Performance, Security and the Virtual Private Cloud
Often the two biggest concerns about using Cloud resources today is the lack of latency SLA's and the difficulty of locking down sensitive data in cloud environments. These issues of performance and security are often cited as the most common reasons users either don't adopt the cloud, or if they do use cloud resources, the reason they only use them for test/dev environments.
Interesting enough, the base reason for the inability of cloud providers to SLA latency between different systems in the cloud and the difficulty in locking down data in the cloud is the same. It is what I call the flat network problem. The flat network problem is the underlying structural defect of the first generation of cloud systems. Essentially in order to make the cloud as flexible as possible, all of the systems within a cloud sit on the same network.
This is fine if you want to add lots of front end systems doing the same thing. But in a traditional two tier architecture, putting your databases on the same network as your front end web traffic creates all sorts of headaches. First of all, while you can secure the servers it's generally best not to directly connect sensitive database servers to the internet.
Secondly, since all traffic between your web/application servers and your database servers must be routed over the front end network it is difficult if not impossible to guaranty latency between those systems. Even if they sit in the same data center, the latency can often be microseconds instead of milliseconds. That just won't work for most traditional two tier architectures.
Now their have been many ingenious work arounds to the increased latency between cloud based systems. That said, what would make the cloud much more accessible for enterprise is a way to create what I call Virtual Private Clouds within the public cloud. Essentially it gives cloud users network level as well as systems level control on how their infrastructure is managed. Cloud infrastructures would look much more like this:
By creating true layer two connections between systems within the public cloud we solve three issues.
- Security - Any database servers can be disconnected from the public net. This makes securing and locking down data much easier to do.
- Performance - By creating a VLAN within the Virtual Private Cloud, users can ensure layer two access between systems that sit on that VLAN. That alloows for millisecond access times between systems and performance that mimics traditional hosted architectures.
- Network Based Management - This is the last benefit. Right now to achieve functions like VPN's, Clustering, and custom Access Control Firewalls, cloud users have to provision open source "servers" to do the trick. Virtual Private Clouds allow these functions to be migrated back in to the networking gear where the performance is much higher and the management is much simpler.
While we are seeing some of the elements of virtual private clouds in the cloud offering out there (GoGrid does allow you to configure network based clustering) most of the solutions are not truly cloud based, flexible, API driven offerings. Instead they are virtual farms you order where the networks can be configured. For the cloud to truly take off with corporate users, we'll need to see true cloud offerings with this type of network configurations.