Public vs. Private Cloud: An Introduction to Cloud Computing
Public or Private Cloud, that is the question? Talk about moving targets? The level of understanding – or lack thereof – about these two non-meteorological phenomenon vacillates, wobbles, and drifts more than the vaporous clouds we see in the sky. As it stands now, the difference between a private cloud and a public cloud is significant but there are similarities. However, the level of confusion many people have about the two computing architectures rises up to the height of a massive thunderhead.
Consider the following questions. Starting with the lowest common denominator question; since both public and private clouds are…well…clouds, what is a cloud? Moving along to more arcane questions – why do we call ‘it’ a cloud, and where did ‘it’ come from? Finally, we’ll tackle the source of most of the confusion – what is the difference between a public and a private cloud, and why is that important?
To start, let’s expose cloud computing for what it is.
Clouds have been around a long time and I imagine most everyone reading this blog has seen the familiar little cloud illustration in an assortment of documents dealing with the Internet. The cloud icon makes us think of that extraordinary place where computing magic happens – ‘out there’ on the Internet. For those who remember purchasing software on compact disks and sitting around while the program loaded onto your computer’s fixed disk, having ready-to-go applications available in the cloud may seem magical. But that’s another story.
Technically a cloud is not a place anymore than the Internet is a place. It is a virtual environment made up of computing resources that are harnessed on demand. These resources can be, and most likely are, scattered around the globe in multiple physical locations. However, most clouds have a primary physical location that houses the main application infrastructure. This main physical location could be far away from the users or it could be in the building next door. But a cloud performs most of its computing magic outside of the desktop, laptop, tablet, smartphone, or whatever is accessing cloud resources.
To understand the basic components of cloud architecture, think about what it takes to run an application on your own personal computer. Let’s say you purchased the rights to use a copy of Microsoft’s PowerPoint and you installed it on your laptop. Notice I said you purchased the rights to use MS PowerPoint. Commercial software is always licensed to a user to use, not to own. It is the same for software that resides in the cloud.
That said, to run a copy of PowerPoint you need a variety of resources, starting with a computer that has the following capabilities: an operating system, a processor and memory, a data storage device, various applications to manage the file system and other basic systems, as well as multiple input/output devices. These resources make up the platform upon which another critical resource resides – the PowerPoint application itself. Not surprisingly, those are the same basic resources required to run an application in a cloud. The difference is those resources can be located anywhere, as long as the PowerPoint application can access them when needed. These resources can also be virtualized and shared to maximize the utilization of the physical servers. However, you must add one more very important resource in cloud computing and that is – a network. The network is essential because that is how users connect to and access the hardware and software residing in a cloud.
To access a cloud, users must have a few things beyond a computer. Just like cloud computing needs a network connection, users also need a computer with its own networking capabilities and an Internet connection. It is possible that a user can leverage faster and more secure methods than an Internet node to connect to a cloud, but the most common way to access cloud computing is through the Internet.
The term ‘cloud’ has evolved over the years from just being an icon that represents the entire Internet to being an icon that represents a specific application or website that performs a specific function (e.g. Amazon.com operates in a cloud) on the Internet. Today, if you see the familiar cloud icon, you need to understand the context in which it is shown to understand if it represents the whole Internet or if it represents a single cloud. Below is a simple diagram that represents a single cloud environment:
Now, to tackle the main questions that this blog addresses: what makes a private cloud, private? And, what makes a public cloud, public?
As mentioned there is a significant difference between the two, but the basic architecture is quite similar. Essentially, a public cloud is open to anyone interested in visiting the site and using its resources to perform whatever tasks or actions are permitted (e.g. accessing Microsoft’s public website to download a printer driver for Windows Vista, or visiting the JC Penny site to order a pair of shoes). Typically, public cloud architecture has shared resources (e.g. servers, network routers and hubs, storage devices, etc.). Public clouds are also provisioned, maintained and managed by third-party personnel who are responsible for the entire cloud infrastructure and all the customers accessing it. Confidential information (e.g. SSNs, names, addresses, credit card numbers) is handled in a very secure way within a public cloud, so the concern for security is primarily for the users who are providing their personal information to execute a transaction. Additionally, public clouds are usually free or offered to the public on a pay-per-use model.
A private cloud has many of the same characteristics of a public cloud but there is a lot more security associated with accessing any resources. To begin with, a private cloud is usually built to serve only the users associated with a single organization or group. If the private cloud uses the Internet to enable a connection from users, anyone can attempt to gain access to the resources, but they must have proper credentials (e.g. User ID, passcode, special key number, etc.) to get past the first firewall. The firewall can either be a software program running on a server that is public facing, or it can be an actual piece of hardware that is public facing. Either way, the job of the firewall is to analyze incoming and outgoing network traffic to control who should be allowed through based on predetermined criteria. A private cloud blocks any and all traffic that does not meet the criteria.
Private clouds are typically maintained, provisioned and managed by the users of the cloud, not by third party IT staff as with a public cloud. Also, in a private cloud architecture the hardware is often dedicated to supporting only that particular private cloud, in other words it is not shared with other applications or users.
A private cloud may utilize a secure network connection instead of the Internet, something like a single access line that only certain people use. This adds another level of security that, by design, eliminates the general public from having any kind of access to the computing resources in a private cloud. This is a more costly approach, but if security is a major concern, it may be worth the added expense.
Overall, both public and private clouds provide a new level of convenience and computing power that was unheard of a few years ago and both have viable roles in the computing landscape. Cloud computing is clearly here to stay and will do nothing but grow in the coming decade. However, cloud computing is not without its critics. Privacy advocates claim that information flowing through the cloud network can easily be monitored, lawfully and unlawfully, by anyone with access to data communications or data that is stored by the host company. This is a potential security risk that comes with the power and convenience of cloud computing.
Whatever the security risks might be, public and private clouds provide far more value to users than harm. Security breaches will always be part of the computing landscape, but technology will evolve to address each new security risk that emerges.