- Software-As-A-Service which gives you and I ready-made (fully finished) applications, on-line social networks and unified collaboration tools without the restriction of firewalls. Its what i call Power to the people.
- Platform-As-A-Service means to shield the developer from installing anything and deploying nothing because the programming platform is out-of-sight and out-of-mind. If you've ever written code then this paradigms mantra is: Power to the developer.
- Infrastructure-As-A-Service (Infrastructure Cloud) outsources servers, networks and ultimately the data-center and the icing on top is next generation technology for mass-web-application delivery. In other words: Power to the enterprise.
In this blog entry I wanted to talk a bit about Infrastructure clouds. These providers are at the bottom of the IT rung and have gotten a lot of attention in FY09. A CIO organization that I am intimately familiar with estimates more than $400,000 per year savings if they were to relocate a single seasonal application to an unnamed pay-per-use cloud provider whose name starts with the letter 'a'. Savings were calculated based on the server landscape and servers sizes (development and test, staging and production).
Infrastructure Clouds will happen incrementally and will eventually be the new normal. Dig deeper into the feasibility of moving an infrastructure capability outside of the enterprise and a lot is revealed in terms of pros & cons, pitfalls, issues & considerations. Substantial savings are possible and you can minimize your dependency on a static infrastructure. Amazon Web Services brings with it a pioneering pricing model that flexes with your variable capacity.However ... opting for such an external Infrastructure Cloud route is more than a mentality - its about a business case and buy-in from stake-holders. Here are the 8 (they were 10 at some-point) issues & considerations list as you explore and assess your infrastructure computing play:
1. Calculating "hosting costs" of infrastructure clouds are the understatement of this year. A detailed cost of ownership is needed and one that honestly reveals the cost-benefit. Switching to anything new introduces complexity. And ongoing run/operational costs don't go away. After all "Linux (or Windows) boxes don't manage themselves". You must break-down the costs bottom-up.
2. Hidden constraints and technical cloud architectures. Memory hogging applications will more than frown upon standard virtual machine settings. Databases may require expensive (effort and cost) "re-partitioning" to fit the cloud providers paradigm. There are new data management formulas in town that maybe better suited. NimbusDB, Hadoop to name a few. To truly and honestly capture the benefits of elasticity (scale-at-will) you will also have to re-architect or "re-factor" your application for parallelism.
3. Cloudy Performance. Testing and benchmarking is needed to validate that your applications will run without loss of characteristics and won't drift into no-mans-land overtime. We have conducted internal evaluations of elastic load-balancing capabilities and I will share the results in a separate blog entry.
4. Understand liability of outsourcing the handling and processing of data. Uncertainty, fear and the veritable "not-invented here syndrome" can very swiftly put a wrench in any public cloud adventure. Early input from the security teams and legal organizations is a must. Do you know what your requirements are in the first place. Maybe its something from NIST or an ISO Standard. Does your risk & security models fit in a virtual, multi-tenant and massively scalable setting. If not a net-new risk assessment is the only sure-fire method to reveal show-stoppers and understand strategies to overcome concerns of storing and handling Personally Identifiable Information, your compliance obligations and on-going status. Lots more here in another blog post.
5. Bridge over troubled waters. Sorting out your options to talking back to the enterprise is dizzying. Licencing issues do not vanish with a public cloud. Appliance-based Virtual Private Network, software based virtual private clouds and other secure or dedicated network solutions are viable options. In another blog I will address some of the findings and observations vis-a-vis software and hardware Cloud VPNs.
6. In Cloud provider we "maybe" trust. One quickly realizes that a short duration, non-sensitive application won't get anybody fired it its loaded up on an infrastructure cloud. Start-up companies are running thier business on clouds every day. But not every organization is in risk-averse start-up mode, and most likely you author/owner, controllor or processor of intellectual property or private customer data. In any relationship one will have to determine what is gained and what is lost. Trust is about confidence on either side of that equation. You form and determine your degree of trust in a variety of ways including: credentials or identify of the provider, behaviour (e.g. transparency, qualifications) reputation in the market-place, history and track-record in the business, binding commitments in Service Level Agreement & terms of use.
7. Control & Governance . Sand-boxes, code promotion, deployment, service provisioning, service commissioning/De-Commissioning, service monitoring, backup, Disaster Recovery, charge backs. Just a smattering of the capabilities, services and tasks - in no particular order.
8. Security, Privacy and Compliance. Suffice to say, security will have a strong voice of its own in the decision to move to a Cloud. Willingness to trust the vendor is will get you to the starting gate. Standards and requirements will factor into both your risk tolerance and dictate if safeguards limit your exposure. New cyber-threats see an larger attack surface (lots of computers in one place). The attacks themselves are more sophisticated and looking into rear-view mirror is not sufficient. You will have to more like the new E-Class - anticipatory to the situation at hand. Cloud computing is neither brand new, nor a leap of faith.
Accenture believes the future IT infrastructure will be a combination of traditionally managed infrastructure and services sourced from IaaS, Platform as a Service (PaaS), and Software as a Service (SaaS) cloud providers. Bridging the gap between existing environments and operating models and differing Cloud offerings will require the enterprise to support highly virtual, dynamic environment conducive to cloud computing, while enabling automated provisioning and orchestration. An internal Cloud is not imaginary (more on that later) and the benefits but can be extended to external Cloud providers to obtain capacity, services, and data to reduce cost, increase speed to market, address capacity demands.
Our experience shows embracing a cloud model is substantially different than executing traditional Data Center models, from planning and acquisition through management and operations. It is generally counterproductive to re-engineer cloud infrastructure models to directly mirror traditional Data Center structures. While executing and integrating traditional management elements is essential, sourcing an external cloud computing model means ceding some architecture and infrastructure control. However, significant financial and flexibility benefits can be achieved by effectively harnessing and integrating the strongest aspects of traditional and cloud operation models.
Until we meet again....Walid Negm
