While helping a client through their cloud migration strategy, I came to realise that the basic cloud concepts listed below are often misunderstood, particularly by business stakeholders and programme managers, but also even by versed enterprise architects:
- Managed Infrastructure Vs Cloud
- Public Vs Private Cloud
- Hybrid Cloud Vs Multi Cloud
- On Premise Vs Public Cloud Security
In this post I would like to shortly attempt to clarify those concepts.
Managed Infrastructure Vs Cloud
Many hosting and infrastructure providers are trying to provide cloud-like service offerings, which is sometimes blurring the boundary between the two. Here are for me the fundamental differences.
For Managed Infrastructure, services providers are usually local, regional, or national providers of IT infrastructure and hosting solutions. The locations of the data centres are usually known and reachable. Any changes to the customer’s infrastructure is managed and operated by the service provider. Most managed services providers also try to provide additional services to respond to customer demand for speed and elasticity (e.g. Virtualisation, IaaS, PaaS, scaling) . Managed Infrastructure providers also have a more direct and tailored first line support.
On the other hand, Cloud providers are large and global IT organisations who are selling Cloud “as a product”. The data centres’ locations are usually not known, or at least not precisely. Infrastructure is always virtualised and highly configurable, and any changes to the customer’s infrastructure is done through standard interfaces (web, APIs, CLIs), in a self-service model (IaaS). All cloud services providers provide a combination of additional services to respond to customer demand (e.g. PaaS / Managed Services). Cloud service provider’s have standard and ultimate support models, where first line support is usually offshore.
Public Vs Private Cloud
Looking in the literature for private cloud, many different definitions came up. Here is what I consider being a good separation between public and private.
A Private Cloud is an infrastructure based on physical and virtual machines that is dedicated to one organisation and typically managed as a pool of resources. In a Private Cloud the hardware is not shared between several customers. Typically a Private Cloud can be created by adding cloud-computing capabilities to an organisation on-premise data-centre. Managed Infrastructure providers can also guarantee a private cloud setup to their customers (usually except for the network layer).
A Public Cloud is an infrastructure of physical and virtual machines that are available over the internet in a secure and controlled manner. In a public cloud the same hardware will be shared by many different customers while segregated through virtualisation and software defined networks. Public cloud providers cannot guarantee a private infrastructure (except maybe for the AWS Gov Cloud region) but have a similar concept called Virtual Private Cloud.
A Virtual Private Cloud (VPC) is an on-demand pool of shared computing resources allocated within a public cloud, providing a certain level of isolation between different customers. VPC are often used to create an extension of a customer’s data centre into the Public Cloud (e.g. VPN-enabled VPC), in a secure manner.
Multi Cloud Vs Hybrid Cloud
Many organisations who see the benefit of the cloud through early enablement of a Public Cloud for their development teams also see value in a Private Cloud for their most data sensitive system of records. Using Public and Private Cloud in tandem – typically by extending their data centre resources to a VPC – allow them to use cloud technologies across their entire infrastructure, while being able to segregate internal and external application more radically. This is the concept of a Hybrid Cloud.
Multi Cloud is for organisations who choose to use more than one Public Cloud provider, so as to be bale select the best cloud for their applications, services and capabilities they need (e.g. AD integration in Azure, Large scalable RDBMS in AWS, ML workflows in Google Cloud). Some organisations also implement this setup to avoid vendor ”lock-in” and/or for disaster recovery purpose, where one application can be switched to another Public Cloud quickly.
On-Premise Vs Public Cloud Security
In this last section I touch on some security aspects of a On-Premise vs a Public Cloud setup.
With On-Premise, the data centre(s) is(are) owned, and physically reachable, and only accessible by known and limited employees. All aspects of security are managed by the customer’s IT or infrastructure department: building, network access, hardware, operating systems, runtimes, and applications. From a networking perspective, there will be a separation between an external network zone for internet access and and internal network zone. Access to the internal zone is controlled by strict firewall rules. Disaster recovery can involve several data centres in the best case, while more simply several servers at the same location.
With a Public Cloud, data centres are owned by cloud provider, and not accessible. Most aspects of security are managed by the cloud provider: building access, network access, hardware, operating systems, runtimes, so that the Customer IT teams only have to manage application security and network / systems access. Public Cloud networks can also be separated into external and internal zones. An On-Premise data centre is then only used for storing data and systems that are too sensitive to be on the Public Cloud. Disaster recovery is typically easier to implement in a Public Cloud due to the availability of multiple regions or zones.
Going back to the drawing board and attempting to explain simply and shortly some rather misunderstood concepts of cloud was a very useful exercise for me. I hope you will find this insightful too.