|
Public, private or hybrid?
Cloud Computing is coming of age, but enterprises need to
decide which works better for them—the public cloud, the private cloud
or a mix and match of the two. By Manjari Juneja
 The
Internet has changed the way that the world does business. Cloud computing could
potentially do the same as it provides tangible benefits to businesses of all
sizes across verticals. With a good cloud service provider, companies will be
able to focus on their core business and not on managing IT.
As IT shops in companies, large and small, try to do more with less, they are
looking to cloud computing for its flexible resource usage, low capital costs
and ease of management. Larger companies and government departments are likely
to consider going to the cloud but in a more controlled and secure fashion.
Going forward there are three cloud deployment models available of which two
are diametrically opposite namely the private and the public cloud. The third
option, hybrid cloud, involves a mix and match of both public and private clouds.
Private cloud is a phrase used to describe a cloud computing platform that is
implemented within the corporate firewall, under the control of the IT department.
A private cloud is designed to offer the same features and benefits of public
cloud systems, but it does away with many of the objections to the cloud computing
model including control over enterprise and customer data, worries about security
and issues connected to regulatory compliance.
A public cloud is one based on the standard cloud computing model, in which
a service provider makes resources such as applications and storage available
to the general public over the Internet. Public cloud services may be free or
on a pay-per-usage model.
Santanu Ghose, Country Head, Converged Infrastructure & Data Center Transformation,
Enterprise Business, HP India, said, “The cloud is the next stage in the
evolution of the Internet. It provides the means through which everything will
be delivered as a service—from computing power to business processes to
personal interactions—wherever, however and whenever you need it. It represents
one of the most significant shifts in information technology, reaching the point
where computing functions as a utility with great potential. We believe that,
in 2010, organizations will start focusing on the elements to enable a private
cloud. As customers look to gain greater understanding of this space, there
will be strong interest from CIOs around many interrelated topics such as SaaS,
Converged Infrastructure, IaaS and cloud security. These will form the key technologies
around which private cloud environments will be built.”
Stephen Hopkins, Head of Security Practice, BT Asia-Pacific, said, “Public
clouds form the generally understood model for cloud computing. Services, usually
Web-based applications, are provided by third party organizations (Google, Amazon,
Salesforce.com etc.) and are accessed over the Internet by users who are able
to register and gain access to them through a self-service mechanism. The service
is able to scale dynamically and users are often billed according to usage.
Private clouds are supposed to enable organizations to build cloud-like systems
in-house to capitalize on some of the cloud's proposed benefits while having
better control over issues such as availability and data security.”
Minhaj Zia, National Sales Manager, Cisco India & SAARC,
added, “Although many third-party vendors of external clouds are experiencing
increasing demand for their offerings, businesses report some concern regarding
infrastructure hosted by third parties for mission-critical, highly confidential
applications. Businesses and enterprises require security, service-level guarantees
and compliance control but in the case of public clouds the vendors are in control
of these requisite capabilities.”
The following checkpoints will help in
choosing between a public or private cloud:
- Data security and privacy
- Regulatory and legal requirements
- Confidentiality requirements
- Cross border data flows and location of
the provider’s data centers
- Audit requirements
- Availability and performance requirements,
Internet latency
- SLAs provided by the provider
- Architecture of the applications (an SOA
based open and scalable, loosely coupled architecture would suit well
for cloud computing)
- Provider lock-in
- Criticality of the application including
what is the acceptable downtime
- How long would you need the infrastructure
|
Which one’s better?
|
 "It
is a question of which one should be used at what point of time. If security
and data confidentiality are not a concern and Internet latency is not
an issue, then public clouds are better due to the cost advantage. However,
applications that are mission-critical with stringent availability requirements
may not be candidates for the
public cloud"
- Renganathan Kasthurirengan
GM, Application Services, CSC India
|
|
 "Using
a cloud computing service can mean greater server and compute capacity
when you need it and without the costs and management headaches of owning
all the hardware. The cost of
owning a private cloud is higher than that of a public cloud. Public cloud
computing services offer inexpensive set-up, a
pay-per-use model and the scalability needed to meet specific needs"
- Deepinder Bedi
Executive Director, Tulip Telecom
|
Both technologies have their advantages and disadvantages.
The answer to this question would be based on the requirements of the customer.
If a company does not want to undertake the responsibility of setting up and
securing the infrastructure then the clear choice would be a public cloud.
In the private cloud scenario the company takes over the responsibility of deploying,
managing and securing the infrastructure. Cost is also an important and critical
decision benchmark. Going in for a private cloud entails CAPEX, whereas going
in for a public cloud involves OPEX. Another point to be considered is that
if compliance is a critical issue for the customer, then a private cloud works
better because the CIO can then setup policies and a framework based on a company’s
specific requirements.
Diptarup Chakraborti, Principal Research Analyst, Gartner, said, “Enterprises
are not comfortable with public clouds because of the security and availability
factors. This is more of a psychological issue that they prefer going in for
private clouds. As and when faith increases in the public cloud, we would see
more enterprises going for it.”
Renganathan Kasthurirengan, General Manager, Application Services, CSC India,
said, “It is a question of which one should be used at what point of time.
If security and data confidentiality are not a concern and Internet latency
is not an issue, then public clouds are better due to the cost advantage. However,
applications that are mission-critical with stringent availability requirements
may not be candidates for the public cloud. Development, testing, e-mail and
collaboration applications are ideal for the public cloud. There are hybrid
models where applications would normally reside in the enterprise and take advantage
of the public cloud to meet peak demand situations.”
Rajeev Vij, Hosting Lead, Microsoft India, SMS&P, said,
“Choosing between public or private should be a corporate governance or
policy decision first and then a technology evaluation. Both forms of cloud
computing, public and private, are finding room for themselves within SMBs and
large organizations today. It will start initially with a closely monitored
hybrid approach slowly graduating to larger adoption of the public cloud; provided
vendors are able to win the customer’s trust with well guarded SLAs and
demonstrated cost benefits.”
Security and accountability
The onus to secure the public cloud lies almost entirely with one or more third
party providers while a business has the discretion to determine the degree
of security that it needs in the case of a private cloud. In either case, the
business remains responsible for the overall security of its data. While a business
can relinquish control to a third party cloud provider and specify, in some
cases, auditability and compliance standards, it cannot relinquish accountability.
Furthermore, whether an application resides in a private or a public cloud,
the same fundamental application vulnerabilities exist (cross site scripting
etc.). Therefore, disciplined application design and testing as well as a robust
Web application firewall are necessary.
Sriram S, CEO, iValue InfoSolutions Pvt. Ltd., said, “The challenge in
the case of the public cloud would be privacy and compliance related since one
infrastructure is being shared with multiple entities. Security theoretically
will be same for the private and the public cloud. Security around the cloud
will be deployed based on the SLA, criticality and other business aspects like
compliance and privacy, governing laws of the land, etc. Challenges on the security
front with the public cloud will be relatively higher due to the above mentioned
reasons but customer expectations from the private cloud on the security front
will be much higher.”
Rana Gupta, Director, India & SAARC, SafeNet India, added, “Security
is often cited as the greatest perceived barrier to public cloud computing.
Just like anything else, it cuts both ways. Security at the hand of a generic
person will do no better but left in the hands of experts, it will be fruitful.
It all comes down to the design and implementation of the security architecture
irrespective of whether it is a private or a public cloud. Security is the enabler
to the adoption of cloud computing technologies. Data is at the center of everything—allowing
businesses to run and enabling the products and services that will drive competitive
advantage for them in the future. Protecting data is of paramount importance.
By finding a way to effectively safeguard data in the cloud, enterprises can
begin to fully maximize the business potential of cloud offerings, allowing
for continued innovation and growth in the industry.”
Anand Naik, Director Systems Engineering, Symantec, said,
“It’s true that securing a public cloud is more difficult than securing
a private cloud. The reason behind this is that in a private cloud based service,
data and processes are managed within the organization without the restriction
of network bandwidth, security, exposures and legal requirements that using
public cloud services might entail. In addition, private cloud services offer
the provider and the user greater control of the cloud infrastructure, improving
security and resilience because user access and the networks used are restricted
and designated.”
| Whether you plan to use your own grid
infrastructure or someone else's cloud computing platform, your licensing
structures must accommodate the applicable virtual environment. Although
many factors should be considered when licensing software, we will focus
on the available framework for licensing proprietary software, with virtualization
and grid computing in mind.
Traditional licenses fall into one of these three
categories:
The CPU license is typical for operating system
software, middleware and some application software. It enables licensees
to use the software on one machine and often identifies specific compatible-equipment
configurations. Under a CPU license, the fee may vary based on the processing
power of the designated CPU. The number of users who access the licensed
software is irrelevant.
The seat license designates the number of ‘seats’
that can use the software. The license entitlement doesn't flow to any
specific users. There are two common seat license methods.
The first calculates the fee by counting the total
number of people who use the software. This method correlates poorly with
actual use. The second method determines the license fee by calculating
the total number of concurrent users permitted to access the software
at one time. This more closely corresponds to licensee use patterns than
the total-seat license because occasional users can be discounted when
determining how many seats to purchase.
The enterprise or site license allows the licensee
to use the software without geographic limitations, specific limits on
the number of users or devices accessing the software, arbitrary processor
accounting rules, or prohibitions on the number of copies made or used
by the licensee.
The SaaS alternative
Enterprises often license critical software on
a perpetual basis by paying an one-time upfront fee in exchange for the
right to use the licensed software indefinitely under the terms and conditions
of a license agreement. In recent years, an alternative licensing approach
known as Software-as-a-Service (SaaS) has offered enterprises an attractive
alternative for certain types of software.
SaaS is attractive because it shifts the burden
of running and maintaining an infrastructure to support a particular application.
With SaaS, users only need the infrastructure
to access and connect to the provider's data center.
Source: SafeNet
|
Cost comparison
|
 "One
needs to ask the service provider about the service availability, security
for continuity, legal aspects, define mission critical applications and
about the service level agreement"
- Karthik Ramarao
Principal Consultant,
Datacraft Asia
|
|
 "Before
going in for cloud services one should focus on data mobility, reliability,
scalability, cost effectiveness, data security and the data privacy policy
of the service provider"
- Sunil Chavan
Director, Content & File Services, Hitachi Data Systems, APAC
|
|
 "Businesses
and enterprises require security, service-level guarantees and compliance
control but in the case of public clouds the vendors are in control of
these requisite capabilities"
- Minhaj Zia
National Sales Manager, Cisco India & SAARC
|
A private cloud is going to be expensive when compared to
a public cloud as the former is dedicated and the latter is shared. Private
clouds will largely be the transition path for businesses wanting to take advantage
of cloud omputing but having apprehensions about putting their data on shared
services. Once a business gains confidence with experience, rationalization
will happen based on criticality between using the public and the private cloud.
Chandika Mendis, Vice President and Head of Global technology
Office, Virtusa Corporation, said, “Due to the economies of scale, a public
cloud tends to be cheaper than owning a private cloud for most organizations.
Public cloud providers would be purchasing and maintaining tens of thousands,
perhaps hundreds of thousands of pieces of commodity hardware and they are in
a better position than most organizations to negotiate with hardware manufacturers
to get good deals. Further, they will be able to negotiate better rates for
telecommunications, power etc. On another front, public cloud providers would
typically have better skilled computing infrastructure IT professionals (since
that is their core business) than most organizations and have the ability to
better utilize such skills, thereby bringing down the total overheads associated
with managing a cloud deployment. However, for large national or global organizations,
the cost of owning a private cloud could be cheaper since they will have the
same advantages of economies of scale as the public cloud providers but will
not have to pay the service premium that the public cloud providers charge for
their services.”
Altaf Halde, Country Director, Sophos, India, added, “The
initial cost of setting up a private cloud is much higher than that of the public
cloud. In the long run, the public cloud works out to be cost-effective due
to various market forces including competition wanting to take over the contract
from an existing provider.”
Pavan Bayyapu Reddy, Director, Intelligroup, said, “While
this is subjective, in most cases the cost of owning a private cloud may be
many times more expensive than that of hiring a public cloud, especially the
capital expenditure required to setup a private cloud.”
Deepinder Bedi, Executive Director, Tulip Telecom, said,
“Using a cloud computing service can mean greater server and compute capacity
when you need it and without the costs and management headaches of owning all
the hardware. The cost of owning a private cloud is higher than that of a public
cloud. Public cloud computing services, in particular, offer inexpensive set-up,
a pay-per-use model and the scalability needed to meet specific needs. Public
clouds typically charge a monthly usage fee per GB combined with bandwidth transfer
charges. Users can scale the storage on-demand and will never need to purchase
storage hardware. Service providers manage the infrastructure and pool resources
into capacity that any customer can claim.”
Checkpoints to consider
|
 "Public
cloud offers massive economies of scale that are simply not possible in
a private cloud. In the case of the public cloud, companies that want
an information dial tone can simply connect to a service"
- Jeremy Cooper
VP - Marketing, APAC, salesforce.com
|
|
 "In
the long run, the public cloud works out to be cost-effective due to various
market forces including competition wanting to take over the contract
from an existing provider"
- Altaf Halde
Country Director,
Sophos, India
|
Corporate Governance, Privacy laws, HIPPA, SOX, Data Protection
Directive in the EU or the Credit Card Industry’s PCI DSS, etc. are the
top things that CIOs run through before making the choice between public or
private cloud. Users needing to comply with regulations should consider making
use of a community cloud (such as a government cloud) or hybrid deployment modes,
which are typically more expensive than the public cloud and offer restricted
benefits.
Brand and reputation of the service provider will come first followed by the
domain expertise of the player with respect to cloud services. service level
agreements along with data privacy and compliance needs will be the next critical
decision factors. Some government entities might also insist that their data
will be stored within the national geography as a special condition to avoid
issues arising out of disputes between the laws of various countries. Many compliance
specifications were written with dedicated infrastructure in mind which will
have to evolve with this new delivery model.
Sunil Chavan, Director, Content & File Services, Hitachi
Data Systems, APAC, said, “Before going in for cloud services one should
focus on data mobility, reliability, scalability, cost effectiveness, data security
and data privacy policy of the service provider.”
Karthik Ramarao, Principal Consultant, Datacraft Asia, said,
“One needs to ask the service provider about the service availability,
how much impact that service is going to cost, security for continuity, legal
aspects, define mission critical applications and about the SLA.”
Sanjay Singh, Managing Director, Akamai India & VP for
Global Services and Support, said, “When it comes to cloud computing, look
for offerings that support your compliance needs, auditability, application
testing and visibility into the cloud provider’s security controls. Several
variables such as resources needed, audience, scale, geographic dispersion,
security, CAPEX, OPEX, service levels, support, access methods and compliance
requirements need to be kept in mind.”
| |
Public |
Private |
| Economic Element |
Efficient use of capital; Operational
efficiency through a third party provider (Mindtree uses the public cloud
from various providers including Amazon Web Services and Microsoft Azure
for delivering cloud-based services such as test infrastructure) |
Large upfront investment; Operational
efficiency through system and manpower optimization (MindTree has created
virtualized environments for experimentation) |
| Strategic Element
|
Owned and managed by a third party |
Self-owned and self-managed |
| Organization Focus |
Focus on core and rely on the expertise
of others for non-core things |
Self-sufficiency |
| Cost of Quality |
Governed by SLAs and reputation of the
business |
Internal accruals |
| Innovate & Use |
Needs to keep pace with the changing,
competitive landscape |
Need for innovation is low |
| Intended use |
Elasticity of size and time; experimentation;
Good candidate for backup and disaster recovery |
Optimization of internal resources |
|
Source: MindTree
|
Software licensing
|
 "Securing
a public cloud is more difficult than securing a private cloud because
in a private cloud based service, data and processes are managed within
the
organization without the restrictions that using public services might
entail. Private clouds offer greater control of the infrastructure, better
security and resilience because user access and the networks used are
restricted and designated"
- Anand Naik
Director Systems Engineering, Symantec
|
|
 "Organizations
will start focusing on the elements to enable a private cloud. There will
be strong interest from CIOs around many interrelated topics such as SaaS,
Converged Infrastructure, IaaS and cloud security. These will form the
key technologies around which private cloud environments will be built"
- Santanu Ghose
Country Head, Converged Infrastructure & Data Center Transformation,
Enterprise Business, HP India
|
There are different licensing mechanisms. When enterprise
licenses are moved into the cloud, most vendors treat each virtual server instance
as a physical server. Amazon provides Windows, Unix, Linux licenses and Microsoft
SQL Server licenses on an hourly basis based on an arrangement with Microsoft.
Microsoft’s Azure is a Platform-as-a-Service (PaaS) model; the costs are
based on hourly rates or subscription based. In the case of SaaS models such
as SalesForce.com, the pricing is again on a consumption basis.
Jeremy Cooper, VP - Marketing, APAC, salesforce.com, said, “Public cloud
offers massive economies of scale that are simply not possible in a private
cloud. For example, we recently reported that the needs of our 72,500 customers
are served by the 1,500 servers in our data centers. In a private cloud, you
would require at least 72,500 servers, one to serve each customer. Our cloud
computing platform has allowed us to disrupt the traditional economics imposed
on companies to license software. As such, we are able to provide our customers
with a pay-as-you-go, user-based subscription model that scales with the requirements
of each business. Imagine a scenario whereby a business wants to connect to
a phone line and the telephone company instructs them that they need to spend
millions of dollars building a telephone exchange. In the case of the public
cloud, companies that want an information dial tone can simply connect to a
service. All that’s required is an Internet browser.”
Ramgopal Subramani, General Manager (Practice, Cloud Computing), MindTree Ltd.,
said, “The software license norms would be as applicable in the cloud as
they are on-premise. Some cloud providers give you a cloud instance with pre-installed
software; here the cost of the software license is managed by the provider.
AWS for instance, offers a choice of OS as well as RDBMS software that you can
choose to have in your machine image. Also, AWS has recently launched the ‘Bring
Your Own License’ pilot program. The PaaS provider takes care of the software
license as they charge you for computation and storage used by your application
only e.g., Microsoft Azure and Google Apps.”
Concluded Dr. Vishy Poosala, Head - Bell Labs, India, “Apart
from the public cloud and private cloud, there is a need for a hybrid cloud.
The hybrid cloud will offer the best of both worlds by bridging the gap between
the two. Through this option, businesses will be able to seamlessly move data
and processes across the public and private cloud. This will help organizations
adhere to the privacy and confidentiality policies while exploiting the benefits
of the public cloud.”
manjari.juneja@expressindia.com
|
