Defining Private Clouds, Part Two's Bernard Golden explores the four key functions and services that must be in place for business application groups to take advantage of cloud computing: agile provisioning, application management, scalability and chargeback.

1 2 Page 2
Page 2 of 2

A key input to this is the Legal and Regulatory constraints on the organization regarding computing and, particularly, data handling and storage; this organizational process is depicted to the left of Governance in the chart. To get a feel for the issues involved with this, read the Cloud Security Alliance's recent report. However, for private clouds to come to fruition (or, for that matter, for public clouds to do the same), privacy constraints regarding data storage must be codified and captured in a form amenable to automation. Again, if a meeting to discuss where the data should be located must be called half-way through the provisioning process, there's a hole in the fabric of the cloud. The legal and regulatory constraints the organization operates under must be defined and put into rules, which can be executed during the provisioning process. I know it seems like I'm banging on about this automated stuff, but this is an area where advocates of private clouds and experts in security have not yet thought through the implications of their recommendations. Believe me, unless privacy (and the overall approval process that is contained within governance) is automated, you don't have cloud computing.

Also at this layer of private clouds is the SLA function; this is depicted to the right of Governance in the chart. An SLA is, simply stated, a business agreement about the level of compute performance expected by the using organization and delivered by the operations organization. This is nothing new. SLAs are a staple of outsourcing agreements and are often in place for internal IT as well. The only difference in a private cloud is the potential impact of an automated fabric and the cloud-architected apps that reside within that fabric. It may very well be the case that SLAs may need to be adjusted to take into account the cloud computing environment in which the applications operate; surprisingly, the adjustment may very well be up, in that cloud-architected apps are often less vulnerable to hardware failure due to scalability design that is built into the app. In any case, SLAs need to be addressed, because availability expectations are always present and therefore need to be delineated.

This completes the review of the private cloud seen from the perspective of the business applications group.

To summarize our journey thus far:

Moving to cloud computing within an internal data center offers the opportunity to gain many of the benefits of the cloud while avoiding some of the drawbacks like data privacy issues and reliance on unproven external providers. Moving to an internal private cloud requires that manual, informal processes be defined and captured in rules to support an automated provisioning process. The need for automation imposes a split between data center operations (the provider of the cloud) and business application groups (the users of the cloud) who must be able to coordinate across well-defined service boundaries that are operated via automation. Many of the policies that are paper-based or implemented by meeting and verbal discussion need to be codified and captured in software to ensure that the services can operate and that the cloud fabric is unbroken.

In the next two parts of this series, I will address the pros and cons of private clouds and discuss the implications of the vision of private clouds from a cost and process perspective.

Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.

Cloud Computing Seminars HyperStratus is offering three one-day seminars. The topics are:

1. Cloud fundamentals: key technologies, market landscape, adoption drivers, benefits and risks, creating an action plan

2. Cloud applications: selecting cloud-appropriate applications, application architectures, lifecycle management, hands-on exercises

3. Cloud deployment: private vs. public options, creating a private cloud, key technologies, system management

The seminars can be delivered individually or in combination. For more information, see

Follow everything from on Twitter @CIOonline


Copyright © 2009 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Download CIO's Winter 2021 digital issue: Supercharging IT innovation