Showing results for 
Search instead for 
Did you mean: 
Create Post

The Private cloud

Level 11

In a private cloud model, the control of a secure and unique cloud environment to manage your resources is done by your IT department. The difference with public cloud is that the pool of resources is accessible only by you and therefore it makes management much easier and secure.

So, if you require a dedicated resource, based on performance, control, security, compliance or any other business aspect, the private cloud solution might just be the right solution for you.

More and more organisations are looking for the flexibility and scalability of cloud solutions. But many of these organisations struggle with business and regulatory requirements that keep them from being the right candidate for public or private cloud offerings, they think.

It can be that you work within a highly regulated environment that is not suitable for public cloud, and you don't have the internal resources to set up or administer suitable private cloud infrastructure. On the other hand, it might just be that you have specific industry requirements for performance that aren't yet available in the public cloud.

In those cases it could just be that the private cloud as an alternative to the use of public cloud, is a great opportunity. A private cloud enables the IT department, as well as the applications itself, to access IT resources as they are required, while the datacentre itself is running in the background. All services and resources used in a private cloud are defined in systems that are only accessible to the user and are secured towards external access. The private cloud offers many of the advantages of the public cloud but at the same time it minimises the risks. Opposed to many public clouds, the criteria for performance and availability in a private cloud can be customised, and compliance to these criteria can be monitored to ensure that they are achieved.

As a cloud or enterprise architect a couple of things are very important in the cloud era. You should know your application (stack) and the  way it behaves. By knowing what your application needs, you can determine which parts of the application could be placed where, so private or public. A good way to make sure you know your application is using the DART principle:

Discover          -           Show me what is going on

Alert                -           Tell me when it breaks or is going bad

Remediate      -           Fix the problem

Troubleshoot   -           Find the root cause


If  you run the right tools within your environement, it should be easy to discover what is going on in your environment and where certain bottlenecks are, and how your application is behaving and what the requirements for it are, the step to hybrid is much easier to make, but that is for another post, first I'll dive into public cloud a little further next time.


It is not only about the right tools, but having them configured properly to provide the information for those group that need requested information is where I see many organizations come up short.  The inability to find qualified professionals and funding to afford them leave the organization yoking only 20% of the tool capability to deliver the information as needed. 

You've hit me squarely where I live.  I have little trust for the public cloud--how can I know it's secure when I can't visit the facilities and audit their security?

Yet I'm surrounded by those who want to jump on that bandwagon for the saving they hope it will bring.  Savings in having our own data centers, hardware, heating/cooling/security/electrical generators, etc.

Bearing down hard from above is that desire for keeping up with the Joneses, while also being on the top level of best security, best Fault Tolerance and High Availability, best management and reporting and monitoring, and complying with everything from SOX to PHI to PCI.

A private cloud sounds like the answer, especially since I'm suspicious of Cloud Providers' security and HA--my organization would be responsible for that.  We'd possibly save money by doing security management, monitoring, and reporting ourselves, while still spending money on cloud services for physical plant security, physical environments, HA, etc.

Now the shoe's on the other foot--since I don't know that my local staff would be as up to date with Cloud-based security needs as a Cloud provider might be.

There I sit, the mule between two piles of food, starving because it's remarkably difficult to determine which pile is better without committing to one of them..


If the cloud (OK, let's get rid of that ridiculous term and call it what it is--one or more Application Service Providers or SaaS providers) weren't an option, life would be simple.  We'd KNOW we had to provide our own HA and security compliance instead of relying on someone else, and trusting a stranger to avoid a scandal or massive credit card loss.

Whom outside of your company is trustworthy to secure your clients' data, and how can you prove they're trustworthy?

It's a difficult decision to take, rschroeder​. I'm with you on the "trust no-one" side of things, especially since many of the cloud providers are also advertising houses. You just don't know what internal 'analytics' they're going to run on your data once it's sitting on their tin.

That said, the whole world is moving to 'the cloud'. Unless a fundamental flaw is found in the way these are being run, it's going to be the way forward, because economy of scale means it'll be cheaper for most businesses to pay someone else to host their internal data.

Personally, I would always prefer to own what my business is run on, and the infrastructure that powers it, but I know that I'd be spending £££'s more doing it this way than I would if I shoved it int he cloud. My running costs would be cheaper if I ran it myself, but the outlay needed to purchase the physical kit in the first place means that it's just so much cheaper for me to go the cloud route, since I don't have racks of kit already.

That's why hosted options (let's face it, it's all just a fancy name for hosted, right?) are so popular. All new start ups will likely use them, unless requirements are tiny. If you need AD/Exchange/SQL/SharePoint and a website, you can get going in hours, rather than paying £1,000's in consultancy fees to have it setup on premise. You'll still be paying those same £1,000's, but not in one lump. You just need to have enough in the bank to pay for the suns that'll start climbing the more uptime your hosted servers have, and the more users you add in.

That's why I doubt I'll go for a cloud based option. You have permanent monthly outgoings just to keep your IT running. I'd prefer to source finance and pay once, depending on the scale of the environment I needed.


I also have to agree with what rschroeder​ and silverbacksays​ mention.  Public cloud pretty much makes me nervous because so many things are taken out of our hands and span of control.  Yes there is a perceived savings.  But in the long run, you don't really know.  If there is a breach because of the vendor not being diligent or responsive to things, who picks up the tab ?  In many ways, I think companies are going that way because it takes some load off of the internal shop...maybe. 

In my opinion, cloud based services are not a tangible solution.  They may seem to work for awhile, but if there are issues, it can be challenging to determine where the issue lies. 

Private cloud seems to be a better solution to me as well...

Level 12

Good article.  I think it helps to promote understanding of just what "private cloud" means.  Pardon the (only partially intentional) pun, but the term cloud is often somewhat nebulous.  In general, the better we define things, the less scary they seem to be.  Loosely defined cloud infrastructure, be it public, private, or otherwise, doesn't lend itself to acceptance in a lot of case because it can be difficult to define just what cloud means.  Before we can go to the table and say we want a private cloud, we have to be prepared to define the term in a meaningful way.


Yes that too...I think everyone has a different view of what it is or should be.

Level 20

We'll most likely always have a private cloud.  Rules really don't allow anything else exactly yet although they say they'll have some approved public clouds for some workloads... I don't see it happening anytime soon.  Orion and it's modules do a good job and showing the entire picture of the health of the private cloud... ever since NPM started speaking the VMware API things have gotten better and better.

Level 12

There are some very scary and relevant points made here.

Like silverbacksays said, "You just don't know what internal 'analytics' they're going to run on your data once it's sitting on their tin." This is very scary and you have no control over your data once its on their systems. They can do what ever they want with it. You can do things with contracts, but when it comes down to it how do you know they are following the rules put in place in the contract?

Like rschroeder said "Whom outside of your company is trustworthy to secure your clients' data, and how can you prove they're trustworthy?" If there is a data breach, will they actually report it to you, or just hope you don't find out about it. What even constitutes a "data breach" anyway? Yeah there are obvious things like someone did a data dump to a usb or external hard drive and walked off with it, lost laptop, stuff like that. But what about an analyst pc getting infected with spyware/ransomeware? If the system was infected did the infection have access to local and network files, did it do a data dump to the outside, is that person saving data to the local machine to make it easier to work with then uploading final back to the network stores? There is a huge grey line, so what do they report to you and what do they not?

Level 14

Private cloud all the way.  Since I work on a classified DoD network, the choice has been made for me.

Level 13

CourtesyIT​ hit it on the head. There are so many recent graduates of various technology programs, but their ability to apply any of their knowledge is low or non-existent...and after almost 20 years in I.T. this has not changed. I found it when I graduated (about 10% actually new anything practical), and i was left wondering how any of them found jobs...

Level 14

I've seen this as well.  Making the transition from theoretical to practical takes some peolpe more time and hands on.

Level 11

Sorry everybody, I'm  on  a holiday in Switzerlnd and Austria and getting on the interwebs is a bit harder in the mountains I'll go through all of your replies (and give my thoughts) when I'm back in the Dutch mountains!


About the Author
In the IT since 1998 and enjoying every last bit of it. The last few years are mainly focused on virtualization and Storage. VMware VCAP-DCA, VCP 4/5, VSP 4/5, VTSP 4/5, MCSA, MCTS, MCP, CCA and CCNA