Novell has been talking about cloud and cloud security for more than a year now and, slowly, we are getting a glimpse of where they are going. After realizing that Cloud has taken off in a big way, Novell has been trying to position themselves as a serious cloud player with a stronger emphasis on security. After their announcement on Cloud Security Service last year and demoing a prototype of the service, Novell yesterday announced the general availability (GA) of the service.
Novell’s Cloud Strategy
Novell is taking a multi-pronged approach to (private) cloud computing. On one side, they tout their Intelligent Workload Management as a smart way to do clouds and they also emphasize on getting the cloud security right and offer what is called as Cloud Security Service. Their solution to cloud puzzle has many different parts and they are trying to assemble these different parts slowly. Let me dig a little bit into their cloud strategy before talking more about the Novell Cloud Security Service. This section offers an overall picture of Novell’s cloud strategy (from my own understanding of their strategy using the information given in their website)
Novell is pushing their Suse Studio as a way to package applications as appliances to be deployed on either a virtualized environment or cloud. These appliances are built using OpenSuse or one of their enterprise distributions and delivered as either as an image to be installed on a physical hardware or VMware or Xen images for virtualized and cloud environments. Their Intelligent Workload Management tools for the cloud is based on their Platespin acquisition. The Platespin platform has been updated to offer the following features
- Analyze workloads, gain intelligence and optimize them
- Automate workload portability and integrated testing
- Workload protection through replication and seamless DR
- Cloud orchestration
- Support for multiple hypervisors
Their cloud strategy includes making the existing infrastructure look cloud-like and tap into public clouds using a process they call “annexing the clouds”. Part of this annexing strategy includes Cloud Security Service. They “extend” the perimeter of their infrastructure into the cloud in a secure way while keeping their organizational policies intact. I will dig a bit deeper into this Cloud Security Service in the next section. Looks like they also have a fringe project codenamed as “Cockpit” which is their cloud collaboration tool. They also partnered with Intel to develop a cloud optimized operating system for netbooks called Moblin (which Intel has extended under Meego umbrella). The idea behind the OS project is to offer tools for better cloud connectivity.
Novell Cloud Security Service
Cloud security is not simple. There are many aspects to cloud security on many levels including application security, network security, etc.. Novell’s first step in tackling cloud security is about identity, access and compliance. Establishing trust, managing access and keeping the necessary logs for compliance audit are very crucial to any enterprise’s cloud computing plans. Novell Cloud Security Service sits between the enterprise and the cloud provider by extending the enterprise identity manager to manage access to SaaS and PaaS. In short, it is acting as a trust broker between the enterprise and cloud providers. Some of the benefits of Cloud Security Service include
- Support for existing enterprise identity service or acting as a single sign-on for cloud providers
- Automatic provisioning and deprovisioning of users
- Extending the enteprise access control policies to the cloud
- Consistent compliance reporting for all cloud applications
etc.. Novell Cloud Security Service comes with three components.
- Cloud Security Bridge – This small footprint component (currently, a windows service) resides inside the enterprise firewall and provides protocol proxy, policy agent, audit agent, secure communication manager and a key agent. It operates over standard firewall ports without any need to modify their existing firewall.
- Cloud Security Broker – The brain behind the service which resides on a cloud selected by the enterprise or on one of the Novell certified clouds like Amazon EC2, GoGrid or on eof the vCloud IaaS providers, ensures that the trust is maintained between the enterprise users and cloud providers.
- SaaS/PaaS Connectors – Cloud Security Broker communicates with the cloud provider using these connectors. Right now, connectors are available for Salesforce.com, Google Apps, any service built on top of the Spring Framework, etc.. It is quite easy for any SaaS/PaaS provider to build a connector which will work seamlessly with the Novell Cloud Security Service.
And
Novell has taken the first step towards delivering a more secure cloud experience. According to Jim Reavis of Cloud Security Alliance, Novell and CSA are working to address many of the trust concerns end-user organizations have with cloud computing, including issues that go beyond just technology solutions. I would like to remind you about the Trusted Cloud Initiative started off last year by Novell and CSA in collaboration with others to develop an identity management reference model, education and certification criteria for cloud providers. This move by Novell helps enterprises trust cloud providers more and easily implement their policies on the cloud. This is only a small slice of the big cloud security pie. Novell has plans to expand their cloud security offerings as they push further into the cloud market but there are big opportunities for other vendors to step in too. I have seen CA Inc. offering a similar product through their Identity Access Management suite. I have heard some noise from IBM on doing something along these lines through their Tivoli product line. There are other areas of cloud security that needs immediate attention. There is a long way to go before cloud security matures to a level where enterprises can trust cloud providers with most of their workloads.
Today, enterprises are turning more toward private clouds (on-premises clouds) than to public clouds because of security and a few other reasons. Will tools like CA, Novell, etc turn folks back in the direction of public clouds? My feeling is that we will have hybrid clouds in most enterprises that have deployed private clouds and the low security workloads will be running on public clouds while the high security workloads will be running in private clouds. There are various security problems with private clouds that are not often talked about. Unfortunately, these problems also plague public clouds.