Is the Cloud Just So Many Legos?

I was recently looking at LegoTM parts, and I started to consider the myriad of LegosTM and the broad categories they fit within. Then I had a thought. Is the cloud just so many LegosTM? SaaS, PaaS, IaaS, and DaaS are various categories of clouds. We could call them the fundamental building blocks or bricks of the cloud, and we could think of moving to the cloud as the assembly of those bricks into something usable. Or so one would think.

Once you get past the broad categories, there are very specific versions of LegosTM. There are roofs, arches, minifigs, bricks, plates, plants, animals, and more. Just like there are myriad specific LegosTM, there are also myriad things you can do in the cloud. These things still fall into categories of DaaS, SaaS, PaaS, and IaaS. However, these myriad solutions are themselves made up of many other bricks, gears, roofs, arches, etc. The cloud has many moving parts.

Building a cloud may start with commodity hardware (bricks) and then add a hypervisor (gears), a bit of networking (arches), and some virtual machines (roofs). Within each of these components are a bunch of specialty components used to build a cloud or pretty much any environment. We can go with commodity hardware when possible, yet there is always some specialization. Let us look at just one component: gears, or in our case, the hypervisor.

LegoTM has dozens of varieties of gears. There are only five types of hypervisors (perhaps six, when you consider Bromium). Those LegoTM gears can work together: the parts are interchangeable, and with a little bit of effort, moving a gear from one part of your creation to another is straightforward. However, moving from one hypervisor to another is non-trivial and not “just so many LegosTM” allowing you to stack as many bricks on each other as you want. When you need to disassemble Lego bricks, sometimes you need specialized tools, as fingernails don’t always do the trick. And you want tools that don’t damage the bricks, such as a very thin screwdriver. A similar situation applies to the cloud.

Migration Tools

Migration tools are now available to move workloads between clouds, and between the cloud and your data center. Notable vendors include HotLink, Cloudtools, and CloudVelox. These tools are often part of data-protection products, such as those from Veeam and Zerto. Also available are specialty tools that only work within one type of cloud, such as the VMware vCloud Connector.

The future of the hypervisor is to be agnostic. To achieve this, we need a set of tools to migrate workloads. The ideal tool will be easy to use. It will offer multiple cloud connectivity as well as data protection and data migration support, and it will integrate into existing systems. People are not willing to change how they work unless the new way is easier and intuitive.

These tools will treat clouds and data centers as nothing but bricks that other bricks are stacked on, building upon one another regardless of the type of hypervisor (or color of the brick). It should make no difference. We will not realize the hybrid cloud or software-defined data center until this happens.

Security Tools

We also need a new breed of security tools, ones that treat the underlying bits as nothing more than LegosTM. Illumio and CloudPassage are good examples. They ultimately control the firewalls sitting within the VMs. They can also discover applications and aid in automation. We have been saying that you need to move security closer to the application for years. Illumio discovers an application, then allows you to secure that application by controlling the firewalls and who can talk to whom. Whitelisting has always worked better than blacklisting, and this is the approach that Illumio takes. You can hear more about Illumio on the 1/15/15 Virtualization Security Podcast.

The real winners with regard to security tools are those that help people move from a “system-centric” mindset to an “application-centric” mindset. We can no longer protect the app by using edge devices but must protect the data closer to the application, within the virtual machines or containers themselves. This means we’ll be managing the security of thousands of systems instead of just two firewalls. This is what we have been trying to do with AntiVirus, and we all know that has failed.

Security tools need to move from singletons to scale in the thousands, and to move to cases where we don’t control the network or even the hosts our workloads are running on. This changes how we think about security, where we place our trust, and ultimately, the policies we implement.

Last Thoughts

Are clouds just so many LegosTM? Not really. While some of the bricks in place make them appear to be LegosTM, there is an interoperability issue. One LegoTM can connect to any other LegoTM and work. One cloud cannot connect to any other cloud and work; this is due not to the cloud itself, but to the underlying technology in use. We need to get our clouds to be just like so many LegosTM. New tools are helping us reach this goal. Unlike with LegosTM, at the moment, nothing is easy to use—nothing is click-and-continue. How quickly this could change depends on the size of the data and the types of workloads in use.

Posted in SDDC & Hybrid Cloud, SecurityTagged , , ,