It should come as no surprise that it is possible to have a private cloud within a public cloud infrastructure, in much the same way as we have virtual private networks (VPNs) over the public Internet. The most common unschooled view of the cloud is unfortunately one of confusion, with the belief that it is an amorphous collection of compute resources at an indistinct group of third party sites. That definition more closely resembles the Internet itself, however. Before addressing public and private clouds, and whether a private cloud
can exist within a public cloud
, "cloud" itself has to be defined.
There are of course, a handful of generally accepted definitions, but generally speaking, cloud computing
is computing that takes place at a centralised location and is then delivered as a service over an IP connection, usually the Internet. When that centralised location is a third party data centre, it is a public cloud. When the centralised data centre
is either on premise, controlled by the end using party, it is a private cloud. But, because of the very nature of things like encryption and virtualisation
, the lines get a little . . . cloudy. Gartner's
definition of a private cloud is that it is "a form of cloud computing where service access is limited or the customer has some control/ownership of the service implementation." By that definition, actual location and ownership of the data centre is irrelevant, so long as control by the end user is maintained. That control could be through a provider tunnel that establishes boundaries and limits access to a narrowly defined group of authorised individuals.
"Private cloud" can then mean two different things:
1. An internal private cloud is where the physical infrastructure is located in a facility under the direct control of a single, exclusive end user.
2. A virtual private cloud is where the physical infrastructure is located externally and managed by a third party, but delivered through tunnelling protocols that establish a virtual private connection that restricts access and establishes a more direct avenue for control over the cloud and its resources.
To make the definition of internal private cloud even fuzzier, an internal private cloud can either be an actual on premise data centre, or it could be housed in an off-site, third party co-location facility. Either way, it remains exclusively under the control of the user. The difference between the co-location option and the cloud data centre is exclusivity - when your cloud emanates from a co-location facility, you are still using, paying for, and managing your own equipment, and the facility is really just an extension of your own premises. A cloud data centre on the other hand, even though it may be delivering compute resources via tunnelling protocols so as to make it seem private, is still using the same group of resources for the benefit of multiple clients.
The final question the implementer of cloud services must ask then, is how much control they actually need, and whether the prospect of implementing an on premise private cloud eliminates too many of the cloud benefits the organisation sought out in the first place.