Unisys to build its own stealthy cloud

Unisys may have not taken over the world as either a system maker or an outsourcer, but it's a player in both markets and it doesn't want the move to cloud computing to leave it behind.

That's why Unisys is dedicating an 800-person consulting team - about three percent of its 27,700-person global workforce - to a cloud-computing consulting practice. And the company is going to hang out its shingle as cloud utility as well as offering to run hybrid clouds that are a mix of internal clouds running at companies and the Unisys Secure Cloud.

Let's start with the funny bit, something that Unisys calls My Secure AaaS - which is short for Application as a Service, obviously, but which sounds more like something you'd want if you're off to a stint at Sing Sing.

But seriously, folks... Starting in the third quarter, Unisys will roll out its own cloud, and like other vendors, the cloud has to have the vendor name in it so you can remember which cloud you're on. Hence the name Unisys Secure Cloud.

And Unisys is dead serious about the secure part, taking a technology called Stealth that it developed and deployed for the U.S. Defense Department and NATO to build what it considers the most secure cloud that will be available on the market.

According to Rich Marcello, president of the Systems and Technology division at Unisys, the Unisys Secure Cloud will initially be based on a mix of the company's ES7000 family of servers, including homegrown big SMP boxes that it co-designed with NEC as well as rack servers it OEMs from Sun Microsystems Oracle and Dell; storage for the cloud will come from long-time partner EMC.

Marcello was deliberately vague about the exact configuration of the cloud, but did add that it will initially support server-virtualization hypervisors from VMware (ESX Server) and Citrix Systems (XenServer) and will make use of the orchestration, provisioning, and compliance tools Unisys has created (uOrchestrate, uProvision, and uGovern by name) for its ES7000 customers.

Eventually, the Unisys cloud will support ClearPath mainframes and their MCP and OS 2200 workloads, but when that might happen, Marcello was unable to say.

The Unisys Secure Cloud will be plugged into the company's existing data centers used by its outsourcing business - that means the cloud will have a global reach, which is something you can bet Unisys will tout to position itself against an army of hosting providers who will suddenly go virtual with their servers and start calling themselves cloud providers.

Further down the road, Unisys will take what it has learned from building the Unisys Secure Cloud and offer a cloud-in-a-box that will let its customers put a private cloud with all the same functionality as the Unisys version inside their data centers and behind the corporate firewall.

Sometime around March 2010 the company will sell hybrid clouds, allowing customers to use Unisys tools to manage workloads that will seamlessly span their internal Unisys clouds and the external Unisys Secure Cloud.

This sounds like every other cloud roadmap that every other server maker has come up with or is working on, although IBM is selling configured CloudBurst iron first and getting its IBM Cloud out the door later. Cisco Systems is trying to get its California blade servers and their unified networking and virtualization ramped up to be a cloud platform, and will use them to sell applications or to help others build clouds, but is stopping short of building and selling raw infrastructure capacity, as both IBM and Sun Microsystems Oracle plan to do.

Unisys absolutely wants to sell raw compute and storage capacity under a utility model, which it calls infrastructure as a service (IaaS), which is not to be confused (wanna bet?) with platform as a service (PaaS).

While the IaaS offering on the Unisys Secure Cloud will give companies virtual machines on which to run their operating systems and software stacks using either scale-up or scale-out variants of x64 iron, the PaaS offering will only expose the middleware and database levels of the software stack, allowing companies to run their applications atop systems software set up and maintained by Unisys.

The initial rollout for PaaS will be a Java stack including Apache, Tomcat, JBoss, and MySQL, but in September the PaaS offering will be extended to include a .NET stack running atop Windows and a WebSphere/DB2 stack for customers who like IBM's middleware and database. An Oracle database and middleware stack is in the works for this year for the PaaS product, as well. (Presumably these stacks, excepting the Windows .NET variant, are running on Linux.)

The Unisys Secure Cloud will also run more traditional software as a service (SaaS) products that Unisys sells, such as hosted collaboration software or virtual desktops that are served from the cloud. The My Secure AaaS offering mentioned above means taking customers' existing applications - the legacy stuff that is hard to move mostly because of paranoia about security - and running them on the Unisys cloud.

As far as Unisys is concerned, all of this slicing and dicing of the market by IaaS, PaaS, SaaS, and AaaS is academic because the real thing stopping the adoption of cloud computing is a lack of security. Once that's solved, customers will run their applications in clouds. This is where the Stealth product that Unisys created in conjunction with a company called Security First for its DoD and NATO contracts comes in.

Stealth is a security appliance for securing networks and storage, and it employs a technique called bit splitting to secure data as it is placed on disks or passed around networks by scrambling data at the bit level. You need one key to decode that scrambling, and then layers on top of that encryption, which has its own key.

Because of the scrambling algorithm, you can do deep packet inspection on the encrypted data and still not be able to decipher what the data is, according to Sam Gross, vice president of global IT outsourcing solutions at Unisys.

On storage arrays, the Stealth scrambling algorithm breaks up bytes of data and spreads them out as bits across the platters using an algorithm that also has its own key, separate from encryption, just like in the network implementation.

The upshot of this bit splitting and encrypting is that Client A on a cloud cannot see Client B's data unless they have both keys. And because the Stealth protocol is performed by an appliance at the end points of a system, you don't have to modify an operating system or its applications to make use of it.

Of course - if Unisys can make an "of course" - if Unisys can make a bit-splitting appliance, so can all the other cloud providers who want to be able to show that their clouds meet stringent government and military security requirements.

If Unisys can partner with Security First to get the Stealth bit-splitting tech (which Security First calls SecureParser), then it's reasonable to assume that others can license it or come up with a similar algorithm. ®