I see the real problem here as understanding the definitions for various kinds of clouds and which workloads belong on which clouds. Maybe a few definitions will help demystify deployment choices. In my many conversations with clients, I find that this precision is necessary because the underlying conversation is really about economics. And given the hype around cloud, it is easy to conclude that public clouds are the answer because they are perceived to be the least cost solution.
Public Clouds offer their services to any appropriate and willing buyer. They may offer only computer power and storage or they may also offer some service management and also applications. Some public clouds may be used for any reasonable purpose the user chooses; others are for specific tasks such as develop and test.
Private Clouds offer the architecture and services of public clouds (including virtualized servers and services) but are entirely within the control of their owners, providing better integration with existing applications and better security.
Virtual Private Clouds create private clouds within a public cloud. It allows for possibly more elasticity (scaling up and down), but provides less control.
Community Clouds are private clouds built for a single owner who plans to share them or a group such as an industry.
This client has a really interesting use case. They are developing a cloud infrastructure to support the needs of internal and external investigators. They must comply with applicable regulatory policies including: HIPPA, GINA, CMS, FISMA, FDA, and VA.
They want to provide investigators with a standard virtual desktop environment that supports secure access to research data. The idea here is to secure the data by keeping it at rest in the data center -- and provisioning virtual desktops to access the data, keeping it (the data) at rest while controlling the desktop. Longer term, they'd like to expand the service catalog to allow their users to go off site to get non-secure services.
So here's an example of a cloud providing data security. We don't hear that every day! To help achieve their goals, they’ll need a private cloud to meet the HIPPA FISMA and other compliance requirements, but they also need a cyber security audit to understand the challenges and plan a system that meets them. The ultimate value – control and data security.
Public Clouds offer their services to any appropriate and willing buyer. They offer their services on a variety of terms, from 30-days to longer and more formal multi-year arrangements. SMBs, individuals, and startups, as well as ad hoc projects in larger organizations, like the informality and smaller financial commitments of vendors like Amazon and Google. Larger enterprises and mid-market organizations prefer the security of longer-term commitments, with service and other guarantees. A public cloud may be compute power and storage on demand, or it may offer service management and applications, sometimes by the platform providers, sometimes by Business Partners. For example, in addition to its IBM Smart Business Development and Test on the IBM Cloud public cloud offering, IBM provides its development software on the Amazon cloud and offers collaboration cloud deployment with IBM LotusLive.
Private Clouds offer the architecture and services of a Public Cloud, but entirely within the control of their owners. So far most private clouds have been created for large enterprises and government organizations. Some are entirely private, living inside the organization's firewall, much as an enterprise data center. Others are owned by an organization, designed be shared with partners, customers, or others. For example, IBM created clouds for the government of
Virtual Private Clouds create private clouds within a public cloud. It's a best of both worlds notion, combining the security of a private cloud with the ability to create new private clouds or scale them up or down, on demand (within the available capacity of the platform provider). It's not clear yet whether enterprises will consider these virtual private clouds equivalent (in security and control) to private clouds.