DOTE

Chain And Rate

Sunday, October 19, 2014

Virtual Private Clouds Technology

The concept of a virtual private cloud (VPC) has emerged recently as a way of managing information technology resources so that they appear to be operated for a single organization from a logical point of view, but may be built from underlying physical resources that belong to the organization, an external service provider, or a combination of both. Several technologies are essential to the effective implementation of a VPC. Virtual data centers provide the insulation that sets one organization’s virtual resources apart from those of other organizations and from the underlying physical infrastructure.

Virtual applications collect those resources into separately manageable units. Policy-based deployment and policy compliance offer a means of control and verification of the operation of the virtual applications across the virtual data centers. Finally, service management integration bridges across the underlying resources to give an overall, logical and actionable view. These key technologies enable cloud providers to offer organizations the cost and efficiency benefits of cloud computing as well as the operational autonomy and flexibility to which they have been accustomed.

A cloud is a pool of configurable computing resources (servers, networks, storage, etc.). Such a pool may be deployed in several ways :
  • A private cloud operated for a single organization;
  • A community cloud shared by a group of organizations;
  • A public cloud available to arbitrary organizations; or
  • A hybrid cloud that combines two or more clouds.
The full definition of a private cloud by Mell and Grance in 2009 : "the cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise". The definition suggests three key questions about a cloud deployment:
  1. Who uses the cloud infrastructure?
  2. Who runs the infrastructure?
  3. Where is the infrastructure?
The distinction among private, community, public, and hybrid clouds is based primarily on the answer to the first question. The second and third questions are implementation options that may apply to more than one deployment model. In particular, a cloud provider may run and/or host the infrastructure in all four cases. Although NIST’s definition does not state so explicitly, there is an implication that the cloud infrastructure refers to physical resources. In other words, the computing resources in a private cloud are physically dedicated to the organization; they are used only (i.e., “solely”) by that organization for a relatively long period of time. In contrast, the computing resources in a public or community cloud are potentially used by multiple organizations over even a short period of time. The physical orientation of the definition motivates the concept of a virtual private cloud, which, following the usual paradigm, gives an appearance of physical separation.

In other words, a VPC offers the function of a private cloud though not necessarily its form. The VPC’s underlying, physical computing resources may be operated for many organizations at the same time. Nevertheless, the virtual resources presented to a given organization – the servers, networks, storage, etc. – will satisfy the same requirements as if they were physically dedicated. The possibility that the underlying physical resources may be run and/or hosted by a combination of the organization and a third party is an important aspect of the definition, as was first articulated by R. Cohen in a May 2008 blog posting (Cohen, 2008) that introduced the VPC concept:
"A VPC is a method for partitioning a public computing utility such as EC2 into quarantined virtual infrastructure. A VPC may encapsulate multiple local and remote resources to appear as a single homogeneous computing environment bridging the ability to securely utilize remote resources as part of a seamless global compute infrastructure".
Subsequent work has focused on a specific implementation profile where the VPC encompasses just the resources from the public cloud.
virtual_private_cloud_implementation
Primary Virtual Private Cloud (VPC) Implementation Profile
Likewise, Amazon describes its virtual private cloud in a January 2010 white paper (Extend Your IT Infrastructure with Amazon Virtual Private Cloud, http://aws.amazon.com/vpc/) as “an isolated portion of the AWS cloud,” again connected to internal resources via a VPN. In both Wood et al. and Amazon, a VPC has the appearance of a private cloud, so meets the more general definition stated above. However, the implementation profile imposes the limitation that the physical resources underlying the VPC are hosted and run by a cloud provider. In other words, the answer to the second and third questions above is “external.” Although internal resources, e.g., the “enterprise site” of Wood et al., are connected to the VPC over the VPN, they are not part of the VPC proper. The primary VPC implementation profile considered one in which the underlying resources are drawn from a public cloud and an internal, private cloud – or, in other words, from a hybrid cloud that combines the two, and How those resources are managed in order to meet organizational IT requirements.