When it comes to enterprise cloud computing, building a secure cloud is often both goal and obstacle. In the service provider space, the cloud security challenges inherent to multi-tenant networks create additional hurdles. Virtual network infrastructure startup PLUMgrid believes that the innovations in its PLUMgrid OpenStack Networking Suite can leap over those hurdles, and its partnership with Swisscom IT Services demonstrates that its customers have faith, too.
Swisscom IT Services chooses OpenStack and PLUMgrid to build a secure cloud
Swisscom IT Services designs, integrates, and operates IT systems and solutions for the Swiss enterprise. "Think of them as the IBM Global Services of Switzerland," Awais Nemat, PLUMgrid co-founder and CEO, told me. Among Swisscom IT Services' customers are a number of technology and pharmaceutical firms, Swiss banks, and Credit Suisse. That meant that when it came time to plan a large-scale cloud buildout, cloud security was a critical consideration.
Swisscom selected OpenStack to power its cloud virtualization orchestration and, after benchmarking PLUMgrid against VMware's NSX, Juniper's Contrail, and other competing hardware and software solutions, chose the PLUMgrid OpenStack Networking Suite, which would allow Swisscom to use its existing physical infrastructure in a new multi-tenant virtual network.
Encrypted virtual domains and persistent policy and identity enforcement for cloud security
As Sean Michael Kerner reported yesterday for Enterprise Networking Planet sister site eWeek, the PLUMgrid OpenStack Networking Suite boasts several key innovations. Built on top of the original overlay-based PLUMgrid SDN platform, which breaks from the commodity hardware approach to SDN in favor of allowing customers to use the infrastructure with which they already feel comfortable, the PLUMgrid OpenStack Networking Suite provides virtual private cloud capabilities for tenant isolation. Virtual domains can be created with "an independent and private IPv4 address space and other private networking services, including router, DNS and load balancing capabilities," as Kerner reported.
The virtual domains thus created also allow for extensive encryption within the virtual networks. To prevent data breaches, cloud encryption is becoming increasingly important.
"Encrypted virtual domains can be provided. As soon as traffic leaves the hypervisor and hits the wire, it is encrypted, and on a per virtual domain or a per user basis, and that is something very unique as well," Nemat said.
"There is no ability to intercept the traffic because it's encrypted, not visible to people in the middle," Pere Monclus, PLUMgrid CTO, added. Demand is on the rise for encryption on a per-tenant basis, he explained, a need that the PLUMgrid OpenStack Networking Suite can meet thanks to its policy engine.
The policy engine itself represents a different approach to enforcement.
"A few years ago when we first started, we were talking about policy-based networks in a way that you would not have to define topologies, but people were still thinking in terms of switching and routing and security policies because there was a lot of inertia in the core networking world," Monclus said. In contrast, PLUMgrid built a policy engine that could carry labels, roles, and permissions all the way down through the stack and across distributed topologies, allowing for more persistent, consistent, and application-centric identity and security enforcement. But PLUMgrid needed an outlet that would actually allow users to consume the policy engine. The PLUMgrid OpenStack Networking Suite provides that outlet.
A secure cloud with flexibility and scalability
Cloud security with strong identity and policy enforcement are critical, of course, but not the only factors that mattered to Swisscom IT Services. As Lukas Fluri, head of cloud development at Swisscom, said in a statement, "PLUMgrid delivers not only best-in-class technology that ensures a highly secure environment for our customers but also ease of use, integration with OpenStack, and the flexibility needed for today's clouds."
That flexibility is particularly important when considering the rapid rate of change in the industry. For service providers like Swisscom IT Services, networking infrastructure and cloud platforms must be capable not only of supporting the known applications and services of today, but also the as-yet-unknown applications and services of years to come, with as-yet-unknown new requirements. Extensibility, ease of upgrades in the field, and the ability to add or remove features as needed all matter. So do shortened provisioning times, which the PLUMgrid software-based approach promises to deliver. Swisscom IT Services' decision to use PLUMgrid for its service provider cloud buildout counts as a vote of confidence in the vendor's technology.
Drivers for cloud adoption worldwide
The $16.2 million that PLUMgrid cleared in its recent Series B financing round is another vote of confidence in the company's approach, and PLUMgrid has big plans for that money. The new funding and the revenue the vendor is now bringing in will allow it to expand domestically in the East Coast and abroad in Europe and Japan, both regions where PLUMgrid already has customers and partners, including NEC-NESIC, which offers PLUMgrid to its customers. At the end of our interview, Nemat offered his observations on the drivers for cloud adoption in those areas.
In Japan, he said, the months of rolling blackouts and brownouts following the Fukushima nuclear disaster forced a reevaluation of infrastructure and business continuity and disaster recovery strategies. "Cloud, specifically networking for cloud, became one of the key top-of-mind issues for them," Nemat said, adding that he has seen a move away from CloudStack and VMware in Japan towards OpenStack. On the American East Coast, meanwhile, Hurricane Sandy prompted a similar change in attitudes towards the cloud. In Europe, on the other hand, concerns about data privacy, data protection, data access, and regional boundaries and restrictions are key cloud concerns.
PLUMgrid believes itself equipped to handle a diversity of cloud computing requirements thanks to its focus on networking.
"If you look at the cloud today and anybody who wants to build and operate a cloud themselves, when you look at technologies like compute and storage and networking and orchestration that need to be put together, networking turns out to be the most broken one, the most difficult one for them," Nemat said. PLUMgrid's OpenStack Networking Suite, he claimed, can "solve all problems networking related to cloud."
Header photo courtesy of Shutterstock.
Jude Chao is managing editor of Enterprise Networking Planet. Follow her on Twitter @judechao.