Cloud Computing: Organize cloud operations
Moving to a cloud infrastructure has myriad benefits, but will only proceed smoothly with proper planning and prioritizing.
Vic (J.R.) Winkler
Adapted from “Securing the Cloud” (Syngress, an imprint of Elsevier)
An effective cloud infrastructure demands efficient structure and organization. By defining and following patterns at every step of the way—from racking individual computers to cabling, and from operations to security—you can incur savings and fine-tune and refine your business and operational processes.
It doesn’t take a massive endeavor to perform planning and execution. A small staff of targeted IT and business professionals can intelligently plan and organize their organization’s cloud infrastructure. This select, focused group can more effectively and more efficiently build and operate a custom-designed cloud infrastructure than if a company were to simply continue to add servers and services to support its datacenter.
The cloud model conveys many benefits for the IT operations and support teams. Cloud infrastructure is typically more agile, flexible and efficient. Every step required to build and operate a traditional IT solution can later become overhead and a burden on the underlying goal of the system. It entails expensive skills and often inefficient repeated effort. The scale of a cloud computing infrastructure can also dwarf that of a traditional IT infrastructure.
Infrastructure at the massive scale of most cloud computing environments demands automation. Even with a small-scale cloud infrastructure, automation is critical if you want to perform IT processes such as provisioning and de-provisioning in a cost- and time-effective manner.
Aggregating components into patterns isn’t limited to hardware such as computers, storage and networks. You can look at your support components, such as power supplies and network cabling, as well. These smaller components can also benefit from regular patterns, such as consistent labeling or nomenclature.
This is empowering to configuration-management and change-management processes. Recognizing and capitalizing on these patterns has value when they’re optimized to generate even small margins in the build stage of a cloud environment. They have recurring benefits at every stage afterward, from provisioning virtual machines (VMs) to managing and operating cloud infrastructure. Objectives such as lights-out management, remote operations and fail-in-place contribute to the further pattern and process refinement.
Efficiency and security
Combining automation and structure means you can operate immensely large cloud environments with a smaller staff. This level of staffing efficiency—along with the technologies used in cloud computing—will drive the skill set expansion of cloud engineers as it evolves into a discrete specialty. Simply put, organizations moving to a cloud environment will gain the personnel advantage of moving from a series of systems administrators associated with typical infrastructure or server functions to a dedicated team of cloud administrators and a dedicated security team.
Even with a private cloud implementation, the aggregated scale of a private cloud conveys many benefits to the organization. The benefits of intelligently conceived patterns and automation can include fault tolerance, reliability and greater resiliency.
Security has to be part of any discussion about the scale, structure and organization of a cloud infrastructure. There’s little question that a well-conceived and properly implemented cloud network can offer a tenant or other customer better networking security than many could otherwise achieve if they instead attempted to build, configure and operate a traditional network infrastructure. There are several reasons for this:
- Certain implementation patterns common to the cloud environment make for a more predictable and disciplined network than the typical infrastructure network or datacenter network.
- When most enterprises hire their staff, they can’t afford the level of networking expertise a cloud provider can directly deliver. There’s no question that the cloud customer benefits from this.
- Maintaining network security involves constant learning and intelligent response to new and emerging threats. It’s simply more cost-effective to benefit indirectly from the work a cloud provider already performs on behalf of countless customers, including your organization.
This aggregation of processes and technologies brings other advantages to your organization’s network environment. However, every aspect of cloud infrastructure benefits from the scale and the need for professional-grade gear and operations.
Investment in security infrastructure needs to be greater with the cloud model. Given the scale of most cloud environments, you can establish deeper and more effective levels of security. This is especially true when you consider the benefits of repeating patterns and one-time costs associated with identity solutions or security development.
Among the many advantages of a cloud provider delivering network security is the tendency for a provider to employ carrier-grade network gear that has more sophisticated capabilities than typical enterprise networking gear. You can buy the same gear for use in your environment, but the costs would likely exceed those of all your other datacenter expenses. Such carrier-grade gear requires expertise to install, configure and operate.
The benefits are truly substantial because the security functionality will afford greater resilience to dedicated attacks, better automated traffic inspection and other expanded capabilities. Besides strong perimeter security, benefits include protection against a distributed denial of service along with sophisticated VLAN capabilities.
Streamlined staffing considerations; the efficiency brought on by increased automation and identifying and repeating processes; and increased network security are just some of the high-level benefits of moving to a cloud environment.
Vic (J.R.) Winkler is a senior associate at Booz Allen Hamilton, providing technical consultation to primarily U.S. government clients. He’s a published information security and cyber security researcher, as well as an expert in intrusion/anomaly detection.
©2011 Elsevier Inc. All rights reserved. Printed with permission from Syngress, an imprint of Elsevier. Copyright 2011. “Securing the Cloud” by Vic (J.R.) Winkler. For more information on this title and other similar books, please visit elsevierdirect.com.