Explaining the Hybrid Cloud

A public cloud environment is open to anyone with an Internet connection. In contrast, a private cloud environment is available only to the owners of that service environment and other entities they choose to share it with, such as business partners or customers. A hybrid cloud, on the other hand, offers the ability to integrate and connect to services across public and private clouds and data centers to create a virtual computing environment — a fluid mix of on-premises physical infrastructure and virtualized infrastructure that may be located on- or off-premises. However, before getting into more detail about how this environment actually works, you need to understand the continuum from public to private clouds.

Obviously, all cloud environments aren’t the same. In fact, because the computing needs of a business aren’t static, but change frequently, the best way to determine the type of environment that meets your needs is to think of a cloud as a continuum. It might be straightforward to assume that all public clouds are the same and all private clouds work in the same way. But in reality there are shades of gray. For example, you might have a public cloud service that is only available to customers who sign a long-term agreement. You might have a public SaaS service that offers a private version of the same application. You might have a private cloud that is actually part of the data center. Some public clouds might offer a sophisticated level of security offerings while other public clouds have virtually no security at all.

The bottom line is this: Meeting the needs of business requires that IT provide a variety of different types of cloud services. Understanding the characteristics of a continuum of cloud services will help you understand what’s required to meet specific business goals. Ultimately, you need to select the type of cloud service that will provide use of the right resources at the right time with the right level of security and governance.

Open community clouds

The most open type of cloud environment is an open community cloud, a cloud environment that doesn’t require any criteria for joining, other than signing up and creating a password. In fact, you can create an account under an alias. There are two primary types of open community clouds:

Commercial sites with a strong advertising model. These clouds may be private or publically owned and include social networking environments such as Facebook, LinkedIn, and Twitter. These sites rarely charge a fee to users and use the size and scope of their user base to sell advertising. Some sites such as LinkedIn have professional, fee-based services that offer access to more in-depth services and information. Although these sites do not have an explicit guarantee of service to users, they do have an obligation to advertisers.

Open community sites enable individuals with a common interest to participate in online discussions. There might be a community of professionals in a certain industry, such as manufacturing or retail, that want to share ideas. There are many communities based on individuals who share a passion for a hobby, such as biking or chess. There is typically very little security and no guarantee that the site will remain active over time. Open community sites frequently disappear when the most active members move on.

All of these community sites have some characteristics in common, including the following:

A relatively simple sign-up process: The only criterion is that you have a login name and password and an e-mail account.

Requests for additional information: Some more sophisticated sites may ask you to provide information about yourself, whereas others don’t ask users for any information at all.

Low-level security: The level of security is very low for these sites. With little effort, someone without authorization to do so can gain access to an account. Most of these sites include disclaimers about how they will or will not use data. They explain their responsibilities in managing the site and warn users not to use copyrighted material and the like.

No service-level guarantee to the user: This doesn’t mean that these community sites perform poorly. How well they perform is based on the engagement of the community and how important that site is to those managing the site. For example, the consumer products manufacturer in the previous example might spend a lot of time and money maintaining a site that provides important product information to customers and generates goodwill and loyalty. In addition, the site may become a valuable source of consumer sentiment and market research on new and existing products. Members of the site may enjoy the benefit of a well-managed and useful site.

If the company changes its business focus or determines the community is no longer worth the expense, it can shut down the community at will. There are no guarantees made to users that content generated and stored on the community cloud will be accessible for a specific amount of time.

In such a case, there is nothing that community members who have become dependent on that site can do. There is no contract or guarantee that the service will continue. Abandoned community sites are a common occurrence with open community clouds. For example, Google and LinkedIn both allow users to create their own online communities on any topic on the planet. Some of these sites are well moderated and well managed and, therefore, have hundreds or thousands of visitors. Others become phantom sites and disappear.

Some of these community sites are very sophisticated. Sites with a strong revenue model based on selling advertising to users have a compelling incentive to ensure a minimum amount of downtime because it can definitely have an impact on revenue. Some of these communities may actually be private clouds that are open only to qualified customers. Some governments have created private community clouds to provide services to businesses that they support.

Commercial public clouds

An open community site is only one type of public cloud. Some sites are designed for professional use and, therefore, charge a fee for services provided. Commercial public clouds are those environments that are open for use by anyone at any time, but these clouds are based on a pay-per-use model. A variety of cost models exist. For example, most Infrastructure as a Service (IaaS) vendors charge a per-hour fee for use of a measured service. A Software as a Service (SaaS) vendor typically charges a per-user-per-month (or per-year) fee.

Companies like Amazon.com, Joyent, Rackspace HP, and hundreds of startups offer a public cloud capability that’s open to anyone with a credit card. Logically, because these companies are offering a commercial service, they provide a higher level of security and protection than the open community sites. This increase is related to the combination of the cost charged for the service and the requirement to have a solid reputation in order to maintain customer loyalty.

Unlike open community clouds, commercial public clouds have a written service level agreement (SLA) — an agreement outlining the obligation of the provider to the consumer of a service. An SLA is typically designed to protect the vendor rather than the customer. However, these vendors have an unwritten obligation to maintain the level of security and service required to protect their business relationships.

Packaged public cloud services

A group of public cloud vendors has productized its offerings, often as Software as a Service (SaaS), Platform as a Service (PaaS), or Business Process as a Service (BPaaS). With these packaged public clouds, a user cannot simply create login credentials, provide a credit card, and start using the service. Instead, in most situations, the user actually signs a contract for service. For example, if you want to use customer relationship management (CRM) SaaS applications, such as salesforce.com or SugarCRM, you actually have to sign a contract for a term of service. The term might be as short as a month or, more typically, a year. With a BPaaS vendor, such as PayPal, you sign a contract, even though you pay only when you use the service.

PaaS vendors that offer a packaged software development and deployment environment may offer customers a variety of options from a free but limited service to a fully fledged yearly contract. The vendor has the option of rejecting a potential customer with poor credit. The vendor also collects specific data about the company and the specific users. In this type of public cloud environment, the expectation is for a high level of security, privacy, and governance. Thus, these vendors will provide a written SLA (generally designed to protect the vendor, not the customer). Nevertheless, there is an implied service level because of customer expectations.

In a SaaS environment, customers can cease being customers because they don’t purchase the software directly. This is especially true at the early stage of the relationship. Typically, a customer will sign on for a month-long trial subscription to a service. If service is poor, the customer will inevitably look elsewhere for a service. Of course, the ability to easily sever a relationship will depend on how much integration and customization the customer has done. Because of the need to keep customers and prospects trusting the company, the level of security and SLA is much higher for public cloud companies in this category.

In addition to the requirement to provide an acceptable level of service and security, the packaged public service also typically manages customer data, which adds to the level of responsibility for securing and protecting information. In these public environments, it’s important to have a clear understanding that the vendor manages the data but that the data is owned by the customer. Likewise, customers who rely on a SaaS or PaaS environment will own the software intellectual property that they’ve created. Therefore, it is important that customers maintain a copy of their proprietary business process logic as well as their own data. Be sure to read the fine print; there are environments where vendors claim the rights to customers’ intellectual property.

Private clouds

In some situations, a company will want to create an environment that sits behind a firewall. Unlike a data center, a private cloud is a pool of common resources optimized for the use of the IT organization. When an organization is building and deploying complex applications, creating a highly automated private cloud that supports internal needs is practical. Unlike a public cloud, a private cloud adheres to the company’s security, governance, and compliance requirements. Whatever service level is required for the company applies to the private cloud.

There are two different types of private clouds:

A private cloud owned and managed by a company for benefit of its employees and partners

A commercial private cloud operated by a vendor to support a company that doesn’t want to build or operate its own private cloud

Privately owned and managed cloud

Organizations with a business model that requires the company to provide commercial technology services within an ecosystem often will build a private partner cloud, in which case, these companies effectively become a cloud provider. Instead of hiring a public cloud vendor to take full responsibility for creating, managing, monitoring, and updating the software, the private cloud provider assumes those responsibilities.

Like commercial public cloud providers, a private partner cloud provider creates an optimized environment to support the workloads needed to support its customers. The main difference is that in a private partner cloud scenario, a company isn’t hiring a third party to operate the cloud. For example, a financial services company that provides individual banks with sophisticated payment services can create a sophisticated service that is automated and streamlined to support its customers.

Because of the security and compliance demands of its customers, the private cloud provided by the financial services company is based on a stringent SLA and even indemnifies customers against lawsuits. Likewise, because the financial services company already acts like an IT vendor to its customers, it has the economies of scale to make creating and managing such a service cost-effective.

Commercial private cloud

Although many companies see the benefits of creating their own private clouds, others want to have the security and governance of a private cloud but want to obtain that service from a third party. Therefore, vendors have created public clouds that are based on a contracted service model. Unlike a commercial public cloud where anyone with a credit card can sign up, a private customer contractual cloud requires that customers sign a formal contract with the vendor. In exchange, the vendor, such as IBM and HP, will provide strict governance and security capabilities and even indemnify customers from lawsuits related to the use of the service. In addition, vendors of commercial open clouds also offer customers private cloud options, including virtual private networks and mirrored sites so that if one data center is offline, a second data center can support customers.

As a result of these types of offerings, customers receive a more explicit SLA. This is different from hosting because, in the private contractual cloud, the service is designed with a self-service portal interface so that customers can add and subtract services based on demand.

Examining the continuum

The continuum of services, which is depicted in Figure 2-1, encompasses a variety of different types of public services that meet different needs within organizations. Open public clouds are often great resources for sharing ideas, while commercial public clouds are more tuned to the needs of businesses in terms of providing oversight and accountability. On the other hand, companies are increasingly using private clouds for their own internal uses. Some companies with sophisticated IT organizations may build and manage their own private clouds for employees and partners. These companies may actually become service providers in their own right. Other companies needing a private cloud for security and governance requirements may decide to have a third party manage a private cloud on their behalf.