press room

CloudSwitch was a contender Monday for “Most Promising” or “Most Innovative” at the Up 2010 (as in Upstart 2010) conference, a cloud computing event. CloudSwitch founder Ellen Rubin was hard pressed to spare a few minutes to talk about the cloud in a tete-a-tete before hitting the stage to offer CloudSwitch’s case.

“Companies want to use the hybrid model of cloud. The value comes from having a scalable, on-demand resource you can use when you need it. Our software lets them do that in a secure way,” she said.

I don’t necessarily believe everything that I’m told. But I know I’m looking for companies smart enough to allow the existing, crazy-quilt mix of computing systems in the enterprise data center function more effectively through an extension into the cloud. The task isn’t to get the enterprise to conform to what the cloud suppliers have got. The challenge is to help the enterprise workload move seamlessly into the cloud, without a drastic conversion effort. CloudSwitch may be one of those companies that helps you do that.

I first talked to Rubin, VP of products, and CEO John McEleny by phone as they launched the 1.0 version of CloudSwitch Enterprise Edition last June. Installed in the data center, CloudSwitch can move a VMware ESX Server virtual machine out to Amazon’s EC2 and allow it to run there without a conversion to an Amazon machine image (AMI). CloudSwitch inserts an isolation layer above the cloud hypervisor and below the virtual machine’s operating system to let the workload run as is, but appear to be an AMI virtual machine to EC2.

Rubin says CloudSwitch can do this in a secure manner because it uses a VPN to connect to the cloud and keeps in its own isolation layer the encryption key needed to read the data. The application logic and data must be decrypted as they run in the cloud, and the customer is dependent on the cloud’s security during actual execution. But the transmission and setup of the workload, where the encryption key must be used, remain outside the public cloud. No prying eyes, if there happen to be any, can see either the encryption key or the data inside the isolation layer, Rubin said.

This discussion reminds me of how VMware’s former chief scientist, Mendel Rosenbloom, used to describe the hypervisor as a layer of software that lifts the operating system up a notch and slides itself between the operating system and the hardware, taking over the task of talking to the hardware. Rubin, in a somewhat similar vein, says CloudSwitch has inserted a shim between the cloud hypervisor and the workload, placing its own basic protections and operations there.

There’s some networking hocus pocus involved as well, but basically CloudSwitch assesses a virtual machine running in the data center and figures out what resources it would need if moved to the cloud. It has amassed cloud-specific information so far on EC2 and Terremark. Savvis, Rackspace, and Microsoft’s Azure are next on the list. It then provisions a virtual machine in the cloud that’s a match and can translate the VMware operations into calls and processes recognized by the cloud host.

Rubin says rather casually “a couple of percentage points” of overhead is incurred as it does this. The overhead may be “5-10%, depending on the workload in some cases,” and less than 2% in others, she said when asked about this point.

It’s not exactly rocket science to get one brand of virtual machine to run under another brand’s hypervisor. I’m sure it’s complicated enough, given the vendor’s proclivity to make it so, but a hypervisor is looking for standard information in a virtual machine file. They vary in how they read the sequence of information in the header and how they re-construct the parts, but in the end, each is doing the same thing and it’s a matter of mapping one style to the other. (The hard part was when Rosenblum deciphered the x86 instruction set and emulated precisely in software what it was doing in hardware.)

“Everything about the customer’s application can run unmodified in the cloud,” said Rubin, a statement I want to believe for the sake of IT managers everywhere. “The big issue becomes figuring which apps are the right ones to move to the cloud.”

CloudSwitch seems to open up the tantalizing prospect that spikes in workloads in the data center can be offloaded to the cloud. The CloudSwitch isolation layer registers the IP address for the application as it runs in the data center and keeps it in play, allowing the same monitoring systems used to view it to continue that function as it runs in the cloud. The policies governing the application and the security measures assigned to it follow it into the cloud as well, in the CloudSwitch approach.

There may be some unnamed weakness to this approach, some hole you don’t see until you’re actually using it. But I’m intrigued that what Rubin says might be possible.

Version 2.0 is due Dec. 13, and I expect to return to this topic as that date rolls around. Meanwhile, CloudSwitch was voted “most promising” by the Up 2010 audience Monday in Burlingame, Calif., having previously been named the Launch Pad favorite at Cloud Connect a year ago and the top startup in the GigaOm Structure 10 bakeoff in June.

Rubin is a veteran of Netezza, which grew to $125 million in revenue with her as its VP of marketing. It staged a successful IPO in 2007 and was recently acquired by IBM. Whether she and the CloudSwitch team are about to do it again remains to be seen, but so far the Burlington, Mass., firm has convinced Matrix Partners, Atlas Ventures, and Commonwealth Capital to part with $15.5 million in the hopes that they will.