In a recent post I introduced the importance of considering a "seamless" strategy when creating inter-cloud architectures. There are a set of technologies that can facilitate agile and frictionless movement of application workloads and data from a traditional enterprise data center to a different cloud architecture.
In this post I would like to discuss CloudLink as one of those technologies. The diagram below depicts the CloudLink technology (Cloudlink Center) sitting in an on-premise enterprise data center that is primarily running traditional (Platform 2) applications. The arrow extending into the upper right-hand quadrant indicates that the business has identified a workload (new or existing) that they wish to run (off-premise) in a cloud environment that is favorable to Platform 3 applications. CloudLink supports a variety of clouds.
It makes quite a bit of sense, when creating an inter-cloud networking architecture, to start with the security framework. CloudLink is such a framework. I spoke with CloudLink technologist Misha Nossik and asked for a summary of what CloudLink does:
CloudLink’s vision is to help users control the workloads running in the cloud by encrypting all data at rest and placing keys and security policy in the hands of the user.
In the context of the environment above, CloudLink takes advantage of standard cryptopackages that are likely to be running in most off-premise cloud environments (e.g. Bitlocker on Windows and ecryptfs or dmcrypt on LINUX).
CloudLink verifies that the guestOS has not been tampered with and is running in a location that is in accordance with user policy. Once these conditions have been satisfied, CloudLink gives the cryptopackage its key from the external key manager. Both the policies and the keys exist in the lower left-hand quadrant, giving the enterprise more control than similar cloud-based security services.
There is a lot to say about the internals and benefits of CloudLink's approach (e.g. the difficult task of delivering keys in pre-boot environments). For a full set of blogs, videos, white papers, etc., visit the CloudLink resources page.
However, my main goal is to consider how technologies like CloudLink can be knit together with other inter-cloud networking technologies to create an architecture that supports seamlessness. This would require CloudLink to support an underlying API that can exist alongside APIs from other intern-cloud networking solutions.
Fortunately, CloudLink possesses such an API. CLC (CloudLink Center) offers a REST API interface. Anything that can be done through the CLC GUI can also be done programmatically via the API.
This positions CloudLink as a foundational technology to realize seamlessness:
In upcoming posts I will continue to explore:
- The applicability of CloudLink's approach in regards to the other two quadrants.
- Under the hood of the CloudLink API to understand the structure and capabilities.
- The capabilities of other inter-cloud networking technologies and their potential interplay.