The G-Cloud Demonstrator

HP Labs shares its vision of how cloud computing could transform public sector IT services


John Manley and Martin Sadler in the G-Cloud Demonstrator room in HP's Bristol, UK Laboratories.

By Simon Firth

John Manley, Director, Automated Infrastructure Lab.

John Manley, Director,
Automated Infrastructure
Lab.

Bristol, October 2010 -- Visitors to HP's Bristol, UK Laboratories can get a tangible sense of how cloud computing might help governments around the world deliver their core IT services much more efficiently.

As nations face growing public sector deficits, the savings promised by government-specific Clouds – often called G-Clouds – has them attracting increasing interest. But they remain mysterious to many public servants, says HP Labs Director John Manley.

"What we've done is create a G-Cloud demonstrator," Manley explains. "We'll be bringing in civil servants, ministers, members of parliament and high ranking defence officials, among others, to talk about the contribution that cloud computing can make to the public sector and using this as a specific example."

Among IT professionals, it's widely accepted that cloud computing – where information services are delivered over the Internet via flexible infrastructures created by third party institutions or organizations – holds huge promise for IT cost savings. The UK government's own experts, for example, estimate that moving into the cloud could shave some 3.2bn (approx. US$5bn) from the nation's 16bn (approx. US$25.5bn) annual IT budget.

But beyond that, says Dr Manley, "G-Clouds will let governments offer new and better kinds of services – things we haven't even thought of yet."

And yet true Clouds of any kind remain a rarity.

"We're still in the very early days," cautions Manley, who manages HP Labs's Automated Infrastructure Lab.

"A lot of different things need to be in place for us to realize the full potential of the cloud," he argues. "But what we're doing here – in a collaboration with colleagues from HP's Enterprise Services group – is sharing HP's vision of G-Clouds and what they might mean, and at the same time offering a significant demonstration of the underlying technologies that will make them possible."

G-Cloud security

One major impediment to the adoption of cloud computing has been a fear of placing sensitive data up ‘in the cloud.' That's an especially serious concern for government officials charged with managing services – such as healthcare, criminal justice, and defense – that require the storage of highly personal or secret information.

It's one reason why governments want to create their own cloud networks, rather than run their services on public cloud systems.

And it helps explain why the first technology to be highlighted in HP's G-Cloud Demonstrator focusses on G-Cloud security.

"One of the things we're doing," says Manley, "is simulating an attack on a G-Cloud network, so you can see an attack happening and then see how the G-Cloud protects itself and overcomes the threat."

Virtualization as a solution to the security challenge

Martin Sadler, Director, Systems Security Lab.

Martin Sadler, Director,
Systems Security Lab.

To achieve their potential, cloud networks necessarily separate service providers from the providers of the software and hardware infrastructure that run those services.

"But that begs the question of who is taking care of security," says Martin Sadler, Director of HP's Systems Security Lab. "With all of those handovers and all those different groups of people, it can be anyone's guess."

One solution to this problem is to exploit the very technology that makes cloud computing possible: virtualization. By running virtual systems on top of actual, physical infrastructures, cloud networks can dynamically shift workloads to efficiently accommodate demand within the physical resources available.

Similarly, the job of security can itself be virtualized.

"In effect," says Sadler, "you create virtual machines to watch other virtual machines."

HP's G-Cloud Demonstrator shows a G-Cloud automatically protecting itself in this way using security technology developed in Sadler's lab. It also allows the cloud system to be viewed from a number of perspectives.

"For some people concerned with security, a top-level view of the system is the only thing that matters," Sadler notes. "But then other people want to see different levels of abstraction, all the way down to those who want to see packets flying around. And with this Demonstrator, you're actually able to do that."

As a result, IT administrators can alter how they think about security. "It's now a resource," argues Sadler. "The moment you think you're under attack, the systems deploy more resources dynamically to mitigate it. But the moment you cease to be under attack, it releases those resources back up."

Such systems only deploy the minimal resources they need for protection – and therefore run much more efficiently. But they are also better at catching ‘false positive' signs of attack that turn out to be easily mitigated and yet typically consume considerable resources before they are determined to be a low grade threat.

A single private/public cloud

If G-Clouds achieve the levels of security that Sadler and Manley believe is possible, they are likely to flourish. And when they do, it's likely that governments will eventually want their private cloud networks to connect with public cloud networks – which ought to be able to employ similar security strategies to ensure their own integrity.

Governments might not always want to meet peak demands for workloads within their own data centers, for example. Come tax return time, it could be much more efficient to send that extra processing work into the public cloud than to build a larger G-Cloud system simply to accommodate a periodic spike in demand.

For that reason, says Manley, "the way in which we build cloud computing needs to be common to private clouds and public clouds."

"We need to understand the requirements on the underlying infrastructure to make that single foundation happen," he adds.

One cloud network – thousands of services

Even before they join with public clouds, G Clouds ought to be able to run multiple services over a single infrastructure.

Rather than dozens of police forces all owning and maintaining their own data centers, for example, a G-Cloud could consolidate the services used by the police forces into one data center. Thanks to virtualization, those machines would run at far greater efficiencies and cost much less to maintain.

A true G-Cloud would expand that concept beyond the consolidation of individual services to operate many of the thousands of different services that a government offers over a single cloud network, and all in a much more efficient way.

But the point isn't simply to save on costs, emphasizes Manley. "It's also to do with making things easier and with enabling new things to happen," he suggests.

HP and the G-Cloud stack

There are many ways in which HP Labs' G-Cloud research might impact the company's business.

"HP can operate in lots of different parts of the G-Cloud stack," says Manley. It could sell hardware to companies that create G-Clouds. It could create and sell the enabling infrastructure. It could become a service provider to other G-Cloud service providers. Or it could even offer G-Cloud services itself.

Remaining flexible is likely to be a key consideration, he feels, given that we're only just entering the cloud computing era.

"Everything's still very formative in Cloud Computing," Manley argues. "And the G-Cloud is only one of the avenues that we're exploring in Labs. We're looking at a number of different research areas, all completely different in their eventual impact on the cloud. But they come from a common, centered vision of how we think cloud technology should grow."