This seems like it's mostly aimed at the kind of corporate idiots that are obsessed with centralized firewalls and proxies and "application security firewalls", especially when they're packaged as a funny-colored 1U server with an awful web interface and a 100x markup.
Haha, the Redline EX3250 is an example of one of those 1U servers that can take a lot of load off your servers by doing all your SSL. It sold for $30,000 in 2003 - I bought one on EBay for $225 in 2007 and use it to run SSL for my site. It's amazing what people pay for "enterpriseyness."
I wonder if this is an effort to make it easier for corporate IT departments to run experiments with EC2, in hopes of eventually luring large datacenters on to the service. It seems like it would be vastly easier to get political cover for trying out a VPN-only service unreachable from the internet than the regular EC2 infrastructure.
It allows enterprises to easily and securely integrate servers that run in the cloud with their own internal infrastructure via a VPN. This fosters hybrid environments (internal IT + cloud in parallel) and thereby lowers the barriers for migrating IT services incrementally to cloud services. It takes away one of the most cited obstacles for the adoption of cloud computing in enterprise IT: security.
The obstacle is that most major corporations aren't going to keep their most important data on some other corporations computers. Insecure transit was not the primary problem with AWS for those situations and those companies. There are many ways to securely send data over the Internet, and most don't require IPsec to be provided by Amazon.
The network isolation is somewhat interesting...but it makes me wonder why non-"private" AWS services aren't already isolated at the network layer. There's no reason why they couldn't be. They already control everything that goes in and out of every virtual machine in their data center, there's no reason the default should be for any machine to be able to talk directly to any other machine.
Thanks, I get confused sometimes by enterprise lingo.
My guess is the warm secure feeling will last until the new security tradeoffs of cloud computing become better understood a few months from now. But since so much is about perception, this is a clever move.
I agree that is by far not the end of the security discussion, especially, there is always that issue of trust towards the cloud provider itself. Do you trust Amazon's VPN, privacy mechanisms, etc. or do you prefer a third-party provider? Similar to: do you trust MS Firewall or the one of a third-party provider?
But I think it is more than only addressing perception - the alternative until today was building your own VPN by hand and dealing with all those dynamic IP addresses. Very awkward and error prone...
I got all excited thinking they had made something I could install in my own data center. While nifty, this still doesn't allow me to properly protect my data (whole disk encryption, etc). I want a self-hosted private cloud.
We're a co-opetitor to Eucalyptus, I think. Or something. We don't directly target the model of Eucalyptus, which seeks to exactly duplicate the AWS API on your own machines (a valid pursuit, I suppose, but not one we're interested in). We will very likely support Eucalyptus at some point (assuming customers want it; though no one has actually asked for it, so far; it would be relatively easy to add since we already support AWS), as Yet Another Virtualization Layer. We're agnostic about that stuff.
We have built our own (much simpler to use) API and GUI for building private clouds, but it doesn't seek to clone the AWS API in any way. Though it can use AWS as one type of virtual system to be managed (among many others; Xen, OpenVZ, Zones, and vservers, with KVM and VMWare on the TODO list). Where we're particularly strong is in delegation and resource sharing amongst many untrusted parties. We're trying to help people build AWS-style services and sell them or offer them to disparate divisions within a large company. It's still early yet in that plan, but we're speeding up on Cloudmin (our product in this space) now that we have several heavier users of the product.
Anyway, private clouds are definitely something a large number of huge companies want. Amazon has no good incentive for moving into that space, since there's so much room at the bottom where they're operating now, and there's still thousands of companies that will move into the public cloud to one degree or another that have not done so yet. Actually, I guess if Amazon wanted a monopoly on the space, then they would have one good reason for moving into the space, but from everything Bezos has said on the subject, they don't actually want a monopoly or think they could maintain one. We'll see, I guess.
"private clouds are definitely something a large number of huge companies want. Amazon has no good incentive for moving into that space [...]"
Maybe not directly. A year ago Amazon participated in a $12M series B financing for Elastra, a major private cloud player. As far as Amazon is concerned, more private clouds means more hybrid clouds, which means a bigger pond for the every-growing AWS fish.
No argument here. We've found that the folks we're interacting with do want to be able to overflow into AWS, as needed, and with data that is not sensitive.
I think Amazon is moving with astonishing efficiency in this space. If we ever find ourselves in competition with them, I'll probably sleep a little restlessly at night. They're certainly more sure-footed than almost anyone else in the space. They occasionally implement things in ways that are a little obtuse, but in general, they've executed extremely well, iterated rapidly (incredibly so for such a large company), and delivered good products before anyone else even realizes there's a need.
Webmin is a 12 year old Open Source project; it has never been a "company". Virtualmin, as a company, has only existed since mid-2006, and we did YC in winter of 2007.
Virtualmin, the Open Source project, existed for a few years before that, but was always a hobby for Jamie and I and a few other interested parties. Both projects have grown in popularity by a large amount since we started the company. I think the usability and capability has also been improving at a good clip, now that we can spend more time on them (and pay other people to spend time on them).
It will be a great success.