It’s an interesting move by Red Hat to enter the platform-as-a-service market with an open-source alternative particularly as they will initially be using Amazon’s EC2 cloud infrastructure to host customers’ applications.

The recent Amazon EC2 outage was the worst in history and shows that while large scale, self-managed and commoditised infrastructure-as-a-service has price benefits, if things go wrong, they do so in a big way.

On demand pay-as-you-go capacity has become the norm, but the operational side of the public cloud is a key issue for business. It provides a management challenge as the public cloud is primarily a service bought without any commitment or contract. So who has responsibility for security and resilience?

Amazon has been less than frank / honest about the nature of the resilience or how their nodes work in practice, but no competitor has publicly shamed them, highlighting the fact that everyone knows that large scale outages are possible, and more are likely.

This is not a question of competence – in technology, things can go wrong. The question is how to manage risk when the parameters for risk in public cloud are less than clear.

As an alternative, the private cloud can provide organisations with the benefits of managed virtualisation and a rental consumption model for compute and storage, while allowing them to diligence the infrastructure – something that is particularly key to compliance markets.

Most web or application servers are running at an average of 6 – 12% utilisation. This shows how much processor capacity is available should one be seeking to derive efficiencies both at the physical infrastructure and energy consumption levels. In terms of physical infrastructure, being able to fit three to four virtual servers into one physical one has a positive effect on capex budgets.

For highly technical IT users with short term needs, such as development or pilot projects, this public cloud model is incredibly flexible and provides the right balance of self management without any commercial commitment. It is essentially unmanaged hosting at its simplest level.

For a business that is less technically minded, it is necessary to buy in a support layer to help provision, configure and deploy applications in a hosted environment. As such an on-demand hosting environment still requires a substantially skilled technical support team to provision and enable and secure the service.

In a similar vein, there is some pretty scary commentary about the potential security risks associated with the public cloud. There are many business leaders driving their IT departments to push critical business applications and data into the public cloud to benefit from the cost savings, but the security concerns are real.

Most public clouds rely on software-based network virtualisation, which means you are relying on complicated operating systems to act as the switch, with the added performance and security overhead that comes with running a network on a software platform.

In Private Cloud hosting, virtualisation is still applied but using traditional, secure network security models, with the option of deploying the same virtual systems but in a dedicated hardware or datacentre environment.

With private cloud hosting, you receive best of breed switching in the datacentre to ensure high performance, secure Virtual LANs and options of layer 2 or layer 3 Virtual Private Networks (VPNs) to allow secure, safe connectivity.

This approach provides businesses with a secure hybrid between virtualised, dedicated and co-located infrastructure. The use of hardware-based managed firewalls also means that there is no issue with quoting throughput expectations for the network.

It is also difficult to find any public cloud operators that would support audits and provide the relevant audit documentation to ensure technology and operational compliance. This means that public cloud operators will not be able to support the compliance needs of some business users.

Cloud computing relies on two key but fallible platforms; technology and humans. We suggest businesses take the pragmatic view that things will go wrong with technology, so the question is what service level can you expect to support you in the event of a problem and what commercial SLA underpins that promise?

It is necessary to apply the same due diligence to a cloud operator that you would to any other IT supplier. In most large scale cloud offerings, the SLAs and commercial rebates are not worth the invoice they are digitally printed on. In the case of Amazon Web Services, the credits are applied to the next invoice you receive which means you have to commit to ongoing services to benefit from your downtime.

Cloud storage looks cost effective, but no promises are possible regarding transactions per second or latency between application servers. This means that they perform a valuable service for third tier storage, such as batch processing or other non-latency dependent applications but when end users with a service level expectation are involved, it is limited. Therefore, the balance of performance, compliance and support is not well aligned for business applications in the public cloud.

The Private Cloud model relies on a robust commercial suite of management applications integrated into the same monitoring platform and automation of software patching and updates that supports the hygiene factors customers come to expect up from their IT. This allows for an outsourced approach to system administration and for organisations with in-house IT to free up resources.

The private cloud model is of no value to someone wanting to quickly deploy a bit of streaming video content for a two-week advertising campaign, but if a business is looking to virtualise business-critical IT, outsource IT hygiene factors and benefit from the security and efficiency of datacentre hosting, then it is worth engaging in a conversation with a private cloud provider.

Ie believe that the future will include a healthy mixture of datacentre colocation, managed dedicated hosting and private cloud. Essentially managed hosting using virtualisation as an enabler. The public cloud excitement continues to stimulate debate, but for core IT functions the business drivers remain the same as they ever were; quality, performance and value for money.