We’re excited about announcing vCloud Datacenter Services at VMworld 2010 because they're the first examples of a globally consistent enterprise-class hybrid clouds. Let me explain what that means and why it’s important.
In a nutshell, vCloud Datacenter Services — offered globally by leading service providers — marry the dynamic, on-demand nature of public cloud services with the compatibility, security and control that enterprise computing requires. A hybrid cloud is defined as two or more clouds that offer data and application portability.
We did a great deal of research with our customers – talking to those who were considering external clouds into their computing environment. We learned a lot from these conversations and I’ll be writing about them in a series of future posts.
There was a consistency to what we heard: enterprises of all sizes that loved the promise of the dynamic, on-demand nature of public clouds – the ability to get computing capacity quickly, with no up-front investment and few restrictions in the types of operating systems and software that could be deployed.
Some of you were finding it a bit uncomfortable, in fact, because there was now an external yardstick for the price of on-demand, commodity computing and storage capacity — which drove focus and learning around the benefits that cloud computing might bring to your organizations. This led to another critical insight: access to on-demand computing as a commodity was not enough by itself.
Portability and compatibility
Why? The first challenge is both economic and technical: we learned that a lot of pilot cloud projects were brand new applications, largely because it was technically difficult to take an existing application and make it work in an external cloud. Existing systems are what an organization depends upon, and in economic terms they represent sunk cost. So the extra cost of re-writing or porting an existing system to work in a shiny new cloud environment is often a non-starter.
At the same time, you were very conscious that the majority of IT dollars go into keeping the lights on for existing systems – so the cloud’s ability to reduce some of those costs or avoid new ones (e.g. a datacenter build out) was attractive.
As a result, a key feature of all vCloud Datacenter services is VMware-certified compatibility and portability: you can take existing virtualized applications and move them to the a public cloud provider of their choice with little or no rework.
Much as I wish there was no rework at all, some systems have assumptions about the operating environment baked into them – such as IP address ranges – which means there is some work to remove those assumptions. But, with systems that don’t have that kind of restriction – and there are lots of those – there is no need to wait for an internal cloud deployment. You can start getting cloud computing benefits right away using the virtualization technology you’re already familiar with: VMware.
Another important area that we heard about time and again was security. Consequently, security is a key part of vCloud Datacenter services. There are three parts to this: the security of the cloud infrastructure itself, the applications running in the cloud, and the access and authentication rights for cloud users within your organization.
You told us it wasn’t enough that the infrastructure and apps are protected; security teams and auditors need to be able to verify and document it too. To deliver on that, vCloud Datacenter service infrastructure has to meet a strict set of physical and logical security controls, with all logs available for inspection by third party auditors. We developed a control set derived from ISO 27001 and consistent with SAS70 Type II for that purpose, which our service provider partners implement.
We also took advantage of the new vShield Edge and vCloud Director “follow the app” virtual security, which provides a full stateful firewall (again, the logs are available for audit), virtual Layer 2 networking, and full Layer 2 network isolation. As a result, security policy and implementation automatically follow the app, regardless of where it lands physically. (There will be more on this in another blog post.)You also get full role-based access control, authenticated against your own enterprise directory so that you have the kind of access and authorization security you’re used to.
In short, we think the enterprise cloud is about three things: agility for computing services, portability of existing virtualized applications, and security – not just the protection you expect, but also the transparency required to pass audit.
I’ll be writing more about our experiences working with customers who are building enterprise cloud environments in future blog posts. In the meantime you’ll find more details on vmware.com