Inside the hybrid cloud, Part 2: Federation is key to XaaS

Services in the cloud are increasing rapidly. As more and more cloud computing projects are implemented, the ever-expanding collection of cloud tools and services required to manage an enterprise seems to be growing exponentially. The implementation of a federated cloud with an appropriate command and control regimen is the key to managing this growth. Part 2 of this series describes the hybrid cloud in more detail as well as the federated cloud, which is the epitome of the hybrid cloud formation.


Grace Walker, IT Consultant, Walker Automated Services

Grace Walker, a partner in Walker Automated Services in Chicago, Illinois, is an IT consultant with a diverse background and broad experience. She has worked in IT as a manager, administrator, programmer, instructor, business analyst, technical analyst, systems analyst, and web developer in various environments, including telecommunications, education, financial services, and software.

22 May 2012

Also available in Chinese Russian Japanese

The hybrid cloud is the key driver of the rapidly evolving cloud economic market system. This fact is a function of the multifaceted delivery system made possible by Every Component as a Service (XaaS). The power of the hybrid computing model lies in attributes such as scalability, extensibility, and the manipulation of capital expenditure (CapEx) and operational expenditure (OpEx). The enormous variety of market models the hybrid cloud engenders makes the virtualization of on-demand services accessible to both large and small cap enterprises.

Based on the hybrid cloud, an enterprise can:

  • Access different clouds for diverse applications to match business needs;
  • Distribute elements of an application to different environments, using both internal and external capacity; and
  • Locate applications based on their life cycle stage, allowing development in one location and implementation in another.

The hybrid cloud allows an enterprise to move from controlling computers to controlling services. The outcome is an increase in productivity and a reduction in overhead. With a properly managed hybrid cloud, users can work anywhere on any suitable device.

Facilitating ubiquitous device delivery

The increase in networked devices such as smart phones and tablets plus the adoption of cloud-based services provides a ubiquitous delivery environment that has encouraged many organizations to move to the Bring Your Own Device (BYOD) model. The BYOD model permits user access to corporate resources with the user's own personal devices. The increase in variable and flexible work schedules, telecommuting, and mobile applications are encouraging this growth.

BYOD is compelling IT to reevaluate technology deployment processes. Today's architecture solutions must be designed to meet user and enterprise expectations of working anywhere, anytime, on devices of all types. Embracing BYOD provides an opportunity to reduce cost and improve productivity, so enterprises are rapidly moving to a mobile-friendly enterprise service layer to integrate with mobile apps.

When personal devices are used on the enterprise network, however, security becomes a major concern. Currently, IT uses the managed desktop paradigm, which allows for central management of user applications, but this model doesn't fly in the BYOD environment. IT cannot control which applications or games users decide to install or maintain on their personal devices—a huge security risk.

In an effort to remedy this issue, enterprise application programming interface (API) management was developed—a new approach that allows secure BYOD mobile access to existing enterprise services. This new methodology is an effort to rethink application deployment, allowing the enterprise to move from managing the workstation to adapting to the new user environment. Because tokens are at the heart of API access management, they are also an essential component of enterprise API management. Token management during handshakes acquires the pertinent information related to the granting of access to an API, making the information accessible to other API management components. Enterprise API management creates a secure environment for the use of BYOD.

Structural perspective

The network configuration of the hybrid cloud is determined by the array of cloud-based applications used. Software as a Service (SaaS), for example, depends on the private cloud's web browsers. In the case of Infrastructure as a Service (IaaS), the workload actually resides in the cloud. This functionality requires the identification of the virtual machines (VMs) involved. The VMs' IP and Media Access Control (MAC) address are used for identification. Every device in an Ethernet network has a unique MAC address. MAC-based filtering restricts user access to the network based on the MAC address.

Ethernet fabric architecture is perfect for the hybrid cloud, providing better performance, more efficient utilization, and higher levels of availability. Traditional Ethernet architecture may become slow and unresponsive, because in traditional Ethernet network switches, or interswitch links (ISLs), the ISL bandwidth is restricted to a solitary logical connection. Multiple connections are prohibited. Even though the enhancements that link aggregation groups (LAGs) provide allow multiple links between switches, the links have to be manually configured on each port in the LAG, which limits their flexibility. In an Ethernet fabric, the control path replaces the Spanning Tree Protocol with link state routing. What's more, the data path provides equal-cost multipath forwarding.

The hybrid model is wholly dependent on the Internet. The structure of the hybrid cloud formation must be designed to provide the optimal functionality. This approach has to inform every aspect of the architecture and design.

Resource perspective

Enterprise data is the basic component of all information processes. It must be properly secured and protected through its entire life cycle—from design and creation through archiving and deletion. Use of the hybrid cloud does not alter this fundamental axiom. Indeed, the life cycle management of your data, if anything, is even more critical in the cloud because of the higher risk of theft, loss, or damage in the cloud environment relative to the protective cocoon you have developed behind your enterprise firewall.

The hybrid cloud allows you to put some data in the cloud while maintaining other data behind your firewall, allowing you to maintain control of data deemed too sensitive to be entrusted to others. Because there is no absolute litmus test to determine whether you should move specific data into the cloud, before moving any of your data, you must institute a sound data-management policy to ensure its protection. Control of your data in the cloud starts with determining exactly which parts of your data should be allowed to migrate.

The physical location of data may be critical when compliance is a consideration. Although you may have everything properly secured, compliance requirements necessitate that you have proof. Several regulations demand that the precise location of your data be documented; in some instances, these regulations require that it be maintained within the country. When dealing with international cloud services providers, this requirement can present a significant challenge.

Confidentiality is also critical. What happens if an e-discovery request is issued? Will your cloud service provider simply hand over your data? What about backups? Is your supplier backing up your data properly? What is the disaster recovery plan? How will your data be recovered after a natural disaster or any other critical failure? What about your supplier's staff: Are the supplier's recruitment and vetting procedures adequate for the security of your data? There are many questions that you need to answer for your enterprise before handing over control of your data. For each classification of data, you will need to assess the perils related to pushing it into the cloud.

Federated cloud

The hybrid cloud offers a vast array of solutions, but the many options can make it difficult for an enterprises to create the most appropriate and beneficial solution for its business model. To assist in the decision-making process, many cloud providers have begun partnering with other providers to enhance their service offerings and provide best-in-class solutions. Partnering in the cloud provides an array of computing and communication capabilities. The main purpose of cloud partnering is the provisioning of capabilities by either referring potential clients or actually creating production enhancements.

As Figure 1 shows, partnering delivers services using a relationship that can be cooperative. This cooperation helps to minimize some of the problems when working through various vendors that do not coordinate their interactions.

Figure 1. Partnering in the cloud
Image showing how partnering in the cloud might look

Partnering, however, provides only a loose coupling rather than an integrated solution. A more efficient and effective union is created with a federated cloud. The federated cloud is a closer relationship than a simple partnering. With a federation, the boundaries between the clouds are removed.

The federated cloud can bring private, public, and other hybrid clouds together, leveraging them as a single offering. It is an integrated approach to cloud computing that allows you to adapt your deployments to match business needs. In short, the federated cloud is a world that reconfigures the old way of working to aggregate skills and assets in the interest of an optimal response to contemporary society and especially commerce and the general social economy. A federated cloud is the organization and administration of multiple external and internal cloud computing services that are aggregated to fulfill specific business needs. See Figure 2.

Figure 2. Federated cloud
Image showing a federated cloud configuration

Transforming command and control with cloud federation

Federation provides the necessary management, financial, and technological assets on demand required to propel an agency farther and faster. Federated cloud computing mitigates the fragmented data, application, and infrastructure silo issues associated with the traditional business model. With IT as a Service, IT frees itself to build services as a utility that can be automated to enhance command and control, delivering maximum benefit to users.

The concept of command and control in its cloud computing role is much more flexible than the traditional command-and-control structures we have grown accustomed to. The classical form of command and control focuses on those responsible for command in the military sense. The federated cloud is a partnership in the legal fiscal sense. There is no single commander as in classical military history.

Federated command and control must meet the performance expectations and obligations stipulated by the various service level agreements (SLAs). The terms of the SLAs must be strictly observed, almost like a functionally localized constitution custom designed to accommodate the requirements and needs of the client parties. The integral parts of a given cloud federation must have a degree of agency autonomy that can be contracted with other agencies to form an aggregate, apex agency of voluntary cooperating enterprises. As more or less equal members of the federated cloud cooperating in a common enterprise, its very agency structure makes it a distinct form of the traditional command-and-control structures. The federated cloud must be designed and deployed so that the system itself demonstrates a significant degree of computing autonomy in critical system maintenance, security, authentication, and related essential functions. The command and control must be integral to the architecture and the code developed. The aggregated knowledge and technology of a federated cloud, properly managed with an appropriate SLA, means that any enterprise can easily cope with the contemporary business and political environment.

The profitable use of federated cloud structures lies in the understanding the risk-opportunity interaction involved with the switch to federated computing. To neutralize as much of the risk as possible and to harvest as much of the benefits as feasible, the enterprise or individual entrepreneur must have in place an overall computing architecture that is a reflection of their business strategy and structure. Doing so requires retooling and rethinking how the intellectual, material, and human capital of the enterprise is arranged, oriented, and organized to respond to the realities of the switch to the federated cloud. A big part is having the proper management strategy for interaction with those providing the cloud services. The subscriber to the service must understand the nature of the services contracted, the rights and responsibilities built into the SLA agreement, and most of all, have a strategic and tactical plan specific to his or her needs and computing expectation. If necessary, the subscriber to the service should be prepared to remedy any deficiencies that may arise.


Hybrid cloud technology along with XaaS allows you to tap into the requisite variety required to utilize ubiquitous devices and manage the mushrooming array of resources and services they make possible. The federated cloud is the most effective expression of the hybrid cloud. The development of the federated computing model has introduced an avalanche of services requiring new ways of organizing and controlling the underlying infrastructure. The development of a less rigid, centralized alternative form of the traditional command-and-control approach to managing and deploying computing resources is central to the efficacy of the federated model. The federated cloud is in all probability the closest approximation to the perfect application of William Ross Ashby's law of requisite variety. As he stated in rather bold language, ". . . only variety can destroy variety." The variety that federated cloud computing offers is probably our best response to the stochastic nature of global society.



Get products and technologies

  • Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, use a product in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement service-oriented architecture efficiently.


  • Get involved in the My developerWorks community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.


developerWorks: Sign in

Required fields are indicated with an asterisk (*).

Need an IBM ID?
Forgot your IBM ID?

Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.


All information submitted is secure.

Dig deeper into Cloud computing on developerWorks

  • developerWorks Premium

    Exclusive tools to build your next great app. Learn more.

  • Cloud newsletter

    Crazy about Cloud? Sign up for our monthly newsletter and the latest cloud news.

  • Try SoftLayer Cloud

    Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.

Zone=Cloud computing
ArticleTitle=Inside the hybrid cloud, Part 2: Federation is key to XaaS