Start Planning
Even if you aren't implementing an internal cloud right away, consider a pilot project. "Enterprises should start training now to take advantage of cloud computing two years from now," says Staten.

Anyone thinking about internal cloud architecture needs to start with commodity x86 servers; the more similar they are in configuration, the easier it will be to manage them in a cluster or grid. (Look no further than Amazon, Google, and Microsoft for evidence that look-alike x86 servers are a staple of cloud architectures.) Indeed, migrating virtual machines can be done only between servers that use essentially the same chip in the CPU; otherwise, x86 instruction sets can vary in minute ways that will throw off VMware's VMotion or other live migration managers. Most companies don't have this homogeneous environment today.

In most cases, private cloud designers also will need to implement a virtualization management layer that goes beyond what they already have in place. Virtualization isn't a requirement for private clouds. PAN Manager is one example where workloads can be moved around without hypervisor software. But in most cases, virtualization and internal clouds will go hand in hand. And it's hard to gain the efficiencies needed and manage the scale involved without full-fledged virtualization management along the lines of VMware's vCloud or Citrix Essentials for XenServer and Hyper-V, or DynamicOps' Virtual Resource Management.

Rule of thumb: If you can master virtualization in the data center, you'll master the private cloud.

Many enterprises are marching toward private and hybrid clouds by following in VMware's footsteps. VMware this year is bringing out elements of what it calls the Virtual Data Center Operating System, or VDC-OS, which it illustrates in a diagram as hovering over both an internal and external cloud. Ultimately, VMware's goal is to let customers use VDC-OS to manage x86 servers and related storage as combined resources and move virtualized workloads between internal and external clouds.

The capabilities to provision, monitor, and move virtual servers around already are part of VDC-OS, but other private-cloud tools are still missing. One is vCloud, which VMware describes as an "initiative" rather than product. Part of its purpose is to let private cloud users get services from external clouds. Toward that end, VMware is establishing links with services providers, such as Melbourne IT, Savvis, SunGard, and Terremark.

They'll do that via the vCloud API. If VMware can gain broader acceptance for its API, it will be much easier to send a workload to an external cloud or enable a workload in an external cloud to tap into services that are part of the enterprise infrastructure. At this point, the vCloud API is in limited release.

Longer term, CEO Paul Maritz says VMware is seeking to give customers a single management interface with which they could run VMs in private or public clouds. Whether VMware can live up to these expectations probably won't be known for 18 months to two years.

Citrix's Lab Manager, NetScaler, and other products also can be used to build private clouds, along with its Workflow Studio for orchestrating resources. Like VMware, Citrix is working on a set of APIs that will work with its WANscaler, a product for speeding application delivery over a wide area network, to bridge the gap between enterprise and external clouds. Those still-to-come APIs promise to let customers move VMs and application resources between on-premises and external clouds.

Sun Microsystems recently introduced a private cloud platform--the Sun Open Cloud Platform--and public cloud services called Sun Cloud that are based on a set of open APIs. But Sun has been in tenuous negotiations to be acquired by IBM, and it isn't clear what IBM's plans would be for a Sun-centric cloud.

Users of the Amazon EC2 cloud might want to monitor the Eucalyptus open source project, which is creating a set of open APIs that closely mimic Amazon's and could be used to build private clouds that function in a way similar to EC2. Eucalyptus APIs could be used to summon the equivalent of EC2's Simple DB database or S3 storage services. An application built using such interfaces could be readily adapted for export to Amazon's cloud.

Another problem private clouds must address is the need for a shared underlying storage file system. Without it, a set of VMs can't be treated as an elastic resource. VMware implements VMotion migration of VMs by imposing its own storage file system on a portion of the customer's disk arrays. Citrix works with Veritas and other storage vendors to ensure that its live migration feature will work.

Without a shared file system, the VM, when it moves to a new physical server, will not only leave the CPUs and memory behind in favor of a new machine's, it will also migrate away from its assigned storage and not be able to retrieve its pre-move data.

Egenera came up with its own solution to this problem outside of the fractious storage industry, where vendors have never agreed on a set of common standards. In the Dell PAN system, the Egenera software assigns each workload with a unique storage identifier, regardless of whether it's running in a VM or directly on a physical blade, says James Yaple, CTO of the Department of Veterans Affairs' data center operations. If a blade fails or a VM is moved to a different blade, the workload's storage identifier moves with it, providing a path back to the pre-move data.

Internal clouds aren't just a more efficient way of maintaining old data center practices. "You have to rethink the processes of how you did things before," says Jerry McLeod, VP of product management at cloud workload configurer FastScale Technology. Instead of having a system administrator configure each server, virtual machine configuration needs to take place based on a few reference images that will be widely used in your company.

In a traditional data center, a network administrator maps the addition of a new server to the network, assigning it switch and router resources, then a security and compliance administrator checks the configurations and installs any additional protections needed for the new server. With an internal cloud, those three tasks can be collapsed into one--the creation of a VM that's met with the approval of all three. IT departments need to put work into the process of constructing VMs so that can be accomplished in an automated fashion without disrupting IT operations or creating security risks or data privacy breaches, McLeod says.

This article was edited on 4/14 to clarify the network configuration between Teradata and eBay.