In October of 2009 I was interviewed by GovIT Journal and in that article I presented my view that Cloud Computing is highly dependent upon the network. The actual quote given was, “Which just goes to show, the telco providers still hold all this stuff by the balls!” More than ever, based on my work over the past four months as Merlin International’s Chief Architect, I still believe this is a critical and pertinent factor regardless of your Cloud Computing architecture.
Indeed, I have relished these past few months because they have presented me with the opportunity to delve deep into the muscle tissue of Cloud Computing. One of Merlin’s key areas of success has been in providing networking and data center hardware and software. While many architects can talk a good game about Cloud Computing, few have actually walked the stack top to bottom and actually touched the underbelly of the beast. Shoot, I even became a Riverbed Certified Solution Professional, a wickedly-cool WAN optimization product and am now focusing on Network Appliance certifications next. Understanding these “organs” of the Cloud truly provide unmatched insight into what is achievable and what is hype.
Meanwhile, I’ve been deep in muck gaining real insight into what Federal government customers are dealing with in trying to provide agile infrastructures to support the growing and changing needs of their user base. It’s real easy for pundits to step up and present a vision for Cloud Computing as a configurable resource that’s capable of meeting all needs, but I really believe that is a misnomer. In fact, more than ever I believe that we need to specialize Clouds to support a specific purpose. For example, I advocate that users need separate Cloud Computing infrastructures to support their full-motion video needs and their back office applications and that these should not live on the same Cloud infrastructure; especially if utilizing multicast video capabilities.
Vendors spewing forth mumbo-jumbo about creating a group of virtual machines and deploying them in an automated fashion seem to be heavily focused on new and simplistic database and business applications. Anyone doing heavy lifting on their network, dealing with saturated WAN egress points and leveraging legacy applications know that this is a pipe dream designed for the R&D lab. Putting together a Cloud Computing architecture requires a solid Enterprise Architecture effort in which the AS-IS and TO-BE architectures are fully understood and documented and there a roadmap that describes how to move from one to the other inclusive of details, such as security, auditing, monitoring, utilization, tuning, etc.
Oh, and let’s talk about security. I’m going to be putting forth an entire blog entry shortly on the real issues with defending against cyber threats, but, needless to say, building out a Cloud Computing solution before you even implement a single sign-on solution and identity management program is a recipe for redundancy and increased overhead at a minimum and breach in the worst case.
In this article, Hord Tipton, executive director of (ISC)2, the International Information Systems Security Certification Consortium, and ex-CIO of the Interior Department and Bureau of Land Management, makes an important point that security must be baked in from the start. I couldn’t agree more. Putting a few Intrusion Prevention Systems (IPS) or Data Loss Prevention (DLP) tools as the egress/ingress points cannot stop one of the biggest security flaws we have because they are designed into the core of the applications that manage and control the data. The move to the Cloud only exacerbates these problems. However, I will admit the move to Cloud offers a tremendous opportunity to deliver security as a service and then port the applications to the new architecture to minimize the risk of potential breaches.
One thing is for sure, this Cloud puzzle is large and offers a great opportunity for efficiencies. However, we need to be pragmatic in our approach or we risk exacerbating current problems instead of solving them.