Amazon VPC pees in pool, not just on fire hydrant

150 150 CloudPulse Strategies

“We interrupt your regularly scheduled arguments about the legitimacy of private clouds to legitimize private cloud.”

Last night Amazon announced its new Virtual Private Cloud offering, which makes it easier for enterprises to connect EC2-provided resources with intra-enterprise resources.

This announcement comes right in the midst of a flare up in the ongoing discussion about the role and reality of private clouds; what I characterized as the battle between the “cloud purists and pragmatists” at the CloudWorld keynote panel the other day.

For those advocating for private clouds on behalf of enterprise users, the announcement lent an element of legitimacy to the cause. By acknowledging that the transition to public cloud is challenging and won’t happen over night, that some applications will never move to the public cloud, and that enterprise IT executives are demanding private cloud solutions, Amazon CTO Werner Vogels tossed the private cloud crowd a fat pitch in his blog post announcing the service. Chris Hoff (@beaker) jumped on this opening with his post “Calling All Private Cloud Haters: Amazon Just Peed On Your Fire Hydrant…“.

Yet, there’s more than just legitimizing happening here. With this announcement, Amazon is attempting, intentionally or not, to co-opt the notion of private clouds by adopting confusing and misleading terminology. In effect, they are peeing in the pool, not just on fire hydrants.

What is a virtual private cloud?

Common use of the term “virtual private cloud” refers to a private cloud that is somehow virtual or abstracted from the end-user — in other words, a hosted private cloud. This traditional virtual private cloud offers the full privacy of a private cloud, but pushes hardware ownership to someone else. It offers the full benefit of cloud, such as elasticity, metering, etc., and is backed by the cloud provider’s infinite access to hardware (wink wink). Virtual private cloud presumably comes at a steeper price, because the cloud provider can’t oversubscribe the servers that your VMs are running on to a bunch of other customers. But it’s still legitimately cloud computing. (To the end-user, the multitenancy of the cloud isn’t a feature, it’s a compromise.)

Here is how real “virtual private cloud” relates to other types of cloud:

Cloud Ownership vs Isolation(Diving deep into this quadrant is a topic for a future post.)

Amazon VPC is not virtual private cloud

Amazon VPC is being billed as a way to let “you create your own logically isolated set of Amazon EC2 instances and connect it to your existing network.” No detail is provided about any “isolation” beyond the network configuration, i.e. its private IP addressing and VPN connectivity. We can only assume that VPC instances are co-located on public resources, shared with other EC2 or VPC users. Thus Amazon VPC is not “virtual (private cloud)” but rather “(virtually private) cloud.”

Don’t get me wrong, these are great new features for EC2, they advance the state of cloud computing as a whole, and they definitely do make EC2 easier to adopt by the enterprise. But this new offering doesn’t fundamentally address many of the security, control and compliance concerns held by the enterprise. By claiming “isolation” and naming the service VPC, the offering at best contributes to industry confusion around private clouds. At worst it may be outright misleading.


Leave a Reply

Your email address will not be published.