One of the first questions that always comes up is, "Why is SHI going up against Internet powerhouses like Amazon, Google, and Rackspace in developing its own cloud offering?" It's a good question with a simple yet profound answer: The mass-market cloud providers are not answering the needs of business and IT departments for mission-critical-quality Infrastructure as a Service (IaaS). The vast majority of IaaS cloud service providers offer virtual machines for casual users.
There will be a walk-up portal on the Internet, where you can use a credit card to spin up a couple virtual machines that you can use for whatever you want. Those casual machines are predominantly used for development and testing of software, or other applications where an occasional system downtime or performance degradation isn't a big problem. Certainly it's a useful cloud solution, but it only serves the needs of a small part of the business market.
When we started researching the cloud industry two years ago, we didn't start by looking at what was selling and incrementally improving on those offerings or slashing costs to gain a toe-hold. We started by talking to our customers: IT leaders.
They told us they wanted to put production applications into the cloud, but also told us the current cloud offerings weren't ready for that. When we started designing our cloud, we decided to start with a clean slate and a "blue sky" ideal that our cloud needed to support everything our customers couldn't get in existing Infrastructure as a Service offerings. And that meant it had to support production applications. What we ended up with is a second-generation cloud IaaS that can be summarized as a logical extension of our customers' existing IT infrastructure, providing the following attributes required for production applications:
- Industrial grade
It's easy to say that a cloud service is secure, high-performance, or industrial-grade. Any IT leader considering cloud solutions hears vendors claim their offering is secure, reliable, fast, and so on. No vendor could market a cloud without making such claims. It's important to drill into the evidence and see if those claims hold up. Here's what you'll learn when you drill into the SHI Cloud.
How SHI's Cloud is Secure
The first issue we had to address in building a production cloud was security. Anyone who wants to move production applications and data into the cloud is concerned about security. We went after security in two ways: structural security and layered security. That is, we created an architecture that was "born secure" by its very nature. Then we added systems and processes around it to ensure it stayed secure.
Structural security starts when a customer first spins up a virtual machine on our cloud, because that virtual machine is immediately placed on the customer's own network. As part of the on-boarding process of becoming an SHI Cloud client, we create a VLAN extension to the customer's network. It's tied to a specific segment of their network that the customer identified. The customer gives us a range of IP addresses, so that when we spin up a virtual machine, it appears on the customer's network.
Once that virtual machine is established on the customer's network, we no longer have access to it. We can't tell what the customer is doing with it. We can't tell what software they've loaded on it. We have zero access to that virtual machine. Yes, we know it's alive from a management point of view, but in terms of how they're using it, we can't touch it. That alone provides a great degree of structural security.
But there's more. SHI provides for complete encryption of all "data at rest" in the SHI data center. Our customers don't have to be concerned that someone coming in to service a disk drive (for example) might also walk away with a chunk of their proprietary information. Likewise, if a drive is removed for service and lost, the data remains unintelligible to outsiders.
We also decided not to offer a walk-up customer portal. There's no Internet-facing portal that could allow anyone to walk up and enter a credit card or try to hack in. Each customer has his own private portal, which only his authorized admins can access.
Another element of structural security is the availability of SONET access, both from a metro Ethernet and an MPLS point of view. Customers who don't want their traffic to be involved in the Internet in any way, shape, or form can access the SHI Cloud via SONET. For customers who want to move their traffic over the Internet, we provide complete VPN IP/SEC capabilities.
Beyond the structural components of security, there are also layered components. For example, we provide for two types of firewalls: virtual and physical. We provide for complete intrusion protection for all systems. And we provide full transparency into our security -- something you won't find anywhere else (at least, not yet).
We do that by having a third-party security monitoring company watching everything in our infrastructure associated with security. If the company detects an intrusion or other risk, it notifies both the customer and us simultaneously. Our customers will know if there is a security incident at the same time we know. Be sure to ask any cloud service provider you are considering about transparency.
We believe what we have done to make the SHI Cloud secure is unique in the industry. We often do side-by-side comparisons of cloud options for our customers, and to date, we have not found a single vendor offering these capabilities. An IT leader looking at cloud can see the SHI Cloud is more secure, both from the structural components as well as the layered components, when compared to other offerings from major vendors.
How SHI's Cloud Achieves High Performance
The H stands for high performance, and stems both from our use of the state-of-the-art hardware and software, and the way we've connected these components together.
We use no white boxes, no freeware, no open-source software, no shareware, and no unproven code in our data center. Rather, our spec calls for the state-of-the-art in hardware and software products across the board, which provides us a measurable edge in performance and reliability. Simply put, the SHI Cloud uses only the highest-performance products available on the market.
Equally important, the IP fabric and the fiber channel fabric that supports our infrastructure has enormously wide pipes -- so much so that our alpha and beta customers tell us that our virtual machines run faster than virtual machines on their internal infrastructure. The primary reason for that is the enormous bandwidth we provide to support the virtual machines. It's not just what you have. It's how you use it.
In addition to this combination of high-performance equipment and intra-connection, we've made a strategic decision to set a very low over-subscription rate on the server CPUs. As a way of explaining what that means and why it is important, forgive me if I get a little technical.
Our partners at VMware tell us that most people use a 5:1 over-subscription ratio on their CPUs. If you look at the typical blade in a blade server, there are a total of 12 CPU cores on each blade. Each one of those CPU cores has two threads, for a total of 24 threads. In a 1:1 subscription model, each thread would be a virtual CPU. However, in that case each thread would have significant idle time. In an over-subscription model, multiple vitual CPUs are assigned to a single thread. Rather than using the typical 5:1 ratio, we use a very conservative 2:1 ratio. This assures our customers that they will always have the processing power to process their task quickly and efficiently.
Lastly, because our centers are SONET connected, we can provide very high bandwidth to the customer. Not only is the bandwidth inside the SHI data center supersized, but we can deploy up to 48 OC-768 connections on the SONET. As any informed IT guru will tell you, that's an enormous amount of outbound and inbound bandwidth.
How SHI's Cloud is Industrial-Grade
This brings me to the primary point of this post: How we make the SHI Cloud industrial-grade. Along with requiring security and very high performance, customers putting their production applications into the cloud must be sure that the infrastructure they're using is resilient.
The technology in our data centers is completely redundant. There is no single point of failure anywhere in the SHI data centers. Our data centers are also tier-three-plus data centers, with dual grid power, dual UPSes, and dual generators. We even keep seven days of diesel fuel on premises to run the generators.
Our networking connectivity is also redundant. We connect to two entirely separate SONET rings: one to the SONET from the LEC in the region (Verizon, here in the New York metro area) and the other to the dominant cable provider (Lightpath in the New York metro area). Even though it's difficult to take down a SONET ring, we wanted that redundancy in the rare case one should go down.
We also went the extra mile of having redundant network feeds on opposite ends of our building, so that in the event somebody is digging out there with a backhoe and takes out part of our network feed, the network feeds on the other side of the building would be unaffected.
By design, the SHI Cloud gives our customers enormous technology resiliency, physical resiliency, and external network resiliency.
The SHI Cloud: Ready for Your Production Applications
From a competitive standpoint, we know that most people think Google and Amazon S3 when they first consider the cloud. That's OK. Both companies have broken new ground by developing platforms that work for a certain class of non-critical applications, or for application developers who want to build something from scratch.
But Google and Amazon have not designed their clouds to support mission-critical production applications in the way we have. Customers routinely tell us that they have not seen anything like the SHI Cloud from any other vendor. We hear the same thing from our partners and technology providers. They say nobody has an IaaS of this quality in this space. Period.
At the end of the day, I am confident in saying publicly that SHI is the only cloud provider that gives you all the capabilities necessary to run production applications in the cloud.
If you'd like to learn more about what we are doing with our cloud, I invite you to attend my breakout session at VMworld on Mission-Critical Cloud -- Myth or Reality?