Public cloud vs. private cloud: fight!
Fight? Sounds nasty
Ok, so maybe "Fight!" might be stretching it, but there are definitely some reasonably firm arguments on both sides of the argument - typically voiced most loudly by those with vested interests.
A recent post focused on multi-cloud deployments led to some conversations with clients around public cloud vs. private cloud. I’ll briefly share the main thrust of my own thinking in this blog. I mentioned I was writing this post to a colleague, who (in a typically sarcastic vein) asked if the answer was "both". Well, perhaps surprisingly, no.
What we believe
I alluded above that there’s a lot of bias in these discussions, with both vendors and indeed people trying to protect their jobs confusing the debate. So, cards on the table then: I’m a big proponent of public cloud (for reasons I’ll outline below). I’d go so far as to say if you’re building a new service and you aren’t opting for public cloud as your first choice, you’re making a mistake. That doesn’t just go for infrastructure, that goes for software too. Why would you include anyone in a procurement round who can’t offer a flexible, scalable, cloudy service? For example, here at Cloudy Towers, we’re big users of platforms such as Xero, Recruiterbox and Salesforce.
Having said that, there are circumstances where going (or staying) private makes not just a compelling choice, but it may in fact be your only choice for some workloads.
What is a private cloud, really?
There are plenty of short summaries online, all broadly saying the same thing:
- It’s an infrastructure platform that only a single organisation can access
- It might be within your own data centre, or it might be managed by a third party offsite
I personally feel the need to stress: your old data centre you’ve been using for 10 years is not your "cloud". Be honest, it would fail any recognised definition of what cloud computing really is. However, with a fair amount of effort, it is possible to create private infrastructure which is slick, automated, efficient and cost effective (if you can handle the upfront capex). It can be done, people have achieved it, but (in my opinion) you need to ask yourself "is it worth it if I can simply buy it from someone else?"
Are all clouds the same?
We recently evaluated a UK-based “cloud provider” for a client. They’re a reasonably large business, typical of many who have tried to drag themselves out of the data centre business a bit too late into the 21st century.
Their marketing is pretty slick, I’ll give them that. However, as most of you know, beauty isn’t skin deep….If someone told you they had "best of breed security", would you expect:
- A total lack of multi-factor authentication (which should be mandatory for any service with even a tiny hint of a degree of importance)
- A lack of event logging for compliance - and even better, where the events are logged users can delete them if they want to(!)
- How about having secret keys which are trivially decrypted?
- The above points not enough? Fancy session expiry which is bypassed by refreshing one’s browser?
It went on and on, and our client became more and more depressed. The good news is that we found a solution for them using a "proper" public cloud provider from one of the leaders in this space.
Please do bear this sorry tale mind. Lots of salesfolk will tell you they have a best of breed "cloud". I’m not saying "don’t trust the small guys", but I am saying "do your homework" and make sure you get independent advice if you don’t opt for AWS/Azure/Google/etc.
Ok, my short rant against cloud-washing and trade-descriptions-violating marketing is over, let’s move on.
So, why would you pick "public by default"?
The quick answer to this is: You want scale. You want flexibility. You want agility. You want the best you can get.
Want a bit more background? Read on for a bit more detail on why public cloud is the clear winner.
Scale & Agility
When I think about public cloud, I really only consider the “big boys”: AWS, Azure and Google. Apologies to smaller competing vendors, you do have a place, e.g. Skyscape for UK projects with specific data classification requirements. But let’s be honest, your scale is still pretty niche compared to a player like AWS. Don’t believe me? Read this.
Imagine you have a private cloud. What would you do if you needed 100 servers tomorrow? What about 1000? What if you needed them to span the globe with hundreds on each continent? You simply can’t achieve this with your own network.
Your organisation likely has its own reasonably demanding disaster recovery and HA requirements. How much easier would that be to deliver with an instantly available global platform as linked above?
What if you then needed to shut down all of the aforementioned 1000 servers 3 months later and incur no further cost because the project hadn’t worked out as planned?
Everything in the main public cloud platforms can be automated. Everything. And this is how you should do it. If humans are involved, things will go wrong as they’re immediately not fully repeatable. There’s a mountain of work to try and achieve this level of automation in a private cloud.
Yes, that’s right: security. You cannot compete with the likes of Google, AWS and Azure for recruitment in this space. The security talent they can hire is beyond anything we can dream of (and I like to think we hire some very smart people!). They can bag the best of the best from Stanford, MIT, etc, even some of the guys who founded the Internet.
It’s like that old fashioned analogy of trying to compete with a bank in terms of keeping your money safe. You probably have an idea of how a safe works and where to get one, but that’s about it. You really don’t have the resources to do security properly in this world of cyber-threat that evolves daily.
Linked to the above, I’m going to come out and say you do not have a hope of competing with the major vendors in terms of independent audits. Got your ISO27001 badge? Well done, us too. How about these badges of excellence? These? Thought not.
Can you do this in your private cloud? Be honest, can you really do this? Can you programmatically tag all infrastructure and report on it at an hourly (or even minute by minute level in the case of Google Compute Engine)? When you stop using it, do you really stop paying for it? Can you show your programme management team their exact infrastructure costs for given projects?
At Cloudreach, we’ve recently seen part of a business case for cloud migration to AWS centred around recruitment. The point being made that by using these world-leading technologies, some of the best and brightest can be attracted to work for your company and you’ll also find the skills are more readily available in the marketplace if you pick a class-leading platform.
It’s going to cost you a lot upfront to build it yourself. While there will absolutely be some upfront migration cost (or build cost) with a public cloud, I’d argue it’s lower and more predictable than trying to recreate what the major public vendors have already achieved.Let’s face it, you’re going to have to massively over-provision the infrastructure if you do it yourself - something which goes against the very nature of cloud computing.
Let’s imagine you decide to build your own private cloud. Let’s imagine you get it working. Hurrah, pat yourself on the back. Except one week later, one month later, one year later, you’re further and further away from where the market leaders are. The big boys release new value-adding services at an incredible rate. I’d argue AWS is leading the innovation curve right now (Gartner and Forrester would agree), but Redmond and Mountain View are also churning out new features at quite a rate.
Ok, you probably ‘get it’. I believe in public cloud.
So, why might you still opt for private?
I’ll say it clearly: You will very likely have a use case for private cloud if you have large existing data centres. The top 3 reasons we see, in order of frequency, which make clear sense are:
Existing data centre investments
If you’ve spent a lot on existing data centres and are still near the start of the investment cycle, then it really is going to make sense to try and make best use of it. The latest offerings from CloudStack, OpenStack and VMWare may well be of interest to you. Some very impressive infrastructure delivery processes can be achieved and you can still make your business significantly more agile and cost effective.
Got an old box running Cobol somewhere for a line of business application? It’s not going to be running in the public cloud any time soon without some major effort in application modernisation. At some point you’ll have to take the pain and get on with it, but maybe not right now. Perhaps the application isn’t even that old, but it’s running on an unsupported version of Unix. Either way, it stays put for now.
I don’t just mean that your legal team are scared of cloud, I mean there’s a clear legal blocker which prevents the use of public cloud. We’ve seen clients with (old) contracts specifying they will hold their own clients’ data in data centres they own. This naturally blocks the use of public cloud for those workloads until the contracts can be changed (typically not a swift process).
But that’s it in terms of reasons. Really. Occasionally, the issue of “monolithic” applications which “won’t scale in the cloud” arises. This could be the subject of a somewhat larger blog post, but I don’t agree that pure horizontal scaling is the only merit of cloud computing. From a pure scaling perspective, even swift vertical scaling using cloud technologies is a potential major benefit to legacy applications, let alone the other benefits outlined above.
So who’s won the fight?
Well, perhaps somewhat predictably given my opening statements, I argue that public cloud is the clear undisputed champion - BUT - there are clear scenarios where private does make more sense. So, try to keep an open mind and make the right choice for the right requirement.
As IDC notes here, the maths involved are non-trivial if you’re trying to work this out on a pure like-for-like cost basis. I believe that there’s much more at stake here in terms of organisational benefits which are non-financial, so try not to get too hung up on the financials.