Top 5 Questions Asked by CloudSwitch Customers

New CloudSwitch customers and prospects are coming up to speed every week and there are a number of questions that show up frequently enough that I thought it would be helpful to cover them in a blog. When we work with customers, our goal is to make their experience getting started in the cloud fast and easy, and to make sure they feel comfortable with the ongoing simplicity and security of the CloudSwitch model.

Here are their top 5 questions:

1. How do I move applications to the cloud?

CloudSwitch literally makes moving an application to the cloud a simple drag-and-drop operation. A virtual machine (or group of VMs) is selected from a VM location (vCenter,ESX machine, or CIFS share) in the CloudSwitch user interface, the target public cloud region/zone/location is selected, and the machine is moved over a secure tunnel to the cloud.  Storage for the virtual machine in the cloud is automatically allocated and encrypted, and keys are kept under the customer’s control.

Virtual machines that are moved to the cloud retain their MAC and IP addresses, since the CloudSwitch appliance acts as a layer-2 bridge allowing these machines to appear as if they are running in the data center behind your firewall.

2. What applications should I move to the cloud?

A wide variety of apps are good candidates to be moved to the cloud.  As Ellen Rubin blogged about recently, legacy applications are certainly great candidates for offloading from your internal data centers. Web servers and web applications like SharePoint, .NET, J2EE/SOA, Drupal, WordPress, Wikis, corporate intranets, or batch processing applications are all good candidates as well.

When selecting applications for the cloud, you need to be aware of latency between the data center and the cloud. Latency is a function of physical distance between the data center and the cloud region you’ve selected. For instance, a data center on the East Coast in the US should see around 20ms latency between the various public cloud regions on the East Coast.

Select applications and place them in closest proximity to the virtual machines and data center services that are accessed most by these applications. For instance, a web application that utilizes a database heavily may perform best if the web tier and the database are both deployed to the same cloud and region.  A web application that utilizes a database infrequently and caches results may perform well with the database in the data center and the web tier in the cloud.

3. What changes to my network do I have to make to use CloudSwitch?

Minimal. Outbound port 443 to the Internet has to be opened for the CloudSwitch appliance to create a secure encrypted connection to the cloud. This is outbound traffic only, nothing inbound. There are no changes to your network configurations.

The CloudSwitch appliance requires promiscuous mode and forged transmits set to “Allow” on the Virtual Switch or Port Group for the network adapter assigned to CloudSwitch in your virtual environment. For more information, check out this blog article on networking and ESX.

4. Can I get a virtual physical console to my machine in the cloud?

Yes. CloudSwitch provides a virtual console accessible from the CloudSwitch user interface via a browser that allows you to interact with the base system to make network changes or other tasks one might perform at a physical console. Access to this console can be secured to specific users or groups using Role-Based Access Controls (RBAC) in the CloudSwitch user interface.

5. Can I allow traffic from the Internet reach my machines in the cloud directly as opposed to going through my corporate firewall?

Yes, CloudSwitch supplies a cloud firewall that allows you to assign a public IP to a virtual machine and control access to VMs in the cloud from the Internet

Blended Cloud Environments – A Financial Services Use Case

One of the most interesting trends in cloud computing is the emergence of “hybrid” solutions which span environments that were historically isolated from one another.  A traditional data center offers finite capacity in support of business applications, but it is ultimately limited by obvious constraints (physical space, power, cooling, etc.).  Virtualization has extended the runway a bit, effectively increasing density within the data center, however the physical limits remain. Cloud computing opens the door to huge pools of computing capacity worldwide.  This “infinite” capacity is proving tremendously compelling to IT organizations, providing on-demand access to resources to meet short and long-term needs.  The emerging challenge is integration—combining these disparate environments to provide a seamless and secure platform for computing services.  CloudSwitch provides a software solution that allows users to extend a data center environment into the public cloud securely without modification of workloads or network configurations.  I’d like to discuss a specific example of how CloudSwitch delivered a solution which spanned environments in a corporate data center and external cloud.

A large financial services company approached us some time ago with an ambitious plan to leverage cloud computing as a strategic initiative within the organization.  Their goals were to reduce operating costs, improve responsiveness to the various business units, and differentiate themselves within the industry through technological innovation.  Security was a fundamental requirement and a number of risk assessment groups were involved throughout the design and evaluation phases of the engagement.  Finally, this company also wanted to leverage a traditional colo environment from their cloud vendor to provide high-speed access to shared storage while also supporting their traffic monitoring equipment.  After a period of technical diligence, we established a reference architecture which satisfied all internal security requirements while remaining true to the fundamental goal of moving to a dynamic cloud environment. The result was a true realization of the hybrid model.

In the customer’s reference architecture, there are three primary components:

1. Internal data center environment hosting the CloudSwitch Appliance (CSA)
2. Private colo environment hosting the CloudSwitch Instance (CSI) and CloudSwitch Datapath (CSD) as well as shared storage for cloud instances
3. Public cloud environment hosting customer workloads

The CloudSwitch Appliance is deployed into the customer’s data center environment to allow central management of one or more colo environments.  Each of these environments supports an isolated cloud deployment, for example for a particular business unit. CloudSwitch’s virtual switch and bridge components are implemented for high-speed connectivity between cloud servers and shared storage.  Finally, the public cloud environment is used to host actual customer workloads (operating systems).  Network communication and local storage are protected through CloudSwitch’s secure overlay network and transparent disk encryption functionality.

This approach yields several benefits:

• Multiple instances of this dedicated environment can be independently deployed to support different business units
• High-speed access to the enterprise cloud environment is available since the colo environment is physically located in the same facility
• Physical infrastructure can be deployed into the colo environment in support of cloud servers—for example, shared storage devices
• Dedicated firewalls can be deployed and traffic inspection is possible, satisfying the security groups’ requirements