Virtual Private Cloud is not the Private Cloud

More than 40 years ago, a guy named Douglas Parkhill described the concept of utility computing. He described it as containing features such as:

  • Essentially simultaneous use of the system by many remote users.
  • Concurrent running of different multiple programs.
  • Availability of at least the same range of facilities and capabilities at the remote stations as the user would expect if he where the sole operator of a private computer.
  • A system of charging based upon a flat service charge and a variable charge based on usage.
  • Capacity for indefinite growth, so that as the customer load increases, the system can expanded without limit by various means.

Fast forward 40 years, and we now name pretty much this same concept as Cloud Computing, and everyone is very excited about the possibilities that exist within this new world. Different companies are pushing this idea in different ways. One of the pioneers in that area is of course Amazon, which managed to create a quite good public cloud offering through their Amazon Web Services product.

This kind of publicly consumable infrastructure is very interesting, because it allows people to do exactly what Douglas Parkhill described 40 years ago, so individuals and organizations can rent computing resources with minimum initial investment, and pay for as much as they need, no more no less.

This is all good, but one of the details is that not every organization can afford to send data or computations to a public cloud like Amazon’s AWS. There are many potential reasons for this, from legal regulations to volume cost. Out of these issues the term Private Cloud was coined. It basically represents exactly the same ideas that Douglas Parkhill described, but rather than using third party infrastructure, some organizations opt to use the same kind of technology, such as the Eucalyptus project deployed in a private infrastructure, so that the teams within the organization can still benefit from the mentioned features.

So we have the Public Cloud and the Private Cloud. Now, what would a Virtual Private Cloud be?

Well, it turns out that this is just a marketing term, purposefully coined to blur the line between a Private and a Public cloud .

The term was used in the announcement Amazon has made yesterday:

Amazon VPC enables enterprises to connect their existing infrastructure to a set of isolated AWS compute resources via a Virtual Private Network (VPN) connection, (…)

So, what is interesting about this is that this is actually not a Private Cloud, because the resources on the other side of the VPN are actually public infrastructure, and as such it doesn’t solve any of the problems which private clouds were created for solving in the first place.

Not only that, but it creates the false impression that organizations would have their own isolated resources. What isolated resources? A physical computer? Storage? Network? Of course, isolating these is not economically viable if you are charging 10 cents an hour per computer instance:

Each month, you pay for VPN Connection-hours and the amount of data transferred via the VPN connections. VPCs, subnets, VPN gateways, customer gateways, and data transferred between subnets within the same VPC are free. Charges for other AWS services, including Amazon EC2, are billed separately at published standard rates.

That doesn’t quite fit together, does it?

To complete the plot, Werner Vogels runs to his blog and screams out loud “Private Cloud is not the Cloud”, while announcing the Virtual Private Cloud which is actually a VPN to his Public Cloud, with infrastructure shared with the world.

Sure. What can I say? Well, maybe that Virtual Private Cloud is not the Private Cloud.

4 thoughts on “Virtual Private Cloud is not the Private Cloud

  1. John Veritas

    What makes you think that the VPC instances are part of the public cloud? Just because you don’t know how to make the isolation economically viable doesn’t mean that Amazon doesn’t.

    Is your analysis based on actual interaction and testing with the service? Or are you just making stuff up?

  2. Gustavo Niemeyer Post author


    Have you really read the post above? The virtual machines on VPC are running on Amazon’s infrastructure, not yours. That’s the distinction between a public and a private cloud.

    About making stuff up, no, not at all. I’m stating that the system uses shared network, storage, and physical machines, which it must do for it to work as it does. Or do you think some kind of trained monkey will run with your private hardware and install it on your VPC once you issue an API call, and then burn the hardware once you terminate your instance? Or maybe that Amazon will reserve a section of its infrastructure just for you in case you decide to pay 10 cents per hour some day to use it.

    This is really a VPN to their public cloud, which is awesome, don’t get me wrong. It’s a nice complement to what they already offer. They are just overselling this as something it’s not.

  3. Ricky

    You are absolutely correct. Amazon’s VPC provides an easy connection between your data center with the EC2 instance running in the cloud to make them looks like a private network… purely from a networking standpoint but not from a physical boundary standpoint, which most people are thinking about when they are talking about private cloud.

    In other words, unlike a private cloud where your application is running on the hardware you own, in Amazon’s private virtual cloud, your application is running in the hardware and hypervisor you don’t own, and hence your trust to Amazon is needed. Of course, I don’t mean the hypervisor vendor that you are running your private data center should gain more trust than Amazon.

    Amazon’s VPC, however, provides you much more elasticity than a real private cloud. In addition, the EC2 instance no longer have a public IP, which seems to provides some bits of isolation.

    So although Amazon’s VPC is not pure a private cloud, it can be an alternative of the private cloud if the goal is to look for more secure placement of your sensitive apps and data.


  4. Gustavo Niemeyer Post author


    Just note that what you are really saying is that the public cloud is an alternative to the private cloud, which is certainly correct, with its pros and cons.

    This has nothing to do with more secure placement of your sensitive data, though. The data placement is as secure as it will be if you transfer it over any other secure means to Amazon’s public cloud.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>