What’s the Difference Between Public and Private Cloud Architecture?

Often times we are asked by service providers, “what is the difference between public and private clouds from an architecture perspective?” So we thought we would use this as an opportunity to address this question.

Public and private clouds are similar; both utilize the same CPU, memory, and storage resources to provide a fault tolerant platform for deploying virtual machines. The underlying orchestration engines, such as CloudStack or OpenStack, pay no mind to architectural design. After all, the main benefit of cloud architecture is the fact that regardless of which domain the cloud will be deployed in, the underlying hardware requirements are the same and span the gamut of available hardware for each individual component of the cloud infrastructure.

That being said, cloud offers service providers the flexibility to deploy their cloud environment on anything from spare commodity servers with do-it-yourself storage, to densely packed blade servers and multi-million dollar storage appliances. At the end of the day the cloud orchestration engine and applications really do not care, each of its individual components can be manipulated as needed to meet the demand of its end user.

However there are a number of key differences between public and private clouds when we aren’t talking about infrastructure. These differences are dictated mainly by the various requirements of the end-user and each customer will value them differently. Below is a brief overview of just a few of these differences including security compliance, networking, metering and billing.


Security compliance and implications are major factors that decide which domain a cloud is deployed in. When particular applications/services require independent infrastructure due to compliance regulations and security implications, public cloud just does not fit the bill. HIPAA and PCI compliance cannot be achieved for an application/service running in a public cloud. Shared infrastructure is the foundation of public cloud and the pitfall for security compliance. When Security issues arise the most common remedy is to have dedicated hardware in which to deploy a private cloud tailored for the application’s requirements. This infrastructure can be managed independently or alongside existing cloud infrastructure.


Network topology will vary from cloud to cloud regardless of its public or private reference architecture. Most private clouds are segregated from the outside world in order to create isolation. Since applications deployed into a private cloud are meant to be private, ingress network traffic would, under normal circumstances be locked down. This is in contrast to public clouds, where virtual machines are meant to be readily accessible through a self-service portal over the Internet.

Metering & Billing

Metering and usage billing is an imperative component of any cloud environment; the only difference is who is utilizing the resources. In a public cloud environment end users consume resources on demand, which are metered and billed through a pay-as-you-go model. Network, disk, memory and CPU resources are monitored to allow for proper billing. Private cloud environments are typically used by a single organization and employees consume resources. The built in metering functionality allows the IT department to understand resource allocation and chargeback departments for consumption if necessary.

The overall design of both private and public cloud environments remains consistent except for the way resources are accessed. The underlying architecture at the core serves the same purpose whether it is private or public: allowing users to consume resources on demand.  As a service provider it is important to understand the other components that differentiate the two, but all in all the architecture is the same.

 photo credit: splorp