by: Richard Bourdeau, VP Product Marketing, DynamicOps
The common infrastructure. What a blessing. What a curse.
Here is a familiar scenario for you…Well mannered IT administrator goes to provision resources for a mission critical application only to find that said resources have already been consumed by someone in a different group. To make matters worse, the other less important function is over-provisioned. Well, a handy automated self service product would have helped this guy out, you say. Not necessarily. Many of today’s typical automation tools just treat your shared infrastructure as a single pool of resources with little or no control over who can consume them. And don’t confuse manual approvals as part of the provisioning process as solving this problem. In a large environment, it’s too easy to lose track over who can consume which resources.
It’s this daily occurrence that makes the ability to deliver secure multi-tenancy one of, if not the most important aspects of cloud computing. By allowing multiple groups or tenants to share a common physical infrastructure, companies can achieve better resource utilization and improved business agility. By dynamically reallocating resources between groups in order to address shifting workloads, companies can more effectively utilize their limited IT resources.
The challenge is to share in such a way that one group does not have access, or even visibility, to the resources that have been allocated to others. Without a secure method of ensuring multi-tenancy, a cloud computing strategy cannot succeed.
Secure multi-tenancy is one of those buzz words thrown about by most cloud automation vendors. Sure, many of them can do it. But to what scale? To what level of control and capacity? Before selecting a vendor make sure their capabilities to securely share a common IT infrastructure meet both your current and future needs.
Multiple Grouping Levels
Make sure that your cloud management tool has enough levels of grouping to support both your organizational constructs as well as the levels of service tiers that you want to provide for those businesses moving ahead.
For Example: You don’t have to be a large company with multiple divisions, each having many departments to need multiple levels of grouping. Maybe your company is not that big, but you want to separate desktop operations from server operations from development and test. In addition you may also want to sub-divide resources allocated to a group into several service tiers (i.e. Tier 1, Tier 2, and Tier 3). Most companies will need a minimum of 2-3 levels of resource grouping.
Think Strategically Act Tactically
Most companies start their private cloud deployments with a single group or in a lab. This is certainly a viable strategy to get experience with new technologies and processes before expanding deployment to multiple groups. The mistake many companies make is selecting their cloud automation platform to only support the requirements of that control group. One of our customers has been so successful with their initial deployment that they not only expanded it to other groups within that company, but are in the process of expanding it to other divisions, creating a community cloud across multiple business of this large multi-national company. And the process is going smoothly for them because they knew to anticipate future needs to maximize their technology investment.
As you look to implement a cloud infrastructure remember the story of our well mannered IT administrator and remember, it can happen in the cloud too. The trick is to know how to avoid it.
Go in knowing these things about your business:
- What do we need now?
- What will we need in the future?
- Can the tech support the transition in scale?
- What kind of provisions are made to protect allocated resources in shared pools?
- Ask and ask again, will it scale?
Now onto governance control – who can have what and how much. It can be easier and more effective than you think. Stay tuned!
In the meantime tell us how you maintain secure multi-tenancy. How do you do it?