तस्मादेवं विदित्वैनं नानुशोचितुमर्हसि ||
Bhagavat Gita 2:25
It is spoken that the soul is invisible, inconceivable and unchangeable. When this is so, one should not grieve for the body.
Public Cloud - Sharing and Data Protection
Dec 23, 2010
In the previous post, we saw the challenges associated with public cloud computing infrastructure. How are some of those challenges addressed? Let us first take the most serious issue of protecting the business data from the eyes of competition while trying to share the computing applications.
In real life, some of us live in apartment complexes. The management of such apartment complexes construct almost similar looking stacked living spaces (apartment) in the same premise. Facilities are replicated in each apartment so that each is a self contained unit. Even if seperated by thin walls and roofs, these apartments provide some sense of privacy. We do have to put up with shared corridors and the occasional kid jumping up and down on the roof above us. We need to share some risks like the risk of fire with others.
In computing, just like in the case of an apartment complex, a public cloud operator can create several computers with common access paths inside a larger computer. This is accomplished using a technology called virtualization.
Computers inside a computer? Little confusing isn't it? The replicated computers are realized in software or in other words soft computers. This is a key benefit of the virtualization technology. Just like we identify our apartment by our unique apartment number, our instance of soft computer can be identified by a unique user name or ID assigned to us. The moment we have a separate computer to ourself, our desired application can be replicated on to that computer and we can send our data to that specific computer for processing. This approach is called multi-instance approach. Multiple individual (soft) computers with replicated copies of the required business applications deliver a level of data privacy and security that is close (remember that the access paths are common in multi-instance) to running them on a private computer.
Let us look at another model of sharing.
Let us now think of a hotel with 100's of rooms. The individual living space is secured by walls. However the rooms don't have a kitchen or a laundromat. The kitchen and laundromat programs are common to all guests and are accessed by in room dining and paid laundry services respectively. The common kitchen gets customized as per each individual order. Unlike in a restaurant, you can eat your food which is made to order for you, in the privacy of your room. No other guest will know what you ordered, how it was customized for you and how much you consumed.
This model of privacy is a little different from the above said multi-instance model where kitchen and laundormat are replicated in each living space. It is obviously cheaper to rent an hotel room and is available in convenient daily rentals. Try renting an apartment for a day.
The hotel model of sharing can be realized in software as well. A software application can cater to several users while maintaining virtual Chinese walls between individual data storage. This approach is called multi-tenancy. Applications have to be constructed specially so that they can support multi-tenancy. Therefore they are more expensive to build and operate. In this model one program running on one computer serves multiple customers and strives to maintain data security. The access paths are common here as well. Many of the risks of multi-instance model apply to the multi-tenancy model. It is obviously more difficult to trust this model. However in real life, we entrust our financial transactions to a bank teller who also provides the similar service to other customers as well. We have gotten to trust the teller model of service over time. We will get to trust the public cloud also over time.