8

I'm trying to figure out for a while now what the exact technical difference is between a public and a private cloud. I'd think I could find an article that describes exactly how it works, but so far no luck. Every article also seems to say something else.

I know that with a public cloud, multiple users are on the same physical machines, and so it is very unsafe when working with private data. I know that a private cloud is more safer but I'm not sure why. Is it because a private cloud has something like a Virtual Private Network? Or is it because other users aren't there on the physical machine?

tombull89
  • 2,964
  • 8
  • 41
  • 52
Rens Groenveld
  • 191
  • 4
  • If you want your data to stay private, don't use a cloud provider. – gparent Nov 16 '12 at 15:04
  • Well, how does a private cloud work exactly then? and are there perhaps ways of a hybrid cloud, where the private data stays in the in-house environment? – Rens Groenveld Nov 16 '12 at 15:07
  • 1
    @RensGroenveld See my answer - it's completely dependent on what you're talking about it. For all intents and purposes, there is no such thing as "cloud" – Dan Nov 16 '12 at 15:11
  • 4
    @RensGroenveld I don't know how to answer you, Cloud is a non-existent term that MBAs like to use. But I want to emphasize that no matter how a provider markets their service, unless it is your data on your machines on your network links, there is no such thing as private. – gparent Nov 16 '12 at 15:13
  • Hi guys thanks for the comments! I commented on Dan's answer as well. But conclusion is that I should read very carefully per cloud-provider (ie. Azure, Amazon, Redhat etc) what they exactly mean with public and private? I don't think they really describe exactly how it works do they...? – Rens Groenveld Nov 16 '12 at 15:21

4 Answers4

6

A cloud is just an abstraction layer. Guess what? VMware is cloud.

A public cloud is one which anyone could potentially use.

A private cloud is restricted to a particular set of people (most commonly members of a company or unit within a company).

MikeyB
  • 39,291
  • 10
  • 105
  • 189
5

The problem with this question is that the term cloud doesn't have any single, standardised meaning. This makes it very difficult to define things concisely across vendors etc. All we have are loosely defined terms that mean one thing to one group of people and quite another to others.

That said, a "private cloud" generally means infrastructure which is owned, controlled and used by a single entity. I can appreciate your question, but honestly, it really depends on exactly what type of service your talking about and what the marketing person / vendor meant when they wrote the term.

Dan
  • 15,430
  • 1
  • 36
  • 67
  • Hi Dan, thanks for you answer! If anything I'm probably more confused now haha. I've read a book about cloud computing and they basically explained that a public cloud is one with a firewall but multiple users behind it. A private cloud is only one user behind a firewall, and using VPN, and so more secure... What I'm trying to achieve is to determine whether some applications (for example the web application) of my company would be better off through cloud computing. In which case there are public and private clouds to choose between.. – Rens Groenveld Nov 16 '12 at 15:16
  • 2
    The problem with the book that you're reading is that it's just wrong. A cloud is a concept - *purely* an abstraction. Specifics like "this cloud has a firewall" are an implementation detail and not part of the archetype. – MikeyB Nov 16 '12 at 15:42
5

A private cloud can be configured as though it were an extension of your LAN or datacentre, and not directly connected to the Internet. That is, they can be addressed with private IPv4 addresses, making them unreachable from the Internet. Via a VPN, the private cloud operates as though it were an extension of your LAN or co-lo facility.

Even in a private cloud you're typically dealing with multi-tenancy. Other customers have VPSs running on the same hardware you're running on. However, unless they're able to take advantage of some unknown virtualisation exploit, they might as well be running on isolated hardware... they cant get to your VPS on 192.168.1.1 (or whatever address you've configured).

A public cloud is inherently reachable from the Internet (at least one interface has a public IP address). Virtual machines in a private cloud can only access (or be accessed) the Internet via a NAT instance or via VPN (they can be configured to only have a private IP address).

  • Thanks to TomTom for the correction re: multi-tenancy. A private cloud should not be thought of as multi-tenant. I was thinking of Amazon Virtual Private Cloud when answering, and while that's multi-tenant, I think it's more accurate to say that Amazon VPC is not strictly speaking a private cloud rather than saying because of Amazon VPC, multi-tenant hosts can be thought of as private cloud.
JKim
  • 562
  • 3
  • 10
  • Hey jkim, this is nice and understandable for me, thanks a lot! Does this mean that a private cloud hosted on a cloud-provider environment can't be accessed at all from the internet? say for example, my company is interested in putting the front end (website) in the cloud, which communicates with the databases that are in-house. That would mean people would have to gain access over the internet to the private cloud. Is that possible? – Rens Groenveld Nov 16 '12 at 15:35
  • 2
    You would normally use a VPN to connect to this meaning of the term "private cloud". You can also provide a NAT access point to a private cloud. Amazon's VPC offering allows you to choose whether you want all the instances in a subnet to have public IPs or not. – Ladadadada Nov 16 '12 at 15:43
  • Hi thanks a lot! One last question and I think I'm out of the woods: How exactly does that work on a public-cloud environment? Because virtualization also applies there, why would that be less secure? Or doesn't that kind of public cloud use VPS? Thanks! – Rens Groenveld Nov 16 '12 at 15:50
  • 1
    I'm thinking of Amazon.. and you can choose to make VPSs in the private cloud accessible from the internet or not... it's up to you. You'll need to do a bit of reading on Amazon about their VPC (Virtual Private Cloud) product. In the config you describe, it sounds like you're after a VPC with the webserver inside a single public subnet. The webserver will have 2 IP addresses - one public (ElasticIP), and one private. Via the public IP, it can serve internet requests. Via the private, it can VPN to your LAN and talk to your DB server. – JKim Nov 16 '12 at 15:59
  • Ok thanks a lot! Could you upvote my question? that way I'll have 15 rep and I can upvote your comments, and the answer given :) (Nor sure though if that's a general accepted thing on stackexchange though) – Rens Groenveld Nov 16 '12 at 16:01
  • 1
    (I don't think I've got enough points to comment on other ppl's comments... but it's helpful to read up on Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). "Cloud" can mean many things, but once you read up on those three, it makes a bit more sense. You're dealing with IaaS in your question. – JKim Nov 16 '12 at 16:18
  • Less technical, more conceptual; most clouds, public or private, are secured. What is the difference, conceptually, between an encrypted, secure connection from a single client to a "public" cloud, and an encrypted, secure VPN tunnel linking two "gateways" together? – KeithS Nov 16 '12 at 20:25
  • -1. Factually wrong. A private could is not Multi tenant. I know of a couple of companies having private clouds. – TomTom Nov 27 '12 at 13:30
-2

This seems to be a very popular question, and while it seems like a difficult question it's a fairly easy answer. Anything private cloud would be hosted by you or your company and on your premises. A private cloud would be a group of resources or VMs specifically used by your company and stored on your premises.

user172651
  • 11
  • 1
  • The "on your premises" part is not necessarily true - there are companies offering "private cloud" services (which basically means you get your own dedicated rack of systems at their facility, connected to your company's internal network over a static VPN or a dedicated circuit) – voretaq7 May 06 '13 at 22:06