Managing Public and Hybrid Cloud Systems
Managers are asking the tough questions about public and private clouds and it boils down to one thing: trust.
- By Manny Vellon
A recent Cisco study on cloud computing found that 20 percent of respondents
listed security as the prime obstacle for implementing cloud technology.
Stability of virtualized environments came in second on the obstacle list (18
percent), with the implementing of automation and provisioning tools for
clouds ranked third at 16 percent.
The challenges of managing public and private clouds vary in terms of
priorities, but the primary motivation always boils down to one very important
If IT managers are not willing to trust their company's data to resources that
are not completely owned by their own company, then they will focus primarily
on using private clouds. If they can be assured their data is just as safe and
well-served on non-company assets, they will work with the convenience of
public clouds. Hybrid clouds, a mix of the two architecture types, are an
attempt to blend the positives of public and private clouds.
Regardless of what kind of cloud a company uses, the management of such
systems must be as seamless with the rest of an organization's IT
infrastructure as possible.
For instance, private clouds can use authentication services such as Active
Directory and Kerberos, because, being private, they are already located
within a company's infrastructure.
Hybrid clouds involving external computing resources can be a different story,
since authentication within a hybrid environment depends on how it is
implemented. If the external cloud resources are connected to the private
cloud via a VPN, the two are effectively part of the internal network and
everything should work seamlessly in that context.
In the public cloud, things get dicey, because disparate systems and
management consoles may not be a smooth fit with the management systems with
which your organization currently uses.
How is this challenge currently met? How does authentication work in the
context of software-as-a-service (SaaS)-type applications on public clouds?
When you log on to a Web application, how are your credentials validated? The
answer is, unfortunately, "all kinds of ways"--LDAP, database lookups, file
lookups--even Kerberos, sometimes.
The problem with this lack of cohesion is it makes it difficult to implement
features we take for granted on internal systems out on the cloud. When
somebody leaves the company, how do we disable his user accounts on outside
SaaS apps or internal cloud systems? How do users keep track of passwords for
all their various applications since they don't support single sign-on? How
can we enforce password policies when no two systems use the same
It's not just the individual virtual servers within a cloud that need to be
accessed. How do you get user authentication to be seamless across systems
that are also wrapped by the automated management and provisioning controls of
a cloud--controls that must also be accessed by users as transparently as
All of these reasons stack up to why authentication with a more universal
framework like Active Directory (AD) is the key to authentication success for
public, private, and every kind of cloud architecture in-between.
AD is not often referred to in the same sentence as "universal," since it is
often associated with Microsoft-only platforms. But there is a growing
realization in IT shops that AD can provide exactly the same kind of
authentication and security on cloud architectures as it can on internal IT
Managing the security and stability of IT infrastructure no matter where it's
located is paramount to any IT manager. Removing the barriers between
corporate, cloud, and Web authentication is critical to proper cloud
deployment. Without seamless transactions and management of cloud systems and
legacy IT servers, how will enterprises ever be able to efficiently keep up
with the now-is-almost-too-late speeds at which the cloud will operate?
Manny Vellon co-founded and is CTO at Likewise Software, which provides cross-platform security and authentication tools for virtualized environments. He has more 30 years of software development and investment experience, including stints at Hewlett-Packard Company and Microsoft. Manny earned a bachelor's degree in electrical engineering and computer science from Princeton University.