SearchEnterpriseWAN.com spoke with Stephen Smoot, one of the authors of Private Cloud Computing: Consolidation, Virtualization, and Service-Oriented Infrastructure, about private cloud computing
What's your definition of private cloud computing and how does it compare to public cloud computing?
Stephen Smoot: Public cloud is resources that are available to be shared across many users. For example, the general metaphor for cloud is you have an infinite amount of resources and you can find the ones that you need for awhile, use them and then release them. It’s very flexible and it’s scalable, which is an essential part of the metaphor. Public [cloud computing] is the easiest to understand because you have somebody who wants to build all of that out there somewhere for you to use and you just pay as you go. Some examples are Amazon EC2 for infrastructure and Salesforce.com for Software as a Service. Private [cloud computing] is when you want to get the same benefits in terms of ease of management, innovation and load barriers to experiment -- only internally. For private, you have resources you need to control, but you can still treat them in the same flexible, dynamic way.
How can an enterprise tell whether it is a good candidate for private cloud computing? Are there signs an organization should stick to a public cloud infrastructure?
Smoot: I think it’s really dependent on the enterprise and the project involved. Many people could end up needing both; many could just do public. Just doing private [cloud computing] is certainly possible for the most security-focused organizations. For example, some organizations have no external Internet access at all, so public [cloud computing] is never going to work for them. You want to go private when you really need the control. One of the things we try to explore in the book is how you can create your own separation and create your own high-end services within a private cloud, and if you have a need for that then you clearly want to keep things internal. Similarly, if you don’t want to develop your own online docs system and you want to use Office365 or Google Docs, then you clearly want to do public.
You talk about a service-oriented infrastructure (SOI) in your book, which describes how an infrastructure must evolve to support private cloud computing. What role does the wide area network play in this next-generation infrastructure?
Smoot: The wide area network is essential for anybody who’s thinking seriously about the cloud. One of the fundamental things people do in building or using a cloud is aggregate a bunch of resources all in one place. Unless that place happens to be where all of your users are all of the time, you’re going to have a WAN in between your users and your cloud services. If you go public cloud, you’re not even choosing where that one place is. You may choose to concentrate a lot of people’s daily activities on servers that happen to be on the other side of the U.S., thus you have a big wide area network between the two of you. In terms of SIO, it’s really the model you want to take from an IT perspective in offering services to users. The important thing about services offered by IT is you need uptake; you need people to use your services. You don’t want them to be working against you or working around you, etc., and so it behooves you to have high-quality services that are responsive, secure and scalable, which the cloud can help with. The one barrier it throws up is that stuff is farther away. The speed of light is not something we can play with at will, so the farther away it is, the more likely it is to be slower. That’s a challenge for a lot of people moving to cloud services.
In the introduction of your book, you begin by saying that the wide area network "can be the weakest link in implementing the cloud vision." Why is that and how is it even truer of private cloud environments?
Smoot: Distance can really hamper your project. Say you had some highly-interactive, Web-based application that presented a table with a lot of sketches for individual elements to a Web page. That application could get really slow if it was on the other side of the world. So you really need to take that into account in figuring out how to move services into the cloud and provide them to your users.
How can the wide area network be improved to support private cloud computing?
Smoot: There are a couple key things. WAN optimization is a technique that was developed to handle distant resources and potentially low bandwidth to get to them. Therefore, implementing WAN optimization is a good idea when rolling out your own cloud environment. Another one that is pretty fundamental is how you structure for service isolation. (See this resource on private cloud performance assurance.) Similar to software design where you try and create abstraction layers to keep changes in one part of some code from affecting another part, you want to use things like VRF to provide isolation within your wide area network. You can think of VRF as being an industrial strength VLAN. A VLAN is a virtual LAN that enables people to isolate services and users from one another, and VRF is a similar…. You would use [a VRF] on a wide area network.
What type of WAN optimization is needed to accelerate private cloud environments?
Smoot: The move to cloud is partially a furthering of the meta-trend towards Web-based applications. I’d say one key difference for an enterprise in the private cloud versus an enterprise that just has its data center running a bunch of services is you’re going to see a greater proportion of Web-based apps. That‘s not to say that cloud is only Web-based or that everything else is legacy and going away, but you tend to see more of it in a private cloud environment. Consequently, performing really good HTTP optimization is important for WAN optimization of this environment. Also, one thing that has happened at the same time is an increased use of HTTPS, so you see a lot more security WAN services. Thus, you want to make sure you have a WAN optimization solution that provides end-to-end security while it’s still optimizing. This is not as available from every vendor as you might think, so some people are dicey on their security levels.
Will hardware WAN optimization controllers still work? Why or why not?
Smoot: Hardware definitely still works. People implement the cloud metaphor by doing a lot of virtualization such as virtual servers and virtualization of networking. Thus, you don’t really think that you want to put a lot of boxes in, but you can use most of the WAN optimization solutions while maintaining isolation. You can keep different VLAN traffic on the VLAN, for example, which will let you keep the service isolation with a hardware optimization controller. Furthermore, the hardware provides a high level of scale. In private cloud environments, you have a little more control over how big of peaks you need to handle, so scaling for the very high end is not as hard as it would be if you wanted to do it for the entire Internet. Both of those are important. That said, virtual [WAN optimization controllers] probably fit better into most people’s models as they try and figure out how to roll this kind of stuff out. It has advantages in terms of horizontal scaling, in the way you think about it and in integration. For example, the Cloud Steelhead [from Riverbed] has this interception technique called the discovery agent where instead of doing interception of the network layer like every hardware appliance does and virtually every software appliance does, you can do it by putting this little piece of software on all the servers you want to optimize to, which lets you integrate Cloud Steelhead more easily into the cloud environment.
What is required to deploy WAN optimization in a private cloud computing infrastructure?
Smoot: There are two answers to this question; there’s a technical side and a business side. On the technical side, there are a lot of different things to think about. You need to understand what you’re trying to optimize and how it’s going to interact with all the other components of your network -- firewalls, IPS devices and load balancers. You’re not quite as free to place things where you want when you have an optimized environment. For example, you don’t want to do a deep packet inspection for intrusion prevention on an optimized string. You’re going to have the strings you’re looking for and the packets, which is important to take into account and design. Similarly, network visibility can control how packets look on the network. There are pluses and minuses to every different visibility mechanism. You may even need a mix of them. For example, in the Steelhead, you can mix transparent visibility in some places with direct addressing in others so you can match the different kinds of environments to the right technologies. On the business side, I’d say the key thing is knowing what business value you’re after. Is the most important thing for this project Web acceleration, video or SAP? You have to know what the value is and try not to get distracted by all the various bells and whistles.
Download a free PDF copy of Chapter 3 from the book Private Cloud Computing: Branch consolidation and WAN optimization in the private cloud.