Lydia Leong

A member of the Gartner Blog Network

Lydia Leong
Research VP
11 years at Gartner
19 years IT industry

Lydia Leong is a research vice president in the Technology and Service Providers group at Gartner. Her primary research focus is cloud computing, together with Internet infrastructure services, such as Web hosting, content delivery networks…Read Full Bio

Coverage Areas:

Beware misleading marketing of “private clouds”

by Lydia Leong  |  December 9, 2011  |  3 Comments

Many cloud IaaS providers have been struggling to articulate their differentiation for a while now, and many of them labor under the delusion that “not being Amazon” is differentiating. But it also tends to lead them into misleading marketing, especially when it comes to trying to label their multi-tenant cloud IaaS “private cloud IaaS”, to distinguish it from Those Scary And Dangerous Public Cloud Guys. (And now that we have over four dozen newly-minted vCloud Powered providers in the early market-entrance stage, the noise is only going to get worse, as these providers thrash about trying to differentiate.)

Even providers who are clear in their marketing material that the offering is a public, multi-tenant cloud IaaS, sometimes have salespeople who pitch the offering as private cloud. We also find that customers are sometimes under the illusion that they’ve bought a private cloud, even when they haven’t.

I’ve seen three common variants of provider rationalization for why they are misleadingly labeling a multi-tenant cloud IaaS as “private cloud”:

We use a shared resource pool model. These providers claim that because customers buy by the resource pool allocation (for instance, “100 vCPUs and 200 GB of RAM”) and can carve that capacity up into VMs as they choose, that capacity is therefore “private”, even though the infrastructure is fully multi-tenant. However, there is always still contention for these resources (even if neither the provider nor the customer deliberately oversubscribes capacity), as well as any other shared elements, like storage and networking. It also doesn’t alter any of the risks of multi-tenancy. In short, a shared resource pool, versus a pay-by-the-VM model, is largely just a matter of the billing scheme and management convenience, possibly including the nice feature of allowing the customer to voluntarily self-oversubscribe his purchased resources. It’s certainly not private. (This is probably the situation that customers most commonly confuse as “private”, even after long experience with the service — a non-trivial number of them think the shared resource pool is physically carved off for them.)

Our customers don’t connect to us over the Internet. These providers claim that private networking makes them a private cloud. But in fact, nearly all cloud IaaS providers offer multiple networking options other than plain old Internet, ranging from IPsec VPN over the Internet to a variety of private connectivity options from the carrier of your choice (MPLS, Ethernet, etc.). This has been true for years, now, as I noted when I wrote about Amazon’s introduction of VPC back in 2009. Even Amazon essentially offers private connectivity these days, since you can use Amazon Direct Connect to get a cross-connect at select Equinix data centers, and from there, buy any connectivity that you wish.

We don’t allow everyone to use our cloud, so we’re not really “public”. These providers claim to have a “private cloud” because they vet their customers and only allow “real businesses”, however they define that. (The ones who exclude net-native companies as not being “real businesses” make me cringe.) They claim that a “public cloud” would allow anyone to sign up, and it would be an uncontrolled environment. This is hogwash. It can also lead to a false sense of complacency, as I’ve written before — the assumption that their customers are good guys means that they might not adequately defend against customer compromises or customer employees who go rogue.

The NIST definition of private cloud is clear: “Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.” In other words, NIST defines private cloud as single-tenant.

Given the widespread use of NIST cloud definitions, and the reasonable expectation that customers have that a provider’s terminology for its offering will conform to those definitions, calling a multi-tenant offering “private cloud” is misleading at best. And at some point in time, the provider is going to have to fess up to the customer.

I do fully acknowledge that by claiming private cloud, a provider will get customers into the buying cycle that they wouldn’t have gotten if they admitted multi-tenancy. Bait-and-switch is unpleasant, though, and given that trust is a key component of provider relationships as businesses move into the cloud, customers should use providers that are clear and up-front about their architecture, so that they can make an accurate risk assessment.

3 Comments »

Category: Infrastructure     Tags: , ,

3 responses so far ↓

  • 1 IT News and Views – the Friday Collection « Domain Technologies Blog   December 9, 2011 at 11:11 am

    [...] Beware misleading marketing of “private clouds” Interesting Gartner blog which, horrifyingly, implies that some of the marketing surrounding the Cloud might be a bit iffy. The author identifies 3 porkies told by those trying to get us to float into the Cloud. Read the entry, here. [...]

  • 2 Neil MacDonald   December 9, 2011 at 1:14 pm

    re: “NIST defines private cloud as single-tenant” –

    Everything is multi-tenant at some level. If not network and compute, what about storage? if not storage, what about power? cooling? physical site?

    The real question is how much multitenancy is acceptable to the organization and at what level – which implies and understanding of the risks at each level of multi-tenancy and a discussion of how much risk is acceptable.

    Neil

  • 3 Lydia Leong   December 9, 2011 at 5:38 pm

    Generally, the sensitive point is the multi-tenant compute, and in many cases, the multi-tenant storage. Customers tend to want to explicitly understand what isolation mechanisms / defenses are embedded in te network. The physical facility is expected to be shared.

    I think service providers owe it to their customers to be clear what is shared and what isn’t, so that customers can, as you say, make an intelligent decision about risk.