How to make private cloud implementation a success

Architecting and designing private clouds entails rigorous system-engineering efforts and prudent service design. It also changes the way the IT organization delivers its service.
It changes the operational model.
This blog entry is about imparting some “golden nuggets” for the delivery of a cloud services quickly and successfully. Success and failure hinges on the ability to define the proper use cases and then adopt success criteria that can be translated into business value. In this blog entry we answer the question: What exactly does system-engineering rigor translate into?
A follow-on entry will explore what a proper use case is? Why is it important? How is it related to service design? Why is service design the linchpin to any successful private cloud implementations?
System Engineering Skills & Design
System-engineering skills are needed by a lead architect(s) to envision a system as whole “operational model “that defines the non-functional requirements of availability, security and performances coupled with the automation lifecycle of services.  For some that can be a hard conceptual view in their minds eye or even seeing it as a live demonstration of a known working system.  Codifying the automated provisioning and de-provisioning of IT resources, as a service offering may seem like a mystery to many. However, this action is powered by just a procedural software/scripting language or standard –based web services “under the hood” that is orchestrating some simple (or complex) tasks.
Seeing and understanding the components of storage, servers, networking, and virtualization is one thing. Add in the dimension of operating systems and a business application stack is added layer of complexity. Now, integrating all of that using a programmatic software language to transform into a “valuable” service offering thru automation is quite a challenge for any organization. Oh yes, still incorporate and maintain “good ole“ resiliency, availability, and serviceability (RAS) into the system at all times.
Whether building an infrastructure as a service (IaaS) or platform as a service (PaaS), two tasks truly dominantly stand out to “stabilized the core” of any cloud delivery system. From a system engineering perspective, defining the network design and determine security-access control is essential to laying down a foundation for resiliency and extensibility, which are raw ingredients to becoming IT agile for the business they serve. To be considered innovative you (IT) must learn to be become agile. Having agility with cloud platform needs to manifest itself in the actual design for the application traffic, cloud management, and access control functionality.
Network design for cloud is about defining all network paths for: application production, automated deployment, monitoring, some infrastructure services and user access path. This includes defining VLANs, IP schemes, domain IDs/hostnames, network time protocol (NTP), domain named service (DNS) and necessary network redundancy for application service resiliency. This entails evaluating and then “documenting” a sound network design that usually will encompass physical, virtual, and logical networking constructs. Factoring in firewalls, intrusion prevention systems (IPS), and a security information and event management (SIEM) solution should also be accounted for and identified prior to implementation.
Furthermore, for multi-tenant considerations how best to satisfy the need for a one-to-many relationship of shared infrastructure services like software deployment, backup, archive, and monitoring using IP network protocols among many different tenants. As a teaser, this maybe a smart implementation of private VLANs J. Lastly, consider how loops can be avoided for redundant pathways across the networking ecosystem from the core to distribution layers using the capabilities of Spanning Tree or HP’s Intelligent Resilient Framework (IRF) that takes into account the need to support multiple VLANs.
Access control and defining who has access to what resources is necessary in building confidence (for users/subscribers/stakeholders) that a private cloud can be operated securely and at a security level appropriate for the organization it supports. Defining users, groups, and privileges for digital access is best done through centralized services like LDAP or Active Directory. Segmentation of organizations (or tenants) into logical constructs where security policies and identity management can be easily applied is a sound practice. They are a few reference architectures of how best to support access control for private clouds available through Zunesis.
Lastly, the emerging trend of hybrid clouds across private and public resources is refocusing the attention of federated solutions and single sign-on (SSO) features that uses open standards like Security Assertion Markup Language (SAML) 2.0 to create a digital identity ecosystem across organizational-physical boundaries. These solutions create a flexible digital identify management that make easier of end-users to minimize password management, but still create a integration complexity and responsibility for system integrators.

Scroll to Top