This is to highlight the difference between what is an enterprise solution and what is a cloud solution and how the two differ. This is a very important distinction many are failing to make nowadays and in turn leads to serious and unsolvable disconnects in both direction and feasibility as a cloud host. Each have their place, and they do not overlap.
What is an Enterprise Environment?
An enterprise environment is one where the environment exists to serve the needs of a single business. It assumes full and consistent ownership. Proper security, and isolation. You won’t have outside parties digging around or using these resources directly.
The defining features of an enterprise environment are as such,
- Single ownership
- No outside parties or shared ownership, all servers belong to, are accessed by, and used by, one entity
- Isolation, no third parties use or have access to these resources
- Security and safeguards gapping others from these resources
An example of an enterprise environment would be a Facebook. All their servers are for Facebook. They are owned by Facebook. They are used by Facebook. You as the user cant access these servers and they do not rent out space or access to these servers to anyone.
This would be Facebook’s Enterprise Environment.
An example of a cloud’s enterprise environment would be the hosts and the infrastructure servers. These are the enterprise environments. Guests don’t have access to these. The host does not allow others to touch them. They do not rent them out. They are the sole owner of these environments and they heavily isolate and safeguard them.
What is a Cloud Environment?
A cloud environment is one where servers and resources are owned by others, not explicitly the host. This is generally a shared environment. Many people and guests will be using resources in the resource pool and often times these resources cycle over and are owned by multiple people over their lifespan. One defining and important note here is that no one can guarantee the security of these servers or the legitimacy of the actors using them. You can expect, and often do see, bad actors abusing these resources. Its important for people not to give these bad actors easy access to do nefarious things or hurt other customers.
The cloud environment is typically kept separate from the enterprise environment powering it. This is a security focused principal. You don’t want cloud users messing with your enterprise environment or negatively impacting it as it would impact the business and everyone relying on the service it provides.
The most important part of a cloud environment is that it is unique to the host. Each host has their own way of doing things. Their own services. Their own API. Their own metadata. Their own hooks. Their own network. Solutions need to account for this. More often then not those solutions are homebrewed and proprietary. People are not using random projects on github to solve problems in this environment.
Defining features of a cloud environment are,
- Shared ownership of resources
- Multiple people using resources from the same resource pool
- Resources may have more than one owner over its lifespan
- No guarantee everyone is a legitimate, bad actors exist in the user base
- Security and safeguards accounting for this environment to prevent bad actors from affecting other customers
- Gapped and isolated from the cloud hosts enterprise environment
- Unique environment. The cloud environment is unique to the host. Solutions meant for others will not work here and there is no one size fits all solution that will work with every cloud host. Things need to integrate and work with the environment at hand.
An example of a cloud environment would be Azure. Azure provides VM’s and servers to customers. These servers exist along side servers owned by other users but they do not interact and they do not share servers or infrastructure existing in this cloud environment. This environment is sliced off for them and them alone.
An example of a cloud environment at a cloud how would be VM’s. The VM’s they give guests are theirs. They don’t share them with other users. This is their cloud environment. They run on top of the enterprise environment which would be the host and the connected infrastructure. The two do not overlap however. The guests do not use the enterprise environment directly. They dont export to the hosts log collectors. They do not use the config driven environment. They do not connect to the proxies or VPN’s. They are isolated to the Cloud Environment.
What is an Enterprise Solution?
An enterprise solution is one meant for an environment that is under the control of one entity. Often hidden from the internet, heavily firewalled, and tons of security. Where it is expected there is only one owner of all resources the solution touches.
Enterprise solutions generally don’t account for multi-tenancy as enterprise environments are not multi-tenant. So you wont see filters in say an exporter preventing people from posting malicious log lines or flooding the database, as that would not be needed and be wasted effort. There is no expectation in an enterprise environment that the single owner would be malicious against themselves so there are no safeguards in place to prevent that.
An example of an enterprise solution would be collectd. This is an info gatherer that exports data to a shared collector. The expectation is that each resource has keys to said collector and they all export to the same one and that everything from the servers to the collector are in a shared environment. An enterprise environment.
Another example of this would be Nagios. Where everything is controlled by a single Nagios master server. All servers have keys and all servers feed data back. There is no real safeguards preventing poisoned data, because who would poison their own data for their own environment like that? The assumption here is lack of bad actors and other users. Single ownership!
What is a Cloud Solution?
A cloud solution, is one that is created with the intention of running in the cloud. On multiple guests, with safeguards in place and specific design focus revolving around the cloud environment and multi-tenancy. These solutions account for the fact that it solves a problem in where there are multiple owners and secures against bad actors and more often then not are highly proprietary. Everyone’s cloud is different and has different set of requirements. There’s no one size fits all solutions here.
An example of a cloud solution would be Cloud-Init and the integrations. Every single cloud host has their own Datasource in Cloud-Init and neither can use anothers’. The solution is designed to be run on a guest and does not provide backdoors or allows the user to leverage it to hurt other guests. Everything is secured and its developed with the cloud specifically in mind.
Another example would be Packer integrations. Each cloud has their our own plugin. Again, you cant use EC2’s and Azure can’t use Digital Oceans’. This is fully proprietary end to end, because it needs to be! No one else’s solution will work on your cloud platform, and your solutions will not work on their cloud platform.
What is the line of separation?
The line of separation is actually very easy to define. The enterprise environment are the things guests do not see. Do not know about. Do not touch. Do not log into. Some examples are,
- DNS Resolvers
- Switches
- Hosts
- Metadata servers
- Storage Servers
Things that you give to guests are the cloud environment. These are things guests use. Are expected to do what they will with. Have full access to. Some examples are,
- Virtual Machines
- Baremetal Servers
- Load balancers
- GPU Servers
- GPU Clusters
- Subscriptions
- Object Storage
What happens when you cross your wires?
When you cross these wires bad things happen, and they often happen fast and the damage it causes tends to be extreme.
For instance, if you were to install a remote connection software on all guests. Now all guests have a backdoor. If someone were to get access that or a bad actor were to break in, they would have access to every guess. That’s a game over scenario. That;s going to be a news story, and a very bad one at that.
Another example would be collectd. If you put collectd on a guest server you need to provide keys to a collector. Is everyone going to use the same collector? Now you have a situation where there’s security implications. What happens when someone logs the entire linux kernel source? What happens if someone hammers it? What happens if someone poisons their data? What happens if there’s a CVE and someone gets access to the data of every guest that uses it? That’s really bad. That’s another news story.
These wires MUST NOT be crossed.
Enterprise Solutions on a Cloud Layer
So often people get confused when they see enterprise solutions in the cloud. Thinking that you have a bridge. That is not the case.
For example, you CAN use collectd in the cloud, if its exporting to the users own collector. For instance if one user has 100 servers, 1 collector, and collectd exists on all 100 servers and exports to their 1 collector. This is effectively an enterprise environment.
However, that does not mean you can suddenly have 1 collector and 100 users all exporting to that 1 collector. That’s attempting to use an enterprise solution as a cloud solution and is wildly inappropriate and wrought with danger.
Generally enterprise solutions in the cloud are just another cloud product. Not a solution to a cloud problem. That’s a very important distinction.