Connecting Clouds

For those organizations on the journey of transforming their datacenters to meet the demand of a modern IT consumption model, it’s easy to envision what cloud euphoria could/should look like.  That’s mostly because vision is quite cheap – all it takes is a little imagination (maybe), a few Google queries, several visits by your favorite vendor(s), and perhaps a top-down mandate or two.  The problem is execution can break the bank if the vision is not in line with the organization’s core objectives.  It’s easy to get carried away in the planning stages with all the options, gizmos and cloudy widgets out there – often delaying the project and creating budget shortfalls.  Cloud:Fail.  But this journey doesn’t have to be difficult (or horrendously expensive).  Finding the right solution is half the battle…just don’t go gluing several disparate products together that were never intended to comingle and burn time and money trying to integrate them.  Sure you might eventually achieve something that resembles a cloud, but you’re guaranteed to hit several unnecessary pain points on the way.

Of course I’m not suggesting putting all your eggs in one vendor’s basket guarantees success.  Nor am I suggesting that VMware’s basket is the only one that provides everything you’ll ever need for a successful cloud deployment. 

Gov’t Agencies Taking the Cloud Journey – AFCEA Belvoir Cloud Panel

This week I had the distinct pleasure of joining a panel of cloud industry experts for the AFCEA Belvoir Industry Days conference at Washington National Harbor’s Gaylord Resort to discuss the hot topics of cloud computing in front of hundreds of attendees representing several federal agencies (notably the US Army).  The panel was moderated by GSA CIO, Casey Coleman, and included experts representing Lockheed MartinCSCOcto Consulting Groupand — best of all — VMware (i.e. yours truly).  linked are the BIO’s for each posted on the AFCEA Belvoir website.

To kick things off, each panelist had 5 minutes for opening remarks and to provide some insight on their organization’s perspective on cloud…call it a 5-minute elevator pitch.  For my part, I shared VMware’s cloud vision of transforming IT as we know it and the journey through this transformation — an approach to cloud that is broken up into three measurable stages:
  1. IT Production – early stage virtualization to reach new infrastructure and cost efficiencies.
  2. Business Production – realizing the value of all that is gained by virtualizing “low hanging” applications in stage 1 — increased availability and performance, app agility, centralized management, etc — to drive the virtualization of business critical applications while setting a solid foundation for cloud computing.

vCloud Networking: Using vShield Edge for Firewall & Routing (without NAT)

The Challenge: You are providing cloud services for a tenant using vCloud Director (obviously!) and want to provide a dedicated [routed] subnet and firewall services that are managed by the tenant admins.  Apps deployed in this cloud will be utilizing shared infrastructure services – LDAP, patching, scanning, etc – outside the cloud, so you’re trying to avoid NAT due to possible complications introduced by masking/translating source IPs.  Sound familiar?  Read on…
The release of vCloud Director (vCD) v1.5 along with vShield Edge (VSE) v5.0 provided a significant number of in-cloud networking enhancements that put a smirk on the faces of socially awkward cloud geeks everywhere.  Okay, I’ll admit it – the networking capabilities VMware has baked into vCloud Director have been one of the most intriguing components of the solution.  The combination of vCD 1.5 and VSE 5.0, riding on top of vSphere’s native networking capabilities, provide the framework for enhanced (and industry-leading) networking options for your cloud.  Check out the vCD 1.5 Technical Whitepaper for more info on these and other enhancements.
Here are the cliff notes for those who don’t care to read the marketing stuff:
  • improved network isolation at several levels within the cloud,
  • enhanced firewall capabilities,
  • baked-in VPN tunnels and the ability to securely stretch tenant networks across clouds,
  • enhanced NAT’ing flexibility,
  • the addition of static routes and layer-3 routing
Speaking of static routes and layer-3 routing (yep, that’s the best transition I can come up with), I have found many of my customers questioning what is actually possible with the use of these features.  

Why Cloud for Existing Apps?

The value proposition for a “green fields” cloud is reasonably clear — building new environment within vCloud’s framework helps enterprises add all the wonderful things above while streamlining:

  • Security – Integration and auto-provisioning of vShield Edge and multi-tenant security boundaries
  • Governance – Integration with Active Directory at the organizational level for tight security and control
  • Resource Allocations – defining resource allowances through the use of virtual data centers (ex: vDCs)
  • Agility / On-Demand Resources – utilizing vCloud’s allocation models to provide critical resources only as they are needed
  • Cost Transparency – Integration with cloud-aware Chargeback
  • Automation – using vClouds template libraries to rapidly deploy workloads within and across tenant clouds
  • Efficiency – further driving resource utilization using innovative technologies, automation, and governance
  • IT-as-a-Service – offering a highly automated, low-maintenance cloud infrastructure to consumers and allow IT to focus on delivering innovations that drive revenue growth
From a marketing perspective, we all know what cloud is expected to deliver — agility, security, control, etc — as well as the key characteristics of cloud computing — pooling of resources, elasticity, self-service, broad access, and automation.   But what does all this cloud talk mean to existing workloads?  I get that a lot, and most recently from a customer that forced me think about a good response (and not a packaged/salesy one).