One Size Does Not Fit All, Part II

Cloud Computing3 minutes readSep 7th, 2012

Enterprise applications are, for the most part, sponsored by “Application Owners” within business units. Within Unisys, dozens of our enterprise applications are now hosted on the Secure Private Cloud, along with virtual desktops that support two key call centers. In cloud terminology, we would define a “tenant” in a cloud to be the owner of a specific partition of the cloud that is dedicated to that owner. Each of these tenants has very specific Governance, Risk and Compliance objectives. For example, compliance with minimal response times may be a requirement to reduce the risk of impacting the corporate image. High availability may be required to avoid the risk of non-compliance regarding the delivery of services to customers. Security compliance may be an issue for an application owner who is required to protect sensitive, regulated information. Within Unisys, we have two Secure Private Cloud tenants who require encryption due to legal and financial regulations.

Certainly, a separate cloud could be created for each application owner, but then we would be right back where we started, with dedicated, underutilized resources, a lack of standardization, and escalating administrative expenses. Instead, a robust private cloud must be capable of providing disparate service and compliance objectives for the various applications within a single, automated environment.

Secure Private Cloud has provided our customers with a mechanism to automatically provision VMs from various pools of infrastructure resources to meet service level objectives. High availability can be provided by provisioning redundant VMs on disparate pools. Tenant isolation can be enforced through automatic configuration of separate virtual LANS (vLANs). What is new for SPC 2.2 is the option to select encryption and invisibility through our Stealth for selected tenants. Specific tenants have a requirement to protect data as it is transmitted through the infrastructure beyond the current best practices of vLAN isolation. For those tenants, Stealth Communities of Interest (COI) can be defined and deployed as part of the standard SPC onboarding process. In this way, application owners/tenants who are required to comply with stringent security regulations can choose this new option without impacting other tenants who are not required to comply.

Cloud computing provides the most value when IT processes and procedures can be standardized and then automated. This is how Amazon and other public clouds can afford to sell their cloud services at a relatively low price. But the service and compliance objectives for enterprise applications cannot be standardized. If the cloud is configured to meet the most stringent objectives, the cost of ownership will be unnecessarily high. Therefore, a heterogeneous approach is needed. In the future, mission critical applications will be expected to co-exist in the same cloud as non-critical test/dev/demo workloads. For Unisys, the introduction of Stealth in SPC 2.2 is the first step in providing this type of heterogeneity on a tenant by tenant basis.