Scroll Top

Why Public Cloud Over Private Cloud – Part 2

Home Why Public Cloud Over Private Cloud – Part 2

By Larry Grant Cloud Insight Blog August 29, 2022

This blog is part two of a three-part blog series on “Why Public Cloud Over Private Cloud” READ PART one HERE and part three HERE.

In the previous blog post we ended on the idea of developing micro-services each with their own bounded context, and the benefits associated with it, along with some challenges for horizontal scaling of the workload. Before we go into further discussion on Why Public Cloud Over Private Cloud, I first wanted to circle back to some legacy concepts around compute, network and storage virtualization and how public cloud should treat these assets very differently.

Some Common Challenges:

Storage:

1. With on-premise solutions, we often see automation of compute, network and storage performed by the virtualization teams within IT. Sometimes the storage is only partially automated, having a storage team allocate a portion of physical storage and allowing the virtual teams to abstract this into virtual slices. Since both the compute and storage are still backed by physical resources, the ability to scale is limited and therefore needs to be controlled than what might be done in a public cloud environment.
2. In the public cloud, storage is much more fluid. When we design new micro-services and move data into a tightly bounded context, we need to be more fluid with how we store data, create new types of databases from SQL to highly distributed no-sql, graph, in memory, clustered, and even data lakes for improved AI/ML. The numerous public cloud data-based services offer great flexibility that can never be achieved on-premises.

Networking:

1. Networking teams are similar, often with a mix of blended solutions from physical networking gear either being manually configured or using automation to simplify everyday configuration tasks, but still controlled through submitting requests and gaining approval before the automation occurs. Virtual networking overlay solutions are used to carve off areas for specific workloads, but it all routes through a physical layer still controlled through traditional processes.
2. In the cloud, we use virtualized networks from inception, but we’re able to take it beyond what we might do on-premises. Every account in a cloud will have at least one virtual private cloud or VPC, which is its own networked environment. It is a best practice to create hundreds of different accounts to provide not only network segmentation between lines of business, but even between applications and micro-services.

Security:

1. Firewalling is often just at the network segmentation boundaries for North-South traffic, with little internal firewalling. Modern implementations leverage firewalls for east-west traffic across internal network segments and can use tagging to automate rule policies to control data access. This improved security posture helps but rarely delivers micro-segmentation level security across all the applications and services running.
2. Micro-segmentation in the cloud takes security to a new level, providing firewalling and routing between every hop. As microservices grow, providing explicit routing controls and firewalls dictating what service can talk to one another, locking down data to a service, using unique encryption keys for every service and separate individual load balancing are just a few of the most common services that will create a more tightly optimized and secure environment.

Computing:

1. Virtualization of computing resources has been around for 20 years, with many technologies to assist in automating the request of new resources. Often the request process is still through a self-service catalog, which is an improvement over manual requests but falls short of infrastructure as code. Some newer solutions do extend the ability of compute provisioning to a CI/CD pipeline but are still constrained by the physical limitations for scale and therefore gamble that teams use these services at a predictable rate. The problem is the unpredictable nature of live events.
  1. The 2021-22 Log4J vulnerability is a perfect example when teams had to patch 2,3,4 times as new vulnerabilities were discovered. Having every team redeploy every app could not be handled with on-premise resources for most organizations and required updates against live workloads.
  2. In the public cloud with hyper scaling, they could deploy whole new versions of their app, fully patched, and tested before directing traffic to it, all the while having the previous version still running.
2. Containerization is another form of compute virtualization. Being lightweight, it improves density efficiencies and improves startup times when scaling. It is very appealing for micro-services workloads that need to scale elastically. However, this leads to management challenges as more micro-services are designed with async characteristics to be event driven, not pre-launched. The runtime nature is often difficult to predict and therefore difficult to effectively manage a fully dynamic fleet of clusters. It will run fine until there is a scenario where it does not.
  1. Outperforming a DDOS (Distributed Denial of Service) attack
  2. Scaling during a stock market event
  3. Scaling when workers move to remote access overnight
  4. Scaling news outlets when a large event happens
  5. Scaling to support mass redeployments during an emergency vulnerability
  6. Dynamic Scaling for batch operations
  7. Dynamic Scaling for event based processing

These concepts tend to fall significantly short of what a public cloud implementation can achieve. For “Private Clouds” (from here referred to as “PC”), companies still have limited resources and control what is provisioned, when, where and how. Since “PC” does not have unlimited resources, companies still treat resources as pets, using static IP addresses and modifying load balancers such as F5’s to route to the new resources. For deployed virtual machines, companies still manage these resource as legacy systems, logging in to update, patch or troubleshoot, which means maintaining users and passwords for access. Even with tools such as Puppet, Chef or Ansible, these solutions try to automate many of the human touch points, but still require these systems be updated in place adding risk.

Any time a traditional system is touched, it leaves the organization at greater risk for mistakes, failed patches, and downed systems. It also opens new attack vectors having systems with SSH or RDP enabled, and logins for access is an increased risk which can often be eliminated in a native cloud implementation.

I hope you’re enjoying the discussion. Please feel free to ask questions or leave comments, I’m always happy to continue the discussion. Check back often for the next installment in this series “Why Public Cloud Over Private Cloud” where we’ll dive into more detail on various public cloud applications and services.

Larry Grant

+ posts

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use nonessential cookies that help us analyze and understand how you use this website and enhance your user experience. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
Zoominfo	session	Zoominfo uses technologies to collect and store information when you interact with services it offer to their partners, such as advertising services or analytics. All of those processes are meant to improve your user experience and the overall quality of our services.

Analytics

Analytics cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_111355416_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's pageview limit.
_hjIncludedInSessionSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's daily session limit.
_hjTLDTest	session	Hotjar test cookie to check the most generic cookie path it should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
oktgid	1 year	This cookie is used for storing the visitor ID of the user who clicked on an okt.to link.
oktsid	session	This cookie is used for storing the session ID of the user who clicked on an okt.to link.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages.

Other

Other uncategorized cookies are those that are being analyzed and have not yet been classified into a category according to their type and purpose.

Cookie	Duration	Description
__gwtCookieCheck	session	This cookie is used to check if the visitors' browser supports cookies.
AnalyticsSyncHistory	1 month	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
li_gc	2 years	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
UserMatchHistory	1 month	LinkedIn - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Why Public Cloud Over Private Cloud – Part 2

This blog is part two of a three-part blog series on “Why Public Cloud Over Private Cloud” READ PART one HERE and part three HERE.

Some Common Challenges:

Storage:

Networking:

Security:

Computing:

Larry Grant

UJIMA

VETs

WONDER

PRIDE

Mental Health Matters

KEVIN FLEURIE

Dan O’Brien

BRYAN CALDER

ROBERT KIM

VINCENT TRAMA

WAHEED CHOUDHRY

CHRIS CAGNAZZI

BRID GRAHAM

MICHAEL KELLY

KEVIN WATKINS

JENNIFER JACKSON

MANNY KORAKIS

JUSTIN FILIA

GOPINATHAN PANDURANGAN

STEVEN PALMESE

ELLIOT BRECHER

BARBARA ROBIDOUX

Please select your venue city and
complete registration form below.

Please complete registration
form below.

Dave Hart

CHRIS BARNEY

JOHN HANLON

Greg Hedrick

Courtney Washington

CHRISTINE KOMOLA

VINU THOMAS

JULIETTE AUSTIN