Cloud computing promises to be one of the most dramatic transformations in technology since IT shifted from mainframes to client server systems. However, cloud computing comes in different shapes and sizes, and the type of architecture used will have an impact on the network. Network managers must be involved with the decision about which cloud architecture is used and must understand the impact that private, public or hybrid clouds will have on the network. For the majority of cloud computing deployments, network optimization will be the key determining factor for the performance of “the cloud.”
Don't miss any of the articles in this tutorial on network planning for cloud computing:
Editor’s Note: Part one of our three-part series looks at the impact public clouds have on an organization’s network. Zeus Kerravala describes how network managers can plan for increased bandwidth needs, mitigate the security risks, and modify network architecture to support a public cloud model.
A public cloud is a compute model where a cloud service provider makes resources such as applications, computing power and storage available to organizations over the Internet. With public clouds, the compute resource is located in the network, and the deploying organization pays only for what it consumes. In this model, if an organization needs more compute power for a short period of time, it can order more from the service provider, utilize the service for as long as necessary and then return to normal operations.
This model appears to be a simple one, but even the most basic of cloud services can fail if the key network considerations are not taken into account along with the deployment. There are two main areas of focus for the network when it comes to public cloud deployments: bandwidth and security.
Because public clouds will be provisioned over the Internet, performance of the network that connects to the cloud service can be as unpredictable as the Internet itself. The Internet is a complex mesh of interconnected nodes, so connecting to a cloud service could involve many hops across many service provider backbones. One way of optimizing the performance is to minimize the number of network hops between the organization and the cloud computing provider. To do this, some research is needed. Network managers must understand how the cloud providers their company is considering connect to the Internet and make one of two choices: either connect to the Internet with the same network operator that the cloud provider uses, or choose a cloud provider based on the network connectivity they currently use. Buying a service that includes network connectivity would be a viable way to ensure that the number of hops between the organization and the cloud is minimized.
The other way of optimizing bandwidth is through the use of a WAN optimization device that optimizes the network connection to the cloud computing provider. For example, if an organization were to purchase a computing service from a public cloud provider, it might need to move a large amount of data between the organization and the public cloud. A WAN optimizer would significantly reduce the amount of traffic sent across the wire and, in effect, would make the connection seem faster. Most cloud providers won’t allow an organization to deploy its own hardware in the cloud, but many WAN optimization vendors are developing solutions that are designed to be deployed remotely into a cloud environment, which will resolve this issue.
Since many of the cloud services will be accessed directly over the public Internet, security concerns are one of the biggest deterrents to the use of cloud service for critical information. One possible solution is to use a virtual private network (VPN) to connect the cloud provider to the organization, but that can affect performance; and, as mentioned earlier, making the network part of the decision is critical to success. Another solution is to use cloud services for noncritical information in order to minimize risk, but it is likely that most organizations will eventually want to expand their deployment. Network professionals researching public cloud services need to keep in mind these security issues:
- An audit of your cloud computing service provider’s security processes must be performed to ensure that they are at least as good as the processes in your organization -- preferably better. Then repeat this audit periodically, with no more than six months between audits.
- The proper authentication audit trails must be in place so it’s easy to understand who made what changes and when. These audit trails need to be in place for both the cloud customer and the cloud service provider.
- If security and privacy are absolute deal-breakers, be sure that infrastructure and data isolation is in place. This will ensure that the information between the multiple tenants of the cloud provider will be kept apart from one another. Some cloud providers may balk at this initially because it benefits the cloud operator to have multiple tenants on the same hardware platform. Be aware that separate physical servers will cost more than a shared server model.
- Because cloud services run over the public Internet, the cloud provider needs to support security services that will prevent malicious traffic such as DoS attacks from degrading the performance of the service. This includes technology such as firewalls and intrusion detection and prevention systems.
Security concerns will be the most difficult part of the connectivity chain to handle, so it’s extremely important that all the right steps are taken and all these matters are discussed before a cloud operator is selected for your public cloud deployment.
Next: Deploying private clouds