CloudSwitch was a contender Monday for "Most Promising" or "Most Innovative" at the Up 2010 (as in Upstart 2010) conference, a cloud computing event. CloudSwitch founder Ellen Rubin was hard pressed to spare a few minutes to talk about the cloud in a tete-a-tete before hitting the stage to offer CloudSwitch's case.
"Companies want to use the hybrid model of cloud. The value comes from having a scalable, on-demand resource you can use when you need it. Our software lets them do that in a secure way," she said.
I don't necessarily believe everything that I'm told. But I know I'm looking for companies smart enough to allow the existing, crazy-quilt mix of computing systems in the enterprise data center function more effectively through an extension into the cloud. The task isn't to get the enterprise to conform to what the cloud suppliers have got. The challenge is to help the enterprise workload move seamlessly into the cloud, without a drastic conversion effort. CloudSwitch may be one of those companies that helps you do that.
I first talked to Rubin, VP of products, and CEO John McEleny by phone as they launched the 1.0 version of CloudSwitch Enterprise Edition last June. Installed in the data center, CloudSwitch can move a VMware ESX Server virtual machine out to Amazon's EC2 and allow it to run there without a conversion to an Amazon machine image (AMI). CloudSwitch inserts an isolation layer above the cloud hypervisor and below the virtual machine's operating system to let the workload run as is, but appear to be an AMI virtual machine to EC2.
Rubin says CloudSwitch can do this in a secure manner because it uses a VPN to connect to the cloud and keeps in its own isolation layer the encryption key needed to read the data. The application logic and data must be decrypted as they run in the cloud, and the customer is dependent on the cloud's security during actual execution. But the transmission and setup of the workload, where the encryption key must be used, remain outside the public cloud. No prying eyes, if there happen to be any, can see either the encryption key or the data inside the isolation layer, Rubin said.
This discussion reminds me of how VMware's former chief scientist, Mendel Rosenbloom, used to describe the hypervisor as a layer of software that lifts the operating system up a notch and slides itself between the operating system and the hardware, taking over the task of talking to the hardware. Rubin, in a somewhat similar vein, says CloudSwitch has inserted a shim between the cloud hypervisor and the workload, placing its own basic protections and operations there.
There's some networking hocus pocus involved as well, but basically CloudSwitch assesses a virtual machine running in the data center and figures out what resources it would need if moved to the cloud. It has amassed cloud-specific information so far on EC2 and Terremark. Savvis, Rackspace, and Microsoft's Azure are next on the list. It then provisions a virtual machine in the cloud that's a match and can translate the VMware operations into calls and processes recognized by the cloud host.
Rubin says rather casually "a couple of percentage points" of overhead is incurred as it does this. The overhead may be "5-10%, depending on the workload in some cases," and less than 2% in others, she said when asked about this point.