Wednesday, November 12, 2008

In Cloud Computing, a Good Network Gives You Control...

There is a simple little truth that is often looked over when people discuss "moving to the cloud". It is a truth that is so obvious, it is obscure; so basic, it gets lost in the noise. That truth is simply this: you may move all of your servers to the cloud, you may even move all of your storage to the cloud, but an enterprise will always have a network presence in its own facilities. The network is ubiquitous, not only in the commodity sense, but also in the physical sense.

To date, most IT folks have had a relatively static view of networks. They've relied on networking equipment, software and related services to secure the reliability of TCP/IP and UDP packets moving from physical place to physical place. Yeah, there has been a fair measure of security features thrown in, and some pretty cool management to monitor that reliability, but the core effort of networks to date was to reduce the risk of lost or undeliverable network packets--and "static" was very "in".

However, the cloud introduces a factor that scares the bejeezus out of most IT administrators: a dynamic world that gives the appearance of a complete lack of control. How does IT control the security of their data and communications between their own facilities, the Internet and third party cloud providers? How do they secure the performance of systems running over the Internet? Is it possible to have any view into the health and stability of a cloud vendor's own infrastructure in a way meaningful to the Network Operations Centers we all know and love?

When it comes to infrastructure, I have been arguing that the network must take more of a role in the automation and administration of public, private and hybrid clouds. However, let me add that I now think enterprises should look at the network as a point of control over the cloud. Not necessarily to own all of that control--services such as RightScale and CohesiveFT, or cloud infrastructures such as Cassatt or 3TERA have a critical role to play in orchestration and delivery of application services.

However, their control of your resources relies entirely on the network as well, and you will likely have federated and/or siloed sets of those infrastructure management systems scattered across your disparate "cloud" environment. The network remains the single point of entry into your "cloud", and as such should play a key role in coordinating the monitoring and management activities of the various components that make up that "cloud".

Greg Ness outlined some of this in his excellent post on Infrastructure 2.0, (and this recent one on cloud computing in the recession), a theme picked up by Chris Hoff and others. All of these bloggers are sounding a clarion call to the network vendors, both large and small, that have a stake in the future of enterprise IT. Support dynamic infrastructures--securely--or die. I only add that I don't believe that its enough to make dynamic work, I think it is critical to make sure the enterprise feels they are in control of "their own" cloud environment, whether or not it contains third party services, runs in dozens of data centers, or changes at a rate to quick for human decision makers to manage.

What are some of the ways that the network can give you control over a dynamic infrastructure? Here's my "off the top of my head" list of some of the ways:
  • There needs to be a consistent way to discover and evaluate new VMs, bare metal deployments, storage allocations, etc. and the network can play a key role here.

  • There also needs to be consistent monitoring and auditing capabilities that work across disparate cloud providers. This doesn't necessarily have to be provided by the network infrastructure, but network-aware system management tools seem as logical a place to start as any.
  • Networks should take an active role in virtualization, providing services and features to enable things like over WAN VM migration, IP address portability and discovery of required services and infrastructure during and after VM migration. Where your servers run should be dependent on your needs, not your network's abilities.

  • At times the network should act like the human nervous system and take action before the "brain" of the cloud is even aware something is wrong. This can take the form of agreed upon delegation of responsibility in failure and over-utilization situations, with likely advancement to an automated predictive modelling approach once some comfort is reached with the symbiotic relationship between the network and management infrastructures.

Believe me, I know I have much to learn here. I can tell you that my soon-to-be employer, Cisco, is all over it, and has some brilliant ideas. Aristra Networks is a startup with a pretty good pedigree that is also aggressively looking at cloud enabled networks. I can only assume that F5, Nortel, Extreme and others are also seriously evaluating how they can remain competitive in such a rapidly changing architecture. What exactly this will look like is fuzzy at this point, but the next few months are going to be monster.

In the meantime, ask yourself not what you can do to advance your network, but what your network can do to advance you...