The allure of cost efficiency, customization, and scalability has incentivized IT teams to look into private cloud solutions. Having your own cloud enables a company to experience great flexibility and sharing of resources. In addition, the private cloud enables software as a service (SaaS) or infrastructure as a service (IaaS) solutions.
Despite these perceived benefits, the customization aspects of building a private cloud raise concerns that IT teams need to address. These concerns revolve around meeting compliance needs for all departments and services that use the private cloud—and it is here that problematic technicalities might arise.
Multi-tenancy: different users need different compliance
Unless your private cloud is specifically dedicated to one set of users with singular compliance needs, your cloud infrastructure will need to respond to various types of workloads.
For example, suppose that one tenant on your private cloud requires compliance with Payment Card Industry (PCI) standards for processing credit cards. The infrastructure must be able to process those jobs and apply PCI standards to those jobs only. At the same time, other jobs from tenants without PCI concerns need to be operated without such requirements.
The easiest answer is to have only one tenant. Another is to serve only one set of compliance needs for all tenants. In reality, though, either scenario is rarely the case. If you need a private cloud, you likely have internal users or external clients who need various compliance standards.
Could you then place the tenant with special requirements on infrastructure that has been set up for those rules? If so, then you could assign the other tenants to other segments of the infrastructure. Perhaps that is an answer, but the cloud automation system must know when and why to schedule the workloads differently. There must be a way to assign trusted or not trusted (i.e., not pre-approved) status to each tenant’s workloads.
Technologies for trust verification
Through the attestation process, businesses can experience a configuration support system at the hardware level. Intel’s TXT, for example, provides verification from boot and up, confirming a trusted status to the cloud software. When a server with the relevant configuration boots, the cloud will “know” that all jobs coming from that server should be placed on the appropriate part of the cloud and that other workloads need a different segment of the cloud.
Intel has made this open-source technology part of the OpenStack project. Through OpenStack, IT teams can utilize the abilities of TXT with support for hypervisors. IBM and other leaders of IT technologies use OpenStack software in conjunction with smart scheduling to efficiently place trusted workloads on cloud servers that are designed for a variety of compliance needs. Smaller organizations can use these same tools for highly customized requirements.