indepth
CLOUD COMPUTING

If ever a technological development could be seen to underline the mantra that the network is the computer, cloud computing is it.
When Google’s Eric Schmidt told delegates at an IBM Business Partnership Leadership conference in 2008 that “eventually, all devices will be on the network,” he went straight to the heart of what cloud – and the converged services and technologies it will carry – could mean for the way we work and do business.

 

A MATCH MADE IN HEAVEN

 

If the past few years have seen devices (and the telecommunications paths on which their data travels) blurring into one converged melting pot, cloud computing is set to take these principles further, ultimately impacting on the business models we have adjusted to over the years. As far as virtualization is concerned, it is an enabler of cloud computing (as is SOA, but that’s another story). As blogger John Willis has put it, “As flour is to a cookie, virtualization is to a cloud.”

 

Where virtualization de-couples any application from the underlying operating infrastructure, cloud computing offers a flexible, easily scalable environment in which those applications can be served up. Where virtualization is a technology, cloud is largely viewed as an operations model. The dovetailing of the two is perhaps best illustrated by Gartner’s top strategic technology trends for 2009, in which virtualization sits at pole position, with cloud at number two. According to Gartner research, cloud computing is now at the peak of “inflated expectations” and is set to enter a period of 2-5 years, during which we can expect mainstream adoption.

 

With Gartner predicting that cloud will be as influential as e-business has been and IDC projecting $42 billion in cloud services spending by 2012, it looks like these two converging developments are a match made in heaven.

 

BACK TO THE FUTURE?

 

To understand exactly what cloud computing entails, it’s useful to look back to the time when your standard computer could, if it fell over, kill a small elephant. “Dumb terminals” connected to this remote mainframe, where all the processing power, data, storage and applications where housed. Time-sharing was the order of the day before the advent of the PC, with multiple users all accessing processing power from the same source – and having to wait their turn or book a slot when things were busy.

 

The situation for 2009 is becoming similar. Cloud computing (or computing-on-demand as some would have it) shares many of the principles of its predecessors but isn’t chained to the hub-and-spoke model of yesteryear. Think more along the lines of one of those plasma globe ornaments from the 80s, where a central core of processing power, storage, databases and other resources is accessed from a broad spread of remote computers, tapping into the power of the generated cloud of infrastructure and you’ll get the idea.

 

The electricity grid is another good example – users can access power according to their ongoing needs on a pay-per-use basis. Strategic IT Effectiveness lead at Accenture SA, Lee Naik, says: “While both mainframe and cloud computing can be used in process-intensive computational demand, the technologies themselves are born of different circumstances. Since none of the dumb terminals were capable of anything other than video display, all of the processing requirements generated by users were handled centrally by the mainframe. Cloud computing services high-demand of a different nature, not primarily terminal processing demand.”

 

Naik points to the realities of business and technology today as key drivers in an ever-increasing need for processing power: “Think in terms of updating millions of real-time auctions, tracking thousands of portfolios made up of millions of shares on exchanges throughout the world,” he says, before pointing to other huge growth areas such as bioinformatics, protein folding, particle collision and weather forecasting as other examples of the kind of demand we’re placing on infrastructure.

 

Anywhere access

 

A further key difference between cloud and the mainframe is that the former offers users control and flexibility alongside massive capacity and mobility. Any user, anywhere, can access their data and applications at any time, from any computer. To those offering online services in the Web 2.0 space (where sites hits can run in the tens of thousands in a couple of hours), cloud (and virtualization) can take the strain and pain out of in-house server capacity as the likes of Amazon offer up their massive infrastructure on a pay-as-you-go basis. Businesses are thus able to survive a ‘slashdotting’) spike in hits, paying for the increased usage before costs drop again once demand decreases and settles down.

 

Whether you’re a start-up or established business looking to test the waters for an innovative, new idea, cloud computing allows you to float it out there and see how it performs without having to invest in additional infrastructure. Similarly, functions within the organisation can try new development ideas without leeching on closely guarded IT resources. All in all, the flexibility that comes with making infrastructure the problem of a trusted provider while you crack on with the business is an attractive prospect for many. Gartner research has identified three “major trends” spurring the emergence of the cloud phenomenon:

 

• Service orientation: This provides the basis for how IT-enabled capabilities will be delivered and acquired.

 

• Virtualization: Provides the foundation for how IT-enabled capabilities will be delivered and acquired.

 

• The Internet: Has created a cultural shift that leads to socialisation and the consumerisation of the IT industry.

 

According to Gartner, these three trends (and associated sub-trends) “represent a shift in the basic assumptions about how computing will be used”, heralding an evolution of business in both positive and negative ways. So let’s look at some of the benefits:

 

• Money, money, money: Everyone’s favourite cloud computing bonus is cost reduction. Piggy-backing on someone else’s infrastructure saves a lot of money. As Accenture’s Naik puts it, “With cloud computing, massively-scalable IT infrastructure or capabilities are delivered as a service, removing the need to invest heavily in IT infrastructure to service processing needs. A majority of organisations’ IT costs will be converted into variable vs fixed costs.” So far so good, but as Gartner points out, “Nothing always saves you money.”

 

According to Gartner, improper adoption of cloud computing will, predictably enough, lead to more money spent, not less. As with any technology, looking beyond the promised benefits and into a) business needs and b) cost of diving in, are vital.

 

• Elasticity: Cloud is eminently scalable. Need more? No problem. Need less? Fine too. The ability to scale up as well as down according to your needs is an attractive prospect for many businesses, not least in economically unpredictable times.

 

• Agility: Reduced need for IT investment and rollout translates into greater flexibility, agility and responsiveness.

 

• Flexibility: Cloud computing increases sourcing alternatives for IT services, allowing organisations flexibility of scale and the capacity to continuously upgrade vital software, rather than adopting the conventional, step-upgrade approach.

 

 

Refocusing on core business

 

All of the above, says Naik, allows the enterprise to re-focus on core business. But it also changes the game for traditional software vendors. While its unlikely that we’re going to see a wholesale retreat from off-the-shelf solutions, it is increasingly apparent that the cost of tightly controlled computing – licensing, maintenance, updates, patches – are giving end-users pause for thought, not least in the current economic climate. According to Gartner, the advent of cloud means that the relationship between users and vendors “is about to become one of consumer and providers. This means that the provider is no longer just a supplier of product but of services.” The latter part, says Gartner, is not easy to do well: “Those companies that wish to become cloud providers must, therefore, either become good service providers or partner with service providers in order to compete.”

 

As the research house points, out, this creates something of a dilemma for cloud providers – the more they ask clients to consume services, they less they can sell product licenses; furthermore, partnering with a services host drives existing customers towards the competition. When service provision becomes the key definer, organisations are left with no choice but to place it centre stage.

 

HOW GOOD IS GOOGLE?

 

Probably the best-known example in the current cloud market, Google, like Amazon, is leveraging its not-insignificant infrastructure and resources to offer cloud service to paying clients. Google Apps and customised enterprise search offerings attract most of the limelight, but Google Gears and Google’s App Engine also offer interesting possibilities to business users. In a move away from popular perceptions of its laid-back, consumer-focus, Google’s been working on taking its popular technologies and applying them to business settings.

 

Google EMEA’s Head of Enterprise Sales, Jesper Frederiksen says that mobility, collaboration and scalability are key components of all their offerings. “Technologies such as Google Maps and Earth have interesting applications for the business world.”

 

According to Frederiksen, these apps represent a hosted communications and collaboration platform, adding new features and support to previously consumer-focused services to give them a business-oriented spin. This includes features such as standalone security and compliance services, which were introduced when Google acquired communications security and compliance outfit Postini in 2007.

 

Google apps

 

The Google apps engine allows developers to write Python-based applications which can be hosted free-of-charge on its infrastructure with up to 500Mb of storage. Apps offer Web-based documents/word processing, spreadsheets, email and flexible intranet to enterprise clients. All the offerings are hosted, giving users access to Google’s massive storage and infrastructure cloud, all with built-in collaboration and mobility – any data can be accessed from any computer, anywhere.

 

Documents can be worked on and edited in real time, with users able to control who can see or work on any given project. The results can be shared, posted publicly or distributed to relevant users. If it all sounds like an email-and-attachment carousel set-up, there’s a key difference: in this instance, you’re dealing with only one version of a given document, worked on in real time. Google Gears, meanwhile, takes into account that face that users won’t be online all the time, allowing them to download data to their device and take it with them.

 

Procter and Gamble and General Electric are just two of the big international names that have signed up for Google’s services. The “Premier Edition” of which costs $50 per user, per year and, in addition to the features mentioned above, offers 250Gb of mail space, conference room/resource scheduling, 24/7 phone support, APIs for single sign-on etc and access to a host of 3rd party applications and services.

 

 

Geospatial offerings such as Google Earth and Sketchup will allow organisations to generate visual representations of their services and information, creating new revenue streams using Web 2.0 technologies to advertise and create new, enhanced services; similarly end users will get a clearer picture of where enterprise data is within the system. Enterprise search will

 

allow users to find any information they require regardless of the back-end system they’re using, while Google apps can, according to local partner Faritec, be packaged into a software-as- a-service (SaaS) offering, customised and secured to service a corporate environment.

 

AMAZON CLOUDS YOU A RIVER

 

One of the first companies out of the blocks with cloud services, Amazon launched its Web Services (AWS) offerings over two years ago. Essentially, what’s on offer is a range of storage, computer processing, message-queuing and database-management services, all as plug-and-play services, accessed online. Customers pay only for what they use and Amazon provides the data centre infrastructure. AWS comes in four main parts, with other beta applications in the pipeline:

 

• Simple Storage Service (S3): As Amazon itself put it, S3 is “storage for the Internet... designed to make Web-scale computing easier for developers.” S3 offers a Web services interface through which end users can easily access data from anywhere – unlimited storage of documentation, photos, video or any other data. Scalable, fast and inexpensive data storage, Amazon-style – it offers users the chance to piggy-back on the world’s bestknown e-tailer’s own infrastructure.

 

• Elastic Compute Cloud (EC2): This is pay-as-you-go processing that allows users to choose their server configurations – as Amazon puts it, “resizable compute capacity in the cloud.” At its core, this amounts to users being able to run on Amazon’s infrastructure while retaining complete control. Capacity is scalable in both directions and, according to Amazon, EC2 “reduces the time required to obtain and boot new server instances to minutes” and represents a “true virtual computing environment.”

 

• Simple Queuing Service (SQS): Scalable hosted queuing for storing messages as they wait in line to move between systems. This allows developers to move data between “distributed application components performing different tasks” without losing data or requiring each component to always be available.

 

• Simple Database (Simple DB): This Web service runs queries on structured data in real time. Working alongside S3 and EC2, users can leverage DB to store, process and query data in the cloud – functionality for which costly, clustered relational databases (and usually a human DB admin) would ordinarily be needed.

 

HEAD IN THE CLOUDS?

 

Like anything that sounds just a bit too perfect, cloud has its problems. Google and Amazon have both come in for their share of customer ire thanks to outages. Many of those affected had, to be fair, probably ignored the basics of anything to do with business IT – just because you’ve shifted into the cloud, it doesn’t mean you should forget about things like back-up, emergency planning and reliable alternatives for when things really hit the fan.

 

Among the biggest sources of concern with cloud computing is security: the prospect of effectively entrusting your data to the safekeeping of an outside organisation is simply too much for many businesses to stomach. With good reason. Consequently, many organisations are rolling out “private” clouds within the business. Gartner defines these as “a style of computing where scalable and elastic IT-enabled capabilities are delivered as a service to internal customers using Internet technologies.”

 

Looking inwards

 

Private clouds have an internal focus related to access and resource co-ordination and, according to Gartner include two characteristics:

 

• Limited membership: Only approved members can participate. Approval is contingent on some characteristic that the public or other general businesses cannot gain easily.

 

Services may also be limited to a set of industry-specific businesses or trade groups, for example. While access to these clouds is often controlled by a centralised (usually IT or industry-specific) organisation, such control is not essential to the concept.

 

• Spectrum of control/ownership: Private clouds differ from their public counterparts in that services are implemented for an exclusive set of customers. There is “a spectrum from fully private services to fully public services that blurs distinctions of ownership or control.” For example, private cloud services that are built on top of public ones. Gartner says that “organisations need to focus on the services to improve clarity and direction.

 

Fortunately, the concept of the Service Level Agreement (SLA) is not a new one and businesses interested in migrating to the cloud should continue to exercise existing policies, processes and management, just as they would with any collaborative association with an outside organisation. A focus on important areas such as clear, stakeholder-agreed and identified Key Performance Indicators (KPIs), service-level measurement and definite lines of accountability.

 

WHAT ABOUT SECURITY?

 

The other side of the coin is that some view moving your data into the cloud as a potential security enhancer. As Google’s Frederiksen puts it, “With data in fewer locations and a fulltime Google team doing nothing other than protect it 24 hours a day, you could argue that enterprise data is more secure in Google’s hands.” Well, he would say that, wouldn’t he, you might ask. Accenture’s Naik, however, offers a similar train of thought: “Indepth analysis of various cloud computing providers – for whom the entire business is generally predicated on securing client data and applications – suggests that such companies could well be in a better position to offer security than the IT function within a single company.”

 

 

Naik adds that “enterprise level security can be achieved through reliable and trusted cloud computing providers while keeping IT overheads low.” Accenture points out that risk – especially operational risk – can never be eliminated entirely. “Unique risks include data integrity, recovery and privacy, regulatory compliance and auditing,” says Naik. Those concerned about the risks of entrusting data to an outsider can point to recent legal wrangles in America – such as that requiring YouTube to hand over data to Viacom – as one worst-case scenario.

 

Among the mitigating solutions are those used to evaluate traditional third party vendors but Naik advises that enterprises “Do not contract with cloud computing vendors that are not transparent on their security and continuity management programmes.” On a broader level, the Daoli Trusted Infrastructure Project (www.daoliproject.org) is a research partnership between EMC China and several Chinese universities aimed at establishing “trust and assurance” in cloud and grid computing. Ironically, Gartner research predicts a trend towards security solutions being offered in the cloud – in July 2008, it predicted that security delivered as a cloud-based service would more than triple in many segments by 2013.

 

CLOUDS ON THE HORIZON?

 

So could all this freeing-up of applications and storage ultimately render the operating system obsolete? Both Naik and Frederiksen believe that it’s not so much a question of the OS becoming obsolete as one of it being rendered irrelevant to subscribers – support, licensing and location are OS agnostic. Given that there are already service providers out there offering traditional desktop interfaces and applications over the Internet, Naik says that “one can expect these providers to merge their offerings with a Cloud computing platform (hardware cloud)... Ironically, we could see the return of desktop and laptop computers to the working status of the old dumb/thin client, only requiring Internet access to effectively-utilise applications and services.” He adds that, as traditional licensing structures (i.e. per machine, processor, access/log-in etc) don’t fit with the Cloud platform, vendors will have to re-evaluate in order to prevent license revenue erosion and subversion.

 

There’s no question that changing needs around mobility and an ongoing mission to keep costs down are driving interest in Cloud computing. As more vendors come to the party, concerns around security and best practice for licensing, SLAs and what to keep close within the company gates while deciding what’s okay to ship elsewhere are being addressed. As Accenture’s Naik points out, Cloud computing can allow enterprises to free themselves from the burdens of self-provision and self-management of IT resources in order to focus on the core business. Small surprise, then, that many of those beating a path to its door are SMEs and start-ups, for whom infrastructure costs and responsibilities can often be prohibitive. Allowing someone else to handle the platform side of things can often mean a reduced timeto- market.

 

The issue of bandwidth, particularly locally, is a continuing hurdle to surmount, however. Google’s Frederiksen says that many of their customers are surprised to find a net reduction in bandwidth consumption when they roll out their offering – according to him, Google’s Cloud eliminates bandwidth-hungry problems such as spam, which will never hit the client network, making it Google’s issue rather than yours. Naik suggest that bandwidth remains a challenge, but points to developments such as forthcoming undersea cabling infrastructure and the arrival on the scene of Neotel and Metro Ethernet access along with IBM’s new Cloud computing centre in Johannesburg as evidence of improvements to come.

 

VIRTUALIZATION: MAKING IT ALL HAPPEN

 

Described by commentator John Willis as the “secret sauce” for cloud computing, virtualization sets operating systems and applications free from hardware constraints, making it ideal for offering on-demand services in a flexible, scalable environment. Essentially, virtualization allows one instance of hardware to run multiple operating systems and applications simultaneously, each isolated within its own virtual operating environment.

 

Before the technology was developed, servers were usually limited to running specific applications, meaning that businesses with large data centres had to outlay large amounts of money on hardware. Those large numbers of servers all translated into high maintenance costs, power demands and cooling costs – a significant financial burden when one considers that, thanks to increased server processing power, only a fraction of capabilities were being It’s not just about servers, though: as IBM points out, businesses moving towards a dynamic infrastructure environment (such as cloud) can also benefit. IBM gives the example of virtual storage as just one benefit that allows the organisation to “approach storage not as a fixed element tied to specific hardware, but as a fluid resource which can be allocated to any application or service that requires it, in real time.”

 

 

Giving the example of databases, in which new records are continually being created, IBM says that these can be grown in proportion to business needs “without regard for the size of the hard drive on the specific systems hosting them, or other pre-determined storage assets.” The result: In an environment where applications, systems and services all have ongoing access to the storage they need, IT availability, service levels and productivity all increase, giving the enterprise more bang for its hardware buck. Being able to roll out or scale back according to changing project needs clearly sounds like business heaven, but is virtualization all it’s cracked up to be?

 

Seeing beyond the hype

 

 

With Gartner pinpointing virtualization as its number one “Strategic Technology Trend” for 2009, the obvious cost-saving benefits that come with it and the environmental bonuses arising from decreased power consumption, it’s easy to see why virtualization is the buzz topic of the moment. The trick, as always, is to exercise a little self-control and not get too carried away; as an HP virtualization expert told Internet. com, “Virtualization changes a lot of things, but it doesn’t change the need for basic data centre management.” To avoid the IT-equivalent of Frankenstein’s monster, organisations should avoid creating masses of virtual centres that can quickly spin out of control – and, according to HP, remember to retire them when they’ve served their purpose.

 

In addition to this, the usual IT-management essentials such as thorough planning, clear strategy and project ownership and a thorough assessment of current and projected assets will help ensure a smooth journey. To really nail down the benefits, it’s best to identify areas of under-utilisation or blind-spots in silos that could be freed-up through de-coupling.

 

A CLOUDY FUTURE

 

IBM describes cloud computing as “a new evolutionary step in how virtualization can be leveraged to create business value.” As Big Blue puts it, “just as services are created within and supported by virtual servers, virtual servers are created within and supported by cloud computing.” In a cloud computing environment, such servers can be created automatically, on-demand. This, according to IBM, means that businesses are freed up to focus on meeting their requirements through services rather than getting bogged down in the technical detail of how it’s all created, managed and optimised.

 

Through virtualization, users are able to order new services through a Web portal, following which the virtual servers required to accomplish the task are automatically created. These can then be customised to carry the data, middleware or applications required. Whereas this kind of procedure would traditionally require a lengthy process including procurement and hardware configuration, cloud computing adds a layer of abstraction that means services can be rolled out into an environment that is already able to support them optimally.

 

Locking it all down

 

As with cloud computing, the flexibility and scale of a virtualised environment can set the security alarm bells ringing for many. It’s easy to understand when you consider the massive projected growth in deployments: Gartner points towards 660 million virtualised PCs alone by 2011. Between virtualised servers, networks, storage and desktops, those hell-bent on destruction would almost certainly view the opportunity to wreak maximum havoc as a tempting prospect. From possible application exploit points running on virtual machines to the virtual machines themselves offering a back door into the greater enterprise network, there’s plenty to worry about.

 

McAfee, in associated with SANS, has identified several security errors that those charged with managing virtual environments commonly make, among them:

 

• Misconfiguring virtual hosting platforms, guests and networks: McAfee earmarks this as the “foremost problem” in virtualisation, stating that, in the case of virtual servers, configuration problems are magnified. “If a machine build starts out with poor default configurations, including unnecessary ports and services... those vulnerabilities will extend to each instance of the virtual machine that is replicated from that build.” Among the suggested solutions is the creation of default “secure gold builds” from which other virtual systems will be cloned.

 

• Failure to properly separate duties and deploy least privilege controls: Giving too much privilege and capability to virtual administrators increases the risk of abuse by privileged insiders, which accounted for 22% of breaches in 2008, according to Verizon’s 2009 Data Breach Investigations Report. Solutions include using tried and trusted security mechanisms such as SSH for administrative console access as well as firewall filter rules to limit access to pre-determined, authorised internal network addresses.

 

• Lack of VM visibility across the enterprise: The uncontrolled proliferation of virtual machines across the business is known as “VM Sprawl”. In this environment, “rogue” machines can drain resources such as bandwidth while their unmonitored existence can create security and compliance problems. To combat this, organisations should, among other things, consider deploying virtual-aware technologies capable of asset-discovery, port mapping and application inventory for these machines. (Source: Top Virtualization Security Mistakes (and how to avoid them), Jim D. Hietala)

 

Converging at the coalface

 

Nothing screams “dovetail” like cloud computing and virtualization. Together, they form a microcosm of the broader convergence landscape, joining together to expand possibilities, roll out new services and, in the process, give life to new, innovative ideas. Moving into 2010, it seems inevitable that virtualization will become the base upon which enterprises will establish cloud computing services – according to IBM, 77% of organisations that have begun rolling out cloud have already got storage virtualization in place; with over half having implemented network and application virtualization. Rather than looking at the two separately, it now seems that the time has come to view them as two sides of the same coin.