Cloud computing provides computation, capacity, networking, and storage on demand. Typically, computing resources such as computing (processing) machines, storage devices, and/or network devices are simulated by one or more virtual machines (VMs). Several VMs may be hosted from a single physical hardware infrastructure resource (e.g., a server). Multiple virtual machines may be associated within a cloud infrastructure to form combinations of resources known as computing environments. Individual consumers of cloud computing services may lease the processing and storage services of one or more virtual machines, distributed among one or more physical infrastructure resources in a cloud data center. Typical cloud computing service agreements are based on a self-service usage model which allows a virtually unlimited amount of computing resources to be dynamically requisitioned, on demand, from a pool of shared computing resources offered by a cloud computing vendor. Thus, instead of grossly over-provisioning (or under-provisioning) initial, static computing resources due to uncertain demands, cloud computing consumers can elastically provision infrastructure resources from the provider's pool only when needed. In addition, the pay-per-use model allows subscribers to pay for the actual consumption instead of for estimated peak capacity.
Although cloud computing allows consumers quicker access to the computing resources relative to traditional enterprise information technology models, cloud computing also presents significant and distinct challenges for enterprise management. These challenges include a lack of visibility and limited control and configurability over resource usage, and additional complexities in managing multiple cloud computing resources. In enterprises, for example, application owners can choose to build a customized infrastructure for their applications from amongst various options and from various vendors. In comparison, a cloud infrastructure is owned and maintained entirely by the cloud providers. Because of the commodity business model, only a limited set of infrastructure components is generally offered—typically, these components include virtual machines, dedicated web application hosts and data storage/static hosts. However, each of these cloud components has significant limitations. For example, a typical cloud component featuring virtual machines may offer limited types of virtual servers and application owners cannot customize the specifications of them. As a result, application owners have little or no control of the underlying infrastructure and have little to no ability to change these infrastructure decisions.
Adding to the complexity of subscribing to cloud computing services, each cloud computing vendor is likely to offer a unique (and limited) suite and selection of these hardware/software resources with varying levels of functionalities, and configurations. Each vendor may also charge different rates for different usage levels and/or may allow or prohibit various configurations and/or access levels. Thus, for any consumer of cloud computing resources, there is the challenge of choosing not only the best (in terms of cost, functionality, accessibility, etc.) configuration of resources for the anticipated usage levels offered by a cloud computing vendor, but the challenge of selecting from among the competing vendors as well.
Due to the various service agreements and available resource configurations proffered by the cloud computing vendors, a cloud computing consumer might find that the best usage of cloud computing resources might be hosting an application with an infrastructure component of one cloud computing vendor, hosting another application on another cloud computing vendor's infrastructure component, and executing a software platform from a third cloud vendor. That is, what may be the best configuration (and vendor) for one application may not necessarily be the best (or even a suitable) configuration for another application. Even for individual applications, an optimal solution may be a combination of different infrastructure components, software, platforms and business processes from several vendors. The consumer may thus be faced with compromising the efficiency of one or more of the applications by hosting them on sub-optimal configurations, or seeking separate vendor solutions for hosting. Integrating these applications hosted on separate cloud computing platforms into a seamless environment often presents additional difficulties as well, as each cloud computing vendor may require different protocols for security and access.
Even more problematic is when individual teams or departments or even individuals within organizations opt to use a preferred cloud computing configuration and vendor. In these cases, orchestration of cloud computing resources from multiple vendors and/or configurations may occur haphazardly and in a non-standardized manner, resulting, in some cases, in a somewhat disparate, unstructured, and disorganized data center architecture. Applying any organization-wide policy management or governance to these applications under such circumstances (e.g., operating under different service agreements and using different resources and configurations) quickly becomes exceedingly impractical, and may require management and oversight on a custom micro (individual) level. For widespread or major changes, this can result in serious delays and significant inefficiency to implement these changes.
In addition, where a data center's architecture lacks a formal structure or standardization, automation policies may be scattered throughout the infrastructure tools and it can be difficult to manage and diagnose policy conflicts between infrastructure tools. For example, if a security policy determines that a web server should be shut down in order to address a security breach, a potential policy conflict may arise from a separate disaster recovery policy that attempts to restart non-operating servers. Reviewing every policy for each infrastructure tool for conflicts and eliminating the conflicts may become a time-consuming and labor-intensive process for large, complex or policy-intensive data centers.
Finally, for large projects with a multitude of roles and contributors, managing access to resources can be limited (if not impossible) within conventional cloud service platforms. Conventional practice allows all users with access to a project environment hosted within a cloud to all of the data and metadata corresponding to the project. However, this can result in confusion and inefficiency for members with limited or specific roles. For example, a user interested only in accrued cloud computing costs (e.g., for accounting) may have little to no interest in the technical specifications of the provisioned resources. Likewise, it may not always be ideal for test engineers to have access to higher level functions and/or sensitive data. Thus, the lack of user access control in typical cloud-hosted projects can result in compromised security, confusion, and other significant disadvantages.