For many organizations, the path to a private cloud seems almost preordained. Once they’ve invested in virtualization and consolidated servers, they believe that private clouds are the next logical step.
It is, actually, but just because you’ve gained efficiencies through virtualization doesn’t mean you’re a hop, skip and a jump from having full-blown private clouds. Anything but.
Here are five common myths about private clouds that you’ll need to shake off before you’re ready to take the plunge:
1. Virtualization equals private cloud.
No, it does not. Virtualization helps transform outdated infrastructures into dynamic, cost-effective, self-healing ones. That’s a lot, but beyond that, you’ll need more.
“An enduring myth of private cloud is that automation software can transform traditional IT processes and infrastructure into a cloud. If the only challenge was in provisioning a bare virtual machine, that might work. But IT needs to provision operating systems, databases, backup software, storage, network, and much more,” said Kevin Brown, CEO of storage vendor Coraid. Automation only succeeds after addressing the core issue of IT complexity.
“Rather than having custom services, cloud providers predefine their service levels and offerings. This discipline then filters down into the hardware and software architectures,” Brown said.
As the CEO of a storage company, the example Brown gave centered on storage, of course.
“Storage is typically standardized to support a small number of very specific service levels, such as basic storage, replicated storage, and high-performance storage. This simplifies provisioning systems and works best when paired with storage that can support every tier with a single platform.”
Once the infrastructure is highly standardized, automation enables small IT teams to manage very large- scale infrastructures. Of course, this sort of standardization spills over from whatever you start with, such as storage, to other applications and services.
2. Traditional security can be tweaked to work with private clouds.
Traditional datacenter security is all about perimeters. Keep untrusted people and traffic out, and let trusted insiders in. The trouble is that with the cloud and mobility there is no “out” or “in.”
“In a traditional private data center, people build strong walls between different segments of servers (development servers, finance servers, etc.). In a private cloud it is one big flat network, so IT has to figure out how to protect servers from each other in this environment. This is a real challenge,” said Rand Wacker, VP of Product Management for cloud security provider CloudPassage.
As organizations move to large pools of virtual servers, too many have limited network controls between them. The security solution that is needed is highly automated controls on each of the servers themselves.
Of course, plenty of cloud security solutions are emerging, but this space isn’t yet mature. Should you invest in hypervisor security, federated identity management tools or applications firewalls? Do you need all of the above? Yes, and probably more.
Security tends to consolidate over time, but for now cloud security equals an array of best-in-class point products.
3. Private clouds still rely on dedicated resources.
A true private cloud can grow and shrink, based on real-time processing needs, by taking advantage of idle resources on the network. Outdated thinking simply locks you into outdated computing models.
“The true benefit of the cloud – private or public – is its scalability,” said Eyal Maor, CEO of Xoreax, a provider of software acceleration technology.
“Consider this: while your development team members are using three cores on their quad-core machines, the marketing team is often using just one CPU. Even if you don’t consider the other underutilized computers across the other low-usage departments – accounting, data entry, call center – for each marketer plus developer, you have the equivalent of a completely free quad-core machine idle on the network.”
To achieve private cloud benefits, those idle processors need to be available. Of course, this means you’ll need better visibility, monitoring and management tools than you have now, but without them, your private cloud simply won’t scale like you think it will.
“If you don’t embrace new architectures, you’re simply building on top of bad choices. If you had bad storage utilization in the physical world, it’ll be worse in a virtualized or cloud environment because you didn’t fix what was wrong in the first place,” said Dan Lamorena, a director in Symantec’s storage and availability management group.
The same is true with disaster recovery, business continuity and whatever other app you intend to stick into your private cloud.
“If you’re not building in availability, if you’re not creating visibility across services, if you’re not prioritizing self-provisioning, if you’re not making it easy to chargeback, you’ll have all the same problems as before,” Lamorena added.
4. Starting with a private cloud makes it easy to go hybrid.
Security is the main obstacle between private and hybrid clouds, at least for now. As cloud security tools and services mature, this obstacle should fade. For now, though, once you figure out how you will secure an environment where resources are potentially available to everyone in the organization, it’s not that easy to expose them further into public clouds where your security tools don’t fit.
“It is certainly possible to move from a private cloud to a hybrid cloud, but in order to do this successfully you must design the private cloud assuming you will eventually move to the public cloud so that you have security in place that can span both,” Rand Wacker of CloudPassage said. “You can’t use technology that only works in the private cloud.”
Eventually, this will sort itself out, but that will take time. Security will be an add-on service offered by pretty much every public cloud provider. And in on-premise environments, security will adapt. More of it will be decoupled from the underlying hardware, making it more portable.
“The risk is that you will end up having a different set of security tools for private servers versus public servers. This means you just doubled your security work and will have inconsistent controls between the two,” Wacker added.
As the cloud matures and as security risks become more challenging, I believe more organizations will consume security as a service, rather than dropping ever more into their networks. Once security as a service is mature and manageable, security won’t be what stops you from expanding your private clouds to take advantage of public-cloud resources. That’s vision is still years away, though, so it’s important to resists the temptation to believe cloud vendors when they paint a picture of an idealized cloud world.
In an ideal cloud world, security challenges are simple, and it’ll be easy to move between private and public resources. In the real world, this stuff is ridiculously complex.
5. A private cloud will cost you your job.
Unless you’re an IT Luddite, the cloud will not cost you your job. Of course, just as many IT folks hope that the cloud will help them keep their jobs. Both worries are misplaced. The thing to realize is that the cloud is changing the role of IT, but so is mobility, and so is social media, and so will something else tomorrow. Half of IT’s job, maybe more, is managing change, so this should be a challenge you can navigate.
What the cloud and all of these other trends mean to IT is that the skills that are necessary today may well be automated out of existence tomorrow. IT’s role won’t disappear, nor will it necessarily grow, but it will definitely be different.
“IT needs more business savvy than ever before. Many cloud decisions are economic ones. That’s how you’ll judge one application over another, or how you’ll decide whether to use a private versus a public cloud,” Lamorena said.
In the past, it was important to retain some crotchety old IT vets who knew how to fix ancient custom applications when they broke. You needed someone who could fire up that database that no one accessed for years – just in case. Now, those legacy applications are being either abandoned or migrated into private clouds, and obscure IT talents are being absorbed by automated tools.
IT should start proactively carving out new areas of expertise. Security is already an IT specialty, but it should become a skill that is a prerequisite, not a specialty. The specialties should be things like “social media security,” “mobile security,” and even “Facebook security.”
IT can also claim a niche in social media, and it is already doing a good job of positioning itself as the facilitator of enterprise mobility.
However, IT needs to do a better job of advocating for itself. More of your leaders, CIOs and VPs, are coming from the business world, instead of the tech one. They’ll favor their own, so it’s time to start acquiring new skills.
The stereotype of the IT guy with no social skills, a thick neck beard and a grubby Star Trek t-shirt will soon be as outdated as an Altair 8800. IT pros need to be ready for that, and they need to be ready to make the emerging stereotype of the CIO who knows next to nothing about technology just as outdated.