The nervousness surrounding physical access is important. Systems can 'accidentally' be rebooted after having malware or logging code injected into them. Port mirrors can be added. All sorts of mischief can be imposed by personnel. We like doing this ourselves, as we have a hacker's instinct for pushing sticks into hornet's nests so as to test new running shoes.
We found that a commonality among privately connected cloud providers was a certification called Statement on Auditing Standards, Type II (a/k/a SAS 70-II) that's a Sarbanes-Oxley-era AICPA-sanctioned presentation of an organization's controls and procedures, which is audited/tested annually.
Such a stamp isn't an approval, rather you have to read the crux of the controls and procedures, then know a bit about the auditing organization's reputation to discern what the SAS70-II stamp means. Inside the SAS70-II documents, there should be a good list of controls and procedures, along with the imprimatur of a respected auditor. While it sounds complex, the process is understandable and the only seal of approval one may find for cloud providers. It's a start.
We covered "retail" in our recent private cloud review, where managed service provider (MSP)-like applications were compared and contrasted.
Cloud management applications, when used or offered for sale by organizations, package virtual appliances, cost-out and charge for resources for appliance or resource deployments, and keep track of who's doing what, where, and to what degree of success (through monitoring). Clouds are all about virtualization packaging, deploying instances through a life cycle on a virtualized platform, and moving instances and their data around.
Developers have available to them, a commonality of approaches that revolve around bundling, secure deployments, storage or inter-instance data flow capabilities, and monitoring of executed cloud instances.
It's clear that Amazon's Web Services (AWS) has gained leadership in terms of a public cloud model and the platform that cloud automation applications we tested "know" out of the box. We've seen Amazon's API set as the first one that cloud automation tools write to.
Rightscale's community contributions, virtual appliances, and community wisdom gave mass to Rightscale's diverse offerings. These ranged from grid-computing to one-off job control mechanisms that used the AWS and Rackspace cloud APIs. These same tools can be used against internal cloud resources as well.
Modeling grid applications was the strength of Tap-In-System's cloud automation tool, as its monitoring capabilities were comparatively weak when we tested it. There's a loose-and-fast approach to cloud automation modeling, but Tap-in-Systems builds logic modeling, which is initially tedious, yet pays handsomely at production time.
Sign up for MIS Asia eNewsletters.