Click here to close now.

Welcome!

Security Authors: Liz McMillan, Pat Romanski, Srinivasan Sundara Rajan, Elizabeth White, Kevin Jackson

Related Topics: Cloud Expo, Java, SOA & WOA, Virtualization, Web 2.0, Security

Cloud Expo: Article

Goldie Locks and the Three Clouds: The Rise of the Enterprise Cloud

A cloud needs to be more than an infrastructure dispenser – providing small/medium/large chunks of infrastructure for each user

We all know the story of Goldilocks and the three bears, but have you heard the one about Goldie Locks and the three clouds? This tale is playing out throughout the IT marketplace.

Goldie Locks - an IT executive for a state government - has once again found herself in a dilemma. "If only I could choose one of the three options," she sighs. Goldie's dilemma is a result of competing requirements within her enterprise. Regarding infrastructure costs, Goldie has been told to "do more with less."

"If someone says that one more time, they're going to have porridge thrown at them," she huffs. Goldie knows that standardizing infrastructure requirements to serve the business and its processes securely, reliably and quickly is a proven way to reduce capital and operational costs. On the other hand, various business units and their departments have specific requirements for their mission-critical applications. They are resisting giving up control.

While many of her colleagues suggest she use the public cloud, Goldie believes that the security implications would be a deterrent to acceptance within her enterprise. Though she has done a thorough job investigating various cloud computing models, she needs to put together a request for proposal (RFP) to start searching for outside help with her dilemma.

She begins by taking into consideration the three standard deployment models of cloud infrastructure and their hybrid combinations - as defined by the U.S. National Institute of Standards and Technology (NIST) - and determining whether these are a fit for her enterprise:

  • Private cloud: Provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units).
  • Public cloud: Provisioned for open use by the general public.
  • Community cloud: Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations)
  • Hybrid cloud: A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds)

"Death by Committee" is her thought after analyzing these models. Each is too narrow for her enterprise. These cloud deployment models only provide the "how" without truly understanding the "what" and "why" of her situation. The IT side of the decision is obvious - drive down operational and capital costs to give the IT team time and money to solve strategic issues for the business. The best way to do this is to standardize processes, automate tasks and share infrastructure and administrative resources as much as possible. This is, in general, what a cloud provides.

But IT is serving a set of key stakeholders who have requirements beyond infrastructure. These stakeholders are the application/business owners who rely on IT to support delivery of their revenue-generating services and products. They are not well served with the three deployment models defined above, nor are they served by a hybrid of those models.

A Look into Goldie's Enterprise
In general, an enterprise consists of distinct parts (such as business units) that serve different customers, have different financial results and offer different products and services. They are fairly autonomous, but all operate from a common set of financial resources and processes, a common strategy and common metrics that determine success.

Consider Goldie's enterprise, which is a consolidation of a number of state agencies:

Her enterprise is partitioned into two high level branches (State Police and Transportation), where each branch consists of multiple, semi-autonomous departments. Each of those departments is interested in controlling their own infrastructure. Furthermore, their security and administrative processes differ from one department to another. Different departments must comply with their own levels of privacy, availability and service metrics.

For example, the Department of Public Info Office, within the State Police branch, may require highly predictable, millisecond response times for public users. In this instance, it may make sense to use public cloud infrastructure for the web servers, since there may be a requirement to scale up very quickly to reach high workload demands.

The Department of the Deputy Commissioner, also within the State Police branch, may also require specific infrastructure services, processes, automation and regulations, such as "hardened" OS images and encryption for all transmission of information.

The Department of Highway Administration, within the Transportation branch, must guarantee that their web site is available 99.999% of the time. They may have high availability requirements that demand duplicate resources at a disaster recovery site, as well as requirements for high-availability configurations.

NIST Deployment Models and the Enterprise - Square Peg, Round Hole
Goldie's enterprise cloud must be structured to support these multiple "parts." In turn, these parts can themselves have parts, and so on. This is similar to many of today's enterprises, which are the result of consolidating other businesses and agencies that need to function in a semi-autonomous fashion, but are still members of the larger organization.

A cloud needs to be more than an infrastructure dispenser - providing small/medium/large chunks of infrastructure for each user, without considering the unique requirements for different groups of users. Goldie knows that today's cloud products and services do not meet the needs of her enterprise stakeholders. She would like to deploy a single, centralized enterprise cloud that allows business units and their sub-units to:

  • Share underlying virtual resources as one large collection of cloud resources
  • Allow end users, such as developers, testers, demonstrators and system admins, to use a simple service catalog to manage the lifecycle of all cloud resources in the same manner
  • Set up autonomous administration, with unique policies and processes, as required
  • Allow business units to deploy their entire spectrum of applications, with unique service level objectives for development, test, production, mission-critical and regulated workloads

Now, let's see why the current cloud models cannot address these requirements.

Private Clouds
Goldie has looked at all of the currently available private cloud products. "These are too small-minded," she thinks. Every private cloud offers "multi-tenancy," which allows each business unit to manage its allotted set of cloud resources. But none of them offers any additional structure beneath the first level. Many of Goldie's business units have their own autonomous sub-units that require unique policies, processes and resources. They will want their own cloud, which does not meet her first requirement.

Public Clouds
She then turns to the available public clouds. "They are big and cheap, but my stakeholders do not want to expose their mission-critical or regulated applications." She chuckles thinking about a specific security dink she knows who actually turned pale when she suggested a public cloud for his application. On the other hand, she is painfully aware of some development teams that are slipping under the radar and deploying virtual resources in a public cloud for test and development. It's cheap and cheerful, but it's not handled by the centralized IT department and it exposes the business to risks.

Community Clouds
A community cloud offers cloud resources to a like-minded set of users / administrators. These users have agency-specific requirements, such as service levels, privacy, etc. If individual community clouds are deployed, then Goldie cannot optimize the sharing of all of the cloud resources. "This just isn't right at all," she says.

Hybrid Clouds
The final NIST deployment model does not provide any capabilities over and above the first three models. Instead, it is defined as one or more distinct instantiations of either a private, public or community cloud. Goldie has looked at all of the hybrid cloud management services and products, compared them to her requirements and decided that it doesn't meet her needs.

The Rise of an Enterprise Cloud
Through her analysis of the traditional cloud models, Goldie concludes that none of them are quite right. What she's looking for is a cloud that can address requirements unique to her enterprise. Let's refer to this as an "Enterprise Cloud." An Enterprise Cloud provides the capabilities of private, public and community clouds within a single cloud management platform that can support heterogeneous processes and requirements.

Goldie eventually conceived of the Enterprise Cloud illustrated below. It consists of a blend of internal datacenter resources, as well as resources provided by one or more public clouds. These are the "raw ingredients" that are abstracted into "cloud resources." Each agency can choose the specific cloud resources it needs to meet its requirements, including high availability, speed of deployment, cost, compliance with regulations and low latency response times.

Cloud-wide administrators, as well as specific agency and sub-agency administrators, are responsible for managing cloud resources through one "single pane of glass" interface. Aside from the properties of the cloud resources, their life cycles are all managed in the same manner, independent of where the raw materials came from. The end users of the cloud (e.g., testers, developers, infrastructure administrators) can be isolated from the underlying source of the raw resources. For example, an application could use public cloud for its web-facing tier, a low-cost set of internal cloud resources for its application tier and a highly regulated, encrypted and hardened set of cloud resources for its data layer. Goldie thinks of this as a "Hybrid Enterprise Application."

Goldie concludes that she needs to strike out on her own and develop a unique RFP that reflects her mental image of an Enterprise Cloud. If she settles for the types of clouds that are enumerated in the NIST document, she will never convince the various stakeholders to share a single cloud.

By focusing on key requirements, such as a single management framework across the enterprise, using public clouds and the datacenter to store virtual resources and providing a hierarchical multi-level tenancy structure, Goldie decides that she has finally found an Enterprise Cloud that is "juuuuuust riiiight."

More Stories By Michael A. Salsburg

Dr. Michael Salsburg is a Distinguished Engineer and Chief Cloud Solutions Architect for Unisys Corporation. He holds two international patents in infrastructure performance modeling algorithms and software. In addition, he has published more than 60 papers and has lectured worldwide on real-time infrastructure, cloud computing and infrastructure optimization. In 2010, Dr. Salsburg received the A. A. Michelson Award from the Computer Measurement Group – its highest award for lifetime achievement.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
The Workspace-as-a-Service (WaaS) market will grow to $6.4B by 2018. In his session at 16th Cloud Expo, Seth Bostock, CEO of IndependenceIT, will begin by walking the audience through the evolution of Workspace as-a-Service, where it is now vs. where it going. To look beyond the desktop we must understand exactly what WaaS is, who the users are, and where it is going in the future. IT departments, ISVs and service providers must look to workflow and automation capabilities to adapt to growing demand and the rapidly changing workspace model.
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
Cloud data governance was previously an avoided function when cloud deployments were relatively small. With the rapid adoption in public cloud – both rogue and sanctioned, it’s not uncommon to find regulated data dumped into public cloud and unprotected. This is why enterprises and cloud providers alike need to embrace a cloud data governance function and map policies, processes and technology controls accordingly. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems, will focus on how to set up a cloud data governance program and s...
As organizations shift toward IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection &E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his session at 16th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships, will discuss how to cut costs, scale easily, and unleash insight with CommVault Simpana software, the only si...
Hadoop as a Service (as offered by handful of niche vendors now) is a cloud computing solution that makes medium and large-scale data processing accessible, easy, fast and inexpensive. In his session at Big Data Expo, Kumar Ramamurthy, Vice President and Chief Technologist, EIM & Big Data, at Virtusa, will discuss how this is achieved by eliminating the operational challenges of running Hadoop, so one can focus on business growth. The fragmented Hadoop distribution world and various PaaS solutions that provide a Hadoop flavor either make choices for customers very flexible in the name of opti...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
Roberto Medrano, Executive Vice President at SOA Software, had reached 30,000 page views on his home page - http://RobertoMedrano.SYS-CON.com/ - on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, and SOA World Magazine. He is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.
HP and Aruba Networks on Monday announced a definitive agreement for HP to acquire Aruba, a provider of next-generation network access solutions for the mobile enterprise, for $24.67 per share in cash. The equity value of the transaction is approximately $3.0 billion, and net of cash and debt approximately $2.7 billion. Both companies' boards of directors have approved the deal. "Enterprises are facing a mobile-first world and are looking for solutions that help them transition legacy investments to the new style of IT," said Meg Whitman, Chairman, President and Chief Executive Officer of HP...
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
Operational Hadoop and the Lambda Architecture for Streaming Data Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, representing a model of how to analyze rea...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
PubNub on Monday has announced that it is partnering with IBM to bring its sophisticated real-time data streaming and messaging capabilities to Bluemix, IBM’s cloud development platform. “Today’s app and connected devices require an always-on connection, but building a secure, scalable solution from the ground up is time consuming, resource intensive, and error-prone,” said Todd Greene, CEO of PubNub. “PubNub enables web, mobile and IoT developers building apps on IBM Bluemix to quickly add scalable realtime functionality with minimal effort and cost.”
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
With several hundred implementations of IoT-enabled solutions in the past 12 months alone, this session will focus on experience over the art of the possible. Many can only imagine the most advanced telematics platform ever deployed, supporting millions of customers, producing tens of thousands events or GBs per trip, and hundreds of TBs per month. With the ability to support a billion sensor events per second, over 30PB of warm data for analytics, and hundreds of PBs for an data analytics archive, in his session at @ThingsExpo, Jim Kaskade, Vice President and General Manager, Big Data & Ana...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...