Whether in a public cloud or a private cloud, you don't need to consider the underlying infrastructure, but only need to process business through virtual machines and networks. Of course, the hardware is at the supplier. If you are building a private cloud, there are many options to decide how to build it. Each option has different characteristics, safety performance and cost, but in any case, you must retain a lot of safety responsibilities.
Private Cloud
These options are similar to the traditional server deployment model: you can deploy on your own server, you can also deploy in a joint local center, and you can even use a traditional hosting service on a "hosted but dedicated" basis.
These guidelines apply to hybrid and private clouds. In fact, most organizations are unable to appropriately fully private clouds, but they can provide a good example of a hybrid model. In a hybrid cloud, you can integrate a cloud through public cloud services and run it on a system directly managed by you. The public clouds that currently dominate the market-AWS, Microsoft Azure, and Google Cloud Platform-all provide extensive support for this integration.
There are many factors that will make you need to run part or all of the system in a private environment. Usually, compliance, security, and performance will be the main factors, and these factors may also have an impact on how and where you build a private cloud.
For example, you may have to save the data in a certain country. You may also need to install professional hardware or use a non-traditional configuration. Perhaps the CPU/RAM configuration set for the virtual machine in the public cloud is not suitable for your needs. Maybe you have a GPU-based big data analysis system. You may also worry about network latency. You can provide faster service through a private cloud in certain locations, especially when local processing is required.
To deploy on your own site, you need to provide a data center, including power, power redundancy, HVAC, physical security, physical network infrastructure, and a lot of staff. For most organizations, it is difficult to adjust. The cheaper and equally good method is to only take your system and hardware in your own hands. In this solution, you have computing, storage, and network hardware, and you can fully control all data until it reaches the transmission point.
The joint local supplier is responsible for facilities, physical security, fire safety, power and power redundancy, HVAC and network connections, and your ability to run dedicated lines. These services minus a lot of costs and troubles, allowing you to focus more on the core of your business. The joint localization arrangement can take into account both professional hardware and unorthodox configuration, and it can greatly improve your network performance.
However, the joint local supplier cannot prevent you from exposing your system and data to attacks due to certain errors, especially in any network-oriented situation. Solutions usually include: ensuring that data is encrypted during sleep and transmission; maintaining control over identity, authentication and authorization; using a virtual next-generation firewall to protect network-oriented workloads; and following the principle of least privilege.
Hosting a private cloud is another option to reduce costs. The companies described above that may operate in joint local facilities, although they are promised that the hardware is specialized, often share other resources with others under unknown circumstances, and sometimes are restricted in control options. You may not get a separate network segment or the ability to fully manage the server. In a multi-tenant, public cloud environment, there must be greater isolation than you, but you need to read these difficult provisions carefully to ensure that the hosting service meets your needs and satisfies all the security responsibilities required by the computing host.
For various reasons, large and complex organizations often need to maintain control of certain systems. Cloud architecture is still the future of these use cases, but in this case, they still have the obligation to protect data and software.