Archive for the ‘Cloud Computing’ Category

Hot Cloud 2009: The Case for Enterprise Ready Virtual Private Clouds

Jun 15, 2009 Cloud Computing, Papers

The work I presented at Hot Cloud was about what enterprise customers need from cloud computing platforms, and how we can go about building enterprise clouds that are more secure, transparent, and flexible.

You can find a copy of our paper here, and my slides here. Or you can get a summary of our ideas below.

Here are the three key features we feel are lacking from existing cloud platforms:

Security: Enterprises need strong security guarantees about the isolation of both the computation and network resources they are getting from the cloud. Existing systems rely on firewall rules for security that must be configured on a per-VM basis. While firewalls are a very powerful form of access control, they are incredibly fine grain and need to be carefully configured. This is a especially a problem in highly dynamic (ie. cloud) environments where new VMs are often being created or moved between servers.

Transparency: Another problem with cloud computing is that the resources it gives you are completely separated from the systems an enterprise is already running within its data centers. This makes it difficult to deploy applications since you can’t get the abstraction of having your cloud resources seamlessly connected to your existing LANs within the enterprise.

Resource Flexibility: There are two issues here. First, existing cloud platforms grant users very limited control over the network resources connected to their VMs.  This means, for example, that it is impossible to do something like reserve a high bandwidth link between a pair of VMs, and certainly not between a VM and the enterprise site that is going to be accessing it. Secondly, cloud platforms are not as flexible as they should be: if you replicate a VM to increase the processing power of an application you need to deal with these security and transparency issues all over again.

To help provide these three features, we propose the idea of a Virtual Private Cloud, that uses VPNs to securely connect groups of VMs within a cloud data center back to the enterprise sites that will use them.  VPNs make it so that the cloud resources are only accessible by other members of the same VPN.  This is a much coarser grain access control mechanism than firewalls, but it is much cleaner and we use MPLS based VPNs that have the benefit of being both highly scalable for enterprises that may run many hundreds or thousands of VMs, and that require no endhost configuration on the VMs — the VPN is entirely setup at the routers at the cloud and enterprise sites.  Finally, there is the option of using layer 2 VPNs (a Virtual Private LAN Service) to bridge the cloud computing data center and enterprise networks, giving the abstraction that cloud resources are seamlessly connected to the enterprise’s own LAN.

We are building a system that will implement this sort of system, and are exploring how it can be used to simplify VM migration over the WAN and for providing high availability services capable of seamlessly failing an application over from one cloud data center to another.

The End of Desktops (and all your applications)

May 7, 2009 Cloud Computing

I have to agree with Google’s Eric Schmidt about the importance of cloud services on the future of everyday computing. Desktop style applications that run entirely on your own computer don’t have much life left because 1) people will have too many different devices, so keeping them all synced with local storage is a pain, 2) it’s easier for application developers to maintain a single online version of an app instead of dealing with pushing out updates and bug fixes to users, 3) forcing users to go online to get an app prevents piracy, 4) applications can get as much or as little computation and storage power as they need from the cloud, 5) etc.  Sadly, I think it might be #3 that is the real motivation in the end for many companies.

Cloud based services are also better for the environment.  If the average everyday computer can be reduced down to a basic thin client for accessing remote cloud services, that reduces the cost and energy usage of home devices.  The applications running in the cloud can in turn exploit massive degrees of multiplexing to reduce their own energy costs.  As it stands today, most peple’s computers are far more powerful than they really need to be, and they spend a lot of time sitting around idle.  You might as well give consumers devices that are as simple as possible.  Make them so simple that they don’t crash all the time.   Make it so they don’t require technically adept family members to service them a few times a year. Then people will spend less time being frustrated by their computers, and more time able to use the applications running on them.