momius - Fotolia
Single-tenant cloud services help alleviate security concerns
What happens when an enterprise wants the benefits of cloud but without the multi-tenancy? Isolated services are available for those willing to pay.
Public cloud adoption has entered a new phase, as businesses move their mission-critical applications off premises. As they do, many IT organizations want more direct control over security and reliability than they get with a general-purpose IaaS offering.
In 2015, about 25% of IT managers planned to use public cloud, for any type of application, including those with a lengthy list of requirements, according to 451 Research's Voice of the Enterprise survey. By 2017, that number grew to 40%.
"As companies move mission-critical applications, they desire stronger IaaS options," said Fernando Montenegro, analyst at 451 Research.
To meet this need, leading providers, such as AWS and Google, developed single-tenant cloud services -- namely, AWS Dedicated Instances and Google Compute Engine sole-tenant nodes -- that are dedicated to one user. But, despite the benefits of these services, there are some limitations.
The neighborhood watch
Public IaaS providers rely on a multi-tenant architecture, in which users share the same underlying compute resources. If one user's workload spikes, latency problems can arise for other users, because the high resource consumption for that spike starves the other workloads of resources. This issue is known as noisy neighbors. Single-tenant cloud instances don't have neighbors, so performance is more reliably consistent.
Single-tenant cloud services offer several benefits beyond performance. For example, single-tenant cloud services can reduce security concerns, as they isolate a workload from any attacks on a neighboring VM.
Lydia LeongVice president and analyst, Gartner
The level of isolation that these single-tenant services provide will especially appeal to financial services and healthcare firms with strict compliance requirements, Montenegro said.
Another driver for these services is improved automation, said Lydia Leong, vice president and analyst at Gartner.
"Some companies want to hold their servers close, protect them and do not trust the public cloud," Leong said. But enterprise IT teams that manage private clouds on premises often struggle to keep pace with providers' levels of automation. A single-tenant cloud deployment within one of those public clouds offers a way to take advantage of increased automation -- as well as many other advanced features from vendors like AWS and Google -- while still maintaining a high degree of system security and reliability.
Similarly, these single-tenant services let organizations mix and match cloud offerings; they can use general-purpose IaaS for low-priority applications and single-tenant IaaS for workloads with more stringent requirements.
The tradeoffs of an exclusive cloud
The single-tenant cloud isn't a cure-all, and it isn't free.
Customers usually have to pay a premium for isolation. Exact pricing varies, depending on the specific vendor and applications, but the general rule of thumb is that these services cost about 10% more than generic IaaS instances.
In feature set, single-tenant services might lag behind mainstream public cloud. Vendors generally deliver new features to their horizontal IaaS offerings first and then later tailor them to other services beyond their core offerings. For example, an IaaS provider might add a new type of flash storage to its general-purpose instance types before dedicated instances types.
"When your cloud team is scoping out IaaS services, they need to read the fine print and do extra due diligence to determine which services are and are not supported," Montenegro said.
AWS, for example, puts the onus on users to determine which services are and aren't available with its Dedicated Instances.
Also, while isolated environments in the public cloud can boost security, they aren't exactly bulletproof. Hackers attack systems at the easiest entry point. Single-tenant cloud services enjoy VM application isolation, but users share plenty of other potential attack entry points, such as network connections.