If you went to VMworld 2010 you will have seen their superb Cloud video that kicked off the day 1 keynote. I found myself tweeting that VMware had borrowed my “Pizza and Clouds” analogy, which I started using earlier this year, and most recently refined for the Burton Catalyst Conference. Of course they didn’t really (why one earth would they?) but it gave me a good excuse to tell the story again. So here is Part I of Simon’s take on “Pizza and Clouds” – a story that I look forward to discussing in more detail at Synergy Berlin.
There is a common misconception amongst many enterprises that I meet, that service provider “Public Cloud” services are risky and not yet ready for the enterprise. CIOs are confident of their ability to run their private clouds, but have less confidence in the ability of cloud operators, whose sole business is the delivery of secure, multi-tenant cloud infrastructure, to do the same. While private clouds improve flexibility, dynamism and automation, most enterprise-focused service provider clouds already offer better service and lower cost. Now, of course my friends at VMware will tell you that only they can deliver a true enterprise-class cloud infrastructure (for private or public providers), but I will argue the opposite: a single-vendor, enterprise+cloud stack, built on proprietary technology that only pays lip-service to concerns for openness, compatibility and interoperability is simply an expensive way to stifle innovation, just as cloud computing is ready to take off. But to get to the point of the story, let’s start with the largest public cloud of all.
Recently, a F50 bank asked me for an intro to the Amazon Web Services (AWS) Virtual Private Cloud (VPC) team. I was lucky to be able to join the discussion. At the end of a deep dive into the architecture of VPC, the bankers said something like “Wow, this is great! So, when can we tour your data centers?” The response: “Sorry, but you can’t. And we can’t disclose their physical locations either.” To which the bankers said: “That could be a problem”. But when the AWS team asked “Would you use our service if we allowed your competitors to poke around our data centers?” the response was a thoughtful “No.”
Like any enterprise-focused public cloud vendor, AWS is financially motivated and legally bound to protect its customers, their data, and their apps. (Aside: didn’t you love the way VMware positioned AWS as the “consumer cloud”? As I type this I’m sitting next to @Werner, who smiles sweetly and says “bring it!”). Like other large cloud providers I’ve worked with, their drive to deliver security, availability and reliability (and other “ities”) is fanatical. One big slip up, and their brand will be tainted forever. But despite this, for many CIOs there remains a credibility gap: the resources of the cloud provider are by definition shared in some way with other customers. VMware plays well into the deep-seated anxiety and perceived loss of control: “VMware end to end = Enterprise Class” and “AWS = Consumer Cloud”. My response is this: Service Provider Clouds today can offer you greater visibility, security, compliance and control than you could ever have in your own data center. And they can do so with an open architecture that guarantees no lock-in, and absolute compatibility and interoperability with what you use in the enterprise, independent of vendor.
At the root of the distrust is a gap – one of understanding/skill-set: The API-centric offerings of cloud providers seems like gobbledegook to most IT admins, and the spectre of an API war-of-the clouds makes it difficult to understand how to map today’s enterprise workloads onto a wholly service based infrastructure. But before I tackle those issues, there are some even more basic concerns that crop up time and again, and that we can dispense with up front:
- For those that care most about exclusivity of access to the cloud (as opposed to sharing them with other customers of the cloud – via multi-tenancy) every enterprise-focused cloud (including AWS) offers a service option that guarantees that you need never share a physical server with another tenant of the cloud.
- They all support leased-line or VPN based access and can isolate exclusive access to your resources.
- Through a focus on fewer humans, simpler, more easily secured abstractions, and independent, secure isolation at multiple layers, and a heavy investment in the practice of security, purpose-built clouds can offer better security than any enterprise IT department, and
- By virtue of their scale and geographical distribution, clouds can make data, networking and compute available under conditions that would render your private cloud useless. For example, under attack or failure scenarios, compute and data can be easily relocated.
- Richly supplied with bandwidth, clouds will withstand attacks better than the enterprise. Because of their scale, they protect the perimeter of the network better and provide redundant connectivity to different core networks.
- Because of their rich connectivity, they are far better placed to deliver applications to end users who are geographically dispersed, and
- By virtue of careful design, they can guarantee that the probability of loss of data is infinitesimally small. But, you might need to check that the data is stored in a jurisdiction that meets your needs.
In spite of these arguments, I still hear objections. I think many of them arise from a failure to understand the differences between different cloud service models, so when I continue this post, I’m going to try to categorize them into four types using my version of the “Pizza and Clouds” story. That episode will have to be called “Pizza and Clouds Reloaded”.