Amazon VPC
Holiday Presents from the Cloud
Digg
Reddit
Delicious
StumbleUpon
Facebook
Twitter
LinkedInAs the year winds down, there are a few things I have come to expect: holiday parties, snow, and new features from cloud providers. This year exceeded all of my expectations, starting with a note in early December from our friends at Terremark letting us know that they have fixed their Windows pricing for cloud servers. Until this upgrade, if you started a Windows server in their cloud, you had to pay for a whole month of Windows licensing ($30-$100 depending on the version) no matter how much you used the server. This was rather un-cloudlike, where we want to only pay for what we use. With this new feature, running Windows in Terremark’s cloud only costs a few cents per hour (Linux cost + 20%).
Then came the snow—I live in New Hampshire, and on December 9th we received a foot of new snow to really get the season going. The very next day, Amazon made a big flurry of announcements—support for Windows 2008, the ability to boot from EBS, and the new US region US-West1.
Each of these features means big things for Amazon and for cloud users. First, support for Windows 2008 is a longstanding request from Amazon users. I think that Amazon was held back from supporting W2K8 because of the design of their boot volumes, which needed to be copied out of S3 into the local storage instance in order to boot the operating system. As the boot volume grows, the amount of resources consumed and the boot time of the servers grows significantly, withW2K8 requiring more than 10GB by default. In order to support W2K8, Amazon required another technology advance to make it possible—booting from EBS snapshots.
Perhaps the biggest problem enterprise users had with Amazon was the lack of persistent storage for boot volumes. Amazon has now created a way for users to build persistent boot volumes, coming up to parity with competitors on this feature. Sure, it’s a little different from how enterprises normally think about storage and configure boot volumes, but the ability to use EBS volumes for booting eliminates the window for data loss that most users had to contend with in the original boot methods. (This feature is not huge for CloudSwitch customers because we have always supported booting from EBS as part of our products; however, we can take advantage of this feature to improve boot times for servers in Amazon.)
Another major Amazon announcement is the new west coast region. Many of CloudSwitch’s early customers (not to mention our own development activities) are based on the east coast, so EC2’s primary location has been a good fit for us. Things only improved with the introduction of the Europe region since we have seen a lot of interest for European resources for both locality and compliance reasons. However, for west coast customers, having to hop across the whole country to access your cloud resources was less than ideal. Now these companies have local resources to target, but more important, this ongoing expansion shows that the public cloud is doing well. The addition of US-WEST1 and the soon-to-open Asia region reflect just how quickly the public cloud is growing and how hard Amazon is driving it.
The news from Amazon comes on top of what was already an outstanding year for cloud computing with major announcements from many key players, including: IBM software running in the cloud, new VMware-based public clouds, reduced pricing for servers and storage in the cloud, and Microsoft’s Azure gaining momentum. Each of the cloud providers is growing and maturing its cloud offerings, and we are reaching a tipping point where there are multiple clouds with sufficient features to support enterprise workloads. Get ready for 2010—it’s going to be an exciting year as large-scale enterprise cloud computing takes off.
Amazon's VPC Opens the Door for Innovation and Enterprise Cloud Adoption
The recent announcement from Amazon of the Virtual Private Cloud (VPC) represents the next big advance in the evolution chain for cloud computing. Enterprises can now integrate their IT infrastructure with Amazon's vast computing and storage resources, using a VPN connection from their data center to their own virtual private cloud which then looks like part of their internal network.
Until the release of VPC, companies were left to build applications and utilize the cloud as a separate and somewhat siloed portion of their computing environment. In addition to the VPN connection, VPC allows cloud users to control their IP addressing within the Amazon cloud (previously IT addresses were assigned randomly). This may sound trivial, but it solves some tricky problems that made it hard to integrate cloud and internal resources.
Prior to VPC, every time you started a server in Amazon, you would get a new, randomly assigned IP address for that server. This created a lot of issues with how typical applications operate, e.g.: how do you communicate the address of this new server? How do you run authentication/certificate processes with a changing address? How do you deal with identity when IP addresses change at every start? Add to this the fact that cloud servers were separate from internal servers, so internal services that you normally take advantage of (DNS, LDAP, etc.) were not available without a lot of work. VPC provides a way to connect cloud resources to your data center and start to smooth over the differences.
Okay, how does this work? A standard edge networking device in your data center is configured to connect with Amazon's VPC. You can create your own sub-nets within Amazon, and when you launch a server you assign it to one of them. You specify the IP address range for your servers, and VPC performs the "security dance" to build the VPN between the edge device and your private network in Amazon's cloud. All you have to do is update your routing tables so that processes in the data center can reach applications in the cloud and you're off to the races.
By allowing customers to integrate their data center networks with Amazon's cloud, VPC takes the first step in bringing the cloud and the enterprise data center together. While one large hurdle has been removed, there's still work to be done, as indicated in RightScale's blog. As enterprises review the VPC offering, there are things they need to consider as they determine how to deploy and use it.
- Networking: VPC provides a layer-3 connection between the data center and the cloud, which means that traffic is based on IP address routing. You'll have some work to do to figure out things like managing addressing in the cloud, and the implication of MAC addresses changing on every server start. In contrast, the holy grail of this integration is based on the Ethernet level (layer-2), where everything "just works" -- allowing seamless migration of applications between the data center and the cloud (and back). Some applications require layer-2 connectivity (for broadcasting for example), which means they would probably need to remain in your data center.
- Security: As the name indicates, VPC doesn't provide truly private infrastructure, but a virtually private infrastructure -- servers deployed into your virtual private cloud are allocated from the same shared resources that Amazon uses for all its customers. Thus, you still have to think about possible additional security measures in the cloud, both for networking (VPC doesn't allow for encryption between servers), as well as how to protect data in shared storage.
- Management: Developers will have to deal with the "assembly required" aspect of mapping applications to Amazon's infrastructure. There's no simple way to move existing servers to the cloud, which means you'll have to determine how to provision and configure cloud resources, and how much custom work might be needed to interface with Amazon APIs. Deployment is complicated by Amazon specifics -- how to launch an instance, attach storage resources, reset applications to use the proper storage path, etc. You'll also have to address the fact that base servers run on "ephemeral storage", meaning that server outages cause the loss of all data/updates. (There are many blog posts on this topic; this one is typical.)
- Flexibility and choice: Finally, while VPC solves some major headaches for companies that are committed to AWS, it is not applicable for those who want the flexibility of multi-cloud offerings. This is important because users have no control of a cloud provider's infrastructure. When a provider decides to upgrade or change anything, users must go along for the ride.
So to sum up, Amazon's VPC represents an exciting step forward along the road to making the cloud truly enterprise-ready. Cloud computing has come a long way over the last two years, and in many ways Amazon has been setting the pace. Their new offering lays the foundation for the next set of solutions for enterprise adoption from other companies in the cloud computing ecosystem. At CloudSwitch, we're excited to take advantage of the ongoing improvements by Amazon to their infrastructure, and working hard to eliminate complexity and make cloud computing simple, seamless and more cost-effective than ever.
RSS Feed