Currently browsing tag

Cloud Computing

Challenges of Enterprise Cloud Computing

Current results from Data Survey #1: Data Scientists. Thanks to everyone for helping the world understand Big Data better!

Please take the following 2-minute survey to help us understand your hadoop environment better.

[poll id="4"]

Today, the major use of cloud computing for enterprises are still in its infancy (heck the whole cloud computing space is in its infancy). Most enterprises use cloud computing for testing, development and other peripheral tasks. However, most, if any, are using the clouds for production use. This is fairly similar to the virtualization space, where early use of the virtualization technology are for testing and development. Ten years later, we are seeing more and more enterprises adopt virtualization for production use and virtualization has become main stream.

In the past month or so I have talked to a lot of people in the cloud computing and virtualization space. Many of these folk are working at/on startups that solves one of the many challenges for Enterprise cloud computing. What are these challenges? I have tried to summarize them here (in no particular order).

Data Governance

I’ve written extensively about the need for data governance in previous posts. In essence, enterprises have a ton of sensitive data that requires access monitoring and protection. Data (and information generated from the data) is the life blood of many enterprises, the loss of control will not be acceptable. Whole markets (read: DLP) are created to protect the enterprise data and information. On top of all that, enterprises must comply with many of the regulations that require data governance. By moving the data into the cloud, enterprise, for now, will lose some capabilities to govern their own data set. They would have to rely on the service providers to guarantee the safety of their data.

I hate to invoke the ILM acronym but much of data governance is about

  • Creation and Receipt
  • Distribution
  • Use
  • Maintenance
  • Disposition

So who’s tackling this problem? As far as I know, nobody is and nobody really can except for the service providers themselves. It is really up to the service providers such as Amazon, Google and Salesforce to provide guarantees that customer data are safe and access to data are restricted and protected.

Manageability

There are some great IaaS/PaaS out there, including Amazon’s web services (S3, EC2, EBS, etc), Google’s App Engine, Salesforce’s Force.com, Joyent, etc. However, most of these are raw infrastructures and platforms that do not have great management capabilities. This is not unusual. Throughout computing history, raw capabilities will generally appear on the market first, then management of these raw capabilities become a differentiator when competition heats up. Just look at the blade server and virtualization spaces as these are great examples of that trend. The hypervisor was the key technology that enabled enterprise virtualization; however, that piece is now being given away (see VMware’s ESXi) and management capabilities becomes the main differentiator.

Cloud computing is no different. An example of missing management capabilities for cloud infrastructures is auto-scaling. Amazon EC2 claims to be elastic; however, it really means that it has the potential to be elastic. Amazon EC2 will not automatically scale your application as your server becomes heavily loaded. It is still up to the developer to manage that scalability problem.

So who’s tackling this problem? Many startups have recognized the need for management early on and have built management capabilities on top of the existing cloud infrastructure/platforms. RightScale is one of the early pioneers in this space. Their solution solves many of the management issues such as auto-scaling and load balancing.

Monitoring

Monitoring, whether is for performance or availability, is critical to any IT shop. We are not talking about just how much CPU or memory the machines are using. We are talking about performance of transactions and disk IO and others. CPU and memory usage are misleading most of the time in virtual environments. The only real measurement is how long your transactions are taking and how much latency there are. According to High Availability‘s article on latency:

Amazon found every 100ms of latency cost them 1% in sales. Google found an extra .5 seconds in search page generation time dropped traffic by 20%. A broker could lose $4 million in revenues per millisecond if their electronic trading platform is 5 milliseconds behind the competition.

So who’s tackling this problem? Hypernic’s CloudStatus is one of the first to recognize this issue and developed a solution for it. They started with monitoring of Amazon’s web services, then recently added monitoring for Google App Engine. In addition, RightScale’s solution can also provide monitoring for the virtual machines under their management.

Reliability and Availability

I won’t beat the dead “Gmail down, EC2 down, etc down” horse here. But the truth of the matter is enterprises today cannot reasonably rely on the cloud infrastructures/platforms to run their business. There’s almost no SLAs provided by the cloud providers today. Even Jeff Barr from Amazon said that AWS only provides SLA for their S3 service. I haven’t researched the SLA issue so not sure how true that is. But if it’s true, I think this will be one of the biggest factor, if not the biggest factor, in enterprise adoption. Can you imagine enterprises signing up cloud computing contracts without SLAs clearly defined? It’s like going to host their business critical infrastructure in a data center that doesn’t have clearly defined SLA.

We all know that SLAs really doesn’t buy you much. In most cases, enterprises get refunded for the amount of time that the network was down. No SLA will cover business loss. However, as one of the CSOs I met said, it’s about risk transfer. As long as there’s a defined SLA on paper, when the network/site goes down, they can go after somebody. If there’s no SLA, it will be the CIO/CSO’s head that’s on the chopping block.

So who’s tackling this problem? Well, again, no one is today as far as I know. Maybe some startup will come up with clever idea to provide SLA as a third party vendor (read: cloud insurance.) Or maybe the cloud providers will grow/wake up and actually do something to encourage the enterprise adoption.

Virtualization Security

Security is a huge area that encompasses many different things, including the standard enterprise security policies on access control, activity monitoring, patch management, etc. On top of that, virtualization security is something that most enterprises are just starting to grasp but don’t fully understand. Many IT people still believe that the hypervisor and virtual machines are safe. Recent presentations from Blackhat has demonstrate that we shouldn’t sleep so tight at night. As IT shops get more educated on the virtualization security issues, it will become one of the factors they will consider when they move into the cloud. Access control and monitoring of the virtual infrastructure will be on top of their mind.

So who’s tackling this problem? There are quite a few startups like Reflex, Blue Lane and Catbird that are creating privileged VAs that claim to protect the VAs running on VMware’s ESX servers. However, ensure you do your research on the performance of these solutions first before adopting one of them. Other startups (unnamed) are creating interesting solutions in protecting the actual virtual infrastructure themselves, e.g., how do you protect and monitor access to the ESX servers? how do you control and monitor the movement of virtual machines using live migration or VMotion.

Cloud computing is here to stay. It will be the next big wave and will be adopted by enterprises. However, the industry as a whole needs to answer some of these challenges and ease the enterprises’ concerns.

Other interesting reads for Enterprise Cloud Computing are:

Response to “10 Reasons Enterprises Aren’t Ready to Trust the Cloud”

Current results from Data Survey #1: Data Scientists. Thanks to everyone for helping the world understand Big Data better!

Please take the following 2-minute survey to help us understand your hadoop environment better.

Stacey Higginbotham over at GigaOM wrote an interesting piece on 10 Reasons Enterprises Aren’t Ready to Trust the Cloud. Even though I agree that some of these points are valid reasons on why enterprises are hesitant in moving into the cloud, I have to wonder whether Stacey meant to be provocative (read: flame bait) on the piece. Also, the piece seems to be quite opinionated and lack support in many cases. Let’s drill down on it a bit.

1. It’s not secure.

I have written extensively on this blog (here and here) regarding the security concerns of SaaS and cloud computing. However, saying that the cloud is not secure is definitely a stretch. I would like to see some supporting evidence on this. The only major “security breach” I’ve seen is probably the Salesforce case.

In addition, none of the regulations or industry mandates, including HIPAA, GLBA, SOX, PCI, FISMA, etc etc, say anything about not allowing data to be outside of the corporate firewalls. In fact, many of the enterprises in the affected industries are already outsourcing some of their critical data. For example, financial companies using credit card processing services such as ViewPointe. There’s also plenty of hospitals using external services. PCI also has a specific section on hosting providers. Again, no regulation or mandate explicitly state that data cannot leave the corporate firewalls.

What CIOs/CSOs care mostly about is that cloud (application or platform) providers must meet their security requirements, there’s transparency in the security and operational practices, and that they can audit the provider or review the appropriate audit reports from the provider. The issue comes down to trust.

2. It can’t be logged.

Again, this is really about auditability, especially for compliance. This is definitely an area that’s lacking and cloud providers would be wise to do more in this area. Again, I wrote about that here: 4. Access Audit – Who has accessed my data and where’s my access logs?

3. It’s not platform agnostic.

Seriously though, is this really an issue? We are still in the world of multiple OS platforms, including different variants of Linux, Microsoft Windows, Mac OS X, Sun Solaris, IBM AIX, HP UX, etc etc etc. Is platform agnostic really that critical? Just like in the on-premise world, enterprises would be wise to evaluate the cloud platforms they plan to use based on a predefined set of requirements. Also, is supporting multiple cloud platforms really a concern that will prevent enterprise adoption?

4. Reliability is still an issue.

Again, I agree that reliability is a concern. However, that’s a concern regardless of what you decide. You have to worry about reliability if you choose to go with your own data center or cloud. You have to worry about reliability if you choose to partner with a data center provider to hose your gears. You have to worry about reliability if you choose to go into the cloud. Heck, you have to worry about reliability even if you just host your gears in your own IT network.

Stacey said “Even inside an enterprise, data centers or servers go down, but generally the communication around such outages is better and in many cases, fail-over options exist.” I am sorry, but by definition, the cloud platforms usually have these capabilities built-in already. A single server or multiple servers failing is usually not going to affect your cloud applications or platforms.

I believe the real issue is service level agreement. Are the cloud providers providing adequate SLAs and do the CIOs feel comfortable with the SLA that they are getting?

5. Portability isn’t seamless.

No disagreement here. Currently there’s not an enterprise version of the data portability standard. That can turn many enterprises away if they have no way of retrieving/migrating their data if they choose to go with another provider.

6. It’s not environmentally sustainable.

Again, a good issue to raise. However, I would like to see some evidence to show that creating and maintaining your own data center is more efficient than going into the cloud. There will always be excess capacity in order to handle spikes, regardless whether you build your own data center or go into the cloud.

7. Cloud computing still has to exist on physical servers.

No disagreement that data locality is an important consideration when moving into the cloud. I wrote about it in a previous blog. However, that just means enterprises should be aware of this issue and make sure that’s part of their requirement for evaluating the cloud vendors. This however does not mean enterprises won’t adopt because of this concern.

8. The need for speed still reigns at some firms.

The increase in bandwidth to home and offices is one of the main reasons why clouds are hot these days. However, I agree with Stacey that speed is definitely a concern for certain types of applications. At CloudCamp, during Jeff Barr’s AWS feedback session, the first hot topic that came up was how do people move a HUGE amount of data into the cloud and back. People talked about shipping hard drives as a solution to this type of problem.

However, this is not going to be an issue for most enterprises in the US, UK and countries with adequate bandwidth. Take for example applications such as Salesforce.com CRM, NetSuite, and many others, these applications do not require the need to transfer large amount of data back and forth so they are ideal for delivering via the web.

So again, a valid concern, but not a show stopper.

9. Large companies already have an internal cloud.

Again, I would like to hear more evidence from Stacey to back this up. I agree that most enterprises already have IT infrastructure in place, but most of these infrastructures are not considered clouds. My conversations with enterprises, including discussion from CloudCamp, is that enterprise IT groups are stretched thin and they can’t respond fast enough to business requirements. When the business require certain applications to do their job, they have to go provision hardware, software, space, etc and that process can take months. Going with the cloud allows them to quickly react to the business requirements and makes it a win-win situation.

Even if enterprises have their internal clouds, does that mean that shouldn’t consider external clouds? Enterprises should, and will, always weigh the cost/benefits to determine what’s the right solution for them.

10. Bureaucracy will cause the transition to take longer than building replacement housing in New Orleans.

Agreed. In big companies that’s ways going to be the case. No one is suggesting that all enterprises will move into the cloud overnight. Many of the enterprises are just starting to experiment with the cloud to see what can and cannot be done. This is healthy and it’s the right approach. A good example is New York Times using Amazon EC2 to convert millions of articles and TIFF image into PDF files.

Again, enterprises are adopting the cloud, just cautiously.

Coté’s Cloud Conference Week Series

Current results from Data Survey #1: Data Scientists. Thanks to everyone for helping the world understand Big Data better!

Please take the following 2-minute survey to help us understand your hadoop environment better.

Michael Cote

Coté over at Redmonk just went nuts :) and posted 5 articles on his views and observations of last week’s cloud conferences (CloudCamp, Structure 08, Velocity).

451 Group: Partly Cloudy – Blue-Sky Thinking About Cloud Computing

Current results from Data Survey #1: Data Scientists. Thanks to everyone for helping the world understand Big Data better!

Please take the following 2-minute survey to help us understand your hadoop environment better.

The 451 Group released a new report earlier this month on cloud computing: Partly Cloudy – Blue-Sky Thinking About Cloud Computing

So what is cloud computing? The latest buzzword for grid or utility computing? A superset of clustering or virtualization? The public network? Software as a service? A new sourcing model? The Internet for business?

‘Cloud computing’ describes a service model that combines a general organizing principle for IT delivery, infrastructure components, an architectural approach and an economic model – basically, a confluence of grid computing, virtualization, utility computing, hosting and software as a service (SaaS).

Or, put more simply, the cloud is IT, presented as a service to the user, delivered by virtualized resources that are independent of location.

This report examines cloud computing, beginning with this clear-cut definition of the technology. It then looks at the cloud computing trend – by analyzing the technology, as well as the economic models and delivery mechanisms involved – with the goal of separating the reality from the hype.

Adventnet CEO Sridhar on Cloud Computing

Current results from Data Survey #1: Data Scientists. Thanks to everyone for helping the world understand Big Data better!

Please take the following 2-minute survey to help us understand your hadoop environment better.

[via random thoughts, by Fox Business]

Some key points:

  • Sridhar talks about the ZOHO applications as cloud applications.
  • Cost of delivering is much lower.
  • Consumer offering is a loss leader, makes $$ from businesses.
  • Turned down Salesforce.com acquisition offer.
  • Recruit from non-brand name schools and put them through internal training system.

Is SaaS Cloud Computing?

Current results from Data Survey #1: Data Scientists. Thanks to everyone for helping the world understand Big Data better!

Please take the following 2-minute survey to help us understand your hadoop environment better.

[poll id="2"]

Throughout the CloudCamp sessions, most people discussed cloud computing as infrastructure in the cloud. People talk about the advantage of not having to procure and configure physical servers. People talk about the elasticity and utility factors of the cloud. People talk about scalability of the cloud. But not once, at least in my conversations, did people talk about the applications in the cloud. The one time that I raised the question that related SaaS to cloud computing, I was immediately told that SaaS is not cloud computing. Some even questioned wether Google App Engine is considered to be a cloud.

During Reuven Cohen’s “What is Cloud Computing?” session at CloudCamp, the first question I asked the group after Reuven did the introduction was, “What is Computing?

Wikipedia defines it as the activity of developing and using computer technology, including computer hardware and software.

Computing Curricula 2005[1] defined computing: (via Wikipedia)

In a general way, we can define computing to mean any goal-oriented activity requiring, benefiting from, or creating computers. Thus, computing includes designing and building hardware and software systems for a wide range of purposes; processing, structuring, and managing various kinds of information; doing scientific studies using computers; making computer systems behave intelligently; creating and using communications and entertainment media; finding and gathering information relevant to any particular purpose, and so on. The list is virtually endless, and the possibilities are vast.

Based on these definitions, it would seem like running and using any type of application, including SaaS applications, would be considered “computing.”

So then what is cloud computing?

Gartner defines cloud computing as, “a style of computing in which massively scalable IT-enabled
capabilities are delivered ‘as a service’ to multiple customers using Internet technologies.”

I am generally fine with this definition. It is sufficiently vague that it can cover many different things. It’s also not that different from how Reuven Cohen defined it, “Internet centric software.” So let’s for the time being accept this as the definition.

However, I will try to go a bit further here. In the computer industry, there’s always been the notions of platforms and applications. Wikipedia says that

In computing, a platform describes some sort of hardware architecture or software framework (including application frameworks), that allows software to run. Typical platforms include a computer’s architecture, operating system, programming languages and related runtime libraries or graphical user interface.

and

Application software is a subclass of computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform. … Typical examples of software applications are word processors, spreadsheets, and media players.

This is no different in the cloud computing world. In the cloud computing world, there are “Cloud Platforms” and “Cloud Applications.” Cloud platforms include offerings such as Amazon’s EC2 and S3, or Joyent’s Accelerator. Cloud applications include offerings such as Salesforce.com, NetSuite, SuccessFactor and many others.

So, is SaaS cloud computing?

Absolutely!

Since using applications is considered to be computing, and that SaaS is basically providing application software in the cloud, then using SaaS should be considered cloud computing.

Jason Stamper also says “yes” and sees no difference whatsoever.

Interesting enough, Gartner says “no” and calls it a myth that people consider SaaS to be cloud computing. Why they say no is a mystery to me. If you look at Gartner’s definition on cloud computing, there’s absolutely nothing there that would exclude SaaS.

What do you think? Is SaaS Cloud Computing?