Like many disruptive events, the motivation for moving to a Private Cloud is the existence of an inflection point that necessitates a shift. Today's complex, often brittle, IT infrastructure and the desire to simplify IT is that inflection point. The current economic realities and budgetary climate in Washington and State Capitals, along with the desire to save energy, reduce capital and operational expenditures, share resources and provide more transparency to citizens on how tax dollars are spent are adding additional rationale for governments to implement Private Clouds to address this complexity.

The initial capability to begin the journey is a fully virtualized datacenter. Virtualized resources allow the pooling of compute, network and storage resources that are then shared across applications and users which enables on-demand resource allocation. Once virtualized the following check-points along the route to a Private Cloud need to be considered:

• Automation of management operations. The result will be a zero-touch Infrastructure model that is driven by policies that automate routine tasks, minimize operational expenses and overhead.
• Development of service delivery models. Standard definitions for services and service levels allow the reduction of the number of variations supported and allow for the enforcement of standard methods and procedures that can then be easily automated.
• Metering of Services. A metering model for tiered services will allow the business to have a transparent view of the cost associated with the various lines of business applications.
• Providing user self-service capabilities. The provisioning and deployment of services within the parameters of defined business and governance policies provides a distributed, time-essential execution capability that is controlled by automated policies increases the ability of a agencies and departments to react to changing requirements while maintaining compliance with centralized policies and security models.
• Open and interoperable standards. Application mobility between clouds within a common management model, based on open standards, extending to other public or private clouds is a key condition to achieve flexibility.

The promise of reduced capital and operational expenses, higher customer satisfaction and greater control over security are some of the contributors today that are convincing governments to move to Private Clouds. Those organizations that chose to transform their computing model on a robust platform that provides core features such as high availability, the ability to optimize resource allocations to ensure service levels; built-in disaster recovery mechanisms to ensure business continuity; a security model that encompasses dynamic infrastructure and boundaries; and application-aware infrastructure to self-optimize application performance will be in the best position to achieve the promise of the Private Cloud.

For further information, please contact David Hunter at: hunter@vmware.com or visit http://www.vmware.com/cloud for more information.

Posted: April 15, 2010

One way to meet these requirements is to architect the cloud platform so that it can conform the infrastructure upon which it is deployed, particularly with respect to the mechanisms with which policy is implemented. That is, the private cloud platform must be able to accept infrastructure governance defined for its environment rather than dictate governance requirements.

Open-source as a distribution style for the cloud platform software is particularly good at facilitating this form of policy malleability. Community contributions often take the form of modifications to specific configurations and environments. The source code is available so that customization is possible, and the interaction of the platform and the infrastructure is transparent.

From a more technological perspective, the "scale" of the private cloud platform is often a metric of great interest. There are two types of scale, however, that must be considered: request scale and resource scale. Request scale refers to the number of requests (usually from separate users) that the cloud can support per unit time. For IaaS-style clouds, these requests are transactional. That is, each request must either complete or fail unambiguously, usually within a specific timeout period (we at Eucalyptus use 60 seconds).

On the back-end, the cloud platform must be able to use (efficiently) large collections of widely varying resources (machines, networks, storage devices, etc.) The key to achieving both user scale and resource scale reliably is to exploit eventual consistency in the internal state management of the cloud platform itself. As with user-facing cloud storage abstractions (e.g. "blob storage"), eventual consistency enables both reliable operation and vast resource scale. Managing eventual consistency, particularly to implement the platform, can be complex but it is the purpose of the cloud to hide that complexity in the cloud platform so that it is not exposed to the applications, the users, or the cloud operators.

Finally, private clouds must implement cloud provisioning abstractions. Virtual machines in a cloud, for example are similar to but not exactly like virtual machines in a data center. The same relationship exists between cloud Internet addresses, storage abstractions, firewall rules, etc. The cloud is a more dynamic usage model, and as a result, a more efficient model for managing IT resources. To exploit the maximum benefit it offers, it must support services that allow applications to take advantage of this dynamism.

For further information, please contact Rich Wolski at rich@eucalyptus.com or visit www.eucalyptus.com

Posted: April 19, 2010

What people actually want, when they talk about cloud computing, is a far more radical improvement in the way that they acquire and use information management and business process automation. Cloud computing is far less a technology model than it is a model of service delivery. It's a set of promises that service providers make to their customers: promises that may have been made in the past, but are only being truly fulfilled today.

• Cloud computing is a promise that a business process initiative can get off to a rapid start, focusing on the problem to be solved – not on the limits and delays of a capital budgeting process.
• Cloud computing is a promise that the customer's scarce resources can be reserved for the creation of competitive advantage, with the service provider assuming the burdens of maintaining the security and performance of the software stack beneath the customer's applications.

Enterprise cloud computing is a distinct category of cloud computing, as opposed to consumer Web applications:

• "Enterprise cloud" implies a further promise of rigorous and audited security, high availability and robust capabilities for customization and integration.

If it's cloudy, the customer shouldn't need to purchase and support peak-load capacity that exceeds the everyday need. If it's cloudy, the workload of security patches and other updates should be the provider's problem; the benefits of continual upgrades should be an unmixed blessing for the customer, included in predictable subscription pricing.

Is it possible to deliver the cloud's distinctive advantages in an on-premise installation, or in a reserved instance of hardware located off the customer's site? It's possible, but most "private cloud" efforts let the adjective vastly overshadow the noun – and wind up constructing a best-practice data center, using technologies such as virtualization that substantially improve hardware utilization, but falling well short of the full potential of the cloud computing model as applied to appropriate tasks.

It's well and good to like the idea of "private," but that goal should not take precedence over the compelling economics and the benefits to business agility that come from being "cloudy."

For further information, please contact Peter Coffee at: pcoffee@salesforce.com

Posted: April 25, 2010

The Internet has become part of cloud's evolution because of its prolific adoption worldwide and the ever growing consumerization of IT. Citizens are increasingly using Web tools to communicate, make purchases and access information - blurring the line between enterprise and consumer based solutions. People are expecting more from IT both at home and at work, and it's forcing government's hand as it strives to connect with citizens, attract workforce talent, offer services more efficiently and become more open and transparent.

The cloud industry is currently building solutions within private data centers based on existing best practices in security, privacy and governance models. But leaders still have security concerns because they can't touch the servers and customize the solution to the granular level of detail they are accustomed to. To alleviate these concerns, there are great questions being asked by industry stakeholders: Should existing standards be modified to fit the cloud? How do government agencies know that C&A requirements are being met in public cloud solutions? What if there is a data breach or data leakage?

The challenge involves highly specialized systems, perception and lack of maturity. The thought of hosting data in a non-government data center, on public servers owned by third party vendors, has always raised security and privacy concerns for government agencies. Traditional hosting solutions eased some of this concern by adhering to Federal C&A and allowing government customers to customize, audit and access facilities - all of which drive up the cost and time to market of the solution. The promise of cloud computing takes traditional hosting to the next level, offering commodity based services that are cheaper and faster to market because they are not unique services tailored to individual agency needs.

The end state goal for the cloud has always been "dynamic IT" - the ability to deliver computing services to people, devices and applications when and where they need them in a metered, only- pay-for-what-you-consume procurement model. Business models will change, standards will emerge and innovation will happen at rapid paces, but the need for choice and private clouds will be here for some time. It's a vision and journey that I'm excited to be part of!

For an unabridged version of this post, see Teresa Carlson's FutureFed blog at: http://blogs.msdn.com/USPUBLICSector/

Posted: May 11, 2010

A private cloud implementation can offer significant benefit to those Federal IT leaders seeking to realize some of the benefits of cloud computing while maximizing control over their environment. As a starting point, NIST has listed several essential characteristics of cloud computing that Federal IT leaders embarking on a private cloud investment would benefit from examining. The essential characteristics that they list are: on-demand self-service, broad network access, resource pooling (e.g., multi-tenancy), rapid elasticity (e.g., rapid scaling), and measured service.

In order to securely leverage the capabilities of a private cloud, an organization would need to ensure their data centers have the correct technical underpinnings and implement the appropriate operational processes, governance and management. While new components and legacy components will vary by organization, there are common essential components that will likely be needed:

• Virtualization allows multiple instances of "guest" operating systems to run concurrently on the same physical infrastructure and enables "multi-tenancy," which is the sharing of physical resources. The resulting increase in server utilization can reduce HVAC and electric costs, data center size and other related infrastructure costs. Also, contemporary virtualization offerings can facilitate scalability, self-service provisioning and continuity of operations (COOP).
• Storage technology, such as disk arrays, storage area networks (SANs) and storage connection technologies, with supporting software can provide the underlying persistent storage and facilitate COOP and location independent access.
• Security capabilities such as identity management, logging and auditing, anti-malware software, intrusion detection systems and intrusion prevention systems, and virtual machine isolation should be considered.
• Provisioning tools, management tools, and metering instrumentation are key to providing Federal IT leaders and users with many of the advantages that a private cloud can offer: self-service, burst capability, scheduling, service-level agreement (SLA) monitoring, and if needed, metering for "pay as you go" functionality.
• Networking infrastructure for the cloud should be engineered to carry the additional traffic required to connect the service provider to the consumer.

"There is a major trend playing out over the next few years where internal IT providers want to make fundamental changes so that they behave and provide similar benefits (on smaller scale) as cloud computing providers," states Gartner's Thomas Bittman. For those organizations looking to maximize the ROI of their internal IT investment and maintain control, a private cloud may be an attractive option.

For further information, please contact Larry Pizette at: cloudbloggers-list@lists.mitre.org

Posted: April 29, 2010