Start cloud-preparation by looking at the network

Enterprises are now actively adopting cloud computing, and networking professionals will have to change the way they think and how they do certain things in order to provide cloud computing networks.

According to a Forrester Research survey of 962 enterprises, 25% are budgeting for, implementing or already using cloud computing from external service providers. Twenty-two percent are budgeting for, building or using internal clouds.

Each of these waves of cloud computing adoption will present its own unique cloud networking challenges.

James Staten, principal analyst with Forrester Research, said network administrators will find that providers of external cloud services offer limited network configuration options, particularly public cloud services like Amazon's EC2, which achieve economies of scale by offering highly generalised infrastructure options on demand to multiple enterprises.

"You often have to use whatever VPN solution they support and whatever kind of exposure to virtual network functions and configuration settings that they're willing to expose you to, and nothing beyond that," Staten said. "If you wanted to do your own encryption, you would have to instantiate an encryption server [within the cloud] to do that."

Network administrators can get more tailored configurability from certain providers, but it comes at a premium cost, he said. The provider would have to supply infrastructure that is specifically configured to serve one enterprise's needs. This infrastructure would essentially be hosted by the provider for the individual enterprise rather than be available to multiple enterprises with more generalised configuration requirements. Cloud providers will charge a premium for such services, Staten said.

Network security remains a concern for many enterprises as well when it comes to external cloud computing. Jim Prevo, CIO of Green Mountain Coffee Roasters, said external cloud computing raises all sorts of red flags on security for him: "Physical [security], logical, theft, corruption, espionage, human error, you name it. The more players, devices and distance in the game, the greater the exposure."

Prevo is much more comfortable with the concept of an internal cloud. He says he has maintained an internal cloud at his company for about eight years.

"Essentially, we are setting up a single-instance application portfolio using PeopleSoft, Demantra and other applications," he said. "They have Web interfaces pointing to Web servers which communicate with applications servers, which communicate with database servers and batch servers. In the case of PeopleSoft, for example, we have a pair of load balancers on the front end that point to our Web/app server blades in an HP blade rack. The app servers point to the database server. The database server is backed up every few minutes via Oracle's Dataguard functionality to another server in a second data center across the campus. There is actually an identical set of equipment in that other data center, so we could take a hit on our primary data center and come up quickly in the second data center."

"We also have applications that are hosted in virtual environments and have SAN-based data," Prevo said. "We will install clones of these environments in our backup data centers next year, and we will have some degree of automation in place to fail over between locations. We have not decided on the exact level of automation we want in place. Sometimes it makes sense to be 100% automated, and sometimes it is better to have a human in the middle making the judgment."

Network administrators within enterprises that are building internal clouds will find that a separate set of challenges awaits them. Internal clouds require a great deal of automation so that applications can quickly scale up and down the number of virtual servers they use. The automated provisioning of these servers will force network administrators to give up a lot of control to server administrators, according to Staten. The automation tools that server administrators use will have to assign the correct IP addresses, network connections and storage connections.

"All this is going to be done by an automation tool," Staten said. "The network administrator can set the rules, but he can't necessarily manually enforce them. In other words, you have to be involved in the creation of automation policies for the internal cloud, but you're not going to take them over. You're going to trust the policy engine to take care of it. And that's really tough for a lot of network administrators to get comfortable with because the bottom line is you're taking things that network administrators have been doing and allowing the server side of the house to do them and do them in an automated way. If you haven't even got to the point of letting your network administrators automate, you're not going to trust the server administrators to automate your work."

Staten said internal clouds will also force network administrators to document their network procedures, something that a lot of organisations have failed to do in the past.

"People haven't documented their network procedures very well," he said. "And if you can't document it, you can't automate it."

Finally, many network administrators will discover that their enterprises plan to adopt both internal and service provider clouds. Forrester surveyed 602 North American and European companies of all sizes that all plan to use cloud computing, and 41% plan to use a combination of internal service provider clouds.

This combination of services will enable some enterprises to create what Staten calls "virtual private clouds."

"This is essentially similar to the VPN concept," he said. "You put network boundaries around two or more cloud environments and make them appear as the same physical environment. This is a virtualisation concept as much as it's a networking concept. It allows you to take an application that lives in a certain data center, clone virtual machines of that service that was running in the first data center, and place them in a second data center."

Staten said he has spoken with several organisations that take this virtual private cloud approach. One retail company has three or four applications that run across both an internal cloud and a public cloud, and the company moves workloads for the application across both clouds as demand scales up and down.

These virtual private clouds have their own set of networking requirements, Staten said. Network administrators should make sure that a cloud which spans both internal and service provider facilities has similar networks on both ends.

"The ideal scenario would be to have the same Cisco switches, for example, in both locations, because you know the protocols are going to be carried the same way," he said. "You know the QoS is going to be executed the same way, and you know that all the configuration settings and commands you might want to use are going to be there. Any time you start to vary from a homogenous model, you start to decrease the degree of control and the degree of flexibility that you have."