01-16-18 | Blog Post
Note: This is a guest post by Sam Youness, who has 20 years of experience history in technical and solutions architecture, engineering, and consulting, with more than 12 of those at Microsoft, specializing implementing the newest technologies for his clients. Sam is also a Microsoft Certified Azure Architect.
The Spectre and Meltdown vulnerabilities have shaken the IT industry and left some people wondering about the security of their mission-critical data in a multi-tenant environment.
Data hosting is still a viable option of course, and Spectre and Meltdown by themselves aren’t enough for people to lose confidence in multi-tenancy. However, the possibility that these two flaws may not be the last is real. Software patches were issued in a hurry to address these vulnerabilities, which introduced performance slowdowns when users were accessing their cloud resources. The question remains, how will this affect customer confidence in multi-tenant cloud providers? Do customers trust that their data will remain private and separate from other customers’ data who share the same infrastructure, or will they begin to doubt the value of moving their IT assets to such environments?
The main attraction of the public cloud has been the cost savings and robust elasticity. The cost savings come from the fact that customers do not have to worry about managing the machines on which their applications are deployed. In some configurations, they do not even have to manage the operating systems, networks, gateways, etc. as all of that is managed for them by the cloud providers so they can focus on their application and data. However, the tradeoff for customers is that an application could be hosted on a rack that is shared by multiple customers to allow for easier management of workloads by the cloud provider.
Some cloud providers offer what’s known as bare metal hosting, meaning customers provide the entire software layer, from the OS on up. IBM is the only public cloud provider that offers this at the moment, although Amazon announced it will be offering this option in the near future. This architecture is similar to on-premise closed deployments that guarantee no access to customer applications since the infrastructure is not shared.
A bare metal server is a dedicated single-tenant server, meaning the customer uses all the resources of the server without having to share them with other customers. It is actually the traditional dedicated server with a new fancy name in the cloud era. The cost of using the bare metal server is billed on a monthly basis, or per hour (based on usage similar to cloud pricing models). For IBM and other cloud providers who provide or will provide bare metal deployments, customers can specify hardware requirements in a portal (from a list of available configurations by the provider) and deploy their software on them in a very short time.
Picking the right pricing model depends on usage pattern. For more continuously running workloads, monthly billing may be more cost effective. For intermittent usage, hourly billing may make more sense, as customers pay only for the time they use the server. Bare metal servers can run a native operating system or a hypervisor, which allows to run different operating systems in a virtualized manner.
Given the latest Specter and Meltdown security flaws will likely give more prominence to bare metal deployments with customers who are wary of deploying their mission-critical applications and data in a multi-tenant environment, such as traditional public clouds. Customers will not abandon public clouds; instead, they may be more careful in what workloads to deploy in such environments and what to deploy on the “traditional” dedicated bare metal servers.