Lessons learned from a year in the SHI Cloud: Networking
It’s been just about a year since we rolled out the SHI Cloud, a milestone that has made us take a look back on the past year to see where we’ve been, what we’ve learned, and what we see for the coming year.
Since the SHI Cloud debuted, we’ve learned what our customers need from the cloud, how they use the cloud, and most importantly, how we can improve their experience in the cloud. Over the next few weeks, I’ll be sharing the five main lessons we’ve learned in the past year, as well as my predictions for the future of the SHI Cloud.
Lesson #1: Networking, from the bottom up
We started the SHI cloud with a very simple mandate from our Chief Technologist, Henry Fastert: build a cloud that IT departments can use to run mission-critical production applications. We hired the best people we could find with long-standing accomplishments at IT research and development institutions such as Bell Labs, HP Labs, IBM Global Services, and other integrators. Their research identified the problems that IT had with current cloud services, and the biggest problem was in networking.
If you look at a lot of other cloud providers, you’ll see they’re providing Internet-based connectivity to their cloud network. But we saw that customers were not isolated from each other and from potential vulnerabilities to the degree that production IT organizations deem acceptable, and we felt we could do better. We went deep into the OSI layered model of networking, and the further down you go in those layers, the closer you get to the networking hardware itself, and the closer you get to achieving true isolation, security, and segmentation of traffic.
We decided to segment our customers at Layer 2, the data link layer, within our cloud data centers. At this layer, not only is the customer’s cloud network isolated from other customers, it is also completely isolated from the SHI Cloud management networks. This means that from the operating system on up, only the customer has visibility into their machines. SHI simply manages the VMware host that the machine resides on. We then bridged that Layer 2 network back to a segment on the customer’s network by creating a VLAN extension over a secure link.
That’s how the SHI Cloud allows customers to connect to their virtual machines and storage in our cloud on their network. It’s not that these resources appear to be on their network — the resources are on the customer’s network, leveraging their internal IP address space. The result was that customers could do whatever they wanted with our virtual infrastructure, including mix and match it with their own internal infrastructure, and that is a core value that attracts customers to the SHI Cloud.
Networking was the first major lesson that we learned coming out of the gate. My next post will go over the next two lessons the SHI Cloud taught us: keeping it simple and attention to detail.