Thursday, August 5, 2010

A Flat to Let – the Challenge of Selecting Neighbors

This week I would like to begin with a fable, based on an Eastern European folk tale translated to several other languages. Bear with me as I’m positive you’ll get (and like?) the metaphor!

"At the edge of a valley so quiet and pretty, stands a five-story building far away from the city,"

It begins, and describes the animal tenants on each floor: a fat hen, a cuckoo, a pampered black cat, a voracious squirrel. The fifth floor used to be inhabited by Mr. Mouse, but he disappears, and the neighbors put up a sign: "A Flat to Let." The flat is shown to many animals. Each follows the same cycle of sing-song questions and exclamations. But each visitor objects to one of the other animals, and rejects the flat.


“Do you like the rooms?
          They are nice.

Do you like the kitchen?
          It is nice.

Do you like the hallway?
          It is nice.

Then dwell with us, Rabbit.
          No, I won’t!

Why?
I don’t like the neighbors. How can I, a mother of twenty bunnies, dwell together with a cuckoo, which deserts her children? Her children grow up in weird nests. All of them deserted, all of them neglected. What would my children learn from them?

The cuckoo bird was hurt. And the rabbit went on her way.”

Finding the right neighbors is tough, you don’t want end up with someone that will mow the lawn too early in the morning, drag his trash bins too late in the evening, nor have loud parties every other day. But how can you control it?

Representing Cyber-Ark, I participated in Burton Catalyst 2010 conference last week. During the virtualization and cloud tracks, the inhibitors to public clouds topic was discussed. As expected security is still #1 concern, where multi-tenancy is a big part of it.

Translating it to “fable language” - organizations are very concerned about their neighbors (with whom they share infrastructure), and want to take part in the neighbors selection process. Everyone is using the example of Coke, claiming they will never agree to share infrastructure with Pepsi. Frankly, I believe they should be more concerned if Johnnie Hacker was their neighbor, but that’s just me…

Some history - once upon a time infrastructure was private, no neighbors at all. Parents only had to deal with room allocations to family members (I want a bigger one, a better view, close to the kitchen, isolated, etc.).

Fast forward, then there was the Cloud where infrastructure has become a shared resource for all citizens of the world, with no ability for tenants to impact the neighbors selection process.

As potential tenants grew concerned with automatic allocation of neighbors, cloud vendors quickly responded offering a dedicated infrastructure option. This is obviously more expensive, to the point that the risk vs. benefit ratio is not as appealing anymore. Organizations preferred building private clouds, gaining partial capabilities of the “cloud movement”, while compromising on others.

I believe we will witness evolution of new cloud computing models/offering in addition to public and dedicated, addressing the neighbors challenge.

A few potential directions which come to mind:

1. Co-location based on reputation - think about your car insurance policy, coverage as well as cost depends on your reputation (previous claims, driving record, etc.). Credit score is another reputation mechanism with direct impact on services you receive. An organization’s reputation (such as controls in place, attack record, load) will be used to determine their co-location. Companies with good reputation will be granted better service, lower cost and above all – reputable neighbors!

2. Cloud communities – in the physical world we see communities forming around joint interests or trust. Similarly “cloud communities” with shared interests (such as regulations) or trust (community members trust each other) will be created. They will run their systems on shared infrastructures dedicated for the community. I foresee an eco-system of brokerage services helping forming these communities, and negotiating terms with cloud service providers on behalf of the community.

3. The Cloud Randomizer – this started as a joke, but think about it. The cloud’s underlying technology is mainly virtualization; virtualization enables moving environments around with no down time. How about frequently moving organization’s systems around in a randomize way, reducing the likelihood of attacks (at least planned ones)?

What do you think? Am I dreaming? Should I stick to folk tales?

No comments:

Post a Comment