Vendor View

Managing Public and Hybrid Cloud Systems

Managers are asking the tough questions about public and private clouds and it boils down to one thing: trust.

A recent Cisco study on cloud computing found that 20 percent of respondents listed security as the prime obstacle for implementing cloud technology. Stability of virtualized environments came in second on the obstacle list (18 percent), with the implementing of automation and provisioning tools for clouds ranked third at 16 percent.

The challenges of managing public and private clouds vary in terms of priorities, but the primary motivation always boils down to one very important motivation: trust.

If IT managers are not willing to trust their company's data to resources that are not completely owned by their own company, then they will focus primarily on using private clouds. If they can be assured their data is just as safe and well-served on non-company assets, they will work with the convenience of public clouds. Hybrid clouds, a mix of the two architecture types, are an attempt to blend the positives of public and private clouds.

Regardless of what kind of cloud a company uses, the management of such systems must be as seamless with the rest of an organization's IT infrastructure as possible.

For instance, private clouds can use authentication services such as Active Directory and Kerberos, because, being private, they are already located within a company's infrastructure.

Hybrid clouds involving external computing resources can be a different story, since authentication within a hybrid environment depends on how it is implemented. If the external cloud resources are connected to the private cloud via a VPN, the two are effectively part of the internal network and everything should work seamlessly in that context.

In the public cloud, things get dicey, because disparate systems and management consoles may not be a smooth fit with the management systems with which your organization currently uses.

How is this challenge currently met? How does authentication work in the context of software-as-a-service (SaaS)-type applications on public clouds? When you log on to a Web application, how are your credentials validated? The answer is, unfortunately, "all kinds of ways"--LDAP, database lookups, file lookups--even Kerberos, sometimes.

The problem with this lack of cohesion is it makes it difficult to implement features we take for granted on internal systems out on the cloud. When somebody leaves the company, how do we disable his user accounts on outside SaaS apps or internal cloud systems? How do users keep track of passwords for all their various applications since they don't support single sign-on? How can we enforce password policies when no two systems use the same authentication mechanism?

It's not just the individual virtual servers within a cloud that need to be accessed. How do you get user authentication to be seamless across systems that are also wrapped by the automated management and provisioning controls of a cloud--controls that must also be accessed by users as transparently as possible?

All of these reasons stack up to why authentication with a more universal framework like Active Directory (AD) is the key to authentication success for public, private, and every kind of cloud architecture in-between.

AD is not often referred to in the same sentence as "universal," since it is often associated with Microsoft-only platforms. But there is a growing realization in IT shops that AD can provide exactly the same kind of authentication and security on cloud architectures as it can on internal IT environments.

Managing the security and stability of IT infrastructure no matter where it's located is paramount to any IT manager. Removing the barriers between corporate, cloud, and Web authentication is critical to proper cloud deployment. Without seamless transactions and management of cloud systems and legacy IT servers, how will enterprises ever be able to efficiently keep up with the now-is-almost-too-late speeds at which the cloud will operate?

About the Author

Manny Vellon co-founded and is CTO at Likewise Software, which provides cross-platform security and authentication tools for virtualized environments. He has more 30 years of software development and investment experience, including stints at Hewlett-Packard Company and Microsoft. Manny earned a bachelor's degree in electrical engineering and computer science from Princeton University.


Subscribe on YouTube