Amazon EC2 is the first and most popular provider of infrastructure services via the web. Since a couple of months, they provide a Web-Console that allows to build and control a virtual infrastructure: launch instances from virtual images (called AMIs), reboot, and terminate instances, create persistent storage and attach it to instances, allocate public IP addresses, manage Security Groups and key pairs. All those tasks are very basic. It’s hard to imagine to manage more than 20 virtual machines on one account. It’s not possible to group virtual machines or to even give them human comprehensible names or to easily track which instance uses which storage. The recently added feature CloudWatch, which allows to collect status and performance metrics from running instances, is not (yet) accessible via the console. It seems extremely difficult to professionally run and manage an IT infrastructure on EC2 without additional tools (except small setups e.g. consisting of a web-application with some web-, application- and database servers). But how would the management of a virtual IT infrastructure look like? How will enterprise customers use an infrastructure service as provided by EC2?
Built In AWS Console
Despite all the issues cited above (low level operations, visual scalability issues, manual interventions on running instances for configuration), using the AWS Console has nevertheless also some advantages. It gives full control over all aspects of the virtual infrastructure and therefore allows to deploy any low-level modification if needed. Given the frequency with which Amazon added new features in the past two years (see here for a short overview of innovations for EC2), it is also possible that most of the obvious gaps will be closed by AWS in the near future.
Third Party Management Console
Enterprises may also rely on external management applications that cope with the missings in the AWS Console offerings. The advantage of using a third party provider is that there is competition to push those providers for excellence. We can also expect that there will be specialized products that respond more closely to the specific needs of specific customers and concentrate on usability, security, scalability, flexibility – whatever is important for a customer.
Third party management consoles can itself be based in the cloud (as SaaS) or installed in the private network of the enterprise either as server or desktop application. The best known example of a SaaS based solution is RightScale that started as a simple console for EC2 (already when EC2 didn’t provide one) and evolved into a solution that allows to manage the life cycle of deployments. SaaS based solutions raise questions on security (who has access to the enterprises data? how is illegal access prevented?) and offer less control than using the “raw” AWS solution.
Consoles that are installed in the private network of the enterprise customer give more options to secure the access to the enterprises data in the cloud, works nicely in hybrid setups and offer the possibility to integrate with already existing management tools. However, they still require a private enterprise network (even when it becomes much smaller), which means a more complex overall IT architecture and higher costs of administration and operation (including hardware and cloud servers).
“Inside” Management Console
A third approach (we don’t know of any provider yet) could be to run the management console within the EC2 infrastructure. The customer would use the AWS console to deploy a virtual image with the management console, start it up, and then manage all deployments via a secured web-service delivered by the management console server running in EC2. This solution somehow combines the advantages of the former two: all credentials remain in the virtual perimeter of the AWS account owner, while the enterprise IT manager can benefit from an easy-to-use and well adapted management solution that can be integrated with other tools the customer is already used to.
Of course, an enterprise may also decide to not care about the underlying infrastructure at all as long as it has secure and reliable access to its data. When flexibility, low-level control, and the need for integration with existing data or services aren’t fundamental, it may go for a SaaS or PaaS (e.g. Salesforce) solution. Even security software is available as a managed service today (known as MSSP). Otherwise, it could outsource the management to a service provider (we called it myPaaS-Provider) that not only runs the infrastructure, but also deploys software updates and performs customizations. Such a model would allow the enterprise customer to get their own customized applications as SaaS without loosing the power to apply additional features or security mechanisms.
Instead of a conclusion we rather ask for your opinion. How will enterprises manage their infrastructure in the cloud?