fixed amount of capacity like they may have had with a traditional data center, chargeback is almost certain to be an integral part of private cloud environments. Chargeback is a way of rationing computing resources, which is especially important when obtaining resources is as easy as filling out a Web form.
Paul Cameron, head of enterprise services at Suncorp Group, a major financial services provider in Brisbane, Australia, says that when his company began planning its private cloud, it created a service-based operating model and a service catalog. The service catalog contains the list of services being automated for internal use and is available to business users via a self-service portal.
A key to building that catalog was storing information about Suncorp's assets and business application relationships in a configuration management database (CMDB). All of Suncorp's major IT processes -- incident, problem, asset and change -- use the CMDB.
Populating a service catalog can be time-consuming. But if you're using IT service management and change management tools such as BMC Software Inc.'s Remedy product line or Service-now.com and have a CMDB in place, it can be easier. You can work through the appropriate services in the CMDB to provide the automated services listed in a service catalog. This is what Suncorp is doing with its BMC Remedy-based CMDB.
Cameron says that Suncorp deployed a private cloud to provide better and faster IT provisioning to business users. Suncorp users can go to a self-service portal and request resources and services. Once the requests are made, the fulfillment of these services is automated. Cameron says that about 80% of Suncorp's data center services are now covered by automated self-service portals.
While private clouds are pitched as ideal for companies concerned about security and regulatory compliance, Cameron cautions that private clouds force implementers to rethink how they do security. For example, traditional firewalls won't always provide satisfactory security in cloud environments where workloads can be moved around to less-secure portions of the network. So Suncorp is now virtualizing its firewalls.
Page Break
Keeping Up With Demand
Jeffrey Driscoll, a systems engineer at consultancy Precision IT Group LLC, says the basic building blocks of a private cloud are servers, storage (such as a SAN) and virtualization software. "Then you start building a cluster," he says, and after that cluster is complete, "capacity planning becomes critical."
Capacity planning involves figuring out what happens when you add servers and other resources to the cluster as needed to keep up with business demand. Capacity planning is a major component of the cluster and the cloud's performance. If it's done wrong, you might end up with useless systems or have to shoehorn-in traditional, noncloud systems to keep things running.
Most organizations aren't good at monitoring and keeping ahead of capacity. To be able to satisfy user demands, you always need to have some extra capacity on the data center floor, which results in a certain amount of hardware sitting around in idle mode. Keeping a history of capacity usage in your enterprise can help you be reasonably confident that you have sufficient -- but not too much -- capacity.
One solution is to create a hybrid cloud environment and move requests for capacity to public clouds, such as Amazon.com Inc.'s Elastic Compute Cloud, when capacity isn't available in the private cloud.
Once the cluster is up and running, you can start provisioning virtual servers. The result is a tiered architecture with a server layer, a network layer and a virtualization layer. There is a management tool at each layer. "Now you can start thinking about automation," Driscoll says.
In Perspective
Storm Clouds On the Horizon
Building your own private cloud involves some challenges, including the following:
* Budget. Private clouds can be expensive, so figure out the upper and lower bounds for your return on investment.
* Integration with public clouds. Build your private cloud so you can move to a hybrid model if you need public cloud services. This will involve making sure systems are secure and verifying that you can run your workloads in both places, among other things.
* Scale. Private clouds usually don't have the economies of scale that large public-cloud providers provide.
* On-the-fly reconfigurations. You may have to tear down servers and other infrastructure -- while it's still in use -- to move it into the private cloud. This could create huge problems.
* Legacy hardware. Leave your oldest servers behind. Don't try to repurpose any servers that require manual configuration with a private cloud, because it would be impossible to apply automation and orchestration management to these older machines.
* Technology obsolescence. The complexity and speed of technology change will be hard for any IT organization to handle, especially smaller ones. Once you make an investment in a private cloud, you need to protect that investment by staying up to date with new releases of software components.
* Fear of change. Your IT team may not be familiar with private clouds, and there will be a learning curve. You may need to create some new operational processes and rework some old ones. Turn this stressful situation into a growth opportunity for your staff, reminding them that these are important new skills in today's business environment.
You'll need to acquire management tools that can bridge the physical infrastructure and the virtual infrastructure. So choose tools that let you see the same view across execution environments.
One layer of management is the infrastructure, which includes managing virtual machines, storage, backup/recovery and so on. While vendors often claim that their products are targeted at private cloud infrastructures, they sometimes use a very loose definition of "cloud," so carefully investigate the functions of each product.
The second layer, service-level management, involves managing workloads at a level of abstraction above virtual servers. This is where automation is applied. It is also where traditional management tools such as IBM's Tivoli and Hewlett-Packard Co.'s Insight work within the private-cloud stack. Vendors that claim to have automation management tools include IBM Tivoli, HP, CA, LineSider Technologies, DynamicOps, VMware and BMC.
Iams says that almost all system and hardware vendors are pursuing some type of virtualization or cloud management tools. Microsoft's System Center management product, for example, offers visibility into hypervisors and virtual servers.
But Iams says you should plan on managing multiple hypervisors, such as VMware's ESX, Microsoft's Hyper-V, the open-source Xen, and various implementations of the Linux KVM (Kernel-based Virtual Machine). Microsoft can manage Hyper-V virtual servers and some aspects of ESX virtual servers. Other cloud vendors, such as VMware and Red Hat Inc., can also manage virtual machines created by multiple hypervisors. Ideally, you want to control multiple hypervisors from a single interface.
Buy or Build?
The downside of commercial, off-the-shelf tools is that they will likely need to be customized to work with your environment. On the other hand, the downside of rolling your own tools is that your in-house IT group will need to maintain them and make feature enhancements. One alternative to homegrown tools is building mixed-component cloud stacks by acquiring various third-party components and putting them together. The question then becomes: Who do you call when there's a problem?
You could choose to go with a single provider, such as Microsoft or VMware, but that can result in vendor lock-in.
Open-source software -- from the OpenStack project and from vendors such as Abiquo, Cloud.com, Eucalyptus Systems and Red Hat -- is a good choice for building private clouds. The software is essentially free and provides more flexibility than proprietary software licensed on physical CPUs. For example, proprietary software can create difficult licensing issues when migrating virtual machines from host to host.
Each alternative has its pluses and minuses, so weigh your options carefully, because switching gears once you're already under way is expensive and time-consuming. Don't lock yourself into a single vendor's cloud stack. In particular, avoid vendors with cloud stacks that perform well when using only their components. Reserve the option to plug in third-party or homegrown tools.
Industry Players
Here's a sampling of vendors that claim to have tools for building private clouds.
* BMC Software Inc. (Cloud Lifecycle Management)
* CA Inc. (3Tera AppLogic)
* Cisco/EMC/VMware (Vblock)
* Citrix Systems Inc. (Citrix Open Cloud)
* Cloud.com Inc. (CloudStack 2.0)
* Dell Inc. (Virtual Integrated System)
* Enomaly Inc. (Elastic Computing Platform)
* Eucalyptus Systems Inc. (Eucalyptus 2.0)
* Hewlett-Packard Co. (BladeSystem Matrix)
* IBM (CloudBurst)
* NewScale Inc. (NewScale 9)
* Platform Computing Corp. (Platform ISF)
* Tibco Software Inc. (Tibco Silver)
* VMware (vCloud)
Source: Forrester Research Inc., August 2010
So far, it isn't possible to buy one commercial product that will do everything IT managers need to do for private clouds. You have to stitch together a number of different products from various vendors and place your own user interface on the front end.
But Verizon Business' Deacon says that more-sophisticated enterprises are integrating multiple management tool sets -- for instance, HP's Server Automation suite and BMC's Patrol suite. Security, firewall, networking and storage elements can be orchestrated from within both HP and BMC suites. IT shops that don't link multiple tool sets may have to write a lot of their own software to get the necessary automation capabilities.
Page Break
Is single-console management a real possibility for private clouds? Not everyone will be able to get by with just one console, says Iams, but even two or three consoles would be a huge improvement over the dozen that some shops use today.
Deacon says that single-console management is in the cards, noting that Verizon Business has built a high-level console management layer that collects data from VMware vCenter Server, HP Network Automation and HP Virtual Connect, among other products.
Vendors Will Consolidate
Frank Gillett, an analyst at Forrester Research Inc., isn't so optimistic. "It is unrealistic to think that we are going to get many of these management tools to work together," he says. Instead, he predicts that over time, the market will shrink dramatically through acquisitions, leaving a handful of vendors that will offer "much more integrated capabilities." And some IT managers prefer large, established vendors for cloud technology because they can't trust their data centers to start-ups that may not be in business in a year or two.
Deacon agrees that consolidation is likely as large companies like HP and IBM buy up cloud-based start-ups and add the new software to their existing portfolios. That's what HP did with its acquisition of OpsWare. Similarly, BMC absorbed BladeLogic, and CA has been on a buying spree, acquiring Nimsoft, Oblicore, 3Tera and others.
IT shops need federation and interoperability, Gillett adds, "and we are very early in those efforts. We may be able to bring private cloud management tools together, but it will be a messy interim period."
Yet during that period, IT shops will be under enormous pressure from business users to engage in cloud computing. If the data center operations group can't respond quickly with a private cloud, then business users will look at public clouds. To successfully compete with public cloud providers, IT departments will need to deploy similar services in-house, and those private clouds will have to be better and more attractive to use than public clouds.
Claybrook, an analyst with more than 30 years of experience in the computer industry, is president of New River Marketing Research in Concord, Mass. Contact him at bclaybrook@comcast.net.
This version of this story was originally published in Computerworld's print edition. It was adapted from Part 1 and Part 2 of a feature that appeared earlier on Computerworld.com.
