Lessons learned from a year in the SHI Cloud: Networking

It’s been just about a year since we rolled out the SHI Cloud, a milestone that has made us take a look back on the past year to see where we’ve been, what we’ve learned, and what we see for the coming year.

Since the SHI Cloud debuted, we’ve learned what our customers need from the cloud, how they use the cloud, and most importantly, how we can improve their experience in the cloud. Over the next few weeks, I’ll be sharing the five main lessons we’ve learned in the past year, as well as my predictions for the future of the SHI Cloud.

Lesson #1: Networking, from the bottom up

We started the SHI cloud with a very simple mandate from our Chief Technologist, Henry Fastert: build a cloud that IT departments can use to run mission-critical production applications. We hired the best people we could find with long-standing accomplishments at IT research and development institutions such as Bell Labs, HP Labs, IBM Global Services, and other integrators. Their research identified the problems that IT had with current cloud services, and the biggest problem was in networking.

If you look at a lot of other cloud providers, you’ll see they’re providing Internet-based connectivity to their cloud network. But we saw that customers were not isolated from each other and from potential vulnerabilities to the degree that production IT organizations deem acceptable, and we felt we could do better. We went deep into the OSI layered model of networking, and the further down you go in those layers, the closer you get to the networking hardware itself, and the closer you get to achieving true isolation, security, and segmentation of traffic.

We decided to segment our customers at Layer 2, the data link layer, within our cloud data centers. At this layer, not only is the customer’s cloud network isolated from other customers, it is also completely isolated from the SHI Cloud management networks. This means that from the operating system on up, only the customer has visibility into their machines. SHI simply manages the VMware host that the machine resides on. We then bridged that Layer 2 network back to a segment on the customer’s network by creating a VLAN extension over a secure link.

That’s how the SHI Cloud allows customers to connect to their virtual machines and storage in our cloud on their network. It’s not that these resources appear to be on their network — the resources are on the customer’s network, leveraging their internal IP address space. The result was that customers could do whatever they wanted with our virtual infrastructure, including mix and match it with their own internal infrastructure, and that is a core value that attracts customers to the SHI Cloud.

Networking was the first major lesson that we learned coming out of the gate. My next post will go over the next two lessons the SHI Cloud taught us: keeping it simple and attention to detail.

You may also be interested in:

Network design for the overworked administrator System administrators have a full plate. Maintenance, monitoring, and management of their organization's IT infrastructure keep them busy, leaving few...
Lessons learned from a year in the SHI Cloud: Keeping it simple and paying attention to th... In my last post, I talked about how networking from the bottom up helped us reach success when we built the SHI Cloud. In the second part of our "Less...
Lessons learned from a year in the SHI Cloud: The business model and transformative ease-o... If you’ve been watching this space over the past few weeks, you know that my past two blog posts have been part of a series of posts dedicated to refl...

Submit a comment:

Your email address will not be published.

Please note: All comments will be moderated

fifteen − 8 =