Cloud vs. in-house: Where to run that data center app?

One of the biggest decisions IT managers have to make is how and where to run data center applications. Fortunately, there are multiple choices that lower costs and increase business agility, including server virtualization, internal clouds, public clouds and external private clouds.

Many IT organizations are taking advantage of these options. Server virtualization is currently being used by more than 70% of enterprises to reduce costs, and cloud computing is being used or planned for use by more than 10% of corporations, according to Antonio Piraino, research director at Tier1 Research.

It can be confusing and difficult to determine which cloud environment to use (see sidebar below for descriptions of the most popular types of clouds). There are few, if any, guidelines, and each company will almost certainly have a unique discussion about its choices because each will have varying requirements and different views of what cloud computing means.

To take advantage of the new opportunities afforded by cloud computing, IT organizations have to learn the differences between server virtualization and various types of clouds, and understand the risks associated with using each execution environment in terms of the characteristics of various applications.

What is a cloud?

One may wonder why there's an interest in cloud computing when server virtualization is already providing significant cost savings by reducing the number of physical servers that enterprises buy. But it's not the same thing at all.

Different clouds to choose from

There are basically two types of clouds: public clouds and private clouds. Cloud types can generally be characterized by their location (on-premises or off-premises) and the perceived degree of security that they provide.

A public cloud is one in which a cloud service provider makes resources such as servers, storage, networking and, possibly, applications available to users over the Internet. Public clouds are off-premises by definition. A customer's applications may be running in an intermingled style on the same physical server as another customer's applications, meaning public clouds are multitenant. Public cloud services, such as Amazon's EC2, are usually offered on a pay-per-usage model -- you pay for what you use.

Private clouds take two forms: internal clouds and external private clouds. An internal cloud is inside your data center (on-premises), giving IT managers complete control over the available resources. A typical internal cloud relies on the security measures available within the cloud and within your data center. Ubuntu Enterprise Cloud and Microsoft Azure are examples of packaged software for creating internal clouds.

External private clouds combine characteristics of internal clouds and public clouds. They are like public clouds because they are off-premises. But unlike public clouds, applications run on dedicated servers, and the cloud provider has built container walls around the external private cloud to make it more secure than public clouds. IT managers have more control over the resources in a private cloud than over resources in a public cloud. Amazon's Virtual Private Cloud is an example of an external private cloud.

"Clouds provide automation and orchestration not found with server virtualization," says Jeff Deacon, cloud computing principal for Verizon Business. (Although Deacon's day job is helping figure out which of Verizon's internal applications should go on the cloud, his company also sells a public-cloud offering called Computing as a Service.)

In other words, Deacon says, cloud computing involves imposing a layer of abstraction between the applications and servers -- physical or virtual -- that automates many tasks typically done manually.

"Clouds can be viewed differently, depending on what you want from a cloud," adds David Escalante, director of IT security at Boston College. "We view cloud computing as running software applications that you would normally run in your own data center in someone else's data center. It is very important to create a definition of cloud computing for your organization." Armed with that definition, Boston College can focus on determining whether cloud computing is right for its data center needs, and which applications can be run on clouds.

Because clouds are based on virtualization, applications have to be virtualized before being moved to any of the cloud environments. But some cloud vendors can help with this, especially if the vendor supports a specific hypervisor.

On the other hand, organizations that already have their applications virtualized in a server virtualization environment may be able to move them to a public cloud without any extra work. Also, the operating systems supported by server virtualization and clouds play a role in where applications can be run. For example, clouds based on Microsoft's Azure support only Windows applications.

How to decide

Choosing where to run applications depends on a number of factors:

  • Characteristics and processing requirements of the applications, including performance requirements, storage requirements, security requirements, availability requirements, amount of data to transfer and service-level agreements.
  • The mission-critical nature of the applications.
  • The resource capacity available in the data center.
  • Desired cost savings.
  • Politics.

"You need to create a process for determining where applications should be run," says Chris Swan, chief technology officer at Capital SCF, a London-based consultancy for technology firms. This process begins with application assessment and packages such as Novell's PlateSpin Recon and VMware's Capacity Planner, which can be used to profile physical IT environments and determine which applications to virtualize for optimal performance.

Next, the processing requirements of each application (or application class) should be compared with the security concerns of running that application in each execution environment.

Once you're sure of which applications you want to move where, P2V (physical-to-virtual), V2V (virtual-to-virtual) and Z2V (zero-to-virtual) tools can help physically migrate applications among stand-alone servers, virtualized servers and clouds.

Security plays a huge role

Mission-critical applications with high-availability and compliance or regulatory requirements are not good candidates for running on public clouds or external private clouds because there are issues around resource control and geographic location of data. Applications that require high levels of security should be run in on-premises environments -- server virtualization or internal clouds -- or in external private clouds only if the cloud provider demonstrates the degree of security required.

"It is very important to create a definition of cloud computing for your organization," says David Escalante, director of IT security at Boston College.

Unlikely applications for external clouds include those with proprietary algorithms that run on specialized hardware and high-transaction production applications that are core to the business.

Today, the most frequent use of clouds includes the development and testing of new applications, disaster recovery and running Web applications that have surges or spikes. Other uses include collecting data from Web surveys and storing and processing it on clouds.

Boston College's Escalante explains that academic departments at Boston College conduct various types of surveys in connection with research projects that periodically collect lots of data. They range from polling on a variety of topics to surveys as part of grant-based projects. Boston College outsources some of these surveys to external providers with survey expertise. Escalante includes this type of outsourcing in his definition of cloud computing.

Peter Beardmore, senior product marketing manager at Kaspersky Lab, is using clouds to analyze large amounts of data collected from his company's customers to gather the latest intelligence about threats and malware trends. For competitive reasons, Beardmore declined to provide more details about the specific cloud providers that Kaspersky Lab is using. The company will make an announcement about it "later this year," he says.

Some choose 'all of the above'

Sebastian Piotrowski, high-performance computing lead for the R&D group at Johnson & Johnson Pharmaceuticals, says that where his group chooses to run workloads depends on the use cases -- or descriptions of how end users will use a given application -- and how often big demands occur on compute and storage resources.

"Applications that reach peak loads periodically and then retract are good candidates for clouds since clouds offer a good choice at a lower cost than having to buy more hardware that sits idle until one of these bursty periods comes along," he explains. "If you already have a good percentage of your workloads virtualized, then they are good candidates for clouds."

Some users begin by running a few non-mission-critical applications on public clouds to assess cost savings, benefits and risks associated with clouds. If they are satisfied, then they may move more applications to clouds.

"Our group is using the Amazon public cloud for testing and development, and then we will go into the Amazon private cloud for production," says Piotrowski.

"From a computing perspective, the choice of clouds depends on a number of factors, most of which are associated with the assumed risks of using clouds, such as transfer speed over the Internet, network latency and security," he adds.

Public clouds might make sense if, for example, the company is looking for the cheapest place to do simulations on new pharmaceuticals. This is a situation where heavy number-crunching is involved only sporadically and you may not need to worry about the security of data very much. But if you have production data such as back-office ERP, then you would not want to use the same cloud that you chose for pharmaceutical testing -- for security reasons -- and instead may want to use a private cloud in your own data center.

"You need to create a process for determining where applications should be run," says Chris Swan, chief technology officer of consultancy Capital SCF.

1 2 Page 1
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon