Friday, April 1, 2011

Amazon EC2 Dedicated Instances and Cloud Definition

March 28 Amazon Web Services Blog announced:

Amazon VPC catered to the need of customers who wanted more network isolation than is provided by "classic EC2."  Some of the Amazon VPC customer wanted to go even further. They have asked for hardware isolation so that they can be sure that no other company is running on the same physical host. On March 28, Amazon launched dedicated instances within Amazon Virtual Private Cloud (Amazon VPC). Setting the tenancy of a VPC to "dedicated" when the VPC is created will ensure that all instances launched in the VPC will run on single-tenant hardware.

Just after reading this news, I was of the view that the above simply translates to:  Multi-Tenancy is no longer an essential attribute of cloud computing for Amazon, the pioneer cloud company. I thought this was in contrast to both the NIST and Gartner's cloud definition.  But there is more to it than I originally thought. I posed the following question to a few of the cloud/technology experts:

Though the Amazon EC2 Dedicated Instance change is driven by customers request,  is it an evolution or a step backward for the cloud computing?

[Order – FRFP (First received first published) basis]

Kishore-Impel-CRM

Narasimhan (Kishore) Mandyam - CEO of PK4, a company that delivers a SaaS Impel CRM for India. 

Narasimhan (Kishore) Mandyam's Interview

Basant, thank you for reaching out to me about this issue. I want to point out, though, that the "tenancy" that Amazon talks of here has nothing to do with the multi-tenancy that SaaS vendors talk of. VPC Tenancy is about Virtual Private Clouds, where as multi-tenancy is about software applications.

Let me describe this in terms of the various layers that go to make Amazon's EC2 - or any other such offering (the layer numbering below is my own and not any "standard"):

Lowest layer or Layer 1 - the physical hardware that runs all this stuff. This is the standard set of servers sitting in some server-farm somewhere out there. Amazon has five such physical locations - West Cost US, East Cost US, Ireland, Singapore and Japan.

Layer 2 - the host operating system that runs on the hardware. In the traditional virtualization models, this is Linux or Windows, as the "host OS". In the "hypervisor" model, there IS no such OS - the hypervisor itself runs on the hardware directly. In Amazon's case, this is an Open Source solution called Xen.

Layer 2A - the virtualization software that runs guest OSs. In the traditional model, this is something like VMWare, running on the host OS. In the hypervisor model, both layers 2 and 2A are in the hypervisor software - in this case, Xen.

Layer 3 - the guest operating systems that apps will run on. This is typically Windows or Linux, depending on the software developer's choices. In our case, it is Linux.

Layer 4 - the software app that users will access. This is where multi-tenancy comes in - all the debate about whether multi-tenancy matters is about the software architecture at this layer.

A Virtual Private Cloud is a set of servers at Layer 3, all accessible only within a specific Virtual Private Network that people not logged into that VPN cannot access. The VPC Tenancy mechanism gives Amazon customers the ability to say that each Layer 3 OS that they access sits on a separate Layer 1 server. That makes no difference to software at Layer 4 - we still need to deal with multi-tenancy, if so needed. It is another matter that apps sitting inside a VPN probably do not NEED to have multi-tenancy since, by definition, a VPN is constrained to users within one specific organization and multi-tenancy is all about multiple users from multiple organizations accessing the same Layer 4 software.


Kalpak-Shah-CEO-Clogeny

Kalpak Shah is Founder & CEO of Clogeny Technologies Pvt. Ltd. and guides the overall strategic direction of the company.

Clogeny is focused on providing services and consultancy in the cloud computing and storage domains.

Dedicated instances from Amazon is an excellent step towards attracting enterprises who have security concerns. This does not mean that multi-tenancy in the cloud is reduced. Customers are free to use dedicated and normal instances together as per their needs. Amazon is innovating at a great pace and providing what customers are asking for - that is how cloud "definition" is evolving. Also note that the same hardware may be used for multi-tenant instances after a user has deleted his dedicated instance from it.


Jamal-Mazhar-CEO-Kaavo

Jamal Mazhar is Founder and CEO of Kaavo. He possesses 15+ years of experience in technology, engineering and consulting with a range of Fortune 500 companies including GE and ING.
Jamal Mazhar’s Interview

For the cloud computing services two critical things are elasticity and on-demand delivery.   Arguments about multi-tenancy are often simplified, unless you are running one application on one physical server and no network connectivity, every application shares some resources (network, compute, storage) with other applications.

Editor’s Note: Jamal says that the key attributes he identified in his response to a previous article Is MultiTenancy an Essential Attribute of Cloud Computing - were elasticity and on-demand delivery not multi-tenancy.  Amazon’s new offering is basically to address some of the security concerns of its customers and so this does not change Jamal’s response to the query. To read his complete views visit:


Alok-Misra-Navatar-Group

Alok Misra is Cofounder & Principal at Navatar Group, a global Cloud service provider.

Alok is also the co-author of the recently released cloud computing book, "Thinking of ... Force.com as your key to the Cloud Kingdom." Navatar is a longtime partner and one of the top resellers of Salesforce.com.

It doesn’t change anything about multi-tenancy or cloud computing. It’s just a special case situation. Some customers have special needs and Amazon doesn’t want to turn them away. The customers of this service may not get the benefits of cloud computing. It’s a bit like decaffeinated coffee – you can get a taste similar to coffee but you won’t get the caffeine kick. 

Ezhil-Arasan-Babaraj

Ezhilarasan Babaraj is Director of CSS Corp Labs.

Ezhilarasan has been involved in cloud computing for about 2+ years and has led several projects in Amazon Web Services Platform.

Ezhilarasan Babaraj Interview

The Dedicated hardware in VPC of AWS offering is an evolution. The reason is Cloud Computing provides IT related resources such as computing, storage, networking and its related security as a service. Whether it is shared or dedicated is a healthy choice for the customer. More over, the factor of automation is the key and it is achieved in all the services brought by AWS.

Cloud Computing Articles & Discussions:

3 comments:

  1. Strikes us as a tick box excerise to tick the "security" box. In reality this is only isolation at the hypervisor level so things like EBS (Storage) are not dedicated and therefore the numbers of risks actually closed through isolation of the hypervisor is minimal.

    ReplyDelete
  2. Learned a lot from reading this. Thank you for posting it.
    us vpn

    ReplyDelete
  3. Amazon's EC2 has been there for years now. I know some popular websites that are hosted on their cloud computing. Thanks for sharing this informative post.

    ReplyDelete